fix: #11589, regression where a user could not confirm their email if requireEmailAddress was enabled

2025-10-26 08:36:12 +01:00 · 2023-05-11 11:34:24 -04:00
parent 77212c4219
commit 686ecea123
2 changed files with 29 additions and 21 deletions
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -222,6 +222,14 @@ Controllers.registerInterstitial = async function (req, res, next) {
 Controllers.confirmEmail = async (req, res, next) => {
 	try {
 		await user.email.confirmByCode(req.params.code, req.session.id);
+		if (req.session.registration) {
+			// After confirmation, no need to send user back to email change form
+			delete req.session.registration.updateEmail;
+		}
+
+		res.render('confirm', {
+			title: '[[pages:confirm]]',
+		});
 	} catch (e) {
 		if (e.message === '[[error:invalid-data]]') {
 			return next();
@@ -229,10 +237,6 @@ Controllers.confirmEmail = async (req, res, next) => {

 		throw e;
 	}
-
-	res.render('confirm', {
-		title: '[[pages:confirm]]',
-	});
 };

 Controllers.robots = function (req, res) {
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -239,30 +239,34 @@ module.exports = function (middleware) {
 		 */
 		const path = req.path.startsWith('/api/') ? req.path.replace('/api', '') : req.path;

-		if (!req.session.hasOwnProperty('registration')) {
-			if (req.uid && !path.endsWith('/edit/email')) {
-				const [confirmed, isAdmin] = await Promise.all([
-					user.getUserField(req.uid, 'email:confirmed'),
-					user.isAdministrator(req.uid),
-				]);
-				if (meta.config.requireEmailAddress && !confirmed && !isAdmin) {
-					controllers.helpers.redirect(res, '/me/edit/email');
-				}
+		if (req.uid && !(path.endsWith('/edit/email') || path.startsWith('/confirm/'))) {
+			const [confirmed, isAdmin] = await Promise.all([
+				user.getUserField(req.uid, 'email:confirmed'),
+				user.isAdministrator(req.uid),
+			]);
+			if (meta.config.requireEmailAddress && !confirmed && !isAdmin) {
+				req.session.registration = {
+					...req.session.registration,
+					uid: req.uid,
+					updateEmail: true,
+				};
 			}
+		}

+		if (!req.session.hasOwnProperty('registration')) {
 			return setImmediate(next);
 		}

 		const { allowed } = await plugins.hooks.fire('filter:middleware.registrationComplete', {
-			allowed: ['/register/complete'],
+			allowed: ['/register/complete', '/confirm/'],
 		});
-		if (!allowed.includes(path)) {
-			// Append user data if present
-			req.session.registration.uid = req.session.registration.uid || req.uid;
-
-			controllers.helpers.redirect(res, '/register/complete');
-		} else {
-			setImmediate(next);
+		if (allowed.includes(path) || allowed.some(p => path.startsWith(p))) {
+			return setImmediate(next);
 		}
+
+		// Append user data if present
+		req.session.registration.uid = req.session.registration.uid || req.uid;
+
+		controllers.helpers.redirect(res, '/register/complete');
 	};
 };