From 4fe2d7cb59f4622ff8af2f048b883f413e87c68e Mon Sep 17 00:00:00 2001
From: Daniel M Brasil <danielmbrasil@protonmail.com>
Date: Sat, 1 Jul 2023 19:05:44 -0300
Subject: [PATCH] Fix HTTP 500 in `/api/v1/emails/check_confirmation` (#25595)

---
 app/controllers/api/v1/emails/confirmations_controller.rb | 1 +
 .../api/v1/emails/confirmations_controller_spec.rb        | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/app/controllers/api/v1/emails/confirmations_controller.rb b/app/controllers/api/v1/emails/confirmations_controller.rb
index 29ff897b9..16e91b449 100644
--- a/app/controllers/api/v1/emails/confirmations_controller.rb
+++ b/app/controllers/api/v1/emails/confirmations_controller.rb
@@ -5,6 +5,7 @@ class Api::V1::Emails::ConfirmationsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, except: :check
   before_action :require_user_owned_by_application!, except: :check
   before_action :require_user_not_confirmed!, except: :check
+  before_action :require_authenticated_user!, only: :check
 
   def create
     current_user.update!(email: params[:email]) if params.key?(:email)
diff --git a/spec/controllers/api/v1/emails/confirmations_controller_spec.rb b/spec/controllers/api/v1/emails/confirmations_controller_spec.rb
index 219b5075d..80d6c8799 100644
--- a/spec/controllers/api/v1/emails/confirmations_controller_spec.rb
+++ b/spec/controllers/api/v1/emails/confirmations_controller_spec.rb
@@ -130,5 +130,13 @@ RSpec.describe Api::V1::Emails::ConfirmationsController do
         end
       end
     end
+
+    context 'without an oauth token and an authentication cookie' do
+      it 'returns http unauthorized' do
+        get :check
+
+        expect(response).to have_http_status(401)
+      end
+    end
   end
 end