From c6ac4916384e82a15f4373acd40afaffc8b67a39 Mon Sep 17 00:00:00 2001
From: Marcel Werk <burntime@woltlab.com>
Date: Thu, 21 Mar 2024 17:10:44 +0100
Subject: [PATCH] Apply "Force login" for users with pending activation

---
 .../middleware/CheckForForceLogin.class.php   | 60 ++++++++++++++++++-
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/http/middleware/CheckForForceLogin.class.php b/wcfsetup/install/files/lib/http/middleware/CheckForForceLogin.class.php
index acab872256..9b8377c3b5 100644
--- a/wcfsetup/install/files/lib/http/middleware/CheckForForceLogin.class.php
+++ b/wcfsetup/install/files/lib/http/middleware/CheckForForceLogin.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\http\middleware;
 
+use Laminas\Diactoros\Response\HtmlResponse;
 use Laminas\Diactoros\Response\JsonResponse;
 use Laminas\Diactoros\Response\RedirectResponse;
 use Psr\Http\Message\ResponseInterface;
@@ -10,6 +11,8 @@ use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
 use wcf\form\LoginForm;
 use wcf\http\Helper;
+use wcf\system\box\BoxHandler;
+use wcf\system\notice\NoticeHandler;
 use wcf\system\request\LinkHandler;
 use wcf\system\request\RequestHandler;
 use wcf\system\WCF;
@@ -58,6 +61,60 @@ final class CheckForForceLogin implements MiddlewareInterface
             return $handler->handle($request);
         }
 
+
+
+        if (WCF::getUser()->pendingActivation()) {
+            return $this->handlePendingActivation($request);
+        }
+
+        return $this->handleGuest($request);
+    }
+
+    private function handlePendingActivation(ServerRequestInterface $request): ResponseInterface
+    {
+        $preferredType = Helper::getPreferredContentType($request, [
+            'application/json',
+            'text/html',
+        ]);
+
+        BoxHandler::disablePageLayout();
+        NoticeHandler::disableNotices();
+
+        if (WCF::getUser()->requiresAdminActivation()) {
+            $phrase = 'wcf.user.register.needAdminActivation';
+        } else {
+            $phrase = 'wcf.user.register.needActivation';
+        }
+
+        return HeaderUtil::withNoCacheHeaders(match ($preferredType) {
+            'application/json' => new JsonResponse(
+                [
+                    'message' => WCF::getLanguage()->getDynamicVariable($phrase),
+                ],
+                self::STATUS_CODE,
+                [],
+                \JSON_PRETTY_PRINT
+            ),
+            'text/html' => new HtmlResponse(
+                HeaderUtil::parseOutputStream(WCF::getTPL()->fetchStream(
+                    'error',
+                    'wcf',
+                    [
+                        'title' => '',
+                        'message' => WCF::getLanguage()->getDynamicVariable($phrase),
+                        'exception' => null,
+                        'showLogin' => false,
+                        'templateName' => 'error',
+                        'templateNameApplication' => 'wcf',
+                    ]
+                )),
+                self::STATUS_CODE
+            ),
+        });
+    }
+
+    private function handleGuest(ServerRequestInterface $request): ResponseInterface
+    {
         $preferredType = Helper::getPreferredContentType($request, [
             'application/json',
             'text/html',
@@ -87,7 +144,8 @@ final class CheckForForceLogin implements MiddlewareInterface
 
     private function userCanBypassForceLogin(): bool
     {
-        return WCF::getUser()->userID ? true : false;
+        return WCF::getUser()->userID
+            && !WCF::getUser()->pendingActivation();
     }
 
     private function requestCanBypassForceLogin(): bool
-- 
2.20.1