From 10acf8e7bb38e85dfe367cba294b8754594523fa Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Mon, 8 Apr 2024 15:12:56 -0500
Subject: [PATCH] cleanups for account validation

---
 app.rb         |  6 ++++--
 app/api.rb     |  3 +--
 app_helpers.rb |  7 -------
 models/site.rb | 10 ++++++++++
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/app.rb b/app.rb
index 3d3b3ea5..7bd72c8e 100644
--- a/app.rb
+++ b/app.rb
@@ -75,10 +75,12 @@ before do
     content_type :json
   elsif request.path.match /^\/webhooks\//
     # Skips the CSRF/validation check for stripe web hooks
-  elsif email_not_validated? && !(request.path =~ /^\/site\/.+\/confirm_email|^\/settings\/change_email|^\/signout|^\/welcome|^\/supporter|^\/signout/)
+  elsif current_site && current_site.email_not_validated? && !(request.path =~ /^\/site\/.+\/confirm_email|^\/settings\/change_email|^\/signout|^\/welcome|^\/supporter|^\/signout/)
     redirect "/site/#{current_site.username}/confirm_email"
-  elsif !email_not_validated? && current_site && current_site.phone_verification_needed? && !(request.path =~ /^\/site\/.+\/confirm_phone|^\/signout/)
+  elsif current_site && current_site.phone_verification_needed? && !(request.path =~ /^\/site\/.+\/confirm_phone|^\/signout/)
     redirect  "/site/#{current_site.username}/confirm_phone"
+  elsif current_site && current_site.tutorial_required && !(request.path =~ /tutorial/)
+    redirect '/tutorial/html/1'
   else
     content_type :html, 'charset' => 'utf-8'
     redirect '/' if request.post? && !csrf_safe?
diff --git a/app/api.rb b/app/api.rb
index e81fe3df..ce21149f 100644
--- a/app/api.rb
+++ b/app/api.rb
@@ -240,7 +240,6 @@ def require_api_credentials
 
   if !request.env['HTTP_AUTHORIZATION'].nil?
     init_api_credentials
-    api_error(403, 'email_not_validated', 'you need to validate your email address before using the API') if email_not_validated?
   else
     api_error_invalid_auth
   end
@@ -268,7 +267,7 @@ def init_api_credentials
     api_error_invalid_auth
   end
 
-  if site.nil? || site.is_banned || site.is_deleted
+  if site.nil? || site.is_banned || site.is_deleted || !(site.required_validations_met?)
     api_error_invalid_auth
   end
 
diff --git a/app_helpers.rb b/app_helpers.rb
index b9051401..b549defd 100644
--- a/app_helpers.rb
+++ b/app_helpers.rb
@@ -16,7 +16,6 @@ end
 
 def require_login
   redirect '/' unless signed_in? && current_site
-  redirect '/tutorial/html/1' if current_site.tutorial_required && !(request.path =~ /tutorial/)
 end
 
 def signed_in?
@@ -97,12 +96,6 @@ def dont_browser_cache
   @dont_browser_cache = true
 end
 
-def email_not_validated?
-  return false if current_site && current_site.created_at < Site::EMAIL_VALIDATION_CUTOFF_DATE
-
-  current_site && current_site.parent? && !current_site.is_education && !current_site.email_confirmed && !current_site.supporter?
-end
-
 def sanitize_comment(text)
   Rinku.auto_link Sanitize.fragment(text), :all, 'target="_blank" rel="nofollow"'
 end
diff --git a/models/site.rb b/models/site.rb
index 7366eafa..f747a522 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -1746,6 +1746,16 @@ class Site < Sequel::Model
     false
   end
 
+  def email_not_validated?
+    return false if created_at < EMAIL_VALIDATION_CUTOFF_DATE
+    parent? && !is_education && !email_confirmed && !supporter?
+  end
+
+  def required_validations_met?
+    return false if phone_verification_needed? || tutorial_required || email_not_validated?
+    true
+  end
+
   private
 
   def store_file(path, uploaded, opts={})