From 8cb4825c8bbfb5ca9c9f96058de053b7d7bf218b Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Mon, 15 Jan 2024 12:06:48 +0100
Subject: [PATCH] Fix sign-up restrictions based on email addresses not being
 enforced (#28732)

---
 app/models/user.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 0c589f8068..f5ed3fa462 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -187,7 +187,7 @@ class User < ApplicationRecord
 
   def confirm
     new_user      = !confirmed?
-    self.approved = true if open_registrations? && !sign_up_from_ip_requires_approval?
+    self.approved = true if grant_approval_on_confirmation?
 
     super
 
@@ -206,7 +206,7 @@ class User < ApplicationRecord
 
   def confirm!
     new_user      = !confirmed?
-    self.approved = true if open_registrations?
+    self.approved = true if grant_approval_on_confirmation?
 
     skip_confirmation!
     save!
@@ -426,6 +426,11 @@ class User < ApplicationRecord
     end
   end
 
+  def grant_approval_on_confirmation?
+    # Re-check approval on confirmation if the server has switched to open registrations
+    open_registrations? && !sign_up_from_ip_requires_approval? && !sign_up_email_requires_approval?
+  end
+
   def sign_up_from_ip_requires_approval?
     !sign_up_ip.nil? && IpBlock.where(severity: :sign_up_requires_approval).where('ip >>= ?', sign_up_ip.to_s).exists?
   end