From ef1af53e0558b080454c0c3b02b7d01389c41c6e Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Fri, 12 Apr 2019 15:25:02 -0400
Subject: [PATCH] FIX: If creating an active user via the API, create
 reviewables

---
 app/controllers/users_controller.rb    |  3 +++
 spec/requests/users_controller_spec.rb | 32 +++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 482814f4d0d..4e719423378 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -402,6 +402,9 @@ class UsersController < ApplicationController
       session["user_created_message"] = activation.message
       session[SessionController::ACTIVATE_USER_KEY] = user.id
 
+      # If the user was created as active, they might need to be approved
+      user.create_reviewable if user.active?
+
       render json: {
         success: true,
         active: user.active?,
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index 5b7a9a8a060..521ce83e94f 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -676,7 +676,7 @@ describe UsersController do
         let(:admin) { Fabricate(:admin) }
         let(:api_key) { Fabricate(:api_key, user: admin) }
 
-        it "creates the user as active with a regular key" do
+        it "creates the user as active with a an admin key" do
           SiteSetting.send_welcome_message = true
           SiteSetting.must_approve_users = true
 
@@ -699,6 +699,36 @@ describe UsersController do
           expect(new_user.approved_at).to_not eq(nil)
         end
 
+        it "will create a reviewable when a user is created as active but not approved" do
+          Jobs.run_immediately!
+          SiteSetting.must_approve_users = true
+
+          post "/u.json", params: post_user_params.merge(active: true, api_key: api_key.key)
+
+          expect(response.status).to eq(200)
+          json = JSON.parse(response.body)
+
+          new_user = User.find(json["user_id"])
+          expect(json['active']).to be_truthy
+          expect(new_user.approved).to eq(false)
+          expect(ReviewableUser.pending.find_by(target: new_user)).to be_present
+        end
+
+        it "won't create a reviewable when a user is not active" do
+          Jobs.run_immediately!
+          SiteSetting.must_approve_users = true
+
+          post "/u.json", params: post_user_params.merge(api_key: api_key.key)
+
+          expect(response.status).to eq(200)
+          json = JSON.parse(response.body)
+
+          new_user = User.find(json["user_id"])
+          expect(json['active']).to eq(false)
+          expect(new_user.approved).to eq(false)
+          expect(ReviewableUser.pending.find_by(target: new_user)).to be_blank
+        end
+
         it "won't create the developer as active" do
           UsernameCheckerService.expects(:is_developer?).returns(true)