From fab0dd0bcfaee2df88df402d4cf1f1a4423c1fa6 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 15 Oct 2025 13:37:22 +0200
Subject: [PATCH] Change redirection for denied registration from web app to
 sign-in page with error message (#36384)

---
 app/controllers/auth/registrations_controller.rb       | 2 +-
 config/locales/devise.en.yml                           | 1 +
 spec/controllers/auth/registrations_controller_spec.rb | 8 ++++----
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index fc430544fb..780c0be319 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -89,7 +89,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   end
 
   def check_enabled_registrations
-    redirect_to root_path unless allowed_registration?(request.remote_ip, @invite)
+    redirect_to new_user_session_path, alert: I18n.t('devise.failure.closed_registrations', email: Setting.site_contact_email) unless allowed_registration?(request.remote_ip, @invite)
   end
 
   def invite_code
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
index 65095cd788..29cc473e01 100644
--- a/config/locales/devise.en.yml
+++ b/config/locales/devise.en.yml
@@ -7,6 +7,7 @@ en:
       send_paranoid_instructions: If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes. Please check your spam folder if you didn't receive this email.
     failure:
       already_authenticated: You are already signed in.
+      closed_registrations: Your registration attempt has been blocked due to a network policy. If you believe this is an error, contact %{email}.
       inactive: Your account is not activated yet.
       invalid: Invalid %{authentication_keys} or password.
       last_attempt: You have one more attempt before your account is locked.
diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb
index 04c2d5dbbb..c7bbe13092 100644
--- a/spec/controllers/auth/registrations_controller_spec.rb
+++ b/spec/controllers/auth/registrations_controller_spec.rb
@@ -12,11 +12,11 @@ RSpec.describe Auth::RegistrationsController do
         allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
       end
 
-      it 'redirects to root' do
+      it 'redirects to sign-in' do
         Fabricate(:account)
         get path
 
-        expect(response).to redirect_to '/'
+        expect(response).to redirect_to '/auth/sign_in'
         expect(Rails.configuration.x).to have_received(:single_user_mode)
       end
     end
@@ -27,10 +27,10 @@ RSpec.describe Auth::RegistrationsController do
         allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
       end
 
-      it 'redirects to root' do
+      it 'redirects to sign-in' do
         get path
 
-        expect(response).to redirect_to '/'
+        expect(response).to redirect_to '/auth/sign_in'
         expect(Rails.configuration.x).to have_received(:single_user_mode)
       end
     end