From f975063b7dbe910d28cf072bc66d0f18d6d1fd56 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 25 Jan 2021 16:01:10 -0500
Subject: [PATCH] fix: #7125, allow list for page route, configurable via
 plugin hook

---
 src/middleware/user.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/middleware/user.js b/src/middleware/user.js
index 556a919821..3df31934bf 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -249,12 +249,17 @@ module.exports = function (middleware) {
 		res.status(403).render('403', { title: '[[global:403.title]]' });
 	};
 
-	middleware.registrationComplete = function registrationComplete(req, res, next) {
+	middleware.registrationComplete = async function registrationComplete(req, res, next) {
 		// If the user's session contains registration data, redirect the user to complete registration
 		if (!req.session.hasOwnProperty('registration')) {
 			return setImmediate(next);
 		}
-		if (!req.path.endsWith('/register/complete')) {
+
+		const path = req.path.startsWith('/api/') ? req.path.replace('/api', '') : req.path;
+		const { allowed } = await plugins.hooks.fire('filter:middleware.registrationComplete', {
+			allowed: ['/register/complete'],
+		});
+		if (!allowed.includes(path)) {
 			// Append user data if present
 			req.session.registration.uid = req.uid;