app/controllers/UserController.php: move activateLinkAction() to ApiController

app/config/routes.yml

@@ -54,5 +54,5 @@ router:
     activation-link:
       pattern: '/activate/{link}'
       path:
-        controller: user
+        controller: api
         action: activationlink

app/controllers/ApiController.php

@@ -5,7 +5,8 @@ namespace App\Controller;
 use App\Controller\ControllerBase,
     App\Model\Data\Callback as CallbackModel,
     App\Model\Data\Request as RequestModel,
-    App\Model\Data\RequestMeta as RequestMetaModel;
+    App\Model\Data\RequestMeta as RequestMetaModel,
+    App\Model\Data\UserActivation;
 
 class ApiController extends ControllerBase
 {
@@ -49,4 +50,41 @@ class ApiController extends ControllerBase
             }
         }
     }
+
+    /**
+     * Account/Password activation.
+     *
+     * @param $id
+     */
+    public function activationLinkAction($id)
+    {
+        $link = UserActivation::findFirst(['activation_key = ?0', 'bind' => [ $id ]]);
+
+        if ($link) {
+            if ($link->isValid()) {
+
+                $user = $link->getUser();
+
+                // Save password if any is set.
+                if (strlen($link->getPassword()) > 0) {
+                    $user->setPassword($link->getPassword());
+                    $this->flash->success('Your password has been activated.');
+                } else {
+                    $user->setStatus(User::STATUS_ACTIVE);
+                    $this->flash->success('Your account has been activated.');
+
+                    // Also login the user.
+                    $this->auth->systemLogin($user);
+                }
+                $user->save();
+            } else {
+                $this->flash->error('This link has expired or has already been used.');
+            }
+
+            // Make sure the link is deleted.
+            $link->delete();
+        } else {
+            $this->flash->error('This does not seem to be an active link');
+        }
+    }
 }

app/controllers/UserController.php

@@ -106,44 +106,6 @@ class UserController extends ControllerBase
         $this->response->redirect('/settings');
     }
 
-    /**
-     * Account/Password activation.
-     *
-     * @Acl(resource="auth")
-     * @param $id
-     */
-    public function activationLinkAction($id)
-    {
-        $link = UserActivation::findFirst(['activation_key = ?0', 'bind' => [ $id ]]);
-
-        if ($link) {
-            if ($link->isValid()) {
-
-                $user = $link->getUser();
-
-                // Save password if any is set.
-                if (strlen($link->getPassword()) > 0) {
-                    $user->setPassword($link->getPassword());
-                    $this->flash->success('Your password has been activated.');
-                } else {
-                    $user->setStatus(User::STATUS_ACTIVE);
-                    $this->flash->success('Your account has been activated.');
-
-                    // Also login the user.
-                    $this->auth->systemLogin($user);
-                }
-                $user->save();
-            } else {
-                $this->flash->error('This link has expired or has already been used.');
-            }
-
-            // Make sure the link is deleted.
-            $link->delete();
-        } else {
-            $this->flash->error('This does not seem to be an active link');
-        }
-    }
-
     public function activityAction($page = 1)
     {
         $user = $this->_getAuth()->getUser();