Describe the bug

New user gets registered and hits "forbidden"! Tested on 1.24.3, looks similar in effect to #2381 .

Error 403 - Forbidden
You don’t have permission to access this page
← Go back to your RSS feeds

It seems userController::createAction redirects the session towards manageAction, which at the very start returns 403 if the user is not an admin, but createAction redirects all new users! See

127.0.0.1 - - [13/Nov/2024:00:19:49 +0000] "POST /i/?c=user&a=create HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0"
127.0.0.1 - - [13/Nov/2024:00:19:49 +0000] "GET /i/?c=user&a=manage&rid=6733f0a59c71b HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0"
127.0.0.1 - - [13/Nov/2024:00:19:49 +0000] "GET /i/?c=error&rid=6733f0a59c71b HTTP/1.1" 403 6663 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0"

To Reproduce

1. Self-register new non-admin user
2. Observe "you are forbidden" page you're redirected to.

Expected behavior

The new user is redirected towards a useful page.

FreshRSS version

1.24.3

Environment information

• Database version: SQLite
• PHP version: PHP 8.2
• Installation type: Docker + sources from git
  -Web server type: Apache
• OS: Fedora 40
• Browser: Firefox 131.0.3

Additional context

No response