diff --git a/app/controllers/concerns/export_controller_concern.rb b/app/controllers/concerns/export_controller_concern.rb
index bfe990c827d1bf9cf085e05553fc1b375a372b84..24cfc7a01248325e39db739b61b53f8745bce813 100644
--- a/app/controllers/concerns/export_controller_concern.rb
+++ b/app/controllers/concerns/export_controller_concern.rb
@@ -5,7 +5,6 @@ module ExportControllerConcern
 
   included do
     before_action :authenticate_user!
-    before_action :require_not_suspended!
     before_action :load_export
 
     skip_before_action :require_functional!
@@ -30,8 +29,4 @@ module ExportControllerConcern
   def export_filename
     "#{controller_name}.csv"
   end
-
-  def require_not_suspended!
-    forbidden if current_account.suspended?
-  end
 end
diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb
index fb8389034b9b20cffeab89b0579000db992bdf7e..45151cdd7754d016121379410abdea4df3d25925 100644
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@@ -5,6 +5,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
 
   before_action :store_current_location
   before_action :authenticate_resource_owner!
+  before_action :require_not_suspended!, only: :destroy
   before_action :set_body_classes
 
   skip_before_action :require_functional!
@@ -25,4 +26,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
   def store_current_location
     store_location_for(:user, request.url)
   end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
+  end
 end
diff --git a/app/controllers/settings/aliases_controller.rb b/app/controllers/settings/aliases_controller.rb
index b7c9a409d1f8d7fb18adadbfcce531118d9c8a31..a421b8ede312920d3bc969917c418b358a0f13a2 100644
--- a/app/controllers/settings/aliases_controller.rb
+++ b/app/controllers/settings/aliases_controller.rb
@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 class Settings::AliasesController < Settings::BaseController
-  layout 'admin'
+  skip_before_action :require_functional!
 
-  before_action :authenticate_user!
+  before_action :require_not_suspended!
   before_action :set_aliases, except: :destroy
   before_action :set_alias, only: :destroy
 
diff --git a/app/controllers/settings/applications_controller.rb b/app/controllers/settings/applications_controller.rb
index ed3f82a8e06e693e8107c0fbdf2211d7ec48a3a0..d3ac268d862018095561f295c222ff169e25d6c2 100644
--- a/app/controllers/settings/applications_controller.rb
+++ b/app/controllers/settings/applications_controller.rb
@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 class Settings::ApplicationsController < Settings::BaseController
-  layout 'admin'
-
-  before_action :authenticate_user!
   before_action :set_application, only: [:show, :update, :destroy, :regenerate]
   before_action :prepare_scopes, only: [:create, :update]
 
diff --git a/app/controllers/settings/base_controller.rb b/app/controllers/settings/base_controller.rb
index 3c404cfff20b308de7c997e2efb8e3d782acdbe0..8311538a5694419f6c5676ebd323837b5f933531 100644
--- a/app/controllers/settings/base_controller.rb
+++ b/app/controllers/settings/base_controller.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class Settings::BaseController < ApplicationController
+  layout 'admin'
+
+  before_action :authenticate_user!
   before_action :set_body_classes
   before_action :set_cache_headers
 
@@ -13,4 +16,8 @@ class Settings::BaseController < ApplicationController
   def set_cache_headers
     response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
   end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
+  end
 end
diff --git a/app/controllers/settings/deletes_controller.rb b/app/controllers/settings/deletes_controller.rb
index 15a59c999dffe219c06b7e2099ee1fe4fb2875db..7d4844e60f15eaba7b91e9449b1eae451a2c78dd 100644
--- a/app/controllers/settings/deletes_controller.rb
+++ b/app/controllers/settings/deletes_controller.rb
@@ -1,13 +1,10 @@
 # frozen_string_literal: true
 
 class Settings::DeletesController < Settings::BaseController
-  layout 'admin'
+  skip_before_action :require_functional!
 
-  before_action :check_enabled_deletion
-  before_action :authenticate_user!
   before_action :require_not_suspended!
-
-  skip_before_action :require_functional!
+  before_action :check_enabled_deletion
 
   def show
     @confirmation = Form::DeleteConfirmation.new
diff --git a/app/controllers/settings/exports/blocked_accounts_controller.rb b/app/controllers/settings/exports/blocked_accounts_controller.rb
index 2092104e01d1d147103d52de5f2b03b7213e042f..2190caa3619e6c4df92452101f651bfa715a7e17 100644
--- a/app/controllers/settings/exports/blocked_accounts_controller.rb
+++ b/app/controllers/settings/exports/blocked_accounts_controller.rb
@@ -2,7 +2,7 @@
 
 module Settings
   module Exports
-    class BlockedAccountsController < ApplicationController
+    class BlockedAccountsController < BaseController
       include ExportControllerConcern
 
       def index
diff --git a/app/controllers/settings/exports/blocked_domains_controller.rb b/app/controllers/settings/exports/blocked_domains_controller.rb
index 6676ce340148f9488398f78612d311f59bec2c29..bee4b2431e374e6e651ea3da4b9f4f13b34d9521 100644
--- a/app/controllers/settings/exports/blocked_domains_controller.rb
+++ b/app/controllers/settings/exports/blocked_domains_controller.rb
@@ -2,7 +2,7 @@
 
 module Settings
   module Exports
-    class BlockedDomainsController < ApplicationController
+    class BlockedDomainsController < BaseController
       include ExportControllerConcern
 
       def index
diff --git a/app/controllers/settings/exports/following_accounts_controller.rb b/app/controllers/settings/exports/following_accounts_controller.rb
index 74281ddca267ac298be567d1f25d2c85ec07b870..acefcb15da67aa1ce340e7340dab4585046b34fe 100644
--- a/app/controllers/settings/exports/following_accounts_controller.rb
+++ b/app/controllers/settings/exports/following_accounts_controller.rb
@@ -2,7 +2,7 @@
 
 module Settings
   module Exports
-    class FollowingAccountsController < ApplicationController
+    class FollowingAccountsController < BaseController
       include ExportControllerConcern
 
       def index
diff --git a/app/controllers/settings/exports/lists_controller.rb b/app/controllers/settings/exports/lists_controller.rb
index cf5a9de44b33bd3bd3c1cea91fbc4a79a345a9c1..bc65f56a0eff651ccea131cc42151fc9ab026e93 100644
--- a/app/controllers/settings/exports/lists_controller.rb
+++ b/app/controllers/settings/exports/lists_controller.rb
@@ -2,7 +2,7 @@
 
 module Settings
   module Exports
-    class ListsController < ApplicationController
+    class ListsController < BaseController
       include ExportControllerConcern
 
       def index
diff --git a/app/controllers/settings/exports/muted_accounts_controller.rb b/app/controllers/settings/exports/muted_accounts_controller.rb
index e511619ca6ab7aeb8fa01ebbd204f173a50c9028..50b7bf1f7911924618bf1a97c723fe8d032ee532 100644
--- a/app/controllers/settings/exports/muted_accounts_controller.rb
+++ b/app/controllers/settings/exports/muted_accounts_controller.rb
@@ -2,7 +2,7 @@
 
 module Settings
   module Exports
-    class MutedAccountsController < ApplicationController
+    class MutedAccountsController < BaseController
       include ExportControllerConcern
 
       def index
diff --git a/app/controllers/settings/exports_controller.rb b/app/controllers/settings/exports_controller.rb
index 0e93d07a9b2d509aa1738c855f4e2df49764af53..30138d29ed6412ab3c39f67b3f9b44cd207f92eb 100644
--- a/app/controllers/settings/exports_controller.rb
+++ b/app/controllers/settings/exports_controller.rb
@@ -3,11 +3,6 @@
 class Settings::ExportsController < Settings::BaseController
   include Authorization
 
-  layout 'admin'
-
-  before_action :authenticate_user!
-  before_action :require_not_suspended!
-
   skip_before_action :require_functional!
 
   def show
@@ -16,8 +11,6 @@ class Settings::ExportsController < Settings::BaseController
   end
 
   def create
-    raise Mastodon::NotPermittedError unless user_signed_in?
-
     backup = nil
 
     RedisLock.acquire(lock_options) do |lock|
@@ -37,8 +30,4 @@ class Settings::ExportsController < Settings::BaseController
   def lock_options
     { redis: Redis.current, key: "backup:#{current_user.id}" }
   end
-
-  def require_not_suspended!
-    forbidden if current_account.suspended?
-  end
 end
diff --git a/app/controllers/settings/featured_tags_controller.rb b/app/controllers/settings/featured_tags_controller.rb
index e9861da56cffe9600256263a59c34e0aafa45da7..e805527d07c63ad3b95ee18b0465a408d587234f 100644
--- a/app/controllers/settings/featured_tags_controller.rb
+++ b/app/controllers/settings/featured_tags_controller.rb
@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 class Settings::FeaturedTagsController < Settings::BaseController
-  layout 'admin'
-
-  before_action :authenticate_user!
   before_action :set_featured_tags, only: :index
   before_action :set_featured_tag, except: [:index, :create]
   before_action :set_recently_used_tags, only: :index
diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb
index 3a90b7c4df04117b6228478c6c579a905a4e7ff6..bf2899da66fc4424b0d72abbd7617f4d78822371 100644
--- a/app/controllers/settings/identity_proofs_controller.rb
+++ b/app/controllers/settings/identity_proofs_controller.rb
@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 class Settings::IdentityProofsController < Settings::BaseController
-  layout 'admin'
-
-  before_action :authenticate_user!
   before_action :check_required_params, only: :new
 
   def index
diff --git a/app/controllers/settings/imports_controller.rb b/app/controllers/settings/imports_controller.rb
index 7b8c4ae235050acd1df905df0cf0299b7c81b6fe..d4516526eee037b8a70c5c05e1aa53806041a60c 100644
--- a/app/controllers/settings/imports_controller.rb
+++ b/app/controllers/settings/imports_controller.rb
@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 class Settings::ImportsController < Settings::BaseController
-  layout 'admin'
-
-  before_action :authenticate_user!
   before_action :set_account
 
   def show
diff --git a/app/controllers/settings/migration/redirects_controller.rb b/app/controllers/settings/migration/redirects_controller.rb
index 97193ade02d58dbd941484850ea514c6bc3a6d62..6d469f3842c77fbe1c3c19584dbbb044e3f6e40c 100644
--- a/app/controllers/settings/migration/redirects_controller.rb
+++ b/app/controllers/settings/migration/redirects_controller.rb
@@ -1,13 +1,10 @@
 # frozen_string_literal: true
 
 class Settings::Migration::RedirectsController < Settings::BaseController
-  layout 'admin'
+  skip_before_action :require_functional!
 
-  before_action :authenticate_user!
   before_action :require_not_suspended!
 
-  skip_before_action :require_functional!
-
   def new
     @redirect = Form::Redirect.new
   end
@@ -38,8 +35,4 @@ class Settings::Migration::RedirectsController < Settings::BaseController
   def resource_params
     params.require(:form_redirect).permit(:acct, :current_password, :current_username)
   end
-
-  def require_not_suspended!
-    forbidden if current_account.suspended?
-  end
 end
diff --git a/app/controllers/settings/migrations_controller.rb b/app/controllers/settings/migrations_controller.rb
index 68304bb513f3a62afd7e13a4dfb862b11d6770a0..62603aba819783eb6d41d344a19d5331b0d0583b 100644
--- a/app/controllers/settings/migrations_controller.rb
+++ b/app/controllers/settings/migrations_controller.rb
@@ -1,15 +1,12 @@
 # frozen_string_literal: true
 
 class Settings::MigrationsController < Settings::BaseController
-  layout 'admin'
+  skip_before_action :require_functional!
 
-  before_action :authenticate_user!
   before_action :require_not_suspended!
   before_action :set_migrations
   before_action :set_cooldown
 
-  skip_before_action :require_functional!
-
   def show
     @migration = current_account.migrations.build
   end
@@ -44,8 +41,4 @@ class Settings::MigrationsController < Settings::BaseController
   def on_cooldown?
     @cooldown.present?
   end
-
-  def require_not_suspended!
-    forbidden if current_account.suspended?
-  end
 end
diff --git a/app/controllers/settings/pictures_controller.rb b/app/controllers/settings/pictures_controller.rb
index df2a6eed3ec13e92264c7873d21f664aefa9203a..28df65f8ffacf8417e0c3b295b7dc1c15e6a6529 100644
--- a/app/controllers/settings/pictures_controller.rb
+++ b/app/controllers/settings/pictures_controller.rb
@@ -2,7 +2,6 @@
 
 module Settings
   class PicturesController < BaseController
-    before_action :authenticate_user!
     before_action :set_account
     before_action :set_picture
 
diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb
index bac9b329d4658bf1382411c97053166312d19988..be4dc904d4d2d898e75447e320c2a273961aa3c3 100644
--- a/app/controllers/settings/preferences_controller.rb
+++ b/app/controllers/settings/preferences_controller.rb
@@ -1,10 +1,6 @@
 # frozen_string_literal: true
 
 class Settings::PreferencesController < Settings::BaseController
-  layout 'admin'
-
-  before_action :authenticate_user!
-
   def show; end
 
   def update
diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 19a7ce157f0a782c6b62ac22f39878d01f8c266b..0c15447a6c134315d079a4df8ada0e07831f46c8 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 class Settings::ProfilesController < Settings::BaseController
-  layout 'admin'
-
-  before_action :authenticate_user!
   before_action :set_account
 
   def show
diff --git a/app/controllers/settings/sessions_controller.rb b/app/controllers/settings/sessions_controller.rb
index df5ace80368ccc1f0c210c1b7fb1ad388cf5dfed..ee2fc5dc80f2b50d9b6f88b2c0dcfc932aed222a 100644
--- a/app/controllers/settings/sessions_controller.rb
+++ b/app/controllers/settings/sessions_controller.rb
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 class Settings::SessionsController < Settings::BaseController
-  before_action :authenticate_user!
-  before_action :set_session, only: :destroy
-
   skip_before_action :require_functional!
 
+  before_action :require_not_suspended!
+  before_action :set_session, only: :destroy
+
   def destroy
     @session.destroy!
     flash[:notice] = I18n.t('sessions.revoke_success')
diff --git a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
index 9f23011a7d4418ed01e58648fd8a17ad530e9c3a..1a0afe58b05490da8daa1f914894fdb22323e197 100644
--- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
@@ -5,14 +5,11 @@ module Settings
     class ConfirmationsController < BaseController
       include ChallengableConcern
 
-      layout 'admin'
+      skip_before_action :require_functional!
 
-      before_action :authenticate_user!
       before_action :require_challenge!
       before_action :ensure_otp_secret
 
-      skip_before_action :require_functional!
-
       def new
         prepare_two_factor_form
       end
diff --git a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
index 6836f7ef62299b6ce5d33e756d7976f47f835e5d..cbba842a980d0709548ee6dc9fc149aa3cc73bd1 100644
--- a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
@@ -5,14 +5,11 @@ module Settings
     class OtpAuthenticationController < BaseController
       include ChallengableConcern
 
-      layout 'admin'
+      skip_before_action :require_functional!
 
-      before_action :authenticate_user!
       before_action :verify_otp_not_enabled, only: [:show]
       before_action :require_challenge!, only: [:create]
 
-      skip_before_action :require_functional!
-
       def show
         @confirmation = Form::TwoFactorConfirmation.new
       end
diff --git a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
index 0c4f5bff762c591c8c4d14f56de5671edbffc0d8..6ec53224d384c35e7aa8c4504bd6c07c664e1563 100644
--- a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
@@ -5,13 +5,10 @@ module Settings
     class RecoveryCodesController < BaseController
       include ChallengableConcern
 
-      layout 'admin'
+      skip_before_action :require_functional!
 
-      before_action :authenticate_user!
       before_action :require_challenge!, on: :create
 
-      skip_before_action :require_functional!
-
       def create
         @recovery_codes = current_user.generate_otp_backup_codes!
         current_user.save!
diff --git a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
index a19c604f3bb2f50bf81ecd111b19a03b7759fe7f..1c557092ba53b7cedfc4e0e8a181b330c5a0fe4f 100644
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@@ -3,9 +3,8 @@
 module Settings
   module TwoFactorAuthentication
     class WebauthnCredentialsController < BaseController
-      layout 'admin'
+      skip_before_action :require_functional!
 
-      before_action :authenticate_user!
       before_action :require_otp_enabled
       before_action :require_webauthn_enabled, only: [:index, :destroy]
 
diff --git a/app/controllers/settings/two_factor_authentication_methods_controller.rb b/app/controllers/settings/two_factor_authentication_methods_controller.rb
index 224d3a45cacb9c7fea5319fdc0511582dd6d2fdd..205933ea81482eb8371b743544302dcd959cf48e 100644
--- a/app/controllers/settings/two_factor_authentication_methods_controller.rb
+++ b/app/controllers/settings/two_factor_authentication_methods_controller.rb
@@ -4,14 +4,11 @@ module Settings
   class TwoFactorAuthenticationMethodsController < BaseController
     include ChallengableConcern
 
-    layout 'admin'
+    skip_before_action :require_functional!
 
-    before_action :authenticate_user!
     before_action :require_challenge!, only: :disable
     before_action :require_otp_enabled
 
-    skip_before_action :require_functional!
-
     def index; end
 
     def disable
diff --git a/app/views/auth/registrations/_sessions.html.haml b/app/views/auth/registrations/_sessions.html.haml
index 395e36a9fd6d07373a3e4ca01bad451bab6b31d5..d3a04c00e7eceb98a6e30e0ec792066cce51e289 100644
--- a/app/views/auth/registrations/_sessions.html.haml
+++ b/app/views/auth/registrations/_sessions.html.haml
@@ -27,5 +27,5 @@
             - else
               %time.time-ago{ datetime: session.updated_at.iso8601, title: l(session.updated_at) }= l(session.updated_at)
           %td
-            - if current_session.session_id != session.session_id
+            - if current_session.session_id != session.session_id && !current_account.suspended?
               = table_link_to 'times', t('sessions.revoke'), settings_session_path(session), method: :delete
diff --git a/app/views/auth/registrations/edit.html.haml b/app/views/auth/registrations/edit.html.haml
index 4a46b27a93ca7c0d0e513f99c3f045f8a2c4d466..a3445b421aa1f0bb039e19af422c1ce548316763 100644
--- a/app/views/auth/registrations/edit.html.haml
+++ b/app/views/auth/registrations/edit.html.haml
@@ -30,18 +30,19 @@
 
 = render 'sessions'
 
-%hr.spacer/
+- unless current_account.suspended?
+  %hr.spacer/
 
-%h3= t('auth.migrate_account')
-%p.muted-hint= t('auth.migrate_account_html', path: settings_migration_path)
+  %h3= t('auth.migrate_account')
+  %p.muted-hint= t('auth.migrate_account_html', path: settings_migration_path)
 
-%hr.spacer/
+  %hr.spacer/
 
-%h3= t('migrations.incoming_migrations')
-%p.muted-hint= t('migrations.incoming_migrations_html', path: settings_aliases_path)
+  %h3= t('migrations.incoming_migrations')
+  %p.muted-hint= t('migrations.incoming_migrations_html', path: settings_aliases_path)
 
-- if open_deletion? && !current_account.suspended?
-  %hr.spacer/
+  - if open_deletion?
+    %hr.spacer/
 
-  %h3= t('auth.delete_account')
-  %p.muted-hint= t('auth.delete_account_html', path: settings_delete_path)
+    %h3= t('auth.delete_account')
+    %p.muted-hint= t('auth.delete_account_html', path: settings_delete_path)
diff --git a/app/views/oauth/authorized_applications/index.html.haml b/app/views/oauth/authorized_applications/index.html.haml
index 7b77108a93c959295405638bacef7126c43a641b..fbb733db49f3cd95a70a450e0ad74a2b277a0a0d 100644
--- a/app/views/oauth/authorized_applications/index.html.haml
+++ b/app/views/oauth/authorized_applications/index.html.haml
@@ -20,5 +20,5 @@
           %th!= application.scopes.map { |scope| t(scope, scope: [:doorkeeper, :scopes]) }.join(', ')
           %td= l application.created_at
           %td
-            - unless application.superapp?
+            - unless application.superapp? || current_account.suspended?
               = table_link_to 'times', t('doorkeeper.authorized_applications.buttons.revoke'), oauth_authorized_application_path(application), method: :delete, data: { confirm: t('doorkeeper.authorized_applications.confirmations.revoke') }
diff --git a/config/navigation.rb b/config/navigation.rb
index ece41d4bf9e2053042812f85cd489d83e56e53ad..c113a3c3eed025a0c93599ed5cde5f4ec2e487cf 100644
--- a/config/navigation.rb
+++ b/config/navigation.rb
@@ -21,7 +21,7 @@ SimpleNavigation::Configuration.run do |navigation|
 
     n.item :security, safe_join([fa_icon('lock fw'), t('settings.account')]), edit_user_registration_url do |s|
       s.item :password, safe_join([fa_icon('lock fw'), t('settings.account_settings')]), edit_user_registration_url, highlights_on: %r{/auth/edit|/settings/delete|/settings/migration|/settings/aliases}
-      s.item :two_factor_authentication, safe_join([fa_icon('mobile fw'), t('settings.two_factor_authentication')]), settings_two_factor_authentication_methods_url, highlights_on: %r{/settings/two_factor_authentication|/settings/security_keys}
+      s.item :two_factor_authentication, safe_join([fa_icon('mobile fw'), t('settings.two_factor_authentication')]), settings_two_factor_authentication_methods_url, highlights_on: %r{/settings/two_factor_authentication|/settings/otp_authentication|/settings/security_keys}
       s.item :authorized_apps, safe_join([fa_icon('list fw'), t('settings.authorized_apps')]), oauth_authorized_applications_url
     end
 
diff --git a/spec/controllers/settings/deletes_controller_spec.rb b/spec/controllers/settings/deletes_controller_spec.rb
index 996872efd1af639726dc957e2981fd7787559c7d..8d5c4774fd8541ce971eebc15199314f723238cc 100644
--- a/spec/controllers/settings/deletes_controller_spec.rb
+++ b/spec/controllers/settings/deletes_controller_spec.rb
@@ -77,26 +77,26 @@ describe Settings::DeletesController do
           expect(response).to redirect_to settings_delete_path
         end
       end
-    end
 
-    context 'when not signed in' do
-      it 'redirects' do
-        delete :destroy
-        expect(response).to redirect_to '/auth/sign_in'
-      end
-    end
+      context 'when account deletions are disabled' do
+        around do |example|
+          open_deletion = Setting.open_deletion
+          example.run
+          Setting.open_deletion = open_deletion
+        end
 
-    context do
-      around do |example|
-        open_deletion = Setting.open_deletion
-        example.run
-        Setting.open_deletion = open_deletion
+        it 'redirects' do
+          Setting.open_deletion = false
+          delete :destroy
+          expect(response).to redirect_to root_path
+        end
       end
+    end
 
+    context 'when not signed in' do
       it 'redirects' do
-        Setting.open_deletion = false
         delete :destroy
-        expect(response).to redirect_to root_path
+        expect(response).to redirect_to '/auth/sign_in'
       end
     end
   end