forked from AkkomaGang/akkoma
Merge branch 'password-reset' into 'develop'
Restore POST /auth/password, fixes #2789 Closes #2789 See merge request pleroma/pleroma!3550
This commit is contained in:
commit
5c573a8a28
4 changed files with 115 additions and 0 deletions
|
@ -736,6 +736,12 @@ defmodule Pleroma.Web.Router do
|
||||||
get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
|
get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
scope "/", Pleroma.Web do
|
||||||
|
pipe_through(:pleroma_html)
|
||||||
|
|
||||||
|
post("/auth/password", TwitterAPI.PasswordController, :request)
|
||||||
|
end
|
||||||
|
|
||||||
scope "/proxy/", Pleroma.Web do
|
scope "/proxy/", Pleroma.Web do
|
||||||
get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
|
get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
|
||||||
get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
|
get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
|
||||||
|
|
|
@ -11,9 +11,23 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
import Pleroma.Web.ControllerHelper, only: [json_response: 3]
|
||||||
|
|
||||||
alias Pleroma.PasswordResetToken
|
alias Pleroma.PasswordResetToken
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||||
|
|
||||||
|
plug(Pleroma.Web.Plugs.RateLimiter, [name: :request] when action == :request)
|
||||||
|
|
||||||
|
@doc "POST /auth/password"
|
||||||
|
def request(conn, params) do
|
||||||
|
nickname_or_email = params["email"] || params["nickname"]
|
||||||
|
|
||||||
|
TwitterAPI.password_reset(nickname_or_email)
|
||||||
|
|
||||||
|
json_response(conn, :no_content, "")
|
||||||
|
end
|
||||||
|
|
||||||
def reset(conn, %{"token" => token}) do
|
def reset(conn, %{"token" => token}) do
|
||||||
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
|
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
|
||||||
|
|
|
@ -94,6 +94,7 @@ test "api routes are detected correctly" do
|
||||||
"internal",
|
"internal",
|
||||||
".well-known",
|
".well-known",
|
||||||
"nodeinfo",
|
"nodeinfo",
|
||||||
|
"auth",
|
||||||
"proxy",
|
"proxy",
|
||||||
"test",
|
"test",
|
||||||
"user_exists",
|
"user_exists",
|
||||||
|
|
|
@ -5,10 +5,14 @@
|
||||||
defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
|
defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase
|
||||||
|
|
||||||
|
alias Pleroma.Config
|
||||||
alias Pleroma.PasswordResetToken
|
alias Pleroma.PasswordResetToken
|
||||||
|
alias Pleroma.Repo
|
||||||
|
alias Pleroma.Tests.ObanHelpers
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.OAuth.Token
|
alias Pleroma.Web.OAuth.Token
|
||||||
import Pleroma.Factory
|
import Pleroma.Factory
|
||||||
|
import Swoosh.TestAssertions
|
||||||
|
|
||||||
describe "GET /api/pleroma/password_reset/token" do
|
describe "GET /api/pleroma/password_reset/token" do
|
||||||
test "it returns error when token invalid", %{conn: conn} do
|
test "it returns error when token invalid", %{conn: conn} do
|
||||||
|
@ -116,4 +120,94 @@ test "it sets password_reset_pending to false", %{conn: conn} do
|
||||||
assert User.get_by_id(user.id).password_reset_pending == false
|
assert User.get_by_id(user.id).password_reset_pending == false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "POST /auth/password, with valid parameters" do
|
||||||
|
setup %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||||
|
%{conn: conn, user: user}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it returns 204", %{conn: conn} do
|
||||||
|
assert empty_json_response(conn)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it creates a PasswordResetToken record for user", %{user: user} do
|
||||||
|
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||||
|
assert token_record
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it sends an email to user", %{user: user} do
|
||||||
|
ObanHelpers.perform_all()
|
||||||
|
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||||
|
|
||||||
|
email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
|
||||||
|
notify_email = Config.get([:instance, :notify_email])
|
||||||
|
instance_name = Config.get([:instance, :name])
|
||||||
|
|
||||||
|
assert_email_sent(
|
||||||
|
from: {instance_name, notify_email},
|
||||||
|
to: {user.name, user.email},
|
||||||
|
html_body: email.html_body
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /auth/password, with nickname" do
|
||||||
|
test "it returns 204", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> post("/auth/password?nickname=#{user.nickname}")
|
||||||
|
|> empty_json_response()
|
||||||
|
|
||||||
|
ObanHelpers.perform_all()
|
||||||
|
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||||
|
|
||||||
|
email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
|
||||||
|
notify_email = Config.get([:instance, :notify_email])
|
||||||
|
instance_name = Config.get([:instance, :name])
|
||||||
|
|
||||||
|
assert_email_sent(
|
||||||
|
from: {instance_name, notify_email},
|
||||||
|
to: {user.name, user.email},
|
||||||
|
html_body: email.html_body
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it doesn't fail when a user has no email", %{conn: conn} do
|
||||||
|
user = insert(:user, %{email: nil})
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> post("/auth/password?nickname=#{user.nickname}")
|
||||||
|
|> empty_json_response()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /auth/password, with invalid parameters" do
|
||||||
|
setup do
|
||||||
|
user = insert(:user)
|
||||||
|
{:ok, user: user}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it returns 204 when user is not found", %{conn: conn, user: user} do
|
||||||
|
conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
|
||||||
|
|
||||||
|
assert empty_json_response(conn)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it returns 204 when user is not local", %{conn: conn, user: user} do
|
||||||
|
{:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
|
||||||
|
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||||
|
|
||||||
|
assert empty_json_response(conn)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
|
||||||
|
{:ok, user} = Repo.update(Ecto.Changeset.change(user, is_active: false, local: true))
|
||||||
|
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||||
|
|
||||||
|
assert empty_json_response(conn)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue