From 7ca9ce9d673cbfb38f6600006ab1f4996a415b64 Mon Sep 17 00:00:00 2001 From: Brian Underwood Date: Thu, 12 Jan 2023 21:14:42 +0100 Subject: [PATCH] fix: Give error message to users when address has already been validated Plus other errors. --- lib/pleroma/web/twitter_api/controller.ex | 19 +++++++++++---- .../web/twitter_api/controller_test.exs | 24 +++++++++++++++---- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/twitter_api/controller.ex b/lib/pleroma/web/twitter_api/controller.ex index 1e78ff2c1..c92ab63bc 100644 --- a/lib/pleroma/web/twitter_api/controller.ex +++ b/lib/pleroma/web/twitter_api/controller.ex @@ -18,10 +18,21 @@ defmodule Pleroma.Web.TwitterAPI.Controller do action_fallback(:errors) def confirm_email(conn, %{"user_id" => uid, "token" => token}) do - with %User{} = user <- User.get_cached_by_id(uid), - true <- user.local and !user.is_confirmed and user.confirmation_token == token, - {:ok, _} <- User.confirm(user) do - redirect(conn, to: "/") + case User.get_cached_by_id(uid) do + %User{local: true, is_confirmed: false, confirmation_token: ^token} = user -> + case User.confirm(user) do + {:ok, _} -> + redirect(conn, to: "/") + + {:error, _} -> + json_reply(conn, 400, "Unable to confirm") + end + + %User{is_confirmed: true} -> + json_reply(conn, 400, "Already verified email") + + _ -> + json_reply(conn, 400, "Couldn't verify email") end end diff --git a/test/pleroma/web/twitter_api/controller_test.exs b/test/pleroma/web/twitter_api/controller_test.exs index bca9e2dad..f3adc4b9f 100644 --- a/test/pleroma/web/twitter_api/controller_test.exs +++ b/test/pleroma/web/twitter_api/controller_test.exs @@ -38,16 +38,30 @@ test "it confirms the user account", %{conn: conn, user: user} do refute user.confirmation_token end - test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do - conn = get(conn, "/api/account/confirm_email/0/#{user.confirmation_token}") + test "confirmation is requested twice", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.confirmation_token}") + assert 302 == conn.status - assert 500 == conn.status + conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.confirmation_token}") + assert 400 == conn.status + assert "Already verified email" == conn.resp_body + + user = User.get_cached_by_id(user.id) + + assert user.is_confirmed + refute user.confirmation_token end - test "it returns 500 if token is invalid", %{conn: conn, user: user} do + test "it returns 400 if user cannot be found by id", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/0/#{user.confirmation_token}") + + assert 400 == conn.status + end + + test "it returns 400 if token is invalid", %{conn: conn, user: user} do conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token") - assert 500 == conn.status + assert 400 == conn.status end end