From 743b622b7b59148525d0f941de3a7c4af7825d22 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Fri, 1 Nov 2019 18:45:47 +0300 Subject: [PATCH] Force password reset for multiple users --- CHANGELOG.md | 1 + lib/pleroma/moderation_log.ex | 11 +++++++++++ lib/pleroma/web/admin_api/admin_api_controller.ex | 12 +++++++++--- lib/pleroma/web/router.ex | 2 +- test/web/admin_api/admin_api_controller_test.exs | 2 +- 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 51e5424c6..34f46f98a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,6 +67,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Mark the direct conversation as read for the author when they send a new direct message - Deprecated `User.Info` embedded schema (fields moved to `User`) +- Admin API: `PATCH /api/pleroma/admin/users/:nickname/force_password_reset` is now `PATCH /api/pleroma/admin/users/force_password_reset` (accepts `nicknames` array in the request body) ### Fixed - Report emails now include functional links to profiles of remote user accounts diff --git a/lib/pleroma/moderation_log.ex b/lib/pleroma/moderation_log.ex index e8884e6e8..9031102ed 100644 --- a/lib/pleroma/moderation_log.ex +++ b/lib/pleroma/moderation_log.ex @@ -540,6 +540,17 @@ def get_log_entry_message(%ModerationLog{ "@#{actor_nickname} deleted status ##{subject_id}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "force_password_reset", + "subject" => subjects + } + }) do + "@#{actor_nickname} force password reset for users: #{users_to_nicknames_string(subjects)}" + end + defp nicknames_to_string(nicknames) do nicknames |> Enum.map(&"@#{&1}") diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 7ffbb23e7..b08011b4c 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -595,10 +595,16 @@ def get_password_reset(conn, %{"nickname" => nickname}) do end @doc "Force password reset for a given user" - def force_password_reset(conn, %{"nickname" => nickname}) do - (%User{local: true} = user) = User.get_cached_by_nickname(nickname) + def force_password_reset(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do + users = nicknames |> Enum.map(&User.get_cached_by_nickname/1) - User.force_password_reset_async(user) + Enum.map(users, &User.force_password_reset_async/1) + + ModerationLog.insert_log(%{ + actor: admin, + subject: users, + action: "force_password_reset" + }) json_response(conn, :no_content, "") end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index f69c5c2bc..8fb4aec13 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -171,7 +171,7 @@ defmodule Pleroma.Web.Router do post("/users/email_invite", AdminAPIController, :email_invite) get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset) - patch("/users/:nickname/force_password_reset", AdminAPIController, :force_password_reset) + patch("/users/force_password_reset", AdminAPIController, :force_password_reset) get("/users", AdminAPIController, :list_users) get("/users/:nickname", AdminAPIController, :user_show) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 22c989892..920429723 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -2538,7 +2538,7 @@ test "sets password_reset_pending to true", %{admin: admin, user: user} do conn = build_conn() |> assign(:user, admin) - |> patch("/api/pleroma/admin/users/#{user.nickname}/force_password_reset") + |> patch("/api/pleroma/admin/users/force_password_reset", %{nicknames: [user.nickname]}) assert json_response(conn, 204) == ""