TwitterAPI: Make change_password require body params instead of query
Backport of: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3503
This commit is contained in:
parent
8baaa36a16
commit
3961422f85
@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
### Fixed
|
||||
- MastodonAPI: Stream out Create activities
|
||||
- MRF ObjectAgePolicy: Fix pattern matching on "published"
|
||||
- TwitterAPI: Make `change_password` require params on body instead of query
|
||||
|
||||
## 2.4.0 - 2021-08-08
|
||||
|
||||
|
@ -8,6 +8,8 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
|
||||
alias Pleroma.Web.ApiSpec.Schemas.ApiError
|
||||
alias Pleroma.Web.ApiSpec.Schemas.BooleanLike
|
||||
|
||||
import Pleroma.Web.ApiSpec.Helpers
|
||||
|
||||
def open_api_operation(action) do
|
||||
operation = String.to_existing_atom("#{action}_operation")
|
||||
apply(__MODULE__, operation, [])
|
||||
@ -63,17 +65,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
|
||||
summary: "Change account password",
|
||||
security: [%{"oAuth" => ["write:accounts"]}],
|
||||
operationId: "UtilController.change_password",
|
||||
parameters: [
|
||||
Operation.parameter(:password, :query, :string, "Current password", required: true),
|
||||
Operation.parameter(:new_password, :query, :string, "New password", required: true),
|
||||
Operation.parameter(
|
||||
:new_password_confirmation,
|
||||
:query,
|
||||
:string,
|
||||
"New password, confirmation",
|
||||
required: true
|
||||
)
|
||||
],
|
||||
requestBody: request_body("Parameters", change_password_request(), required: true),
|
||||
responses: %{
|
||||
200 =>
|
||||
Operation.response("Success", "application/json", %Schema{
|
||||
@ -86,6 +78,23 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
|
||||
}
|
||||
end
|
||||
|
||||
defp change_password_request do
|
||||
%Schema{
|
||||
title: "ChangePasswordRequest",
|
||||
description: "POST body for changing the account's passowrd",
|
||||
type: :object,
|
||||
required: [:password, :new_password, :new_password_confirmation],
|
||||
properties: %{
|
||||
password: %Schema{type: :string, description: "Current password"},
|
||||
new_password: %Schema{type: :string, description: "New password"},
|
||||
new_password_confirmation: %Schema{
|
||||
type: :string,
|
||||
description: "New password, confirmation"
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def change_email_operation do
|
||||
%Operation{
|
||||
tags: ["Account credentials"],
|
||||
|
@ -81,17 +81,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
|
||||
end
|
||||
end
|
||||
|
||||
def change_password(%{assigns: %{user: user}} = conn, %{
|
||||
password: password,
|
||||
new_password: new_password,
|
||||
new_password_confirmation: new_password_confirmation
|
||||
}) do
|
||||
case CommonAPI.Utils.confirm_current_password(user, password) do
|
||||
def change_password(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
|
||||
case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
|
||||
{:ok, user} ->
|
||||
with {:ok, _user} <-
|
||||
User.reset_password(user, %{
|
||||
password: new_password,
|
||||
password_confirmation: new_password_confirmation
|
||||
password: body_params.new_password,
|
||||
password_confirmation: body_params.new_password_confirmation
|
||||
}) do
|
||||
json(conn, %{status: "success"})
|
||||
else
|
||||
|
@ -356,15 +356,12 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
|
||||
conn =
|
||||
conn
|
||||
|> assign(:token, nil)
|
||||
|> post(
|
||||
"/api/pleroma/change_password?#{
|
||||
URI.encode_query(%{
|
||||
password: "hi",
|
||||
new_password: "newpass",
|
||||
new_password_confirmation: "newpass"
|
||||
|> put_req_header("content-type", "multipart/form-data")
|
||||
|> post("/api/pleroma/change_password", %{
|
||||
"password" => "hi",
|
||||
"new_password" => "newpass",
|
||||
"new_password_confirmation" => "newpass"
|
||||
})
|
||||
}"
|
||||
)
|
||||
|
||||
assert json_response_and_validate_schema(conn, 403) == %{
|
||||
"error" => "Insufficient permissions: write:accounts."
|
||||
@ -373,16 +370,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
|
||||
|
||||
test "with proper permissions and invalid password", %{conn: conn} do
|
||||
conn =
|
||||
post(
|
||||
conn,
|
||||
"/api/pleroma/change_password?#{
|
||||
URI.encode_query(%{
|
||||
password: "hi",
|
||||
new_password: "newpass",
|
||||
new_password_confirmation: "newpass"
|
||||
conn
|
||||
|> put_req_header("content-type", "multipart/form-data")
|
||||
|> post("/api/pleroma/change_password", %{
|
||||
"password" => "hi",
|
||||
"new_password" => "newpass",
|
||||
"new_password_confirmation" => "newpass"
|
||||
})
|
||||
}"
|
||||
)
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
|
||||
end
|
||||
@ -392,16 +386,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
|
||||
conn: conn
|
||||
} do
|
||||
conn =
|
||||
post(
|
||||
conn,
|
||||
"/api/pleroma/change_password?#{
|
||||
URI.encode_query(%{
|
||||
password: "test",
|
||||
new_password: "newpass",
|
||||
new_password_confirmation: "notnewpass"
|
||||
conn
|
||||
|> put_req_header("content-type", "multipart/form-data")
|
||||
|> post("/api/pleroma/change_password", %{
|
||||
"password" => "test",
|
||||
"new_password" => "newpass",
|
||||
"new_password_confirmation" => "notnewpass"
|
||||
})
|
||||
}"
|
||||
)
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{
|
||||
"error" => "New password does not match confirmation."
|
||||
@ -412,12 +403,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
|
||||
conn: conn
|
||||
} do
|
||||
conn =
|
||||
post(
|
||||
conn,
|
||||
"/api/pleroma/change_password?#{
|
||||
URI.encode_query(%{password: "test", new_password: "", new_password_confirmation: ""})
|
||||
}"
|
||||
)
|
||||
conn
|
||||
|> put_req_header("content-type", "multipart/form-data")
|
||||
|> post("/api/pleroma/change_password", %{
|
||||
password: "test",
|
||||
new_password: "",
|
||||
new_password_confirmation: ""
|
||||
})
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{
|
||||
"error" => "New password can't be blank."
|
||||
@ -429,15 +421,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
|
||||
user: user
|
||||
} do
|
||||
conn =
|
||||
post(
|
||||
conn,
|
||||
"/api/pleroma/change_password?#{
|
||||
URI.encode_query(%{
|
||||
conn
|
||||
|> put_req_header("content-type", "multipart/form-data")
|
||||
|> post(
|
||||
"/api/pleroma/change_password",
|
||||
%{
|
||||
password: "test",
|
||||
new_password: "newpass",
|
||||
new_password_confirmation: "newpass"
|
||||
})
|
||||
}"
|
||||
}
|
||||
)
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
|
||||
|
Loading…
Reference in New Issue
Block a user