Restore POST /auth/password
This commit is contained in:
parent
0b2119d4a7
commit
5da4f33bf1
@ -756,13 +756,17 @@ defmodule Pleroma.Web.Router do
|
||||
get("/web/login", MastodonAPI.AuthController, :login)
|
||||
delete("/auth/sign_out", MastodonAPI.AuthController, :logout)
|
||||
|
||||
post("/auth/password", MastodonAPI.AuthController, :password_reset)
|
||||
|
||||
get("/web/*path", MastoFEController, :index)
|
||||
|
||||
get("/embed/:id", EmbedController, :show)
|
||||
end
|
||||
|
||||
scope "/", Pleroma.Web do
|
||||
pipe_through(:pleroma_html)
|
||||
|
||||
post("/auth/password", TwitterAPI.PasswordController, :request)
|
||||
end
|
||||
|
||||
scope "/proxy/", Pleroma.Web do
|
||||
get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
|
||||
get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
|
||||
|
@ -11,9 +11,23 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
|
||||
|
||||
require Logger
|
||||
|
||||
import Pleroma.Web.ControllerHelper, only: [json_response: 3]
|
||||
|
||||
alias Pleroma.PasswordResetToken
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||
|
||||
plug(Pleroma.Web.Plugs.RateLimiter, [name: :request] when action == :request)
|
||||
|
||||
@doc "POST /auth/password"
|
||||
def request(conn, params) do
|
||||
nickname_or_email = params["email"] || params["nickname"]
|
||||
|
||||
TwitterAPI.password_reset(nickname_or_email)
|
||||
|
||||
json_response(conn, :no_content, "")
|
||||
end
|
||||
|
||||
def reset(conn, %{"token" => token}) do
|
||||
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
|
||||
|
@ -5,10 +5,14 @@
|
||||
defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.PasswordResetToken
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.Tests.ObanHelpers
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
import Pleroma.Factory
|
||||
import Swoosh.TestAssertions
|
||||
|
||||
describe "GET /api/pleroma/password_reset/token" do
|
||||
test "it returns error when token invalid", %{conn: conn} do
|
||||
@ -116,4 +120,94 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
|
||||
assert User.get_by_id(user.id).password_reset_pending == false
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /auth/password, with valid parameters" do
|
||||
setup %{conn: conn} do
|
||||
user = insert(:user)
|
||||
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||
%{conn: conn, user: user}
|
||||
end
|
||||
|
||||
test "it returns 204", %{conn: conn} do
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
|
||||
test "it creates a PasswordResetToken record for user", %{user: user} do
|
||||
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||
assert token_record
|
||||
end
|
||||
|
||||
test "it sends an email to user", %{user: user} do
|
||||
ObanHelpers.perform_all()
|
||||
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||
|
||||
email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
|
||||
notify_email = Config.get([:instance, :notify_email])
|
||||
instance_name = Config.get([:instance, :name])
|
||||
|
||||
assert_email_sent(
|
||||
from: {instance_name, notify_email},
|
||||
to: {user.name, user.email},
|
||||
html_body: email.html_body
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /auth/password, with nickname" do
|
||||
test "it returns 204", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
assert conn
|
||||
|> post("/auth/password?nickname=#{user.nickname}")
|
||||
|> empty_json_response()
|
||||
|
||||
ObanHelpers.perform_all()
|
||||
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||
|
||||
email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
|
||||
notify_email = Config.get([:instance, :notify_email])
|
||||
instance_name = Config.get([:instance, :name])
|
||||
|
||||
assert_email_sent(
|
||||
from: {instance_name, notify_email},
|
||||
to: {user.name, user.email},
|
||||
html_body: email.html_body
|
||||
)
|
||||
end
|
||||
|
||||
test "it doesn't fail when a user has no email", %{conn: conn} do
|
||||
user = insert(:user, %{email: nil})
|
||||
|
||||
assert conn
|
||||
|> post("/auth/password?nickname=#{user.nickname}")
|
||||
|> empty_json_response()
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /auth/password, with invalid parameters" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
{:ok, user: user}
|
||||
end
|
||||
|
||||
test "it returns 204 when user is not found", %{conn: conn, user: user} do
|
||||
conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
|
||||
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
|
||||
test "it returns 204 when user is not local", %{conn: conn, user: user} do
|
||||
{:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
|
||||
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
|
||||
test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
|
||||
{:ok, user} = Repo.update(Ecto.Changeset.change(user, is_active: false, local: true))
|
||||
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user