Added endpoint for changing passwords
This commit is contained in:
parent
b4064dfe30
commit
d0690622cd
@ -187,9 +187,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def confirm_current_password(user, params) do
|
def confirm_current_password(user, password) do
|
||||||
with %User{local: true} = db_user <- Repo.get(User, user.id),
|
with %User{local: true} = db_user <- Repo.get(User, user.id),
|
||||||
true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
|
true <- Pbkdf2.checkpw(password, db_user.password_hash) do
|
||||||
{:ok, db_user}
|
{:ok, db_user}
|
||||||
else
|
else
|
||||||
_ -> {:error, "Invalid password."}
|
_ -> {:error, "Invalid password."}
|
||||||
|
@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
|
|||||||
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
|
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
post("/follow_import", UtilController, :follow_import)
|
post("/follow_import", UtilController, :follow_import)
|
||||||
|
post("/change_password", UtilController, :change_password)
|
||||||
post("/delete_account", UtilController, :delete_account)
|
post("/delete_account", UtilController, :delete_account)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -197,8 +197,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
|
|||||||
json(conn, "job started")
|
json(conn, "job started")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def change_password(%{assigns: %{user: user}} = conn, params) do
|
||||||
|
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
|
||||||
|
{:ok, user} ->
|
||||||
|
with {:ok, _user} <-
|
||||||
|
User.reset_password(user, %{
|
||||||
|
password: params["new_password"],
|
||||||
|
password_confirmation: params["new_password_confirmation"]
|
||||||
|
}) do
|
||||||
|
json(conn, %{status: "success"})
|
||||||
|
else
|
||||||
|
{:error, changeset} ->
|
||||||
|
{_, {error, _}} = Enum.at(changeset.errors, 0)
|
||||||
|
json(conn, %{error: "New password #{error}."})
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
json(conn, %{error: "Unable to change password."})
|
||||||
|
end
|
||||||
|
|
||||||
|
{:error, msg} ->
|
||||||
|
json(conn, %{error: msg})
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def delete_account(%{assigns: %{user: user}} = conn, params) do
|
def delete_account(%{assigns: %{user: user}} = conn, params) do
|
||||||
case CommonAPI.Utils.confirm_current_password(user, params) do
|
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
|
||||||
{:ok, user} ->
|
{:ok, user} ->
|
||||||
Task.start(fn -> User.delete(user) end)
|
Task.start(fn -> User.delete(user) end)
|
||||||
json(conn, %{status: "success"})
|
json(conn, %{status: "success"})
|
||||||
|
@ -8,6 +8,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|
|||||||
alias Pleroma.Web.TwitterAPI.NotificationView
|
alias Pleroma.Web.TwitterAPI.NotificationView
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||||
|
alias Comeonin.Pbkdf2
|
||||||
|
|
||||||
import Pleroma.Factory
|
import Pleroma.Factory
|
||||||
|
|
||||||
@ -801,6 +802,82 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|
|||||||
assert user.bio == "Hello,<br>World! I<br> am a test."
|
assert user.bio == "Hello,<br>World! I<br> am a test."
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "POST /api/pleroma/change_password" do
|
||||||
|
setup [:valid_user]
|
||||||
|
|
||||||
|
test "without credentials", %{conn: conn} do
|
||||||
|
conn = post(conn, "/api/pleroma/change_password")
|
||||||
|
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "with credentials and invalid password", %{conn: conn, user: current_user} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> with_credentials(current_user.nickname, "test")
|
||||||
|
|> post("/api/pleroma/change_password", %{
|
||||||
|
"password" => "hi",
|
||||||
|
"new_password" => "newpass",
|
||||||
|
"new_password_confirmation" => "newpass"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert json_response(conn, 200) == %{"error" => "Invalid password."}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "with credentials, valid password and new password and confirmation not matching", %{
|
||||||
|
conn: conn,
|
||||||
|
user: current_user
|
||||||
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> with_credentials(current_user.nickname, "test")
|
||||||
|
|> post("/api/pleroma/change_password", %{
|
||||||
|
"password" => "test",
|
||||||
|
"new_password" => "newpass",
|
||||||
|
"new_password_confirmation" => "notnewpass"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert json_response(conn, 200) == %{
|
||||||
|
"error" => "New password does not match confirmation."
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "with credentials, valid password and invalid new password", %{
|
||||||
|
conn: conn,
|
||||||
|
user: current_user
|
||||||
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> with_credentials(current_user.nickname, "test")
|
||||||
|
|> post("/api/pleroma/change_password", %{
|
||||||
|
"password" => "test",
|
||||||
|
"new_password" => "",
|
||||||
|
"new_password_confirmation" => ""
|
||||||
|
})
|
||||||
|
|
||||||
|
assert json_response(conn, 200) == %{
|
||||||
|
"error" => "New password can't be blank."
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "with credentials, valid password and matching new password and confirmation", %{
|
||||||
|
conn: conn,
|
||||||
|
user: current_user
|
||||||
|
} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> with_credentials(current_user.nickname, "test")
|
||||||
|
|> post("/api/pleroma/change_password", %{
|
||||||
|
"password" => "test",
|
||||||
|
"new_password" => "newpass",
|
||||||
|
"new_password_confirmation" => "newpass"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert json_response(conn, 200) == %{"status" => "success"}
|
||||||
|
fetched_user = Repo.get(User, current_user.id)
|
||||||
|
assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe "POST /api/pleroma/delete_account" do
|
describe "POST /api/pleroma/delete_account" do
|
||||||
setup [:valid_user]
|
setup [:valid_user]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user