Merge branch 'password-reset' into 'develop'
Restore POST /auth/password, fixes #2789 Closes #2789 See merge request pleroma/pleroma!3550
This commit is contained in:
commit
5c573a8a28
|
@ -736,6 +736,12 @@ defmodule Pleroma.Web.Router do
|
|||
get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
|
||||
end
|
||||
|
||||
scope "/", Pleroma.Web do
|
||||
pipe_through(:pleroma_html)
|
||||
|
||||
post("/auth/password", TwitterAPI.PasswordController, :request)
|
||||
end
|
||||
|
||||
scope "/proxy/", Pleroma.Web do
|
||||
get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
|
||||
get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
|
||||
|
|
|
@ -11,9 +11,23 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
|
|||
|
||||
require Logger
|
||||
|
||||
import Pleroma.Web.ControllerHelper, only: [json_response: 3]
|
||||
|
||||
alias Pleroma.PasswordResetToken
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||
|
||||
plug(Pleroma.Web.Plugs.RateLimiter, [name: :request] when action == :request)
|
||||
|
||||
@doc "POST /auth/password"
|
||||
def request(conn, params) do
|
||||
nickname_or_email = params["email"] || params["nickname"]
|
||||
|
||||
TwitterAPI.password_reset(nickname_or_email)
|
||||
|
||||
json_response(conn, :no_content, "")
|
||||
end
|
||||
|
||||
def reset(conn, %{"token" => token}) do
|
||||
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
|
||||
|
|
|
@ -94,6 +94,7 @@ test "api routes are detected correctly" do
|
|||
"internal",
|
||||
".well-known",
|
||||
"nodeinfo",
|
||||
"auth",
|
||||
"proxy",
|
||||
"test",
|
||||
"user_exists",
|
||||
|
|
|
@ -5,10 +5,14 @@
|
|||
defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.PasswordResetToken
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.Tests.ObanHelpers
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
import Pleroma.Factory
|
||||
import Swoosh.TestAssertions
|
||||
|
||||
describe "GET /api/pleroma/password_reset/token" do
|
||||
test "it returns error when token invalid", %{conn: conn} do
|
||||
|
@ -116,4 +120,94 @@ test "it sets password_reset_pending to false", %{conn: conn} do
|
|||
assert User.get_by_id(user.id).password_reset_pending == false
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /auth/password, with valid parameters" do
|
||||
setup %{conn: conn} do
|
||||
user = insert(:user)
|
||||
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||
%{conn: conn, user: user}
|
||||
end
|
||||
|
||||
test "it returns 204", %{conn: conn} do
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
|
||||
test "it creates a PasswordResetToken record for user", %{user: user} do
|
||||
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||
assert token_record
|
||||
end
|
||||
|
||||
test "it sends an email to user", %{user: user} do
|
||||
ObanHelpers.perform_all()
|
||||
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||
|
||||
email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
|
||||
notify_email = Config.get([:instance, :notify_email])
|
||||
instance_name = Config.get([:instance, :name])
|
||||
|
||||
assert_email_sent(
|
||||
from: {instance_name, notify_email},
|
||||
to: {user.name, user.email},
|
||||
html_body: email.html_body
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /auth/password, with nickname" do
|
||||
test "it returns 204", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
assert conn
|
||||
|> post("/auth/password?nickname=#{user.nickname}")
|
||||
|> empty_json_response()
|
||||
|
||||
ObanHelpers.perform_all()
|
||||
token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
|
||||
|
||||
email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
|
||||
notify_email = Config.get([:instance, :notify_email])
|
||||
instance_name = Config.get([:instance, :name])
|
||||
|
||||
assert_email_sent(
|
||||
from: {instance_name, notify_email},
|
||||
to: {user.name, user.email},
|
||||
html_body: email.html_body
|
||||
)
|
||||
end
|
||||
|
||||
test "it doesn't fail when a user has no email", %{conn: conn} do
|
||||
user = insert(:user, %{email: nil})
|
||||
|
||||
assert conn
|
||||
|> post("/auth/password?nickname=#{user.nickname}")
|
||||
|> empty_json_response()
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /auth/password, with invalid parameters" do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
{:ok, user: user}
|
||||
end
|
||||
|
||||
test "it returns 204 when user is not found", %{conn: conn, user: user} do
|
||||
conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
|
||||
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
|
||||
test "it returns 204 when user is not local", %{conn: conn, user: user} do
|
||||
{:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
|
||||
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
|
||||
test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
|
||||
{:ok, user} = Repo.update(Ecto.Changeset.change(user, is_active: false, local: true))
|
||||
conn = post(conn, "/auth/password?email=#{user.email}")
|
||||
|
||||
assert empty_json_response(conn)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue