commit: 5c573a8a282725a9f2595fa264d794870a832a8a
parent 235c4139d701f7d25dac2a152d8ab6e4afb1c20d
Author: lain <lain@soykaf.club>
Date: Fri, 3 Dec 2021 15:13:10 +0000
Merge branch 'password-reset' into 'develop'
Restore POST /auth/password, fixes #2789
Closes #2789
See merge request pleroma/pleroma!3550
Diffstat:
4 files changed, 115 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -736,6 +736,12 @@ defmodule Pleroma.Web.Router do
get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
end
+ scope "/", Pleroma.Web do
+ pipe_through(:pleroma_html)
+
+ post("/auth/password", TwitterAPI.PasswordController, :request)
+ end
+
scope "/proxy/", Pleroma.Web do
get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
diff --git a/lib/pleroma/web/twitter_api/controllers/password_controller.ex b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
@@ -11,9 +11,23 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
require Logger
+ import Pleroma.Web.ControllerHelper, only: [json_response: 3]
+
alias Pleroma.PasswordResetToken
alias Pleroma.Repo
alias Pleroma.User
+ alias Pleroma.Web.TwitterAPI.TwitterAPI
+
+ plug(Pleroma.Web.Plugs.RateLimiter, [name: :request] when action == :request)
+
+ @doc "POST /auth/password"
+ def request(conn, params) do
+ nickname_or_email = params["email"] || params["nickname"]
+
+ TwitterAPI.password_reset(nickname_or_email)
+
+ json_response(conn, :no_content, "")
+ end
def reset(conn, %{"token" => token}) do
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
diff --git a/test/pleroma/web/plugs/frontend_static_plug_test.exs b/test/pleroma/web/plugs/frontend_static_plug_test.exs
@@ -94,6 +94,7 @@ defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
"internal",
".well-known",
"nodeinfo",
+ "auth",
"proxy",
"test",
"user_exists",
diff --git a/test/pleroma/web/twitter_api/password_controller_test.exs b/test/pleroma/web/twitter_api/password_controller_test.exs
@@ -5,10 +5,14 @@
defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
use Pleroma.Web.ConnCase
+ alias Pleroma.Config
alias Pleroma.PasswordResetToken
+ alias Pleroma.Repo
+ alias Pleroma.Tests.ObanHelpers
alias Pleroma.User
alias Pleroma.Web.OAuth.Token
import Pleroma.Factory
+ import Swoosh.TestAssertions
describe "GET /api/pleroma/password_reset/token" do
test "it returns error when token invalid", %{conn: conn} do
@@ -116,4 +120,94 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
assert User.get_by_id(user.id).password_reset_pending == false
end
end
+
+ describe "POST /auth/password, with valid parameters" do
+ setup %{conn: conn} do
+ user = insert(:user)
+ conn = post(conn, "/auth/password?email=#{user.email}")
+ %{conn: conn, user: user}
+ end
+
+ test "it returns 204", %{conn: conn} do
+ assert empty_json_response(conn)
+ end
+
+ test "it creates a PasswordResetToken record for user", %{user: user} do
+ token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
+ assert token_record
+ end
+
+ test "it sends an email to user", %{user: user} do
+ ObanHelpers.perform_all()
+ token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
+
+ email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
+ notify_email = Config.get([:instance, :notify_email])
+ instance_name = Config.get([:instance, :name])
+
+ assert_email_sent(
+ from: {instance_name, notify_email},
+ to: {user.name, user.email},
+ html_body: email.html_body
+ )
+ end
+ end
+
+ describe "POST /auth/password, with nickname" do
+ test "it returns 204", %{conn: conn} do
+ user = insert(:user)
+
+ assert conn
+ |> post("/auth/password?nickname=#{user.nickname}")
+ |> empty_json_response()
+
+ ObanHelpers.perform_all()
+ token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
+
+ email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
+ notify_email = Config.get([:instance, :notify_email])
+ instance_name = Config.get([:instance, :name])
+
+ assert_email_sent(
+ from: {instance_name, notify_email},
+ to: {user.name, user.email},
+ html_body: email.html_body
+ )
+ end
+
+ test "it doesn't fail when a user has no email", %{conn: conn} do
+ user = insert(:user, %{email: nil})
+
+ assert conn
+ |> post("/auth/password?nickname=#{user.nickname}")
+ |> empty_json_response()
+ end
+ end
+
+ describe "POST /auth/password, with invalid parameters" do
+ setup do
+ user = insert(:user)
+ {:ok, user: user}
+ end
+
+ test "it returns 204 when user is not found", %{conn: conn, user: user} do
+ conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
+
+ assert empty_json_response(conn)
+ end
+
+ test "it returns 204 when user is not local", %{conn: conn, user: user} do
+ {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
+ conn = post(conn, "/auth/password?email=#{user.email}")
+
+ assert empty_json_response(conn)
+ end
+
+ test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
+ {:ok, user} = Repo.update(Ecto.Changeset.change(user, is_active: false, local: true))
+ conn = post(conn, "/auth/password?email=#{user.email}")
+
+ assert empty_json_response(conn)
+ end
+ end
end
