Commit d0690622 authored by Syldexia's avatar Syldexia

Added endpoint for changing passwords

parent b4064dfe
...@@ -187,9 +187,9 @@ defp shortname(name) do ...@@ -187,9 +187,9 @@ defp shortname(name) do
end end
end end
def confirm_current_password(user, params) do def confirm_current_password(user, password) do
with %User{local: true} = db_user <- Repo.get(User, user.id), with %User{local: true} = db_user <- Repo.get(User, user.id),
true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do true <- Pbkdf2.checkpw(password, db_user.password_hash) do
{:ok, db_user} {:ok, db_user}
else else
_ -> {:error, "Invalid password."} _ -> {:error, "Invalid password."}
......
...@@ -73,6 +73,7 @@ def user_fetcher(username) do ...@@ -73,6 +73,7 @@ def user_fetcher(username) do
scope "/api/pleroma", Pleroma.Web.TwitterAPI do scope "/api/pleroma", Pleroma.Web.TwitterAPI do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
post("/follow_import", UtilController, :follow_import) post("/follow_import", UtilController, :follow_import)
post("/change_password", UtilController, :change_password)
post("/delete_account", UtilController, :delete_account) post("/delete_account", UtilController, :delete_account)
end end
......
...@@ -197,8 +197,31 @@ def follow_import(%{assigns: %{user: user}} = conn, %{"list" => list}) do ...@@ -197,8 +197,31 @@ def follow_import(%{assigns: %{user: user}} = conn, %{"list" => list}) do
json(conn, "job started") json(conn, "job started")
end end
def change_password(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
{:ok, user} ->
with {:ok, _user} <-
User.reset_password(user, %{
password: params["new_password"],
password_confirmation: params["new_password_confirmation"]
}) do
json(conn, %{status: "success"})
else
{:error, changeset} ->
{_, {error, _}} = Enum.at(changeset.errors, 0)
json(conn, %{error: "New password #{error}."})
_ ->
json(conn, %{error: "Unable to change password."})
end
{:error, msg} ->
json(conn, %{error: msg})
end
end
def delete_account(%{assigns: %{user: user}} = conn, params) do def delete_account(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params) do case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
{:ok, user} -> {:ok, user} ->
Task.start(fn -> User.delete(user) end) Task.start(fn -> User.delete(user) end)
json(conn, %{status: "success"}) json(conn, %{status: "success"})
......
...@@ -8,6 +8,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do ...@@ -8,6 +8,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
alias Pleroma.Web.TwitterAPI.NotificationView alias Pleroma.Web.TwitterAPI.NotificationView
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.TwitterAPI.TwitterAPI alias Pleroma.Web.TwitterAPI.TwitterAPI
alias Comeonin.Pbkdf2
import Pleroma.Factory import Pleroma.Factory
...@@ -801,6 +802,82 @@ test "Convert newlines to <br> in bio", %{conn: conn} do ...@@ -801,6 +802,82 @@ test "Convert newlines to <br> in bio", %{conn: conn} do
assert user.bio == "Hello,<br>World! I<br> am a test." assert user.bio == "Hello,<br>World! I<br> am a test."
end end
describe "POST /api/pleroma/change_password" do
setup [:valid_user]
test "without credentials", %{conn: conn} do
conn = post(conn, "/api/pleroma/change_password")
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
end
test "with credentials and invalid password", %{conn: conn, user: current_user} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
|> post("/api/pleroma/change_password", %{
"password" => "hi",
"new_password" => "newpass",
"new_password_confirmation" => "newpass"
})
assert json_response(conn, 200) == %{"error" => "Invalid password."}
end
test "with credentials, valid password and new password and confirmation not matching", %{
conn: conn,
user: current_user
} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
|> post("/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "newpass",
"new_password_confirmation" => "notnewpass"
})
assert json_response(conn, 200) == %{
"error" => "New password does not match confirmation."
}
end
test "with credentials, valid password and invalid new password", %{
conn: conn,
user: current_user
} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
|> post("/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "",
"new_password_confirmation" => ""
})
assert json_response(conn, 200) == %{
"error" => "New password can't be blank."
}
end
test "with credentials, valid password and matching new password and confirmation", %{
conn: conn,
user: current_user
} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
|> post("/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "newpass",
"new_password_confirmation" => "newpass"
})
assert json_response(conn, 200) == %{"status" => "success"}
fetched_user = Repo.get(User, current_user.id)
assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
end
end
describe "POST /api/pleroma/delete_account" do describe "POST /api/pleroma/delete_account" do
setup [:valid_user] setup [:valid_user]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment