Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Pleroma
pleroma
Commits
0e2aebd0
Verified
Commit
0e2aebd0
authored
Aug 10, 2021
by
Haelwenn
Browse files
TwitterAPI: Make change_email require body params instead of query
Backport of:
!3503
parent
3961422f
Changes
4
Show whitespace changes
Inline
Side-by-side
CHANGELOG.md
View file @
0e2aebd0
...
...
@@ -19,7 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Fixed
-
MastodonAPI: Stream out Create activities
-
MRF ObjectAgePolicy: Fix pattern matching on "published"
-
TwitterAPI: Make
`change_password`
require params on body instead of query
-
TwitterAPI: Make
`change_password`
and
`change_email`
require params on body instead of query
## 2.4.0 - 2021-08-08
...
...
lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
View file @
0e2aebd0
...
...
@@ -101,11 +101,7 @@ def change_email_operation do
summary:
"Change account email"
,
security:
[%{
"oAuth"
=>
[
"write:accounts"
]}],
operationId:
"UtilController.change_email"
,
parameters:
[
Operation
.
parameter
(
:password
,
:query
,
:string
,
"Current password"
,
required:
true
),
Operation
.
parameter
(
:email
,
:query
,
:string
,
"New email"
,
required:
true
)
],
requestBody:
nil
,
requestBody:
request_body
(
"Parameters"
,
change_email_request
(),
required:
true
),
responses:
%{
200
=>
Operation
.
response
(
"Success"
,
"application/json"
,
%
Schema
{
...
...
@@ -118,6 +114,19 @@ def change_email_operation do
}
end
defp
change_email_request
do
%
Schema
{
title:
"ChangeEmailRequest"
,
description:
"POST body for changing the account's email"
,
type:
:object
,
required:
[
:email
,
:password
],
properties:
%{
email:
%
Schema
{
type:
:string
,
description:
"New email"
},
password:
%
Schema
{
type:
:string
,
description:
"Current password"
}
}
}
end
def
update_notificaton_settings_operation
do
%
Operation
{
tags:
[
"Accounts"
],
...
...
lib/pleroma/web/twitter_api/controllers/util_controller.ex
View file @
0e2aebd0
...
...
@@ -104,10 +104,10 @@ def change_password(%{assigns: %{user: user}, body_params: body_params} = conn,
end
end
def
change_email
(%{
assigns:
%{
user:
user
}
}
=
conn
,
%{
password:
password
,
email:
email
})
do
case
CommonAPI
.
Utils
.
confirm_current_password
(
user
,
password
)
do
def
change_email
(%{
assigns:
%{
user:
user
}
,
body_params:
body_params
}
=
conn
,
%{
})
do
case
CommonAPI
.
Utils
.
confirm_current_password
(
user
,
body_params
.
password
)
do
{
:ok
,
user
}
->
with
{
:ok
,
_user
}
<-
User
.
change_email
(
user
,
email
)
do
with
{
:ok
,
_user
}
<-
User
.
change_email
(
user
,
body_params
.
email
)
do
json
(
conn
,
%{
status:
"success"
})
else
{
:error
,
changeset
}
->
...
...
test/pleroma/web/twitter_api/util_controller_test.exs
View file @
0e2aebd0
...
...
@@ -261,11 +261,8 @@ test "without permissions", %{conn: conn} do
conn
=
conn
|>
assign
(
:token
,
nil
)
|>
post
(
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"hi"
,
email:
"test@test.com"
}
)
}"
)
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"hi"
,
email:
"test@test.com"
})
assert
json_response_and_validate_schema
(
conn
,
403
)
==
%{
"error"
=>
"Insufficient permissions: write:accounts."
...
...
@@ -274,12 +271,9 @@ test "without permissions", %{conn: conn} do
test
"with proper permissions and invalid password"
,
%{
conn:
conn
}
do
conn
=
post
(
conn
,
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"hi"
,
email:
"test@test.com"
}
)
}"
)
conn
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"hi"
,
email:
"test@test.com"
})
assert
json_response_and_validate_schema
(
conn
,
200
)
==
%{
"error"
=>
"Invalid password."
}
end
...
...
@@ -288,10 +282,9 @@ test "with proper permissions, valid password and invalid email", %{
conn:
conn
}
do
conn
=
post
(
conn
,
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"test"
,
email:
"foobar"
}
)}"
)
conn
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"test"
,
email:
"foobar"
})
assert
json_response_and_validate_schema
(
conn
,
200
)
==
%{
"error"
=>
"Email has invalid format."
...
...
@@ -301,7 +294,10 @@ test "with proper permissions, valid password and invalid email", %{
test
"with proper permissions, valid password and no email"
,
%{
conn:
conn
}
do
conn
=
post
(
conn
,
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"test"
}
)}"
)
conn
=
conn
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"test"
})
assert
%{
"error"
=>
"Missing field: email."
}
=
json_response_and_validate_schema
(
conn
,
400
)
end
...
...
@@ -310,10 +306,9 @@ test "with proper permissions, valid password and blank email", %{
conn:
conn
}
do
conn
=
post
(
conn
,
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"test"
,
email:
""
}
)}"
)
conn
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"test"
,
email:
""
})
assert
json_response_and_validate_schema
(
conn
,
200
)
==
%{
"error"
=>
"Email can't be blank."
}
end
...
...
@@ -324,10 +319,9 @@ test "with proper permissions, valid password and non unique email", %{
user
=
insert
(
:user
)
conn
=
post
(
conn
,
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"test"
,
email:
user
.
email
}
)}"
)
conn
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"test"
,
email:
user
.
email
})
assert
json_response_and_validate_schema
(
conn
,
200
)
==
%{
"error"
=>
"Email has already been taken."
...
...
@@ -338,12 +332,9 @@ test "with proper permissions, valid password and valid email", %{
conn:
conn
}
do
conn
=
post
(
conn
,
"/api/pleroma/change_email?
#{
URI
.
encode_query
(%{
password:
"test"
,
email:
"cofe@foobar.com"
}
)
}"
)
conn
|>
put_req_header
(
"content-type"
,
"multipart/form-data"
)
|>
post
(
"/api/pleroma/change_email"
,
%{
password:
"test"
,
email:
"cofe@foobar.com"
})
assert
json_response_and_validate_schema
(
conn
,
200
)
==
%{
"status"
=>
"success"
}
end
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment