From 25d8216804c7742cd8549799a7785723f2a70afa Mon Sep 17 00:00:00 2001
From: Egor Kislitsyn <egor@kislitsyn.com>
Date: Fri, 13 Sep 2019 13:09:35 +0700
Subject: [PATCH] Add email change endpoint
---
CHANGELOG.md | 1 +
docs/api/pleroma_api.md | 11 +-
lib/pleroma/user.ex | 9 ++
lib/pleroma/web/router.ex | 1 +
.../controllers/util_controller.ex | 19 ++++
test/user_test.exs | 27 +++++
test/web/twitter_api/util_controller_test.exs | 107 ++++++++++++++++++
7 files changed, 174 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7f1aee0e..d5bb2e07c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -105,6 +105,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- ActivityPub: Optional signing of ActivityPub object fetches.
- Admin API: Endpoint for fetching latest user's statuses
- Pleroma API: Add `/api/v1/pleroma/accounts/confirmation_resend?email=<email>` for resending account confirmation.
+- Pleroma API: Email change endpoint.
- Relays: Added a task to list relay subscriptions.
- Mix Tasks: `mix pleroma.database fix_likes_collections`
- Federation: Remove `likes` from objects.
diff --git a/docs/api/pleroma_api.md b/docs/api/pleroma_api.md
index 7d343e97a..8a726a7cb 100644
--- a/docs/api/pleroma_api.md
+++ b/docs/api/pleroma_api.md
@@ -252,7 +252,7 @@ See [Admin-API](Admin-API.md)
* Params:
* `email`: email of that needs to be verified
* Authentication: not required
-* Response: 204 No Content
+* Response: 204 No Content
## `/api/v1/pleroma/mascot`
### Gets user mascot image
@@ -321,6 +321,15 @@ See [Admin-API](Admin-API.md)
}
```
+## `/api/pleroma/change_email`
+### Change account email
+* Method `POST`
+* Authentication: required
+* Params:
+ * `password`: user's password
+ * `email`: new email
+* Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
+
# Pleroma Conversations
Pleroma Conversations have the same general structure that Mastodon Conversations have. The behavior differs in the following ways when using these endpoints:
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 3aa245f2a..1f6a75d03 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -1624,4 +1624,13 @@ defmodule Pleroma.User do
def is_internal_user?(%User{nickname: nil}), do: true
def is_internal_user?(%User{local: true, nickname: "internal." <> _}), do: true
def is_internal_user?(_), do: false
+
+ def change_email(user, email) do
+ user
+ |> cast(%{email: email}, [:email])
+ |> validate_required([:email])
+ |> unique_constraint(:email)
+ |> validate_format(:email, @email_regex)
+ |> update_and_set_cache()
+ end
end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 7cd59acb2..b0464037e 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -224,6 +224,7 @@ defmodule Pleroma.Web.Router do
scope [] do
pipe_through(:oauth_write)
+ post("/change_email", UtilController, :change_email)
post("/change_password", UtilController, :change_password)
post("/delete_account", UtilController, :delete_account)
put("/notification_settings", UtilController, :update_notificaton_settings)
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 3405bd3b7..867787c57 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -314,6 +314,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end
end
+ def change_email(%{assigns: %{user: user}} = conn, params) do
+ case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+ {:ok, user} ->
+ with {:ok, _user} <- User.change_email(user, params["email"]) do
+ json(conn, %{status: "success"})
+ else
+ {:error, changeset} ->
+ {_, {error, _}} = Enum.at(changeset.errors, 0)
+ json(conn, %{error: "Email #{error}."})
+
+ _ ->
+ json(conn, %{error: "Unable to change email."})
+ end
+
+ {:error, msg} ->
+ json(conn, %{error: msg})
+ end
+ end
+
def delete_account(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
{:ok, user} ->
diff --git a/test/user_test.exs b/test/user_test.exs
index a25b72f4e..ed8cdbe31 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -1614,4 +1614,31 @@ defmodule Pleroma.UserTest do
assert User.user_info(other_user).following_count == 152
end
end
+
+ describe "change_email/2" do
+ setup do
+ [user: insert(:user)]
+ end
+
+ test "blank email returns error", %{user: user} do
+ assert {:error, %{errors: [email: {"can't be blank", _}]}} = User.change_email(user, "")
+ assert {:error, %{errors: [email: {"can't be blank", _}]}} = User.change_email(user, nil)
+ end
+
+ test "non unique email returns error", %{user: user} do
+ %{email: email} = insert(:user)
+
+ assert {:error, %{errors: [email: {"has already been taken", _}]}} =
+ User.change_email(user, email)
+ end
+
+ test "invalid email returns error", %{user: user} do
+ assert {:error, %{errors: [email: {"has invalid format", _}]}} =
+ User.change_email(user, "cofe")
+ end
+
+ test "changes email", %{user: user} do
+ assert {:ok, %User{email: "cofe@cofe.party"}} = User.change_email(user, "cofe@cofe.party")
+ end
+ end
end
diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs
index cf8e69d2b..a3c6145c0 100644
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@@ -662,4 +662,111 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
assert called(Pleroma.Captcha.new())
end
end
+
+ defp with_credentials(conn, username, password) do
+ header_content = "Basic " <> Base.encode64("#{username}:#{password}")
+ put_req_header(conn, "authorization", header_content)
+ end
+
+ defp valid_user(_context) do
+ user = insert(:user)
+ [user: user]
+ end
+
+ describe "POST /api/pleroma/change_email" do
+ setup [:valid_user]
+
+ test "without credentials", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/change_email")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_email", %{
+ "password" => "hi",
+ "email" => "test@test.com"
+ })
+
+ assert json_response(conn, 200) == %{"error" => "Invalid password."}
+ end
+
+ test "with credentials, valid password and invalid email", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_email", %{
+ "password" => "test",
+ "email" => "foobar"
+ })
+
+ assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
+ end
+
+ test "with credentials, valid password and no email", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_email", %{
+ "password" => "test"
+ })
+
+ assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
+ end
+
+ test "with credentials, valid password and blank email", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_email", %{
+ "password" => "test",
+ "email" => ""
+ })
+
+ assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
+ end
+
+ test "with credentials, valid password and non unique email", %{
+ conn: conn,
+ user: current_user
+ } do
+ user = insert(:user)
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_email", %{
+ "password" => "test",
+ "email" => user.email
+ })
+
+ assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
+ end
+
+ test "with credentials, valid password and valid email", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_email", %{
+ "password" => "test",
+ "email" => "cofe@foobar.com"
+ })
+
+ assert json_response(conn, 200) == %{"status" => "success"}
+ end
+ end
end
--
2.49.0