projects
/
akkoma
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
09dcb2b
)
TwitterAPI: Make change_email require body params instead of query
author
Haelwenn (lanodan) Monnier
<contact@hacktivis.me>
Tue, 10 Aug 2021 18:33:00 +0000
(20:33 +0200)
committer
Haelwenn (lanodan) Monnier
<contact@hacktivis.me>
Tue, 10 Aug 2021 18:33:00 +0000
(20:33 +0200)
lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
patch
|
blob
|
history
lib/pleroma/web/twitter_api/controllers/util_controller.ex
patch
|
blob
|
history
test/pleroma/web/twitter_api/util_controller_test.exs
patch
|
blob
|
history
diff --git
a/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
b/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
index bc54f1915674e4054282687350fa8f604effe75b..879b2227ebd6401deac6cecec48742a40fd13599 100644
(file)
--- a/
lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
+++ b/
lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
@@
-101,11
+101,7
@@
defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
summary: "Change account email",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.change_email",
summary: "Change account email",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.change_email",
- parameters: [
- Operation.parameter(:password, :query, :string, "Current password", required: true),
- Operation.parameter(:email, :query, :string, "New email", required: true)
- ],
- requestBody: nil,
+ requestBody: request_body("Parameters", change_email_request(), required: true),
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
@@
-118,6
+114,19
@@
defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
}
end
}
end
+ defp change_email_request do
+ %Schema{
+ title: "ChangeEmailRequest",
+ description: "POST body for changing the account's email",
+ type: :object,
+ required: [:email, :password],
+ properties: %{
+ email: %Schema{type: :string, description: "New email"},
+ password: %Schema{type: :string, description: "Current password"}
+ }
+ }
+ end
+
def update_notificaton_settings_operation do
%Operation{
tags: ["Accounts"],
def update_notificaton_settings_operation do
%Operation{
tags: ["Accounts"],
diff --git
a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 58a7332585ccbfeaf7e6b947934307d485de21b3..ef43f76820637cb8b44da7d423dc3ae288f4f4ed 100644
(file)
--- a/
lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/
lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@
-104,10
+104,10
@@
defmodule Pleroma.Web.TwitterAPI.UtilController do
end
end
end
end
- def change_email(%{assigns: %{user: user}
} = conn, %{password: password, email: email
}) do
- case CommonAPI.Utils.confirm_current_password(user, password) do
+ def change_email(%{assigns: %{user: user}
, body_params: body_params} = conn, %{
}) do
+ case CommonAPI.Utils.confirm_current_password(user,
body_params.
password) do
{:ok, user} ->
{:ok, user} ->
- with {:ok, _user} <- User.change_email(user, email) do
+ with {:ok, _user} <- User.change_email(user,
body_params.
email) do
json(conn, %{status: "success"})
else
{:error, changeset} ->
json(conn, %{status: "success"})
else
{:error, changeset} ->
diff --git
a/test/pleroma/web/twitter_api/util_controller_test.exs
b/test/pleroma/web/twitter_api/util_controller_test.exs
index fe3d99272dce7618b5cc3c7901938daac6952526..f030483d80b1e57ed587044b6cb45b7a9dd82a69 100644
(file)
--- a/
test/pleroma/web/twitter_api/util_controller_test.exs
+++ b/
test/pleroma/web/twitter_api/util_controller_test.exs
@@
-261,11
+261,8
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn =
conn
|> assign(:token, nil)
conn =
conn
|> assign(:token, nil)
- |> post(
- "/api/pleroma/change_email?#{
- URI.encode_query(%{password: "hi", email: "test@test.com"})
- }"
- )
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
@@
-274,12
+271,9
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
test "with proper permissions and invalid password", %{conn: conn} do
conn =
test "with proper permissions and invalid password", %{conn: conn} do
conn =
- post(
- conn,
- "/api/pleroma/change_email?#{
- URI.encode_query(%{password: "hi", email: "test@test.com"})
- }"
- )
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
end
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
end
@@
-288,10
+282,9
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn: conn
} do
conn =
conn: conn
} do
conn =
- post(
- conn,
- "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: "foobar"})}"
- )
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Email has invalid format."
assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Email has invalid format."
@@
-301,7
+294,10
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
test "with proper permissions, valid password and no email", %{
conn: conn
} do
test "with proper permissions, valid password and no email", %{
conn: conn
} do
- conn = post(conn, "/api/pleroma/change_email?#{URI.encode_query(%{password: "test"})}")
+ conn =
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "test"})
assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
end
assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
end
@@
-310,10
+306,9
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn: conn
} do
conn =
conn: conn
} do
conn =
- post(
- conn,
- "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: ""})}"
- )
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "test", email: ""})
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
end
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
end
@@
-324,10
+319,9
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
user = insert(:user)
conn =
user = insert(:user)
conn =
- post(
- conn,
- "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: user.email})}"
- )
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Email has already been taken."
assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Email has already been taken."
@@
-338,12
+332,9
@@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn: conn
} do
conn =
conn: conn
} do
conn =
- post(
- conn,
- "/api/pleroma/change_email?#{
- URI.encode_query(%{password: "test", email: "cofe@foobar.com"})
- }"
- )
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
end
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
end