Backport of: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3503stable^2
@@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). | |||
### Fixed | |||
- MastodonAPI: Stream out Create activities | |||
- MRF ObjectAgePolicy: Fix pattern matching on "published" | |||
- TwitterAPI: Make `change_password` require params on body instead of query | |||
## 2.4.0 - 2021-08-08 | |||
@@ -8,6 +8,8 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do | |||
alias Pleroma.Web.ApiSpec.Schemas.ApiError | |||
alias Pleroma.Web.ApiSpec.Schemas.BooleanLike | |||
import Pleroma.Web.ApiSpec.Helpers | |||
def open_api_operation(action) do | |||
operation = String.to_existing_atom("#{action}_operation") | |||
apply(__MODULE__, operation, []) | |||
@@ -63,17 +65,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do | |||
summary: "Change account password", | |||
security: [%{"oAuth" => ["write:accounts"]}], | |||
operationId: "UtilController.change_password", | |||
parameters: [ | |||
Operation.parameter(:password, :query, :string, "Current password", required: true), | |||
Operation.parameter(:new_password, :query, :string, "New password", required: true), | |||
Operation.parameter( | |||
:new_password_confirmation, | |||
:query, | |||
:string, | |||
"New password, confirmation", | |||
required: true | |||
) | |||
], | |||
requestBody: request_body("Parameters", change_password_request(), required: true), | |||
responses: %{ | |||
200 => | |||
Operation.response("Success", "application/json", %Schema{ | |||
@@ -86,6 +78,23 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do | |||
} | |||
end | |||
defp change_password_request do | |||
%Schema{ | |||
title: "ChangePasswordRequest", | |||
description: "POST body for changing the account's passowrd", | |||
type: :object, | |||
required: [:password, :new_password, :new_password_confirmation], | |||
properties: %{ | |||
password: %Schema{type: :string, description: "Current password"}, | |||
new_password: %Schema{type: :string, description: "New password"}, | |||
new_password_confirmation: %Schema{ | |||
type: :string, | |||
description: "New password, confirmation" | |||
} | |||
} | |||
} | |||
end | |||
def change_email_operation do | |||
%Operation{ | |||
tags: ["Account credentials"], | |||
@@ -81,17 +81,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do | |||
end | |||
end | |||
def change_password(%{assigns: %{user: user}} = conn, %{ | |||
password: password, | |||
new_password: new_password, | |||
new_password_confirmation: new_password_confirmation | |||
}) do | |||
case CommonAPI.Utils.confirm_current_password(user, password) do | |||
def change_password(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do | |||
case CommonAPI.Utils.confirm_current_password(user, body_params.password) do | |||
{:ok, user} -> | |||
with {:ok, _user} <- | |||
User.reset_password(user, %{ | |||
password: new_password, | |||
password_confirmation: new_password_confirmation | |||
password: body_params.new_password, | |||
password_confirmation: body_params.new_password_confirmation | |||
}) do | |||
json(conn, %{status: "success"}) | |||
else | |||
@@ -356,15 +356,12 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do | |||
conn = | |||
conn | |||
|> assign(:token, nil) | |||
|> post( | |||
"/api/pleroma/change_password?#{ | |||
URI.encode_query(%{ | |||
password: "hi", | |||
new_password: "newpass", | |||
new_password_confirmation: "newpass" | |||
}) | |||
}" | |||
) | |||
|> put_req_header("content-type", "multipart/form-data") | |||
|> post("/api/pleroma/change_password", %{ | |||
"password" => "hi", | |||
"new_password" => "newpass", | |||
"new_password_confirmation" => "newpass" | |||
}) | |||
assert json_response_and_validate_schema(conn, 403) == %{ | |||
"error" => "Insufficient permissions: write:accounts." | |||
@@ -373,16 +370,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do | |||
test "with proper permissions and invalid password", %{conn: conn} do | |||
conn = | |||
post( | |||
conn, | |||
"/api/pleroma/change_password?#{ | |||
URI.encode_query(%{ | |||
password: "hi", | |||
new_password: "newpass", | |||
new_password_confirmation: "newpass" | |||
}) | |||
}" | |||
) | |||
conn | |||
|> put_req_header("content-type", "multipart/form-data") | |||
|> post("/api/pleroma/change_password", %{ | |||
"password" => "hi", | |||
"new_password" => "newpass", | |||
"new_password_confirmation" => "newpass" | |||
}) | |||
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."} | |||
end | |||
@@ -392,16 +386,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do | |||
conn: conn | |||
} do | |||
conn = | |||
post( | |||
conn, | |||
"/api/pleroma/change_password?#{ | |||
URI.encode_query(%{ | |||
password: "test", | |||
new_password: "newpass", | |||
new_password_confirmation: "notnewpass" | |||
}) | |||
}" | |||
) | |||
conn | |||
|> put_req_header("content-type", "multipart/form-data") | |||
|> post("/api/pleroma/change_password", %{ | |||
"password" => "test", | |||
"new_password" => "newpass", | |||
"new_password_confirmation" => "notnewpass" | |||
}) | |||
assert json_response_and_validate_schema(conn, 200) == %{ | |||
"error" => "New password does not match confirmation." | |||
@@ -412,12 +403,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do | |||
conn: conn | |||
} do | |||
conn = | |||
post( | |||
conn, | |||
"/api/pleroma/change_password?#{ | |||
URI.encode_query(%{password: "test", new_password: "", new_password_confirmation: ""}) | |||
}" | |||
) | |||
conn | |||
|> put_req_header("content-type", "multipart/form-data") | |||
|> post("/api/pleroma/change_password", %{ | |||
password: "test", | |||
new_password: "", | |||
new_password_confirmation: "" | |||
}) | |||
assert json_response_and_validate_schema(conn, 200) == %{ | |||
"error" => "New password can't be blank." | |||
@@ -429,15 +421,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do | |||
user: user | |||
} do | |||
conn = | |||
post( | |||
conn, | |||
"/api/pleroma/change_password?#{ | |||
URI.encode_query(%{ | |||
password: "test", | |||
new_password: "newpass", | |||
new_password_confirmation: "newpass" | |||
}) | |||
}" | |||
conn | |||
|> put_req_header("content-type", "multipart/form-data") | |||
|> post( | |||
"/api/pleroma/change_password", | |||
%{ | |||
password: "test", | |||
new_password: "newpass", | |||
new_password_confirmation: "newpass" | |||
} | |||
) | |||
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"} | |||