From f5afb11032913fe523bd688954b4923f357c7802 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 11 Dec 2018 20:17:49 +0300 Subject: [PATCH] [#114] Initial implementation of user password reset emails (user-initiated). --- lib/pleroma/emails/user_email.ex | 37 ++++++++++++++++++++++ lib/pleroma/web/router.ex | 2 +- .../web/twitter_api/twitter_api_controller.ex | 19 +++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 lib/pleroma/emails/user_email.ex diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex new file mode 100644 index 000000000..46d8b9c2d --- /dev/null +++ b/lib/pleroma/emails/user_email.ex @@ -0,0 +1,37 @@ +defmodule Pleroma.UserEmail do + @moduledoc "User emails" + + import Swoosh.Email + + alias Pleroma.Web.{Endpoint, Router} + + defp instance_config, do: Pleroma.Config.get(:instance) + + defp instance_name, do: instance_config()[:name] + + defp from do + {instance_name(), instance_config()[:email]} + end + + def password_reset_email(user, password_reset_token) when is_binary(password_reset_token) do + password_reset_url = + Router.Helpers.util_url( + Endpoint, + :show_password_reset, + password_reset_token + ) + + html_body = """ +

Reset your password at #{instance_name()}

+

Someone has requested password change for your account at #{instance_name()}.

+

If it was you, visit the following link to proceed: reset password.

+

If it was someone else, nothing to worry about: your data is secure and your password has not been changed.

+ """ + + new() + |> to({user.name, user.email}) + |> from(from()) + |> subject("Password reset") + |> html_body(html_body) + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 19b8750fc..6253a28db 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -277,7 +277,7 @@ defmodule Pleroma.Web.Router do get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation) post("/account/register", TwitterAPI.Controller, :register) - post("/account/reset_password", TwitterAPI.Controller, :reset_password) + post("/account/password_reset", TwitterAPI.Controller, :password_reset) get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 786849aa3..8837db566 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -1,5 +1,9 @@ defmodule Pleroma.Web.TwitterAPI.Controller do use Pleroma.Web, :controller + + import Pleroma.Web.ControllerHelper, only: [json_response: 3] + + alias Pleroma.Formatter alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView, NotificationView} alias Pleroma.Web.CommonAPI alias Pleroma.{Repo, Activity, Object, User, Notification} @@ -322,6 +326,21 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end + def password_reset(conn, params) do + nickname_or_email = params["email"] || params["nickname"] + + with is_binary(nickname_or_email), + %User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email) do + {:ok, token_record} = Pleroma.PasswordResetToken.create_token(user) + + user + |> Pleroma.UserEmail.password_reset_email(token_record.token) + |> Pleroma.Mailer.deliver() + + json_response(conn, :no_content, "") + end + end + def update_avatar(%{assigns: %{user: user}} = conn, params) do {:ok, object} = ActivityPub.upload(params, type: :avatar) change = Changeset.change(user, %{avatar: object.data})