diff options
| author | feld <feld@feld.me> | 2020-09-02 17:11:24 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-09-08 13:53:47 +0300 |
| commit | 43b07c31cb88fbb87ff41a8e24303f930a657f44 (patch) | |
| tree | 6d2d127b90b75a187893bdadfdb2e7a043b21606 /lib | |
| parent | 515116e2f02c38763f551308a33f93ccd54f8186 (diff) | |
| download | pleroma-43b07c31cb88fbb87ff41a8e24303f930a657f44.tar.gz | |
Merge branch 'fix/2095-deactivated-account-reset' into 'develop'
Disallow password resets for deactivated accounts
Closes #2095
See merge request pleroma/pleroma!2935
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/mastodon_api/controllers/auth_controller.ex | 16 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api.ex | 13 |
2 files changed, 7 insertions, 22 deletions
diff --git a/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex b/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex index 753b3db3e..9f09550e1 100644 --- a/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex @@ -59,17 +59,11 @@ defmodule Pleroma.Web.MastodonAPI.AuthController do def password_reset(conn, params) do nickname_or_email = params["email"] || params["nickname"] - with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do - conn - |> put_status(:no_content) - |> json("") - else - {:error, "unknown user"} -> - send_resp(conn, :not_found, "") - - {:error, _} -> - send_resp(conn, :bad_request, "") - end + TwitterAPI.password_reset(nickname_or_email) + + conn + |> put_status(:no_content) + |> json("") end defp local_mastodon_root_path(conn) do diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 2294d9d0d..5d7948507 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -72,7 +72,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do def password_reset(nickname_or_email) do with true <- is_binary(nickname_or_email), - %User{local: true, email: email} = user when is_binary(email) <- + %User{local: true, email: email, deactivated: false} = user when is_binary(email) <- User.get_by_nickname_or_email(nickname_or_email), {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do user @@ -81,17 +81,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do {:ok, :enqueued} else - false -> - {:error, "bad user identifier"} - - %User{local: true, email: nil} -> + _ -> {:ok, :noop} - - %User{local: false} -> - {:error, "remote user"} - - nil -> - {:error, "unknown user"} end end |