aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/twitter_api/controllers/password_controller.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/twitter_api/controllers/password_controller.ex')
-rw-r--r--lib/pleroma/web/twitter_api/controllers/password_controller.ex17
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/pleroma/web/twitter_api/controllers/password_controller.ex b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
index 800ab8954..133a588b0 100644
--- a/lib/pleroma/web/twitter_api/controllers/password_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.TwitterAPI.PasswordController do
@@ -11,12 +11,27 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
require Logger
+ import Pleroma.Web.ControllerHelper, only: [json_response: 3]
+
alias Pleroma.PasswordResetToken
alias Pleroma.Repo
alias Pleroma.User
+ alias Pleroma.Web.TwitterAPI.TwitterAPI
+
+ plug(Pleroma.Web.Plugs.RateLimiter, [name: :request] when action == :request)
+
+ @doc "POST /auth/password"
+ def request(conn, params) do
+ nickname_or_email = params["email"] || params["nickname"]
+
+ TwitterAPI.password_reset(nickname_or_email)
+
+ json_response(conn, :no_content, "")
+ end
def reset(conn, %{"token" => token}) do
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
+ false <- PasswordResetToken.expired?(token),
%User{} = user <- User.get_cached_by_id(token.user_id) do
render(conn, "reset.html", %{
token: token,
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-25 01:51:46 +0000