diff options
| author | Alexander Strizhakov <alex.strizhakov@gmail.com> | 2019-07-16 21:44:50 +0000 | 
|---|---|---|
| committer | kaniini <ariadne@dereferenced.org> | 2019-07-16 21:44:50 +0000 | 
| commit | 10f82c88b88fa4d26f6fa57f9cf36439012b8d0c (patch) | |
| tree | 1740bc35a064b2eb6a7e8beed0796d1ab7192a89 /lib | |
| parent | 33fbb638cd815037741be25d0e47c3d16cc96971 (diff) | |
| download | pleroma-10f82c88b88fa4d26f6fa57f9cf36439012b8d0c.tar.gz pleroma-10f82c88b88fa4d26f6fa57f9cf36439012b8d0c.zip | |
mastoapi password reset
added rate limit to password reset
configure rate limit in runtime
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 17 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api_controller.ex | 7 | 
3 files changed, 26 insertions, 0 deletions
| diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index a732a6990..aff76e2ea 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -73,6 +73,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do    plug(RateLimiter, :statuses_actions when action in @rate_limited_status_actions)    plug(RateLimiter, :app_account_creation when action == :account_register)    plug(RateLimiter, :search when action in [:search, :search2, :account_search]) +  plug(RateLimiter, :password_reset when action == :password_reset)    @local_mastodon_name "Mastodon-Local" @@ -1816,6 +1817,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do      end    end +  def password_reset(conn, params) do +    nickname_or_email = params["email"] || params["nickname"] + +    with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do +      conn +      |> put_status(:no_content) +      |> json("") +    else +      {:error, "unknown user"} -> +        put_status(conn, :not_found) + +      {:error, _} -> +        put_status(conn, :bad_request) +    end +  end +    def try_render(conn, target, params)        when is_binary(target) do      case render(conn, target, params) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 3e5142e8a..52b8dc0bf 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -691,6 +691,8 @@ defmodule Pleroma.Web.Router do      get("/web/login", MastodonAPIController, :login)      delete("/auth/sign_out", MastodonAPIController, :logout) +    post("/auth/password", MastodonAPIController, :password_reset) +      scope [] do        pipe_through(:oauth_read_or_public)        get("/web/*path", MastodonAPIController, :index) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 0313560a8..8cb703501 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -27,6 +27,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do    require Logger +  plug(Pleroma.Plugs.RateLimiter, :password_reset when action == :password_reset)    plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])    action_fallback(:errors) @@ -437,6 +438,12 @@ defmodule Pleroma.Web.TwitterAPI.Controller do      with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do        json_response(conn, :no_content, "") +    else +      {:error, "unknown user"} -> +        put_status(conn, :not_found) + +      {:error, _} -> +        put_status(conn, :bad_request)      end    end | 
