From 5da4f33bf136970706ddcf19bd701288acb141cf Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Fri, 3 Dec 2021 00:02:49 -0600
Subject: Restore POST /auth/password

---
 lib/pleroma/web/router.ex                                  |  8 ++++++--
 .../web/twitter_api/controllers/password_controller.ex     | 14 ++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index efca7078a..0d27571f2 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -756,13 +756,17 @@ defmodule Pleroma.Web.Router do
     get("/web/login", MastodonAPI.AuthController, :login)
     delete("/auth/sign_out", MastodonAPI.AuthController, :logout)
 
-    post("/auth/password", MastodonAPI.AuthController, :password_reset)
-
     get("/web/*path", MastoFEController, :index)
 
     get("/embed/:id", EmbedController, :show)
   end
 
+  scope "/", Pleroma.Web do
+    pipe_through(:pleroma_html)
+
+    post("/auth/password", TwitterAPI.PasswordController, :request)
+  end
+
   scope "/proxy/", Pleroma.Web do
     get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
     get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
diff --git a/lib/pleroma/web/twitter_api/controllers/password_controller.ex b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
index bc04a4d49..133a588b0 100644
--- a/lib/pleroma/web/twitter_api/controllers/password_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
@@ -11,9 +11,23 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
 
   require Logger
 
+  import Pleroma.Web.ControllerHelper, only: [json_response: 3]
+
   alias Pleroma.PasswordResetToken
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.Web.TwitterAPI.TwitterAPI
+
+  plug(Pleroma.Web.Plugs.RateLimiter, [name: :request] when action == :request)
+
+  @doc "POST /auth/password"
+  def request(conn, params) do
+    nickname_or_email = params["email"] || params["nickname"]
+
+    TwitterAPI.password_reset(nickname_or_email)
+
+    json_response(conn, :no_content, "")
+  end
 
   def reset(conn, %{"token" => token}) do
     with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
-- 
cgit v1.2.3