From 43b07c31cb88fbb87ff41a8e24303f930a657f44 Mon Sep 17 00:00:00 2001
From: feld <feld@feld.me>
Date: Wed, 2 Sep 2020 17:11:24 +0000
Subject: Merge branch 'fix/2095-deactivated-account-reset' into 'develop'

Disallow password resets for deactivated accounts

Closes #2095

See merge request pleroma/pleroma!2935
---
 .../controllers/auth_controller_test.exs           | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'test/web/mastodon_api/controllers/auth_controller_test.exs')

diff --git a/test/web/mastodon_api/controllers/auth_controller_test.exs b/test/web/mastodon_api/controllers/auth_controller_test.exs
index a485f8e41..4fa95fce1 100644
--- a/test/web/mastodon_api/controllers/auth_controller_test.exs
+++ b/test/web/mastodon_api/controllers/auth_controller_test.exs
@@ -122,17 +122,27 @@ defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
       {:ok, user: user}
     end
 
-    test "it returns 404 when user is not found", %{conn: conn, user: user} do
+    test "it returns 204 when user is not found", %{conn: conn, user: user} do
       conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
-      assert conn.status == 404
-      assert conn.resp_body == ""
+
+      assert conn
+             |> json_response(:no_content)
     end
 
-    test "it returns 400 when user is not local", %{conn: conn, user: user} do
+    test "it returns 204 when user is not local", %{conn: conn, user: user} do
       {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
       conn = post(conn, "/auth/password?email=#{user.email}")
-      assert conn.status == 400
-      assert conn.resp_body == ""
+
+      assert conn
+             |> json_response(:no_content)
+    end
+
+    test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
+      {:ok, user} = Repo.update(Ecto.Changeset.change(user, deactivated: true, local: true))
+      conn = post(conn, "/auth/password?email=#{user.email}")
+
+      assert conn
+             |> json_response(:no_content)
     end
   end
 
-- 
cgit v1.2.3


From bf181ca96850f3e5baaf8f3dcd6e11b926fcdeeb Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Mon, 21 Sep 2020 16:03:22 -0500
Subject: Fix MastoAPI.AuthControllerTest, json_response(:no_content) -->
 empty_json_response()

---
 .../web/mastodon_api/controllers/auth_controller_test.exs | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

(limited to 'test/web/mastodon_api/controllers/auth_controller_test.exs')

diff --git a/test/web/mastodon_api/controllers/auth_controller_test.exs b/test/web/mastodon_api/controllers/auth_controller_test.exs
index 4fa95fce1..bf2438fe2 100644
--- a/test/web/mastodon_api/controllers/auth_controller_test.exs
+++ b/test/web/mastodon_api/controllers/auth_controller_test.exs
@@ -61,7 +61,7 @@ defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
     end
 
     test "it returns 204", %{conn: conn} do
-      assert json_response(conn, :no_content)
+      assert empty_json_response(conn)
     end
 
     test "it creates a PasswordResetToken record for user", %{user: user} do
@@ -91,7 +91,7 @@ defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
 
       assert conn
              |> post("/auth/password?nickname=#{user.nickname}")
-             |> json_response(:no_content)
+             |> empty_json_response()
 
       ObanHelpers.perform_all()
       token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
@@ -112,7 +112,7 @@ defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
 
       assert conn
              |> post("/auth/password?nickname=#{user.nickname}")
-             |> json_response(:no_content)
+             |> empty_json_response()
     end
   end
 
@@ -125,24 +125,21 @@ defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
     test "it returns 204 when user is not found", %{conn: conn, user: user} do
       conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
 
-      assert conn
-             |> json_response(:no_content)
+      assert empty_json_response(conn)
     end
 
     test "it returns 204 when user is not local", %{conn: conn, user: user} do
       {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
       conn = post(conn, "/auth/password?email=#{user.email}")
 
-      assert conn
-             |> json_response(:no_content)
+      assert empty_json_response(conn)
     end
 
     test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
       {:ok, user} = Repo.update(Ecto.Changeset.change(user, deactivated: true, local: true))
       conn = post(conn, "/auth/password?email=#{user.email}")
 
-      assert conn
-             |> json_response(:no_content)
+      assert empty_json_response(conn)
     end
   end
 
-- 
cgit v1.2.3