From b096e30cffc79a4adf12be88da412a290cd0d190 Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Tue, 18 Dec 2018 17:13:52 +0300
Subject: [#114] Added email confirmation resend action. Added tests for
 registration, authentication, email confirmation, confirmation resending.
 Made admin methods create confirmed users.

---
 .../twitter_api/twitter_api_controller_test.exs    | 64 ++++++++++++++++++++++
 1 file changed, 64 insertions(+)

(limited to 'test/web/twitter_api/twitter_api_controller_test.exs')

diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index c16c0cdc0..eb154608c 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -873,6 +873,70 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
   end
 
+  describe "GET /api/account/confirm_email/:token" do
+    setup do
+      user = insert(:user)
+      info_change = User.Info.confirmation_update(user.info, :unconfirmed)
+
+      {:ok, user} =
+        user
+        |> Changeset.change()
+        |> Changeset.put_embed(:info, info_change)
+        |> Repo.update()
+
+      assert user.info.confirmation_pending
+
+      [user: user]
+    end
+
+    test "it redirects to root url", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}")
+
+      assert 302 == conn.status
+    end
+
+    test "it confirms the user account", %{conn: conn, user: user} do
+      get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}")
+
+      user = Repo.get(User, user.id)
+
+      refute user.info.confirmation_pending
+      refute user.info.confirmation_token
+    end
+  end
+
+  describe "POST /api/account/resend_confirmation_email" do
+    setup do
+      user = insert(:user)
+      info_change = User.Info.confirmation_update(user.info, :unconfirmed)
+
+      {:ok, user} =
+        user
+        |> Changeset.change()
+        |> Changeset.put_embed(:info, info_change)
+        |> Repo.update()
+
+      assert user.info.confirmation_pending
+
+      [user: user]
+    end
+
+    test "it returns 204 No Content", %{conn: conn, user: user} do
+      conn
+      |> assign(:user, user)
+      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+      |> json_response(:no_content)
+    end
+
+    test "it sends confirmation email", %{conn: conn, user: user} do
+      conn
+      |> assign(:user, user)
+      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+
+      Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
+    end
+  end
+
   describe "GET /api/externalprofile/show" do
     test "it returns the user", %{conn: conn} do
       user = insert(:user)
-- 
cgit v1.2.3


From 59fc5d15dfde0120fb10ec14631ad1115a6087a9 Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Wed, 19 Dec 2018 16:27:16 +0300
Subject: [#114] User.Info: renamed `confirmation_update` to
 `confirmation_change`.

---
 test/web/twitter_api/twitter_api_controller_test.exs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'test/web/twitter_api/twitter_api_controller_test.exs')

diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index eb154608c..a269c9757 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -876,7 +876,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   describe "GET /api/account/confirm_email/:token" do
     setup do
       user = insert(:user)
-      info_change = User.Info.confirmation_update(user.info, :unconfirmed)
+      info_change = User.Info.confirmation_change(user.info, :unconfirmed)
 
       {:ok, user} =
         user
@@ -908,7 +908,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   describe "POST /api/account/resend_confirmation_email" do
     setup do
       user = insert(:user)
-      info_change = User.Info.confirmation_update(user.info, :unconfirmed)
+      info_change = User.Info.confirmation_change(user.info, :unconfirmed)
 
       {:ok, user} =
         user
-- 
cgit v1.2.3


From 968d7490b689ba501a64f350841dc8f9b33b5244 Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Wed, 19 Dec 2018 16:27:16 +0300
Subject: [#114] User.Info: renamed `confirmation_update` to
 `confirmation_changeset`.

---
 test/web/twitter_api/twitter_api_controller_test.exs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'test/web/twitter_api/twitter_api_controller_test.exs')

diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index a269c9757..53b390793 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -876,7 +876,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   describe "GET /api/account/confirm_email/:token" do
     setup do
       user = insert(:user)
-      info_change = User.Info.confirmation_change(user.info, :unconfirmed)
+      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
 
       {:ok, user} =
         user
@@ -908,7 +908,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   describe "POST /api/account/resend_confirmation_email" do
     setup do
       user = insert(:user)
-      info_change = User.Info.confirmation_change(user.info, :unconfirmed)
+      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
 
       {:ok, user} =
         user
-- 
cgit v1.2.3


From f69cbf4755b974de0303731327180bb51ed244fc Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Thu, 20 Dec 2018 13:41:30 +0300
Subject: [#114] Added :user_id component to email confirmation path to improve
 the security. Added tests for `confirm_email` action.

---
 test/web/twitter_api/twitter_api_controller_test.exs | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'test/web/twitter_api/twitter_api_controller_test.exs')

diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 53b390793..16422c35a 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -873,7 +873,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
   end
 
-  describe "GET /api/account/confirm_email/:token" do
+  describe "GET /api/account/confirm_email/:id/:token" do
     setup do
       user = insert(:user)
       info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
@@ -890,19 +890,31 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
 
     test "it redirects to root url", %{conn: conn, user: user} do
-      conn = get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}")
+      conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
 
       assert 302 == conn.status
     end
 
     test "it confirms the user account", %{conn: conn, user: user} do
-      get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}")
+      get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
 
       user = Repo.get(User, user.id)
 
       refute user.info.confirmation_pending
       refute user.info.confirmation_token
     end
+
+    test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
+
+      assert 500 == conn.status
+    end
+
+    test "it returns 500 if token is invalid", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
+
+      assert 500 == conn.status
+    end
   end
 
   describe "POST /api/account/resend_confirmation_email" do
-- 
cgit v1.2.3


From 7cab7de9ff0432a582cfca0852a4b66fdd124c41 Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Thu, 20 Dec 2018 14:48:48 +0300
Subject: [#114] Allowed unconfirmed users to authenticate if
 :account_activation_required is disabled prior to confirmation. Ensured that
 no confirmation emails are sent if :account_activation_required is not true.
 Adjusted tests.

---
 test/web/twitter_api/twitter_api_controller_test.exs | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'test/web/twitter_api/twitter_api_controller_test.exs')

diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 16422c35a..1324bcc71 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -919,6 +919,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
 
   describe "POST /api/account/resend_confirmation_email" do
     setup do
+      setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+      unless setting do
+        Pleroma.Config.put([:instance, :account_activation_required], true)
+        on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+      end
+
       user = insert(:user)
       info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
 
-- 
cgit v1.2.3