diff options
Diffstat (limited to 'internal/api/client/user')
| -rw-r--r-- | internal/api/client/user/passwordchange.go | 43 | ||||
| -rw-r--r-- | internal/api/client/user/passwordchange_test.go | 14 | ||||
| -rw-r--r-- | internal/api/client/user/user_test.go | 2 |
3 files changed, 30 insertions, 29 deletions
diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go index 15b082c1d..7676f5b85 100644 --- a/internal/api/client/user/passwordchange.go +++ b/internal/api/client/user/passwordchange.go @@ -19,12 +19,13 @@ package user import ( + "errors" "net/http" "github.com/gin-gonic/gin" - "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -54,48 +55,48 @@ import ( // responses: // '200': // description: Change successful +// '400': +// description: bad request // '401': // description: unauthorized // '403': // description: forbidden -// '400': -// description: bad request +// '406': +// description: not acceptable // '500': -// description: "internal error" +// description: internal error func (m *Module) PasswordChangePOSTHandler(c *gin.Context) { - l := logrus.WithField("func", "PasswordChangePOSTHandler") - authed, err := oauth.Authed(c, true, true, true, true) if err != nil { - l.Debugf("error authing: %s", err) - c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"}) + api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet) return } if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { - c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + api.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet) return } - // First check this user/account is active. - if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { - l.Debugf("couldn't auth: %s", err) - c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) + form := &model.PasswordChangeRequest{} + if err := c.ShouldBind(form); err != nil { + api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) return } - form := &model.PasswordChangeRequest{} - if err := c.ShouldBind(form); err != nil || form == nil || form.NewPassword == "" || form.OldPassword == "" { - if err != nil { - l.Debugf("could not parse form from request: %s", err) - } - c.JSON(http.StatusBadRequest, gin.H{"error": "missing one or more required form values"}) + if form.OldPassword == "" { + err := errors.New("password change request missing field old_password") + api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) + return + } + + if form.NewPassword == "" { + err := errors.New("password change request missing field new_password") + api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) return } if errWithCode := m.processor.UserChangePassword(c.Request.Context(), authed, form); errWithCode != nil { - l.Debugf("error changing user password: %s", errWithCode.Error()) - c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) + api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) return } diff --git a/internal/api/client/user/passwordchange_test.go b/internal/api/client/user/passwordchange_test.go index 23a234116..11df161e2 100644 --- a/internal/api/client/user/passwordchange_test.go +++ b/internal/api/client/user/passwordchange_test.go @@ -49,7 +49,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordChangePOST() { ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", user.PasswordChangePath), nil) + ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "old_password": {"password"}, @@ -83,7 +83,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordMissingOldPassword() { ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", user.PasswordChangePath), nil) + ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "new_password": {"peepeepoopoopassword"}, @@ -97,7 +97,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordMissingOldPassword() { defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) - suite.Equal(`{"error":"missing one or more required form values"}`, string(b)) + suite.Equal(`{"error":"Bad Request: password change request missing field old_password"}`, string(b)) } func (suite *PasswordChangeTestSuite) TestPasswordIncorrectOldPassword() { @@ -110,7 +110,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordIncorrectOldPassword() { ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", user.PasswordChangePath), nil) + ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "old_password": {"notright"}, @@ -125,7 +125,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordIncorrectOldPassword() { defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) - suite.Equal(`{"error":"bad request: old password did not match"}`, string(b)) + suite.Equal(`{"error":"Bad Request: old password did not match"}`, string(b)) } func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() { @@ -138,7 +138,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() { ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", user.PasswordChangePath), nil) + ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "old_password": {"password"}, @@ -153,7 +153,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() { defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) - suite.Equal(`{"error":"bad request: password is 94% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b)) + suite.Equal(`{"error":"Bad Request: password is 94% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b)) } func TestPasswordChangeTestSuite(t *testing.T) { diff --git a/internal/api/client/user/user_test.go b/internal/api/client/user/user_test.go index 6e9c46525..b158ec161 100644 --- a/internal/api/client/user/user_test.go +++ b/internal/api/client/user/user_test.go @@ -56,8 +56,8 @@ type UserStandardTestSuite struct { } func (suite *UserStandardTestSuite) SetupTest() { - testrig.InitTestLog() testrig.InitTestConfig() + testrig.InitTestLog() fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1) clientWorker := concurrency.NewWorkerPool[messages.FromClientAPI](-1, -1) suite.testTokens = testrig.NewTestTokens() |