Always lowercase the emails before trying to reset password
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
cb083ab2f8
commit
c9fffca046
|
@ -222,7 +222,7 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
||||||
|
|
||||||
# Domains should always be lower-case, so let's force that
|
# Domains should always be lower-case, so let's force that
|
||||||
@spec lowercase_domain(String.t()) :: {:ok, String.t()} | {:error, :invalid_email}
|
@spec lowercase_domain(String.t()) :: {:ok, String.t()} | {:error, :invalid_email}
|
||||||
defp lowercase_domain(email) do
|
defp lowercase_domain(email) when is_binary(email) do
|
||||||
case split_email(email) do
|
case split_email(email) do
|
||||||
[user_part, domain_part] ->
|
[user_part, domain_part] ->
|
||||||
{:ok, "#{user_part}@#{String.downcase(domain_part)}"}
|
{:ok, "#{user_part}@#{String.downcase(domain_part)}"}
|
||||||
|
@ -232,6 +232,8 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp lowercase_domain(_), do: {:error, :invalid_email}
|
||||||
|
|
||||||
@spec split_email(String.t()) :: list(String.t())
|
@spec split_email(String.t()) :: list(String.t())
|
||||||
defp split_email(email), do: String.split(email, "@", parts: 2, trim: true)
|
defp split_email(email), do: String.split(email, "@", parts: 2, trim: true)
|
||||||
|
|
||||||
|
@ -270,8 +272,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
||||||
We only do this to accounts not activated
|
We only do this to accounts not activated
|
||||||
"""
|
"""
|
||||||
def resend_confirmation_email(_parent, args, _resolution) do
|
def resend_confirmation_email(_parent, args, _resolution) do
|
||||||
with {:ok, %User{locale: locale} = user} <-
|
with {:ok, email} <- lowercase_domain(Map.get(args, :email)),
|
||||||
Users.get_user_by_email(Map.get(args, :email), activated: false, unconfirmed: false),
|
{:ok, %User{locale: locale} = user} <-
|
||||||
|
Users.get_user_by_email(email, activated: false, unconfirmed: false),
|
||||||
{:ok, email} <-
|
{:ok, email} <-
|
||||||
Email.User.resend_confirmation_email(user, Map.get(args, :locale, locale)) do
|
Email.User.resend_confirmation_email(user, Map.get(args, :locale, locale)) do
|
||||||
{:ok, email}
|
{:ok, email}
|
||||||
|
@ -279,6 +282,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
||||||
{:error, :user_not_found} ->
|
{:error, :user_not_found} ->
|
||||||
{:error, dgettext("errors", "No user to validate with this email was found")}
|
{:error, dgettext("errors", "No user to validate with this email was found")}
|
||||||
|
|
||||||
|
{:error, :invalid_email} ->
|
||||||
|
{:error, dgettext("errors", "This email doesn't seem to be valid")}
|
||||||
|
|
||||||
{:error, :email_too_soon} ->
|
{:error, :email_too_soon} ->
|
||||||
{:error, dgettext("errors", "You requested again a confirmation email too soon")}
|
{:error, dgettext("errors", "You requested again a confirmation email too soon")}
|
||||||
end
|
end
|
||||||
|
@ -288,7 +294,7 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
||||||
Send an email to reset the password from an user
|
Send an email to reset the password from an user
|
||||||
"""
|
"""
|
||||||
def send_reset_password(_parent, args, _resolution) do
|
def send_reset_password(_parent, args, _resolution) do
|
||||||
with email <- Map.get(args, :email),
|
with {:ok, email} <- lowercase_domain(Map.get(args, :email)),
|
||||||
{:ok, %User{locale: locale} = user} <-
|
{:ok, %User{locale: locale} = user} <-
|
||||||
Users.get_user_by_email(email, activated: true, unconfirmed: false),
|
Users.get_user_by_email(email, activated: true, unconfirmed: false),
|
||||||
{:can_reset_password, true} <-
|
{:can_reset_password, true} <-
|
||||||
|
@ -299,6 +305,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
||||||
{:can_reset_password, false} ->
|
{:can_reset_password, false} ->
|
||||||
{:error, dgettext("errors", "This user can't reset their password")}
|
{:error, dgettext("errors", "This user can't reset their password")}
|
||||||
|
|
||||||
|
{:error, :invalid_email} ->
|
||||||
|
{:error, dgettext("errors", "This email doesn't seem to be valid")}
|
||||||
|
|
||||||
{:error, :user_not_found} ->
|
{:error, :user_not_found} ->
|
||||||
# TODO : implement rate limits for this endpoint
|
# TODO : implement rate limits for this endpoint
|
||||||
{:error, dgettext("errors", "No user with this email was found")}
|
{:error, dgettext("errors", "No user with this email was found")}
|
||||||
|
|
|
@ -713,7 +713,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
|
||||||
mutation = """
|
mutation = """
|
||||||
mutation {
|
mutation {
|
||||||
resendConfirmationEmail(
|
resendConfirmationEmail(
|
||||||
email: "oh no"
|
email: "oh@no.com"
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
"""
|
"""
|
||||||
|
@ -741,6 +741,18 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
|
||||||
assert res["data"]["sendResetPassword"] == email
|
assert res["data"]["sendResetPassword"] == email
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "test send_reset_password/3 with an email with no account", %{conn: conn} do
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> AbsintheHelpers.graphql_query(
|
||||||
|
query: @send_reset_password_mutation,
|
||||||
|
variables: %{email: "noone@nowhere.com"}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] ==
|
||||||
|
"No user with this email was found"
|
||||||
|
end
|
||||||
|
|
||||||
test "test send_reset_password/3 with invalid email", %{conn: conn} do
|
test "test send_reset_password/3 with invalid email", %{conn: conn} do
|
||||||
res =
|
res =
|
||||||
conn
|
conn
|
||||||
|
@ -750,7 +762,7 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
|
||||||
)
|
)
|
||||||
|
|
||||||
assert hd(res["errors"])["message"] ==
|
assert hd(res["errors"])["message"] ==
|
||||||
"No user with this email was found"
|
"This email doesn't seem to be valid"
|
||||||
end
|
end
|
||||||
|
|
||||||
test "test send_reset_password/3 for an LDAP user", %{conn: conn} do
|
test "test send_reset_password/3 for an LDAP user", %{conn: conn} do
|
||||||
|
|
Loading…
Reference in a new issue