Fix changing changing email and validating new email with bad token
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
faa92aebd9
commit
346d6438f8
@ -47,6 +47,7 @@ export default class Validate extends Vue {
|
|||||||
this.loading = false;
|
this.loading = false;
|
||||||
await this.$router.push({ name: RouteName.HOME });
|
await this.$router.push({ name: RouteName.HOME });
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
|
this.loading = false;
|
||||||
console.error(err);
|
console.error(err);
|
||||||
this.failed = true;
|
this.failed = true;
|
||||||
}
|
}
|
||||||
|
@ -389,7 +389,7 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
|||||||
end
|
end
|
||||||
|
|
||||||
def validate_email(_parent, %{token: token}, _resolution) do
|
def validate_email(_parent, %{token: token}, _resolution) do
|
||||||
with %User{} = user <- Users.get_user_by_activation_token(token),
|
with {:get, %User{} = user} <- {:get, Users.get_user_by_activation_token(token)},
|
||||||
{:ok, %User{} = user} <-
|
{:ok, %User{} = user} <-
|
||||||
user
|
user
|
||||||
|> User.changeset(%{
|
|> User.changeset(%{
|
||||||
@ -400,6 +400,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
|
|||||||
})
|
})
|
||||||
|> Repo.update() do
|
|> Repo.update() do
|
||||||
{:ok, user}
|
{:ok, user}
|
||||||
|
else
|
||||||
|
{:get, nil} ->
|
||||||
|
{:error, dgettext("errors", "Invalid activation token")}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1113,6 +1113,59 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
|
|||||||
assert user.unconfirmed_email == nil
|
assert user.unconfirmed_email == nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "change_email/3 with valid email but invalid token", %{conn: conn} do
|
||||||
|
{:ok, %User{} = user} = Users.register(%{email: @old_email, password: @password})
|
||||||
|
|
||||||
|
# Hammer time !
|
||||||
|
{:ok, %User{} = _user} =
|
||||||
|
Users.update_user(user, %{
|
||||||
|
confirmed_at: Timex.shift(user.confirmation_sent_at, hours: -3),
|
||||||
|
confirmation_sent_at: nil,
|
||||||
|
confirmation_token: nil
|
||||||
|
})
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> AbsintheHelpers.graphql_query(
|
||||||
|
query: @login_mutation,
|
||||||
|
variables: %{email: @old_email, password: @password}
|
||||||
|
)
|
||||||
|
|
||||||
|
login = res["data"]["login"]
|
||||||
|
assert Map.has_key?(login, "accessToken") && not is_nil(login["accessToken"])
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> auth_conn(user)
|
||||||
|
|> AbsintheHelpers.graphql_query(
|
||||||
|
query: @change_email_mutation,
|
||||||
|
variables: %{email: @new_email, password: @password}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert res["errors"] == nil
|
||||||
|
assert res["data"]["changeEmail"]["id"] == to_string(user.id)
|
||||||
|
|
||||||
|
user = Users.get_user!(user.id)
|
||||||
|
assert user.email == @old_email
|
||||||
|
assert user.unconfirmed_email == @new_email
|
||||||
|
|
||||||
|
assert_delivered_email(Email.User.send_email_reset_old_email(user))
|
||||||
|
assert_delivered_email(Email.User.send_email_reset_new_email(user))
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> AbsintheHelpers.graphql_query(
|
||||||
|
query: @validate_email_mutation,
|
||||||
|
variables: %{token: "some token"}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert hd(res["errors"])["message"] == "Invalid activation token"
|
||||||
|
|
||||||
|
user = Users.get_user!(user.id)
|
||||||
|
assert user.email == @old_email
|
||||||
|
assert user.unconfirmed_email == @new_email
|
||||||
|
end
|
||||||
|
|
||||||
test "change_email/3 with invalid password", %{conn: conn} do
|
test "change_email/3 with invalid password", %{conn: conn} do
|
||||||
{:ok, %User{} = user} = Users.register(%{email: @old_email, password: @password})
|
{:ok, %User{} = user} = Users.register(%{email: @old_email, password: @password})
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user