TwitterAPI: Make change_password require body params instead of query

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/2740
2021-08-10 19:42:03 +02:00 · 2021-08-10 19:42:03 +02:00 · 09dcb2b522
commit 09dcb2b522
parent c45b3bde94
3 changed files with 60 additions and 63 deletions
--- a/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
@ -8,6 +8,8 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
  alias Pleroma.Web.ApiSpec.Schemas.ApiError
  alias Pleroma.Web.ApiSpec.Schemas.BooleanLike

+  import Pleroma.Web.ApiSpec.Helpers
+
  def open_api_operation(action) do
    operation = String.to_existing_atom("#{action}_operation")
    apply(__MODULE__, operation, [])
@ -63,17 +65,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
      summary: "Change account password",
      security: [%{"oAuth" => ["write:accounts"]}],
      operationId: "UtilController.change_password",
-      parameters: [
-        Operation.parameter(:password, :query, :string, "Current password", required: true),
-        Operation.parameter(:new_password, :query, :string, "New password", required: true),
-        Operation.parameter(
-          :new_password_confirmation,
-          :query,
-          :string,
-          "New password, confirmation",
-          required: true
-        )
-      ],
+      requestBody: request_body("Parameters", change_password_request(), required: true),
      responses: %{
        200 =>
          Operation.response("Success", "application/json", %Schema{
@ -86,6 +78,23 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
    }
  end

+  defp change_password_request do
+    %Schema{
+      title: "ChangePasswordRequest",
+      description: "POST body for changing the account's passowrd",
+      type: :object,
+      required: [:password, :new_password, :new_password_confirmation],
+      properties: %{
+        password: %Schema{type: :string, description: "Current password"},
+        new_password: %Schema{type: :string, description: "New password"},
+        new_password_confirmation: %Schema{
+          type: :string,
+          description: "New password, confirmation"
+        }
+      }
+    }
+  end
+
  def change_email_operation do
    %Operation{
      tags: ["Account credentials"],
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -81,17 +81,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
    end
  end

-  def change_password(%{assigns: %{user: user}} = conn, %{
-        password: password,
-        new_password: new_password,
-        new_password_confirmation: new_password_confirmation
-      }) do
-    case CommonAPI.Utils.confirm_current_password(user, password) do
+  def change_password(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
+    case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
      {:ok, user} ->
        with {:ok, _user} <-
               User.reset_password(user, %{
-                 password: new_password,
-                 password_confirmation: new_password_confirmation
+                 password: body_params.new_password,
+                 password_confirmation: body_params.new_password_confirmation
               }) do
          json(conn, %{status: "success"})
        else