TwitterAPI: Make change_email require body params instead of query

2021-08-10 20:33:00 +02:00 · 2021-08-10 20:33:00 +02:00 · 197cdebca9
commit 197cdebca9
parent 09dcb2b522
3 changed files with 38 additions and 38 deletions
--- a/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex
@ -101,11 +101,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
      summary: "Change account email",
      security: [%{"oAuth" => ["write:accounts"]}],
      operationId: "UtilController.change_email",
-      parameters: [
-        Operation.parameter(:password, :query, :string, "Current password", required: true),
-        Operation.parameter(:email, :query, :string, "New email", required: true)
-      ],
-      requestBody: nil,
+      requestBody: request_body("Parameters", change_email_request(), required: true),
      responses: %{
        200 =>
          Operation.response("Success", "application/json", %Schema{
@ -118,6 +114,19 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
    }
  end

+  defp change_email_request do
+    %Schema{
+      title: "ChangeEmailRequest",
+      description: "POST body for changing the account's email",
+      type: :object,
+      required: [:email, :password],
+      properties: %{
+        email: %Schema{type: :string, description: "New email"},
+        password: %Schema{type: :string, description: "Current password"}
+      }
+    }
+  end
+
  def update_notificaton_settings_operation do
    %Operation{
      tags: ["Accounts"],
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -104,10 +104,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
    end
  end

-  def change_email(%{assigns: %{user: user}} = conn, %{password: password, email: email}) do
-    case CommonAPI.Utils.confirm_current_password(user, password) do
+  def change_email(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
+    case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
      {:ok, user} ->
-        with {:ok, _user} <- User.change_email(user, email) do
+        with {:ok, _user} <- User.change_email(user, body_params.email) do
          json(conn, %{status: "success"})
        else
          {:error, changeset} ->