[#1985] Prevented force login on registration if account approval and/or email confirmation needed.

Refactored login code in OAuthController, reused in AccountController. Added tests.
2020-07-31 14:13:38 +03:00 · 2020-07-31 14:13:38 +03:00 · 27b0a8b155
commit 27b0a8b155
parent a1a43f39dc
4 changed files with 103 additions and 62 deletions
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@ -27,8 +27,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
  alias Pleroma.Web.MastodonAPI.MastodonAPI
  alias Pleroma.Web.MastodonAPI.MastodonAPIController
  alias Pleroma.Web.MastodonAPI.StatusView
+  alias Pleroma.Web.OAuth.OAuthController
  alias Pleroma.Web.OAuth.OAuthView
-  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.TwitterAPI.TwitterAPI

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
@ -101,10 +101,33 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
    with :ok <- validate_email_param(params),
         :ok <- TwitterAPI.validate_captcha(app, params),
         {:ok, user} <- TwitterAPI.register_user(params),
-         {:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
+         {_, {:ok, token}} <-
+           {:login, OAuthController.login(user, app, app.scopes)} do
      json(conn, OAuthView.render("token.json", %{user: user, token: token}))
    else
-      {:error, error} -> json_response(conn, :bad_request, %{error: error})
+      {:login, {:account_status, :confirmation_pending}} ->
+        json_response(conn, :ok, %{
+          message: "You have been registered. Please check your email for further instructions.",
+          identifier: "missing_confirmed_email"
+        })
+
+      {:login, {:account_status, :approval_pending}} ->
+        json_response(conn, :ok, %{
+          message:
+            "You have been registered. You'll be able to log in once your account is approved.",
+          identifier: "awaiting_approval"
+        })
+
+      {:login, _} ->
+        json_response(conn, :ok, %{
+          message:
+            "You have been registered. Some post-registration steps may be pending. " <>
+              "Please log in manually.",
+          identifier: "manual_login_required"
+        })
+
+      {:error, error} ->
+        json_response(conn, :bad_request, %{error: error})
    end
  end