Merge branch '114_user_registration_emails' into 'develop'

[#114] User registration emails

Closes #114

See merge request pleroma/pleroma!531

lib/pleroma/emails/mailer.ex

@@ -0,0 +1,3 @@
+defmodule Pleroma.Mailer do
+  use Swoosh.Mailer, otp_app: :pleroma
+end

lib/pleroma/emails/user_email.ex

@@ -0,0 +1,40 @@
+defmodule Pleroma.UserEmail do
+  @moduledoc "User emails"
+
+  import Swoosh.Email
+
+  alias Pleroma.Web.{Endpoint, Router}
+
+  defp instance_config, do: Pleroma.Config.get(:instance)
+
+  defp instance_name, do: instance_config()[:name]
+
+  defp sender do
+    {instance_name(), instance_config()[:email]}
+  end
+
+  defp recipient(email, nil), do: email
+  defp recipient(email, name), do: {name, email}
+
+  def password_reset_email(user, password_reset_token) when is_binary(password_reset_token) do
+    password_reset_url =
+      Router.Helpers.util_url(
+        Endpoint,
+        :show_password_reset,
+        password_reset_token
+      )
+
+    html_body = """
+    <h3>Reset your password at #{instance_name()}</h3>
+    <p>Someone has requested password change for your account at #{instance_name()}.</p>
+    <p>If it was you, visit the following link to proceed: <a href="#{password_reset_url}">reset password</a>.</p>
+    <p>If it was someone else, nothing to worry about: your data is secure and your password has not been changed.</p>
+    """
+
+    new()
+    |> to(recipient(user.email, user.name))
+    |> from(sender())
+    |> subject("Password reset")
+    |> html_body(html_body)
+  end
+end

lib/pleroma/web/router.ex

@@ -85,6 +85,15 @@ defmodule Pleroma.Web.Router do
     plug(:accepts, ["html", "json"])
   end
 
+  pipeline :mailbox_preview do
+    plug(:accepts, ["html"])
+
+    plug(:put_secure_browser_headers, %{
+      "content-security-policy" =>
+        "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'"
+    })
+  end
+
   scope "/api/pleroma", Pleroma.Web.TwitterAPI do
     pipe_through(:pleroma_api)
     get("/password_reset/:token", UtilController, :show_password_reset)
@@ -268,6 +277,7 @@ defmodule Pleroma.Web.Router do
     get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation)
 
     post("/account/register", TwitterAPI.Controller, :register)
+    post("/account/password_reset", TwitterAPI.Controller, :password_reset)
 
     get("/search", TwitterAPI.Controller, :search)
     get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
@@ -424,6 +434,14 @@ defmodule Pleroma.Web.Router do
     get("/:sig/:url/:filename", MediaProxyController, :remote)
   end
 
+  if Mix.env() == :dev do
+    scope "/dev" do
+      pipe_through([:mailbox_preview])
+
+      forward("/mailbox", Plug.Swoosh.MailboxPreview, base_path: "/dev/mailbox")
+    end
+  end
+
   scope "/", Fallback do
     get("/registration/:token", RedirectController, :registration_page)
     get("/*path", RedirectController, :redirector)

lib/pleroma/web/templates/twitter_api/util/password_reset_failed.html.eex

@@ -1 +1,2 @@
 <h2>Password reset failed</h2>
+<h3><a href="<%= Pleroma.Web.base_url() %>">Homepage</a></h3>

lib/pleroma/web/templates/twitter_api/util/password_reset_success.html.eex

@@ -1 +1,2 @@
 <h2>Password changed!</h2>
+<h3><a href="<%= Pleroma.Web.base_url() %>">Homepage</a></h3>

lib/pleroma/web/twitter_api/twitter_api.ex

@@ -167,6 +167,25 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
     end
   end
 
+  def password_reset(nickname_or_email) do
+    with true <- is_binary(nickname_or_email),
+         %User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email),
+         {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
+      user
+      |> Pleroma.UserEmail.password_reset_email(token_record.token)
+      |> Pleroma.Mailer.deliver()
+    else
+      false ->
+        {:error, "bad user identifier"}
+
+      %User{local: false} ->
+        {:error, "remote user"}
+
+      nil ->
+        {:error, "unknown user"}
+    end
+  end
+
   def get_by_id_or_nickname(id_or_nickname) do
     if !is_integer(id_or_nickname) && :error == Integer.parse(id_or_nickname) do
       Repo.get_by(User, nickname: id_or_nickname)

lib/pleroma/web/twitter_api/twitter_api_controller.ex

@@ -1,5 +1,8 @@
 defmodule Pleroma.Web.TwitterAPI.Controller do
   use Pleroma.Web, :controller
+
+  import Pleroma.Web.ControllerHelper, only: [json_response: 3]
+
   alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView, NotificationView}
   alias Pleroma.Web.CommonAPI
   alias Pleroma.{Repo, Activity, Object, User, Notification}
@@ -322,6 +325,14 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
     end
   end
 
+  def password_reset(conn, params) do
+    nickname_or_email = params["email"] || params["nickname"]
+
+    with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do
+      json_response(conn, :no_content, "")
+    end
+  end
+
   def update_avatar(%{assigns: %{user: user}} = conn, params) do
     {:ok, object} = ActivityPub.upload(params, type: :avatar)
     change = Changeset.change(user, %{avatar: object.data})