Fix changing changing email and validating new email with bad token

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-03-23 16:38:37 +01:00
parent faa92aebd9
commit 346d6438f8
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
3 changed files with 58 additions and 1 deletions

View File

@ -47,6 +47,7 @@ export default class Validate extends Vue {
this.loading = false; this.loading = false;
await this.$router.push({ name: RouteName.HOME }); await this.$router.push({ name: RouteName.HOME });
} catch (err) { } catch (err) {
this.loading = false;
console.error(err); console.error(err);
this.failed = true; this.failed = true;
} }

View File

@ -389,7 +389,7 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
end end
def validate_email(_parent, %{token: token}, _resolution) do def validate_email(_parent, %{token: token}, _resolution) do
with %User{} = user <- Users.get_user_by_activation_token(token), with {:get, %User{} = user} <- {:get, Users.get_user_by_activation_token(token)},
{:ok, %User{} = user} <- {:ok, %User{} = user} <-
user user
|> User.changeset(%{ |> User.changeset(%{
@ -400,6 +400,9 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
}) })
|> Repo.update() do |> Repo.update() do
{:ok, user} {:ok, user}
else
{:get, nil} ->
{:error, dgettext("errors", "Invalid activation token")}
end end
end end

View File

@ -1113,6 +1113,59 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
assert user.unconfirmed_email == nil assert user.unconfirmed_email == nil
end end
test "change_email/3 with valid email but invalid token", %{conn: conn} do
{:ok, %User{} = user} = Users.register(%{email: @old_email, password: @password})
# Hammer time !
{:ok, %User{} = _user} =
Users.update_user(user, %{
confirmed_at: Timex.shift(user.confirmation_sent_at, hours: -3),
confirmation_sent_at: nil,
confirmation_token: nil
})
res =
conn
|> AbsintheHelpers.graphql_query(
query: @login_mutation,
variables: %{email: @old_email, password: @password}
)
login = res["data"]["login"]
assert Map.has_key?(login, "accessToken") && not is_nil(login["accessToken"])
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @change_email_mutation,
variables: %{email: @new_email, password: @password}
)
assert res["errors"] == nil
assert res["data"]["changeEmail"]["id"] == to_string(user.id)
user = Users.get_user!(user.id)
assert user.email == @old_email
assert user.unconfirmed_email == @new_email
assert_delivered_email(Email.User.send_email_reset_old_email(user))
assert_delivered_email(Email.User.send_email_reset_new_email(user))
res =
conn
|> AbsintheHelpers.graphql_query(
query: @validate_email_mutation,
variables: %{token: "some token"}
)
assert hd(res["errors"])["message"] == "Invalid activation token"
user = Users.get_user!(user.id)
assert user.email == @old_email
assert user.unconfirmed_email == @new_email
end
test "change_email/3 with invalid password", %{conn: conn} do test "change_email/3 with invalid password", %{conn: conn} do
{:ok, %User{} = user} = Users.register(%{email: @old_email, password: @password}) {:ok, %User{} = user} = Users.register(%{email: @old_email, password: @password})