mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-22 22:15:23 +01:00
Add POST /api/v1/emails/confirmations
to REST API (#15816)
Only available to the application the user originally signed-up with
This commit is contained in:
parent
287aa75f2e
commit
ee1119208c
3 changed files with 27 additions and 2 deletions
17
app/controllers/api/v1/emails/confirmations_controller.rb
Normal file
17
app/controllers/api/v1/emails/confirmations_controller.rb
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
class Api::V1::Emails::ConfirmationsController < Api::BaseController
|
||||||
|
before_action :doorkeeper_authorize!
|
||||||
|
before_action :require_user_owned_by_application!
|
||||||
|
|
||||||
|
def create
|
||||||
|
current_user.resend_confirmation_instructions if current_user.unconfirmed_email.present?
|
||||||
|
render_empty
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def require_user_owned_by_application!
|
||||||
|
render json: { error: 'This method is only available to the application the user originally signed-up with' }, status: :forbidden unless current_user && current_user.created_by_application_id == doorkeeper_token.application_id
|
||||||
|
end
|
||||||
|
end
|
|
@ -94,11 +94,15 @@ class Rack::Attack
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_email_confirmations/ip', limit: 25, period: 5.minutes) do |req|
|
throttle('throttle_email_confirmations/ip', limit: 25, period: 5.minutes) do |req|
|
||||||
req.remote_ip if req.post? && req.path == '/auth/confirmation'
|
req.remote_ip if req.post? && %w(/auth/confirmation /api/v1/emails/confirmations).include?(req.path)
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_email_confirmations/email', limit: 5, period: 30.minutes) do |req|
|
throttle('throttle_email_confirmations/email', limit: 5, period: 30.minutes) do |req|
|
||||||
req.params.dig('user', 'email').presence if req.post? && req.path == '/auth/password'
|
if req.post? && req.path == '/auth/password'
|
||||||
|
req.params.dig('user', 'email').presence
|
||||||
|
elsif req.post? && req.path == '/api/v1/emails/confirmations'
|
||||||
|
req.authenticated_user_id
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_login_attempts/ip', limit: 25, period: 5.minutes) do |req|
|
throttle('throttle_login_attempts/ip', limit: 25, period: 5.minutes) do |req|
|
||||||
|
|
|
@ -403,6 +403,10 @@ Rails.application.routes.draw do
|
||||||
|
|
||||||
resources :apps, only: [:create]
|
resources :apps, only: [:create]
|
||||||
|
|
||||||
|
namespace :emails do
|
||||||
|
resources :confirmations, only: [:create]
|
||||||
|
end
|
||||||
|
|
||||||
resource :instance, only: [:show] do
|
resource :instance, only: [:show] do
|
||||||
resources :peers, only: [:index], controller: 'instances/peers'
|
resources :peers, only: [:index], controller: 'instances/peers'
|
||||||
resource :activity, only: [:show], controller: 'instances/activity'
|
resource :activity, only: [:show], controller: 'instances/activity'
|
||||||
|
|
Loading…
Reference in a new issue