This website works better with JavaScript.
Home
Explore
Help
Sign In
jyt94
/
closedSocialMastodon
forked from
closed-social/mastodon
Watch
1
Star
0
Fork
0
Code
Issues
0
Pull Requests
0
Projects
0
Releases
0
Wiki
Activity
Browse Source
Add `POST /api/v1/emails/confirmations` to REST API (
#15816
)
Only available to the application the user originally signed-up with
closed-social-v3
Eugen Rochko
3 years ago
committed by
GitHub
parent
287aa75f2e
commit
ee1119208c
No known key found for this signature in database
GPG Key ID:
4AEE18F83AFDEB23
3 changed files
with
27 additions
and
2 deletions
Split View
Diff Options
Show Stats
Download Patch File
Download Diff File
+17
-0
app/controllers/api/v1/emails/confirmations_controller.rb
+6
-2
config/initializers/rack_attack.rb
+4
-0
config/routes.rb
+ 17
- 0
app/controllers/api/v1/emails/confirmations_controller.rb
View File
@ -0,0 +1,17 @@
# frozen_string_literal: true
class
Api
::
V1
::
Emails
::
ConfirmationsController
<
Api
::
BaseController
before_action
:doorkeeper_authorize!
before_action
:require_user_owned_by_application!
def
create
current_user
.
resend_confirmation_instructions
if
current_user
.
unconfirmed_email
.
present?
render_empty
end
private
def
require_user_owned_by_application!
render
json
:
{
error
:
'This method is only available to the application the user originally signed-up with'
}
,
status
:
:forbidden
unless
current_user
&&
current_user
.
created_by_application_id
==
doorkeeper_token
.
application_id
end
end
+ 6
- 2
config/initializers/rack_attack.rb
View File
@ -94,11 +94,15 @@ class Rack::Attack
end
throttle
(
'throttle_email_confirmations/ip'
,
limit
:
25
,
period
:
5
.
minutes
)
do
|
req
|
req
.
remote_ip
if
req
.
post?
&&
req
.
path
==
'/auth/confirmation'
req
.
remote_ip
if
req
.
post?
&&
%w(
/auth/confirmation /api/v1/emails/confirmations
)
.
include?
(
req
.
path
)
end
throttle
(
'throttle_email_confirmations/email'
,
limit
:
5
,
period
:
30
.
minutes
)
do
|
req
|
req
.
params
.
dig
(
'user'
,
'email'
)
.
presence
if
req
.
post?
&&
req
.
path
==
'/auth/password'
if
req
.
post?
&&
req
.
path
==
'/auth/password'
req
.
params
.
dig
(
'user'
,
'email'
)
.
presence
elsif
req
.
post?
&&
req
.
path
==
'/api/v1/emails/confirmations'
req
.
authenticated_user_id
end
end
throttle
(
'throttle_login_attempts/ip'
,
limit
:
25
,
period
:
5
.
minutes
)
do
|
req
|
+ 4
- 0
config/routes.rb
View File
@ -403,6 +403,10 @@ Rails.application.routes.draw do
resources
:apps
,
only
:
[
:create
]
namespace
:emails
do
resources
:confirmations
,
only
:
[
:create
]
end
resource
:instance
,
only
:
[
:show
]
do
resources
:peers
,
only
:
[
:index
]
,
controller
:
'instances/peers'
resource
:activity
,
only
:
[
:show
]
,
controller
:
'instances/activity'
Write
Preview
Loading…
Cancel
Save