Add REST API for creating an account (#9572)
* Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
This commit is contained in:
Eugen Rochko
GitHub
parent
acf9358c52
commit
5d2fc6de32
18 changed files with 171 additions and 20 deletions
|
|
@ -106,19 +106,19 @@ RSpec.describe User, type: :model do
|
|||
end
|
||||
|
||||
it 'should allow a non-blacklisted user to be created' do
|
||||
user = User.new(email: 'foo@example.com', account: account, password: password)
|
||||
user = User.new(email: 'foo@example.com', account: account, password: password, agreement: true)
|
||||
|
||||
expect(user.valid?).to be_truthy
|
||||
end
|
||||
|
||||
it 'should not allow a blacklisted user to be created' do
|
||||
user = User.new(email: 'foo@mvrht.com', account: account, password: password)
|
||||
user = User.new(email: 'foo@mvrht.com', account: account, password: password, agreement: true)
|
||||
|
||||
expect(user.valid?).to be_falsey
|
||||
end
|
||||
|
||||
it 'should not allow a subdomain blacklisted user to be created' do
|
||||
user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password)
|
||||
user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password, agreement: true)
|
||||
|
||||
expect(user.valid?).to be_falsey
|
||||
end
|
||||
|
|
@ -210,17 +210,17 @@ RSpec.describe User, type: :model do
|
|||
end
|
||||
|
||||
it 'should not allow a user to be created unless they are whitelisted' do
|
||||
user = User.new(email: 'foo@example.com', account: account, password: password)
|
||||
user = User.new(email: 'foo@example.com', account: account, password: password, agreement: true)
|
||||
expect(user.valid?).to be_falsey
|
||||
end
|
||||
|
||||
it 'should allow a user to be created if they are whitelisted' do
|
||||
user = User.new(email: 'foo@mastodon.space', account: account, password: password)
|
||||
user = User.new(email: 'foo@mastodon.space', account: account, password: password, agreement: true)
|
||||
expect(user.valid?).to be_truthy
|
||||
end
|
||||
|
||||
it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do
|
||||
user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password)
|
||||
user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password, agreement: true)
|
||||
expect(user.valid?).to be_falsey
|
||||
end
|
||||
|
||||
|
|
@ -242,7 +242,7 @@ RSpec.describe User, type: :model do
|
|||
|
||||
it_behaves_like 'Settings-extended' do
|
||||
def create!
|
||||
User.create!(account: Fabricate(:account), email: 'foo@mastodon.space', password: 'abcd1234')
|
||||
User.create!(account: Fabricate(:account), email: 'foo@mastodon.space', password: 'abcd1234', agreement: true)
|
||||
end
|
||||
|
||||
def fabricate
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue