about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authorStarfall <us@starfall.systems>2021-03-04 23:55:42 -0600
committerStarfall <us@starfall.systems>2021-03-04 23:55:42 -0600
commitfe6381b9acc28cd610b032160de2952e1fdefc86 (patch)
treead1ba10427d5d792d3ba797479528f01e51404a5 /app/controllers
parent033b1b5b900babc9b068ddad0ae644c5f15e9ffe (diff)
parentf4abf8e7829c6a5b952dea6fb9ad01b6b3601f95 (diff)
Merge remote-tracking branch 'glitchsoc/main' into main
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/api/v1/accounts_controller.rb2
-rw-r--r--app/controllers/api/v1/emails/confirmations_controller.rb17
-rw-r--r--app/controllers/concerns/signature_verification.rb1
3 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 953874e1a..996f1b79b 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -27,6 +27,8 @@ class Api::V1::AccountsController < Api::BaseController
 
     self.response_body = Oj.dump(response.body)
     self.status        = response.status
+  rescue ActiveRecord::RecordInvalid => e
+    render json: ValidationErrorFormatter.new(e, :'account.username' => :username, :'invite_request.text' => :reason).as_json, status: :unprocessable_entity
   end
 
   def follow
diff --git a/app/controllers/api/v1/emails/confirmations_controller.rb b/app/controllers/api/v1/emails/confirmations_controller.rb
new file mode 100644
index 000000000..03ab5de8c
--- /dev/null
+++ b/app/controllers/api/v1/emails/confirmations_controller.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Api::V1::Emails::ConfirmationsController < Api::BaseController
+  before_action :doorkeeper_authorize!
+  before_action :require_user_owned_by_application!
+
+  def create
+    current_user.resend_confirmation_instructions if current_user.unconfirmed_email.present?
+    render_empty
+  end
+
+  private
+
+  def require_user_owned_by_application!
+    render json: { error: 'This method is only available to the application the user originally signed-up with' }, status: :forbidden unless current_user && current_user.created_by_application_id == doorkeeper_token.application_id
+  end
+end
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index fc3978fbb..4dd0cac55 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -133,6 +133,7 @@ module SignatureVerification
 
   def verify_body_digest!
     return unless signed_headers.include?('digest')
+    raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest')
 
     digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] }
     sha256  = digests.assoc('sha-256')