From 8ab618268312f4eb4a2d5a69a687d189dbc85af8 Mon Sep 17 00:00:00 2001
From: orientor <orientorrenovare@gmail.com>
Date: Wed, 24 Jun 2020 14:16:23 +0530
Subject: [PATCH] fetch_api_key: Return `email` in json_response.

`/api/v1/fetch_api_key`'s response had a key `email` with the user's
delivery email. But its JSON counterpart `/json/fetch_api_key`, which
has a completely different implementation, did not return `email` in
its success response.

So to avoid confusion, the non-API endpoint, `/json/fetch_api_key`
response has been made identical with it's `/api` counterpart by
adding the `email` key. Also it is safe to send as the calling user
will only see their own email.
---
 zerver/openapi/zulip.yaml | 1 +
 zerver/views/auth.py      | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/zerver/openapi/zulip.yaml b/zerver/openapi/zulip.yaml
index 259f1fd508..f0fdd3857a 100644
--- a/zerver/openapi/zulip.yaml
+++ b/zerver/openapi/zulip.yaml
@@ -4794,6 +4794,7 @@ components:
       - $ref: '#/components/schemas/JsonSuccess'
       - required:
         - api_key
+        - email
       - properties:
           api_key:
             type: string
diff --git a/zerver/views/auth.py b/zerver/views/auth.py
index 238f8326d6..ba47660966 100644
--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@@ -946,7 +946,7 @@ def json_fetch_api_key(request: HttpRequest, user_profile: UserProfile,
             return json_error(_("Your username or password is incorrect."))
 
     api_key = get_api_key(user_profile)
-    return json_success({"api_key": api_key})
+    return json_success({"api_key": api_key, "email": user_profile.delivery_email})
 
 @csrf_exempt
 def api_fetch_google_client_id(request: HttpRequest) -> HttpResponse: