Merge branch '114_email_invites' into 'develop'

[#114] Email invites

See merge request pleroma/pleroma!541

7 files changed, 145 insertions, 2 deletions

diff --git a/config/config.md b/config/config.md
index d4dad77b1..8282eab14 100644
--- a/config/config.md
+++ b/config/config.md
@@ -67,7 +67,8 @@ config :pleroma, Pleroma.Mailer,
 * `avatar_upload_limit`: File size limit of user’s profile avatars
 * `background_upload_limit`: File size limit of user’s profile backgrounds
 * `banner_upload_limit`: File size limit of user’s profile banners
-* `registrations_open`: Enable registrations for anyone, invitations can be used when false.
+* `registrations_open`: Enable registrations for anyone, invitations can be enabled when false.
+* `invites_enabled`: Enable user invitations for admins (depends on `registrations_open: false`).
 * `federating`: Enable federation with other instances
 * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance
 * `rewrite_policy`: Message Rewrite Policy, either one or a list. Here are the ones available by default:
diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex
index 9cdf002f3..7e3e9b020 100644
--- a/lib/pleroma/emails/user_email.ex
+++ b/lib/pleroma/emails/user_email.ex
@@ -37,4 +37,30 @@ defmodule Pleroma.UserEmail do
     |> subject("Password reset")
     |> html_body(html_body)
   end
+
+  def user_invitation_email(
+        user,
+        %Pleroma.UserInviteToken{} = user_invite_token,
+        to_email,
+        to_name \\ nil
+      ) do
+    registration_url =
+      Router.Helpers.redirect_url(
+        Endpoint,
+        :registration_page,
+        user_invite_token.token
+      )
+
+    html_body = """
+    <h3>You are invited to #{instance_name()}</h3>
+    <p>#{user.name} invites you to join #{instance_name()}, an instance of Pleroma federated social networking platform.</p>
+    <p>Click the following link to register: <a href="#{registration_url}">accept invitation</a>.</p>
+    """
+
+    new()
+    |> to(recipient(to_email, to_name))
+    |> from(sender())
+    |> subject("Invitation to #{instance_name()}")
+    |> html_body(html_body)
+  end
 end
diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex
index 06c3c7c81..4d73cf219 100644
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@@ -147,6 +147,19 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
     end
   end
 
+  @doc "Sends registration invite via email"
+  def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
+    with true <-
+           Pleroma.Config.get([:instance, :invites_enabled]) &&
+             !Pleroma.Config.get([:instance, :registrations_open]),
+         {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
+         email <-
+           Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
+         {:ok, _} <- Pleroma.Mailer.deliver(email) do
+      json_response(conn, :no_content, "")
+    end
+  end
+
   @doc "Get a account registeration invite token (base64 string)"
   def get_invite_token(conn, _params) do
     {:ok, token} = Pleroma.UserInviteToken.create_token()
diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
index 277dc6ba1..44c11f40a 100644
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@@ -132,6 +132,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
           banner: Keyword.get(instance, :banner_upload_limit),
           background: Keyword.get(instance, :background_upload_limit)
         },
+        invitesEnabled: Keyword.get(instance, :invites_enabled, false),
         features: features
       }
     }
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 6253a28db..daff3362c 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -117,6 +117,8 @@ defmodule Pleroma.Web.Router do
     delete("/relay", AdminAPIController, :relay_unfollow)
 
     get("/invite_token", AdminAPIController, :get_invite_token)
+    post("/email_invite", AdminAPIController, :email_invite)
+
     get("/password_reset", AdminAPIController, :get_password_reset)
   end
 
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index a8e3467c4..2f2b69623 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -173,7 +173,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
           uploadlimit: uploadlimit,
           closed: if(Keyword.get(instance, :registrations_open), do: "0", else: "1"),
           private: if(Keyword.get(instance, :public, true), do: "0", else: "1"),
-          vapidPublicKey: vapid_public_key
+          vapidPublicKey: vapid_public_key,
+          invitesEnabled: if(Keyword.get(instance, :invites_enabled, false), do: "1", else: "0")
         }
 
         pleroma_fe = %{
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 4c12dd988..e183da3a1 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -154,6 +154,105 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
   end
 
+  describe "POST /api/pleroma/admin/email_invite, with valid config" do
+    setup do
+      registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+      invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
+      Pleroma.Config.put([:instance, :registrations_open], false)
+      Pleroma.Config.put([:instance, :invites_enabled], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put([:instance, :registrations_open], registrations_open)
+        Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
+        :ok
+      end)
+
+      [user: insert(:user, info: %{is_admin: true})]
+    end
+
+    test "sends invitation and returns 204", %{conn: conn, user: user} do
+      recipient_email = "foo@bar.com"
+      recipient_name = "J. D."
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/pleroma/admin/email_invite?email=#{recipient_email}&name=#{recipient_name}")
+
+      assert json_response(conn, :no_content)
+
+      token_record = List.last(Pleroma.Repo.all(Pleroma.UserInviteToken))
+      assert token_record
+      refute token_record.used
+
+      Swoosh.TestAssertions.assert_email_sent(
+        Pleroma.UserEmail.user_invitation_email(
+          user,
+          token_record,
+          recipient_email,
+          recipient_name
+        )
+      )
+    end
+
+    test "it returns 403 if requested by a non-admin", %{conn: conn} do
+      non_admin_user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, non_admin_user)
+        |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
+
+      assert json_response(conn, :forbidden)
+    end
+  end
+
+  describe "POST /api/pleroma/admin/email_invite, with invalid config" do
+    setup do
+      [user: insert(:user, info: %{is_admin: true})]
+    end
+
+    test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
+      registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+      invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
+      Pleroma.Config.put([:instance, :registrations_open], false)
+      Pleroma.Config.put([:instance, :invites_enabled], false)
+
+      on_exit(fn ->
+        Pleroma.Config.put([:instance, :registrations_open], registrations_open)
+        Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
+        :ok
+      end)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
+
+      assert json_response(conn, :internal_server_error)
+    end
+
+    test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
+      registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+      invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
+      Pleroma.Config.put([:instance, :registrations_open], true)
+      Pleroma.Config.put([:instance, :invites_enabled], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put([:instance, :registrations_open], registrations_open)
+        Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
+        :ok
+      end)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
+
+      assert json_response(conn, :internal_server_error)
+    end
+  end
+
   test "/api/pleroma/admin/invite_token" do
     admin = insert(:user, info: %{is_admin: true})