Merge branch 'release/1.1.6' into 'stable'v1.1.6

Release/1.1.6 See merge request pleroma/pleroma!1995
author: rinpatch <rinpatch@sdf.org> 2019-11-19 20:04:19 +0000
committer: rinpatch <rinpatch@sdf.org> 2019-11-19 20:04:19 +0000
commit: 0ba3f1ffb28792c21809fa9a30fc03a7a52d9361 (patch)
tree: 0b1a885f966c36e296d8d48048ddf25fc30b7a93 /lib/pleroma
parent: 36f4382b3367a889a191b124066fbbafab37d047 (diff)
parent: 34206e4d7f2f5abe896882874e142374d987c44f (diff)
download: pleroma-1.1.6.tar.gz
6 files changed, 32 insertions, 8 deletions
diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex
index 86bc4aa3a..11a5b7642 100644
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@@ -71,7 +71,7 @@ defmodule Pleroma.Plugs.OAuthPlug do
       )
 
     # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
-    with %Token{user: %{info: %{deactivated: false} = _} = user} = token_record <- Repo.one(query) do
+    with %Token{user: user} = token_record <- Repo.one(query) do
       {:ok, user, token_record}
     end
   end
diff --git a/lib/pleroma/plugs/user_enabled_plug.ex b/lib/pleroma/plugs/user_enabled_plug.ex
index da892c28b..8d102ee5b 100644
--- a/lib/pleroma/plugs/user_enabled_plug.ex
+++ b/lib/pleroma/plugs/user_enabled_plug.ex
@@ -10,9 +10,13 @@ defmodule Pleroma.Plugs.UserEnabledPlug do
     options
   end
 
-  def call(%{assigns: %{user: %User{info: %{deactivated: true}}}} = conn, _) do
-    conn
-    |> assign(:user, nil)
+  def call(%{assigns: %{user: %User{} = user}} = conn, _) do
+    if User.auth_active?(user) do
+      conn
+    else
+      conn
+      |> assign(:user, nil)
+    end
   end
 
   def call(conn, _) do
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index f0912fb10..f5d3245dc 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -70,6 +70,8 @@ defmodule Pleroma.User do
   def auth_active?(%User{info: %User.Info{confirmation_pending: true}}),
     do: !Pleroma.Config.get([:instance, :account_activation_required])
 
+  def auth_active?(%User{info: %User.Info{deactivated: true}}), do: false
+
   def auth_active?(%User{}), do: true
 
   def visible_for?(user, for_user \\ nil)
diff --git a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
index 863d673ea..a5de1fecd 100644
--- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
@@ -1671,9 +1671,10 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     participations = Participation.for_user_with_last_activity_id(user, params)
 
     conversations =
-      Enum.map(participations, fn participation ->
-        ConversationView.render("participation.json", %{participation: participation, for: user})
-      end)
+      ConversationView.safe_render_many(participations, ConversationView, "participation.json", %{
+        as: :participation,
+        for: user
+      })
 
     conn
     |> add_link_headers(:conversations, participations)
diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 81eae2c8b..63a6cc286 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -35,7 +35,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
     authorize(conn, Map.merge(params, auth_attrs))
   end
 
-  def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, params) do
+  def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, %{"force_login" => _} = params) do
     if ControllerHelper.truthy_param?(params["force_login"]) do
       do_authorize(conn, params)
     else
@@ -43,6 +43,22 @@ defmodule Pleroma.Web.OAuth.OAuthController do
     end
   end
 
+  # Note: the token is set in oauth_plug, but the token and client do not always go together.
+  # For example, MastodonFE's token is set if user requests with another client,
+  # after user already authorized to MastodonFE.
+  # So we have to check client and token.
+  def authorize(
+        %Plug.Conn{assigns: %{token: %Token{} = token}} = conn,
+        %{"client_id" => client_id} = params
+      ) do
+    with %Token{} = t <- Repo.get_by(Token, token: token.token) |> Repo.preload(:app),
+         ^client_id <- t.app.client_id do
+      handle_existing_authorization(conn, params)
+    else
+      _ -> do_authorize(conn, params)
+    end
+  end
+
   def authorize(%Plug.Conn{} = conn, params), do: do_authorize(conn, params)
 
   defp do_authorize(%Plug.Conn{} = conn, params) do
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index db660f0dc..979dea0aa 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -13,6 +13,7 @@ defmodule Pleroma.Web.Router do
   pipeline :oauth do
     plug(:fetch_session)
     plug(Pleroma.Plugs.OAuthPlug)
+    plug(Pleroma.Plugs.UserEnabledPlug)
   end
 
   pipeline :api do
author	rinpatch <rinpatch@sdf.org>	2019-11-19 20:04:19 +0000
committer	rinpatch <rinpatch@sdf.org>	2019-11-19 20:04:19 +0000
commit	0ba3f1ffb28792c21809fa9a30fc03a7a52d9361 (patch)
tree	0b1a885f966c36e296d8d48048ddf25fc30b7a93 /lib/pleroma
parent	36f4382b3367a889a191b124066fbbafab37d047 (diff)
parent	34206e4d7f2f5abe896882874e142374d987c44f (diff)
download	pleroma-1.1.6.tar.gz