diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | lib/pleroma/notification.ex | 14 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/controllers/app_controller.ex | 20 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/views/app_view.ex | 4 | ||||
| -rw-r--r-- | lib/pleroma/web/plugs/ensure_authenticated_plug.ex | 4 | ||||
| -rw-r--r-- | lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 38 | ||||
| -rw-r--r-- | priv/static/images/avi.png | bin | 726 -> 1036 bytes | |||
| -rw-r--r-- | test/pleroma/web/mastodon_api/controllers/app_controller_test.exs | 28 |
10 files changed, 76 insertions, 43 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 036550430..8934618d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Provide redirect of external posts from `/notice/:id` to their original URL - Admins no longer receive notifications for reports if they are the actor making the report. - Improved Mailer configuration setting descriptions for AdminFE. +- Updated default avatar to look nicer. <details> <summary>API Changes</summary> diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index 1970fbf65..7efbdc49a 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -112,13 +112,6 @@ defmodule Pleroma.Notification do Notification |> where(user_id: ^user.id) - |> where( - [n, a], - fragment( - "? not in (SELECT ap_id FROM users WHERE is_active = 'false')", - a.actor - ) - ) |> join(:inner, [n], activity in assoc(n, :activity)) |> join(:left, [n, a], object in Object, on: @@ -129,7 +122,9 @@ defmodule Pleroma.Notification do a.data ) ) + |> join(:inner, [_n, a], u in User, on: u.ap_id == a.actor, as: :user_actor) |> preload([n, a, o], activity: {a, object: o}) + |> where([user_actor: user_actor], user_actor.is_active) |> exclude_notification_muted(user, exclude_notification_muted_opts) |> exclude_blocked(user, exclude_blocked_opts) |> exclude_filtered(user) @@ -156,9 +151,10 @@ defmodule Pleroma.Notification do query |> where([n, a], a.actor not in ^notification_muted_ap_ids) |> join(:left, [n, a], tm in ThreadMute, - on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data) + on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data), + as: :thread_mute ) - |> where([n, a, o, tm], is_nil(tm.user_id)) + |> where([thread_mute: thread_mute], is_nil(thread_mute.user_id)) end defp exclude_filtered(query, user) do diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex index a7e4d93f5..dd3b39c77 100644 --- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex @@ -3,6 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.AppController do + @moduledoc """ + Controller for supporting app-related actions. + If authentication is an option, app tokens (user-unbound) must be supported. + """ + use Pleroma.Web, :controller alias Pleroma.Repo @@ -17,11 +22,9 @@ defmodule Pleroma.Web.MastodonAPI.AppController do plug( :skip_plug, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] - when action == :create + when action in [:create, :verify_credentials] ) - plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :verify_credentials) - plug(Pleroma.Web.ApiSpec.CastAndValidate) @local_mastodon_name "Mastodon-Local" @@ -44,10 +47,13 @@ defmodule Pleroma.Web.MastodonAPI.AppController do end end - @doc "GET /api/v1/apps/verify_credentials" - def verify_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do - with %Token{app: %App{} = app} <- Repo.preload(token, :app) do - render(conn, "short.json", app: app) + @doc """ + GET /api/v1/apps/verify_credentials + Gets compact non-secret representation of the app. Supports app tokens and user tokens. + """ + def verify_credentials(%{assigns: %{token: %Token{} = token}} = conn, _) do + with %{app: %App{} = app} <- Repo.preload(token, :app) do + render(conn, "compact_non_secret.json", app: app) end end end diff --git a/lib/pleroma/web/mastodon_api/views/app_view.ex b/lib/pleroma/web/mastodon_api/views/app_view.ex index 3d7131e09..c406b5a27 100644 --- a/lib/pleroma/web/mastodon_api/views/app_view.ex +++ b/lib/pleroma/web/mastodon_api/views/app_view.ex @@ -34,10 +34,10 @@ defmodule Pleroma.Web.MastodonAPI.AppView do |> with_vapid_key() end - def render("short.json", %{app: %App{website: webiste, client_name: name}}) do + def render("compact_non_secret.json", %{app: %App{website: website, client_name: name}}) do %{ name: name, - website: webiste + website: website } |> with_vapid_key() end diff --git a/lib/pleroma/web/plugs/ensure_authenticated_plug.ex b/lib/pleroma/web/plugs/ensure_authenticated_plug.ex index a4b5dc257..31e7410d6 100644 --- a/lib/pleroma/web/plugs/ensure_authenticated_plug.ex +++ b/lib/pleroma/web/plugs/ensure_authenticated_plug.ex @@ -3,6 +3,10 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.EnsureAuthenticatedPlug do + @moduledoc """ + Ensures _user_ authentication (app-bound user-unbound tokens are not accepted). + """ + import Plug.Conn import Pleroma.Web.TranslationHelpers diff --git a/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex b/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex index b6dfc4f3c..8a8532f41 100644 --- a/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex +++ b/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex @@ -3,6 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug do + @moduledoc """ + Ensures instance publicity or _user_ authentication + (app-bound user-unbound tokens are accepted only if the instance is public). + """ + import Pleroma.Web.TranslationHelpers import Plug.Conn diff --git a/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex b/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex index 3a2b5dda8..534b0cff1 100644 --- a/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex +++ b/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex @@ -28,6 +28,11 @@ defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug do end end + # App-bound token case (obtained with client_id and client_secret) + def call(%{assigns: %{token: %Token{user_id: nil}}} = conn, _) do + assign(conn, :user, nil) + end + def call(conn, _) do conn |> assign(:user, nil) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b8aa8c67c..e71686d31 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -37,11 +37,13 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug) end - pipeline :expect_authentication do + # Note: expects _user_ authentication (user-unbound app-bound tokens don't qualify) + pipeline :expect_user_authentication do plug(Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug) end - pipeline :expect_public_instance_or_authentication do + # Note: expects public instance or _user_ authentication (user-unbound tokens don't qualify) + pipeline :expect_public_instance_or_user_authentication do plug(Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug) end @@ -66,23 +68,30 @@ defmodule Pleroma.Web.Router do plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec) end - pipeline :api do - plug(:expect_public_instance_or_authentication) + pipeline :no_auth_or_privacy_expectations_api do plug(:base_api) plug(:after_auth) plug(Pleroma.Web.Plugs.IdempotencyPlug) end + # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported) + pipeline :app_api do + plug(:no_auth_or_privacy_expectations_api) + end + + pipeline :api do + plug(:expect_public_instance_or_user_authentication) + plug(:no_auth_or_privacy_expectations_api) + end + pipeline :authenticated_api do - plug(:expect_authentication) - plug(:base_api) - plug(:after_auth) + plug(:expect_user_authentication) + plug(:no_auth_or_privacy_expectations_api) plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug) - plug(Pleroma.Web.Plugs.IdempotencyPlug) end pipeline :admin_api do - plug(:expect_authentication) + plug(:expect_user_authentication) plug(:base_api) plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug) plug(:after_auth) @@ -432,8 +441,6 @@ defmodule Pleroma.Web.Router do post("/accounts/:id/mute", AccountController, :mute) post("/accounts/:id/unmute", AccountController, :unmute) - get("/apps/verify_credentials", AppController, :verify_credentials) - get("/conversations", ConversationController, :index) post("/conversations/:id/read", ConversationController, :mark_as_read) delete("/conversations/:id", ConversationController, :delete) @@ -526,6 +533,13 @@ defmodule Pleroma.Web.Router do end scope "/api/v1", Pleroma.Web.MastodonAPI do + pipe_through(:app_api) + + post("/apps", AppController, :create) + get("/apps/verify_credentials", AppController, :verify_credentials) + end + + scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:api) get("/accounts/search", SearchController, :account_search) @@ -541,8 +555,6 @@ defmodule Pleroma.Web.Router do get("/instance", InstanceController, :show) get("/instance/peers", InstanceController, :peers) - post("/apps", AppController, :create) - get("/statuses", StatusController, :index) get("/statuses/:id", StatusController, :show) get("/statuses/:id/context", StatusController, :context) diff --git a/priv/static/images/avi.png b/priv/static/images/avi.png Binary files differindex c6595adad..df4e2d233 100644 --- a/priv/static/images/avi.png +++ b/priv/static/images/avi.png diff --git a/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs index 238fd265b..76d81b942 100644 --- a/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs @@ -12,22 +12,26 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do import Pleroma.Factory test "apps/verify_credentials", %{conn: conn} do - token = insert(:oauth_token) + user_bound_token = insert(:oauth_token) + app_bound_token = insert(:oauth_token, user: nil) + refute app_bound_token.user - conn = - conn - |> put_req_header("authorization", "Bearer #{token.token}") - |> get("/api/v1/apps/verify_credentials") + for token <- [app_bound_token, user_bound_token] do + conn = + conn + |> put_req_header("authorization", "Bearer #{token.token}") + |> get("/api/v1/apps/verify_credentials") - app = Repo.preload(token, :app).app + app = Repo.preload(token, :app).app - expected = %{ - "name" => app.client_name, - "website" => app.website, - "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) - } + expected = %{ + "name" => app.client_name, + "website" => app.website, + "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) + } - assert expected == json_response_and_validate_schema(conn, 200) + assert expected == json_response_and_validate_schema(conn, 200) + end end test "creates an oauth app", %{conn: conn} do |
