aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web')
-rw-r--r--lib/pleroma/web/activity_pub/activity_pub_controller.ex2
-rw-r--r--lib/pleroma/web/activity_pub/transmogrifier.ex14
-rw-r--r--lib/pleroma/web/activity_pub/utils.ex5
-rw-r--r--lib/pleroma/web/common_api/utils.ex6
-rw-r--r--lib/pleroma/web/http_signatures/http_signatures.ex1
-rw-r--r--lib/pleroma/web/mastodon_api/mastodon_api_controller.ex6
-rw-r--r--lib/pleroma/web/router.ex1
-rw-r--r--lib/pleroma/web/twitter_api/controllers/util_controller.ex25
-rw-r--r--lib/pleroma/web/web_finger/web_finger.ex2
9 files changed, 42 insertions, 20 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 80aae4f0f..c7d50893f 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -93,7 +93,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
Logger.info("Signature not from author, relayed message, fetching from source")
ActivityPub.fetch_object_from_id(params["object"]["id"])
else
- Logger.info("Signature error")
+ Logger.info("Signature error - make sure you are forwarding the HTTP Host header!")
Logger.info("Could not validate #{params["actor"]}")
Logger.info(inspect(conn.req_headers))
end
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index b941fdf16..803445011 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -229,7 +229,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
"object" => %{"type" => "Announce", "object" => object_id},
"actor" => actor,
"id" => id
- } = data
+ } = _data
) do
with %User{} = actor <- User.get_or_fetch_by_ap_id(actor),
{:ok, object} <-
@@ -237,7 +237,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
{:ok, activity, _, _} <- ActivityPub.unannounce(actor, object, id, false) do
{:ok, activity}
else
- e -> :error
+ _e -> :error
end
end
@@ -297,7 +297,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
"object" => %{"type" => "Like", "object" => object_id},
"actor" => actor,
"id" => id
- } = data
+ } = _data
) do
with %User{} = actor <- User.get_or_fetch_by_ap_id(actor),
{:ok, object} <-
@@ -305,7 +305,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
{:ok, activity, _, _} <- ActivityPub.unlike(actor, object, id, false) do
{:ok, activity}
else
- e -> :error
+ _e -> :error
end
end
@@ -565,10 +565,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
def maybe_fix_user_url(data) do
if is_map(data["url"]) do
- data = Map.put(data, "url", data["url"]["href"])
+ Map.put(data, "url", data["url"]["href"])
+ else
+ data
end
-
- data
end
def maybe_fix_user_object(data) do
diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex
index 89d11781d..831e13b7e 100644
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@@ -242,8 +242,9 @@ defmodule Pleroma.Web.ActivityPub.Utils do
fragment(
"? @> ?",
activity.data,
- ^%{type: "Follow", actor: follower_id, object: followed_id}
+ ^%{type: "Follow", object: followed_id}
),
+ where: activity.actor == ^follower_id,
order_by: [desc: :id],
limit: 1
)
@@ -260,7 +261,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
query =
from(
activity in Activity,
- where: fragment("(?)->>'actor' = ?", activity.data, ^actor),
+ where: activity.actor == ^actor,
# this is to use the index
where:
fragment(
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index e774743a2..9c9951371 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -133,7 +133,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
"context" => context,
"attachment" => attachments,
"actor" => actor,
- "tag" => tags |> Enum.map(fn {_, tag} -> tag end)
+ "tag" => tags |> Enum.map(fn {_, tag} -> tag end) |> Enum.uniq()
}
if inReplyTo do
@@ -187,9 +187,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do
end
end
- def confirm_current_password(user, params) do
+ def confirm_current_password(user, password) do
with %User{local: true} = db_user <- Repo.get(User, user.id),
- true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+ true <- Pbkdf2.checkpw(password, db_user.password_hash) do
{:ok, db_user}
else
_ -> {:error, "Invalid password."}
diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex
index dd3f825db..4e0adbc1d 100644
--- a/lib/pleroma/web/http_signatures/http_signatures.ex
+++ b/lib/pleroma/web/http_signatures/http_signatures.ex
@@ -2,6 +2,7 @@
defmodule Pleroma.Web.HTTPSignatures do
alias Pleroma.User
alias Pleroma.Web.ActivityPub.Utils
+ alias Pleroma.Web.ActivityPub.ActivityPub
require Logger
def split_signature(sig) do
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index b21f5de20..2c0277124 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -275,11 +275,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
end
{:ok, activity} =
- Cachex.get!(
- :idempotency_cache,
- idempotency_key,
- fallback: fn _ -> CommonAPI.post(user, params) end
- )
+ Cachex.fetch!(:idempotency_cache, idempotency_key, fn _ -> CommonAPI.post(user, params) end)
render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity})
end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 2b5209b75..9389244b1 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
pipe_through(:authenticated_api)
post("/follow_import", UtilController, :follow_import)
+ post("/change_password", UtilController, :change_password)
post("/delete_account", UtilController, :delete_account)
end
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 23e7408a0..cc5146566 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -197,8 +197,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
json(conn, "job started")
end
+ def change_password(%{assigns: %{user: user}} = conn, params) do
+ case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+ {:ok, user} ->
+ with {:ok, _user} <-
+ User.reset_password(user, %{
+ password: params["new_password"],
+ password_confirmation: params["new_password_confirmation"]
+ }) do
+ json(conn, %{status: "success"})
+ else
+ {:error, changeset} ->
+ {_, {error, _}} = Enum.at(changeset.errors, 0)
+ json(conn, %{error: "New password #{error}."})
+
+ _ ->
+ json(conn, %{error: "Unable to change password."})
+ end
+
+ {:error, msg} ->
+ json(conn, %{error: msg})
+ end
+ end
+
def delete_account(%{assigns: %{user: user}} = conn, params) do
- case CommonAPI.Utils.confirm_current_password(user, params) do
+ case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
{:ok, user} ->
Task.start(fn -> User.delete(user) end)
json(conn, %{status: "success"})
diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex
index 6e5fc1401..9c6f1cb68 100644
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@@ -214,7 +214,7 @@ defmodule Pleroma.Web.WebFinger do
end
def get_template_from_xml(body) do
- xpath = "//Link[@rel='lrdd' and @type='application/xrd+xml']/@template"
+ xpath = "//Link[@rel='lrdd']/@template"
with doc when doc != :error <- XML.parse_document(body),
template when template != nil <- XML.string_from_xpath(xpath, doc) do
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-26 00:31:47 +0000