5 files changed, 15 insertions, 168 deletions

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 8a54546d6..e98332744 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -89,7 +89,7 @@ defmodule Pleroma.User do
     field(:keys, :string)
     field(:public_key, :string)
     field(:ap_id, :string)
-    field(:avatar, :map)
+    field(:avatar, :map, default: %{})
     field(:local, :boolean, default: true)
     field(:follower_address, :string)
     field(:following_address, :string)
@@ -539,14 +539,11 @@ defmodule Pleroma.User do
   end
 
   defp put_change_if_present(changeset, map_field, value_function) do
-    if value = get_change(changeset, map_field) do
-      with {:ok, new_value} <- value_function.(value) do
-        put_change(changeset, map_field, new_value)
-      else
-        _ -> changeset
-      end
+    with {:ok, value} <- fetch_change(changeset, map_field),
+         {:ok, new_value} <- value_function.(value) do
+      put_change(changeset, map_field, new_value)
     else
-      changeset
+      _ -> changeset
     end
   end
 
diff --git a/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex b/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
index 90922c064..97836b2eb 100644
--- a/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
@@ -4,7 +4,6 @@
 
 defmodule Pleroma.Web.ApiSpec.PleromaAccountOperation do
   alias OpenApiSpex.Operation
-  alias OpenApiSpex.Schema
   alias Pleroma.Web.ApiSpec.Schemas.AccountRelationship
   alias Pleroma.Web.ApiSpec.Schemas.ApiError
   alias Pleroma.Web.ApiSpec.Schemas.FlakeID
@@ -40,48 +39,6 @@ defmodule Pleroma.Web.ApiSpec.PleromaAccountOperation do
     }
   end
 
-  def update_avatar_operation do
-    %Operation{
-      tags: ["Accounts"],
-      summary: "Set/clear user avatar image",
-      operationId: "PleromaAPI.AccountController.update_avatar",
-      requestBody:
-        request_body("Parameters", update_avatar_or_background_request(), required: true),
-      security: [%{"oAuth" => ["write:accounts"]}],
-      responses: %{
-        200 => update_response(),
-        403 => Operation.response("Forbidden", "application/json", ApiError)
-      }
-    }
-  end
-
-  def update_banner_operation do
-    %Operation{
-      tags: ["Accounts"],
-      summary: "Set/clear user banner image",
-      operationId: "PleromaAPI.AccountController.update_banner",
-      requestBody: request_body("Parameters", update_banner_request(), required: true),
-      security: [%{"oAuth" => ["write:accounts"]}],
-      responses: %{
-        200 => update_response()
-      }
-    }
-  end
-
-  def update_background_operation do
-    %Operation{
-      tags: ["Accounts"],
-      summary: "Set/clear user background image",
-      operationId: "PleromaAPI.AccountController.update_background",
-      security: [%{"oAuth" => ["write:accounts"]}],
-      requestBody:
-        request_body("Parameters", update_avatar_or_background_request(), required: true),
-      responses: %{
-        200 => update_response()
-      }
-    }
-  end
-
   def favourites_operation do
     %Operation{
       tags: ["Accounts"],
@@ -136,52 +93,4 @@ defmodule Pleroma.Web.ApiSpec.PleromaAccountOperation do
       required: true
     )
   end
-
-  defp update_avatar_or_background_request do
-    %Schema{
-      title: "PleromaAccountUpdateAvatarOrBackgroundRequest",
-      type: :object,
-      properties: %{
-        img: %Schema{
-          nullable: true,
-          type: :string,
-          format: :binary,
-          description: "Image encoded using `multipart/form-data` or an empty string to clear"
-        }
-      }
-    }
-  end
-
-  defp update_banner_request do
-    %Schema{
-      title: "PleromaAccountUpdateBannerRequest",
-      type: :object,
-      properties: %{
-        banner: %Schema{
-          type: :string,
-          nullable: true,
-          format: :binary,
-          description: "Image encoded using `multipart/form-data` or an empty string to clear"
-        }
-      }
-    }
-  end
-
-  defp update_response do
-    Operation.response("PleromaAccountUpdateResponse", "application/json", %Schema{
-      type: :object,
-      properties: %{
-        url: %Schema{
-          type: :string,
-          format: :uri,
-          nullable: true,
-          description: "Image URL"
-        }
-      },
-      example: %{
-        "url" =>
-          "https://cofe.party/media/9d0add56-bcb6-4c0f-8225-cbbd0b6dd773/13eadb6972c9ccd3f4ffa3b8196f0e0d38b4d2f27594457c52e52946c054cd9a.gif"
-      }
-    })
-  end
 end
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index b5008d69b..d4532258c 100644
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -148,6 +148,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
       |> Enum.filter(fn {_, value} -> not is_nil(value) end)
       |> Enum.into(%{})
 
+    # We use an empty string as a special value to reset
+    # avatars, banners, backgrounds
+    user_image_value = fn
+      "" -> {:ok, nil}
+      value -> {:ok, value}
+    end
+
     user_params =
       [
         :no_rich_text,
@@ -168,9 +175,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
       |> Maps.put_if_present(:name, params[:display_name])
       |> Maps.put_if_present(:bio, params[:note])
       |> Maps.put_if_present(:raw_bio, params[:note])
-      |> Maps.put_if_present(:avatar, params[:avatar])
-      |> Maps.put_if_present(:banner, params[:header])
-      |> Maps.put_if_present(:background, params[:pleroma_background_image])
+      |> Maps.put_if_present(:avatar, params[:avatar], user_image_value)
+      |> Maps.put_if_present(:banner, params[:header], user_image_value)
+      |> Maps.put_if_present(:background, params[:pleroma_background_image], user_image_value)
       |> Maps.put_if_present(
         :raw_fields,
         params[:fields_attributes],
diff --git a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
index f3554d919..563edded7 100644
--- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
@@ -8,7 +8,6 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
   import Pleroma.Web.ControllerHelper,
     only: [json_response: 3, add_link_headers: 2, assign_account_by_id: 2]
 
-  alias Ecto.Changeset
   alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
   alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Plugs.RateLimiter
@@ -37,17 +36,6 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:accounts"]}
-    # Note: the following actions are not permission-secured in Mastodon:
-    when action in [
-           :update_avatar,
-           :update_banner,
-           :update_background
-         ]
-  )
-
-  plug(
-    OAuthScopesPlug,
     %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
   )
 
@@ -68,56 +56,6 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
     end
   end
 
-  @doc "PATCH /api/v1/pleroma/accounts/update_avatar"
-  def update_avatar(%{assigns: %{user: user}, body_params: %{img: ""}} = conn, _) do
-    {:ok, _user} =
-      user
-      |> Changeset.change(%{avatar: nil})
-      |> User.update_and_set_cache()
-
-    json(conn, %{url: nil})
-  end
-
-  def update_avatar(%{assigns: %{user: user}, body_params: params} = conn, _params) do
-    {:ok, %{data: data}} = ActivityPub.upload(params, type: :avatar)
-    {:ok, _user} = user |> Changeset.change(%{avatar: data}) |> User.update_and_set_cache()
-    %{"url" => [%{"href" => href} | _]} = data
-
-    json(conn, %{url: href})
-  end
-
-  @doc "PATCH /api/v1/pleroma/accounts/update_banner"
-  def update_banner(%{assigns: %{user: user}, body_params: %{banner: ""}} = conn, _) do
-    with {:ok, _user} <- User.update_banner(user, %{}) do
-      json(conn, %{url: nil})
-    end
-  end
-
-  def update_banner(%{assigns: %{user: user}, body_params: params} = conn, _) do
-    with {:ok, object} <- ActivityPub.upload(%{img: params[:banner]}, type: :banner),
-         {:ok, _user} <- User.update_banner(user, object.data) do
-      %{"url" => [%{"href" => href} | _]} = object.data
-
-      json(conn, %{url: href})
-    end
-  end
-
-  @doc "PATCH /api/v1/pleroma/accounts/update_background"
-  def update_background(%{assigns: %{user: user}, body_params: %{img: ""}} = conn, _) do
-    with {:ok, _user} <- User.update_background(user, %{}) do
-      json(conn, %{url: nil})
-    end
-  end
-
-  def update_background(%{assigns: %{user: user}, body_params: params} = conn, _) do
-    with {:ok, object} <- ActivityPub.upload(params, type: :background),
-         {:ok, _user} <- User.update_background(user, object.data) do
-      %{"url" => [%{"href" => href} | _]} = object.data
-
-      json(conn, %{url: href})
-    end
-  end
-
   @doc "GET /api/v1/pleroma/accounts/:id/favourites"
   def favourites(%{assigns: %{account: %{hide_favorites: true}}} = conn, _params) do
     render_error(conn, :forbidden, "Can't get favorites")
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 9eee74e6c..386308362 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -328,10 +328,6 @@ defmodule Pleroma.Web.Router do
       delete("/statuses/:id/reactions/:emoji", EmojiReactionController, :delete)
       post("/notifications/read", NotificationController, :mark_as_read)
 
-      patch("/accounts/update_avatar", AccountController, :update_avatar)
-      patch("/accounts/update_banner", AccountController, :update_banner)
-      patch("/accounts/update_background", AccountController, :update_background)
-
       get("/mascot", MascotController, :show)
       put("/mascot", MascotController, :update)