From a2e03d4f3cfc7ccae98ae19db253aec8f1d3e9d0 Mon Sep 17 00:00:00 2001 From: Zachary Dunn Date: Mon, 18 Mar 2019 13:56:59 +0000 Subject: Initial attempt at updating return type --- lib/pleroma/user.ex | 33 ++++++++++++++-------- lib/pleroma/web/activity_pub/relay.ex | 4 +-- lib/pleroma/web/activity_pub/transmogrifier.ex | 24 ++++++++-------- .../web/mastodon_api/mastodon_api_controller.ex | 2 +- lib/pleroma/web/twitter_api/twitter_api.ex | 2 +- 5 files changed, 37 insertions(+), 28 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 1ce9882f6..6e8103c1c 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -411,7 +411,7 @@ defmodule Pleroma.User do Enum.map( followed_identifiers, fn followed_identifier -> - with %User{} = followed <- get_or_fetch(followed_identifier), + with {:ok, %User{} = followed} <- get_or_fetch(followed_identifier), {:ok, follower} <- maybe_direct_follow(follower, followed), {:ok, _} <- ActivityPub.follow(follower, followed) do followed @@ -492,7 +492,14 @@ defmodule Pleroma.User do def get_cached_by_nickname(nickname) do key = "nickname:#{nickname}" - Cachex.fetch!(:user_cache, key, fn _ -> get_or_fetch_by_nickname(nickname) end) + Cachex.fetch!(:user_cache, key, fn -> + user_result = get_or_fetch_by_nickname(nickname) + + case user_result do + {:ok, user} -> {:commit, user} + {:error, error} -> {:ignore, error} + end + end) end def get_cached_by_nickname_or_id(nickname_or_id) do @@ -529,7 +536,7 @@ defmodule Pleroma.User do def get_or_fetch_by_nickname(nickname) do with %User{} = user <- get_by_nickname(nickname) do - user + {:ok, user} else _e -> with [_nick, _domain] <- String.split(nickname, "@"), @@ -538,9 +545,9 @@ defmodule Pleroma.User do {:ok, _} = Task.start(__MODULE__, :fetch_initial_posts, [user]) end - user + {:ok, user} else - _e -> nil + _e -> {:error, "Error"} end end end @@ -939,7 +946,7 @@ defmodule Pleroma.User do Enum.map( blocked_identifiers, fn blocked_identifier -> - with %User{} = blocked <- get_or_fetch(blocked_identifier), + with {:ok, %User{} = blocked} <- get_or_fetch(blocked_identifier), {:ok, blocker} <- block(blocker, blocked), {:ok, _} <- ActivityPub.block(blocker, blocked) do blocked @@ -1157,17 +1164,19 @@ defmodule Pleroma.User do user = get_by_ap_id(ap_id) if !is_nil(user) and !User.needs_update?(user) do - user + {:ok, user} else user = fetch_by_ap_id(ap_id) - if Pleroma.Config.get([:fetch_initial_posts, :enabled]) do - with %User{} = user do + with %User{} = user do + if Pleroma.Config.get([:fetch_initial_posts, :enabled]) do {:ok, _} = Task.start(__MODULE__, :fetch_initial_posts, [user]) end - end - user + {:ok, user} + else + _ -> {:error, "Could not fetch by AP id"} + end end end @@ -1209,7 +1218,7 @@ defmodule Pleroma.User do end def get_public_key_for_ap_id(ap_id) do - with %User{} = user <- get_or_fetch_by_ap_id(ap_id), + with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id), {:ok, public_key} <- public_key_from_info(user.info) do {:ok, public_key} else diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 01fef71b9..2bab9b03c 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -15,7 +15,7 @@ defmodule Pleroma.Web.ActivityPub.Relay do def follow(target_instance) do with %User{} = local_user <- get_actor(), - %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), + {:ok, %User{} = target_user} <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.follow(local_user, target_user) do Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") {:ok, activity} @@ -28,7 +28,7 @@ defmodule Pleroma.Web.ActivityPub.Relay do def unfollow(target_instance) do with %User{} = local_user <- get_actor(), - %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), + {:ok, %User{} = target_user} <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") {:ok, activity} diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1247e4b61..a90b934e5 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -373,7 +373,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> fix_addressing with nil <- Activity.get_create_by_object_ap_id(object["id"]), - %User{} = user <- User.get_or_fetch_by_ap_id(data["actor"]) do + {:ok, %User{} = user} <- User.get_or_fetch_by_ap_id(data["actor"]) do object = fix_object(data["object"]) params = %{ @@ -402,7 +402,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %{"type" => "Follow", "object" => followed, "actor" => follower, "id" => id} = data ) do with %User{local: true} = followed <- User.get_cached_by_ap_id(followed), - %User{} = follower <- User.get_or_fetch_by_ap_id(follower), + {:ok, %User{} = follower} <- User.get_or_fetch_by_ap_id(follower), {:ok, activity} <- ActivityPub.follow(follower, followed, id, false) do if not User.locked?(followed) do ActivityPub.accept(%{ @@ -425,7 +425,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %{"type" => "Accept", "object" => follow_object, "actor" => _actor, "id" => _id} = data ) do with actor <- get_actor(data), - %User{} = followed <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = followed} <- User.get_or_fetch_by_ap_id(actor), {:ok, follow_activity} <- get_follow_activity(follow_object, followed), {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"), %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), @@ -451,7 +451,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %{"type" => "Reject", "object" => follow_object, "actor" => _actor, "id" => _id} = data ) do with actor <- get_actor(data), - %User{} = followed <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = followed} <- User.get_or_fetch_by_ap_id(actor), {:ok, follow_activity} <- get_follow_activity(follow_object, followed), {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"), %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), @@ -475,7 +475,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %{"type" => "Like", "object" => object_id, "actor" => _actor, "id" => id} = data ) do with actor <- get_actor(data), - %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _object} <- ActivityPub.like(actor, object, id, false) do {:ok, activity} @@ -488,7 +488,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do %{"type" => "Announce", "object" => object_id, "actor" => _actor, "id" => id} = data ) do with actor <- get_actor(data), - %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), public <- Visibility.is_public?(data), {:ok, activity, _object} <- ActivityPub.announce(actor, object, id, false, public) do @@ -543,7 +543,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do object_id = Utils.get_ap_id(object_id) with actor <- get_actor(data), - %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), :ok <- contain_origin(actor.ap_id, object.data), {:ok, activity} <- ActivityPub.delete(object, false) do @@ -562,7 +562,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do } = data ) do with actor <- get_actor(data), - %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _} <- ActivityPub.unannounce(actor, object, id, false) do {:ok, activity} @@ -580,7 +580,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do } = _data ) do with %User{local: true} = followed <- User.get_cached_by_ap_id(followed), - %User{} = follower <- User.get_or_fetch_by_ap_id(follower), + {:ok, %User{} = follower} <- User.get_or_fetch_by_ap_id(follower), {:ok, activity} <- ActivityPub.unfollow(follower, followed, id, false) do User.unfollow(follower, followed) {:ok, activity} @@ -599,7 +599,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do ) do with true <- Pleroma.Config.get([:activitypub, :accept_blocks]), %User{local: true} = blocked <- User.get_cached_by_ap_id(blocked), - %User{} = blocker <- User.get_or_fetch_by_ap_id(blocker), + {:ok, %User{} = blocker} <- User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.unblock(blocker, blocked, id, false) do User.unblock(blocker, blocked) {:ok, activity} @@ -613,7 +613,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do ) do with true <- Pleroma.Config.get([:activitypub, :accept_blocks]), %User{local: true} = blocked = User.get_cached_by_ap_id(blocked), - %User{} = blocker = User.get_or_fetch_by_ap_id(blocker), + {:ok, %User{} = blocker = User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.block(blocker, blocked, id, false) do User.unfollow(blocker, blocked) User.block(blocker, blocked) @@ -632,7 +632,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do } = data ) do with actor <- get_actor(data), - %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _, _} <- ActivityPub.unlike(actor, object, id, false) do {:ok, activity} diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e578f707e..cbf2a7ce1 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1450,7 +1450,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do x, "id", case User.get_or_fetch(x["acct"]) do - %{id: id} -> id + {:ok, %User{} = %{id: id}} -> id _ -> 0 end ) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index d57100491..feadf8670 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -312,7 +312,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end def get_external_profile(for_user, uri) do - with %User{} = user <- User.get_or_fetch(uri) do + with {:ok, %User{} = user} <- User.get_or_fetch(uri) do {:ok, UserView.render("show.json", %{user: user, for: for_user})} else _e -> -- cgit v1.2.3 From 5ba14c664b46faf633692cafa4290c0e6521d03c Mon Sep 17 00:00:00 2001 From: Zachary Dunn Date: Mon, 18 Mar 2019 14:05:10 +0000 Subject: Fix missing end brace --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index a90b934e5..546134f46 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -613,7 +613,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do ) do with true <- Pleroma.Config.get([:activitypub, :accept_blocks]), %User{local: true} = blocked = User.get_cached_by_ap_id(blocked), - {:ok, %User{} = blocker = User.get_or_fetch_by_ap_id(blocker), + {:ok, %User{} = blocker} = User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.block(blocker, blocked, id, false) do User.unfollow(blocker, blocked) User.block(blocker, blocked) -- cgit v1.2.3 From af4338da0c26d992a5189fe940aa08ba69222e3b Mon Sep 17 00:00:00 2001 From: Zachary Dunn Date: Mon, 18 Mar 2019 14:52:24 +0000 Subject: Use better error message --- lib/pleroma/user.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 6e8103c1c..dcc03ae95 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -547,7 +547,7 @@ defmodule Pleroma.User do {:ok, user} else - _e -> {:error, "Error"} + e -> {:error, e} end end end -- cgit v1.2.3 From e572786dad231a954c87ce54bb63e9be7fb396e9 Mon Sep 17 00:00:00 2001 From: Zachary Dunn Date: Mon, 18 Mar 2019 14:53:30 +0000 Subject: Run --- lib/pleroma/user.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index dcc03ae95..a29f836be 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -492,6 +492,7 @@ defmodule Pleroma.User do def get_cached_by_nickname(nickname) do key = "nickname:#{nickname}" + Cachex.fetch!(:user_cache, key, fn -> user_result = get_or_fetch_by_nickname(nickname) -- cgit v1.2.3 From 97b35e00b049c8f908484163b5ffdbcb55db7867 Mon Sep 17 00:00:00 2001 From: Zachary Dunn Date: Mon, 18 Mar 2019 14:59:52 +0000 Subject: Fix with expression always matching --- lib/pleroma/user.ex | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a29f836be..5e8dfc669 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1167,9 +1167,7 @@ defmodule Pleroma.User do if !is_nil(user) and !User.needs_update?(user) do {:ok, user} else - user = fetch_by_ap_id(ap_id) - - with %User{} = user do + with %User{} = user <- fetch_by_ap_id(ap_id) do if Pleroma.Config.get([:fetch_initial_posts, :enabled]) do {:ok, _} = Task.start(__MODULE__, :fetch_initial_posts, [user]) end -- cgit v1.2.3 From c810fb81a489dc3faeb1f21092c89a3131188ac1 Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 31 Mar 2019 14:55:09 +0200 Subject: Basic SSH daemon. --- lib/pleroma/bbs/bbs.ex | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 lib/pleroma/bbs/bbs.ex (limited to 'lib') diff --git a/lib/pleroma/bbs/bbs.ex b/lib/pleroma/bbs/bbs.ex new file mode 100644 index 000000000..486ab9183 --- /dev/null +++ b/lib/pleroma/bbs/bbs.ex @@ -0,0 +1,34 @@ +defmodule Pleroma.BBS do + def start_daemon do + :ok = :ssh.start() + + options = [ + system_dir: 'ssh_keys', + auth_method_kb_interactive_data: fn (_, user, _) -> { + 'Welcome to Pleroma BBS', + 'Hello #{user}', + 'Password: ', + false } + end, + auth_methods: 'keyboard-interactive,password', + pwdfun: fn(user, password) -> true end, + shell: &start_prompt/1 + ] + :ssh.daemon(13121, options) + end + + def start_prompt(user) do + spawn(__MODULE__, :prompt, [user]) + end + + def prompt(user) do + IO.puts("Hey #{user}.\n") + IO.puts("Here's your timeline:\n") + + user = Pleroma.User.get_cached_by_nickname(to_string(user)) + Pleroma.Web.TwitterAPI.TwitterAPI.fetch_friend_statuses(user) + |> Enum.each(fn (status) -> + IO.puts("#{status["user"]["name"]} (#{status["user"]["screen_name"]}): #{status["text"]}") + end) + end +end -- cgit v1.2.3 From 17ab9fa45bf8a359746d30f4a91cb57a9c94f206 Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 31 Mar 2019 18:01:16 +0200 Subject: BBS: Some more functionality. --- lib/pleroma/bbs/authenticator.ex | 16 +++++ lib/pleroma/bbs/bbs.ex | 34 ---------- lib/pleroma/bbs/handler.ex | 130 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 146 insertions(+), 34 deletions(-) create mode 100644 lib/pleroma/bbs/authenticator.ex delete mode 100644 lib/pleroma/bbs/bbs.ex create mode 100644 lib/pleroma/bbs/handler.ex (limited to 'lib') diff --git a/lib/pleroma/bbs/authenticator.ex b/lib/pleroma/bbs/authenticator.ex new file mode 100644 index 000000000..a2c153720 --- /dev/null +++ b/lib/pleroma/bbs/authenticator.ex @@ -0,0 +1,16 @@ +defmodule Pleroma.BBS.Authenticator do + use Sshd.PasswordAuthenticator + alias Comeonin.Pbkdf2 + alias Pleroma.User + + def authenticate(username, password) do + username = to_string(username) + password = to_string(password) + + with %User{} = user <- User.get_by_nickname(username) do + Pbkdf2.checkpw(password, user.password_hash) + else + _e -> false + end + end +end diff --git a/lib/pleroma/bbs/bbs.ex b/lib/pleroma/bbs/bbs.ex deleted file mode 100644 index 486ab9183..000000000 --- a/lib/pleroma/bbs/bbs.ex +++ /dev/null @@ -1,34 +0,0 @@ -defmodule Pleroma.BBS do - def start_daemon do - :ok = :ssh.start() - - options = [ - system_dir: 'ssh_keys', - auth_method_kb_interactive_data: fn (_, user, _) -> { - 'Welcome to Pleroma BBS', - 'Hello #{user}', - 'Password: ', - false } - end, - auth_methods: 'keyboard-interactive,password', - pwdfun: fn(user, password) -> true end, - shell: &start_prompt/1 - ] - :ssh.daemon(13121, options) - end - - def start_prompt(user) do - spawn(__MODULE__, :prompt, [user]) - end - - def prompt(user) do - IO.puts("Hey #{user}.\n") - IO.puts("Here's your timeline:\n") - - user = Pleroma.User.get_cached_by_nickname(to_string(user)) - Pleroma.Web.TwitterAPI.TwitterAPI.fetch_friend_statuses(user) - |> Enum.each(fn (status) -> - IO.puts("#{status["user"]["name"]} (#{status["user"]["screen_name"]}): #{status["text"]}") - end) - end -end diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex new file mode 100644 index 000000000..010929ed2 --- /dev/null +++ b/lib/pleroma/bbs/handler.ex @@ -0,0 +1,130 @@ +defmodule Pleroma.BBS.Handler do + @moduledoc """ + An example implementation of `Sshd.ShellHandler`, implementing a very simple + Read-Eval-Loop, that does nothing. + """ + use Sshd.ShellHandler + alias Pleroma.Web.CommonAPI + alias Pleroma.Web.ActivityPub.ActivityPub + + def on_shell(username, _pubkey, _ip, _port) do + :ok = IO.puts "Welcome to #{Pleroma.Config.get([:instance, :name])}!" + user = Pleroma.User.get_by_nickname(to_string(username)) + Logger.debug("#{inspect user}") + loop(run_state([user: user])) + end + + def on_connect(username, ip, port, method) do + Logger.debug fn -> + """ + Incoming SSH shell #{inspect self()} requested for #{username} from #{inspect ip}:#{inspect port} using #{inspect method} + """ + end + end + + def on_disconnect(username, ip, port) do + Logger.debug fn -> + "Disconnecting SSH shell for #{username} from #{inspect ip}:#{inspect port}" + end + end + + defp loop(state) do + self_pid = self() + counter = state.counter + prefix = state.prefix + user = state.user + + input = spawn(fn -> io_get(self_pid, prefix, counter, user.nickname) end) + wait_input state, input + end + + def puts_activity(activity) do + status = Pleroma.Web.MastodonAPI.StatusView.render("status.json", %{activity: activity}) + IO.puts("#{status.id} by #{status.account.display_name} (#{status.account.acct}):") + IO.puts(HtmlSanitizeEx.strip_tags(status.content)) + IO.puts("") + end + + def handle_command(state, "help") do + IO.puts("Available commands:") + IO.puts("help - This help") + IO.puts("home - Show the home timeline") + IO.puts("p - Post the given text") + IO.puts("quit - Quit") + + state + end + + def handle_command(%{user: user} = state, "p " <> text) do + text = String.trim(text) + + with {:ok, _activity} <- CommonAPI.post(user, %{"status" => text}) do + IO.puts("Posted!") + else + _e -> IO.puts("Could not post...") + end + state + end + + def handle_command(state, "home") do + user = state.user + params = + %{} + |> Map.put("type", ["Create", "Announce"]) + |> Map.put("blocking_user", user) + |> Map.put("muting_user", user) + |> Map.put("user", user) + + activities = + [user.ap_id | user.following] + |> ActivityPub.fetch_activities(params) + |> ActivityPub.contain_timeline(user) + |> Enum.reverse() + + Enum.each(activities, fn (activity) -> + puts_activity(activity) + end) + + state + end + + def handle_command(_state, command) do + IO.puts("Unknown command '#{command}'") + end + + defp wait_input(state, input) do + receive do + {:input, ^input, "quit\n"} -> + IO.puts "Exiting..." + + {:input, ^input, code} when is_binary(code) -> + code = String.trim(code) + + handle_command(state, code) + + loop(%{state | counter: state.counter + 1}) + + {:error, :interrupted} -> + IO.puts "Caught Ctrl+C..." + loop(%{state | counter: state.counter + 1}) + + {:input, ^input, msg} -> + :ok = Logger.warn "received unknown message: #{inspect msg}" + loop(%{state | counter: state.counter + 1}) + end + end + + defp run_state(opts) do + %{prefix: "pleroma", counter: 1, user: opts[:user]} + end + + defp io_get(pid, prefix, counter, username) do + prompt = prompt(prefix, counter, username) + send pid, {:input, self(), IO.gets(:stdio, prompt)} + end + + defp prompt(prefix, counter, username) do + prompt = "#{username}@#{prefix}:#{counter}>" + prompt <> " " + end +end -- cgit v1.2.3 From 10fdc080a0048a4776abb4bd1b5aa22d8c65e2da Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 31 Mar 2019 20:35:10 +0200 Subject: BBS: Tests and formatting. --- lib/pleroma/bbs/handler.ex | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index 010929ed2..d999dcf76 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -8,34 +8,36 @@ defmodule Pleroma.BBS.Handler do alias Pleroma.Web.ActivityPub.ActivityPub def on_shell(username, _pubkey, _ip, _port) do - :ok = IO.puts "Welcome to #{Pleroma.Config.get([:instance, :name])}!" + :ok = IO.puts("Welcome to #{Pleroma.Config.get([:instance, :name])}!") user = Pleroma.User.get_by_nickname(to_string(username)) - Logger.debug("#{inspect user}") - loop(run_state([user: user])) + Logger.debug("#{inspect(user)}") + loop(run_state(user: user)) end def on_connect(username, ip, port, method) do - Logger.debug fn -> + Logger.debug(fn -> """ - Incoming SSH shell #{inspect self()} requested for #{username} from #{inspect ip}:#{inspect port} using #{inspect method} + Incoming SSH shell #{inspect(self())} requested for #{username} from #{inspect(ip)}:#{ + inspect(port) + } using #{inspect(method)} """ - end + end) end def on_disconnect(username, ip, port) do - Logger.debug fn -> - "Disconnecting SSH shell for #{username} from #{inspect ip}:#{inspect port}" - end + Logger.debug(fn -> + "Disconnecting SSH shell for #{username} from #{inspect(ip)}:#{inspect(port)}" + end) end defp loop(state) do self_pid = self() - counter = state.counter - prefix = state.prefix - user = state.user + counter = state.counter + prefix = state.prefix + user = state.user input = spawn(fn -> io_get(self_pid, prefix, counter, user.nickname) end) - wait_input state, input + wait_input(state, input) end def puts_activity(activity) do @@ -63,11 +65,13 @@ defmodule Pleroma.BBS.Handler do else _e -> IO.puts("Could not post...") end + state end def handle_command(state, "home") do user = state.user + params = %{} |> Map.put("type", ["Create", "Announce"]) @@ -81,7 +85,7 @@ defmodule Pleroma.BBS.Handler do |> ActivityPub.contain_timeline(user) |> Enum.reverse() - Enum.each(activities, fn (activity) -> + Enum.each(activities, fn activity -> puts_activity(activity) end) @@ -95,7 +99,7 @@ defmodule Pleroma.BBS.Handler do defp wait_input(state, input) do receive do {:input, ^input, "quit\n"} -> - IO.puts "Exiting..." + IO.puts("Exiting...") {:input, ^input, code} when is_binary(code) -> code = String.trim(code) @@ -105,11 +109,11 @@ defmodule Pleroma.BBS.Handler do loop(%{state | counter: state.counter + 1}) {:error, :interrupted} -> - IO.puts "Caught Ctrl+C..." + IO.puts("Caught Ctrl+C...") loop(%{state | counter: state.counter + 1}) {:input, ^input, msg} -> - :ok = Logger.warn "received unknown message: #{inspect msg}" + :ok = Logger.warn("received unknown message: #{inspect(msg)}") loop(%{state | counter: state.counter + 1}) end end @@ -120,7 +124,7 @@ defmodule Pleroma.BBS.Handler do defp io_get(pid, prefix, counter, username) do prompt = prompt(prefix, counter, username) - send pid, {:input, self(), IO.gets(:stdio, prompt)} + send(pid, {:input, self(), IO.gets(:stdio, prompt)}) end defp prompt(prefix, counter, username) do -- cgit v1.2.3 From e3bf6655ba412268e4f5fee645609c9738e453ef Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 31 Mar 2019 21:14:21 +0200 Subject: Add replying. --- lib/pleroma/bbs/handler.ex | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index d999dcf76..7749eb3af 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -6,6 +6,7 @@ defmodule Pleroma.BBS.Handler do use Sshd.ShellHandler alias Pleroma.Web.CommonAPI alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Activity def on_shell(username, _pubkey, _ip, _port) do :ok = IO.puts("Welcome to #{Pleroma.Config.get([:instance, :name])}!") @@ -42,7 +43,7 @@ defmodule Pleroma.BBS.Handler do def puts_activity(activity) do status = Pleroma.Web.MastodonAPI.StatusView.render("status.json", %{activity: activity}) - IO.puts("#{status.id} by #{status.account.display_name} (#{status.account.acct}):") + IO.puts("-- #{status.id} by #{status.account.display_name} (#{status.account.acct})") IO.puts(HtmlSanitizeEx.strip_tags(status.content)) IO.puts("") end @@ -52,11 +53,27 @@ defmodule Pleroma.BBS.Handler do IO.puts("help - This help") IO.puts("home - Show the home timeline") IO.puts("p - Post the given text") + IO.puts("r - Reply to the post with the given id") IO.puts("quit - Quit") state end + def handle_command(%{user: user} = state, "r " <> text) do + text = String.trim(text) + [activity_id, rest] = String.split(text, " ", parts: 2) + + with %Activity{} <- Activity.get_by_id(activity_id), + {:ok, _activity} <- + CommonAPI.post(user, %{"status" => rest, "in_reply_to_status_id" => activity_id}) do + IO.puts("Replied!") + else + _e -> IO.puts("Could not reply...") + end + + state + end + def handle_command(%{user: user} = state, "p " <> text) do text = String.trim(text) @@ -104,7 +121,7 @@ defmodule Pleroma.BBS.Handler do {:input, ^input, code} when is_binary(code) -> code = String.trim(code) - handle_command(state, code) + state = handle_command(state, code) loop(%{state | counter: state.counter + 1}) -- cgit v1.2.3 From 629ad1766ce5da434bf095f6baa81a460334e1b2 Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 31 Mar 2019 21:53:17 +0200 Subject: BBS: Some fixes. --- lib/pleroma/bbs/handler.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index 7749eb3af..1ebba77d2 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -91,7 +91,7 @@ defmodule Pleroma.BBS.Handler do params = %{} - |> Map.put("type", ["Create", "Announce"]) + |> Map.put("type", ["Create"]) |> Map.put("blocking_user", user) |> Map.put("muting_user", user) |> Map.put("user", user) @@ -100,7 +100,6 @@ defmodule Pleroma.BBS.Handler do [user.ap_id | user.following] |> ActivityPub.fetch_activities(params) |> ActivityPub.contain_timeline(user) - |> Enum.reverse() Enum.each(activities, fn activity -> puts_activity(activity) @@ -109,8 +108,9 @@ defmodule Pleroma.BBS.Handler do state end - def handle_command(_state, command) do + def handle_command(state, command) do IO.puts("Unknown command '#{command}'") + state end defp wait_input(state, input) do -- cgit v1.2.3 From f5535e5743f755c66dcf92a8d4d2c06520cb72c8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 23 Apr 2019 22:55:21 +0000 Subject: html: lock down allowed class attributes to only those related to microformats --- lib/pleroma/html.ex | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 7f1dbe28c..2c701adb5 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -105,7 +105,14 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do # links Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) - Meta.allow_tag_with_these_attributes("a", ["name", "title", "class"]) + + Meta.allow_tag_with_this_attribute_values("a", "class", [ + "hashtag", + "u-url", + "mention", + "u-url mention", + "mention u-url" + ]) Meta.allow_tag_with_this_attribute_values("a", "rel", [ "tag", @@ -114,12 +121,15 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do "noreferrer" ]) + Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + # paragraphs and linebreaks Meta.allow_tag_with_these_attributes("br", []) Meta.allow_tag_with_these_attributes("p", []) # microformats - Meta.allow_tag_with_these_attributes("span", ["class"]) + Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"]) + Meta.allow_tag_with_these_attributes("span", []) # allow inline images for custom emoji @allow_inline_images Keyword.get(@markup, :allow_inline_images) @@ -154,7 +164,14 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.strip_comments() Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) - Meta.allow_tag_with_these_attributes("a", ["name", "title", "class"]) + + Meta.allow_tag_with_this_attribute_values("a", "class", [ + "hashtag", + "u-url", + "mention", + "u-url mention", + "mention u-url" + ]) Meta.allow_tag_with_this_attribute_values("a", "rel", [ "tag", @@ -163,6 +180,8 @@ defmodule Pleroma.HTML.Scrubber.Default do "noreferrer" ]) + Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + Meta.allow_tag_with_these_attributes("abbr", ["title"]) Meta.allow_tag_with_these_attributes("b", []) @@ -176,11 +195,13 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_these_attributes("ol", []) Meta.allow_tag_with_these_attributes("p", []) Meta.allow_tag_with_these_attributes("pre", []) - Meta.allow_tag_with_these_attributes("span", ["class"]) Meta.allow_tag_with_these_attributes("strong", []) Meta.allow_tag_with_these_attributes("u", []) Meta.allow_tag_with_these_attributes("ul", []) + Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"]) + Meta.allow_tag_with_these_attributes("span", []) + @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do -- cgit v1.2.3 From 963d5774af7efb57fa306b3ac164049f8958a72c Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Wed, 24 Apr 2019 07:06:17 +0545 Subject: fix the status notification with special char --- lib/pleroma/web/twitter_api/views/activity_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index c64152da8..1007a2a48 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -289,7 +289,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "uri" => object.data["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => text, + "text" => HtmlEntities.decode(text), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, -- cgit v1.2.3 From 4baea6e6d9efa619402a031a84f74787653df2b5 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 24 Apr 2019 20:01:42 +0300 Subject: Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in twitterapi ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs --- lib/pleroma/user/info.ex | 8 -- .../web/mastodon_api/mastodon_api_controller.ex | 14 ++- lib/pleroma/web/mastodon_api/views/account_view.ex | 55 +++++++--- lib/pleroma/web/twitter_api/views/user_view.ex | 112 ++++++++++++--------- 4 files changed, 115 insertions(+), 74 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 7f22a45b5..a3658d57f 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -227,14 +227,6 @@ defmodule Pleroma.User.Info do cast(info, params, [:confirmation_pending, :confirmation_token]) end - def mastodon_profile_update(info, params) do - info - |> cast(params, [ - :locked, - :banner - ]) - end - def mastodon_settings_update(info, settings) do params = %{settings: settings} diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 0ba8d9eea..1379baacf 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -35,7 +35,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token - import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2] + alias Pleroma.Web.ControllerHelper import Ecto.Query require Logger @@ -46,7 +46,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do action_fallback(:errors) def create_app(conn, params) do - scopes = oauth_scopes(params, ["read"]) + scopes = ControllerHelper.oauth_scopes(params, ["read"]) app_attrs = params @@ -96,8 +96,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end) info_params = - %{} - |> add_if_present(params, "locked", :locked, fn value -> {:ok, value == "true"} end) + [:no_rich_text, :locked, :hide_followers, :hide_follows, :hide_favorites, :show_role] + |> Enum.reduce(%{}, fn key, acc -> + add_if_present(acc, params, to_string(key), key, fn value -> + {:ok, ControllerHelper.truthy_param?(value)} + end) + end) |> add_if_present(params, "header", :banner, fn value -> with %Plug.Upload{} <- value, {:ok, object} <- ActivityPub.upload(value, type: :banner) do @@ -107,7 +111,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end) - info_cng = User.Info.mastodon_profile_update(user.info, info_params) + info_cng = User.Info.profile_update(user.info, info_params) with changeset <- User.update_changeset(user, user_params), changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng), diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index d87fdb15d..6e6f0ba93 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -113,21 +113,22 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do bot: bot, source: %{ note: "", - privacy: user_info.default_scope, sensitive: false }, # Pleroma extension - pleroma: - %{ - confirmation_pending: user_info.confirmation_pending, - tags: user.tags, - is_moderator: user.info.is_moderator, - is_admin: user.info.is_admin, - relationship: relationship - } - |> with_notification_settings(user, opts[:for]) + pleroma: %{ + confirmation_pending: user_info.confirmation_pending, + tags: user.tags, + hide_followers: user.info.hide_followers, + hide_follows: user.info.hide_follows, + hide_favorites: user.info.hide_favorites, + relationship: relationship + } } + |> maybe_put_role(user, opts[:for]) + |> maybe_put_settings(user, opts[:for], user_info) + |> maybe_put_notification_settings(user, opts[:for]) end defp username_from_nickname(string) when is_binary(string) do @@ -136,9 +137,37 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do defp username_from_nickname(_), do: nil - defp with_notification_settings(data, %User{id: user_id} = user, %User{id: user_id}) do - Map.put(data, :notification_settings, user.info.notification_settings) + defp maybe_put_settings( + data, + %User{id: user_id} = user, + %User{id: user_id}, + user_info + ) do + data + |> Kernel.put_in([:source, :privacy], user_info.default_scope) + |> Kernel.put_in([:pleroma, :show_role], user.info.show_role) + |> Kernel.put_in([:pleroma, :no_rich_text], user.info.no_rich_text) + end + + defp maybe_put_settings(data, _, _, _), do: data + + defp maybe_put_role(data, %User{info: %{show_role: true}} = user, _) do + data + |> Kernel.put_in([:pleroma, :is_admin], user.info.is_admin) + |> Kernel.put_in([:pleroma, :is_moderator], user.info.is_moderator) + end + + defp maybe_put_role(data, %User{id: user_id} = user, %User{id: user_id}) do + data + |> Kernel.put_in([:pleroma, :is_admin], user.info.is_admin) + |> Kernel.put_in([:pleroma, :is_moderator], user.info.is_moderator) + end + + defp maybe_put_role(data, _, _), do: data + + defp maybe_put_notification_settings(data, %User{id: user_id} = user, %User{id: user_id}) do + Kernel.put_in(data, [:pleroma, :notification_settings], user.info.notification_settings) end - defp with_notification_settings(data, _, _), do: data + defp maybe_put_notification_settings(data, _, _), do: data end diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 0791ed760..39b3f21c0 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -74,52 +74,48 @@ defmodule Pleroma.Web.TwitterAPI.UserView do |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end) |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end) - data = %{ - "created_at" => user.inserted_at |> Utils.format_naive_asctime(), - "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), - "description_html" => HTML.filter_tags(user.bio, User.html_filter_policy(for_user)), - "favourites_count" => 0, - "followers_count" => user_info[:follower_count], - "following" => following, - "follows_you" => follows_you, - "statusnet_blocking" => statusnet_blocking, - "friends_count" => user_info[:following_count], - "id" => user.id, - "name" => user.name || user.nickname, - "name_html" => - if(user.name, - do: HTML.strip_tags(user.name) |> Formatter.emojify(emoji), - else: user.nickname - ), - "profile_image_url" => image, - "profile_image_url_https" => image, - "profile_image_url_profile_size" => image, - "profile_image_url_original" => image, - "rights" => %{ - "delete_others_notice" => !!user.info.is_moderator, - "admin" => !!user.info.is_admin - }, - "screen_name" => user.nickname, - "statuses_count" => user_info[:note_count], - "statusnet_profile_url" => user.ap_id, - "cover_photo" => User.banner_url(user) |> MediaProxy.url(), - "background_image" => image_url(user.info.background) |> MediaProxy.url(), - "is_local" => user.local, - "locked" => user.info.locked, - "default_scope" => user.info.default_scope, - "no_rich_text" => user.info.no_rich_text, - "hide_followers" => user.info.hide_followers, - "hide_follows" => user.info.hide_follows, - "fields" => fields, - - # Pleroma extension - "pleroma" => - %{ - "confirmation_pending" => user_info.confirmation_pending, - "tags" => user.tags - } - |> maybe_with_activation_status(user, for_user) - } + data = + %{ + "created_at" => user.inserted_at |> Utils.format_naive_asctime(), + "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), + "description_html" => HTML.filter_tags(user.bio, User.html_filter_policy(for_user)), + "favourites_count" => 0, + "followers_count" => user_info[:follower_count], + "following" => following, + "follows_you" => follows_you, + "statusnet_blocking" => statusnet_blocking, + "friends_count" => user_info[:following_count], + "id" => user.id, + "name" => user.name || user.nickname, + "name_html" => + if(user.name, + do: HTML.strip_tags(user.name) |> Formatter.emojify(emoji), + else: user.nickname + ), + "profile_image_url" => image, + "profile_image_url_https" => image, + "profile_image_url_profile_size" => image, + "profile_image_url_original" => image, + "screen_name" => user.nickname, + "statuses_count" => user_info[:note_count], + "statusnet_profile_url" => user.ap_id, + "cover_photo" => User.banner_url(user) |> MediaProxy.url(), + "background_image" => image_url(user.info.background) |> MediaProxy.url(), + "is_local" => user.local, + "locked" => user.info.locked, + "hide_followers" => user.info.hide_followers, + "hide_follows" => user.info.hide_follows, + "fields" => fields, + + # Pleroma extension + "pleroma" => + %{ + "confirmation_pending" => user_info.confirmation_pending, + "tags" => user.tags + } + |> maybe_with_activation_status(user, for_user) + } + |> maybe_with_user_settings(user, for_user) data = if(user.info.is_admin || user.info.is_moderator, @@ -141,15 +137,35 @@ defmodule Pleroma.Web.TwitterAPI.UserView do defp maybe_with_activation_status(data, _, _), do: data defp maybe_with_role(data, %User{id: id} = user, %User{id: id}) do - Map.merge(data, %{"role" => role(user), "show_role" => user.info.show_role}) + Map.merge(data, %{ + "role" => role(user), + "show_role" => user.info.show_role, + "rights" => %{ + "delete_others_notice" => !!user.info.is_moderator, + "admin" => !!user.info.is_admin + } + }) end defp maybe_with_role(data, %User{info: %{show_role: true}} = user, _user) do - Map.merge(data, %{"role" => role(user)}) + Map.merge(data, %{ + "role" => role(user), + "rights" => %{ + "delete_others_notice" => !!user.info.is_moderator, + "admin" => !!user.info.is_admin + } + }) end defp maybe_with_role(data, _, _), do: data + defp maybe_with_user_settings(data, %User{info: info, id: id} = _user, %User{id: id}) do + data + |> Kernel.put_in(["default_scope"], info.default_scope) + |> Kernel.put_in(["no_rich_text"], info.no_rich_text) + end + + defp maybe_with_user_settings(data, _, _), do: data defp role(%User{info: %{:is_admin => true}}), do: "admin" defp role(%User{info: %{:is_moderator => true}}), do: "moderator" defp role(_), do: "member" -- cgit v1.2.3 From 0fd0ffcd76eae85e962e2821ace9e9c273cbcac6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 24 Apr 2019 23:52:33 +0000 Subject: activitypub: transmogrifier: send reject follow if following does not succeed --- lib/pleroma/web/activity_pub/transmogrifier.ex | 34 +++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 52666a409..b1e859d7c 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -438,20 +438,46 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do with %User{local: true} = followed <- User.get_cached_by_ap_id(followed), %User{} = follower <- User.get_or_fetch_by_ap_id(follower), {:ok, activity} <- ActivityPub.follow(follower, followed, id, false) do - if not User.locked?(followed) do + with deny_follow_blocked <- Pleroma.Config.get([:user, :deny_follow_blocked]), + {:user_blocked, false} <- + {:user_blocked, User.blocks?(followed, follower) && deny_follow_blocked}, + {:user_locked, false} <- {:user_locked, User.locked?(followed)}, + {:follow, {:ok, follower}} <- {:follow, User.follow(follower, followed)} do ActivityPub.accept(%{ to: [follower.ap_id], actor: followed, object: data, local: true }) - - User.follow(follower, followed) + else + {:user_blocked, true} -> + {:ok, _} = Utils.update_follow_state(activity, "reject") + + ActivityPub.reject(%{ + to: [follower.ap_id], + actor: followed, + object: data, + local: true + }) + + {:follow, {:error, _}} -> + {:ok, _} = Utils.update_follow_state(activity, "reject") + + ActivityPub.reject(%{ + to: [follower.ap_id], + actor: followed, + object: data, + local: true + }) + + {:user_locked, true} -> + :noop end {:ok, activity} else - _e -> :error + _e -> + :error end end -- cgit v1.2.3 From 73d01857e3ff1737a4ea733a3f6c6419379ce8e8 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sun, 14 Apr 2019 19:45:56 +0700 Subject: bookmarks in separate table --- lib/pleroma/bookmark.ex | 53 ++++++++++++++++++++++ lib/pleroma/user.ex | 19 +------- .../web/mastodon_api/mastodon_api_controller.ex | 33 +++++++++++--- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 +- 4 files changed, 84 insertions(+), 25 deletions(-) create mode 100644 lib/pleroma/bookmark.ex (limited to 'lib') diff --git a/lib/pleroma/bookmark.ex b/lib/pleroma/bookmark.ex new file mode 100644 index 000000000..c5c3e078b --- /dev/null +++ b/lib/pleroma/bookmark.ex @@ -0,0 +1,53 @@ +defmodule Pleroma.Bookmark do + use Ecto.Schema + + import Ecto.Changeset + import Ecto.Query + + alias Pleroma.Activity + alias Pleroma.Bookmark + alias Pleroma.FlakeId + alias Pleroma.Repo + alias Pleroma.User + + @type t :: %__MODULE__{} + + schema "bookmarks" do + belongs_to(:user, User, type: FlakeId) + belongs_to(:activity, Activity, type: FlakeId) + + timestamps() + end + + @spec create(FlakeId.t(), FlakeId.t()) :: {:ok, Bookmark.t()} | {:error, Changeset.t()} + def create(user_id, activity_id) do + attrs = %{ + user_id: user_id, + activity_id: activity_id + } + + %Bookmark{} + |> cast(attrs, [:user_id, :activity_id]) + |> validate_required([:user_id, :activity_id]) + |> unique_constraint(:activity_id, name: :bookmarks_user_id_activity_id_index) + |> Repo.insert() + end + + @spec for_user_query(FlakeId.t()) :: Ecto.Query.t() + def for_user_query(user_id) do + Bookmark + |> where(user_id: ^user_id) + |> join(:inner, [b], activity in assoc(b, :activity)) + |> preload([b, a], activity: a) + end + + @spec destroy(FlakeId.t(), FlakeId.t()) :: {:ok, Bookmark.t()} | {:error, Changeset.t()} + def destroy(user_id, activity_id) do + from(b in Bookmark, + where: b.user_id == ^user_id, + where: b.activity_id == ^activity_id + ) + |> Repo.one() + |> Repo.delete() + end +end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f1feab279..c5b1ddc5d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -10,6 +10,7 @@ defmodule Pleroma.User do alias Comeonin.Pbkdf2 alias Pleroma.Activity + alias Pleroma.Bookmark alias Pleroma.Formatter alias Pleroma.Notification alias Pleroma.Object @@ -53,8 +54,8 @@ defmodule Pleroma.User do field(:search_rank, :float, virtual: true) field(:search_type, :integer, virtual: true) field(:tags, {:array, :string}, default: []) - field(:bookmarks, {:array, :string}, default: []) field(:last_refreshed_at, :naive_datetime_usec) + has_many(:bookmarks, Bookmark) has_many(:notifications, Notification) has_many(:registrations, Registration) embeds_one(:info, Pleroma.User.Info) @@ -1379,22 +1380,6 @@ defmodule Pleroma.User do updated_user end - def bookmark(%User{} = user, status_id) do - bookmarks = Enum.uniq(user.bookmarks ++ [status_id]) - update_bookmarks(user, bookmarks) - end - - def unbookmark(%User{} = user, status_id) do - bookmarks = Enum.uniq(user.bookmarks -- [status_id]) - update_bookmarks(user, bookmarks) - end - - def update_bookmarks(%User{} = user, bookmarks) do - user - |> change(%{bookmarks: bookmarks}) - |> update_and_set_cache - end - defp normalize_tags(tags) do [tags] |> List.flatten() diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 0ba8d9eea..a93aa6ad5 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do use Pleroma.Web, :controller alias Ecto.Changeset alias Pleroma.Activity + alias Pleroma.Bookmark alias Pleroma.Config alias Pleroma.Filter alias Pleroma.Notification @@ -279,6 +280,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.contain_timeline(user) |> Enum.reverse() + user = Repo.preload(user, :bookmarks) + conn |> add_link_headers(:home_timeline, activities) |> put_view(StatusView) @@ -297,6 +300,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.fetch_public_activities() |> Enum.reverse() + user = Repo.preload(user, :bookmarks) + conn |> add_link_headers(:public_timeline, activities, false, %{"local" => local_only}) |> put_view(StatusView) @@ -304,7 +309,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do - with %User{} = user <- User.get_cached_by_id(params["id"]) do + with %User{} = user <- User.get_cached_by_id(params["id"]), + reading_user <- Repo.preload(reading_user, :bookmarks) do activities = ActivityPub.fetch_user_activities(user, reading_user, params) conn @@ -331,6 +337,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.fetch_activities_query(params) |> Pagination.fetch_paginated(params) + user = Repo.preload(user, :bookmarks) + conn |> add_link_headers(:dm_timeline, activities) |> put_view(StatusView) @@ -548,7 +556,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do %Object{} = object <- Object.normalize(activity), %User{} = user <- User.get_cached_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), - {:ok, user} <- User.bookmark(user, object.data["id"]) do + {:ok, _bookmark} <- Bookmark.create(user.id, activity.id) do + user = Repo.preload(user, :bookmarks) + conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) @@ -560,7 +570,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do %Object{} = object <- Object.normalize(activity), %User{} = user <- User.get_cached_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), - {:ok, user} <- User.unbookmark(user, object.data["id"]) do + {:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do + user = Repo.preload(user, :bookmarks) + conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) @@ -1124,15 +1136,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def bookmarks(%{assigns: %{user: user}} = conn, _) do + def bookmarks(%{assigns: %{user: user}} = conn, params) do user = User.get_cached_by_id(user.id) + user = Repo.preload(user, :bookmarks) + + bookmarks = + Bookmark.for_user_query(user.id) + |> Pagination.fetch_paginated(params) activities = - user.bookmarks - |> Enum.map(fn id -> Activity.get_create_by_object_ap_id(id) end) - |> Enum.reverse() + bookmarks + |> Enum.map(fn b -> b.activity end) conn + |> add_link_headers(:bookmarks, bookmarks) |> put_view(StatusView) |> render("index.json", %{activities: activities, for: user, as: :activity}) end @@ -1238,6 +1255,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.fetch_activities_bounded(following, params) |> Enum.reverse() + user = Repo.preload(user, :bookmarks) + conn |> put_view(StatusView) |> render("index.json", %{activities: activities, for: user, as: :activity}) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 7dd80d708..b2ed023dc 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -148,7 +148,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do favorited = opts[:for] && opts[:for].ap_id in (object.data["likes"] || []) - bookmarked = opts[:for] && object.data["id"] in opts[:for].bookmarks + bookmarked = + opts[:for] && Ecto.assoc_loaded?(opts[:for].bookmarks) && + Enum.any?(opts[:for].bookmarks, fn b -> b.activity_id == activity.id end) attachment_data = object.data["attachment"] || [] attachments = render_many(attachment_data, StatusView, "attachment.json", as: :attachment) -- cgit v1.2.3 From 324c9c8ab54b7df59534f6a8160d4a20d5b79722 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sun, 14 Apr 2019 21:37:05 +0700 Subject: migrate user.bookmarks to separate table --- lib/pleroma/user.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index c5b1ddc5d..3831588f9 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -55,6 +55,8 @@ defmodule Pleroma.User do field(:search_type, :integer, virtual: true) field(:tags, {:array, :string}, default: []) field(:last_refreshed_at, :naive_datetime_usec) + # TODO: add migration to delete `bookmarks` field from DB + field(:old_bookmarks, {:array, :string}, default: [], source: :bookmarks) has_many(:bookmarks, Bookmark) has_many(:notifications, Notification) has_many(:registrations, Registration) -- cgit v1.2.3 From 1258128f4fede8122a3950051e52595e36ab0511 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sun, 14 Apr 2019 21:42:18 +0700 Subject: favourites add bookmark display --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index a93aa6ad5..4f8af32c3 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1093,6 +1093,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do ActivityPub.fetch_activities([], params) |> Enum.reverse() + user = Repo.preload(user, :bookmarks) + conn |> add_link_headers(:favourites, activities) |> put_view(StatusView) -- cgit v1.2.3 From 3c2ae800082f34206f95cee5fe23b5bf79ed7361 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 20 Apr 2019 14:41:42 +0700 Subject: unused --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 4f8af32c3..859cf9524 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -553,7 +553,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def bookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Activity.get_by_id_with_object(id), - %Object{} = object <- Object.normalize(activity), %User{} = user <- User.get_cached_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), {:ok, _bookmark} <- Bookmark.create(user.id, activity.id) do @@ -567,7 +566,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def unbookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Activity.get_by_id_with_object(id), - %Object{} = object <- Object.normalize(activity), %User{} = user <- User.get_cached_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), {:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do -- cgit v1.2.3 From 229ce6abbc1873c35a56450942c8aee0a027b6a8 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 22 Apr 2019 12:45:45 +0700 Subject: migration without using old field name removing old field from db, after bookmarks migration --- lib/pleroma/user.ex | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 3831588f9..c5b1ddc5d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -55,8 +55,6 @@ defmodule Pleroma.User do field(:search_type, :integer, virtual: true) field(:tags, {:array, :string}, default: []) field(:last_refreshed_at, :naive_datetime_usec) - # TODO: add migration to delete `bookmarks` field from DB - field(:old_bookmarks, {:array, :string}, default: [], source: :bookmarks) has_many(:bookmarks, Bookmark) has_many(:notifications, Notification) has_many(:registrations, Registration) -- cgit v1.2.3 From 85953c0836c84550c8f61218d0a5b284c0716d34 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 22 Apr 2019 16:16:19 +0700 Subject: fixes for tests --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 859cf9524..f5067e17e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -280,7 +280,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.contain_timeline(user) |> Enum.reverse() - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> add_link_headers(:home_timeline, activities) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index b2ed023dc..57cb9fdcc 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -85,7 +85,12 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do activity_object = Object.normalize(activity) favorited = opts[:for] && opts[:for].ap_id in (activity_object.data["likes"] || []) - bookmarked = opts[:for] && activity_object.data["id"] in opts[:for].bookmarks + + bookmarked = + opts[:for] && Ecto.assoc_loaded?(opts[:for].bookmarks) && + Enum.any?(opts[:for].bookmarks, fn b -> + b.activity_id == activity.id or b.activity.data["object"]["id"] == object + end) mentions = activity.recipients @@ -150,7 +155,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do bookmarked = opts[:for] && Ecto.assoc_loaded?(opts[:for].bookmarks) && - Enum.any?(opts[:for].bookmarks, fn b -> b.activity_id == activity.id end) + Enum.any?(opts[:for].bookmarks, fn b -> + b.activity_id == activity.id + end) attachment_data = object.data["attachment"] || [] attachments = render_many(attachment_data, StatusView, "attachment.json", as: :attachment) -- cgit v1.2.3 From a825056d4d9ef823fe45d49df01062d199518829 Mon Sep 17 00:00:00 2001 From: Alex S Date: Thu, 25 Apr 2019 14:09:57 +0700 Subject: test fixes --- .../web/mastodon_api/mastodon_api_controller.ex | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f5067e17e..fb11abf2d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -300,7 +300,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.fetch_public_activities() |> Enum.reverse() - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> add_link_headers(:public_timeline, activities, false, %{"local" => local_only}) @@ -337,7 +337,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.fetch_activities_query(params) |> Pagination.fetch_paginated(params) - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> add_link_headers(:dm_timeline, activities) @@ -348,6 +348,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Activity.get_by_id_with_object(id), true <- Visibility.visible_for_user?(activity, user) do + user = Repo.preload(user, bookmarks: :activity) + conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user}) @@ -497,6 +499,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user), %Activity{} = announce <- Activity.normalize(announce.data) do + user = Repo.preload(user, bookmarks: :activity) + conn |> put_view(StatusView) |> try_render("status.json", %{activity: announce, for: user, as: :activity}) @@ -506,6 +510,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def unreblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_by_object_ap_id_with_object(id) do + user = Repo.preload(user, bookmarks: :activity) + conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) @@ -556,7 +562,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do %User{} = user <- User.get_cached_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), {:ok, _bookmark} <- Bookmark.create(user.id, activity.id) do - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> put_view(StatusView) @@ -569,7 +575,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do %User{} = user <- User.get_cached_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), {:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> put_view(StatusView) @@ -1091,7 +1097,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do ActivityPub.fetch_activities([], params) |> Enum.reverse() - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> add_link_headers(:favourites, activities) @@ -1138,7 +1144,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def bookmarks(%{assigns: %{user: user}} = conn, params) do user = User.get_cached_by_id(user.id) - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) bookmarks = Bookmark.for_user_query(user.id) @@ -1255,7 +1261,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> ActivityPub.fetch_activities_bounded(following, params) |> Enum.reverse() - user = Repo.preload(user, :bookmarks) + user = Repo.preload(user, bookmarks: :activity) conn |> put_view(StatusView) -- cgit v1.2.3 From dfc8425659620d023540538ec943490cf523f434 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 25 Apr 2019 09:14:35 +0300 Subject: Move settings to Source subentity --- lib/pleroma/web/mastodon_api/views/account_view.ex | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 6e6f0ba93..779b9a382 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -113,7 +113,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do bot: bot, source: %{ note: "", - sensitive: false + sensitive: false, + pleroma: %{} }, # Pleroma extension @@ -145,8 +146,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do ) do data |> Kernel.put_in([:source, :privacy], user_info.default_scope) - |> Kernel.put_in([:pleroma, :show_role], user.info.show_role) - |> Kernel.put_in([:pleroma, :no_rich_text], user.info.no_rich_text) + |> Kernel.put_in([:source, :pleroma, :show_role], user.info.show_role) + |> Kernel.put_in([:source, :pleroma, :no_rich_text], user.info.no_rich_text) end defp maybe_put_settings(data, _, _, _), do: data -- cgit v1.2.3 From 24c3e2db2c6846073df80c124633dc851c20c107 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Apr 2019 18:11:47 -0500 Subject: Add mediaproxy whitelist capability --- lib/pleroma/web/media_proxy/media_proxy.ex | 50 ++++++++++++++++++------------ 1 file changed, 31 insertions(+), 19 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 3bd2affe9..5762e767b 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -13,32 +13,44 @@ defmodule Pleroma.Web.MediaProxy do def url(url) do config = Application.get_env(:pleroma, :media_proxy, []) + domain = URI.parse(url).host - if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) do - url - else - secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] - - # Must preserve `%2F` for compatibility with S3 - # https://git.pleroma.social/pleroma/pleroma/issues/580 - replacement = get_replacement(url, ":2F:") - - # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice. - base64 = + cond do + !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) -> url - |> String.replace("%2F", replacement) - |> URI.decode() - |> URI.encode() - |> String.replace(replacement, "%2F") - |> Base.url_encode64(@base64_opts) - sig = :crypto.hmac(:sha, secret, base64) - sig64 = sig |> Base.url_encode64(@base64_opts) + Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern -> + String.equivalent?(domain, pattern) + end) -> + url - build_url(sig64, base64, filename(url)) + true -> + encode_url(url) end end + def encode_url(url) do + secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] + + # Must preserve `%2F` for compatibility with S3 + # https://git.pleroma.social/pleroma/pleroma/issues/580 + replacement = get_replacement(url, ":2F:") + + # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice. + base64 = + url + |> String.replace("%2F", replacement) + |> URI.decode() + |> URI.encode() + |> String.replace(replacement, "%2F") + |> Base.url_encode64(@base64_opts) + + sig = :crypto.hmac(:sha, secret, base64) + sig64 = sig |> Base.url_encode64(@base64_opts) + + build_url(sig64, base64, filename(url)) + end + def decode_url(sig, url) do secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] sig = Base.url_decode64!(sig, @base64_opts) -- cgit v1.2.3 From 501af917b5a9611a4b1fabb4944b3af96b676568 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 26 Apr 2019 10:17:57 +0000 Subject: add support for bbcode --- lib/pleroma/web/common_api/utils.ex | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 887f878c4..1dfe50b40 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -182,6 +182,18 @@ defmodule Pleroma.Web.CommonAPI.Utils do end).() end + @doc """ + Formatting text as BBCode. + """ + def format_input(text, "text/bbcode", options) do + text + |> String.replace(~r/\r/, "") + |> Formatter.html_escape("text/plain") + |> BBCode.to_html() + |> (fn {:ok, html} -> html end).() + |> Formatter.linkify(options) + end + @doc """ Formatting text to html. """ -- cgit v1.2.3 From c3e9fcf098e4ec17a387fe264193dca4dda2dd77 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 27 Apr 2019 23:06:46 +0300 Subject: Fix bookmarks depending on embeded object and move checking if the status is bookmarked to SQL --- lib/pleroma/bookmark.ex | 7 +++++++ lib/pleroma/web/common_api/common_api.ex | 10 ++++++++++ lib/pleroma/web/mastodon_api/views/status_view.ex | 12 ++---------- 3 files changed, 19 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/bookmark.ex b/lib/pleroma/bookmark.ex index c5c3e078b..7f8fd43b6 100644 --- a/lib/pleroma/bookmark.ex +++ b/lib/pleroma/bookmark.ex @@ -41,6 +41,13 @@ defmodule Pleroma.Bookmark do |> preload([b, a], activity: a) end + def get(user_id, activity_id) do + Bookmark + |> where(user_id: ^user_id) + |> where(activity_id: ^activity_id) + |> Repo.one() + end + @spec destroy(FlakeId.t(), FlakeId.t()) :: {:ok, Bookmark.t()} | {:error, Changeset.t()} def destroy(user_id, activity_id) do from(b in Bookmark, diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index cfbc5dc10..ecd183110 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.CommonAPI do alias Pleroma.Activity + alias Pleroma.Bookmark alias Pleroma.Formatter alias Pleroma.Object alias Pleroma.ThreadMute @@ -282,6 +283,15 @@ defmodule Pleroma.Web.CommonAPI do end end + def bookmarked?(user, activity) do + with %Bookmark{} <- Bookmark.get(user.id, activity.id) do + true + else + _ -> + false + end + end + def report(user, data) do with {:account_id, %{"account_id" => account_id}} <- {:account_id, data}, {:account, %User{} = account} <- {:account, User.get_cached_by_id(account_id)}, diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 57cb9fdcc..62d064d71 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -86,11 +86,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do activity_object = Object.normalize(activity) favorited = opts[:for] && opts[:for].ap_id in (activity_object.data["likes"] || []) - bookmarked = - opts[:for] && Ecto.assoc_loaded?(opts[:for].bookmarks) && - Enum.any?(opts[:for].bookmarks, fn b -> - b.activity_id == activity.id or b.activity.data["object"]["id"] == object - end) + bookmarked = opts[:for] && CommonAPI.bookmarked?(opts[:for], reblogged_activity) mentions = activity.recipients @@ -153,11 +149,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do favorited = opts[:for] && opts[:for].ap_id in (object.data["likes"] || []) - bookmarked = - opts[:for] && Ecto.assoc_loaded?(opts[:for].bookmarks) && - Enum.any?(opts[:for].bookmarks, fn b -> - b.activity_id == activity.id - end) + bookmarked = opts[:for] && CommonAPI.bookmarked?(opts[:for], activity) attachment_data = object.data["attachment"] || [] attachments = render_many(attachment_data, StatusView, "attachment.json", as: :attachment) -- cgit v1.2.3 From ce3789e39ab0b63e634d583cbafbda7a9e4d7550 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 27 Apr 2019 23:55:54 +0300 Subject: Add default_scope to /api/v1/update_credentials --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 9179a2682..811a45c79 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -103,6 +103,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do {:ok, ControllerHelper.truthy_param?(value)} end) end) + |> add_if_present(params, "default_scope", :default_scope) |> add_if_present(params, "header", :banner, fn value -> with %Plug.Upload{} <- value, {:ok, object} <- ActivityPub.upload(value, type: :banner) do -- cgit v1.2.3 From 61ca2f7a4ed1bfa5b5ae4da5b28ca3c546b1e141 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 28 Apr 2019 19:42:43 +0300 Subject: Fix `rights` in TwitterAPI's user entity being present only for Admins/Moderators In !1093 I reused `maybe_with_role` for `rights` object, however I missed that `maybe_with_role` is called only for admins/moderators. --- lib/pleroma/web/twitter_api/views/user_view.ex | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 39b3f21c0..ea015b8f0 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -116,12 +116,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do |> maybe_with_activation_status(user, for_user) } |> maybe_with_user_settings(user, for_user) - - data = - if(user.info.is_admin || user.info.is_moderator, - do: maybe_with_role(data, user, for_user), - else: data - ) + |> maybe_with_role(user, for_user) if assigns[:token] do Map.put(data, "token", token_string(assigns[:token])) -- cgit v1.2.3 From b0951a884914a06d283b55ed65c6322e6e4d27ae Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 29 Apr 2019 18:15:30 +0200 Subject: WebPush: Use Object.normalize, rewrite tests so they test reality. --- lib/pleroma/web/push/impl.ex | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/push/impl.ex b/lib/pleroma/web/push/impl.ex index 2233480c5..35d3ff07c 100644 --- a/lib/pleroma/web/push/impl.ex +++ b/lib/pleroma/web/push/impl.ex @@ -21,8 +21,10 @@ defmodule Pleroma.Web.Push.Impl do @doc "Performs sending notifications for user subscriptions" @spec perform(Notification.t()) :: list(any) | :error def perform( - %{activity: %{data: %{"type" => activity_type}, id: activity_id}, user_id: user_id} = - notif + %{ + activity: %{data: %{"type" => activity_type}, id: activity_id} = activity, + user_id: user_id + } = notif ) when activity_type in @types do actor = User.get_cached_by_ap_id(notif.activity.data["actor"]) @@ -30,13 +32,14 @@ defmodule Pleroma.Web.Push.Impl do type = Activity.mastodon_notification_type(notif.activity) gcm_api_key = Application.get_env(:web_push_encryption, :gcm_api_key) avatar_url = User.avatar_url(actor) + object = Object.normalize(activity) for subscription <- fetch_subsriptions(user_id), get_in(subscription.data, ["alerts", type]) do %{ title: format_title(notif), access_token: subscription.token.token, - body: format_body(notif, actor), + body: format_body(notif, actor, object), notification_id: notif.id, notification_type: type, icon: avatar_url, @@ -95,25 +98,25 @@ defmodule Pleroma.Web.Push.Impl do end def format_body( - %{activity: %{data: %{"type" => "Create", "object" => %{"content" => content}}}}, - actor + %{activity: %{data: %{"type" => "Create"}}}, + actor, + %{data: %{"content" => content}} ) do "@#{actor.nickname}: #{Utils.scrub_html_and_truncate(content, 80)}" end def format_body( - %{activity: %{data: %{"type" => "Announce", "object" => activity_id}}}, - actor + %{activity: %{data: %{"type" => "Announce"}}}, + actor, + %{data: %{"content" => content}} ) do - %Activity{data: %{"object" => %{"id" => object_id}}} = Activity.get_by_ap_id(activity_id) - %Object{data: %{"content" => content}} = Object.get_by_ap_id(object_id) - "@#{actor.nickname} repeated: #{Utils.scrub_html_and_truncate(content, 80)}" end def format_body( %{activity: %{data: %{"type" => type}}}, - actor + actor, + _object ) when type in ["Follow", "Like"] do case type do -- cgit v1.2.3 From ce4825c1dc8a2b7ec2712170f45cde0ae14b46cf Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 30 Apr 2019 20:21:28 +0300 Subject: Do not normalize objects in stream_out unless the activity type is Create Saves quite a bit of time with delete activities because they would always query the db --- lib/pleroma/web/activity_pub/activity_pub.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 604ffae7b..483a2153f 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -168,7 +168,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do public = "https://www.w3.org/ns/activitystreams#Public" if activity.data["type"] in ["Create", "Announce", "Delete"] do - object = Object.normalize(activity) Pleroma.Web.Streamer.stream("user", activity) Pleroma.Web.Streamer.stream("list", activity) @@ -180,6 +179,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end if activity.data["type"] in ["Create"] do + object = Object.normalize(activity) + object.data |> Map.get("tag", []) |> Enum.filter(fn tag -> is_bitstring(tag) end) -- cgit v1.2.3 From 85fa2fbce4ee315a15b517fae4bc9b5474d1db5a Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Wed, 1 May 2019 01:37:17 +0545 Subject: add scrubber for html special char --- lib/pleroma/html.ex | 27 ++++++++++++++++++---- lib/pleroma/web/twitter_api/views/activity_view.ex | 2 +- 2 files changed, 23 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index cf6c0ee0a..eb33d12d9 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -28,12 +28,18 @@ defmodule Pleroma.HTML do def filter_tags(html), do: filter_tags(html, nil) def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags) - def get_cached_scrubbed_html_for_activity(content, scrubbers, activity, key \\ "") do + def get_cached_scrubbed_html_for_activity( + content, + scrubbers, + activity, + key \\ "", + callback \\ fn x -> x end + ) do key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}" Cachex.fetch!(:scrubber_cache, key, fn _key -> object = Pleroma.Object.normalize(activity) - ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false) + ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false, callback) end) end @@ -42,16 +48,27 @@ defmodule Pleroma.HTML do content, HtmlSanitizeEx.Scrubber.StripTags, activity, - key + key, + &HtmlEntities.decode/1 ) end def ensure_scrubbed_html( content, scrubbers, - false = _fake + fake, + callback ) do - {:commit, filter_tags(content, scrubbers)} + content = + content + |> filter_tags(scrubbers) + |> callback.() + + if fake do + {:ignore, content} + else + {:commit, content} + end end def ensure_scrubbed_html( diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 1007a2a48..c64152da8 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -289,7 +289,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "uri" => object.data["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlEntities.decode(text), + "text" => text, "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, -- cgit v1.2.3 From f11e7037c21d611cddd7f2eab64ebfc39630a078 Mon Sep 17 00:00:00 2001 From: Alex S Date: Wed, 1 May 2019 16:09:53 +0700 Subject: test fixes --- lib/mix/tasks/pleroma/user.ex | 2 +- lib/pleroma/user.ex | 18 +++++++++--------- .../web/activity_pub/activity_pub_controller.ex | 2 +- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- .../web/mastodon_api/mastodon_api_controller.ex | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index b396ff0de..9e2523b18 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -126,7 +126,7 @@ defmodule Mix.Tasks.Pleroma.User do proceed? = assume_yes? or Mix.shell().yes?("Continue?") - unless not proceed? do + if proceed? do Common.start_pleroma() params = %{ diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 755d8f773..1c62f238e 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -513,7 +513,7 @@ defmodule Pleroma.User do case user_result do {:ok, user} -> {:commit, user} - {:error, error} -> {:ignore, error} + {:error, _error} -> {:ignore, nil} end end) end @@ -563,7 +563,7 @@ defmodule Pleroma.User do {:ok, user} else - e -> {:error, e} + _e -> {:error, "not found " <> nickname} end end end @@ -1210,11 +1210,11 @@ defmodule Pleroma.User do case ap_try do {:ok, user} -> - user + {:ok, user} _ -> case OStatus.make_user(ap_id) do - {:ok, user} -> user + {:ok, user} -> {:ok, user} _ -> {:error, "Could not fetch by AP id"} end end @@ -1229,15 +1229,15 @@ defmodule Pleroma.User do # Whether to fetch initial posts for the user (if it's a new user & the fetching is enabled) should_fetch_initial = is_nil(user) and Pleroma.Config.get([:fetch_initial_posts, :enabled]) + resp = fetch_by_ap_id(ap_id) + if should_fetch_initial do - with {:ok, %User{} = user} = fetch_by_ap_id(ap_id) do + with {:ok, %User{} = user} = resp do {:ok, _} = Task.start(__MODULE__, :fetch_initial_posts, [user]) end - - {:ok, user} - else - _ -> {:error, "Could not fetch by AP id"} end + + resp end end diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 0b80566bf..c967ab7a9 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -155,7 +155,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do with %User{} = recipient <- User.get_cached_by_nickname(nickname), - %User{} = actor <- User.get_or_fetch_by_ap_id(params["actor"]), + {:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(params["actor"]), true <- Utils.recipient_in_message(recipient, actor, params), params <- Utils.maybe_splice_recipient(recipient.ap_id, params) do Federator.incoming_ap_doc(params) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 80317171d..b774c2afa 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -126,7 +126,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def fix_implicit_addressing(object, _), do: object def fix_addressing(object) do - %User{} = user = User.get_or_fetch_by_ap_id(object["actor"]) + {:ok, %User{} = user} = User.get_or_fetch_by_ap_id(object["actor"]) followers_collection = User.ap_followers(user) object diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 727e1c310..ed585098a 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1653,7 +1653,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do x, "id", case User.get_or_fetch(x["acct"]) do - {:ok, %User{} = %{id: id}} -> id + {:ok, %User{id: id}} -> id _ -> 0 end ) -- cgit v1.2.3 From 51e26f14f7fc342c23fe1fe643a1cf444ef9392b Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 1 May 2019 13:52:44 +0300 Subject: Remove redundant ensure_scrubbed_html It is never used as handling for fake and non-fake activities was merged into one function above it --- lib/pleroma/html.ex | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index eb33d12d9..726c370ad 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -71,14 +71,6 @@ defmodule Pleroma.HTML do end end - def ensure_scrubbed_html( - content, - scrubbers, - true = _fake - ) do - {:ignore, filter_tags(content, scrubbers)} - end - defp generate_scrubber_signature(scrubber) when is_atom(scrubber) do generate_scrubber_signature([scrubber]) end -- cgit v1.2.3 From c854bff8f528b4f1560707ac3aa74f4a37044f52 Mon Sep 17 00:00:00 2001 From: Maksim Date: Wed, 1 May 2019 13:28:04 +0000 Subject: Refactored Pleroma.Web.Auth.Authenticator --- lib/pleroma/web/auth/authenticator.ex | 26 ++++++++++++++++++ lib/pleroma/web/auth/ldap_authenticator.ex | 39 +++++++++++---------------- lib/pleroma/web/auth/pleroma_authenticator.ex | 15 ++++------- 3 files changed, 47 insertions(+), 33 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/auth/authenticator.ex b/lib/pleroma/web/auth/authenticator.ex index b02f595dc..d4e0ffa80 100644 --- a/lib/pleroma/web/auth/authenticator.ex +++ b/lib/pleroma/web/auth/authenticator.ex @@ -42,4 +42,30 @@ defmodule Pleroma.Web.Auth.Authenticator do implementation().oauth_consumer_template() || Pleroma.Config.get([:auth, :oauth_consumer_template], "consumer.html") end + + @doc "Gets user by nickname or email for auth." + @spec fetch_user(String.t()) :: User.t() | nil + def fetch_user(name) do + User.get_by_nickname_or_email(name) + end + + # Gets name and password from conn + # + @spec fetch_credentials(Plug.Conn.t() | map()) :: + {:ok, {name :: any, password :: any}} | {:error, :invalid_credentials} + def fetch_credentials(%Plug.Conn{params: params} = _), + do: fetch_credentials(params) + + def fetch_credentials(params) do + case params do + %{"authorization" => %{"name" => name, "password" => password}} -> + {:ok, {name, password}} + + %{"grant_type" => "password", "username" => name, "password" => password} -> + {:ok, {name, password}} + + _ -> + {:error, :invalid_credentials} + end + end end diff --git a/lib/pleroma/web/auth/ldap_authenticator.ex b/lib/pleroma/web/auth/ldap_authenticator.ex index 363c99597..177c05636 100644 --- a/lib/pleroma/web/auth/ldap_authenticator.ex +++ b/lib/pleroma/web/auth/ldap_authenticator.ex @@ -7,6 +7,9 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do require Logger + import Pleroma.Web.Auth.Authenticator, + only: [fetch_credentials: 1, fetch_user: 1] + @behaviour Pleroma.Web.Auth.Authenticator @base Pleroma.Web.Auth.PleromaAuthenticator @@ -20,30 +23,20 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do defdelegate oauth_consumer_template, to: @base def get_user(%Plug.Conn{} = conn) do - if Pleroma.Config.get([:ldap, :enabled]) do - {name, password} = - case conn.params do - %{"authorization" => %{"name" => name, "password" => password}} -> - {name, password} - - %{"grant_type" => "password", "username" => name, "password" => password} -> - {name, password} - end - - case ldap_user(name, password) do - %User{} = user -> - {:ok, user} + with {:ldap, true} <- {:ldap, Pleroma.Config.get([:ldap, :enabled])}, + {:ok, {name, password}} <- fetch_credentials(conn), + %User{} = user <- ldap_user(name, password) do + {:ok, user} + else + {:error, {:ldap_connection_error, _}} -> + # When LDAP is unavailable, try default authenticator + @base.get_user(conn) - {:error, {:ldap_connection_error, _}} -> - # When LDAP is unavailable, try default authenticator - @base.get_user(conn) + {:ldap, _} -> + @base.get_user(conn) - error -> - error - end - else - # Fall back to default authenticator - @base.get_user(conn) + error -> + error end end @@ -94,7 +87,7 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do case :eldap.simple_bind(connection, "#{uid}=#{name},#{base}", password) do :ok -> - case User.get_by_nickname_or_email(name) do + case fetch_user(name) do %User{} = user -> user diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index d647f1e05..dd79cdcf7 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -8,19 +8,14 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do alias Pleroma.Repo alias Pleroma.User + import Pleroma.Web.Auth.Authenticator, + only: [fetch_credentials: 1, fetch_user: 1] + @behaviour Pleroma.Web.Auth.Authenticator def get_user(%Plug.Conn{} = conn) do - {name, password} = - case conn.params do - %{"authorization" => %{"name" => name, "password" => password}} -> - {name, password} - - %{"grant_type" => "password", "username" => name, "password" => password} -> - {name, password} - end - - with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)}, + with {:ok, {name, password}} <- fetch_credentials(conn), + {_, %User{} = user} <- {:user, fetch_user(name)}, {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do {:ok, user} else -- cgit v1.2.3 From 533d8cd5816343ccfb6e26495124416e9808554c Mon Sep 17 00:00:00 2001 From: AkiraFukushima Date: Thu, 2 May 2019 21:04:00 +0900 Subject: Parse access_token from body parameters and URL parameters --- lib/pleroma/plugs/oauth_plug.ex | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex index 5888d596a..9d43732eb 100644 --- a/lib/pleroma/plugs/oauth_plug.ex +++ b/lib/pleroma/plugs/oauth_plug.ex @@ -16,6 +16,16 @@ defmodule Pleroma.Plugs.OAuthPlug do def call(%{assigns: %{user: %User{}}} = conn, _), do: conn + def call(%{params: %{"access_token" => access_token}} = conn, _) do + with {:ok, user, token_record} <- fetch_user_and_token(access_token) do + conn + |> assign(:token, token_record) + |> assign(:user, user) + else + _ -> conn + end + end + def call(conn, _) do with {:ok, token_str} <- fetch_token_str(conn), {:ok, user, token_record} <- fetch_user_and_token(token_str) do -- cgit v1.2.3 From 38b79461dfe6d14eb95799013b2fdd502e73245c Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 2 May 2019 22:19:14 +0300 Subject: Fix embeded relationships in Mastodon API Currently some endpoints render accounts without for user resulting in embedded relationship being empty. It causes bugs in followers/following tab in pleroma-fe but I fixed it for other endpoints as well just in case --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ed585098a..78dae1c64 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -704,7 +704,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def favourited_by(conn, %{"id" => id}) do + def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), %Object{data: %{"likes" => likes}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^likes) @@ -712,13 +712,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> put_view(AccountView) - |> render(AccountView, "accounts.json", %{users: users, as: :user}) + |> render(AccountView, "accounts.json", %{for: user, users: users, as: :user}) else _ -> json(conn, []) end end - def reblogged_by(conn, %{"id" => id}) do + def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^announces) @@ -726,7 +726,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> put_view(AccountView) - |> render("accounts.json", %{users: users, as: :user}) + |> render("accounts.json", %{for: user, users: users, as: :user}) else _ -> json(conn, []) end @@ -783,7 +783,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> add_link_headers(:followers, followers, user) |> put_view(AccountView) - |> render("accounts.json", %{users: followers, as: :user}) + |> render("accounts.json", %{for: for_user, users: followers, as: :user}) end end @@ -800,7 +800,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> add_link_headers(:following, followers, user) |> put_view(AccountView) - |> render("accounts.json", %{users: followers, as: :user}) + |> render("accounts.json", %{for: for_user, users: followers, as: :user}) end end @@ -808,7 +808,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do with {:ok, follow_requests} <- User.get_follow_requests(followed) do conn |> put_view(AccountView) - |> render("accounts.json", %{users: follow_requests, as: :user}) + |> render("accounts.json", %{for: followed, users: follow_requests, as: :user}) end end @@ -1235,7 +1235,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do {:ok, users} = Pleroma.List.get_following(list) do conn |> put_view(AccountView) - |> render("accounts.json", %{users: users, as: :user}) + |> render("accounts.json", %{for: user, users: users, as: :user}) end end -- cgit v1.2.3 From acb04306b6954aac8d66a74438d0e213d93a9046 Mon Sep 17 00:00:00 2001 From: feld Date: Fri, 3 May 2019 11:45:04 +0000 Subject: Standardize construction of websocket URL This follows up on the change made in d747bd98 --- lib/pleroma/plugs/http_security_plug.ex | 2 +- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index f701aaaa5..a476f1d49 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -35,7 +35,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do defp csp_string do scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] static_url = Pleroma.Web.Endpoint.static_url() - websocket_url = String.replace(static_url, "http", "ws") + websocket_url = Pleroma.Web.Endpoint.websocket_url() connect_src = "connect-src 'self' #{static_url} #{websocket_url}" diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ed585098a..201a21f50 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1295,8 +1295,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do initial_state = %{ meta: %{ - streaming_api_base_url: - String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), + streaming_api_base_url: Pleroma.Web.Endpoint.websocket_url(), access_token: token, locale: "en", domain: Pleroma.Web.Endpoint.host(), -- cgit v1.2.3 From 85b5c60694e07d3bfb1f885d5fda14be6b7bade9 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 7 Feb 2019 16:41:20 +0100 Subject: Pleroma.Formatter: width/height to class=emoji --- lib/pleroma/formatter.ex | 4 +--- lib/pleroma/html.ex | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index dab8910c1..0ec6bcee0 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -113,9 +113,7 @@ defmodule Pleroma.Formatter do html = if not strip do - "#{emoji}" + "#{emoji}" else "" end diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 726c370ad..d1da746de 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -151,6 +151,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do Meta.allow_tag_with_these_attributes("img", [ "width", "height", + "class", "title", "alt" ]) @@ -221,6 +222,7 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_these_attributes("img", [ "width", "height", + "class", "title", "alt" ]) -- cgit v1.2.3 From d70af32127bda1431bacad58e7c6516a2e652fcd Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Mon, 11 Feb 2019 23:47:32 +0100 Subject: Pleroma.User: remove emojify on parse_bio --- lib/pleroma/user.ex | 21 +++++++++------------ .../web/mastodon_api/mastodon_api_controller.ex | 2 +- 2 files changed, 10 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 1c62f238e..1741ce684 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -11,7 +11,6 @@ defmodule Pleroma.User do alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Bookmark - alias Pleroma.Formatter alias Pleroma.Notification alias Pleroma.Object alias Pleroma.Registration @@ -1331,18 +1330,15 @@ defmodule Pleroma.User do end end - def parse_bio(bio, user \\ %User{info: %{source_data: %{}}}) - def parse_bio(nil, _user), do: "" - def parse_bio(bio, _user) when bio == "", do: bio + def parse_bio(bio) when is_binary(bio) and bio != "" do + bio + |> CommonUtils.format_input("text/plain", mentions_format: :full) + |> elem(0) + end - def parse_bio(bio, user) do - emoji = - (user.info.source_data["tag"] || []) - |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end) - |> Enum.map(fn %{"icon" => %{"url" => url}, "name" => name} -> - {String.trim(name, ":"), url} - end) + def parse_bio(_), do: "" + def parse_bio(bio, user) when is_binary(bio) and bio != "" do # TODO: get profile URLs other than user.ap_id profile_urls = [user.ap_id] @@ -1352,9 +1348,10 @@ defmodule Pleroma.User do rel: &RelMe.maybe_put_rel_me(&1, profile_urls) ) |> elem(0) - |> Formatter.emojify(emoji) end + def parse_bio(_, _), do: "" + def tag(user_identifiers, tags) when is_list(user_identifiers) do Repo.transaction(fn -> for user_identifier <- user_identifiers, do: tag(user_identifier, tags) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 201a21f50..564dbb829 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -86,7 +86,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do user_params = %{} |> add_if_present(params, "display_name", :name) - |> add_if_present(params, "note", :bio, fn value -> {:ok, User.parse_bio(value)} end) + |> add_if_present(params, "note", :bio, fn value -> {:ok, User.parse_bio(value, user)} end) |> add_if_present(params, "avatar", :avatar, fn value -> with %Plug.Upload{} <- value, {:ok, object} <- ActivityPub.upload(value, type: :avatar) do -- cgit v1.2.3 From 2f76a40d028c45e99425b061298a1b05e4b59923 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 12 Feb 2019 14:59:34 +0100 Subject: formatter.ex: Add get_emoji_map/1 --- lib/pleroma/formatter.ex | 11 +++++++++++ lib/pleroma/user/info.ex | 1 + lib/pleroma/web/activity_pub/transmogrifier.ex | 14 ++++++++++++-- lib/pleroma/web/activity_pub/views/user_view.ex | 7 ++++++- lib/pleroma/web/common_api/common_api.ex | 9 +++------ lib/pleroma/web/twitter_api/twitter_api_controller.ex | 12 +++++++++++- 6 files changed, 44 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 0ec6bcee0..3d7c36d21 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -128,12 +128,23 @@ defmodule Pleroma.Formatter do def demojify(text, nil), do: text + @doc "Outputs a list of the emoji-shortcodes in a text" def get_emoji(text) when is_binary(text) do Enum.filter(Emoji.get_all(), fn {emoji, _, _} -> String.contains?(text, ":#{emoji}:") end) end def get_emoji(_), do: [] + @doc "Outputs a list of the emoji-Maps in a text" + def get_emoji_map(text) when is_binary(text) do + get_emoji(text) + |> Enum.reduce(%{}, fn {name, file, _group}, acc -> + Map.put(acc, name, "#{Pleroma.Web.Endpoint.static_url()}#{file}") + end) + end + + def get_emoji_map(_), do: [] + def html_escape({text, mentions, hashtags}, type) do {html_escape(text, type), mentions, hashtags} end diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index a3658d57f..1b81619ce 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -41,6 +41,7 @@ defmodule Pleroma.User.Info do field(:hide_favorites, :boolean, default: true) field(:pinned_activities, {:array, :string}, default: []) field(:flavour, :string, default: nil) + field(:emoji, {:array, :map}, default: []) field(:notification_settings, :map, default: %{"remote" => true, "local" => true, "followers" => true, "follows" => true} diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index b774c2afa..508f3532f 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -856,10 +856,16 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("tag", tags ++ mentions) end + def add_emoji_tags(%User{info: %{"emoji" => _emoji} = user_info} = object) do + user_info = add_emoji_tags(user_info) + + object + |> Map.put(:info, user_info) + end + # TODO: we should probably send mtime instead of unix epoch time for updated - def add_emoji_tags(object) do + def add_emoji_tags(%{"emoji" => emoji} = object) do tags = object["tag"] || [] - emoji = object["emoji"] || [] out = emoji @@ -877,6 +883,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("tag", tags ++ out) end + def add_emoji_tags(object) do + object + end + def set_conversation(object) do Map.put(object, "conversation", object["context"]) end diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 5926a3294..1254fdf6c 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -69,6 +69,11 @@ defmodule Pleroma.Web.ActivityPub.UserView do endpoints = render("endpoints.json", %{user: user}) + user_tags = + user + |> Transmogrifier.add_emoji_tags() + |> Map.get("tag", []) + %{ "id" => user.ap_id, "type" => "Person", @@ -87,7 +92,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "publicKeyPem" => public_key }, "endpoints" => endpoints, - "tag" => user.info.source_data["tag"] || [] + "tag" => (user.info.source_data["tag"] || []) ++ user_tags } |> Map.merge(maybe_make_image(&User.avatar_url/2, "icon", user)) |> Map.merge(maybe_make_image(&User.banner_url/2, "image", user)) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index ecd183110..b53869c75 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -151,8 +151,8 @@ defmodule Pleroma.Web.CommonAPI do ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), context <- make_context(in_reply_to), - cw <- data["spoiler_text"], - full_payload <- String.trim(status <> (data["spoiler_text"] || "")), + cw <- data["spoiler_text"] || "", + full_payload <- String.trim(status <> cw), length when length in 1..limit <- String.length(full_payload), object <- make_note_data( @@ -170,10 +170,7 @@ defmodule Pleroma.Web.CommonAPI do Map.put( object, "emoji", - (Formatter.get_emoji(status) ++ Formatter.get_emoji(data["spoiler_text"])) - |> Enum.reduce(%{}, fn {name, file, _}, acc -> - Map.put(acc, name, "#{Pleroma.Web.Endpoint.static_url()}#{file}") - end) + Formatter.get_emoji_map(full_payload) ) do res = ActivityPub.create( diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 79ed9dad2..261cc4462 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do alias Ecto.Changeset alias Pleroma.Activity + alias Pleroma.Formatter alias Pleroma.Notification alias Pleroma.Object alias Pleroma.Repo @@ -653,7 +654,16 @@ defmodule Pleroma.Web.TwitterAPI.Controller do defp parse_profile_bio(user, params) do if bio = params["description"] do - Map.put(params, "bio", User.parse_bio(bio, user)) + user_info = + user.info + |> Map.put( + "emojis", + Formatter.get_emoji_map(params["description"]) + ) + + params + |> Map.put("bio", User.parse_bio(bio, user)) + |> Map.put("info", user_info) else params end -- cgit v1.2.3 From 85434669bb0d363528b738a6d32dd9ce18401065 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 22 Feb 2019 22:35:47 +0100 Subject: Web.TwitterAPI.UserView: Also view local user emojis --- lib/pleroma/web/twitter_api/views/user_view.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index ea015b8f0..6857055c9 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -67,6 +67,8 @@ defmodule Pleroma.Web.TwitterAPI.UserView do {String.trim(name, ":"), url} end) + emoji = Enum.dedup(emoji ++ user.info.emoji) + # ``fields`` is an array of mastodon profile field, containing ``{"name": "…", "value": "…"}``. # For example: [{"name": "Pronoun", "value": "she/her"}, …] fields = -- cgit v1.2.3 From 46bbf9e1cff4e00f2fbd95dcc21c038d7d686b86 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 23 Feb 2019 00:09:11 +0100 Subject: TwitterAPI: profile update with emoji_map --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 10 ++++++++-- lib/pleroma/web/twitter_api/views/user_view.ex | 7 ++++++- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 261cc4462..ef7b6fe65 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -654,11 +654,17 @@ defmodule Pleroma.Web.TwitterAPI.Controller do defp parse_profile_bio(user, params) do if bio = params["description"] do + emojis_text = (params["description"] || "") <> " " <> (params["name"] || "") + + emojis = + ((user.info.emoji || []) ++ Formatter.get_emoji_map(emojis_text)) + |> Enum.dedup() + user_info = user.info |> Map.put( - "emojis", - Formatter.get_emoji_map(params["description"]) + "emoji", + emojis ) params diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 6857055c9..f0a4ddbd3 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -69,6 +69,11 @@ defmodule Pleroma.Web.TwitterAPI.UserView do emoji = Enum.dedup(emoji ++ user.info.emoji) + description_html = + (user.bio || "") + |> HTML.filter_tags(User.html_filter_policy(for_user)) + |> Formatter.emojify(emoji) + # ``fields`` is an array of mastodon profile field, containing ``{"name": "…", "value": "…"}``. # For example: [{"name": "Pronoun", "value": "she/her"}, …] fields = @@ -80,7 +85,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), - "description_html" => HTML.filter_tags(user.bio, User.html_filter_policy(for_user)), + "description_html" => description_html, "favourites_count" => 0, "followers_count" => user_info[:follower_count], "following" => following, -- cgit v1.2.3 From b5ad1715b2d4a2a5bdaefa2d56bde71120d23acb Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 23 Feb 2019 00:57:42 +0100 Subject: MastoAPI: profile update with emoji_map --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 564dbb829..0840c2c5a 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Bookmark alias Pleroma.Config alias Pleroma.Filter + alias Pleroma.Formatter alias Pleroma.Notification alias Pleroma.Object alias Pleroma.Object.Fetcher @@ -96,6 +97,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end) + emojis_text = (user_params["display_name"] || "") <> (user_params["note"] || "") + + user_info_emojis = + ((user.info.emoji || []) ++ Formatter.get_emoji_map(emojis_text)) + |> Enum.dedup() + info_params = [:no_rich_text, :locked, :hide_followers, :hide_follows, :hide_favorites, :show_role] |> Enum.reduce(%{}, fn key, acc -> @@ -112,6 +119,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do _ -> :error end end) + |> Map.put(:emoji, user_info_emojis) info_cng = User.Info.profile_update(user.info, info_params) -- cgit v1.2.3 From 0e37fddd5abad5db0378c8186513fbba0fbd6586 Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 3 May 2019 19:15:55 +0200 Subject: Search: Add fts index on objects table. --- lib/mix/tasks/benchmark.ex | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 lib/mix/tasks/benchmark.ex (limited to 'lib') diff --git a/lib/mix/tasks/benchmark.ex b/lib/mix/tasks/benchmark.ex new file mode 100644 index 000000000..0fbb4dbb1 --- /dev/null +++ b/lib/mix/tasks/benchmark.ex @@ -0,0 +1,25 @@ +defmodule Mix.Tasks.Pleroma.Benchmark do + use Mix.Task + alias Mix.Tasks.Pleroma.Common + + def run(["search"]) do + Common.start_pleroma() + + Benchee.run(%{ + "search" => fn -> + Pleroma.Web.MastodonAPI.MastodonAPIController.status_search(nil, "cofe") + end + }) + end + + def run(["tag"]) do + Common.start_pleroma() + + Benchee.run(%{ + "tag" => fn -> + %{"type" => "Create", "tag" => "cofe"} + |> Pleroma.Web.ActivityPub.ActivityPub.fetch_public_activities() + end + }) + end +end -- cgit v1.2.3 From 4c76f49e60287e6618f87a2bae3e0d4e8c444895 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 4 May 2019 15:06:18 +0200 Subject: BBS: small fixes. --- lib/pleroma/bbs/handler.ex | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index 1ebba77d2..75ba35dc2 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -1,12 +1,8 @@ defmodule Pleroma.BBS.Handler do - @moduledoc """ - An example implementation of `Sshd.ShellHandler`, implementing a very simple - Read-Eval-Loop, that does nothing. - """ use Sshd.ShellHandler + alias Pleroma.Activity alias Pleroma.Web.CommonAPI alias Pleroma.Web.ActivityPub.ActivityPub - alias Pleroma.Activity def on_shell(username, _pubkey, _ip, _port) do :ok = IO.puts("Welcome to #{Pleroma.Config.get([:instance, :name])}!") -- cgit v1.2.3 From c9d1cb2dcefb850357b953a7a2d308de39b35e07 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 4 May 2019 15:08:07 +0200 Subject: BBS: Use cached user fetcher. --- lib/pleroma/bbs/handler.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index 75ba35dc2..14e6a6807 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -6,7 +6,7 @@ defmodule Pleroma.BBS.Handler do def on_shell(username, _pubkey, _ip, _port) do :ok = IO.puts("Welcome to #{Pleroma.Config.get([:instance, :name])}!") - user = Pleroma.User.get_by_nickname(to_string(username)) + user = Pleroma.User.get_cached_by_nickname(to_string(username)) Logger.debug("#{inspect(user)}") loop(run_state(user: user)) end -- cgit v1.2.3 From eb0fb73ddbed109ca4dcd758b60a25ff0dafc883 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 4 May 2019 15:47:50 +0200 Subject: BBS: Credo fixes. --- lib/pleroma/bbs/handler.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index 14e6a6807..106fe5d18 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -1,8 +1,8 @@ defmodule Pleroma.BBS.Handler do use Sshd.ShellHandler alias Pleroma.Activity - alias Pleroma.Web.CommonAPI alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.CommonAPI def on_shell(username, _pubkey, _ip, _port) do :ok = IO.puts("Welcome to #{Pleroma.Config.get([:instance, :name])}!") -- cgit v1.2.3 From ce6ca0fefe7feb1c31447287aec117d40233652a Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 6 May 2019 16:45:22 +0000 Subject: Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into feature/845-improve-status-deletion --- lib/mix/tasks/pleroma/user.ex | 4 +-- lib/pleroma/activity.ex | 7 +++++ lib/pleroma/user.ex | 30 +++++++++++++--------- lib/pleroma/user_invite_token.ex | 2 +- .../web/twitter_api/controllers/util_controller.ex | 2 +- 5 files changed, 29 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 9e2523b18..6a83a8c0d 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -163,7 +163,7 @@ defmodule Mix.Tasks.Pleroma.User do Common.start_pleroma() with %User{local: true} = user <- User.get_cached_by_nickname(nickname) do - User.delete(user) + User.perform(:delete, user) Mix.shell().info("User #{nickname} deleted.") else _ -> @@ -380,7 +380,7 @@ defmodule Mix.Tasks.Pleroma.User do Common.start_pleroma() with %User{local: true} = user <- User.get_cached_by_nickname(nickname) do - User.delete_user_activities(user) + {:ok, _} = User.delete_user_activities(user) Mix.shell().info("User #{nickname} statuses deleted.") else _ -> diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 4a2ded518..73e63bb14 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -14,6 +14,8 @@ defmodule Pleroma.Activity do import Ecto.Query @type t :: %__MODULE__{} + @type actor :: String.t() + @primary_key {:id, Pleroma.FlakeId, autogenerate: true} # https://github.com/tootsuite/mastodon/blob/master/app/models/notification.rb#L19 @@ -260,4 +262,9 @@ defmodule Pleroma.Activity do |> where([s], s.actor == ^actor) |> Repo.all() end + + @spec query_by_actor(actor()) :: Ecto.Query.t() + def query_by_actor(actor) do + from(a in Activity, where: a.actor == ^actor) + end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 1741ce684..fd2ce81ad 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1164,7 +1164,12 @@ defmodule Pleroma.User do |> update_and_set_cache() end - def delete(%User{} = user) do + @spec delete(User.t()) :: :ok + def delete(%User{} = user), + do: PleromaJobQueue.enqueue(:background, __MODULE__, [:delete, user]) + + @spec perform(atom(), User.t()) :: {:ok, User.t()} + def perform(:delete, %User{} = user) do {:ok, user} = User.deactivate(user) # Remove all relationships @@ -1180,22 +1185,23 @@ defmodule Pleroma.User do end def delete_user_activities(%User{ap_id: ap_id} = user) do - Activity - |> where(actor: ^ap_id) - |> Activity.with_preloaded_object() - |> Repo.all() - |> Enum.each(fn - %{data: %{"type" => "Create"}} = activity -> - activity |> Object.normalize() |> ActivityPub.delete() + stream = + ap_id + |> Activity.query_by_actor() + |> Activity.with_preloaded_object() + |> Repo.stream() - # TODO: Do something with likes, follows, repeats. - _ -> - "Doing nothing" - end) + Repo.transaction(fn -> Enum.each(stream, &delete_activity(&1)) end, timeout: :infinity) {:ok, user} end + defp delete_activity(%{data: %{"type" => "Create"}} = activity) do + Object.normalize(activity) |> ActivityPub.delete() + end + + defp delete_activity(_activity), do: "Doing nothing" + def html_filter_policy(%User{info: %{no_rich_text: true}}) do Pleroma.HTML.Scrubber.TwitterText end diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index 86f0a5486..fadc89891 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -24,7 +24,7 @@ defmodule Pleroma.UserInviteToken do timestamps() end - @spec create_invite(map()) :: UserInviteToken.t() + @spec create_invite(map()) :: {:ok, UserInviteToken.t()} def create_invite(params \\ %{}) do %UserInviteToken{} |> cast(params, [:max_use, :expires_at]) diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 1122e6c5d..c03f8ab3a 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -352,7 +352,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do def delete_account(%{assigns: %{user: user}} = conn, params) do case CommonAPI.Utils.confirm_current_password(user, params["password"]) do {:ok, user} -> - Task.start(fn -> User.delete(user) end) + User.delete(user) json(conn, %{status: "success"}) {:error, msg} -> -- cgit v1.2.3 From 1040caf096347b638b9fda5b23fcccde87b32ede Mon Sep 17 00:00:00 2001 From: Maksim Date: Mon, 6 May 2019 17:51:03 +0000 Subject: fix format Modified-by: Maksim Pechnikov --- lib/pleroma/repo.ex | 28 ++++ lib/pleroma/web/oauth/app.ex | 1 + lib/pleroma/web/oauth/authorization.ex | 8 ++ lib/pleroma/web/oauth/oauth_controller.ex | 159 ++++++++++++--------- lib/pleroma/web/oauth/token.ex | 81 ++++++++--- .../web/oauth/token/strategy/refresh_token.ex | 54 +++++++ lib/pleroma/web/oauth/token/strategy/revoke.ex | 22 +++ lib/pleroma/web/oauth/token/utils.ex | 30 ++++ 8 files changed, 296 insertions(+), 87 deletions(-) create mode 100644 lib/pleroma/web/oauth/token/strategy/refresh_token.ex create mode 100644 lib/pleroma/web/oauth/token/strategy/revoke.ex create mode 100644 lib/pleroma/web/oauth/token/utils.ex (limited to 'lib') diff --git a/lib/pleroma/repo.ex b/lib/pleroma/repo.ex index aa5d427ae..f57e088bc 100644 --- a/lib/pleroma/repo.ex +++ b/lib/pleroma/repo.ex @@ -19,4 +19,32 @@ defmodule Pleroma.Repo do def init(_, opts) do {:ok, Keyword.put(opts, :url, System.get_env("DATABASE_URL"))} end + + @doc "find resource based on prepared query" + @spec find_resource(Ecto.Query.t()) :: {:ok, struct()} | {:error, :not_found} + def find_resource(%Ecto.Query{} = query) do + case __MODULE__.one(query) do + nil -> {:error, :not_found} + resource -> {:ok, resource} + end + end + + def find_resource(_query), do: {:error, :not_found} + + @doc """ + Gets association from cache or loads if need + + ## Examples + + iex> Repo.get_assoc(token, :user) + %User{} + + """ + @spec get_assoc(struct(), atom()) :: {:ok, struct()} | {:error, :not_found} + def get_assoc(resource, association) do + case __MODULE__.preload(resource, association) do + %{^association => assoc} when not is_nil(assoc) -> {:ok, assoc} + _ -> {:error, :not_found} + end + end end diff --git a/lib/pleroma/web/oauth/app.ex b/lib/pleroma/web/oauth/app.ex index 3476da484..bccc2ac96 100644 --- a/lib/pleroma/web/oauth/app.ex +++ b/lib/pleroma/web/oauth/app.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Web.OAuth.App do use Ecto.Schema import Ecto.Changeset + @type t :: %__MODULE__{} schema "apps" do field(:client_name, :string) field(:redirect_uris, :string) diff --git a/lib/pleroma/web/oauth/authorization.ex b/lib/pleroma/web/oauth/authorization.ex index 3461f9983..ca3901cc4 100644 --- a/lib/pleroma/web/oauth/authorization.ex +++ b/lib/pleroma/web/oauth/authorization.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.OAuth.Authorization do import Ecto.Changeset import Ecto.Query + @type t :: %__MODULE__{} schema "oauth_authorizations" do field(:token, :string) field(:scopes, {:array, :string}, default: []) @@ -63,4 +64,11 @@ defmodule Pleroma.Web.OAuth.Authorization do ) |> Repo.delete_all() end + + @doc "gets auth for app by token" + @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found} + def get_by_token(%App{id: app_id} = _app, token) do + from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token) + |> Repo.find_resource() + end end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 688eaca11..e3c01217d 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -13,11 +13,15 @@ defmodule Pleroma.Web.OAuth.OAuthController do alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.OAuth.Token.Strategy.RefreshToken + alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2] if Pleroma.Config.oauth_consumer_enabled?(), do: plug(Ueberauth) + @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600) + plug(:fetch_session) plug(:fetch_flash) @@ -138,25 +142,33 @@ defmodule Pleroma.Web.OAuth.OAuthController do Authenticator.handle_error(conn, error) end + @doc "Renew access_token with refresh_token" + def token_exchange( + conn, + %{"grant_type" => "refresh_token", "refresh_token" => token} = params + ) do + with %App{} = app <- get_app_from_request(conn, params), + {:ok, %{user: user} = token} <- Token.get_by_refresh_token(app, token), + {:ok, token} <- RefreshToken.grant(token) do + response_attrs = %{created_at: Token.Utils.format_created_at(token)} + + json(conn, response_token(user, token, response_attrs)) + else + _error -> + put_status(conn, 400) + |> json(%{error: "Invalid credentials"}) + end + end + def token_exchange(conn, %{"grant_type" => "authorization_code"} = params) do with %App{} = app <- get_app_from_request(conn, params), - fixed_token = fix_padding(params["code"]), - %Authorization{} = auth <- - Repo.get_by(Authorization, token: fixed_token, app_id: app.id), + fixed_token = Token.Utils.fix_padding(params["code"]), + {:ok, auth} <- Authorization.get_by_token(app, fixed_token), %User{} = user <- User.get_cached_by_id(auth.user_id), - {:ok, token} <- Token.exchange_token(app, auth), - {:ok, inserted_at} <- DateTime.from_naive(token.inserted_at, "Etc/UTC") do - response = %{ - token_type: "Bearer", - access_token: token.token, - refresh_token: token.refresh_token, - created_at: DateTime.to_unix(inserted_at), - expires_in: 60 * 10, - scope: Enum.join(token.scopes, " "), - me: user.ap_id - } - - json(conn, response) + {:ok, token} <- Token.exchange_token(app, auth) do + response_attrs = %{created_at: Token.Utils.format_created_at(token)} + + json(conn, response_token(user, token, response_attrs)) else _error -> put_status(conn, 400) @@ -177,16 +189,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do true <- Enum.any?(scopes), {:ok, auth} <- Authorization.create_authorization(app, user, scopes), {:ok, token} <- Token.exchange_token(app, auth) do - response = %{ - token_type: "Bearer", - access_token: token.token, - refresh_token: token.refresh_token, - expires_in: 60 * 10, - scope: Enum.join(token.scopes, " "), - me: user.ap_id - } - - json(conn, response) + json(conn, response_token(user, token)) else {:auth_active, false} -> # Per https://github.com/tootsuite/mastodon/blob/ @@ -218,10 +221,12 @@ defmodule Pleroma.Web.OAuth.OAuthController do token_exchange(conn, params) end - def token_revoke(conn, %{"token" => token} = params) do + # Bad request + def token_exchange(conn, params), do: bad_request(conn, params) + + def token_revoke(conn, %{"token" => _token} = params) do with %App{} = app <- get_app_from_request(conn, params), - %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id), - {:ok, %Token{}} <- Repo.delete(token) do + {:ok, _token} <- RevokeToken.revoke(app, params) do json(conn, %{}) else _error -> @@ -230,6 +235,15 @@ defmodule Pleroma.Web.OAuth.OAuthController do end end + def token_revoke(conn, params), do: bad_request(conn, params) + + # Response for bad request + defp bad_request(conn, _) do + conn + |> put_status(500) + |> json(%{error: "Bad request"}) + end + @doc "Prepares OAuth request to provider for Ueberauth" def prepare_request(conn, %{"provider" => provider, "authorization" => auth_attrs}) do scope = @@ -278,25 +292,22 @@ defmodule Pleroma.Web.OAuth.OAuthController do params = callback_params(params) with {:ok, registration} <- Authenticator.get_registration(conn) do - user = Repo.preload(registration, :user).user auth_attrs = Map.take(params, ~w(client_id redirect_uri scope scopes state)) - if user do - create_authorization( - conn, - %{"authorization" => auth_attrs}, - user: user - ) - else - registration_params = - Map.merge(auth_attrs, %{ - "nickname" => Registration.nickname(registration), - "email" => Registration.email(registration) - }) + case Repo.get_assoc(registration, :user) do + {:ok, user} -> + create_authorization(conn, %{"authorization" => auth_attrs}, user: user) - conn - |> put_session(:registration_id, registration.id) - |> registration_details(%{"authorization" => registration_params}) + _ -> + registration_params = + Map.merge(auth_attrs, %{ + "nickname" => Registration.nickname(registration), + "email" => Registration.email(registration) + }) + + conn + |> put_session(:registration_id, registration.id) + |> registration_details(%{"authorization" => registration_params}) end else _ -> @@ -399,36 +410,30 @@ defmodule Pleroma.Web.OAuth.OAuthController do end end - # XXX - for whatever reason our token arrives urlencoded, but Plug.Conn should be - # decoding it. Investigate sometime. - defp fix_padding(token) do - token - |> URI.decode() - |> Base.url_decode64!(padding: false) - |> Base.url_encode64(padding: false) + defp get_app_from_request(conn, params) do + conn + |> fetch_client_credentials(params) + |> fetch_client end - defp get_app_from_request(conn, params) do - # Per RFC 6749, HTTP Basic is preferred to body params - {client_id, client_secret} = - with ["Basic " <> encoded] <- get_req_header(conn, "authorization"), - {:ok, decoded} <- Base.decode64(encoded), - [id, secret] <- - String.split(decoded, ":") - |> Enum.map(fn s -> URI.decode_www_form(s) end) do - {id, secret} - else - _ -> {params["client_id"], params["client_secret"]} - end + defp fetch_client({id, secret}) when is_binary(id) and is_binary(secret) do + Repo.get_by(App, client_id: id, client_secret: secret) + end - if client_id && client_secret do - Repo.get_by( - App, - client_id: client_id, - client_secret: client_secret - ) + defp fetch_client({_id, _secret}), do: nil + + defp fetch_client_credentials(conn, params) do + # Per RFC 6749, HTTP Basic is preferred to body params + with ["Basic " <> encoded] <- get_req_header(conn, "authorization"), + {:ok, decoded} <- Base.decode64(encoded), + [id, secret] <- + Enum.map( + String.split(decoded, ":"), + fn s -> URI.decode_www_form(s) end + ) do + {id, secret} else - nil + _ -> {params["client_id"], params["client_secret"]} end end @@ -441,4 +446,16 @@ defmodule Pleroma.Web.OAuth.OAuthController do defp put_session_registration_id(conn, registration_id), do: put_session(conn, :registration_id, registration_id) + + defp response_token(%User{} = user, token, opts \\ %{}) do + %{ + token_type: "Bearer", + access_token: token.token, + refresh_token: token.refresh_token, + expires_in: @expires_in, + scope: Enum.join(token.scopes, " "), + me: user.ap_id + } + |> Map.merge(opts) + end end diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index 399140003..4e5d1d118 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Web.OAuth.Token do use Ecto.Schema import Ecto.Query + import Ecto.Changeset alias Pleroma.Repo alias Pleroma.User @@ -13,6 +14,9 @@ defmodule Pleroma.Web.OAuth.Token do alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token + @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600) + @type t :: %__MODULE__{} + schema "oauth_tokens" do field(:token, :string) field(:refresh_token, :string) @@ -24,28 +28,67 @@ defmodule Pleroma.Web.OAuth.Token do timestamps() end + @doc "Gets token for app by access token" + @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found} + def get_by_token(%App{id: app_id} = _app, token) do + from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token) + |> Repo.find_resource() + end + + @doc "Gets token for app by refresh token" + @spec get_by_refresh_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found} + def get_by_refresh_token(%App{id: app_id} = _app, token) do + from(t in __MODULE__, + where: t.app_id == ^app_id and t.refresh_token == ^token, + preload: [:user] + ) + |> Repo.find_resource() + end + def exchange_token(app, auth) do with {:ok, auth} <- Authorization.use_token(auth), true <- auth.app_id == app.id do - create_token(app, User.get_cached_by_id(auth.user_id), auth.scopes) + create_token( + app, + User.get_cached_by_id(auth.user_id), + %{scopes: auth.scopes} + ) end end - def create_token(%App{} = app, %User{} = user, scopes \\ nil) do - scopes = scopes || app.scopes - token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) - refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) - - token = %Token{ - token: token, - refresh_token: refresh_token, - scopes: scopes, - user_id: user.id, - app_id: app.id, - valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10) - } - - Repo.insert(token) + defp put_token(changeset) do + changeset + |> change(%{token: Token.Utils.generate_token()}) + |> validate_required([:token]) + |> unique_constraint(:token) + end + + defp put_refresh_token(changeset, attrs) do + refresh_token = Map.get(attrs, :refresh_token, Token.Utils.generate_token()) + + changeset + |> change(%{refresh_token: refresh_token}) + |> validate_required([:refresh_token]) + |> unique_constraint(:refresh_token) + end + + defp put_valid_until(changeset, attrs) do + expires_in = + Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), @expires_in)) + + changeset + |> change(%{valid_until: expires_in}) + |> validate_required([:valid_until]) + end + + def create_token(%App{} = app, %User{} = user, attrs \\ %{}) do + %__MODULE__{user_id: user.id, app_id: app.id} + |> cast(%{scopes: attrs[:scopes] || app.scopes}, [:scopes]) + |> validate_required([:scopes, :user_id, :app_id]) + |> put_valid_until(attrs) + |> put_token + |> put_refresh_token(attrs) + |> Repo.insert() end def delete_user_tokens(%User{id: user_id}) do @@ -73,4 +116,10 @@ defmodule Pleroma.Web.OAuth.Token do |> Repo.all() |> Repo.preload(:app) end + + def is_expired?(%__MODULE__{valid_until: valid_until}) do + NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0 + end + + def is_expired?(_), do: false end diff --git a/lib/pleroma/web/oauth/token/strategy/refresh_token.ex b/lib/pleroma/web/oauth/token/strategy/refresh_token.ex new file mode 100644 index 000000000..7df0be14e --- /dev/null +++ b/lib/pleroma/web/oauth/token/strategy/refresh_token.ex @@ -0,0 +1,54 @@ +defmodule Pleroma.Web.OAuth.Token.Strategy.RefreshToken do + @moduledoc """ + Functions for dealing with refresh token strategy. + """ + + alias Pleroma.Config + alias Pleroma.Repo + alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.OAuth.Token.Strategy.Revoke + + @doc """ + Will grant access token by refresh token. + """ + @spec grant(Token.t()) :: {:ok, Token.t()} | {:error, any()} + def grant(token) do + access_token = Repo.preload(token, [:user, :app]) + + result = + Repo.transaction(fn -> + token_params = %{ + app: access_token.app, + user: access_token.user, + scopes: access_token.scopes + } + + access_token + |> revoke_access_token() + |> create_access_token(token_params) + end) + + case result do + {:ok, {:error, reason}} -> {:error, reason} + {:ok, {:ok, token}} -> {:ok, token} + {:error, reason} -> {:error, reason} + end + end + + defp revoke_access_token(token) do + Revoke.revoke(token) + end + + defp create_access_token({:error, error}, _), do: {:error, error} + + defp create_access_token({:ok, token}, %{app: app, user: user} = token_params) do + Token.create_token(app, user, add_refresh_token(token_params, token.refresh_token)) + end + + defp add_refresh_token(params, token) do + case Config.get([:oauth2, :issue_new_refresh_token], false) do + true -> Map.put(params, :refresh_token, token) + false -> params + end + end +end diff --git a/lib/pleroma/web/oauth/token/strategy/revoke.ex b/lib/pleroma/web/oauth/token/strategy/revoke.ex new file mode 100644 index 000000000..dea63ca54 --- /dev/null +++ b/lib/pleroma/web/oauth/token/strategy/revoke.ex @@ -0,0 +1,22 @@ +defmodule Pleroma.Web.OAuth.Token.Strategy.Revoke do + @moduledoc """ + Functions for dealing with revocation. + """ + + alias Pleroma.Repo + alias Pleroma.Web.OAuth.App + alias Pleroma.Web.OAuth.Token + + @doc "Finds and revokes access token for app and by token" + @spec revoke(App.t(), map()) :: {:ok, Token.t()} | {:error, :not_found | Ecto.Changeset.t()} + def revoke(%App{} = app, %{"token" => token} = _attrs) do + with {:ok, token} <- Token.get_by_token(app, token), + do: revoke(token) + end + + @doc "Revokes access token" + @spec revoke(Token.t()) :: {:ok, Token.t()} | {:error, Ecto.Changeset.t()} + def revoke(%Token{} = token) do + Repo.delete(token) + end +end diff --git a/lib/pleroma/web/oauth/token/utils.ex b/lib/pleroma/web/oauth/token/utils.ex new file mode 100644 index 000000000..a81560a1c --- /dev/null +++ b/lib/pleroma/web/oauth/token/utils.ex @@ -0,0 +1,30 @@ +defmodule Pleroma.Web.OAuth.Token.Utils do + @moduledoc """ + Auxiliary functions for dealing with tokens. + """ + + @doc "convert token inserted_at to unix timestamp" + def format_created_at(%{inserted_at: inserted_at} = _token) do + inserted_at + |> DateTime.from_naive!("Etc/UTC") + |> DateTime.to_unix() + end + + @doc false + @spec generate_token(keyword()) :: binary() + def generate_token(opts \\ []) do + opts + |> Keyword.get(:size, 32) + |> :crypto.strong_rand_bytes() + |> Base.url_encode64(padding: false) + end + + # XXX - for whatever reason our token arrives urlencoded, but Plug.Conn should be + # decoding it. Investigate sometime. + def fix_padding(token) do + token + |> URI.decode() + |> Base.url_decode64!(padding: false) + |> Base.url_encode64(padding: false) + end +end -- cgit v1.2.3