From a3dc02d282f886d3b4842ec70976cfa84f2e4099 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 1 May 2019 16:11:17 +0700 Subject: Add addressable lists --- lib/pleroma/web/activity_pub/activity_pub.ex | 72 +++++++++++++++++++------- lib/pleroma/web/activity_pub/transmogrifier.ex | 5 +- lib/pleroma/web/common_api/common_api.ex | 28 +++++----- lib/pleroma/web/common_api/utils.ex | 15 ++++++ lib/pleroma/web/salmon/salmon.ex | 8 +-- 5 files changed, 91 insertions(+), 37 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 604ffae7b..84d7f47b1 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -28,19 +28,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. defp get_recipients(%{"type" => "Announce"} = data) do - to = data["to"] || [] - cc = data["cc"] || [] + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) actor = User.get_cached_by_ap_id(data["actor"]) recipients = - (to ++ cc) - |> Enum.filter(fn recipient -> + Enum.filter(Enum.concat([to, cc, bcc]), fn recipient -> case User.get_cached_by_ap_id(recipient) do - nil -> - true - - user -> - User.following?(user, actor) + nil -> true + user -> User.following?(user, actor) end end) @@ -48,17 +45,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end defp get_recipients(%{"type" => "Create"} = data) do - to = data["to"] || [] - cc = data["cc"] || [] - actor = data["actor"] || [] - recipients = (to ++ cc ++ [actor]) |> Enum.uniq() + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) + actor = Map.get(data, "actor", []) + recipients = [to, cc, bcc, [actor]] |> Enum.concat() |> Enum.uniq() {recipients, to, cc} end defp get_recipients(data) do - to = data["to"] || [] - cc = data["cc"] || [] - recipients = to ++ cc + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) + recipients = Enum.concat([to, cc, bcc]) {recipients, to, cc} end @@ -917,22 +916,55 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end - def publish(actor, activity) do - remote_followers = + defp recipients(actor, activity) do + Pleroma.Web.Salmon.remote_users(activity) ++ if actor.follower_address in activity.recipients do {:ok, followers} = User.get_followers(actor) followers |> Enum.filter(&(!&1.local)) else [] end + end + def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bcc != [] do public = is_public?(activity) + {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) + + recipients = recipients(actor, activity) + + recipients + |> Enum.filter(&User.ap_enabled?/1) + |> Enum.map(fn %{info: %{source_data: data}} -> data["inbox"] end) + |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) + |> Instances.filter_reachable() + |> Enum.each(fn {inbox, unreachable_since} -> + %User{ap_id: cc} = + Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + json = + data + |> Map.put("cc", [cc]) + |> Map.put("directMessage", true) + |> Jason.encode!() + + Federator.publish_single_ap(%{ + inbox: inbox, + json: json, + actor: actor, + id: activity.data["id"], + unreachable_since: unreachable_since + }) + end) + end + + def publish(actor, activity) do + public = is_public?(activity) {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) + json = Jason.encode!(data) - (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers) - |> Enum.filter(fn user -> User.ap_enabled?(user) end) + recipients(actor, activity) + |> Enum.filter(&User.ap_enabled?/1) |> Enum.map(fn %{info: %{source_data: data}} -> (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"] end) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index b1e859d7c..3b7193eaa 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -741,13 +741,16 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def prepare_outgoing(%{"type" => "Create", "object" => object_id} = data) do object = - Object.normalize(object_id).data + object_id + |> Object.normalize() + |> Map.get(:data) |> prepare_object data = data |> Map.put("object", object) |> Map.merge(Utils.make_json_ld_header()) + |> Map.delete("bcc") {:ok, data} end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index cfbc5dc10..4ca59110f 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -119,6 +119,10 @@ defmodule Pleroma.Web.CommonAPI do when visibility in ~w{public unlisted private direct}, do: visibility + def get_visibility(%{"visibility" => "list:" <> list_id}) do + {:list, String.to_integer(list_id)} + end + def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do case get_replied_to_activity(status_id) do nil -> @@ -149,6 +153,7 @@ defmodule Pleroma.Web.CommonAPI do visibility ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), + {:ok, bcc} <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -174,19 +179,16 @@ defmodule Pleroma.Web.CommonAPI do Map.put(acc, name, "#{Pleroma.Web.Endpoint.static_url()}#{file}") end) ) do - res = - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) - - res + ActivityPub.create( + %{ + to: to, + actor: user, + context: context, + object: object, + additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} + }, + Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + ) end end diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 887f878c4..83a745b58 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter + alias Pleroma.List alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -102,6 +103,20 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end + def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} + + def bcc_for_list(user, {:list, list_id}) do + with {_, %List{} = list} <- {:list, List.get(list_id, user)}, + {:ok, following} <- List.get_following(list) do + {:ok, Enum.map(following, & &1.ap_id)} + else + {:list, _} -> {:error, "List not found"} + err -> err + end + end + + def bcc_for_list(_, _), do: {:ok, []} + def make_content_html( status, attachments, diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 0a9e51656..4d89f4bdb 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -157,10 +157,12 @@ defmodule Pleroma.Web.Salmon do end def remote_users(%{data: %{"to" => to} = data}) do - to = to ++ (data["cc"] || []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) - to - |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end) + [to, cc, bcc] + |> Enum.concat() + |> Enum.map(&User.get_cached_by_ap_id/1) |> Enum.filter(fn user -> user && !user.local end) end -- cgit v1.2.3 From 23276e8d6848fa8eae390c16b6e0619c12546e4a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 13 May 2019 16:15:14 +0700 Subject: Use pseudo ap id of a list in BCC --- lib/pleroma/list.ex | 32 +++++++++++++++++++ lib/pleroma/web/activity_pub/activity_pub.ex | 46 +++++++++++++++++++++++----- lib/pleroma/web/common_api/common_api.ex | 8 ++--- lib/pleroma/web/common_api/utils.ex | 11 ++----- lib/pleroma/web/salmon/salmon.ex | 19 ++++++++++-- 5 files changed, 92 insertions(+), 24 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index a5b1cad68..81b842e9c 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -12,6 +12,8 @@ defmodule Pleroma.List do alias Pleroma.Repo alias Pleroma.User + @ap_id_regex ~r/^\/users\/(?\w+)\/lists\/(?\d+)/ + schema "lists" do belongs_to(:user, User, type: Pleroma.FlakeId) field(:title, :string) @@ -32,6 +34,12 @@ defmodule Pleroma.List do |> validate_required([:following]) end + def ap_id(%User{nickname: nickname}, list_id) do + Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" + end + + def ap_id({nickname, list_id}), do: ap_id(%User{nickname: nickname}, list_id) + def for_user(user, _opts) do query = from( @@ -55,6 +63,19 @@ defmodule Pleroma.List do Repo.one(query) end + def get_by_ap_id(ap_id) do + host = Pleroma.Web.Endpoint.host() + + with %{host: ^host, path: path} <- URI.parse(ap_id), + %{"list_id" => list_id, "nickname" => nickname} <- + Regex.named_captures(@ap_id_regex, path), + %User{} = user <- User.get_cached_by_nickname(nickname) do + get(list_id, user) + else + _ -> nil + end + end + def get_following(%Pleroma.List{following: following} = _list) do q = from( @@ -125,4 +146,15 @@ defmodule Pleroma.List do |> follow_changeset(attrs) |> Repo.update() end + + def memberships(%User{follower_address: follower_address}) do + Pleroma.List + |> where([l], ^follower_address in l.following) + |> join(:inner, [l], u in User, on: l.user_id == u.id) + |> select([l, u], {u.nickname, l.id}) + |> Repo.all() + |> Enum.map(&ap_id/1) + end + + def memberships(_), do: [] end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 84d7f47b1..3b71e0369 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -783,9 +783,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def fetch_activities_query(recipients, opts \\ %{}) do - base_query = from(activity in Activity) - - base_query + Activity |> maybe_preload_objects(opts) |> restrict_recipients(recipients, opts["user"]) |> restrict_tag(opts) @@ -807,9 +805,29 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def fetch_activities(recipients, opts \\ %{}) do - fetch_activities_query(recipients, opts) + list_memberships = Pleroma.List.memberships(opts["user"]) + + fetch_activities_query(recipients ++ list_memberships, opts) |> Pagination.fetch_paginated(opts) |> Enum.reverse() + |> maybe_update_cc(list_memberships, opts["user"]) + end + + defp maybe_update_cc(activities, [], _), do: activities + defp maybe_update_cc(activities, _, nil), do: activities + + defp maybe_update_cc(activities, list_memberships, user) do + Enum.map(activities, fn + %{data: %{"bcc" => bcc}} = activity when is_list(bcc) -> + if Enum.any?(bcc, &(&1 in list_memberships)) do + update_in(activity.data["cc"], &[user.ap_id | &1]) + else + activity + end + + activity -> + activity + end) end def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do @@ -917,13 +935,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end defp recipients(actor, activity) do - Pleroma.Web.Salmon.remote_users(activity) ++ + followers = if actor.follower_address in activity.recipients do {:ok, followers} = User.get_followers(actor) - followers |> Enum.filter(&(!&1.local)) + Enum.filter(followers, &(!&1.local)) else [] end + + Pleroma.Web.Salmon.remote_users(actor, activity) ++ followers + end + + defp get_cc_ap_ids(ap_id, recipients) do + host = Map.get(URI.parse(ap_id), :host) + + recipients + |> Enum.filter(fn %User{ap_id: ap_id} -> Map.get(URI.parse(ap_id), :host) == host end) + |> Enum.map(& &1.ap_id) end def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bcc != [] do @@ -938,12 +966,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) |> Instances.filter_reachable() |> Enum.each(fn {inbox, unreachable_since} -> - %User{ap_id: cc} = + %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + cc = get_cc_ap_ids(ap_id, recipients) + json = data - |> Map.put("cc", [cc]) + |> Map.put("cc", cc) |> Map.put("directMessage", true) |> Jason.encode!() diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 4ca59110f..d47d5788c 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -153,7 +153,7 @@ defmodule Pleroma.Web.CommonAPI do visibility ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), - {:ok, bcc} <- bcc_for_list(user, visibility), + bcc <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -197,7 +197,7 @@ defmodule Pleroma.Web.CommonAPI do user = with emoji <- emoji_from_profile(user), source_data <- (user.info.source_data || %{}) |> Map.put("tag", emoji), - info_cng <- Pleroma.User.Info.set_source_data(user.info, source_data), + info_cng <- User.Info.set_source_data(user.info, source_data), change <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), {:ok, user} <- User.update_and_set_cache(change) do user @@ -230,7 +230,7 @@ defmodule Pleroma.Web.CommonAPI do } = activity <- get_by_id_or_ap_id(id_or_ap_id), true <- Enum.member?(object_to, "https://www.w3.org/ns/activitystreams#Public"), %{valid?: true} = info_changeset <- - Pleroma.User.Info.add_pinnned_activity(user.info, activity), + User.Info.add_pinnned_activity(user.info, activity), changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset), {:ok, _user} <- User.update_and_set_cache(changeset) do @@ -247,7 +247,7 @@ defmodule Pleroma.Web.CommonAPI do def unpin(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), %{valid?: true} = info_changeset <- - Pleroma.User.Info.remove_pinnned_activity(user.info, activity), + User.Info.remove_pinnned_activity(user.info, activity), changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset), {:ok, _user} <- User.update_and_set_cache(changeset) do diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 83a745b58..32c3b4b98 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -8,7 +8,6 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter - alias Pleroma.List alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -106,16 +105,10 @@ defmodule Pleroma.Web.CommonAPI.Utils do def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} def bcc_for_list(user, {:list, list_id}) do - with {_, %List{} = list} <- {:list, List.get(list_id, user)}, - {:ok, following} <- List.get_following(list) do - {:ok, Enum.map(following, & &1.ap_id)} - else - {:list, _} -> {:error, "List not found"} - err -> err - end + [Pleroma.List.ap_id(user, list_id)] end - def bcc_for_list(_, _), do: {:ok, []} + def bcc_for_list(_, _), do: [] def make_content_html( status, diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 4d89f4bdb..ca51255f3 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -156,9 +156,22 @@ defmodule Pleroma.Web.Salmon do {:ok, salmon} end - def remote_users(%{data: %{"to" => to} = data}) do + def remote_users(%User{id: user_id}, %{data: %{"to" => to} = data}) do cc = Map.get(data, "cc", []) - bcc = Map.get(data, "bcc", []) + + bcc = + data + |> Map.get("bcc", []) + |> Enum.reduce([], fn ap_id, bcc -> + case Pleroma.List.get_by_ap_id(ap_id) do + %Pleroma.List{user_id: ^user_id} = list -> + {:ok, following} = Pleroma.List.get_following(list) + bcc ++ Enum.map(following, & &1.ap_id) + + _ -> + bcc + end + end) [to, cc, bcc] |> Enum.concat() @@ -220,7 +233,7 @@ defmodule Pleroma.Web.Salmon do {:ok, private, _} = keys_from_pem(keys) {:ok, feed} = encode(private, feed) - remote_users = remote_users(activity) + remote_users = remote_users(user, activity) salmon_urls = Enum.map(remote_users, & &1.info.salmon) reachable_urls_metadata = Instances.filter_reachable(salmon_urls) -- cgit v1.2.3 From f2936e0a0723956c167a06dc51518da172a508b2 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 17 May 2019 19:56:37 +0700 Subject: Add `ap_id` to List --- lib/pleroma/list.ex | 33 +++++++++++---------------------- lib/pleroma/web/common_api/utils.ex | 3 ++- 2 files changed, 13 insertions(+), 23 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 81b842e9c..16955b3b5 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -12,12 +12,11 @@ defmodule Pleroma.List do alias Pleroma.Repo alias Pleroma.User - @ap_id_regex ~r/^\/users\/(?\w+)\/lists\/(?\d+)/ - schema "lists" do belongs_to(:user, User, type: Pleroma.FlakeId) field(:title, :string) field(:following, {:array, :string}, default: []) + field(:ap_id, :string) timestamps() end @@ -34,12 +33,6 @@ defmodule Pleroma.List do |> validate_required([:following]) end - def ap_id(%User{nickname: nickname}, list_id) do - Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" - end - - def ap_id({nickname, list_id}), do: ap_id(%User{nickname: nickname}, list_id) - def for_user(user, _opts) do query = from( @@ -64,16 +57,7 @@ defmodule Pleroma.List do end def get_by_ap_id(ap_id) do - host = Pleroma.Web.Endpoint.host() - - with %{host: ^host, path: path} <- URI.parse(ap_id), - %{"list_id" => list_id, "nickname" => nickname} <- - Regex.named_captures(@ap_id_regex, path), - %User{} = user <- User.get_cached_by_nickname(nickname) do - get(list_id, user) - else - _ -> nil - end + Repo.get_by(__MODULE__, ap_id: ap_id) end def get_following(%Pleroma.List{following: following} = _list) do @@ -126,7 +110,14 @@ defmodule Pleroma.List do def create(title, %User{} = creator) do list = %Pleroma.List{user_id: creator.id, title: title} - Repo.insert(list) + + Repo.transaction(fn -> + list = Repo.insert!(list) + + list + |> change(ap_id: "#{creator.ap_id}/lists/#{list.id}") + |> Repo.update!() + end) end def follow(%Pleroma.List{following: following} = list, %User{} = followed) do @@ -150,10 +141,8 @@ defmodule Pleroma.List do def memberships(%User{follower_address: follower_address}) do Pleroma.List |> where([l], ^follower_address in l.following) - |> join(:inner, [l], u in User, on: l.user_id == u.id) - |> select([l, u], {u.nickname, l.id}) + |> select([l], l.ap_id) |> Repo.all() - |> Enum.map(&ap_id/1) end def memberships(_), do: [] diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index f082b77d8..ba6ed67ef 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -105,7 +105,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} def bcc_for_list(user, {:list, list_id}) do - [Pleroma.List.ap_id(user, list_id)] + list = Pleroma.List.get(list_id, user) + [list.ap_id] end def bcc_for_list(_, _), do: [] -- cgit v1.2.3 From 3b71612d3d8b5e2ad53bda4399eb7f687cd6c30e Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Sat, 18 May 2019 01:17:14 +0700 Subject: Improve Pleroma.Web.ActivityPub.ActivityPub.maybe_update_cc/3 --- lib/pleroma/web/activity_pub/activity_pub.ex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 048b9202b..8a5b3b8b4 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -881,14 +881,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> maybe_update_cc(list_memberships, opts["user"]) end - defp maybe_update_cc(activities, [], _), do: activities - defp maybe_update_cc(activities, _, nil), do: activities - - defp maybe_update_cc(activities, list_memberships, user) do + defp maybe_update_cc(activities, list_memberships, %User{ap_id: user_ap_id}) + when is_list(list_memberships) and length(list_memberships) > 0 do Enum.map(activities, fn - %{data: %{"bcc" => bcc}} = activity when is_list(bcc) -> + %{data: %{"bcc" => bcc}} = activity when is_list(bcc) and length(bcc) > 0 -> if Enum.any?(bcc, &(&1 in list_memberships)) do - update_in(activity.data["cc"], &[user.ap_id | &1]) + update_in(activity.data["cc"], &[user_ap_id | &1]) else activity end @@ -898,6 +896,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end) end + defp maybe_update_cc(activities, _, _), do: activities + def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do fetch_activities_query([], opts) |> restrict_to_cc(recipients_to, recipients_cc) -- cgit v1.2.3 From ddd4a09b72ede65345ddf45a68eb239b54eda86c Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 5 Jun 2019 17:55:00 +0700 Subject: Fix merge conflict --- lib/pleroma/web/common_api/utils.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 22ce1ea90..6c9e117ae 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -98,6 +98,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end + def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []} + def get_addressed_users(_, to) when is_list(to) do User.get_ap_ids_by_nicknames(to) end -- cgit v1.2.3 From 958fb9aa8082eabf63b106007b3bef09847cafc6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 16:36:08 +0700 Subject: Add "listMessage" --- lib/pleroma/web/activity_pub/publisher.ex | 1 - lib/pleroma/web/common_api/common_api.ex | 26 +++++++++++++++----------- lib/pleroma/web/common_api/utils.ex | 15 +++++++++++---- 3 files changed, 26 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index b7dc90caa..ffdd33351 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -136,7 +136,6 @@ defmodule Pleroma.Web.ActivityPub.Publisher do json = data |> Map.put("cc", cc) - |> Map.put("directMessage", true) |> Jason.encode!() Pleroma.Web.Federator.Publisher.enqueue_one(__MODULE__, %{ diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8e3892bdf..1c47a31d7 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -215,7 +215,6 @@ defmodule Pleroma.Web.CommonAPI do addressed_users <- get_addressed_users(mentioned_users, data["to"]), {poll, poll_emoji} <- make_poll_data(data), {to, cc} <- get_to_and_cc(user, addressed_users, in_reply_to, visibility), - bcc <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"] || "", sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}), @@ -241,16 +240,21 @@ defmodule Pleroma.Web.CommonAPI do "emoji", Map.merge(Formatter.get_emoji_map(full_payload), poll_emoji) ) do - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) + preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + direct? = visibility == "direct" + + additional_data = + %{"cc" => cc, "directMessage" => direct?} |> maybe_add_list_data(user, visibility) + + params = %{ + to: to, + actor: user, + context: context, + object: object, + additional: additional_data + } + + ActivityPub.create(params, preview?) else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index d4bfdd7e4..94b2c50fc 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -108,12 +108,19 @@ defmodule Pleroma.Web.CommonAPI.Utils do def get_addressed_users(mentioned_users, _), do: mentioned_users - def bcc_for_list(user, {:list, list_id}) do - list = Pleroma.List.get(list_id, user) - [list.ap_id] + def maybe_add_list_data(additional_data, user, {:list, list_id}) do + case Pleroma.List.get(list_id, user) do + %Pleroma.List{} = list -> + additional_data + |> Map.put("listMessage", list.ap_id) + |> Map.put("bcc", [list.ap_id]) + + _ -> + additional_data + end end - def bcc_for_list(_, _), do: [] + def maybe_add_list_data(additional_data, _, _), do: additional_data def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data) when is_list(options) do -- cgit v1.2.3 From 9e06873d58e031a0f90c6a4d436a6abb5f1ebbae Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 19:29:24 +0700 Subject: Add `list` to Visibility --- lib/pleroma/list.ex | 6 ++++++ lib/pleroma/web/activity_pub/visibility.ex | 16 ++++++++++++++++ 2 files changed, 22 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 16955b3b5..1d320206e 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -146,4 +146,10 @@ defmodule Pleroma.List do end def memberships(_), do: [] + + def member?(%Pleroma.List{following: following}, %User{follower_address: follower_address}) do + Enum.member?(following, follower_address) + end + + def member?(_, _), do: false end diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex index 9908a2e75..e0282d758 100644 --- a/lib/pleroma/web/activity_pub/visibility.ex +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -34,6 +34,19 @@ defmodule Pleroma.Web.ActivityPub.Visibility do !is_public?(activity) && !is_private?(activity) end + def is_list?(%{data: %{"listMessage" => _}}), do: true + def is_list?(_), do: false + + def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true + + def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do + list_ap_id + |> Pleroma.List.get_by_ap_id() + |> Pleroma.List.member?(user) + end + + def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false + def visible_for_user?(activity, nil) do is_public?(activity) end @@ -73,6 +86,9 @@ defmodule Pleroma.Web.ActivityPub.Visibility do object.data["directMessage"] == true -> "direct" + is_binary(object.data["listMessage"]) -> + "list" + length(cc) > 0 -> "private" -- cgit v1.2.3 From f8e3ae61545de45ce4dd395471149ed1e71e0343 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Fri, 12 Jul 2019 22:19:30 +0545 Subject: try to always match the filename for proxy url --- lib/pleroma/web/media_proxy/controller.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index ea33d7685..a711b54e9 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -30,10 +30,15 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do def filename_matches(has_filename, path, url) do filename = url |> MediaProxy.filename() - if has_filename && filename && Path.basename(path) != filename do + if has_filename && filename && does_not_match(path, filename) do {:wrong_filename, filename} else :ok end end + + defp does_not_match(path, filename) do + basename = Path.basename(path) + basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename + end end -- cgit v1.2.3 From f4447d82b814e4710a0d7499bc0707773ac1e440 Mon Sep 17 00:00:00 2001 From: Alex S Date: Thu, 11 Jul 2019 16:04:42 +0300 Subject: parsers configurable --- lib/pleroma/web/rich_media/parser.ex | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index 21cd47890..0d2523338 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -3,12 +3,6 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.RichMedia.Parser do - @parsers [ - Pleroma.Web.RichMedia.Parsers.OGP, - Pleroma.Web.RichMedia.Parsers.TwitterCard, - Pleroma.Web.RichMedia.Parsers.OEmbed - ] - @hackney_options [ pool: :media, recv_timeout: 2_000, @@ -16,6 +10,10 @@ defmodule Pleroma.Web.RichMedia.Parser do with_body: true ] + defp parsers do + Pleroma.Config.get([:rich_media, :parsers]) + end + def parse(nil), do: {:error, "No URL provided"} if Pleroma.Config.get(:env) == :test do @@ -48,7 +46,7 @@ defmodule Pleroma.Web.RichMedia.Parser do end defp maybe_parse(html) do - Enum.reduce_while(@parsers, %{}, fn parser, acc -> + Enum.reduce_while(parsers(), %{}, fn parser, acc -> case parser.parse(html, acc) do {:ok, data} -> {:halt, data} {:error, _msg} -> {:cont, acc} -- cgit v1.2.3 From 40d0a198e20d577b51339f4026d672b1aa968be1 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Jul 2019 12:02:16 +0200 Subject: Object.Fetcher: Handle error on Containment.contain_origin/2 --- lib/pleroma/object/fetcher.ex | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 101c21f96..82250ab8d 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -38,6 +38,7 @@ defmodule Pleroma.Object.Fetcher do "type" => "Create", "to" => data["to"], "cc" => data["cc"], + # TODO: Should we seriously keep this attributedTo thing? "actor" => data["actor"] || data["attributedTo"], "object" => data }, @@ -56,6 +57,9 @@ defmodule Pleroma.Object.Fetcher do object = %Object{} -> {:ok, object} + :error -> + {:error, "Object containment failed."} + _e -> Logger.info("Couldn't get object via AP, trying out OStatus fetching...") -- cgit v1.2.3 From e7c39b7ac8f0462ab563d3cf51f24c76feab0e8d Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Sun, 14 Jul 2019 13:29:31 +0000 Subject: Feature/1072 muting notifications --- lib/pleroma/notification.ex | 70 ++++++++++++---------- lib/pleroma/user.ex | 21 +++++-- lib/pleroma/user/info.ex | 28 +++++++++ lib/pleroma/web/mastodon_api/mastodon_api.ex | 5 +- .../web/mastodon_api/mastodon_api_controller.ex | 9 ++- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 +- .../web/twitter_api/twitter_api_controller.ex | 7 +++ 7 files changed, 99 insertions(+), 43 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index a414afbbf..ee7b37aab 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -11,7 +11,6 @@ defmodule Pleroma.Notification do alias Pleroma.Pagination alias Pleroma.Repo alias Pleroma.User - alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.Push alias Pleroma.Web.Streamer @@ -32,31 +31,47 @@ defmodule Pleroma.Notification do |> cast(attrs, [:seen]) end - def for_user_query(user) do - Notification - |> where(user_id: ^user.id) - |> where( - [n, a], - fragment( - "? not in (SELECT ap_id FROM users WHERE info->'deactivated' @> 'true')", - a.actor - ) - ) - |> join(:inner, [n], activity in assoc(n, :activity)) - |> join(:left, [n, a], object in Object, - on: + def for_user_query(user, opts) do + query = + Notification + |> where(user_id: ^user.id) + |> where( + [n, a], fragment( - "(?->>'id') = COALESCE((? -> 'object'::text) ->> 'id'::text)", - object.data, - a.data + "? not in (SELECT ap_id FROM users WHERE info->'deactivated' @> 'true')", + a.actor ) - ) - |> preload([n, a, o], activity: {a, object: o}) + ) + |> join(:inner, [n], activity in assoc(n, :activity)) + |> join(:left, [n, a], object in Object, + on: + fragment( + "(?->>'id') = COALESCE((? -> 'object'::text) ->> 'id'::text)", + object.data, + a.data + ) + ) + |> preload([n, a, o], activity: {a, object: o}) + + if opts[:with_muted] do + query + else + where(query, [n, a], a.actor not in ^user.info.muted_notifications) + |> where([n, a], a.actor not in ^user.info.blocks) + |> where( + [n, a], + fragment("substring(? from '.*://([^/]*)')", a.actor) not in ^user.info.domain_blocks + ) + |> join(:left, [n, a], tm in Pleroma.ThreadMute, + on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data) + ) + |> where([n, a, o, tm], is_nil(tm.id)) + end end def for_user(user, opts \\ %{}) do user - |> for_user_query() + |> for_user_query(opts) |> Pagination.fetch_paginated(opts) end @@ -179,11 +194,10 @@ defmodule Pleroma.Notification do def get_notified_from_activity(_, _local_only), do: [] + @spec skip?(Activity.t(), User.t()) :: boolean() def skip?(activity, user) do [ :self, - :blocked, - :muted, :followers, :follows, :non_followers, @@ -193,21 +207,11 @@ defmodule Pleroma.Notification do |> Enum.any?(&skip?(&1, activity, user)) end + @spec skip?(atom(), Activity.t(), User.t()) :: boolean() def skip?(:self, activity, user) do activity.data["actor"] == user.ap_id end - def skip?(:blocked, activity, user) do - actor = activity.data["actor"] - User.blocks?(user, %{ap_id: actor}) - end - - def skip?(:muted, activity, user) do - actor = activity.data["actor"] - - User.mutes?(user, %{ap_id: actor}) or CommonAPI.thread_muted?(user, activity) - end - def skip?( :followers, activity, diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index e5a6c2529..29c87d4a9 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -749,10 +749,13 @@ defmodule Pleroma.User do |> Repo.all() end - def mute(muter, %User{ap_id: ap_id}) do + @spec mute(User.t(), User.t(), boolean()) :: {:ok, User.t()} | {:error, String.t()} + def mute(muter, %User{ap_id: ap_id}, notifications? \\ true) do + info = muter.info + info_cng = - muter.info - |> User.Info.add_to_mutes(ap_id) + User.Info.add_to_mutes(info, ap_id) + |> User.Info.add_to_muted_notifications(info, ap_id, notifications?) cng = change(muter) @@ -762,9 +765,11 @@ defmodule Pleroma.User do end def unmute(muter, %{ap_id: ap_id}) do + info = muter.info + info_cng = - muter.info - |> User.Info.remove_from_mutes(ap_id) + User.Info.remove_from_mutes(info, ap_id) + |> User.Info.remove_from_muted_notifications(info, ap_id) cng = change(muter) @@ -860,6 +865,12 @@ defmodule Pleroma.User do def mutes?(nil, _), do: false def mutes?(user, %{ap_id: ap_id}), do: Enum.member?(user.info.mutes, ap_id) + @spec muted_notifications?(User.t() | nil, User.t() | map()) :: boolean() + def muted_notifications?(nil, _), do: false + + def muted_notifications?(user, %{ap_id: ap_id}), + do: Enum.member?(user.info.muted_notifications, ap_id) + def blocks?(%User{info: info} = _user, %{ap_id: ap_id}) do blocks = info.blocks domain_blocks = info.domain_blocks diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 08e43ff0f..9beb3ddbd 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -24,6 +24,7 @@ defmodule Pleroma.User.Info do field(:domain_blocks, {:array, :string}, default: []) field(:mutes, {:array, :string}, default: []) field(:muted_reblogs, {:array, :string}, default: []) + field(:muted_notifications, {:array, :string}, default: []) field(:subscribers, {:array, :string}, default: []) field(:deactivated, :boolean, default: false) field(:no_rich_text, :boolean, default: false) @@ -120,6 +121,16 @@ defmodule Pleroma.User.Info do |> validate_required([:mutes]) end + @spec set_notification_mutes(Changeset.t(), [String.t()], boolean()) :: Changeset.t() + def set_notification_mutes(changeset, muted_notifications, notifications?) do + if notifications? do + put_change(changeset, :muted_notifications, muted_notifications) + |> validate_required([:muted_notifications]) + else + changeset + end + end + def set_blocks(info, blocks) do params = %{blocks: blocks} @@ -136,14 +147,31 @@ defmodule Pleroma.User.Info do |> validate_required([:subscribers]) end + @spec add_to_mutes(Info.t(), String.t()) :: Changeset.t() def add_to_mutes(info, muted) do set_mutes(info, Enum.uniq([muted | info.mutes])) end + @spec add_to_muted_notifications(Changeset.t(), Info.t(), String.t(), boolean()) :: + Changeset.t() + def add_to_muted_notifications(changeset, info, muted, notifications?) do + set_notification_mutes( + changeset, + Enum.uniq([muted | info.muted_notifications]), + notifications? + ) + end + + @spec remove_from_mutes(Info.t(), String.t()) :: Changeset.t() def remove_from_mutes(info, muted) do set_mutes(info, List.delete(info.mutes, muted)) end + @spec remove_from_muted_notifications(Changeset.t(), Info.t(), String.t()) :: Changeset.t() + def remove_from_muted_notifications(changeset, info, muted) do + set_notification_mutes(changeset, List.delete(info.muted_notifications, muted), true) + end + def add_to_block(info, blocked) do set_blocks(info, Enum.uniq([blocked | info.blocks])) end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api.ex b/lib/pleroma/web/mastodon_api/mastodon_api.ex index c82b20123..46944dcbc 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api.ex @@ -53,7 +53,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do options = cast_params(params) user - |> Notification.for_user_query() + |> Notification.for_user_query(options) |> restrict(:exclude_types, options) |> Pagination.fetch_paginated(params) end @@ -67,7 +67,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do defp cast_params(params) do param_types = %{ exclude_types: {:array, :string}, - reblogs: :boolean + reblogs: :boolean, + with_muted: :boolean } changeset = cast({%{}, param_types}, params, Map.keys(param_types)) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 8a7b75025..b3513b5bf 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1068,9 +1068,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def mute(%{assigns: %{user: muter}} = conn, %{"id" => id}) do + def mute(%{assigns: %{user: muter}} = conn, %{"id" => id} = params) do + notifications = + if Map.has_key?(params, "notifications"), + do: params["notifications"] in [true, "True", "true", "1"], + else: true + with %User{} = muted <- User.get_cached_by_id(id), - {:ok, muter} <- User.mute(muter, muted) do + {:ok, muter} <- User.mute(muter, muted, notifications) do conn |> put_view(AccountView) |> render("relationship.json", %{user: muter, target: muted}) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 62c516f8e..65bab4062 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -52,7 +52,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do followed_by: User.following?(target, user), blocking: User.blocks?(user, target), muting: User.mutes?(user, target), - muting_notifications: false, + muting_notifications: User.muted_notifications?(user, target), subscribing: User.subscribed_to?(user, target), requested: requested, domain_blocking: false, diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 45ef7be3d..0313560a8 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -192,6 +192,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def notifications(%{assigns: %{user: user}} = conn, params) do + params = + if Map.has_key?(params, "with_muted") do + Map.put(params, :with_muted, params["with_muted"] in [true, "True", "true", "1"]) + else + params + end + notifications = Notification.for_user(user, params) conn -- cgit v1.2.3 From e1c08a67d6f8981417fe4d5592a60a3882f454f9 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Jul 2019 12:13:11 +0200 Subject: Object.Fetcher: Fallback to OStatus only if AP actually fails --- lib/pleroma/object/fetcher.ex | 60 +++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 25 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 82250ab8d..14454ce9d 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -31,42 +31,52 @@ defmodule Pleroma.Object.Fetcher do {:ok, object} else Logger.info("Fetching #{id} via AP") + {status, data} = fetch_and_contain_remote_object_from_id(id) + object = Object.normalize(data, false) - with {:ok, data} <- fetch_and_contain_remote_object_from_id(id), - nil <- Object.normalize(data, false), - params <- %{ - "type" => "Create", - "to" => data["to"], - "cc" => data["cc"], - # TODO: Should we seriously keep this attributedTo thing? - "actor" => data["actor"] || data["attributedTo"], - "object" => data - }, - :ok <- Containment.contain_origin(id, params), - {:ok, activity} <- Transmogrifier.handle_incoming(params, options), - {:object, _data, %Object{} = object} <- - {:object, data, Object.normalize(activity, false)} do - {:ok, object} - else - {:error, {:reject, nil}} -> - {:reject, nil} + if status == :ok and object == nil do + with params <- %{ + "type" => "Create", + "to" => data["to"], + "cc" => data["cc"], + # Should we seriously keep this attributedTo thing? + "actor" => data["actor"] || data["attributedTo"], + "object" => data + }, + :ok <- Containment.contain_origin(id, params), + {:ok, activity} <- Transmogrifier.handle_incoming(params, options), + {:object, _data, %Object{} = object} <- + {:object, data, Object.normalize(activity, false)} do + {:ok, object} + else + {:error, {:reject, nil}} -> + {:reject, nil} - {:object, data, nil} -> - reinject_object(data) + {:object, data, nil} -> + reinject_object(data) - object = %Object{} -> - {:ok, object} + object = %Object{} -> + {:ok, object} - :error -> - {:error, "Object containment failed."} + :error -> + {:error, "Object containment failed."} - _e -> + e -> + e + end + else + if status == :ok and object != nil do + {:ok, object} + else + # Only fallback when receiving a fetch/normalization error with ActivityPub Logger.info("Couldn't get object via AP, trying out OStatus fetching...") + # FIXME: OStatus Object Containment? case OStatus.fetch_activity_from_url(id) do {:ok, [activity | _]} -> {:ok, Object.normalize(activity, false)} e -> e end + end end end end -- cgit v1.2.3 From 2592934480dd704033de013491373c9dc1d173a2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Jul 2019 17:28:25 +0200 Subject: Object.Fetcher: Keep the with-do block as per kaniini proposition --- lib/pleroma/object/fetcher.ex | 58 +++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 33 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 14454ce9d..96b34ae9f 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -31,43 +31,36 @@ defmodule Pleroma.Object.Fetcher do {:ok, object} else Logger.info("Fetching #{id} via AP") - {status, data} = fetch_and_contain_remote_object_from_id(id) - object = Object.normalize(data, false) - if status == :ok and object == nil do - with params <- %{ - "type" => "Create", - "to" => data["to"], - "cc" => data["cc"], - # Should we seriously keep this attributedTo thing? - "actor" => data["actor"] || data["attributedTo"], - "object" => data - }, - :ok <- Containment.contain_origin(id, params), - {:ok, activity} <- Transmogrifier.handle_incoming(params, options), - {:object, _data, %Object{} = object} <- - {:object, data, Object.normalize(activity, false)} do - {:ok, object} - else - {:error, {:reject, nil}} -> - {:reject, nil} - - {:object, data, nil} -> - reinject_object(data) + with {:fetch, {:ok, data}} <- {:fetch, fetch_and_contain_remote_object_from_id(id)}, + {:normalize, nil} <- {:normalize, Object.normalize(data, false)}, + params <- %{ + "type" => "Create", + "to" => data["to"], + "cc" => data["cc"], + # Should we seriously keep this attributedTo thing? + "actor" => data["actor"] || data["attributedTo"], + "object" => data + }, + {:containment, :ok} <- {:containment, Containment.contain_origin(id, params)}, + {:ok, activity} <- Transmogrifier.handle_incoming(params, options), + {:object, _data, %Object{} = object} <- + {:object, data, Object.normalize(activity, false)} do + {:ok, object} + else + {:containment, _} -> + {:error, "Object containment failed."} - object = %Object{} -> - {:ok, object} + {:error, {:reject, nil}} -> + {:reject, nil} - :error -> - {:error, "Object containment failed."} + {:object, data, nil} -> + reinject_object(data) - e -> - e - end - else - if status == :ok and object != nil do + {:normalize, object = %Object{}} -> {:ok, object} - else + + _e -> # Only fallback when receiving a fetch/normalization error with ActivityPub Logger.info("Couldn't get object via AP, trying out OStatus fetching...") @@ -76,7 +69,6 @@ defmodule Pleroma.Object.Fetcher do {:ok, [activity | _]} -> {:ok, Object.normalize(activity, false)} e -> e end - end end end end -- cgit v1.2.3 From f98f7ad1b9c1aede0ddefecfefb73919564d73ed Mon Sep 17 00:00:00 2001 From: Moonman Date: Sun, 14 Jul 2019 09:48:42 -0700 Subject: detect and use sha512-crypt for stored password hash. --- lib/pleroma/plugs/authentication_plug.ex | 13 +++++++++++++ lib/pleroma/web/auth/pleroma_authenticator.ex | 4 ++-- lib/pleroma/web/common_api/utils.ex | 4 ++-- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 4 ++-- 4 files changed, 19 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index da4ed4226..48dc1f818 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -6,11 +6,24 @@ defmodule Pleroma.Plugs.AuthenticationPlug do alias Comeonin.Pbkdf2 import Plug.Conn alias Pleroma.User + require Logger def init(options) do options end + def checkpw(password, password_hash) do + cond do + String.starts_with?(password_hash, "$pbkdf2") -> + Pbkdf2.checkpw(password, password_hash) + String.starts_with?(password_hash, "$6") -> + :crypt.crypt(password, password_hash) == password_hash + true -> + Logger.error("Password hash not recognized") + false + end + end + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call( diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index a9164ad98..f4234b743 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Auth.PleromaAuthenticator do - alias Comeonin.Pbkdf2 + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Registration alias Pleroma.Repo alias Pleroma.User @@ -16,7 +16,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do def get_user(%Plug.Conn{} = conn) do with {:ok, {name, password}} <- fetch_credentials(conn), {_, %User{} = user} <- {:user, fetch_user(name)}, - {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do + {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)} do {:ok, user} else error -> diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 8e482eef7..e013188cf 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -6,11 +6,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do import Pleroma.Web.Gettext alias Calendar.Strftime - alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter alias Pleroma.Object + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.ActivityPub.Utils @@ -371,7 +371,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do def confirm_current_password(user, password) do with %User{local: true} = db_user <- User.get_cached_by_id(user.id), - true <- Pbkdf2.checkpw(password, db_user.password_hash) do + true <- AuthenticationPlug.checkpw(password, db_user.password_hash) do {:ok, db_user} else _ -> {:error, dgettext("errors", "Invalid password.")} diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index b1863528f..c10c66ff2 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -7,10 +7,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do require Logger - alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Emoji alias Pleroma.Notification + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.User alias Pleroma.Web alias Pleroma.Web.ActivityPub.ActivityPub @@ -96,7 +96,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do name = followee.nickname with %User{} = user <- User.get_cached_by_nickname(username), - true <- Pbkdf2.checkpw(password, user.password_hash), + true <- AuthenticationPlug.checkpw(password, user.password_hash), %User{} = _followed <- User.get_cached_by_id(id), {:ok, follower} <- User.follow(user, followee), {:ok, _activity} <- ActivityPub.follow(follower, followee) do -- cgit v1.2.3 From 739bbe0d3bbe06ca9d634498ea5909f35fc5ad84 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 14 Jul 2019 17:47:08 +0000 Subject: security: detect object containment violations at the IR level It is more efficient to check for object containment violations at the IR level instead of in the protocol handlers. OStatus containment is especially a tricky situation, as the containment rules don't match those of IR and ActivityPub. Accordingly, we just always do a final containment check at the IR level before the object is added to the IR object graph. --- lib/pleroma/object/containment.ex | 8 ++++++++ lib/pleroma/web/activity_pub/activity_pub.ex | 2 ++ 2 files changed, 10 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex index ada9da0bb..f077a9f32 100644 --- a/lib/pleroma/object/containment.ex +++ b/lib/pleroma/object/containment.ex @@ -48,6 +48,9 @@ defmodule Pleroma.Object.Containment do end end + def contain_origin(id, %{"attributedTo" => actor} = params), + do: contain_origin(id, Map.put(params, "actor", actor)) + def contain_origin_from_id(_id, %{"id" => nil}), do: :error def contain_origin_from_id(id, %{"id" => other_id} = _params) do @@ -60,4 +63,9 @@ defmodule Pleroma.Object.Containment do :error end end + + def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}), + do: contain_origin(id, object) + + def contain_child(_), do: :ok end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index a3174a787..87963b691 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do alias Pleroma.Conversation alias Pleroma.Notification alias Pleroma.Object + alias Pleroma.Object.Containment alias Pleroma.Object.Fetcher alias Pleroma.Pagination alias Pleroma.Repo @@ -126,6 +127,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, map} <- MRF.filter(map), {recipients, _, _} = get_recipients(map), {:fake, false, map, recipients} <- {:fake, fake, map, recipients}, + :ok <- Containment.contain_child(map), {:ok, map, object} <- insert_full_object(map) do {:ok, activity} = Repo.insert(%Activity{ -- cgit v1.2.3 From dce8ebc9eabac1a597491a0edc5c145285c55671 Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Sun, 14 Jul 2019 19:25:03 +0000 Subject: Unfollow should also unsubscribe --- lib/pleroma/web/common_api/common_api.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index f1450b113..949baa3b0 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -31,7 +31,8 @@ defmodule Pleroma.Web.CommonAPI do def unfollow(follower, unfollowed) do with {:ok, follower, _follow_activity} <- User.unfollow(follower, unfollowed), - {:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed) do + {:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed), + {:ok, _unfollowed} <- User.unsubscribe(follower, unfollowed) do {:ok, follower} end end -- cgit v1.2.3 From fa17879c204980c6fb0025b2e51a978669c441da Mon Sep 17 00:00:00 2001 From: Maksim Date: Sun, 14 Jul 2019 21:01:32 +0000 Subject: added tests for Web.MediaProxy --- lib/pleroma/web/media_proxy/controller.ex | 39 -------------------- lib/pleroma/web/media_proxy/media_proxy.ex | 39 ++++++++++---------- .../web/media_proxy/media_proxy_controller.ex | 41 ++++++++++++++++++++++ 3 files changed, 62 insertions(+), 57 deletions(-) delete mode 100644 lib/pleroma/web/media_proxy/controller.ex create mode 100644 lib/pleroma/web/media_proxy/media_proxy_controller.ex (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex deleted file mode 100644 index ea33d7685..000000000 --- a/lib/pleroma/web/media_proxy/controller.ex +++ /dev/null @@ -1,39 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2019 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MediaProxy.MediaProxyController do - use Pleroma.Web, :controller - alias Pleroma.ReverseProxy - alias Pleroma.Web.MediaProxy - - @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]] - - def remote(conn, %{"sig" => sig64, "url" => url64} = params) do - with config <- Pleroma.Config.get([:media_proxy], []), - true <- Keyword.get(config, :enabled, false), - {:ok, url} <- MediaProxy.decode_url(sig64, url64), - :ok <- filename_matches(Map.has_key?(params, "filename"), conn.request_path, url) do - ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) - else - false -> - send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) - - {:error, :invalid_signature} -> - send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) - - {:wrong_filename, filename} -> - redirect(conn, external: MediaProxy.build_url(sig64, url64, filename)) - end - end - - def filename_matches(has_filename, path, url) do - filename = url |> MediaProxy.filename() - - if has_filename && filename && Path.basename(path) != filename do - {:wrong_filename, filename} - else - :ok - end - end -end diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index dd8888a02..a661e9bb7 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -3,68 +3,71 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MediaProxy do - @base64_opts [padding: false] - - def url(nil), do: nil + alias Pleroma.Config + alias Pleroma.Web - def url(""), do: nil + @base64_opts [padding: false] + def url(url) when is_nil(url) or url == "", do: nil def url("/" <> _ = url), do: url def url(url) do - if !enabled?() or local?(url) or whitelisted?(url) do + if disabled?() or local?(url) or whitelisted?(url) do url else encode_url(url) end end - defp enabled?, do: Pleroma.Config.get([:media_proxy, :enabled], false) + defp disabled?, do: !Config.get([:media_proxy, :enabled], false) defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url()) defp whitelisted?(url) do %{host: domain} = URI.parse(url) - Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern -> + Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern -> String.equivalent?(domain, pattern) end) end def encode_url(url) do - secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) base64 = Base.url_encode64(url, @base64_opts) - sig = :crypto.hmac(:sha, secret, base64) - sig64 = sig |> Base.url_encode64(@base64_opts) + + sig64 = + base64 + |> signed_url + |> Base.url_encode64(@base64_opts) build_url(sig64, base64, filename(url)) end def decode_url(sig, url) do - secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) - sig = Base.url_decode64!(sig, @base64_opts) - local_sig = :crypto.hmac(:sha, secret, url) - - if local_sig == sig do + with {:ok, sig} <- Base.url_decode64(sig, @base64_opts), + signature when signature == sig <- signed_url(url) do {:ok, Base.url_decode64!(url, @base64_opts)} else - {:error, :invalid_signature} + _ -> {:error, :invalid_signature} end end + defp signed_url(url) do + :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url) + end + def filename(url_or_path) do if path = URI.parse(url_or_path).path, do: Path.basename(path) end def build_url(sig_base64, url_base64, filename \\ nil) do [ - Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()), + Pleroma.Config.get([:media_proxy, :base_url], Web.base_url()), "proxy", sig_base64, url_base64, filename ] - |> Enum.filter(fn value -> value end) + |> Enum.filter(& &1) |> Path.join() end end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex new file mode 100644 index 000000000..1e9520d46 --- /dev/null +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -0,0 +1,41 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MediaProxy.MediaProxyController do + use Pleroma.Web, :controller + alias Pleroma.ReverseProxy + alias Pleroma.Web.MediaProxy + + @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]] + + def remote(conn, %{"sig" => sig64, "url" => url64} = params) do + with config <- Pleroma.Config.get([:media_proxy], []), + true <- Keyword.get(config, :enabled, false), + {:ok, url} <- MediaProxy.decode_url(sig64, url64), + :ok <- filename_matches(params, conn.request_path, url) do + ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) + else + false -> + send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) + + {:error, :invalid_signature} -> + send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) + + {:wrong_filename, filename} -> + redirect(conn, external: MediaProxy.build_url(sig64, url64, filename)) + end + end + + def filename_matches(%{"filename" => _} = _, path, url) do + filename = MediaProxy.filename(url) + + if filename && Path.basename(path) != filename do + {:wrong_filename, filename} + else + :ok + end + end + + def filename_matches(_, _, _), do: :ok +end -- cgit v1.2.3 From a87c313309b73ced5970c59d00117c357f51fecb Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:00:29 +0700 Subject: Support `list` visibility in StatusView --- lib/pleroma/web/common_api/common_api.ex | 11 ++++------- lib/pleroma/web/common_api/utils.ex | 13 +++++++------ 2 files changed, 11 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 1c47a31d7..f764e87af 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -243,18 +243,15 @@ defmodule Pleroma.Web.CommonAPI do preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false direct? = visibility == "direct" - additional_data = - %{"cc" => cc, "directMessage" => direct?} |> maybe_add_list_data(user, visibility) - - params = %{ + %{ to: to, actor: user, context: context, object: object, - additional: additional_data + additional: %{"cc" => cc, "directMessage" => direct?} } - - ActivityPub.create(params, preview?) + |> maybe_add_list_data(user, visibility) + |> ActivityPub.create(preview?) else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 94b2c50fc..fed5f9de7 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -108,19 +108,20 @@ defmodule Pleroma.Web.CommonAPI.Utils do def get_addressed_users(mentioned_users, _), do: mentioned_users - def maybe_add_list_data(additional_data, user, {:list, list_id}) do + def maybe_add_list_data(activity_params, user, {:list, list_id}) do case Pleroma.List.get(list_id, user) do %Pleroma.List{} = list -> - additional_data - |> Map.put("listMessage", list.ap_id) - |> Map.put("bcc", [list.ap_id]) + activity_params + |> put_in([:additional, "bcc"], [list.ap_id]) + |> put_in([:additional, "listMessage"], list.ap_id) + |> put_in([:object, "listMessage"], list.ap_id) _ -> - additional_data + activity_params end end - def maybe_add_list_data(additional_data, _, _), do: additional_data + def maybe_add_list_data(activity_params, _, _), do: activity_params def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data) when is_list(options) do -- cgit v1.2.3 From d86a97abfb1ef32fbe76f455e8dce4ec429696b6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:20:31 +0700 Subject: Add an explanation comment to Publisher.publish/2 --- lib/pleroma/web/activity_pub/publisher.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index ffdd33351..18145e45f 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -131,6 +131,8 @@ defmodule Pleroma.Web.ActivityPub.Publisher do %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + # Get all the recipients on the same host and add them to cc. Otherwise it a remote + # instance would only accept a first message for the first recipient and ignore the rest. cc = get_cc_ap_ids(ap_id, recipients) json = -- cgit v1.2.3 From de13c9bb8fc08b12d9694f63f92935ba39a51118 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:54:40 +0700 Subject: List messages must be visible for mentioned users --- lib/pleroma/web/activity_pub/visibility.ex | 9 +++++---- lib/pleroma/web/common_api/utils.ex | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex index e0282d758..2666edc7c 100644 --- a/lib/pleroma/web/activity_pub/visibility.ex +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -39,10 +39,11 @@ defmodule Pleroma.Web.ActivityPub.Visibility do def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true - def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do - list_ap_id - |> Pleroma.List.get_by_ap_id() - |> Pleroma.List.member?(user) + def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{} = user) do + user.ap_id in activity.data["to"] || + list_ap_id + |> Pleroma.List.get_by_ap_id() + |> Pleroma.List.member?(user) end def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index fed5f9de7..f28a96320 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -100,7 +100,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end - def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []} + def get_to_and_cc(_user, mentions, _inReplyTo, {:list, _}), do: {mentions, []} def get_addressed_users(_, to) when is_list(to) do User.get_ap_ids_by_nicknames(to) -- cgit v1.2.3 From c66044b923bf90647abd7f581ea67542ba53db10 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 11:00:55 +0300 Subject: atom keys with leading : --- lib/mix/tasks/pleroma/config.ex | 6 +++--- lib/pleroma/config/transfer_task.ex | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index a71bcd447..4868866d6 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -59,11 +59,11 @@ defmodule Mix.Tasks.Pleroma.Config do do: ",", else: ":" + key = String.trim_leading(config.key, ":") + IO.write( file, - "config :#{config.group}, #{config.key}#{mark} #{ - inspect(Config.from_binary(config.value)) - }\r\n" + "config :#{config.group}, #{key}#{mark} #{inspect(Config.from_binary(config.value))}\r\n" ) if delete? do diff --git a/lib/pleroma/config/transfer_task.ex b/lib/pleroma/config/transfer_task.ex index 3c13a0558..7799b2a78 100644 --- a/lib/pleroma/config/transfer_task.ex +++ b/lib/pleroma/config/transfer_task.ex @@ -35,7 +35,7 @@ defmodule Pleroma.Config.TransferTask do if String.starts_with?(setting.key, "Pleroma.") do "Elixir." <> setting.key else - setting.key + String.trim_leading(setting.key, ":") end group = String.to_existing_atom(setting.group) -- cgit v1.2.3 From b8607c151c946f64e6cfadf84caa3921fffad02d Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 15:45:27 +0300 Subject: migrating task refactor --- lib/mix/tasks/pleroma/config.ex | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index 4868866d6..a7d0fac5d 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -28,6 +28,14 @@ defmodule Mix.Tasks.Pleroma.Config do |> Enum.reject(fn {k, _v} -> k in [Pleroma.Repo, :env] end) |> Enum.each(fn {k, v} -> key = to_string(k) |> String.replace("Elixir.", "") + + key = + if String.starts_with?(key, "Pleroma.") do + key + else + ":" <> key + end + {:ok, _} = Config.update_or_create(%{group: "pleroma", key: key, value: v}) Mix.shell().info("#{key} is migrated.") end) @@ -53,17 +61,9 @@ defmodule Mix.Tasks.Pleroma.Config do Repo.all(Config) |> Enum.each(fn config -> - mark = - if String.starts_with?(config.key, "Pleroma.") or - String.starts_with?(config.key, "Ueberauth"), - do: ",", - else: ":" - - key = String.trim_leading(config.key, ":") - IO.write( file, - "config :#{config.group}, #{key}#{mark} #{inspect(Config.from_binary(config.value))}\r\n" + "config :#{config.group}, #{config.key}, #{inspect(Config.from_binary(config.value))}\r\n\r\n" ) if delete? do -- cgit v1.2.3 From c32384c1ea433bb0f5f087707d0165cea1f23d45 Mon Sep 17 00:00:00 2001 From: Maksim Date: Mon, 15 Jul 2019 13:01:22 +0000 Subject: tests for Pleroma.Signature --- lib/pleroma/keys.ex | 12 +++++++----- lib/pleroma/user.ex | 21 ++++++++------------- lib/pleroma/web/activity_pub/utils.ex | 8 ++------ 3 files changed, 17 insertions(+), 24 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/keys.ex b/lib/pleroma/keys.ex index b7bc7a4da..6dd31d3bd 100644 --- a/lib/pleroma/keys.ex +++ b/lib/pleroma/keys.ex @@ -35,10 +35,12 @@ defmodule Pleroma.Keys do end def keys_from_pem(pem) do - [private_key_code] = :public_key.pem_decode(pem) - private_key = :public_key.pem_entry_decode(private_key_code) - {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key - public_key = {:RSAPublicKey, modulus, exponent} - {:ok, private_key, public_key} + with [private_key_code] <- :public_key.pem_decode(pem), + private_key <- :public_key.pem_entry_decode(private_key_code), + {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} <- private_key do + {:ok, private_key, {:RSAPublicKey, modulus, exponent}} + else + error -> {:error, error} + end end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 29c87d4a9..ffba3f390 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1190,10 +1190,12 @@ defmodule Pleroma.User do end # OStatus Magic Key - def public_key_from_info(%{magic_key: magic_key}) do + def public_key_from_info(%{magic_key: magic_key}) when not is_nil(magic_key) do {:ok, Pleroma.Web.Salmon.decode_key(magic_key)} end + def public_key_from_info(_), do: {:error, "not found key"} + def get_public_key_for_ap_id(ap_id) do with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id), {:ok, public_key} <- public_key_from_info(user.info) do @@ -1379,23 +1381,16 @@ defmodule Pleroma.User do } end - def ensure_keys_present(user) do - info = user.info - + def ensure_keys_present(%User{info: info} = user) do if info.keys do {:ok, user} else {:ok, pem} = Keys.generate_rsa_pem() - info_cng = - info - |> User.Info.set_keys(pem) - - cng = - Ecto.Changeset.change(user) - |> Ecto.Changeset.put_embed(:info, info_cng) - - update_and_set_cache(cng) + user + |> Ecto.Changeset.change() + |> Ecto.Changeset.put_embed(:info, User.Info.set_keys(info, pem)) + |> update_and_set_cache() end end diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 4288ea4c8..c146f59d4 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -25,12 +25,8 @@ defmodule Pleroma.Web.ActivityPub.Utils do # Some implementations send the actor URI as the actor field, others send the entire actor object, # so figure out what the actor's URI is based on what we have. - def get_ap_id(object) do - case object do - %{"id" => id} -> id - id -> id - end - end + def get_ap_id(%{"id" => id} = _), do: id + def get_ap_id(id), do: id def normalize_params(params) do Map.put(params, "actor", get_ap_id(params["actor"])) -- cgit v1.2.3 From 105f437ce91e1416f10ad90f56dfd47d16913f40 Mon Sep 17 00:00:00 2001 From: Moonman Date: Mon, 15 Jul 2019 08:36:51 -0700 Subject: formatting --- lib/pleroma/plugs/authentication_plug.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 48dc1f818..eec514892 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -16,8 +16,10 @@ defmodule Pleroma.Plugs.AuthenticationPlug do cond do String.starts_with?(password_hash, "$pbkdf2") -> Pbkdf2.checkpw(password, password_hash) + String.starts_with?(password_hash, "$6") -> :crypt.crypt(password, password_hash) == password_hash + true -> Logger.error("Password hash not recognized") false -- cgit v1.2.3 From 33fd4c0ed7dd11b87c17424a568c44569797a609 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 20:53:07 +0300 Subject: query fix --- lib/pleroma/notification.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index ee7b37aab..d47229258 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -65,7 +65,7 @@ defmodule Pleroma.Notification do |> join(:left, [n, a], tm in Pleroma.ThreadMute, on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data) ) - |> where([n, a, o, tm], is_nil(tm.id)) + |> where([n, a, o, tm], is_nil(tm.user_id)) end end -- cgit v1.2.3 From b74300bc7a02912489033ea23ccaf876881ef650 Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Mon, 15 Jul 2019 19:47:23 +0000 Subject: Add more tests for MastodonAPIController and CommonAPI --- lib/pleroma/web/common_api/common_api.ex | 10 ---------- .../web/mastodon_api/mastodon_api_controller.ex | 20 ++++++++------------ 2 files changed, 8 insertions(+), 22 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 44669b228..44af6a773 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -4,7 +4,6 @@ defmodule Pleroma.Web.CommonAPI do alias Pleroma.Activity - alias Pleroma.Bookmark alias Pleroma.Formatter alias Pleroma.Object alias Pleroma.ThreadMute @@ -356,15 +355,6 @@ defmodule Pleroma.Web.CommonAPI do end end - def bookmarked?(user, activity) do - with %Bookmark{} <- Bookmark.get(user.id, activity.id) do - true - else - _ -> - false - end - end - def report(user, data) do with {:account_id, %{"account_id" => account_id}} <- {:account_id, data}, {:account, %User{} = account} <- {:account, User.get_cached_by_id(account_id)}, diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index b3513b5bf..f4aa576f7 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -693,11 +693,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) - else - {:error, reason} -> - conn - |> put_status(:bad_request) - |> json(%{"error" => reason}) end end @@ -738,11 +733,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) - else - {:error, reason} -> - conn - |> put_resp_content_type("application/json") - |> send_resp(:bad_request, Jason.encode!(%{"error" => reason})) end end @@ -881,7 +871,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), + with %Activity{data: %{"object" => object}} <- Activity.get_by_id(id), %Object{data: %{"likes" => likes}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^likes) users = Repo.all(q) @@ -895,7 +885,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), + with %Activity{data: %{"object" => object}} <- Activity.get_by_id(id), %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^announces) users = Repo.all(q) @@ -1651,6 +1641,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do render_error(conn, :not_found, "Record not found") end + def errors(conn, {:error, error_message}) do + conn + |> put_status(:bad_request) + |> json(%{error: error_message}) + end + def errors(conn, _) do conn |> put_status(:internal_server_error) -- cgit v1.2.3 From 1ed24bcc76d27b3e00671e377a062e233376a017 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 16 Jul 2019 12:47:40 +0900 Subject: Status View: Poll ids are strings. All ids in mastodon are strings, in general. --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 06a7251d8..de9425959 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -382,7 +382,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do %{ # Mastodon uses separate ids for polls, but an object can't have # more than one poll embedded so object id is fine - id: object.id, + id: to_string(object.id), expires_at: Utils.to_masto_date(end_time), expired: expired, multiple: multiple, -- cgit v1.2.3 From 70439494af587484550510e51ad1a31c05f66d38 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 16 Jul 2019 14:56:07 +0700 Subject: Fix typo --- lib/pleroma/web/activity_pub/publisher.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 18145e45f..c505223f7 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -131,7 +131,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) - # Get all the recipients on the same host and add them to cc. Otherwise it a remote + # Get all the recipients on the same host and add them to cc. Otherwise, a remote # instance would only accept a first message for the first recipient and ignore the rest. cc = get_cc_ap_ids(ap_id, recipients) -- cgit v1.2.3 From c4ca142e14444a03250f246e189c78e70aafe9d7 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Tue, 16 Jul 2019 11:04:11 +0000 Subject: Add the `blocked_by` attribute to the relationship API (`GET /api/v1/accounts/relationships`) --- lib/pleroma/web/mastodon_api/views/account_view.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 65bab4062..de1eef9d2 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -51,6 +51,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do following: User.following?(user, target), followed_by: User.following?(target, user), blocking: User.blocks?(user, target), + blocked_by: User.blocks?(target, user), muting: User.mutes?(user, target), muting_notifications: User.muted_notifications?(user, target), subscribing: User.subscribed_to?(user, target), -- cgit v1.2.3 From 520ee6c59162c26caf032b2d16ca975c99b5beb5 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Tue, 16 Jul 2019 11:14:46 +0000 Subject: Add `pleroma.deactivated` to the Account entity (Mastodon API) --- lib/pleroma/web/mastodon_api/views/account_view.ex | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index de1eef9d2..befb35c26 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -137,6 +137,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do |> maybe_put_notification_settings(user, opts[:for]) |> maybe_put_settings_store(user, opts[:for], opts) |> maybe_put_chat_token(user, opts[:for], opts) + |> maybe_put_activation_status(user, opts[:for]) end defp username_from_nickname(string) when is_binary(string) do @@ -197,6 +198,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do defp maybe_put_notification_settings(data, _, _), do: data + defp maybe_put_activation_status(data, user, %User{info: %{is_admin: true}}) do + Kernel.put_in(data, [:pleroma, :deactivated], user.info.deactivated) + end + + defp maybe_put_activation_status(data, _, _), do: data + defp image_url(%{"url" => [%{"href" => href} | _]}), do: href defp image_url(_), do: nil end -- cgit v1.2.3 From 889dc17abd95bd1f414646e54d7e3cdadd9afbc9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 16 Jul 2019 19:18:30 +0300 Subject: [#1094] Rate-limited follow & unfollow actions. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f4aa576f7..a732a6990 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -47,6 +47,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do require Logger + @rate_limited_relations_actions ~w(follow unfollow)a + @rate_limited_status_actions ~w(reblog_status unreblog_status fav_status unfav_status post_status delete_status)a @@ -62,6 +64,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do when action in ~w(fav_status unfav_status)a ) + plug( + RateLimiter, + {:relations_id_action, params: ["id", "uri"]} when action in @rate_limited_relations_actions + ) + + plug(RateLimiter, :relations_actions when action in @rate_limited_relations_actions) plug(RateLimiter, :statuses_actions when action in @rate_limited_status_actions) plug(RateLimiter, :app_account_creation when action == :account_register) plug(RateLimiter, :search when action in [:search, :search2, :account_search]) -- cgit v1.2.3 From 21e3f9ac69e258d7c46e0f2acdcf011f74cba8e3 Mon Sep 17 00:00:00 2001 From: Maksim Date: Tue, 16 Jul 2019 21:35:43 +0000 Subject: added tests for Pleroma.Upload.Filter --- lib/pleroma/upload/filter/dedupe.ex | 15 ++++++++++++--- lib/pleroma/upload/filter/mogrifun.ex | 24 ++---------------------- lib/pleroma/upload/filter/mogrify.ex | 11 +++++++---- 3 files changed, 21 insertions(+), 29 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload/filter/dedupe.ex b/lib/pleroma/upload/filter/dedupe.ex index e4c225833..14928c355 100644 --- a/lib/pleroma/upload/filter/dedupe.ex +++ b/lib/pleroma/upload/filter/dedupe.ex @@ -6,10 +6,19 @@ defmodule Pleroma.Upload.Filter.Dedupe do @behaviour Pleroma.Upload.Filter alias Pleroma.Upload - def filter(%Upload{name: name} = upload) do - extension = String.split(name, ".") |> List.last() - shasum = :crypto.hash(:sha256, File.read!(upload.tempfile)) |> Base.encode16(case: :lower) + def filter(%Upload{name: name, tempfile: tempfile} = upload) do + extension = + name + |> String.split(".") + |> List.last() + + shasum = + :crypto.hash(:sha256, File.read!(tempfile)) + |> Base.encode16(case: :lower) + filename = shasum <> "." <> extension {:ok, %Upload{upload | id: shasum, path: filename}} end + + def filter(_), do: :ok end diff --git a/lib/pleroma/upload/filter/mogrifun.ex b/lib/pleroma/upload/filter/mogrifun.ex index 35a5a1381..fee49fb51 100644 --- a/lib/pleroma/upload/filter/mogrifun.ex +++ b/lib/pleroma/upload/filter/mogrifun.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Upload.Filter.Mogrifun do @behaviour Pleroma.Upload.Filter + alias Pleroma.Upload.Filter @filters [ {"implode", "1"}, @@ -34,31 +35,10 @@ defmodule Pleroma.Upload.Filter.Mogrifun do ] def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do - filter = Enum.random(@filters) - - file - |> Mogrify.open() - |> mogrify_filter(filter) - |> Mogrify.save(in_place: true) + Filter.Mogrify.do_filter(file, [Enum.random(@filters)]) :ok end def filter(_), do: :ok - - defp mogrify_filter(mogrify, [filter | rest]) do - mogrify - |> mogrify_filter(filter) - |> mogrify_filter(rest) - end - - defp mogrify_filter(mogrify, []), do: mogrify - - defp mogrify_filter(mogrify, {action, options}) do - Mogrify.custom(mogrify, action, options) - end - - defp mogrify_filter(mogrify, string) when is_binary(string) do - Mogrify.custom(mogrify, string) - end end diff --git a/lib/pleroma/upload/filter/mogrify.ex b/lib/pleroma/upload/filter/mogrify.ex index f459eeecb..91bfdd4f5 100644 --- a/lib/pleroma/upload/filter/mogrify.ex +++ b/lib/pleroma/upload/filter/mogrify.ex @@ -11,16 +11,19 @@ defmodule Pleroma.Upload.Filter.Mogrify do def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do filters = Pleroma.Config.get!([__MODULE__, :args]) + do_filter(file, filters) + :ok + end + + def filter(_), do: :ok + + def do_filter(file, filters) do file |> Mogrify.open() |> mogrify_filter(filters) |> Mogrify.save(in_place: true) - - :ok end - def filter(_), do: :ok - defp mogrify_filter(mogrify, nil), do: mogrify defp mogrify_filter(mogrify, [filter | rest]) do -- cgit v1.2.3 From 10f82c88b88fa4d26f6fa57f9cf36439012b8d0c Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 16 Jul 2019 21:44:50 +0000 Subject: mastoapi password reset added rate limit to password reset configure rate limit in runtime --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 17 +++++++++++++++++ lib/pleroma/web/router.ex | 2 ++ lib/pleroma/web/twitter_api/twitter_api_controller.ex | 7 +++++++ 3 files changed, 26 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index a732a6990..aff76e2ea 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -73,6 +73,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do plug(RateLimiter, :statuses_actions when action in @rate_limited_status_actions) plug(RateLimiter, :app_account_creation when action == :account_register) plug(RateLimiter, :search when action in [:search, :search2, :account_search]) + plug(RateLimiter, :password_reset when action == :password_reset) @local_mastodon_name "Mastodon-Local" @@ -1816,6 +1817,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def password_reset(conn, params) do + nickname_or_email = params["email"] || params["nickname"] + + with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do + conn + |> put_status(:no_content) + |> json("") + else + {:error, "unknown user"} -> + put_status(conn, :not_found) + + {:error, _} -> + put_status(conn, :bad_request) + end + end + def try_render(conn, target, params) when is_binary(target) do case render(conn, target, params) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 3e5142e8a..52b8dc0bf 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -691,6 +691,8 @@ defmodule Pleroma.Web.Router do get("/web/login", MastodonAPIController, :login) delete("/auth/sign_out", MastodonAPIController, :logout) + post("/auth/password", MastodonAPIController, :password_reset) + scope [] do pipe_through(:oauth_read_or_public) get("/web/*path", MastodonAPIController, :index) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 0313560a8..8cb703501 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -27,6 +27,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do require Logger + plug(Pleroma.Plugs.RateLimiter, :password_reset when action == :password_reset) plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline]) action_fallback(:errors) @@ -437,6 +438,12 @@ defmodule Pleroma.Web.TwitterAPI.Controller do with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do json_response(conn, :no_content, "") + else + {:error, "unknown user"} -> + put_status(conn, :not_found) + + {:error, _} -> + put_status(conn, :bad_request) end end -- cgit v1.2.3 From 96a2890a9ecca3a6392edfaaaed4487303a920d7 Mon Sep 17 00:00:00 2001 From: RX14 Date: Wed, 17 Jul 2019 14:55:47 +0100 Subject: Add MRF MentionPolicy for dropping posts which mention specific actors --- lib/pleroma/web/activity_pub/mrf/mention_policy.ex | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/mrf/mention_policy.ex (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/mention_policy.ex b/lib/pleroma/web/activity_pub/mrf/mention_policy.ex new file mode 100644 index 000000000..1842e1aeb --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/mention_policy.ex @@ -0,0 +1,24 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.MRF.MentionPolicy do + @moduledoc "Block messages which mention a user" + + @behaviour Pleroma.Web.ActivityPub.MRF + + @impl true + def filter(%{"type" => "Create"} = message) do + reject_actors = Pleroma.Config.get([:mrf_mention, :actors], []) + recipients = (message["to"] || []) ++ (message["cc"] || []) + + if Enum.any?(recipients, fn recipient -> Enum.member?(reject_actors, recipient) end) do + {:reject, nil} + else + {:ok, message} + end + end + + @impl true + def filter(message), do: {:ok, message} +end -- cgit v1.2.3 From 4885473be2704d4d370fdb96e1473bc4eb9368f4 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 15:48:51 +0000 Subject: user: refactor get_or_create_instance_user() into get_or_create_service_actor_by_id() --- lib/pleroma/user.ex | 13 ++++++------- lib/pleroma/web/activity_pub/relay.ex | 3 ++- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index ffba3f390..463bb9ad4 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1157,19 +1157,18 @@ defmodule Pleroma.User do end end - def get_or_create_instance_user do - relay_uri = "#{Pleroma.Web.Endpoint.url()}/relay" - - if user = get_cached_by_ap_id(relay_uri) do + @doc "Creates an internal service actor by URI if missing. Optionally takes nickname for addressing." + def get_or_create_service_actor_by_ap_id(uri, nickname \\ nil) do + if user = get_cached_by_ap_id(uri) do user else changes = %User{info: %User.Info{}} |> cast(%{}, [:ap_id, :nickname, :local]) - |> put_change(:ap_id, relay_uri) - |> put_change(:nickname, nil) + |> put_change(:ap_id, uri) + |> put_change(:nickname, nickname) |> put_change(:local, true) - |> put_change(:follower_address, relay_uri <> "/followers") + |> put_change(:follower_address, uri <> "/followers") {:ok, user} = Repo.insert(changes) user diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 93808517b..1ebfcdd86 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -10,7 +10,8 @@ defmodule Pleroma.Web.ActivityPub.Relay do require Logger def get_actor do - User.get_or_create_instance_user() + "#{Pleroma.Web.Endpoint.url()}/relay" + |> User.get_or_create_service_actor_by_ap_id() end def follow(target_instance) do -- cgit v1.2.3 From a9d6a12bb3e71bafc11fe7cf5e44ad5bc9981cf9 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 16:22:57 +0000 Subject: activitypub: controller: rework the way the relay actor is presented so the code can be reused --- lib/pleroma/web/activity_pub/activity_pub_controller.ex | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index e2af4ad1a..dc9ef066d 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -206,9 +206,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do json(conn, dgettext("errors", "error")) end - def relay(conn, _params) do - with %User{} = user <- Relay.get_actor(), - {:ok, user} <- User.ensure_keys_present(user) do + defp represent_service_actor(%User{} = user, conn) do + with {:ok, user} <- User.ensure_keys_present(user) do conn |> put_resp_header("content-type", "application/activity+json") |> json(UserView.render("user.json", %{user: user})) @@ -217,6 +216,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do end end + defp represent_service_actor(nil, _), do: {:error, :not_found} + + def relay(conn, _params) do + Relay.get_actor() + |> represent_service_actor(conn) + end + def whoami(%{assigns: %{user: %User{} = user}} = conn, _params) do conn |> put_resp_header("content-type", "application/activity+json") -- cgit v1.2.3 From 0a6f6e1b5bf863fc23a90e6ef358129364bcacce Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 16:59:29 +0000 Subject: webfinger: allow resolution of usernames with dots in them (internal actors) --- lib/pleroma/web/web_finger/web_finger.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex index 3fca72de8..fa34c7ced 100644 --- a/lib/pleroma/web/web_finger/web_finger.ex +++ b/lib/pleroma/web/web_finger/web_finger.ex @@ -32,7 +32,7 @@ defmodule Pleroma.Web.WebFinger do def webfinger(resource, fmt) when fmt in ["XML", "JSON"] do host = Pleroma.Web.Endpoint.host() - regex = ~r/(acct:)?(?\w+)@#{host}/ + regex = ~r/(acct:)?(?[a-z0-9A-Z_\.-]+)@#{host}/ with %{"username" => username} <- Regex.named_captures(regex, resource), %User{} = user <- User.get_cached_by_nickname(username) do -- cgit v1.2.3 From 62e5ff624e1984b48eecaf2a6c14ad092013a13e Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 17:12:42 +0000 Subject: user: add is_internal_user? helper function --- lib/pleroma/user.ex | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 463bb9ad4..c91fbb68a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1410,4 +1410,8 @@ defmodule Pleroma.User do end defp put_password_hash(changeset), do: changeset + + def is_internal_user?(%User{nickname: nil}), do: true + def is_internal_user?(%User{local: true, nickname: "internal." <> _}), do: true + def is_internal_user?(_), do: false end -- cgit v1.2.3 From d930e5d5c322a7c4b3a080dfa3e318d97994aaf1 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 17:14:08 +0000 Subject: activitypub: introduce internal fetch service actor --- lib/pleroma/application.ex | 5 +++++ lib/pleroma/web/activity_pub/internal_fetch_actor.ex | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/internal_fetch_actor.ex (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index ba4cf8486..035331491 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -140,6 +140,11 @@ defmodule Pleroma.Application do id: :federator_init, start: {Task, :start_link, [&Pleroma.Web.Federator.init/0]}, restart: :temporary + }, + %{ + id: :internal_fetch_init, + start: {Task, :start_link, [&Pleroma.Web.ActivityPub.InternalFetchActor.init/0]}, + restart: :temporary } ] ++ streamer_child() ++ diff --git a/lib/pleroma/web/activity_pub/internal_fetch_actor.ex b/lib/pleroma/web/activity_pub/internal_fetch_actor.ex new file mode 100644 index 000000000..9213ddde7 --- /dev/null +++ b/lib/pleroma/web/activity_pub/internal_fetch_actor.ex @@ -0,0 +1,20 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.InternalFetchActor do + alias Pleroma.User + + require Logger + + def init do + # Wait for everything to settle. + Process.sleep(1000 * 5) + get_actor() + end + + def get_actor do + "#{Pleroma.Web.Endpoint.url()}/internal/fetch" + |> User.get_or_create_service_actor_by_ap_id("internal.fetch") + end +end -- cgit v1.2.3 From cf9cb953d5c341bb13e4b86272ff4ef405aeab92 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 17:34:57 +0000 Subject: activitypub: represent internal fetch actor --- lib/pleroma/web/activity_pub/activity_pub_controller.ex | 6 ++++++ lib/pleroma/web/activity_pub/views/user_view.ex | 13 ++++++++++--- lib/pleroma/web/router.ex | 13 +++++++++++-- 3 files changed, 27 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index dc9ef066d..133a726c5 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -10,6 +10,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.Object.Fetcher alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.InternalFetchActor alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier @@ -223,6 +224,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do |> represent_service_actor(conn) end + def internal_fetch(conn, _params) do + InternalFetchActor.get_actor() + |> represent_service_actor(conn) + end + def whoami(%{assigns: %{user: %User{} = user}} = conn, _params) do conn |> put_resp_header("content-type", "application/activity+json") diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index d9c1bcb2c..639519e0a 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -31,8 +31,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do def render("endpoints.json", _), do: %{} - # the instance itself is not a Person, but instead an Application - def render("user.json", %{user: %{nickname: nil} = user}) do + def render("service.json", %{user: user}) do {:ok, user} = User.ensure_keys_present(user) {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys) public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) @@ -47,7 +46,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do "followers" => "#{user.ap_id}/followers", "inbox" => "#{user.ap_id}/inbox", "name" => "Pleroma", - "summary" => "Virtual actor for Pleroma relay", + "summary" => + "An internal service actor for this Pleroma instance. No user-serviceable parts inside.", "url" => user.ap_id, "manuallyApprovesFollowers" => false, "publicKey" => %{ @@ -60,6 +60,13 @@ defmodule Pleroma.Web.ActivityPub.UserView do |> Map.merge(Utils.make_json_ld_header()) end + # the instance itself is not a Person, but instead an Application + def render("user.json", %{user: %User{nickname: nil} = user}), + do: render("service.json", %{user: user}) + + def render("user.json", %{user: %User{nickname: "internal." <> _} = user}), + do: render("service.json", %{user: user}) + def render("user.json", %{user: user}) do {:ok, user} = User.ensure_keys_present(user) {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 52b8dc0bf..8095ac4b1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -586,7 +586,7 @@ defmodule Pleroma.Web.Router do end end - pipeline :ap_relay do + pipeline :ap_service_actor do plug(:accepts, ["activity+json", "json"]) end @@ -663,8 +663,17 @@ defmodule Pleroma.Web.Router do end scope "/relay", Pleroma.Web.ActivityPub do - pipe_through(:ap_relay) + pipe_through(:ap_service_actor) + get("/", ActivityPubController, :relay) + post("/inbox", ActivityPubController, :inbox) + end + + scope "/internal/fetch", Pleroma.Web.ActivityPub do + pipe_through(:ap_service_actor) + + get("/", ActivityPubController, :internal_fetch) + post("/inbox", ActivityPubController, :inbox) end scope "/", Pleroma.Web.ActivityPub do -- cgit v1.2.3 From 4bf2bb9cff2d263e1b022f5c40128ffcbd372746 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Wed, 17 Jul 2019 18:09:31 +0000 Subject: Fix password reset for non-test env Fixes `Plug.Conn.NotSentError` that causes a 5xx error in response instead of 404 and 400. Fixes pattern matching error caused by different response format in test and non-test env: `Pleroma.Emails.Mailer.deliver_async` returns :ok when PleromaJobQueue is enabled and `{:ok, _}` when it's disabled. In tests, it's disabled. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 4 ++-- lib/pleroma/web/twitter_api/twitter_api.ex | 2 ++ lib/pleroma/web/twitter_api/twitter_api_controller.ex | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index aff76e2ea..877430a1d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1826,10 +1826,10 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> json("") else {:error, "unknown user"} -> - put_status(conn, :not_found) + send_resp(conn, :not_found, "") {:error, _} -> - put_status(conn, :bad_request) + send_resp(conn, :bad_request, "") end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 41e1c2877..bb5dda204 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -221,6 +221,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do user |> UserEmail.password_reset_email(token_record.token) |> Mailer.deliver_async() + + {:ok, :enqueued} else false -> {:error, "bad user identifier"} diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 8cb703501..5dfab6a6c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -440,10 +440,10 @@ defmodule Pleroma.Web.TwitterAPI.Controller do json_response(conn, :no_content, "") else {:error, "unknown user"} -> - put_status(conn, :not_found) + send_resp(conn, :not_found, "") {:error, _} -> - put_status(conn, :bad_request) + send_resp(conn, :bad_request, "") end end -- cgit v1.2.3 From f84fb340b7358df195734f2db199e76a819e45bf Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 19:18:19 +0000 Subject: http signatures: derive actor ID from key ID. Almost all AP servers return their key ID as the actor URI with #main-key added. Hubzilla, which doesn't, uses a URL which refers to the actor anyway, so worst case, Hubzilla users get refetched. --- lib/pleroma/signature.ex | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/signature.ex b/lib/pleroma/signature.ex index 1a4d54c62..a45c70a9d 100644 --- a/lib/pleroma/signature.ex +++ b/lib/pleroma/signature.ex @@ -8,10 +8,16 @@ defmodule Pleroma.Signature do alias Pleroma.Keys alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub - alias Pleroma.Web.ActivityPub.Utils + + defp key_id_to_actor_id(key_id) do + URI.parse(key_id) + |> Map.put(:fragment, nil) + |> URI.to_string() + end def fetch_public_key(conn) do - with actor_id <- Utils.get_ap_id(conn.params["actor"]), + with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn), + actor_id <- key_id_to_actor_id(kid), {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do {:ok, public_key} else @@ -21,7 +27,8 @@ defmodule Pleroma.Signature do end def refetch_public_key(conn) do - with actor_id <- Utils.get_ap_id(conn.params["actor"]), + with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn), + actor_id <- key_id_to_actor_id(kid), {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id), {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do {:ok, public_key} -- cgit v1.2.3 From 399acd4c42ae3f1c072c097ff9fabc9761c3d3c1 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Wed, 17 Jul 2019 22:41:42 +0000 Subject: fetcher: sign object fetches if configured --- lib/pleroma/object/fetcher.ex | 49 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 96b34ae9f..305ce8357 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -6,6 +6,8 @@ defmodule Pleroma.Object.Fetcher do alias Pleroma.HTTP alias Pleroma.Object alias Pleroma.Object.Containment + alias Pleroma.Signature + alias Pleroma.Web.ActivityPub.InternalFetchActor alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.OStatus @@ -82,15 +84,52 @@ defmodule Pleroma.Object.Fetcher do end end + defp make_signature(id, date) do + uri = URI.parse(id) + + signature = + InternalFetchActor.get_actor() + |> Signature.sign(%{ + "(request-target)": "get #{uri.path}", + host: uri.host, + date: date + }) + + [{:Signature, signature}] + end + + defp sign_fetch(headers, id, date) do + if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do + headers ++ make_signature(id, date) + else + headers + end + end + + defp maybe_date_fetch(headers, date) do + if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do + headers ++ [{:Date, date}] + else + headers + end + end + def fetch_and_contain_remote_object_from_id(id) do Logger.info("Fetching object #{id} via AP") + date = + NaiveDateTime.utc_now() + |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT") + + headers = + [{:Accept, "application/activity+json"}] + |> maybe_date_fetch(date) + |> sign_fetch(id, date) + + Logger.debug("Fetch headers: #{inspect(headers)}") + with true <- String.starts_with?(id, "http"), - {:ok, %{body: body, status: code}} when code in 200..299 <- - HTTP.get( - id, - [{:Accept, "application/activity+json"}] - ), + {:ok, %{body: body, status: code}} when code in 200..299 <- HTTP.get(id, headers), {:ok, data} <- Jason.decode(body), :ok <- Containment.contain_origin_from_id(id, data) do {:ok, data} -- cgit v1.2.3 From b6b748d3e7f3383303a2fcccb17b7b0f7054100f Mon Sep 17 00:00:00 2001 From: Maksim Date: Thu, 18 Jul 2019 12:30:18 +0000 Subject: tests for Uploader with webhook --- lib/pleroma/uploaders/uploader.ex | 9 ++++++++- lib/pleroma/web/uploader_controller.ex | 4 ---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/uploader.ex b/lib/pleroma/uploaders/uploader.ex index 0af76bc59..c0b22c28a 100644 --- a/lib/pleroma/uploaders/uploader.ex +++ b/lib/pleroma/uploaders/uploader.ex @@ -68,7 +68,14 @@ defmodule Pleroma.Uploaders.Uploader do {:error, error} end after - 30_000 -> {:error, dgettext("errors", "Uploader callback timeout")} + callback_timeout() -> {:error, dgettext("errors", "Uploader callback timeout")} + end + end + + defp callback_timeout do + case Mix.env() do + :test -> 1_000 + _ -> 30_000 end end end diff --git a/lib/pleroma/web/uploader_controller.ex b/lib/pleroma/web/uploader_controller.ex index bf09775e6..0cc172698 100644 --- a/lib/pleroma/web/uploader_controller.ex +++ b/lib/pleroma/web/uploader_controller.ex @@ -11,10 +11,6 @@ defmodule Pleroma.Web.UploaderController do process_callback(conn, :global.whereis_name({Uploader, upload_path}), params) end - def callbacks(conn, _) do - render_error(conn, :bad_request, "bad request") - end - defp process_callback(conn, pid, params) when is_pid(pid) do send(pid, {Uploader, self(), conn, params}) -- cgit v1.2.3 From f435217e5003dac5d749e4bb905572d51c383b29 Mon Sep 17 00:00:00 2001 From: Maksim Date: Thu, 18 Jul 2019 20:29:51 +0000 Subject: tests for Plugs.AuthenticationPlug --- lib/pleroma/plugs/authentication_plug.ex | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index eec514892..567674a0b 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -8,22 +8,19 @@ defmodule Pleroma.Plugs.AuthenticationPlug do alias Pleroma.User require Logger - def init(options) do - options - end + def init(options), do: options - def checkpw(password, password_hash) do - cond do - String.starts_with?(password_hash, "$pbkdf2") -> - Pbkdf2.checkpw(password, password_hash) + def checkpw(password, "$6" <> _ = password_hash) do + :crypt.crypt(password, password_hash) == password_hash + end - String.starts_with?(password_hash, "$6") -> - :crypt.crypt(password, password_hash) == password_hash + def checkpw(password, "$pbkdf2" <> _ = password_hash) do + Pbkdf2.checkpw(password, password_hash) + end - true -> - Logger.error("Password hash not recognized") - false - end + def checkpw(_password, _password_hash) do + Logger.error("Password hash not recognized") + false end def call(%{assigns: %{user: %User{}}} = conn, _), do: conn -- cgit v1.2.3