Merge branch 'features/mastoapi/2.7.0-auth-error-messages' into 'develop'

Mastodon-based auth error messages. User#auth_active?/1 refactoring. See merge request pleroma/pleroma!978
2019-03-26 15:13:55 +00:00 · 2019-03-26 15:13:55 +00:00 · 9e3899bf36
parent 21ff78cd40 b0759f821b
commit 9e3899bf36
3 changed files with 12 additions and 10 deletions
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -60,14 +60,10 @@ defmodule Pleroma.User do
    timestamps()
  end

-  def auth_active?(%User{local: false}), do: true
-
-  def auth_active?(%User{info: %User.Info{confirmation_pending: false}}), do: true
-
  def auth_active?(%User{info: %User.Info{confirmation_pending: true}}),
    do: !Pleroma.Config.get([:instance, :account_activation_required])

-  def auth_active?(_), do: false
+  def auth_active?(%User{}), do: true

  def visible_for?(user, for_user \\ nil)

--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@ -83,14 +83,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do
      end
    else
      {scopes_issue, _} when scopes_issue in [:unsupported_scopes, :missing_scopes] ->
+        # Per https://github.com/tootsuite/mastodon/blob/
+        #   51e154f5e87968d6bb115e053689767ab33e80cd/app/controllers/api/base_controller.rb#L39
        conn
-        |> put_flash(:error, "Permissions not specified.")
+        |> put_flash(:error, "This action is outside the authorized scopes")
        |> put_status(:unauthorized)
        |> authorize(auth_params)

      {:auth_active, false} ->
+        # Per https://github.com/tootsuite/mastodon/blob/
+        #   51e154f5e87968d6bb115e053689767ab33e80cd/app/controllers/api/base_controller.rb#L76
        conn
-        |> put_flash(:error, "Account confirmation pending.")
+        |> put_flash(:error, "Your login is missing a confirmed e-mail address")
        |> put_status(:forbidden)
        |> authorize(auth_params)

@ -149,9 +153,11 @@ defmodule Pleroma.Web.OAuth.OAuthController do
      json(conn, response)
    else
      {:auth_active, false} ->
+        # Per https://github.com/tootsuite/mastodon/blob/
+        #   51e154f5e87968d6bb115e053689767ab33e80cd/app/controllers/api/base_controller.rb#L76
        conn
        |> put_status(:forbidden)
-        |> json(%{error: "Account confirmation pending"})
+        |> json(%{error: "Your login is missing a confirmed e-mail address"})

      _error ->
        put_status(conn, 400)
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@ -87,7 +87,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
    assert result =~ app.redirect_uris

    # Error message
-    assert result =~ "Permissions not specified"
+    assert result =~ "This action is outside the authorized scopes"
  end

  test "returns 401 for scopes beyond app scopes", %{conn: conn} do
@ -113,7 +113,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
    assert result =~ app.redirect_uris

    # Error message
-    assert result =~ "Permissions not specified"
+    assert result =~ "This action is outside the authorized scopes"
  end

  test "issues a token for an all-body request" do