From 5c028b8f92aacb296afbd59130d848883f0c3a10 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Fri, 17 May 2019 12:20:31 +0545 Subject: [PATCH 01/48] user creation admin api will create multiple users --- CHANGELOG.md | 1 + .../web/admin_api/admin_api_controller.ex | 37 +++++---- .../web/admin_api/views/account_view.ex | 46 ++++++++++ lib/pleroma/web/router.ex | 2 +- .../admin_api/admin_api_controller_test.exs | 83 ++++++++++++++++++- 5 files changed, 149 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0e849285..5ee853c76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work. - Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats. - Admin API: Move the user related API to `api/pleroma/admin/users` +- Admin API: `POST /api/pleroma/admin/users` will take list of users - Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change - Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications` - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance` diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index e00b33aba..6048ed35b 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -46,24 +46,31 @@ def user_unfollow(conn, %{"follower" => follower_nick, "followed" => followed_ni |> json("ok") end - def user_create( - conn, - %{"nickname" => nickname, "email" => email, "password" => password} - ) do - user_data = %{ - nickname: nickname, - name: nickname, - email: email, - password: password, - password_confirmation: password, - bio: "." - } + def users_create(conn, %{"users" => users}) do + result = + Enum.map(users, fn %{"nickname" => nickname, "email" => email, "password" => password} -> + user_data = %{ + nickname: nickname, + name: nickname, + email: email, + password: password, + password_confirmation: password, + bio: "." + } - changeset = User.register_changeset(%User{}, user_data, need_confirmation: false) - {:ok, user} = User.register(changeset) + changeset = User.register_changeset(%User{}, user_data, need_confirmation: false) + + case User.register(changeset) do + {:ok, user} -> + AccountView.render("created.json", %{user: user}) + + {:error, changeset} -> + AccountView.render("create-error.json", %{changeset: changeset}) + end + end) conn - |> json(user.nickname) + |> json(result) end def user_show(conn, %{"nickname" => nickname}) do diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index 28bb667d8..e1825c5f1 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -44,4 +44,50 @@ def render("invites.json", %{invites: invites}) do invites: render_many(invites, AccountView, "invite.json", as: :invite) } end + + def render("created.json", %{user: user}) do + %{ + type: "success", + code: 201, + data: %{ + nickname: user.nickname, + email: user.email + } + } + end + + def render("create-error.json", %{changeset: %Ecto.Changeset{changes: changes, errors: errors}}) do + %{ + type: "error", + code: 409, + error: parse_error(errors), + data: %{ + nickname: Map.get(changes, :nickname), + email: Map.get(changes, :email) + } + } + end + + defp parse_error([]), do: "" + + defp parse_error(errors) do + ## when nickname is duplicate ap_id constraint error is raised + nickname_error = Keyword.get(errors, :nickname) || Keyword.get(errors, :ap_id) + email_error = Keyword.get(errors, :email) + password_error = Keyword.get(errors, :password) + + cond do + nickname_error -> + "nickname #{elem(nickname_error, 0)}" + + email_error -> + "email #{elem(email_error, 0)}" + + password_error -> + "password #{elem(password_error, 0)}" + + true -> + "" + end + end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7fef82f82..bbc2fda9b 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -156,7 +156,7 @@ defmodule Pleroma.Web.Router do post("/user", AdminAPIController, :user_create) delete("/users", AdminAPIController, :user_delete) - post("/users", AdminAPIController, :user_create) + post("/users", AdminAPIController, :users_create) patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation) put("/users/tag", AdminAPIController, :tag_users) delete("/users/tag", AdminAPIController, :untag_users) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 6c1897b5a..a0c9fd56f 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -31,12 +31,87 @@ test "Create" do |> assign(:user, admin) |> put_req_header("accept", "application/json") |> post("/api/pleroma/admin/users", %{ - "nickname" => "lain", - "email" => "lain@example.org", - "password" => "test" + "users" => [ + %{ + "nickname" => "lain", + "email" => "lain@example.org", + "password" => "test" + } + ] }) - assert json_response(conn, 200) == "lain" + assert json_response(conn, 200) == [ + %{ + "code" => 201, + "data" => %{ + "email" => "lain@example.org", + "nickname" => "lain" + }, + "type" => "success" + } + ] + end + + test "Cannot create user with exisiting email" do + admin = insert(:user, info: %{is_admin: true}) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/users", %{ + "users" => [ + %{ + "nickname" => "lain", + "email" => user.email, + "password" => "test" + } + ] + }) + + assert json_response(conn, 200) == [ + %{ + "code" => 409, + "data" => %{ + "email" => user.email, + "nickname" => "lain" + }, + "error" => "email has already been taken", + "type" => "error" + } + ] + end + + test "Cannot create user with exisiting nickname" do + admin = insert(:user, info: %{is_admin: true}) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/users", %{ + "users" => [ + %{ + "nickname" => user.nickname, + "email" => "someuser@plerama.social", + "password" => "test" + } + ] + }) + + assert json_response(conn, 200) == [ + %{ + "code" => 409, + "data" => %{ + "email" => "someuser@plerama.social", + "nickname" => user.nickname + }, + "error" => "nickname has already been taken", + "type" => "error" + } + ] end end From 5534d4c67675901ab272ee47355ad43dfae99033 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Sat, 1 Jun 2019 11:17:53 +0545 Subject: [PATCH 02/48] make bulk user creation from admin works as a transaction --- lib/pleroma/user.ex | 8 ++- .../web/admin_api/admin_api_controller.ex | 45 +++++++++---- .../web/admin_api/views/account_view.ex | 2 +- .../admin_api/admin_api_controller_test.exs | 66 ++++++++++++++++++- 4 files changed, 104 insertions(+), 17 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index c6a562a61..722e8ff6b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -276,7 +276,13 @@ defp autofollow_users(user) do @doc "Inserts provided changeset, performs post-registration actions (confirmation email sending etc.)" def register(%Ecto.Changeset{} = changeset) do with {:ok, user} <- Repo.insert(changeset), - {:ok, user} <- autofollow_users(user), + {:ok, user} <- post_register_action(user) do + {:ok, user} + end + end + + def post_register_action(%User{} = user) do + with {:ok, user} <- autofollow_users(user), {:ok, user} <- set_cache(user), {:ok, _} <- Pleroma.User.WelcomeMessage.post_welcome_message_to_user(user), {:ok, _} <- try_send_confirmation_email(user) do diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 6048ed35b..60fd4e571 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -47,7 +47,7 @@ def user_unfollow(conn, %{"follower" => follower_nick, "followed" => followed_ni end def users_create(conn, %{"users" => users}) do - result = + changesets = Enum.map(users, fn %{"nickname" => nickname, "email" => email, "password" => password} -> user_data = %{ nickname: nickname, @@ -58,19 +58,40 @@ def users_create(conn, %{"users" => users}) do bio: "." } - changeset = User.register_changeset(%User{}, user_data, need_confirmation: false) - - case User.register(changeset) do - {:ok, user} -> - AccountView.render("created.json", %{user: user}) - - {:error, changeset} -> - AccountView.render("create-error.json", %{changeset: changeset}) - end + User.register_changeset(%User{}, user_data, need_confirmation: false) + end) + |> Enum.reduce(Ecto.Multi.new(), fn changeset, multi -> + Ecto.Multi.insert(multi, Ecto.UUID.generate(), changeset) end) - conn - |> json(result) + case Pleroma.Repo.transaction(changesets) do + {:ok, users} -> + res = + users + |> Map.values() + |> Enum.map(fn user -> + {:ok, user} = User.post_register_action(user) + user + end) + |> Enum.map(&AccountView.render("created.json", %{user: &1})) + + conn + |> json(res) + + {:error, id, changeset, _} -> + res = + Enum.map(changesets.operations, fn + {current_id, {:changeset, _current_changeset, _}} when current_id == id -> + AccountView.render("create-error.json", %{changeset: changeset}) + + {_, {:changeset, current_changeset, _}} -> + AccountView.render("create-error.json", %{changeset: current_changeset}) + end) + + conn + |> put_status(:conflict) + |> json(res) + end end def user_show(conn, %{"nickname" => nickname}) do diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index e1825c5f1..cccdeff7e 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -48,7 +48,7 @@ def render("invites.json", %{invites: invites}) do def render("created.json", %{user: user}) do %{ type: "success", - code: 201, + code: 200, data: %{ nickname: user.nickname, email: user.email diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index a0c9fd56f..019905137 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -36,18 +36,31 @@ test "Create" do "nickname" => "lain", "email" => "lain@example.org", "password" => "test" + }, + %{ + "nickname" => "lain2", + "email" => "lain2@example.org", + "password" => "test" } ] }) assert json_response(conn, 200) == [ %{ - "code" => 201, + "code" => 200, "data" => %{ "email" => "lain@example.org", "nickname" => "lain" }, "type" => "success" + }, + %{ + "code" => 200, + "data" => %{ + "email" => "lain2@example.org", + "nickname" => "lain2" + }, + "type" => "success" } ] end @@ -70,7 +83,7 @@ test "Cannot create user with exisiting email" do ] }) - assert json_response(conn, 200) == [ + assert json_response(conn, 409) == [ %{ "code" => 409, "data" => %{ @@ -101,7 +114,7 @@ test "Cannot create user with exisiting nickname" do ] }) - assert json_response(conn, 200) == [ + assert json_response(conn, 409) == [ %{ "code" => 409, "data" => %{ @@ -113,6 +126,53 @@ test "Cannot create user with exisiting nickname" do } ] end + + test "Multiple user creation works in transaction" do + admin = insert(:user, info: %{is_admin: true}) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/users", %{ + "users" => [ + %{ + "nickname" => "newuser", + "email" => "newuser@pleroma.social", + "password" => "test" + }, + %{ + "nickname" => "lain", + "email" => user.email, + "password" => "test" + } + ] + }) + + assert json_response(conn, 409) == [ + %{ + "code" => 409, + "data" => %{ + "email" => user.email, + "nickname" => "lain" + }, + "error" => "email has already been taken", + "type" => "error" + }, + %{ + "code" => 409, + "data" => %{ + "email" => "newuser@pleroma.social", + "nickname" => "newuser" + }, + "error" => "", + "type" => "error" + } + ] + + assert User.get_by_nickname("newuser") === nil + end end describe "/api/pleroma/admin/users/:nickname" do From e394fc2eefdd7a4c7edd5fb3c04b445215d4a86c Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Sun, 2 Jun 2019 09:48:45 +0545 Subject: [PATCH 03/48] fix the flaky test for users creation by admin --- .../admin_api/admin_api_controller_test.exs | 20 ++----------------- 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 9721a4034..86b160246 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -47,24 +47,8 @@ test "Create" do ] }) - assert json_response(conn, 200) == [ - %{ - "code" => 200, - "data" => %{ - "email" => "lain@example.org", - "nickname" => "lain" - }, - "type" => "success" - }, - %{ - "code" => 200, - "data" => %{ - "email" => "lain2@example.org", - "nickname" => "lain2" - }, - "type" => "success" - } - ] + response = json_response(conn, 200) |> Enum.map(&Map.get(&1, "type")) + assert response == ["success", "success"] end test "Cannot create user with exisiting email" do From 8ba7a151adf77c5cc47d6e1364a6078cc4bdef98 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Mon, 22 Jul 2019 16:45:54 +0200 Subject: [PATCH 04/48] Cleanup: fix a comment --- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index ce2e44499..b5279412f 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -405,7 +405,7 @@ test "direct timeline", %{conn: conn} do assert %{"visibility" => "direct"} = status assert status["url"] != direct.data["id"] - # User should be able to see his own direct message + # User should be able to see their own direct message res_conn = build_conn() |> assign(:user, user_one) From b72940277470c67802b979e4cab44f277e8fffb3 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Mon, 22 Jul 2019 09:10:30 +0200 Subject: [PATCH 05/48] Make test.exs read config in the same way as dev.exs This way, if your test.secret.exs has an error, you'll actually see it. --- config/test.exs | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/config/test.exs b/config/test.exs index 92dca18bc..3f606aa81 100644 --- a/config/test.exs +++ b/config/test.exs @@ -82,11 +82,10 @@ config :pleroma, Pleroma.ReverseProxy.Client, Pleroma.ReverseProxy.ClientMock -try do +if File.exists?("./config/test.secret.exs") do import_config "test.secret.exs" -rescue - _ -> - IO.puts( - "You may want to create test.secret.exs to declare custom database connection parameters." - ) +else + IO.puts( + "You may want to create test.secret.exs to declare custom database connection parameters." + ) end From 666514194a325e2463c05bae516b89d7c5f59316 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Mon, 22 Jul 2019 14:16:20 +0200 Subject: [PATCH 06/48] Add activity expirations table Add a table to store activity expirations. An activity can have zero or one expirations. The expiration has a scheduled_at field which stores the time at which the activity should expire and be deleted. --- lib/pleroma/activity.ex | 3 ++ lib/pleroma/activity_expiration.ex | 31 +++++++++++++++++++ .../20190716100804_add_expirations_table.exs | 10 ++++++ test/activity_expiration_test.exs | 21 +++++++++++++ test/activity_test.exs | 9 ++++++ test/support/factory.ex | 19 +++++++++++- 6 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 lib/pleroma/activity_expiration.ex create mode 100644 priv/repo/migrations/20190716100804_add_expirations_table.exs create mode 100644 test/activity_expiration_test.exs diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 46552c7be..be4850560 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Activity do use Ecto.Schema alias Pleroma.Activity + alias Pleroma.ActivityExpiration alias Pleroma.Bookmark alias Pleroma.Notification alias Pleroma.Object @@ -59,6 +60,8 @@ defmodule Pleroma.Activity do # typical case. has_one(:object, Object, on_delete: :nothing, foreign_key: :id) + has_one(:expiration, ActivityExpiration, on_delete: :delete_all) + timestamps() end diff --git a/lib/pleroma/activity_expiration.ex b/lib/pleroma/activity_expiration.ex new file mode 100644 index 000000000..d3d95f9e9 --- /dev/null +++ b/lib/pleroma/activity_expiration.ex @@ -0,0 +1,31 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.ActivityExpiration do + use Ecto.Schema + + alias Pleroma.Activity + alias Pleroma.ActivityExpiration + alias Pleroma.FlakeId + alias Pleroma.Repo + + import Ecto.Query + + @type t :: %__MODULE__{} + + schema "activity_expirations" do + belongs_to(:activity, Activity, type: FlakeId) + field(:scheduled_at, :naive_datetime) + end + + def due_expirations(offset \\ 0) do + naive_datetime = + NaiveDateTime.utc_now() + |> NaiveDateTime.add(offset, :millisecond) + + ActivityExpiration + |> where([exp], exp.scheduled_at < ^naive_datetime) + |> Repo.all() + end +end diff --git a/priv/repo/migrations/20190716100804_add_expirations_table.exs b/priv/repo/migrations/20190716100804_add_expirations_table.exs new file mode 100644 index 000000000..fbde8f9d6 --- /dev/null +++ b/priv/repo/migrations/20190716100804_add_expirations_table.exs @@ -0,0 +1,10 @@ +defmodule Pleroma.Repo.Migrations.AddExpirationsTable do + use Ecto.Migration + + def change do + create_if_not_exists table(:activity_expirations) do + add(:activity_id, references(:activities, type: :uuid, on_delete: :delete_all)) + add(:scheduled_at, :naive_datetime, null: false) + end + end +end diff --git a/test/activity_expiration_test.exs b/test/activity_expiration_test.exs new file mode 100644 index 000000000..20566a186 --- /dev/null +++ b/test/activity_expiration_test.exs @@ -0,0 +1,21 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.ActivityExpirationTest do + use Pleroma.DataCase + alias Pleroma.ActivityExpiration + import Pleroma.Factory + + test "finds activities due to be deleted only" do + activity = insert(:note_activity) + expiration_due = insert(:expiration_in_the_past, %{activity_id: activity.id}) + activity2 = insert(:note_activity) + insert(:expiration_in_the_future, %{activity_id: activity2.id}) + + expirations = ActivityExpiration.due_expirations() + + assert length(expirations) == 1 + assert hd(expirations) == expiration_due + end +end diff --git a/test/activity_test.exs b/test/activity_test.exs index b27f6fd36..785c4b3cf 100644 --- a/test/activity_test.exs +++ b/test/activity_test.exs @@ -164,4 +164,13 @@ test "find all statuses for unauthenticated users when `limit_to_local_content` Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated) end end + + test "add an activity with an expiration" do + activity = insert(:note_activity) + insert(:expiration_in_the_future, %{activity_id: activity.id}) + + Pleroma.ActivityExpiration + |> where([a], a.activity_id == ^activity.id) + |> Repo.one!() + end end diff --git a/test/support/factory.ex b/test/support/factory.ex index c751546ce..7b52b1328 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2018 Pleroma Authors +# Copyright © 2017-2019 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Factory do @@ -142,6 +142,23 @@ def note_activity_factory(attrs \\ %{}) do |> Map.merge(attrs) end + defp expiration_offset_by_minutes(attrs, minutes) do + %Pleroma.ActivityExpiration{} + |> Map.merge(attrs) + |> Map.put( + :scheduled_at, + NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(minutes), :millisecond) + ) + end + + def expiration_in_the_past_factory(attrs \\ %{}) do + expiration_offset_by_minutes(attrs, -60) + end + + def expiration_in_the_future_factory(attrs \\ %{}) do + expiration_offset_by_minutes(attrs, 60) + end + def article_activity_factory do article = insert(:article) From 378f5f0fbe21c2533719fed9afe8313586fda5d5 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Mon, 22 Jul 2019 14:18:58 +0200 Subject: [PATCH 07/48] Add activity expiration worker This is a worker that runs every minute and deletes expired activities. It's based heavily on the scheduled activities worker. --- config/config.exs | 3 ++ docs/config.md | 4 ++ lib/pleroma/activity_expiration_worker.ex | 62 +++++++++++++++++++++++ lib/pleroma/application.ex | 4 ++ test/activity_expiration_worker_test.exs | 17 +++++++ 5 files changed, 90 insertions(+) create mode 100644 lib/pleroma/activity_expiration_worker.ex create mode 100644 test/activity_expiration_worker_test.exs diff --git a/config/config.exs b/config/config.exs index 569411866..2887353fb 100644 --- a/config/config.exs +++ b/config/config.exs @@ -447,6 +447,7 @@ max_retries: 5 config :pleroma_job_queue, :queues, + activity_expiration: 10, federator_incoming: 50, federator_outgoing: 50, web_push: 50, @@ -536,6 +537,8 @@ status_id_action: {60_000, 3}, password_reset: {1_800_000, 5} +config :pleroma, Pleroma.ActivityExpiration, enabled: true + # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" diff --git a/docs/config.md b/docs/config.md index 02f86dc16..a20ed704f 100644 --- a/docs/config.md +++ b/docs/config.md @@ -484,6 +484,10 @@ config :auto_linker, * `total_user_limit`: the number of scheduled activities a user is allowed to create in total (Default: `300`) * `enabled`: whether scheduled activities are sent to the job queue to be executed +## Pleroma.ActivityExpiration + +# `enabled`: whether expired activities will be sent to the job queue to be deleted + ## Pleroma.Web.Auth.Authenticator * `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator diff --git a/lib/pleroma/activity_expiration_worker.ex b/lib/pleroma/activity_expiration_worker.ex new file mode 100644 index 000000000..a341f58df --- /dev/null +++ b/lib/pleroma/activity_expiration_worker.ex @@ -0,0 +1,62 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.ActivityExpirationWorker do + alias Pleroma.Activity + alias Pleroma.ActivityExpiration + alias Pleroma.Config + alias Pleroma.Repo + alias Pleroma.User + alias Pleroma.Web.CommonAPI + require Logger + use GenServer + import Ecto.Query + + @schedule_interval :timer.minutes(1) + + def start_link do + GenServer.start_link(__MODULE__, nil) + end + + @impl true + def init(_) do + if Config.get([ActivityExpiration, :enabled]) do + schedule_next() + {:ok, nil} + else + :ignore + end + end + + def perform(:execute, expiration_id) do + try do + expiration = + ActivityExpiration + |> where([e], e.id == ^expiration_id) + |> Repo.one!() + + activity = Activity.get_by_id_with_object(expiration.activity_id) + user = User.get_by_ap_id(activity.object.data["actor"]) + CommonAPI.delete(activity.id, user) + rescue + error -> + Logger.error("#{__MODULE__} Couldn't delete expired activity: #{inspect(error)}") + end + end + + @impl true + def handle_info(:perform, state) do + ActivityExpiration.due_expirations(@schedule_interval) + |> Enum.each(fn expiration -> + PleromaJobQueue.enqueue(:activity_expiration, __MODULE__, [:execute, expiration.id]) + end) + + schedule_next() + {:noreply, state} + end + + defp schedule_next do + Process.send_after(self(), :perform, @schedule_interval) + end +end diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 035331491..42e4a1dfa 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -115,6 +115,10 @@ def start(_type, _args) do %{ id: Pleroma.ScheduledActivityWorker, start: {Pleroma.ScheduledActivityWorker, :start_link, []} + }, + %{ + id: Pleroma.ActivityExpirationWorker, + start: {Pleroma.ActivityExpirationWorker, :start_link, []} } ] ++ hackney_pool_children() ++ diff --git a/test/activity_expiration_worker_test.exs b/test/activity_expiration_worker_test.exs new file mode 100644 index 000000000..939d912f1 --- /dev/null +++ b/test/activity_expiration_worker_test.exs @@ -0,0 +1,17 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2018 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.ActivityExpirationWorkerTest do + use Pleroma.DataCase + alias Pleroma.Activity + import Pleroma.Factory + + test "deletes an activity" do + activity = insert(:note_activity) + expiration = insert(:expiration_in_the_past, %{activity_id: activity.id}) + Pleroma.ActivityExpirationWorker.perform(:execute, expiration.id) + + refute Repo.get(Activity, activity.id) + end +end From 704960b3c135d2e050308c68f5ccf5d7b7df40f8 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Mon, 22 Jul 2019 16:46:20 +0200 Subject: [PATCH 08/48] Add support for activity expiration to common and Masto API The "expires_at" parameter accepts an ISO8601-formatted date which defines when the activity will expire. At this point the API will not give you any feedback about if your post will expire or not. --- docs/api/differences_in_mastoapi_responses.md | 1 + lib/pleroma/activity_expiration.ex | 19 ++++++++++++ lib/pleroma/web/common_api/common_api.ex | 29 +++++++++++++------ test/support/factory.ex | 10 ++++--- test/web/common_api/common_api_test.exs | 17 +++++++++++ .../mastodon_api_controller_test.exs | 19 ++++++++++++ 6 files changed, 82 insertions(+), 13 deletions(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 1907d70c8..7d5be4713 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -79,6 +79,7 @@ Additional parameters can be added to the JSON body/Form data: - `content_type`: string, contain the MIME type of the status, it is transformed into HTML by the backend. You can get the list of the supported MIME types with the nodeinfo endpoint. - `to`: A list of nicknames (like `lain@soykaf.club` or `lain` on the local server) that will be used to determine who is going to be addressed by this post. Using this will disable the implicit addressing by mentioned names in the `status` body, only the people in the `to` list will be addressed. The normal rules for for post visibility are not affected by this and will still apply. - `visibility`: string, besides standard MastoAPI values (`direct`, `private`, `unlisted` or `public`) it can be used to address a List by setting it to `list:LIST_ID`. +- `expires_on`: datetime (iso8601), sets when the posted activity should expire. When a posted activity expires it will be deleted from the server, and a delete request for it will be federated. ## PATCH `/api/v1/update_credentials` diff --git a/lib/pleroma/activity_expiration.ex b/lib/pleroma/activity_expiration.ex index d3d95f9e9..a0af5255b 100644 --- a/lib/pleroma/activity_expiration.ex +++ b/lib/pleroma/activity_expiration.ex @@ -10,6 +10,7 @@ defmodule Pleroma.ActivityExpiration do alias Pleroma.FlakeId alias Pleroma.Repo + import Ecto.Changeset import Ecto.Query @type t :: %__MODULE__{} @@ -19,6 +20,24 @@ defmodule Pleroma.ActivityExpiration do field(:scheduled_at, :naive_datetime) end + def changeset(%ActivityExpiration{} = expiration, attrs) do + expiration + |> cast(attrs, [:scheduled_at]) + |> validate_required([:scheduled_at]) + end + + def get_by_activity_id(activity_id) do + ActivityExpiration + |> where([exp], exp.activity_id == ^activity_id) + |> Repo.one() + end + + def create(%Activity{} = activity, scheduled_at) do + %ActivityExpiration{activity_id: activity.id} + |> changeset(%{scheduled_at: scheduled_at}) + |> Repo.insert() + end + def due_expirations(offset \\ 0) do naive_datetime = NaiveDateTime.utc_now() diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 44af6a773..0f287af4e 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.CommonAPI do alias Pleroma.Activity + alias Pleroma.ActivityExpiration alias Pleroma.Formatter alias Pleroma.Object alias Pleroma.ThreadMute @@ -218,6 +219,7 @@ def post(user, %{"status" => status} = data) do context <- make_context(in_reply_to), cw <- data["spoiler_text"] || "", sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}), + {:ok, expires_at} <- Ecto.Type.cast(:naive_datetime, data["expires_at"]), full_payload <- String.trim(status <> cw), :ok <- validate_character_limit(full_payload, attachments, limit), object <- @@ -243,15 +245,24 @@ def post(user, %{"status" => status} = data) do preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false direct? = visibility == "direct" - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "directMessage" => direct?} - } - |> maybe_add_list_data(user, visibility) - |> ActivityPub.create(preview?) + result = + %{ + to: to, + actor: user, + context: context, + object: object, + additional: %{"cc" => cc, "directMessage" => direct?} + } + |> maybe_add_list_data(user, visibility) + |> ActivityPub.create(preview?) + + if expires_at do + with {:ok, activity} <- result do + ActivityExpiration.create(activity, expires_at) + end + end + + result else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/test/support/factory.ex b/test/support/factory.ex index 7b52b1328..63fe3a66d 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -143,12 +143,14 @@ def note_activity_factory(attrs \\ %{}) do end defp expiration_offset_by_minutes(attrs, minutes) do + scheduled_at = + NaiveDateTime.utc_now() + |> NaiveDateTime.add(:timer.minutes(minutes), :millisecond) + |> NaiveDateTime.truncate(:second) + %Pleroma.ActivityExpiration{} |> Map.merge(attrs) - |> Map.put( - :scheduled_at, - NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(minutes), :millisecond) - ) + |> Map.put(:scheduled_at, scheduled_at) end def expiration_in_the_past_factory(attrs \\ %{}) do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 16b3f121d..210314a4a 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -160,6 +160,23 @@ test "it returns error when character limit is exceeded" do Pleroma.Config.put([:instance, :limit], limit) end + + test "it can handle activities that expire" do + user = insert(:user) + + expires_at = + NaiveDateTime.utc_now() + |> NaiveDateTime.truncate(:second) + |> NaiveDateTime.add(1_000_000, :second) + + expires_at_iso8601 = expires_at |> NaiveDateTime.to_iso8601() + + assert {:ok, activity} = + CommonAPI.post(user, %{"status" => "chai", "expires_at" => expires_at_iso8601}) + + assert expiration = Pleroma.ActivityExpiration.get_by_activity_id(activity.id) + assert expiration.scheduled_at == expires_at + end end describe "reactions" do diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index b5279412f..24482a4a2 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -7,6 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do alias Ecto.Changeset alias Pleroma.Activity + alias Pleroma.ActivityExpiration alias Pleroma.Notification alias Pleroma.Object alias Pleroma.Repo @@ -151,6 +152,24 @@ test "posting a status", %{conn: conn} do assert %{"id" => third_id} = json_response(conn_three, 200) refute id == third_id + + # An activity that will expire: + expires_at = + NaiveDateTime.utc_now() + |> NaiveDateTime.add(:timer.minutes(120), :millisecond) + |> NaiveDateTime.truncate(:second) + + conn_four = + conn + |> post("api/v1/statuses", %{ + "status" => "oolong", + "expires_at" => expires_at + }) + + assert %{"id" => fourth_id} = json_response(conn_four, 200) + assert activity = Activity.get_by_id(fourth_id) + assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) + assert expiration.scheduled_at == expires_at end test "replying to a status", %{conn: conn} do From 36012ef6c1dfea2489e61063e14783fa3fb52700 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Tue, 23 Jul 2019 16:33:45 +0200 Subject: [PATCH 09/48] Require that ephemeral posts live for at least one hour If we didn't put some kind of lifetime requirement on these, I guess you could annoy people by sending large numbers of ephemeral posts that provoke notifications but then disappear before anyone can read them. --- lib/pleroma/activity_expiration.ex | 18 ++++++++++++++++++ lib/pleroma/web/common_api/common_api.ex | 14 ++++++++++++-- test/activity_expiration_test.exs | 6 ++++++ test/support/factory.ex | 2 +- 4 files changed, 37 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/activity_expiration.ex b/lib/pleroma/activity_expiration.ex index a0af5255b..bf57abca4 100644 --- a/lib/pleroma/activity_expiration.ex +++ b/lib/pleroma/activity_expiration.ex @@ -14,6 +14,7 @@ defmodule Pleroma.ActivityExpiration do import Ecto.Query @type t :: %__MODULE__{} + @min_activity_lifetime :timer.hours(1) schema "activity_expirations" do belongs_to(:activity, Activity, type: FlakeId) @@ -24,6 +25,7 @@ def changeset(%ActivityExpiration{} = expiration, attrs) do expiration |> cast(attrs, [:scheduled_at]) |> validate_required([:scheduled_at]) + |> validate_scheduled_at() end def get_by_activity_id(activity_id) do @@ -47,4 +49,20 @@ def due_expirations(offset \\ 0) do |> where([exp], exp.scheduled_at < ^naive_datetime) |> Repo.all() end + + def validate_scheduled_at(changeset) do + validate_change(changeset, :scheduled_at, fn _, scheduled_at -> + if not expires_late_enough?(scheduled_at) do + [scheduled_at: "an ephemeral activity must live for at least one hour"] + else + [] + end + end) + end + + def expires_late_enough?(scheduled_at) do + now = NaiveDateTime.utc_now() + diff = NaiveDateTime.diff(scheduled_at, now, :millisecond) + diff >= @min_activity_lifetime + end end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 0f287af4e..261d60392 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -196,6 +196,16 @@ def get_replied_to_visibility(activity) do end end + defp check_expiry_date(expiry_str) do + {:ok, expiry} = Ecto.Type.cast(:naive_datetime, expiry_str) + + if is_nil(expiry) || ActivityExpiration.expires_late_enough?(expiry) do + {:ok, expiry} + else + {:error, "Expiry date is too soon"} + end + end + def post(user, %{"status" => status} = data) do limit = Pleroma.Config.get([:instance, :limit]) @@ -219,7 +229,7 @@ def post(user, %{"status" => status} = data) do context <- make_context(in_reply_to), cw <- data["spoiler_text"] || "", sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}), - {:ok, expires_at} <- Ecto.Type.cast(:naive_datetime, data["expires_at"]), + {:ok, expires_at} <- check_expiry_date(data["expires_at"]), full_payload <- String.trim(status <> cw), :ok <- validate_character_limit(full_payload, attachments, limit), object <- @@ -258,7 +268,7 @@ def post(user, %{"status" => status} = data) do if expires_at do with {:ok, activity} <- result do - ActivityExpiration.create(activity, expires_at) + {:ok, _} = ActivityExpiration.create(activity, expires_at) end end diff --git a/test/activity_expiration_test.exs b/test/activity_expiration_test.exs index 20566a186..4948fae16 100644 --- a/test/activity_expiration_test.exs +++ b/test/activity_expiration_test.exs @@ -18,4 +18,10 @@ test "finds activities due to be deleted only" do assert length(expirations) == 1 assert hd(expirations) == expiration_due end + + test "denies expirations that don't live long enough" do + activity = insert(:note_activity) + now = NaiveDateTime.utc_now() + assert {:error, _} = ActivityExpiration.create(activity, now) + end end diff --git a/test/support/factory.ex b/test/support/factory.ex index 63fe3a66d..7a2ddcada 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -158,7 +158,7 @@ def expiration_in_the_past_factory(attrs \\ %{}) do end def expiration_in_the_future_factory(attrs \\ %{}) do - expiration_offset_by_minutes(attrs, 60) + expiration_offset_by_minutes(attrs, 61) end def article_activity_factory do From 3cb471ec0688b81c8ef37dd27f2b82e6c858431f Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Wed, 24 Jul 2019 12:43:20 +0200 Subject: [PATCH 10/48] Expose expires_at datetime in mastoAPI only for the activity actor In the "pleroma" section of the MastoAPI for status activities you can see an expires_at item that states when the activity will expire, or nothing if the activity will not expire. The expires_at date is only visible to the person who posted the activity. This is the conservative approach in case some attacker decides to write a logger for expiring posts. However, in the future of OCAP, signed requests, and all that stuff, this attack might not be that likely. Some other pleroma dev should remove the restriction in the code at that time, if they're satisfied with the security implications of doing so. --- docs/api/differences_in_mastoapi_responses.md | 1 + lib/pleroma/web/mastodon_api/views/status_view.ex | 13 ++++++++++++- .../mastodon_api/mastodon_api_controller_test.exs | 3 ++- test/web/mastodon_api/status_view_test.exs | 3 ++- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 7d5be4713..168a13f4e 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -25,6 +25,7 @@ Has these additional fields under the `pleroma` object: - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` +- `expires_on`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire ## Attachments diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index de9425959..7264dcafb 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do use Pleroma.Web, :view alias Pleroma.Activity + alias Pleroma.ActivityExpiration alias Pleroma.HTML alias Pleroma.Object alias Pleroma.Repo @@ -165,6 +166,15 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity bookmarked = Activity.get_bookmark(activity, opts[:for]) != nil + client_posted_this_activity = opts[:for] && user.id == opts[:for].id + + expires_at = + with true <- client_posted_this_activity, + expiration when not is_nil(expiration) <- + ActivityExpiration.get_by_activity_id(activity.id) do + expiration.scheduled_at + end + thread_muted? = case activity.thread_muted? do thread_muted? when is_boolean(thread_muted?) -> thread_muted? @@ -262,7 +272,8 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity conversation_id: get_context_id(activity), in_reply_to_account_acct: reply_to_user && reply_to_user.nickname, content: %{"text/plain" => content_plaintext}, - spoiler_text: %{"text/plain" => summary_plaintext} + spoiler_text: %{"text/plain" => summary_plaintext}, + expires_at: expires_at } } end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 24482a4a2..e59908979 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -166,10 +166,11 @@ test "posting a status", %{conn: conn} do "expires_at" => expires_at }) - assert %{"id" => fourth_id} = json_response(conn_four, 200) + assert fourth_response = %{"id" => fourth_id} = json_response(conn_four, 200) assert activity = Activity.get_by_id(fourth_id) assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) assert expiration.scheduled_at == expires_at + assert fourth_response["pleroma"]["expires_at"] == NaiveDateTime.to_iso8601(expires_at) end test "replying to a status", %{conn: conn} do diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index 3447c5b1f..073c69659 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -133,7 +133,8 @@ test "a note activity" do conversation_id: convo_id, in_reply_to_account_acct: nil, content: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["content"])}, - spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["summary"])} + spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["summary"])}, + expires_at: nil } } From 91d9fdc7decc664483625c11e44d4e053dd9c585 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Wed, 24 Jul 2019 13:02:28 +0200 Subject: [PATCH 11/48] Update changelog to document expiring posts feature --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 35a5a6c21..75d236af5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +### Added +- Expiring/ephemeral activites. All activities can have expires_on value set, which controls when they should be deleted automatically. +- Mastodon API: in post_status, expires_at datetime parameter lets you set when an activity should expire +- Mastodon API: all status JSON responses contain a `pleroma.expires_in` item which states the number of minutes until an activity expires. The value is only shown to the user who created the activity. To everyone else it's empty. +- Configuration: `ActivityExpiration.enabled` controls whether expired activites will get deleted at the appropriate time. Enabled by default. + ### Changed - **Breaking:** Configuration: A setting to explicitly disable the mailer was added, defaulting to true, if you are using a mailer add `config :pleroma, Pleroma.Emails.Mailer, enabled: true` to your config - Configuration: OpenGraph and TwitterCard providers enabled by default From 2981821db834448bf9b2ba26590314e36201664c Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Wed, 24 Jul 2019 16:51:09 +0200 Subject: [PATCH 12/48] squash! Expose expires_at datetime in mastoAPI only for the activity actor NOTE: rewrite the commit msg --- docs/api/differences_in_mastoapi_responses.md | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 10 +++++++--- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- test/web/mastodon_api/status_view_test.exs | 2 +- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 168a13f4e..829468b13 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -25,7 +25,7 @@ Has these additional fields under the `pleroma` object: - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` -- `expires_on`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire +- `expires_in`: the number of minutes until a post will expire (be deleted automatically), or empty if the post won't expire ## Attachments diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 7264dcafb..4a3686d72 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -168,11 +168,15 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity client_posted_this_activity = opts[:for] && user.id == opts[:for].id - expires_at = + expires_in = with true <- client_posted_this_activity, expiration when not is_nil(expiration) <- ActivityExpiration.get_by_activity_id(activity.id) do - expiration.scheduled_at + expires_in_seconds = + expiration.scheduled_at + |> NaiveDateTime.diff(NaiveDateTime.utc_now(), :second) + + round(expires_in_seconds / 60) end thread_muted? = @@ -273,7 +277,7 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity in_reply_to_account_acct: reply_to_user && reply_to_user.nickname, content: %{"text/plain" => content_plaintext}, spoiler_text: %{"text/plain" => summary_plaintext}, - expires_at: expires_at + expires_in: expires_in } } end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index e59908979..a9d38c06e 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -170,7 +170,7 @@ test "posting a status", %{conn: conn} do assert activity = Activity.get_by_id(fourth_id) assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) assert expiration.scheduled_at == expires_at - assert fourth_response["pleroma"]["expires_at"] == NaiveDateTime.to_iso8601(expires_at) + assert fourth_response["pleroma"]["expires_in"] > 0 end test "replying to a status", %{conn: conn} do diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index 073c69659..eb0874ab2 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -134,7 +134,7 @@ test "a note activity" do in_reply_to_account_acct: nil, content: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["content"])}, spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["summary"])}, - expires_at: nil + expires_in: nil } } From 877575d0da830724e822eac2de243391aaea7ec8 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Wed, 24 Jul 2019 17:07:51 +0200 Subject: [PATCH 13/48] fixup! Update changelog --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75d236af5..f64506637 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] ### Added - Expiring/ephemeral activites. All activities can have expires_on value set, which controls when they should be deleted automatically. -- Mastodon API: in post_status, expires_at datetime parameter lets you set when an activity should expire -- Mastodon API: all status JSON responses contain a `pleroma.expires_in` item which states the number of minutes until an activity expires. The value is only shown to the user who created the activity. To everyone else it's empty. +- Mastodon API: in post_status, the expires_in parameter lets you set the number of minutes until an activity expires. It must be at least one hour. +- Mastodon API: all status JSON responses contain a `pleroma.expires_on` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty. - Configuration: `ActivityExpiration.enabled` controls whether expired activites will get deleted at the appropriate time. Enabled by default. ### Changed From 2c83eb0b157b2f574f55341e9171f0b5ab7bd3b2 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Wed, 24 Jul 2019 17:09:59 +0200 Subject: [PATCH 14/48] Revert "squash! Expose expires_at datetime in mastoAPI only for the activity actor" This reverts commit 2981821db834448bf9b2ba26590314e36201664c. --- docs/api/differences_in_mastoapi_responses.md | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 10 +++------- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- test/web/mastodon_api/status_view_test.exs | 2 +- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 829468b13..168a13f4e 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -25,7 +25,7 @@ Has these additional fields under the `pleroma` object: - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` -- `expires_in`: the number of minutes until a post will expire (be deleted automatically), or empty if the post won't expire +- `expires_on`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire ## Attachments diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 4a3686d72..7264dcafb 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -168,15 +168,11 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity client_posted_this_activity = opts[:for] && user.id == opts[:for].id - expires_in = + expires_at = with true <- client_posted_this_activity, expiration when not is_nil(expiration) <- ActivityExpiration.get_by_activity_id(activity.id) do - expires_in_seconds = - expiration.scheduled_at - |> NaiveDateTime.diff(NaiveDateTime.utc_now(), :second) - - round(expires_in_seconds / 60) + expiration.scheduled_at end thread_muted? = @@ -277,7 +273,7 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity in_reply_to_account_acct: reply_to_user && reply_to_user.nickname, content: %{"text/plain" => content_plaintext}, spoiler_text: %{"text/plain" => summary_plaintext}, - expires_in: expires_in + expires_at: expires_at } } end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index a9d38c06e..e59908979 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -170,7 +170,7 @@ test "posting a status", %{conn: conn} do assert activity = Activity.get_by_id(fourth_id) assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) assert expiration.scheduled_at == expires_at - assert fourth_response["pleroma"]["expires_in"] > 0 + assert fourth_response["pleroma"]["expires_at"] == NaiveDateTime.to_iso8601(expires_at) end test "replying to a status", %{conn: conn} do diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index eb0874ab2..073c69659 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -134,7 +134,7 @@ test "a note activity" do in_reply_to_account_acct: nil, content: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["content"])}, spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["summary"])}, - expires_in: nil + expires_at: nil } } From 0e2b5a3e6aed7947909c2a1ff1618403546f1572 Mon Sep 17 00:00:00 2001 From: Mike Verdone Date: Wed, 24 Jul 2019 17:25:11 +0200 Subject: [PATCH 15/48] WIP --- .../mastodon_api_controller_test.exs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index e59908979..fbe0ab375 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -154,23 +154,27 @@ test "posting a status", %{conn: conn} do refute id == third_id # An activity that will expire: - expires_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.minutes(120), :millisecond) - |> NaiveDateTime.truncate(:second) + expires_in = 120 conn_four = conn |> post("api/v1/statuses", %{ "status" => "oolong", - "expires_at" => expires_at + "expires_in" => expires_in }) assert fourth_response = %{"id" => fourth_id} = json_response(conn_four, 200) assert activity = Activity.get_by_id(fourth_id) assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) - assert expiration.scheduled_at == expires_at - assert fourth_response["pleroma"]["expires_at"] == NaiveDateTime.to_iso8601(expires_at) + + estimated_expires_at = + NaiveDateTime.utc_now() + |> NaiveDateTime.add(:timer.minutes(expires_in), :millisecond) + |> NaiveDateTime.truncate(:second) + + # This assert will fail if the test takes longer than a minute. I sure hope it never does: + assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60 + assert fourth_response["pleroma"]["expires_at"] == NaiveDateTime.to_iso8601(expiration.scheduled_at) end test "replying to a status", %{conn: conn} do From 37229af15fe6d540e7b4a0b6e89f548a100d51c7 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Thu, 22 Aug 2019 00:15:00 +0545 Subject: [PATCH 16/48] remove old user create and delete routes for admin --- lib/pleroma/web/router.ex | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index eb3ee03f3..445cf62e2 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -151,10 +151,6 @@ defmodule Pleroma.Web.Router do post("/users/follow", AdminAPIController, :user_follow) post("/users/unfollow", AdminAPIController, :user_unfollow) - # TODO: to be removed at version 1.0 - delete("/user", AdminAPIController, :user_delete) - post("/user", AdminAPIController, :user_create) - delete("/users", AdminAPIController, :user_delete) post("/users", AdminAPIController, :users_create) patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation) From 64bfb41c553a45855e86737298185c1395bbb350 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Thu, 22 Aug 2019 06:57:55 +0300 Subject: [PATCH 17/48] fixed unfollow for relay actor --- .../activity_pub/activity_pub_controller.ex | 14 +++++++++ lib/pleroma/web/activity_pub/relay.ex | 3 +- lib/pleroma/web/router.ex | 3 ++ .../activity_pub_controller_test.exs | 29 +++++++++++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 133a726c5..e72ec5500 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -104,6 +104,13 @@ def activity(conn, %{"uuid" => uuid}) do end end + # GET /relay/following + def following(%{assigns: %{relay: true}} = conn, _params) do + conn + |> put_resp_header("content-type", "application/activity+json") + |> json(UserView.render("following.json", %{user: Relay.get_actor()})) + end + def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do with %User{} = user <- User.get_cached_by_nickname(nickname), {user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user), @@ -131,6 +138,13 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d end end + # GET /relay/followers + def followers(%{assigns: %{relay: true}} = conn, _params) do + conn + |> put_resp_header("content-type", "application/activity+json") + |> json(UserView.render("followers.json", %{user: Relay.get_actor()})) + end + def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do with %User{} = user <- User.get_cached_by_nickname(nickname), {user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user), diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 5f18cc64a..905e85cc6 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -36,7 +36,8 @@ def follow(target_instance) do def unfollow(target_instance) do with %User{} = local_user <- get_actor(), {:ok, %User{} = target_user} <- User.get_or_fetch_by_ap_id(target_instance), - {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do + {:ok, activity} <- ActivityPub.unfollow(local_user, target_user), + {:ok, _, _} <- User.unfollow(local_user, target_user) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") {:ok, activity} else diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1eb6f7b9d..469e46f5d 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -687,6 +687,9 @@ defmodule Pleroma.Web.Router do get("/", ActivityPubController, :relay) post("/inbox", ActivityPubController, :inbox) + + get("/following", ActivityPubController, :following, assigns: %{relay: true}) + get("/followers", ActivityPubController, :followers, assigns: %{relay: true}) end scope "/internal/fetch", Pleroma.Web.ActivityPub do diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 77f5e39fa..cf71066fd 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -12,6 +12,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.ActivityPub.UserView alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.CommonAPI setup_all do @@ -593,6 +594,34 @@ test "it increases like count when receiving a like action", %{conn: conn} do end end + describe "/relay/followers" do + test "it returns relay followers", %{conn: conn} do + relay_actor = Relay.get_actor() + user = insert(:user) + User.follow(user, relay_actor) + + result = + conn + |> assign(:relay, true) + |> get("/relay/followers") + |> json_response(200) + + assert result["first"]["orderedItems"] == [user.ap_id] + end + end + + describe "/relay/following" do + test "it returns relay following", %{conn: conn} do + result = + conn + |> assign(:relay, true) + |> get("/relay/following") + |> json_response(200) + + assert result["first"]["orderedItems"] == [] + end + end + describe "/users/:nickname/followers" do test "it returns the followers in a collection", %{conn: conn} do user = insert(:user) From 399ca9133b67725242f76093103e9909e2337e72 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Thu, 22 Aug 2019 21:32:40 +0300 Subject: [PATCH 18/48] fix test --- lib/pleroma/web/activity_pub/relay.ex | 4 ++-- test/web/activity_pub/activity_pub_controller_test.exs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 905e85cc6..ce3e30874 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -36,8 +36,8 @@ def follow(target_instance) do def unfollow(target_instance) do with %User{} = local_user <- get_actor(), {:ok, %User{} = target_user} <- User.get_or_fetch_by_ap_id(target_instance), - {:ok, activity} <- ActivityPub.unfollow(local_user, target_user), - {:ok, _, _} <- User.unfollow(local_user, target_user) do + {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do + User.unfollow(local_user, target_user) Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") {:ok, activity} else diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index cf71066fd..5192e734f 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -10,9 +10,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do alias Pleroma.Object alias Pleroma.User alias Pleroma.Web.ActivityPub.ObjectView + alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.UserView alias Pleroma.Web.ActivityPub.Utils - alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.CommonAPI setup_all do From 8dc6a6b210e56ec1a175a3496466d1f8aa62f128 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Thu, 22 Aug 2019 22:39:06 +0300 Subject: [PATCH 19/48] fix /inbox for Relay --- lib/pleroma/object/fetcher.ex | 4 +--- lib/pleroma/signature.ex | 6 ++++++ lib/pleroma/web/activity_pub/publisher.ex | 4 +--- lib/pleroma/web/router.ex | 10 +++++++++- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 8d79ddb1f..c1795ae0f 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -117,9 +117,7 @@ defp maybe_date_fetch(headers, date) do def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do Logger.info("Fetching object #{id} via AP") - date = - NaiveDateTime.utc_now() - |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT") + date = Pleroma.Signature.signed_date() headers = [{:Accept, "application/activity+json"}] diff --git a/lib/pleroma/signature.ex b/lib/pleroma/signature.ex index 15bf3c317..f20aeb0d5 100644 --- a/lib/pleroma/signature.ex +++ b/lib/pleroma/signature.ex @@ -53,4 +53,10 @@ def sign(%User{} = user, headers) do HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers) end end + + def signed_date, do: signed_date(NaiveDateTime.utc_now()) + + def signed_date(%NaiveDateTime{} = date) do + Timex.format!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT") + end end diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 262529b84..c97405690 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -50,9 +50,7 @@ def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = pa digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64()) - date = - NaiveDateTime.utc_now() - |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT") + date = Pleroma.Signature.signed_date() signature = Pleroma.Signature.sign(actor, %{ diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 469e46f5d..c2e6e8819 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -133,6 +133,10 @@ defmodule Pleroma.Web.Router do }) end + pipeline :http_signature do + plug(Pleroma.Web.Plugs.HTTPSignaturePlug) + end + scope "/api/pleroma", Pleroma.Web.TwitterAPI do pipe_through(:pleroma_api) @@ -686,7 +690,11 @@ defmodule Pleroma.Web.Router do pipe_through(:ap_service_actor) get("/", ActivityPubController, :relay) - post("/inbox", ActivityPubController, :inbox) + + scope [] do + pipe_through(:http_signature) + post("/inbox", ActivityPubController, :inbox) + end get("/following", ActivityPubController, :following, assigns: %{relay: true}) get("/followers", ActivityPubController, :followers, assigns: %{relay: true}) From 73bcbf4fa3bcac7e3ef04049ae6e5768baa6b1d8 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 23 Aug 2019 21:17:14 +0300 Subject: [PATCH 20/48] add tests --- test/signature_test.exs | 14 ++++++++++++++ test/tasks/relay_test.exs | 4 +++- test/web/activity_pub/relay_test.exs | 3 +++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/test/signature_test.exs b/test/signature_test.exs index 26337eaf9..d5bf63d7d 100644 --- a/test/signature_test.exs +++ b/test/signature_test.exs @@ -8,6 +8,7 @@ defmodule Pleroma.SignatureTest do import ExUnit.CaptureLog import Pleroma.Factory import Tesla.Mock + import Mock alias Pleroma.Signature @@ -114,4 +115,17 @@ test "it properly deduces the actor id for mastodon and pleroma" do "https://example.com/users/1234" end end + + describe "signed_date" do + test "it returns formatted current date" do + with_mock(NaiveDateTime, utc_now: fn -> ~N[2019-08-23 18:11:24.822233] end) do + assert Signature.signed_date() == "Fri, 23 Aug 2019 18:11:24 GMT" + end + end + + test "it returns formatted date" do + assert Signature.signed_date(~N[2019-08-23 08:11:24.822233]) == + "Fri, 23 Aug 2019 08:11:24 GMT" + end + end end diff --git a/test/tasks/relay_test.exs b/test/tasks/relay_test.exs index 0d341c8d6..7bde56606 100644 --- a/test/tasks/relay_test.exs +++ b/test/tasks/relay_test.exs @@ -50,7 +50,8 @@ test "relay is unfollowed" do %User{ap_id: follower_id} = local_user = Relay.get_actor() target_user = User.get_cached_by_ap_id(target_instance) follow_activity = Utils.fetch_latest_follow(local_user, target_user) - + User.follow(local_user, target_user) + assert "#{target_instance}/followers" in refresh_record(local_user).following Mix.Tasks.Pleroma.Relay.run(["unfollow", target_instance]) cancelled_activity = Activity.get_by_ap_id(follow_activity.data["id"]) @@ -67,6 +68,7 @@ test "relay is unfollowed" do assert undo_activity.data["type"] == "Undo" assert undo_activity.data["actor"] == local_user.ap_id assert undo_activity.data["object"] == cancelled_activity.data + refute "#{target_instance}/followers" in refresh_record(local_user).following end end diff --git a/test/web/activity_pub/relay_test.exs b/test/web/activity_pub/relay_test.exs index e10b808f7..aeef91cda 100644 --- a/test/web/activity_pub/relay_test.exs +++ b/test/web/activity_pub/relay_test.exs @@ -43,12 +43,15 @@ test "returns activity" do user = insert(:user) service_actor = Relay.get_actor() ActivityPub.follow(service_actor, user) + Pleroma.User.follow(service_actor, user) + assert "#{user.ap_id}/followers" in refresh_record(service_actor).following assert {:ok, %Activity{} = activity} = Relay.unfollow(user.ap_id) assert activity.actor == "#{Pleroma.Web.Endpoint.url()}/relay" assert user.ap_id in activity.recipients assert activity.data["type"] == "Undo" assert activity.data["actor"] == service_actor.ap_id assert activity.data["to"] == [user.ap_id] + refute "#{user.ap_id}/followers" in refresh_record(service_actor).following end end From 6062017493bd8c8749fcbe590121d20ef94df44f Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Sat, 24 Aug 2019 17:17:17 +0300 Subject: [PATCH 21/48] put_resp_header("content-type", "application/activity+json") -> put_resp_content_type("application/activity+json") --- .../activity_pub/activity_pub_controller.ex | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index e72ec5500..ed801a7ae 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -41,7 +41,7 @@ def user(conn, %{"nickname" => nickname}) do with %User{} = user <- User.get_cached_by_nickname(nickname), {:ok, user} <- User.ensure_keys_present(user) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("user.json", %{user: user})) else nil -> {:error, :not_found} @@ -53,7 +53,7 @@ def object(conn, %{"uuid" => uuid}) do %Object{} = object <- Object.get_cached_by_ap_id(ap_id), {_, true} <- {:public?, Visibility.is_public?(object)} do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(ObjectView.render("object.json", %{object: object})) else {:public?, false} -> @@ -69,7 +69,7 @@ def object_likes(conn, %{"uuid" => uuid, "page" => page}) do {page, _} = Integer.parse(page) conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(ObjectView.render("likes.json", ap_id, likes, page)) else {:public?, false} -> @@ -83,7 +83,7 @@ def object_likes(conn, %{"uuid" => uuid}) do {_, true} <- {:public?, Visibility.is_public?(object)}, likes <- Utils.get_object_likes(object) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(ObjectView.render("likes.json", ap_id, likes)) else {:public?, false} -> @@ -96,7 +96,7 @@ def activity(conn, %{"uuid" => uuid}) do %Activity{} = activity <- Activity.normalize(ap_id), {_, true} <- {:public?, Visibility.is_public?(activity)} do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(ObjectView.render("object.json", %{object: activity})) else {:public?, false} -> @@ -107,7 +107,7 @@ def activity(conn, %{"uuid" => uuid}) do # GET /relay/following def following(%{assigns: %{relay: true}} = conn, _params) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("following.json", %{user: Relay.get_actor()})) end @@ -119,12 +119,12 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "p {page, _} = Integer.parse(page) conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("following.json", %{user: user, page: page, for: for_user})) else {:show_follows, _} -> conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> send_resp(403, "") end end @@ -133,7 +133,7 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d with %User{} = user <- User.get_cached_by_nickname(nickname), {user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("following.json", %{user: user, for: for_user})) end end @@ -141,7 +141,7 @@ def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d # GET /relay/followers def followers(%{assigns: %{relay: true}} = conn, _params) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("followers.json", %{user: Relay.get_actor()})) end @@ -153,12 +153,12 @@ def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "p {page, _} = Integer.parse(page) conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("followers.json", %{user: user, page: page, for: for_user})) else {:show_followers, _} -> conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> send_resp(403, "") end end @@ -167,7 +167,7 @@ def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) d with %User{} = user <- User.get_cached_by_nickname(nickname), {user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("followers.json", %{user: user, for: for_user})) end end @@ -176,7 +176,7 @@ def outbox(conn, %{"nickname" => nickname} = params) do with %User{} = user <- User.get_cached_by_nickname(nickname), {:ok, user} <- User.ensure_keys_present(user) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("outbox.json", %{user: user, max_id: params["max_id"]})) end end @@ -224,7 +224,7 @@ def inbox(conn, params) do defp represent_service_actor(%User{} = user, conn) do with {:ok, user} <- User.ensure_keys_present(user) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("user.json", %{user: user})) else nil -> {:error, :not_found} @@ -245,7 +245,7 @@ def internal_fetch(conn, _params) do def whoami(%{assigns: %{user: %User{} = user}} = conn, _params) do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("user.json", %{user: user})) end @@ -254,7 +254,7 @@ def whoami(_conn, _params), do: {:error, :not_found} def read_inbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = params) do if nickname == user.nickname do conn - |> put_resp_header("content-type", "application/activity+json") + |> put_resp_content_type("application/activity+json") |> json(UserView.render("inbox.json", %{user: user, max_id: params["max_id"]})) else err = From 654d291b6d151bc372bca849ce0b42f723e2bd94 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Sat, 24 Aug 2019 17:41:53 +0300 Subject: [PATCH 22/48] update tests --- lib/pleroma/web/activity_pub/relay.ex | 27 ++++++++------------ test/web/activity_pub/relay_test.exs | 36 ++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 18 deletions(-) diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index ce3e30874..c2ac38907 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -22,13 +22,7 @@ def follow(target_instance) do Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") {:ok, activity} else - {:error, _} = error -> - Logger.error("error: #{inspect(error)}") - error - - e -> - Logger.error("error: #{inspect(e)}") - {:error, e} + error -> format_error(error) end end @@ -41,13 +35,7 @@ def unfollow(target_instance) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") {:ok, activity} else - {:error, _} = error -> - Logger.error("error: #{inspect(error)}") - error - - e -> - Logger.error("error: #{inspect(e)}") - {:error, e} + error -> format_error(error) end end @@ -57,11 +45,16 @@ def publish(%Activity{data: %{"type" => "Create"}} = activity) do %Object{} = object <- Object.normalize(activity) do ActivityPub.announce(user, object, nil, true, false) else - e -> - Logger.error("error: #{inspect(e)}") - {:error, inspect(e)} + error -> format_error(error) end end def publish(_), do: {:error, "Not implemented"} + + defp format_error({:error, error}), do: format_error(error) + + defp format_error(error) do + Logger.error("error: #{inspect(error)}") + {:error, error} + end end diff --git a/test/web/activity_pub/relay_test.exs b/test/web/activity_pub/relay_test.exs index aeef91cda..4f7d592a6 100644 --- a/test/web/activity_pub/relay_test.exs +++ b/test/web/activity_pub/relay_test.exs @@ -11,6 +11,7 @@ defmodule Pleroma.Web.ActivityPub.RelayTest do alias Pleroma.Web.ActivityPub.Relay import Pleroma.Factory + import Mock test "gets an actor for the relay" do user = Relay.get_actor() @@ -56,6 +57,8 @@ test "returns activity" do end describe "publish/1" do + clear_config([:instance, :federating]) + test "returns error when activity not `Create` type" do activity = insert(:like_activity) assert Relay.publish(activity) == {:error, "Not implemented"} @@ -66,13 +69,44 @@ test "returns error when activity not public" do assert Relay.publish(activity) == {:error, false} end - test "returns announce activity" do + test "returns error when object is unknown" do + activity = + insert(:note_activity, + data: %{ + "type" => "Create", + "object" => "http://mastodon.example.org/eee/99541947525187367" + } + ) + + assert Relay.publish(activity) == {:error, nil} + end + + test_with_mock "returns announce activity and publish to federate", + Pleroma.Web.Federator, + [:passthrough], + [] do + Pleroma.Config.put([:instance, :federating], true) service_actor = Relay.get_actor() note = insert(:note_activity) assert {:ok, %Activity{} = activity, %Object{} = obj} = Relay.publish(note) assert activity.data["type"] == "Announce" assert activity.data["actor"] == service_actor.ap_id assert activity.data["object"] == obj.data["id"] + assert called(Pleroma.Web.Federator.publish(activity, 5)) + end + + test_with_mock "returns announce activity and not publish to federate", + Pleroma.Web.Federator, + [:passthrough], + [] do + Pleroma.Config.put([:instance, :federating], false) + service_actor = Relay.get_actor() + note = insert(:note_activity) + assert {:ok, %Activity{} = activity, %Object{} = obj} = Relay.publish(note) + assert activity.data["type"] == "Announce" + assert activity.data["actor"] == service_actor.ap_id + assert activity.data["object"] == obj.data["id"] + refute called(Pleroma.Web.Federator.publish(activity, 5)) end end end From 1692fa89458f0f83f69ffa2f85a998869b8fe454 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 24 Aug 2019 17:22:26 +0200 Subject: [PATCH 23/48] ActivityExpirationWorker: Fix merge issues. --- lib/pleroma/activity_expiration_worker.ex | 2 +- lib/pleroma/application.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/activity_expiration_worker.ex b/lib/pleroma/activity_expiration_worker.ex index a341f58df..0f9e715f8 100644 --- a/lib/pleroma/activity_expiration_worker.ex +++ b/lib/pleroma/activity_expiration_worker.ex @@ -15,7 +15,7 @@ defmodule Pleroma.ActivityExpirationWorker do @schedule_interval :timer.minutes(1) - def start_link do + def start_link(_) do GenServer.start_link(__MODULE__, nil) end diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 1e4de272c..483ac1f39 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -36,7 +36,7 @@ def start(_type, _args) do Pleroma.Captcha, Pleroma.FlakeId, Pleroma.ScheduledActivityWorker, - Pleroma.ActiviyExpirationWorker + Pleroma.ActivityExpirationWorker ] ++ cachex_children() ++ hackney_pool_children() ++ From efb8818e9ee280b53eac17699e8114e8af82b03b Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 24 Aug 2019 17:22:48 +0200 Subject: [PATCH 24/48] Activity Expiration: Switch to 'expires_in' system. --- lib/pleroma/web/common_api/common_api.ex | 15 +++++++++++---- test/web/common_api/common_api_test.exs | 4 +--- .../mastodon_api/mastodon_api_controller_test.exs | 9 ++++++--- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 69120cc19..5faddc9f4 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -201,16 +201,23 @@ def get_replied_to_visibility(activity) do end end - defp check_expiry_date(expiry_str) do - {:ok, expiry} = Ecto.Type.cast(:naive_datetime, expiry_str) + defp check_expiry_date({:ok, nil} = res), do: res - if is_nil(expiry) || ActivityExpiration.expires_late_enough?(expiry) do + defp check_expiry_date({:ok, in_seconds}) do + expiry = NaiveDateTime.utc_now() |> NaiveDateTime.add(in_seconds) + + if ActivityExpiration.expires_late_enough?(expiry) do {:ok, expiry} else {:error, "Expiry date is too soon"} end end + defp check_expiry_date(expiry_str) do + Ecto.Type.cast(:integer, expiry_str) + |> check_expiry_date() + end + def post(user, %{"status" => status} = data) do limit = Pleroma.Config.get([:instance, :limit]) @@ -237,7 +244,7 @@ def post(user, %{"status" => status} = data) do context <- make_context(in_reply_to, in_reply_to_conversation), cw <- data["spoiler_text"] || "", sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}), - {:ok, expires_at} <- check_expiry_date(data["expires_at"]), + {:ok, expires_at} <- check_expiry_date(data["expires_in"]), full_payload <- String.trim(status <> cw), :ok <- validate_character_limit(full_payload, attachments, limit), object <- diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 5fda91438..f28a66090 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -213,10 +213,8 @@ test "it can handle activities that expire" do |> NaiveDateTime.truncate(:second) |> NaiveDateTime.add(1_000_000, :second) - expires_at_iso8601 = expires_at |> NaiveDateTime.to_iso8601() - assert {:ok, activity} = - CommonAPI.post(user, %{"status" => "chai", "expires_at" => expires_at_iso8601}) + CommonAPI.post(user, %{"status" => "chai", "expires_in" => 1_000_000}) assert expiration = Pleroma.ActivityExpiration.get_by_activity_id(activity.id) assert expiration.scheduled_at == expires_at diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index c05c39db6..6fcdc19aa 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -153,7 +153,8 @@ test "posting a status", %{conn: conn} do refute id == third_id # An activity that will expire: - expires_in = 120 + # 2 hours + expires_in = 120 * 60 conn_four = conn @@ -168,12 +169,14 @@ test "posting a status", %{conn: conn} do estimated_expires_at = NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.minutes(expires_in), :millisecond) + |> NaiveDateTime.add(expires_in) |> NaiveDateTime.truncate(:second) # This assert will fail if the test takes longer than a minute. I sure hope it never does: assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60 - assert fourth_response["pleroma"]["expires_at"] == NaiveDateTime.to_iso8601(expiration.scheduled_at) + + assert fourth_response["pleroma"]["expires_at"] == + NaiveDateTime.to_iso8601(expiration.scheduled_at) end test "replying to a status", %{conn: conn} do From 24994f3e0c643abe4d74bec3edec53fa89f4ed72 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 24 Aug 2019 17:28:19 +0200 Subject: [PATCH 25/48] Activity expiration: Fix docs. --- docs/api/differences_in_mastoapi_responses.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 197c465d8..f34e3dd72 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -25,7 +25,7 @@ Has these additional fields under the `pleroma` object: - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` -- `expires_on`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire +- `expires_at`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire ## Attachments @@ -87,7 +87,7 @@ Additional parameters can be added to the JSON body/Form data: - `content_type`: string, contain the MIME type of the status, it is transformed into HTML by the backend. You can get the list of the supported MIME types with the nodeinfo endpoint. - `to`: A list of nicknames (like `lain@soykaf.club` or `lain` on the local server) that will be used to determine who is going to be addressed by this post. Using this will disable the implicit addressing by mentioned names in the `status` body, only the people in the `to` list will be addressed. The normal rules for for post visibility are not affected by this and will still apply. - `visibility`: string, besides standard MastoAPI values (`direct`, `private`, `unlisted` or `public`) it can be used to address a List by setting it to `list:LIST_ID`. -- `expires_on`: datetime (iso8601), sets when the posted activity should expire. When a posted activity expires it will be deleted from the server, and a delete request for it will be federated. +- `expires_in`: The number of seconds the posted activity should expire in. When a posted activity expires it will be deleted from the server, and a delete request for it will be federated. This needs to be longer than an hour. - `in_reply_to_conversation_id`: Will reply to a given conversation, addressing only the people who are part of the recipient set of that conversation. Sets the visibility to `direct`. ## PATCH `/api/v1/update_credentials` From 1d7033d96289edf0adf2ca61a725f93b345305ec Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 24 Aug 2019 15:33:17 +0000 Subject: [PATCH 26/48] Update CHANGELOG.md --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 949577842..b1ec21818 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -50,9 +50,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - ActivityPub: Deactivated user deletion ### Added -- Expiring/ephemeral activites. All activities can have expires_on value set, which controls when they should be deleted automatically. -- Mastodon API: in post_status, the expires_in parameter lets you set the number of minutes until an activity expires. It must be at least one hour. -- Mastodon API: all status JSON responses contain a `pleroma.expires_on` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty. +- Expiring/ephemeral activites. All activities can have expires_at value set, which controls when they should be deleted automatically. +- Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour. +- Mastodon API: all status JSON responses contain a `pleroma.expires_at` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty. - Configuration: `ActivityExpiration.enabled` controls whether expired activites will get deleted at the appropriate time. Enabled by default. - Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the `bump_all_conversations` task again to create the necessary data. - **Breaking:** MRF describe API, which adds support for exposing configuration information about MRF policies to NodeInfo. From 3549cd9754f95b17a2be2eb76d9bb6c38bdbf288 Mon Sep 17 00:00:00 2001 From: kPherox Date: Sun, 25 Aug 2019 01:28:38 +0900 Subject: [PATCH 27/48] Change to use attachment only when fields do not exist --- lib/pleroma/user/info.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 45a39924b..779bfbc18 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -49,7 +49,7 @@ defmodule Pleroma.User.Info do field(:mascot, :map, default: nil) field(:emoji, {:array, :map}, default: []) field(:pleroma_settings_store, :map, default: %{}) - field(:fields, {:array, :map}, default: []) + field(:fields, {:array, :map}, default: nil) field(:raw_fields, {:array, :map}, default: []) field(:notification_settings, :map, @@ -422,7 +422,7 @@ def remove_reblog_mute(info, ap_id) do # ``fields`` is an array of mastodon profile field, containing ``{"name": "…", "value": "…"}``. # For example: [{"name": "Pronoun", "value": "she/her"}, …] - def fields(%{fields: [], source_data: %{"attachment" => attachment}}) do + def fields(%{fields: nil, source_data: %{"attachment" => attachment}}) do limit = Pleroma.Config.get([:instance, :max_remote_account_fields], 0) attachment @@ -431,6 +431,8 @@ def fields(%{fields: [], source_data: %{"attachment" => attachment}}) do |> Enum.take(limit) end + def fields(%{fields: nil}), do: [] + def fields(%{fields: fields}), do: fields def follow_information_update(info, params) do From 18668447d268524e39d9cc8812805053ef9c186e Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 25 Aug 2019 07:10:22 +0200 Subject: [PATCH 28/48] HttpRequestMock: Log mock errors as warnings --- test/support/http_request_mock.ex | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 3adb5ba3b..00f4660c1 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -17,9 +17,14 @@ def request( with {:ok, res} <- apply(__MODULE__, method, [url, query, body, headers]) do res else - {_, _r} = error -> - # Logger.warn(r) - error + error -> + error = error + + with {:error, message} <- error do + Logger.warn(message) + end + + {_, _r} = error end end From e22737ffb5f7e7c567802e2bcef5520e2759e734 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 25 Aug 2019 07:33:46 +0200 Subject: [PATCH 29/48] HttpRequestMock: Improve non-implemented error message --- test/support/http_request_mock.ex | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 00f4660c1..320244c75 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -975,7 +975,7 @@ def get("https://mstdn.jp/.well-known/webfinger?resource=acct:kpherox@mstdn.jp", def get(url, query, body, headers) do {:error, - "Not implemented the mock response for get #{inspect(url)}, #{query}, #{inspect(body)}, #{ + "Mock response not implemented for GET #{inspect(url)}, #{query}, #{inspect(body)}, #{ inspect(headers) }"} end @@ -1037,7 +1037,10 @@ def post("http://404.site" <> _, _, _, _) do }} end - def post(url, _query, _body, _headers) do - {:error, "Not implemented the mock response for post #{inspect(url)}"} + def post(url, query, body, headers) do + {:error, + "Mock response not implemented for POST #{inspect(url)}, #{query}, #{inspect(body)}, #{ + inspect(headers) + }"} end end From 211e1637705266bebd33735d4bb1809c0326f707 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 25 Aug 2019 08:03:25 +0200 Subject: [PATCH 30/48] Implement missing mocks for rel=me --- test/support/http_request_mock.ex | 16 ++++++++++++++++ test/web/rel_me_test.exs | 29 ++--------------------------- 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 320244c75..c308e5a36 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -973,6 +973,22 @@ def get("https://mstdn.jp/.well-known/webfinger?resource=acct:kpherox@mstdn.jp", }} end + def get("http://example.com/rel_me/anchor", _, _, _) do + {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_anchor.html")}} + end + + def get("http://example.com/rel_me/anchor_nofollow", _, _, _) do + {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_anchor_nofollow.html")}} + end + + def get("http://example.com/rel_me/link", _, _, _) do + {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_link.html")}} + end + + def get("http://example.com/rel_me/null", _, _, _) do + {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_null.html")}} + end + def get(url, query, body, headers) do {:error, "Mock response not implemented for GET #{inspect(url)}, #{query}, #{inspect(body)}, #{ diff --git a/test/web/rel_me_test.exs b/test/web/rel_me_test.exs index 85515c432..2251fed16 100644 --- a/test/web/rel_me_test.exs +++ b/test/web/rel_me_test.exs @@ -5,33 +5,8 @@ defmodule Pleroma.Web.RelMeTest do use ExUnit.Case, async: true - setup do - Tesla.Mock.mock(fn - %{ - method: :get, - url: "http://example.com/rel_me/anchor" - } -> - %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_anchor.html")} - - %{ - method: :get, - url: "http://example.com/rel_me/anchor_nofollow" - } -> - %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_anchor_nofollow.html")} - - %{ - method: :get, - url: "http://example.com/rel_me/link" - } -> - %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_link.html")} - - %{ - method: :get, - url: "http://example.com/rel_me/null" - } -> - %Tesla.Env{status: 200, body: File.read!("test/fixtures/rel_me_null.html")} - end) - + setup_all do + Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) :ok end From f3b12662731fa8d1aa458ea16fb4bcb176b77744 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 25 Aug 2019 08:48:38 +0200 Subject: [PATCH 31/48] user_test.exs: fix rel=me tests --- test/user_test.exs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/user_test.exs b/test/user_test.exs index 661ffc0b3..2cbc1f525 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1253,18 +1253,18 @@ test "preserves hosts in user links text" do end test "Adds rel=me on linkbacked urls" do - user = insert(:user, ap_id: "http://social.example.org/users/lain") + user = insert(:user, ap_id: "https://social.example.org/users/lain") - bio = "http://example.org/rel_me/null" + bio = "http://example.com/rel_me/null" expected_text = "#{bio}" assert expected_text == User.parse_bio(bio, user) - bio = "http://example.org/rel_me/link" - expected_text = "#{bio}" + bio = "http://example.com/rel_me/link" + expected_text = "#{bio}" assert expected_text == User.parse_bio(bio, user) - bio = "http://example.org/rel_me/anchor" - expected_text = "#{bio}" + bio = "http://example.com/rel_me/anchor" + expected_text = "#{bio}" assert expected_text == User.parse_bio(bio, user) end end From 20c3f613d8574d67b1e5a47bf41f324101183398 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 25 Aug 2019 08:55:29 +0200 Subject: [PATCH 32/48] HttpRequestMock: Remove useless `error = error` --- test/support/http_request_mock.ex | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 320244c75..314b20a45 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -18,8 +18,6 @@ def request( res else error -> - error = error - with {:error, message} <- error do Logger.warn(message) end From d74efde94e3526b45dc9b31d9d48ffce14203ffa Mon Sep 17 00:00:00 2001 From: kPherox Date: Mon, 26 Aug 2019 02:00:41 +0900 Subject: [PATCH 33/48] Update test for custom profile fields --- test/web/activity_pub/transmogrifier_test.exs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 629c76c97..0661d5d7c 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -563,6 +563,14 @@ test "it works with custom profile fields" do %{"name" => "foo", "value" => "updated"}, %{"name" => "foo1", "value" => "updated"} ] + + update_data = put_in(update_data, ["object", "attachment"], []) + + {:ok, _} = Transmogrifier.handle_incoming(update_data) + + user = User.get_cached_by_ap_id(user.ap_id) + + assert User.Info.fields(user.info) == [] end test "it works for incoming update activities which lock the account" do From 37dd3867bb0439e4a2717eb780a1837196fcef00 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Sun, 25 Aug 2019 19:39:37 +0000 Subject: [PATCH 34/48] Log admin/moderator actions --- CHANGELOG.md | 1 + docs/api/admin_api.md | 24 + lib/pleroma/moderation_log.ex | 433 ++++++++++++++++++ .../web/admin_api/admin_api_controller.ex | 183 +++++++- .../admin_api/views/moderation_log_view.ex | 26 ++ lib/pleroma/web/common_api/utils.ex | 3 +- lib/pleroma/web/ostatus/ostatus_controller.ex | 3 +- lib/pleroma/web/router.ex | 2 + .../20190818124341_create_moderation_log.exs | 11 + test/moderation_log_test.exs | 301 ++++++++++++ .../admin_api/admin_api_controller_test.exs | 241 +++++++++- 11 files changed, 1187 insertions(+), 41 deletions(-) create mode 100644 lib/pleroma/moderation_log.ex create mode 100644 lib/pleroma/web/admin_api/views/moderation_log_view.ex create mode 100644 priv/repo/migrations/20190818124341_create_moderation_log.exs create mode 100644 test/moderation_log_test.exs diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c3051c94..2fdcb014a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -94,6 +94,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Relays: Added a task to list relay subscriptions. - Mix Tasks: `mix pleroma.database fix_likes_collections` - Federation: Remove `likes` from objects. +- Admin API: Added moderation log ### Changed - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text diff --git a/docs/api/admin_api.md b/docs/api/admin_api.md index 7ccb90836..d79c342be 100644 --- a/docs/api/admin_api.md +++ b/docs/api/admin_api.md @@ -694,3 +694,27 @@ Compile time settings (need instance reboot): ] } ``` + +## `/api/pleroma/admin/moderation_log` +### Get moderation log +- Method `GET` +- Params: + - *optional* `page`: **integer** page number + - *optional* `page_size`: **integer** number of users per page (default is `50`) +- Response: + +```json +[ + { + "data": { + "actor": { + "id": 1, + "nickname": "lain" + }, + "action": "relay_follow" + }, + "time": 1502812026, // timestamp + "message": "[2017-08-15 15:47:06] @nick0 followed relay: https://example.org/relay" // log message + } +] +``` diff --git a/lib/pleroma/moderation_log.ex b/lib/pleroma/moderation_log.ex new file mode 100644 index 000000000..1ef6fe67a --- /dev/null +++ b/lib/pleroma/moderation_log.ex @@ -0,0 +1,433 @@ +defmodule Pleroma.ModerationLog do + use Ecto.Schema + + alias Pleroma.Activity + alias Pleroma.ModerationLog + alias Pleroma.Repo + alias Pleroma.User + + import Ecto.Query + + schema "moderation_log" do + field(:data, :map) + + timestamps() + end + + def get_all(page, page_size) do + from(q in __MODULE__, + order_by: [desc: q.inserted_at], + limit: ^page_size, + offset: ^((page - 1) * page_size) + ) + |> Repo.all() + end + + def insert_log(%{ + actor: %User{} = actor, + subject: %User{} = subject, + action: action, + permission: permission + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + subject: user_to_map(subject), + action: action, + permission: permission + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + action: "report_update", + subject: %Activity{data: %{"type" => "Flag"}} = subject + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: "report_update", + subject: report_to_map(subject) + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + action: "report_response", + subject: %Activity{} = subject, + text: text + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: "report_response", + subject: report_to_map(subject), + text: text + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + action: "status_update", + subject: %Activity{} = subject, + sensitive: sensitive, + visibility: visibility + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: "status_update", + subject: status_to_map(subject), + sensitive: sensitive, + visibility: visibility + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + action: "status_delete", + subject_id: subject_id + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: "status_delete", + subject_id: subject_id + } + }) + end + + @spec insert_log(%{actor: User, subject: User, action: String.t()}) :: + {:ok, ModerationLog} | {:error, any} + def insert_log(%{actor: %User{} = actor, subject: subject, action: action}) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: action, + subject: user_to_map(subject) + } + }) + end + + @spec insert_log(%{actor: User, subjects: [User], action: String.t()}) :: + {:ok, ModerationLog} | {:error, any} + def insert_log(%{actor: %User{} = actor, subjects: subjects, action: action}) do + subjects = Enum.map(subjects, &user_to_map/1) + + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: action, + subjects: subjects + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + followed: %User{} = followed, + follower: %User{} = follower, + action: "follow" + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: "follow", + followed: user_to_map(followed), + follower: user_to_map(follower) + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + followed: %User{} = followed, + follower: %User{} = follower, + action: "unfollow" + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: "unfollow", + followed: user_to_map(followed), + follower: user_to_map(follower) + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + nicknames: nicknames, + tags: tags, + action: action + }) do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + nicknames: nicknames, + tags: tags, + action: action + } + }) + end + + def insert_log(%{ + actor: %User{} = actor, + action: action, + target: target + }) + when action in ["relay_follow", "relay_unfollow"] do + Repo.insert(%ModerationLog{ + data: %{ + actor: user_to_map(actor), + action: action, + target: target + } + }) + end + + defp user_to_map(%User{} = user) do + user + |> Map.from_struct() + |> Map.take([:id, :nickname]) + |> Map.put(:type, "user") + end + + defp report_to_map(%Activity{} = report) do + %{ + type: "report", + id: report.id, + state: report.data["state"] + } + end + + defp status_to_map(%Activity{} = status) do + %{ + type: "status", + id: status.id + } + end + + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => action, + "followed" => %{"nickname" => followed_nickname}, + "follower" => %{"nickname" => follower_nickname} + } + }) do + "@#{actor_nickname} made @#{follower_nickname} #{action} @#{followed_nickname}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "delete", + "subject" => %{"nickname" => subject_nickname, "type" => "user"} + } + }) do + "@#{actor_nickname} deleted user @#{subject_nickname}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "create", + "subjects" => subjects + } + }) do + nicknames = + subjects + |> Enum.map(&"@#{&1["nickname"]}") + |> Enum.join(", ") + + "@#{actor_nickname} created users: #{nicknames}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "activate", + "subject" => %{"nickname" => subject_nickname, "type" => "user"} + } + }) do + "@#{actor_nickname} activated user @#{subject_nickname}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "deactivate", + "subject" => %{"nickname" => subject_nickname, "type" => "user"} + } + }) do + "@#{actor_nickname} deactivated user @#{subject_nickname}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "nicknames" => nicknames, + "tags" => tags, + "action" => "tag" + } + }) do + nicknames_string = + nicknames + |> Enum.map(&"@#{&1}") + |> Enum.join(", ") + + tags_string = tags |> Enum.join(", ") + + "@#{actor_nickname} added tags: #{tags_string} to users: #{nicknames_string}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "nicknames" => nicknames, + "tags" => tags, + "action" => "untag" + } + }) do + nicknames_string = + nicknames + |> Enum.map(&"@#{&1}") + |> Enum.join(", ") + + tags_string = tags |> Enum.join(", ") + + "@#{actor_nickname} removed tags: #{tags_string} from users: #{nicknames_string}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "grant", + "subject" => %{"nickname" => subject_nickname}, + "permission" => permission + } + }) do + "@#{actor_nickname} made @#{subject_nickname} #{permission}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "revoke", + "subject" => %{"nickname" => subject_nickname}, + "permission" => permission + } + }) do + "@#{actor_nickname} revoked #{permission} role from @#{subject_nickname}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "relay_follow", + "target" => target + } + }) do + "@#{actor_nickname} followed relay: #{target}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "relay_unfollow", + "target" => target + } + }) do + "@#{actor_nickname} unfollowed relay: #{target}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "report_update", + "subject" => %{"id" => subject_id, "state" => state, "type" => "report"} + } + }) do + "@#{actor_nickname} updated report ##{subject_id} with '#{state}' state" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "report_response", + "subject" => %{"id" => subject_id, "type" => "report"}, + "text" => text + } + }) do + "@#{actor_nickname} responded with '#{text}' to report ##{subject_id}" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "status_update", + "subject" => %{"id" => subject_id, "type" => "status"}, + "sensitive" => nil, + "visibility" => visibility + } + }) do + "@#{actor_nickname} updated status ##{subject_id}, set visibility: '#{visibility}'" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "status_update", + "subject" => %{"id" => subject_id, "type" => "status"}, + "sensitive" => sensitive, + "visibility" => nil + } + }) do + "@#{actor_nickname} updated status ##{subject_id}, set sensitive: '#{sensitive}'" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "status_update", + "subject" => %{"id" => subject_id, "type" => "status"}, + "sensitive" => sensitive, + "visibility" => visibility + } + }) do + "@#{actor_nickname} updated status ##{subject_id}, set sensitive: '#{sensitive}', visibility: '#{ + visibility + }'" + end + + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "status_delete", + "subject_id" => subject_id + } + }) do + "@#{actor_nickname} deleted status ##{subject_id}" + end +end diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 048ac8019..544b9d7d8 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller alias Pleroma.Activity + alias Pleroma.ModerationLog alias Pleroma.User alias Pleroma.UserInviteToken alias Pleroma.Web.ActivityPub.ActivityPub @@ -12,6 +13,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.AccountView alias Pleroma.Web.AdminAPI.Config alias Pleroma.Web.AdminAPI.ConfigView + alias Pleroma.Web.AdminAPI.ModerationLogView alias Pleroma.Web.AdminAPI.ReportView alias Pleroma.Web.AdminAPI.Search alias Pleroma.Web.CommonAPI @@ -25,35 +27,61 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do action_fallback(:errors) - def user_delete(conn, %{"nickname" => nickname}) do - User.get_cached_by_nickname(nickname) - |> User.delete() + def user_delete(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname}) do + user = User.get_cached_by_nickname(nickname) + User.delete(user) + + ModerationLog.insert_log(%{ + actor: admin, + subject: user, + action: "delete" + }) conn |> json(nickname) end - def user_follow(conn, %{"follower" => follower_nick, "followed" => followed_nick}) do + def user_follow(%{assigns: %{user: admin}} = conn, %{ + "follower" => follower_nick, + "followed" => followed_nick + }) do with %User{} = follower <- User.get_cached_by_nickname(follower_nick), %User{} = followed <- User.get_cached_by_nickname(followed_nick) do User.follow(follower, followed) + + ModerationLog.insert_log(%{ + actor: admin, + followed: followed, + follower: follower, + action: "follow" + }) end conn |> json("ok") end - def user_unfollow(conn, %{"follower" => follower_nick, "followed" => followed_nick}) do + def user_unfollow(%{assigns: %{user: admin}} = conn, %{ + "follower" => follower_nick, + "followed" => followed_nick + }) do with %User{} = follower <- User.get_cached_by_nickname(follower_nick), %User{} = followed <- User.get_cached_by_nickname(followed_nick) do User.unfollow(follower, followed) + + ModerationLog.insert_log(%{ + actor: admin, + followed: followed, + follower: follower, + action: "unfollow" + }) end conn |> json("ok") end - def users_create(conn, %{"users" => users}) do + def users_create(%{assigns: %{user: admin}} = conn, %{"users" => users}) do changesets = Enum.map(users, fn %{"nickname" => nickname, "email" => email, "password" => password} -> user_data = %{ @@ -78,10 +106,17 @@ def users_create(conn, %{"users" => users}) do |> Map.values() |> Enum.map(fn user -> {:ok, user} = User.post_register_action(user) + user end) |> Enum.map(&AccountView.render("created.json", %{user: &1})) + ModerationLog.insert_log(%{ + actor: admin, + subjects: Map.values(users), + action: "create" + }) + conn |> json(res) @@ -129,23 +164,47 @@ def list_user_statuses(conn, %{"nickname" => nickname} = params) do end end - def user_toggle_activation(conn, %{"nickname" => nickname}) do + def user_toggle_activation(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname}) do user = User.get_cached_by_nickname(nickname) {:ok, updated_user} = User.deactivate(user, !user.info.deactivated) + action = if user.info.deactivated, do: "activate", else: "deactivate" + + ModerationLog.insert_log(%{ + actor: admin, + subject: user, + action: action + }) + conn |> json(AccountView.render("show.json", %{user: updated_user})) end - def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do - with {:ok, _} <- User.tag(nicknames, tags), - do: json_response(conn, :no_content, "") + def tag_users(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames, "tags" => tags}) do + with {:ok, _} <- User.tag(nicknames, tags) do + ModerationLog.insert_log(%{ + actor: admin, + nicknames: nicknames, + tags: tags, + action: "tag" + }) + + json_response(conn, :no_content, "") + end end - def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do - with {:ok, _} <- User.untag(nicknames, tags), - do: json_response(conn, :no_content, "") + def untag_users(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames, "tags" => tags}) do + with {:ok, _} <- User.untag(nicknames, tags) do + ModerationLog.insert_log(%{ + actor: admin, + nicknames: nicknames, + tags: tags, + action: "untag" + }) + + json_response(conn, :no_content, "") + end end def list_users(conn, params) do @@ -186,7 +245,10 @@ defp maybe_parse_filters(filters) do |> Enum.into(%{}, &{&1, true}) end - def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname}) + def right_add(%{assigns: %{user: admin}} = conn, %{ + "permission_group" => permission_group, + "nickname" => nickname + }) when permission_group in ["moderator", "admin"] do user = User.get_cached_by_nickname(nickname) @@ -201,6 +263,13 @@ def right_add(conn, %{"permission_group" => permission_group, "nickname" => nick |> Ecto.Changeset.change() |> Ecto.Changeset.put_embed(:info, info_cng) + ModerationLog.insert_log(%{ + action: "grant", + actor: admin, + subject: user, + permission: permission_group + }) + {:ok, _user} = User.update_and_set_cache(cng) json(conn, info) @@ -221,7 +290,7 @@ def right_get(conn, %{"nickname" => nickname}) do end def right_delete( - %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn, + %{assigns: %{user: %User{:nickname => admin_nickname} = admin}} = conn, %{ "permission_group" => permission_group, "nickname" => nickname @@ -245,6 +314,13 @@ def right_delete( {:ok, _user} = User.update_and_set_cache(cng) + ModerationLog.insert_log(%{ + action: "revoke", + actor: admin, + subject: user, + permission: permission_group + }) + json(conn, info) end end @@ -253,15 +329,33 @@ def right_delete(conn, _) do render_error(conn, :not_found, "No such permission_group") end - def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do + def set_activation_status(%{assigns: %{user: admin}} = conn, %{ + "nickname" => nickname, + "status" => status + }) do with {:ok, status} <- Ecto.Type.cast(:boolean, status), %User{} = user <- User.get_cached_by_nickname(nickname), - {:ok, _} <- User.deactivate(user, !status), - do: json_response(conn, :no_content, "") + {:ok, _} <- User.deactivate(user, !status) do + action = if(user.info.deactivated, do: "activate", else: "deactivate") + + ModerationLog.insert_log(%{ + actor: admin, + subject: user, + action: action + }) + + json_response(conn, :no_content, "") + end end - def relay_follow(conn, %{"relay_url" => target}) do + def relay_follow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do with {:ok, _message} <- Relay.follow(target) do + ModerationLog.insert_log(%{ + action: "relay_follow", + actor: admin, + target: target + }) + json(conn, target) else _ -> @@ -271,8 +365,14 @@ def relay_follow(conn, %{"relay_url" => target}) do end end - def relay_unfollow(conn, %{"relay_url" => target}) do + def relay_unfollow(%{assigns: %{user: admin}} = conn, %{"relay_url" => target}) do with {:ok, _message} <- Relay.unfollow(target) do + ModerationLog.insert_log(%{ + action: "relay_unfollow", + actor: admin, + target: target + }) + json(conn, target) else _ -> @@ -363,8 +463,14 @@ def report_show(conn, %{"id" => id}) do end end - def report_update_state(conn, %{"id" => id, "state" => state}) do + def report_update_state(%{assigns: %{user: admin}} = conn, %{"id" => id, "state" => state}) do with {:ok, report} <- CommonAPI.update_report_state(id, state) do + ModerationLog.insert_log(%{ + action: "report_update", + actor: admin, + subject: report + }) + conn |> put_view(ReportView) |> render("show.json", %{report: report}) @@ -381,6 +487,13 @@ def report_respond(%{assigns: %{user: user}} = conn, %{"id" => id} = params) do {:ok, activity} = CommonAPI.post(user, params) + ModerationLog.insert_log(%{ + action: "report_response", + actor: user, + subject: activity, + text: params["status"] + }) + conn |> put_view(StatusView) |> render("status.json", %{activity: activity}) @@ -393,8 +506,18 @@ def report_respond(%{assigns: %{user: user}} = conn, %{"id" => id} = params) do end end - def status_update(conn, %{"id" => id} = params) do + def status_update(%{assigns: %{user: admin}} = conn, %{"id" => id} = params) do with {:ok, activity} <- CommonAPI.update_activity_scope(id, params) do + {:ok, sensitive} = Ecto.Type.cast(:boolean, params["sensitive"]) + + ModerationLog.insert_log(%{ + action: "status_update", + actor: admin, + subject: activity, + sensitive: sensitive, + visibility: params["visibility"] + }) + conn |> put_view(StatusView) |> render("status.json", %{activity: activity}) @@ -403,10 +526,26 @@ def status_update(conn, %{"id" => id} = params) do def status_delete(%{assigns: %{user: user}} = conn, %{"id" => id}) do with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do + ModerationLog.insert_log(%{ + action: "status_delete", + actor: user, + subject_id: id + }) + json(conn, %{}) end end + def list_log(conn, params) do + {page, page_size} = page_params(params) + + log = ModerationLog.get_all(page, page_size) + + conn + |> put_view(ModerationLogView) + |> render("index.json", %{log: log}) + end + def migrate_to_db(conn, _params) do Mix.Tasks.Pleroma.Config.run(["migrate_to_db"]) json(conn, %{}) diff --git a/lib/pleroma/web/admin_api/views/moderation_log_view.ex b/lib/pleroma/web/admin_api/views/moderation_log_view.ex new file mode 100644 index 000000000..b3fc7cfe5 --- /dev/null +++ b/lib/pleroma/web/admin_api/views/moderation_log_view.ex @@ -0,0 +1,26 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ModerationLogView do + use Pleroma.Web, :view + + alias Pleroma.ModerationLog + + def render("index.json", %{log: log}) do + render_many(log, __MODULE__, "show.json", as: :log_entry) + end + + def render("show.json", %{log_entry: log_entry}) do + time = + log_entry.inserted_at + |> DateTime.from_naive!("Etc/UTC") + |> DateTime.to_unix() + + %{ + data: log_entry.data, + time: time, + message: ModerationLog.get_log_entry_message(log_entry) + } + end +end diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 61b96aba9..6958c7511 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -93,8 +93,7 @@ def attachments_from_ids_descs(ids, descs_str) do Activity.t() | nil, String.t(), Participation.t() | nil - ) :: - {list(String.t()), list(String.t())} + ) :: {list(String.t()), list(String.t())} def get_to_and_cc(_, _, _, _, %Participation{} = participation) do participation = Repo.preload(participation, :recipients) diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index fdba0f77f..07e2a4c2d 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -37,8 +37,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do action_fallback(:errors) def feed_redirect(%{assigns: %{format: "html"}} = conn, %{"nickname" => nickname}) do - with {_, %User{} = user} <- - {:fetch_user, User.get_cached_by_nickname_or_id(nickname)} do + with {_, %User{} = user} <- {:fetch_user, User.get_cached_by_nickname_or_id(nickname)} do RedirectController.redirector_with_meta(conn, %{user: user}) end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 97c5016d5..f800d16fd 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -198,6 +198,8 @@ defmodule Pleroma.Web.Router do post("/config", AdminAPIController, :config_update) get("/config/migrate_to_db", AdminAPIController, :migrate_to_db) get("/config/migrate_from_db", AdminAPIController, :migrate_from_db) + + get("/moderation_log", AdminAPIController, :list_log) end scope "/", Pleroma.Web.TwitterAPI do diff --git a/priv/repo/migrations/20190818124341_create_moderation_log.exs b/priv/repo/migrations/20190818124341_create_moderation_log.exs new file mode 100644 index 000000000..cef6636f3 --- /dev/null +++ b/priv/repo/migrations/20190818124341_create_moderation_log.exs @@ -0,0 +1,11 @@ +defmodule Pleroma.Repo.Migrations.CreateModerationLog do + use Ecto.Migration + + def change do + create table(:moderation_log) do + add(:data, :map) + + timestamps() + end + end +end diff --git a/test/moderation_log_test.exs b/test/moderation_log_test.exs new file mode 100644 index 000000000..c78708471 --- /dev/null +++ b/test/moderation_log_test.exs @@ -0,0 +1,301 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.ModerationLogTest do + alias Pleroma.Activity + alias Pleroma.ModerationLog + + use Pleroma.DataCase + + import Pleroma.Factory + + describe "user moderation" do + setup do + admin = insert(:user, info: %{is_admin: true}) + moderator = insert(:user, info: %{is_moderator: true}) + subject1 = insert(:user) + subject2 = insert(:user) + + [admin: admin, moderator: moderator, subject1: subject1, subject2: subject2] + end + + test "logging user deletion by moderator", %{moderator: moderator, subject1: subject1} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + subject: subject1, + action: "delete" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} deleted user @#{subject1.nickname}" + end + + test "logging user creation by moderator", %{ + moderator: moderator, + subject1: subject1, + subject2: subject2 + } do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + subjects: [subject1, subject2], + action: "create" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} created users: @#{subject1.nickname}, @#{subject2.nickname}" + end + + test "logging user follow by admin", %{admin: admin, subject1: subject1, subject2: subject2} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: admin, + followed: subject1, + follower: subject2, + action: "follow" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{admin.nickname} made @#{subject2.nickname} follow @#{subject1.nickname}" + end + + test "logging user unfollow by admin", %{admin: admin, subject1: subject1, subject2: subject2} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: admin, + followed: subject1, + follower: subject2, + action: "unfollow" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{admin.nickname} made @#{subject2.nickname} unfollow @#{subject1.nickname}" + end + + test "logging user tagged by admin", %{admin: admin, subject1: subject1, subject2: subject2} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: admin, + nicknames: [subject1.nickname, subject2.nickname], + tags: ["foo", "bar"], + action: "tag" + }) + + log = Repo.one(ModerationLog) + + users = + [subject1.nickname, subject2.nickname] + |> Enum.map(&"@#{&1}") + |> Enum.join(", ") + + tags = ["foo", "bar"] |> Enum.join(", ") + + assert ModerationLog.get_log_entry_message(log) == + "@#{admin.nickname} added tags: #{tags} to users: #{users}" + end + + test "logging user untagged by admin", %{admin: admin, subject1: subject1, subject2: subject2} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: admin, + nicknames: [subject1.nickname, subject2.nickname], + tags: ["foo", "bar"], + action: "untag" + }) + + log = Repo.one(ModerationLog) + + users = + [subject1.nickname, subject2.nickname] + |> Enum.map(&"@#{&1}") + |> Enum.join(", ") + + tags = ["foo", "bar"] |> Enum.join(", ") + + assert ModerationLog.get_log_entry_message(log) == + "@#{admin.nickname} removed tags: #{tags} from users: #{users}" + end + + test "logging user grant by moderator", %{moderator: moderator, subject1: subject1} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + subject: subject1, + action: "grant", + permission: "moderator" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} made @#{subject1.nickname} moderator" + end + + test "logging user revoke by moderator", %{moderator: moderator, subject1: subject1} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + subject: subject1, + action: "revoke", + permission: "moderator" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} revoked moderator role from @#{subject1.nickname}" + end + + test "logging relay follow", %{moderator: moderator} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "relay_follow", + target: "https://example.org/relay" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} followed relay: https://example.org/relay" + end + + test "logging relay unfollow", %{moderator: moderator} do + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "relay_unfollow", + target: "https://example.org/relay" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} unfollowed relay: https://example.org/relay" + end + + test "logging report update", %{moderator: moderator} do + report = %Activity{ + id: "9m9I1F4p8ftrTP6QTI", + data: %{ + "type" => "Flag", + "state" => "resolved" + } + } + + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "report_update", + subject: report + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} updated report ##{report.id} with 'resolved' state" + end + + test "logging report response", %{moderator: moderator} do + report = %Activity{ + id: "9m9I1F4p8ftrTP6QTI", + data: %{ + "type" => "Note" + } + } + + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "report_response", + subject: report, + text: "look at this" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} responded with 'look at this' to report ##{report.id}" + end + + test "logging status sensitivity update", %{moderator: moderator} do + note = insert(:note_activity) + + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "status_update", + subject: note, + sensitive: "true", + visibility: nil + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} updated status ##{note.id}, set sensitive: 'true'" + end + + test "logging status visibility update", %{moderator: moderator} do + note = insert(:note_activity) + + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "status_update", + subject: note, + sensitive: nil, + visibility: "private" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} updated status ##{note.id}, set visibility: 'private'" + end + + test "logging status sensitivity & visibility update", %{moderator: moderator} do + note = insert(:note_activity) + + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "status_update", + subject: note, + sensitive: "true", + visibility: "private" + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} updated status ##{note.id}, set sensitive: 'true', visibility: 'private'" + end + + test "logging status deletion", %{moderator: moderator} do + note = insert(:note_activity) + + {:ok, _} = + ModerationLog.insert_log(%{ + actor: moderator, + action: "status_delete", + subject_id: note.id + }) + + log = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log) == + "@#{moderator.nickname} deleted status ##{note.id}" + end + end +end diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index ab829d6bd..1afdb6a50 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -7,6 +7,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do alias Pleroma.Activity alias Pleroma.HTML + alias Pleroma.ModerationLog + alias Pleroma.Repo alias Pleroma.User alias Pleroma.UserInviteToken alias Pleroma.Web.CommonAPI @@ -24,6 +26,14 @@ test "Delete" do |> put_req_header("accept", "application/json") |> delete("/api/pleroma/admin/users?nickname=#{user.nickname}") + log_entry = Repo.one(ModerationLog) + + assert log_entry.data["subject"]["nickname"] == user.nickname + assert log_entry.data["action"] == "delete" + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deleted user @#{user.nickname}" + assert json_response(conn, 200) == user.nickname end @@ -51,6 +61,11 @@ test "Create" do response = json_response(conn, 200) |> Enum.map(&Map.get(&1, "type")) assert response == ["success", "success"] + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} created users: @lain2, @lain" end test "Cannot create user with exisiting email" do @@ -218,6 +233,11 @@ test "allows to force-follow another user" do follower = User.get_cached_by_id(follower.id) assert User.following?(follower, user) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} made @#{follower.nickname} follow @#{user.nickname}" end end @@ -241,6 +261,11 @@ test "allows to force-unfollow another user" do follower = User.get_cached_by_id(follower.id) refute User.following?(follower, user) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} made @#{follower.nickname} unfollow @#{user.nickname}" end end @@ -261,17 +286,30 @@ test "allows to force-unfollow another user" do }&tags[]=foo&tags[]=bar" ) - %{conn: conn, user1: user1, user2: user2, user3: user3} + %{conn: conn, admin: admin, user1: user1, user2: user2, user3: user3} end test "it appends specified tags to users with specified nicknames", %{ conn: conn, + admin: admin, user1: user1, user2: user2 } do assert json_response(conn, :no_content) assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"] assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"] + + log_entry = Repo.one(ModerationLog) + + users = + [user1.nickname, user2.nickname] + |> Enum.map(&"@#{&1}") + |> Enum.join(", ") + + tags = ["foo", "bar"] |> Enum.join(", ") + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} added tags: #{tags} to users: #{users}" end test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do @@ -297,17 +335,30 @@ test "it does not modify tags of not specified users", %{conn: conn, user3: user }&tags[]=x&tags[]=z" ) - %{conn: conn, user1: user1, user2: user2, user3: user3} + %{conn: conn, admin: admin, user1: user1, user2: user2, user3: user3} end test "it removes specified tags from users with specified nicknames", %{ conn: conn, + admin: admin, user1: user1, user2: user2 } do assert json_response(conn, :no_content) assert User.get_cached_by_id(user1.id).tags == [] assert User.get_cached_by_id(user2.id).tags == ["y"] + + log_entry = Repo.one(ModerationLog) + + users = + [user1.nickname, user2.nickname] + |> Enum.map(&"@#{&1}") + |> Enum.join(", ") + + tags = ["x", "z"] |> Enum.join(", ") + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} removed tags: #{tags} from users: #{users}" end test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do @@ -345,6 +396,11 @@ test "/:right POST, can add to a permission group" do assert json_response(conn, 200) == %{ "is_admin" => true } + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} made @#{user.nickname} admin" end test "/:right DELETE, can remove from a permission group" do @@ -360,6 +416,11 @@ test "/:right DELETE, can remove from a permission group" do assert json_response(conn, 200) == %{ "is_admin" => false } + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} revoked admin role from @#{user.nickname}" end end @@ -372,10 +433,10 @@ test "/:right DELETE, can remove from a permission group" do |> assign(:user, admin) |> put_req_header("accept", "application/json") - %{conn: conn} + %{conn: conn, admin: admin} end - test "deactivates the user", %{conn: conn} do + test "deactivates the user", %{conn: conn, admin: admin} do user = insert(:user) conn = @@ -385,9 +446,14 @@ test "deactivates the user", %{conn: conn} do user = User.get_cached_by_id(user.id) assert user.info.deactivated == true assert json_response(conn, :no_content) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deactivated user @#{user.nickname}" end - test "activates the user", %{conn: conn} do + test "activates the user", %{conn: conn, admin: admin} do user = insert(:user, info: %{deactivated: true}) conn = @@ -397,6 +463,11 @@ test "activates the user", %{conn: conn} do user = User.get_cached_by_id(user.id) assert user.info.deactivated == false assert json_response(conn, :no_content) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} activated user @#{user.nickname}" end test "returns 403 when requested by a non-admin", %{conn: conn} do @@ -987,6 +1058,11 @@ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do "avatar" => User.avatar_url(user) |> MediaProxy.url(), "display_name" => HTML.strip_tags(user.name || user.nickname) } + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deactivated user @#{user.nickname}" end describe "GET /api/pleroma/admin/users/invite_token" do @@ -1172,25 +1248,35 @@ test "returns 404 when report id is invalid", %{conn: conn} do "status_ids" => [activity.id] }) - %{conn: assign(conn, :user, admin), id: report_id} + %{conn: assign(conn, :user, admin), id: report_id, admin: admin} end - test "mark report as resolved", %{conn: conn, id: id} do + test "mark report as resolved", %{conn: conn, id: id, admin: admin} do response = conn |> put("/api/pleroma/admin/reports/#{id}", %{"state" => "resolved"}) |> json_response(:ok) assert response["state"] == "resolved" + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} updated report ##{id} with 'resolved' state" end - test "closes report", %{conn: conn, id: id} do + test "closes report", %{conn: conn, id: id, admin: admin} do response = conn |> put("/api/pleroma/admin/reports/#{id}", %{"state" => "closed"}) |> json_response(:ok) assert response["state"] == "closed" + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} updated report ##{id} with 'closed' state" end test "returns 400 when state is unknown", %{conn: conn, id: id} do @@ -1321,14 +1407,15 @@ test "returns 403 when requested by anonymous" do end end + # describe "POST /api/pleroma/admin/reports/:id/respond" do setup %{conn: conn} do admin = insert(:user, info: %{is_admin: true}) - %{conn: assign(conn, :user, admin)} + %{conn: assign(conn, :user, admin), admin: admin} end - test "returns created dm", %{conn: conn} do + test "returns created dm", %{conn: conn, admin: admin} do [reporter, target_user] = insert_pair(:user) activity = insert(:note_activity, user: target_user) @@ -1351,6 +1438,13 @@ test "returns created dm", %{conn: conn} do assert reporter.nickname in recipients assert response["content"] == "I will check it out" assert response["visibility"] == "direct" + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} responded with 'I will check it out' to report ##{ + response["id"] + }" end test "returns 400 when status is missing", %{conn: conn} do @@ -1374,10 +1468,10 @@ test "returns 404 when report id is invalid", %{conn: conn} do admin = insert(:user, info: %{is_admin: true}) activity = insert(:note_activity) - %{conn: assign(conn, :user, admin), id: activity.id} + %{conn: assign(conn, :user, admin), id: activity.id, admin: admin} end - test "toggle sensitive flag", %{conn: conn, id: id} do + test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do response = conn |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "true"}) @@ -1385,6 +1479,11 @@ test "toggle sensitive flag", %{conn: conn, id: id} do assert response["sensitive"] + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} updated status ##{id}, set sensitive: 'true'" + response = conn |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "false"}) @@ -1393,7 +1492,7 @@ test "toggle sensitive flag", %{conn: conn, id: id} do refute response["sensitive"] end - test "change visibility flag", %{conn: conn, id: id} do + test "change visibility flag", %{conn: conn, id: id, admin: admin} do response = conn |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "public"}) @@ -1401,6 +1500,11 @@ test "change visibility flag", %{conn: conn, id: id} do assert response["visibility"] == "public" + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} updated status ##{id}, set visibility: 'public'" + response = conn |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "private"}) @@ -1430,15 +1534,20 @@ test "returns 400 when visibility is unknown", %{conn: conn, id: id} do admin = insert(:user, info: %{is_admin: true}) activity = insert(:note_activity) - %{conn: assign(conn, :user, admin), id: activity.id} + %{conn: assign(conn, :user, admin), id: activity.id, admin: admin} end - test "deletes status", %{conn: conn, id: id} do + test "deletes status", %{conn: conn, id: id, admin: admin} do conn |> delete("/api/pleroma/admin/statuses/#{id}") |> json_response(:ok) refute Activity.get_by_id(id) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deleted status ##{id}" end test "returns error when status is not exist", %{conn: conn} do @@ -2139,6 +2248,108 @@ test "returns private statuses with godmode on", %{conn: conn, user: user} do assert json_response(conn, 200) |> length() == 5 end end + + describe "GET /api/pleroma/admin/moderation_log" do + setup %{conn: conn} do + admin = insert(:user, info: %{is_admin: true}) + + %{conn: assign(conn, :user, admin), admin: admin} + end + + test "returns the log", %{conn: conn, admin: admin} do + Repo.insert(%ModerationLog{ + data: %{ + actor: %{ + "id" => admin.id, + "nickname" => admin.nickname, + "type" => "user" + }, + action: "relay_follow", + target: "https://example.org/relay" + }, + inserted_at: NaiveDateTime.truncate(~N[2017-08-15 15:47:06.597036], :second) + }) + + Repo.insert(%ModerationLog{ + data: %{ + actor: %{ + "id" => admin.id, + "nickname" => admin.nickname, + "type" => "user" + }, + action: "relay_unfollow", + target: "https://example.org/relay" + }, + inserted_at: NaiveDateTime.truncate(~N[2017-08-16 15:47:06.597036], :second) + }) + + conn = get(conn, "/api/pleroma/admin/moderation_log") + + response = json_response(conn, 200) + [first_entry, second_entry] = response + + assert response |> length() == 2 + assert first_entry["data"]["action"] == "relay_unfollow" + + assert first_entry["message"] == + "@#{admin.nickname} unfollowed relay: https://example.org/relay" + + assert second_entry["data"]["action"] == "relay_follow" + + assert second_entry["message"] == + "@#{admin.nickname} followed relay: https://example.org/relay" + end + + test "returns the log with pagination", %{conn: conn, admin: admin} do + Repo.insert(%ModerationLog{ + data: %{ + actor: %{ + "id" => admin.id, + "nickname" => admin.nickname, + "type" => "user" + }, + action: "relay_follow", + target: "https://example.org/relay" + }, + inserted_at: NaiveDateTime.truncate(~N[2017-08-15 15:47:06.597036], :second) + }) + + Repo.insert(%ModerationLog{ + data: %{ + actor: %{ + "id" => admin.id, + "nickname" => admin.nickname, + "type" => "user" + }, + action: "relay_unfollow", + target: "https://example.org/relay" + }, + inserted_at: NaiveDateTime.truncate(~N[2017-08-16 15:47:06.597036], :second) + }) + + conn1 = get(conn, "/api/pleroma/admin/moderation_log?page_size=1&page=1") + + response1 = json_response(conn1, 200) + [first_entry] = response1 + + assert response1 |> length() == 1 + assert first_entry["data"]["action"] == "relay_unfollow" + + assert first_entry["message"] == + "@#{admin.nickname} unfollowed relay: https://example.org/relay" + + conn2 = get(conn, "/api/pleroma/admin/moderation_log?page_size=1&page=2") + + response2 = json_response(conn2, 200) + [second_entry] = response2 + + assert response2 |> length() == 1 + assert second_entry["data"]["action"] == "relay_follow" + + assert second_entry["message"] == + "@#{admin.nickname} followed relay: https://example.org/relay" + end + end end # Needed for testing From 3b1b631c2aedc8e359c296b11237fa4f6edd31e5 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 26 Aug 2019 18:59:57 +0700 Subject: [PATCH 35/48] Add validation in Pleroma.List.create/2 --- lib/pleroma/list.ex | 18 +++++++++++------- test/list_test.exs | 7 +++++++ 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 1d320206e..c572380c2 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -109,15 +109,19 @@ def rename(%Pleroma.List{} = list, title) do end def create(title, %User{} = creator) do - list = %Pleroma.List{user_id: creator.id, title: title} + changeset = title_changeset(%Pleroma.List{user_id: creator.id}, %{title: title}) - Repo.transaction(fn -> - list = Repo.insert!(list) + if changeset.valid? do + Repo.transaction(fn -> + list = Repo.insert!(changeset) - list - |> change(ap_id: "#{creator.ap_id}/lists/#{list.id}") - |> Repo.update!() - end) + list + |> change(ap_id: "#{creator.ap_id}/lists/#{list.id}") + |> Repo.update!() + end) + else + {:error, changeset} + end end def follow(%Pleroma.List{following: following} = list, %User{} = followed) do diff --git a/test/list_test.exs b/test/list_test.exs index f39033d02..8efba75ea 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -15,6 +15,13 @@ test "creating a list" do assert title == "title" end + test "validates title" do + user = insert(:user) + + assert {:error, changeset} = Pleroma.List.create("", user) + assert changeset.errors == [title: {"can't be blank", [validation: :required]}] + end + test "getting a list not belonging to the user" do user = insert(:user) other_user = insert(:user) From 4d82bc8b0b5a0b8b584b43330f902f8dc9637d3d Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 26 Aug 2019 19:16:40 +0700 Subject: [PATCH 36/48] Extract MastodonAPI.MastodonAPIController.errors/2 to MastodonAPI.FallbackController --- .../controllers/fallback_controller.ex | 34 +++++++++++++++++++ .../mastodon_api/mastodon_api_controller.ex | 31 +---------------- .../mastodon_api/subscription_controller.ex | 4 +-- 3 files changed, 36 insertions(+), 33 deletions(-) create mode 100644 lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex diff --git a/lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex b/lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex new file mode 100644 index 000000000..41243d5e7 --- /dev/null +++ b/lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex @@ -0,0 +1,34 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MastodonAPI.FallbackController do + use Pleroma.Web, :controller + + def call(conn, {:error, %Ecto.Changeset{} = changeset}) do + error_message = + changeset + |> Ecto.Changeset.traverse_errors(fn {message, _opt} -> message end) + |> Enum.map_join(", ", fn {_k, v} -> v end) + + conn + |> put_status(:unprocessable_entity) + |> json(%{error: error_message}) + end + + def call(conn, {:error, :not_found}) do + render_error(conn, :not_found, "Record not found") + end + + def call(conn, {:error, error_message}) do + conn + |> put_status(:bad_request) + |> json(%{error: error_message}) + end + + def call(conn, _) do + conn + |> put_status(:internal_server_error) + |> json(dgettext("errors", "Something went wrong")) + end +end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 53cf95fbb..e51b2d89c 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -83,7 +83,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do @local_mastodon_name "Mastodon-Local" - action_fallback(:errors) + action_fallback(Pleroma.Web.MastodonAPI.FallbackController) def create_app(conn, params) do scopes = Scopes.fetch_scopes(params, ["read"]) @@ -1587,35 +1587,6 @@ def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do json(conn, %{}) end - # fallback action - # - def errors(conn, {:error, %Changeset{} = changeset}) do - error_message = - changeset - |> Changeset.traverse_errors(fn {message, _opt} -> message end) - |> Enum.map_join(", ", fn {_k, v} -> v end) - - conn - |> put_status(:unprocessable_entity) - |> json(%{error: error_message}) - end - - def errors(conn, {:error, :not_found}) do - render_error(conn, :not_found, "Record not found") - end - - def errors(conn, {:error, error_message}) do - conn - |> put_status(:bad_request) - |> json(%{error: error_message}) - end - - def errors(conn, _) do - conn - |> put_status(:internal_server_error) - |> json(dgettext("errors", "Something went wrong")) - end - def suggestions(%{assigns: %{user: user}} = conn, _) do suggestions = Config.get(:suggestions) diff --git a/lib/pleroma/web/mastodon_api/subscription_controller.ex b/lib/pleroma/web/mastodon_api/subscription_controller.ex index 255ee2f18..e2b17aab1 100644 --- a/lib/pleroma/web/mastodon_api/subscription_controller.ex +++ b/lib/pleroma/web/mastodon_api/subscription_controller.ex @@ -64,8 +64,6 @@ def errors(conn, {:error, :not_found}) do end def errors(conn, _) do - conn - |> put_status(:internal_server_error) - |> json(dgettext("errors", "Something went wrong")) + Pleroma.Web.MastodonAPI.FallbackController.call(conn, nil) end end From 30510ade0e2f813413c5599245adc4dae8c7ffd8 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 26 Aug 2019 19:37:54 +0700 Subject: [PATCH 37/48] Extract MastodonAPIController's list actions into MastodonAPI.ListController; Add more tests --- .../controllers/list_controller.ex | 84 +++++++++ .../mastodon_api/mastodon_api_controller.ex | 76 -------- .../web/mastodon_api/views/list_view.ex | 6 +- lib/pleroma/web/router.ex | 16 +- .../controllers/list_controller_test.exs | 166 ++++++++++++++++++ .../mastodon_api_controller_test.exs | 101 +---------- .../{ => views}/list_view_test.exs | 14 +- 7 files changed, 274 insertions(+), 189 deletions(-) create mode 100644 lib/pleroma/web/mastodon_api/controllers/list_controller.ex create mode 100644 test/web/mastodon_api/controllers/list_controller_test.exs rename test/web/mastodon_api/{ => views}/list_view_test.exs (56%) diff --git a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex new file mode 100644 index 000000000..2873deda8 --- /dev/null +++ b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex @@ -0,0 +1,84 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MastodonAPI.ListController do + use Pleroma.Web, :controller + + alias Pleroma.User + alias Pleroma.Web.MastodonAPI.AccountView + + plug(:list_by_id_and_user when action not in [:index, :create]) + + action_fallback(Pleroma.Web.MastodonAPI.FallbackController) + + # GET /api/v1/lists + def index(%{assigns: %{user: user}} = conn, opts) do + lists = Pleroma.List.for_user(user, opts) + render(conn, "index.json", lists: lists) + end + + # POST /api/v1/lists + def create(%{assigns: %{user: user}} = conn, %{"title" => title}) do + with {:ok, %Pleroma.List{} = list} <- Pleroma.List.create(title, user) do + render(conn, "show.json", list: list) + end + end + + # GET /api/v1/lists/:id + def show(%{assigns: %{list: list}} = conn, _) do + render(conn, "show.json", list: list) + end + + # PUT /api/v1/lists/:id + def update(%{assigns: %{list: list}} = conn, %{"title" => title}) do + with {:ok, list} <- Pleroma.List.rename(list, title) do + render(conn, "show.json", list: list) + end + end + + # DELETE /api/v1/lists/:id + def delete(%{assigns: %{list: list}} = conn, _) do + with {:ok, _list} <- Pleroma.List.delete(list) do + json(conn, %{}) + end + end + + # GET /api/v1/lists/:id/accounts + def list_accounts(%{assigns: %{user: user, list: list}} = conn, _) do + with {:ok, users} <- Pleroma.List.get_following(list) do + conn + |> put_view(AccountView) + |> render("accounts.json", for: user, users: users, as: :user) + end + end + + # POST /api/v1/lists/:id/accounts + def add_to_list(%{assigns: %{list: list}} = conn, %{"account_ids" => account_ids}) do + Enum.each(account_ids, fn account_id -> + with %User{} = followed <- User.get_cached_by_id(account_id) do + Pleroma.List.follow(list, followed) + end + end) + + json(conn, %{}) + end + + # DELETE /api/v1/lists/:id/accounts + def remove_from_list(%{assigns: %{list: list}} = conn, %{"account_ids" => account_ids}) do + Enum.each(account_ids, fn account_id -> + with %User{} = followed <- User.get_cached_by_id(account_id) do + Pleroma.List.unfollow(list, followed) + end + end) + + json(conn, %{}) + end + + defp list_by_id_and_user(%{assigns: %{user: user}, params: %{"id" => id}} = conn, _) do + case Pleroma.List.get(id, user) do + %Pleroma.List{} = list -> assign(conn, :list, list) + nil -> conn |> render_error(:not_found, "List not found") |> halt() + end + end +end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e51b2d89c..31b0aaca0 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1205,88 +1205,12 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do |> render("index.json", %{activities: activities, for: user, as: :activity}) end - def get_lists(%{assigns: %{user: user}} = conn, opts) do - lists = Pleroma.List.for_user(user, opts) - res = ListView.render("lists.json", lists: lists) - json(conn, res) - end - - def get_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Pleroma.List{} = list <- Pleroma.List.get(id, user) do - res = ListView.render("list.json", list: list) - json(conn, res) - else - _e -> render_error(conn, :not_found, "Record not found") - end - end - def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do lists = Pleroma.List.get_lists_account_belongs(user, account_id) res = ListView.render("lists.json", lists: lists) json(conn, res) end - def delete_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - {:ok, _list} <- Pleroma.List.delete(list) do - json(conn, %{}) - else - _e -> - json(conn, dgettext("errors", "error")) - end - end - - def create_list(%{assigns: %{user: user}} = conn, %{"title" => title}) do - with {:ok, %Pleroma.List{} = list} <- Pleroma.List.create(title, user) do - res = ListView.render("list.json", list: list) - json(conn, res) - end - end - - def add_to_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do - accounts - |> Enum.each(fn account_id -> - with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - %User{} = followed <- User.get_cached_by_id(account_id) do - Pleroma.List.follow(list, followed) - end - end) - - json(conn, %{}) - end - - def remove_from_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do - accounts - |> Enum.each(fn account_id -> - with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - %User{} = followed <- User.get_cached_by_id(account_id) do - Pleroma.List.unfollow(list, followed) - end - end) - - json(conn, %{}) - end - - def list_accounts(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - {:ok, users} = Pleroma.List.get_following(list) do - conn - |> put_view(AccountView) - |> render("accounts.json", %{for: user, users: users, as: :user}) - end - end - - def rename_list(%{assigns: %{user: user}} = conn, %{"id" => id, "title" => title}) do - with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - {:ok, list} <- Pleroma.List.rename(list, title) do - res = ListView.render("list.json", list: list) - json(conn, res) - else - _e -> - json(conn, dgettext("errors", "error")) - end - end - def list_timeline(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do with %Pleroma.List{title: _title, following: following} <- Pleroma.List.get(id, user) do params = diff --git a/lib/pleroma/web/mastodon_api/views/list_view.ex b/lib/pleroma/web/mastodon_api/views/list_view.ex index 0f86e2512..bfda6f5b3 100644 --- a/lib/pleroma/web/mastodon_api/views/list_view.ex +++ b/lib/pleroma/web/mastodon_api/views/list_view.ex @@ -6,11 +6,11 @@ defmodule Pleroma.Web.MastodonAPI.ListView do use Pleroma.Web, :view alias Pleroma.Web.MastodonAPI.ListView - def render("lists.json", %{lists: lists} = opts) do - render_many(lists, ListView, "list.json", opts) + def render("index.json", %{lists: lists} = opts) do + render_many(lists, ListView, "show.json", opts) end - def render("list.json", %{list: list}) do + def render("show.json", %{list: list}) do %{ id: to_string(list.id), title: list.title diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1ad33630c..969dc66fd 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -312,9 +312,9 @@ defmodule Pleroma.Web.Router do get("/scheduled_statuses", MastodonAPIController, :scheduled_statuses) get("/scheduled_statuses/:id", MastodonAPIController, :show_scheduled_status) - get("/lists", MastodonAPIController, :get_lists) - get("/lists/:id", MastodonAPIController, :get_list) - get("/lists/:id/accounts", MastodonAPIController, :list_accounts) + get("/lists", ListController, :index) + get("/lists/:id", ListController, :show) + get("/lists/:id/accounts", ListController, :list_accounts) get("/domain_blocks", MastodonAPIController, :domain_blocks) @@ -355,12 +355,12 @@ defmodule Pleroma.Web.Router do post("/media", MastodonAPIController, :upload) put("/media/:id", MastodonAPIController, :update_media) - delete("/lists/:id", MastodonAPIController, :delete_list) - post("/lists", MastodonAPIController, :create_list) - put("/lists/:id", MastodonAPIController, :rename_list) + delete("/lists/:id", ListController, :delete) + post("/lists", ListController, :create) + put("/lists/:id", ListController, :update) - post("/lists/:id/accounts", MastodonAPIController, :add_to_list) - delete("/lists/:id/accounts", MastodonAPIController, :remove_from_list) + post("/lists/:id/accounts", ListController, :add_to_list) + delete("/lists/:id/accounts", ListController, :remove_from_list) post("/filters", MastodonAPIController, :create_filter) get("/filters/:id", MastodonAPIController, :get_filter) diff --git a/test/web/mastodon_api/controllers/list_controller_test.exs b/test/web/mastodon_api/controllers/list_controller_test.exs new file mode 100644 index 000000000..093506309 --- /dev/null +++ b/test/web/mastodon_api/controllers/list_controller_test.exs @@ -0,0 +1,166 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MastodonAPI.ListControllerTest do + use Pleroma.Web.ConnCase + + alias Pleroma.Repo + + import Pleroma.Factory + + test "creating a list", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/lists", %{"title" => "cuties"}) + + assert %{"title" => title} = json_response(conn, 200) + assert title == "cuties" + end + + test "renders error for invalid params", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/lists", %{"title" => nil}) + + assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity) + end + + test "listing a user's lists", %{conn: conn} do + user = insert(:user) + + conn + |> assign(:user, user) + |> post("/api/v1/lists", %{"title" => "cuties"}) + + conn + |> assign(:user, user) + |> post("/api/v1/lists", %{"title" => "cofe"}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/lists") + + assert [ + %{"id" => _, "title" => "cofe"}, + %{"id" => _, "title" => "cuties"} + ] = json_response(conn, :ok) + end + + test "adding users to a list", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) + + assert %{} == json_response(conn, 200) + %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) + assert following == [other_user.follower_address] + end + + test "removing users from a list", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + third_user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + {:ok, list} = Pleroma.List.follow(list, third_user) + + conn = + conn + |> assign(:user, user) + |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) + + assert %{} == json_response(conn, 200) + %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) + assert following == [third_user.follower_address] + end + + test "listing users in a list", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) + + assert [%{"id" => id}] = json_response(conn, 200) + assert id == to_string(other_user.id) + end + + test "retrieving a list", %{conn: conn} do + user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/lists/#{list.id}") + + assert %{"id" => id} = json_response(conn, 200) + assert id == to_string(list.id) + end + + test "renders 404 if list is not found", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/lists/666") + + assert %{"error" => "List not found"} = json_response(conn, :not_found) + end + + test "renaming a list", %{conn: conn} do + user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + + conn = + conn + |> assign(:user, user) + |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"}) + + assert %{"title" => name} = json_response(conn, 200) + assert name == "newname" + end + + test "validates title when renaming a list", %{conn: conn} do + user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + + conn = + conn + |> assign(:user, user) + |> put("/api/v1/lists/#{list.id}", %{"title" => " "}) + + assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity) + end + + test "deleting a list", %{conn: conn} do + user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + + conn = + conn + |> assign(:user, user) + |> delete("/api/v1/lists/#{list.id}") + + assert %{} = json_response(conn, 200) + assert is_nil(Repo.get(Pleroma.List, list.id)) + end +end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6fcdc19aa..4fd0a5aeb 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -927,106 +927,7 @@ test "delete a filter", %{conn: conn} do end end - describe "lists" do - test "creating a list", %{conn: conn} do - user = insert(:user) - - conn = - conn - |> assign(:user, user) - |> post("/api/v1/lists", %{"title" => "cuties"}) - - assert %{"title" => title} = json_response(conn, 200) - assert title == "cuties" - end - - test "adding users to a list", %{conn: conn} do - user = insert(:user) - other_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - - conn = - conn - |> assign(:user, user) - |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) - - assert %{} == json_response(conn, 200) - %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) - assert following == [other_user.follower_address] - end - - test "removing users from a list", %{conn: conn} do - user = insert(:user) - other_user = insert(:user) - third_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - {:ok, list} = Pleroma.List.follow(list, third_user) - - conn = - conn - |> assign(:user, user) - |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) - - assert %{} == json_response(conn, 200) - %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) - assert following == [third_user.follower_address] - end - - test "listing users in a list", %{conn: conn} do - user = insert(:user) - other_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) - - assert [%{"id" => id}] = json_response(conn, 200) - assert id == to_string(other_user.id) - end - - test "retrieving a list", %{conn: conn} do - user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/lists/#{list.id}") - - assert %{"id" => id} = json_response(conn, 200) - assert id == to_string(list.id) - end - - test "renaming a list", %{conn: conn} do - user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - - conn = - conn - |> assign(:user, user) - |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"}) - - assert %{"title" => name} = json_response(conn, 200) - assert name == "newname" - end - - test "deleting a list", %{conn: conn} do - user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - - conn = - conn - |> assign(:user, user) - |> delete("/api/v1/lists/#{list.id}") - - assert %{} = json_response(conn, 200) - assert is_nil(Repo.get(Pleroma.List, list.id)) - end - + describe "list timelines" do test "list timeline", %{conn: conn} do user = insert(:user) other_user = insert(:user) diff --git a/test/web/mastodon_api/list_view_test.exs b/test/web/mastodon_api/views/list_view_test.exs similarity index 56% rename from test/web/mastodon_api/list_view_test.exs rename to test/web/mastodon_api/views/list_view_test.exs index 73143467f..fb00310b9 100644 --- a/test/web/mastodon_api/list_view_test.exs +++ b/test/web/mastodon_api/views/list_view_test.exs @@ -7,7 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.ListViewTest do import Pleroma.Factory alias Pleroma.Web.MastodonAPI.ListView - test "Represent a list" do + test "show" do user = insert(:user) title = "mortal enemies" {:ok, list} = Pleroma.List.create(title, user) @@ -17,6 +17,16 @@ test "Represent a list" do title: title } - assert expected == ListView.render("list.json", %{list: list}) + assert expected == ListView.render("show.json", %{list: list}) + end + + test "index" do + user = insert(:user) + + {:ok, list} = Pleroma.List.create("my list", user) + {:ok, list2} = Pleroma.List.create("cofe", user) + + assert [%{id: _, title: "my list"}, %{id: _, title: "cofe"}] = + ListView.render("index.json", lists: [list, list2]) end end From 4194abbc8fbc8003d9923edaa491e798bea92107 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 26 Aug 2019 19:32:47 +0700 Subject: [PATCH 38/48] Move mastodon_api/*_controller.ex to mastodon_api/controllers/ --- .../mastodon_api_controller.ex | 20 +++++++++---------- .../{ => controllers}/search_controller.ex | 0 .../subscription_controller.ex | 0 3 files changed, 10 insertions(+), 10 deletions(-) rename lib/pleroma/web/mastodon_api/{ => controllers}/mastodon_api_controller.ex (98%) rename lib/pleroma/web/mastodon_api/{ => controllers}/search_controller.ex (100%) rename lib/pleroma/web/mastodon_api/{ => controllers}/subscription_controller.ex (100%) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex similarity index 98% rename from lib/pleroma/web/mastodon_api/mastodon_api_controller.ex rename to lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex index 31b0aaca0..83e877c0e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex @@ -189,7 +189,7 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do info_cng = User.Info.profile_update(user.info, info_params) with changeset <- User.update_changeset(user, user_params), - changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng), + changeset <- Changeset.put_embed(changeset, :info, info_cng), {:ok, user} <- User.update_and_set_cache(changeset) do if original_user != user do CommonAPI.update(user) @@ -225,7 +225,7 @@ def update_avatar(%{assigns: %{user: user}} = conn, params) do def update_banner(%{assigns: %{user: user}} = conn, %{"banner" => ""}) do with new_info <- %{"banner" => %{}}, info_cng <- User.Info.profile_update(user.info, new_info), - changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), + changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_cng), {:ok, user} <- User.update_and_set_cache(changeset) do CommonAPI.update(user) @@ -237,7 +237,7 @@ def update_banner(%{assigns: %{user: user}} = conn, params) do with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, type: :banner), new_info <- %{"banner" => object.data}, info_cng <- User.Info.profile_update(user.info, new_info), - changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), + changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_cng), {:ok, user} <- User.update_and_set_cache(changeset) do CommonAPI.update(user) %{"url" => [%{"href" => href} | _]} = object.data @@ -249,7 +249,7 @@ def update_banner(%{assigns: %{user: user}} = conn, params) do def update_background(%{assigns: %{user: user}} = conn, %{"img" => ""}) do with new_info <- %{"background" => %{}}, info_cng <- User.Info.profile_update(user.info, new_info), - changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), + changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_cng), {:ok, _user} <- User.update_and_set_cache(changeset) do json(conn, %{url: nil}) end @@ -259,7 +259,7 @@ def update_background(%{assigns: %{user: user}} = conn, params) do with {:ok, object} <- ActivityPub.upload(params, type: :background), new_info <- %{"background" => object.data}, info_cng <- User.Info.profile_update(user.info, new_info), - changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), + changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_cng), {:ok, _user} <- User.update_and_set_cache(changeset) do %{"url" => [%{"href" => href} | _]} = object.data @@ -806,8 +806,8 @@ def set_mascot(%{assigns: %{user: user}} = conn, %{"file" => file}) do user_changeset = user - |> Ecto.Changeset.change() - |> Ecto.Changeset.put_embed(:info, info_changeset) + |> Changeset.change() + |> Changeset.put_embed(:info, info_changeset) {:ok, _user} = User.update_and_set_cache(user_changeset) @@ -1344,8 +1344,8 @@ def index(%{assigns: %{user: user}} = conn, _params) do def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do info_cng = User.Info.mastodon_settings_update(user.info, settings) - with changeset <- Ecto.Changeset.change(user), - changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng), + with changeset <- Changeset.change(user), + changeset <- Changeset.put_embed(changeset, :info, info_cng), {:ok, _user} <- User.update_and_set_cache(changeset) do json(conn, %{}) else @@ -1409,7 +1409,7 @@ defp get_or_make_app do {:ok, app} else app - |> Ecto.Changeset.change(%{scopes: scopes}) + |> Changeset.change(%{scopes: scopes}) |> Repo.update() end diff --git a/lib/pleroma/web/mastodon_api/search_controller.ex b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex similarity index 100% rename from lib/pleroma/web/mastodon_api/search_controller.ex rename to lib/pleroma/web/mastodon_api/controllers/search_controller.ex diff --git a/lib/pleroma/web/mastodon_api/subscription_controller.ex b/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex similarity index 100% rename from lib/pleroma/web/mastodon_api/subscription_controller.ex rename to lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex From 019ced055836b3d01ea95865549478dc5cdb3c0e Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 26 Aug 2019 19:34:43 +0700 Subject: [PATCH 39/48] Move test/web/mastodon_api/*_test.exs to test/web/mastodon_api/controllers and test/web/mastodon_api/views --- .../mastodon_api_controller/update_credentials_test.exs | 0 .../web/mastodon_api/{ => controllers}/search_controller_test.exs | 0 .../{ => controllers}/subscription_controller_test.exs | 0 test/web/mastodon_api/{ => views}/account_view_test.exs | 0 test/web/mastodon_api/{ => views}/conversation_view_test.exs | 0 test/web/mastodon_api/{ => views}/notification_view_test.exs | 0 test/web/mastodon_api/{ => views}/push_subscription_view_test.exs | 0 .../web/mastodon_api/{ => views}/scheduled_activity_view_test.exs | 0 test/web/mastodon_api/{ => views}/status_view_test.exs | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename test/web/mastodon_api/{ => controllers}/mastodon_api_controller/update_credentials_test.exs (100%) rename test/web/mastodon_api/{ => controllers}/search_controller_test.exs (100%) rename test/web/mastodon_api/{ => controllers}/subscription_controller_test.exs (100%) rename test/web/mastodon_api/{ => views}/account_view_test.exs (100%) rename test/web/mastodon_api/{ => views}/conversation_view_test.exs (100%) rename test/web/mastodon_api/{ => views}/notification_view_test.exs (100%) rename test/web/mastodon_api/{ => views}/push_subscription_view_test.exs (100%) rename test/web/mastodon_api/{ => views}/scheduled_activity_view_test.exs (100%) rename test/web/mastodon_api/{ => views}/status_view_test.exs (100%) diff --git a/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs similarity index 100% rename from test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs rename to test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs diff --git a/test/web/mastodon_api/search_controller_test.exs b/test/web/mastodon_api/controllers/search_controller_test.exs similarity index 100% rename from test/web/mastodon_api/search_controller_test.exs rename to test/web/mastodon_api/controllers/search_controller_test.exs diff --git a/test/web/mastodon_api/subscription_controller_test.exs b/test/web/mastodon_api/controllers/subscription_controller_test.exs similarity index 100% rename from test/web/mastodon_api/subscription_controller_test.exs rename to test/web/mastodon_api/controllers/subscription_controller_test.exs diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs similarity index 100% rename from test/web/mastodon_api/account_view_test.exs rename to test/web/mastodon_api/views/account_view_test.exs diff --git a/test/web/mastodon_api/conversation_view_test.exs b/test/web/mastodon_api/views/conversation_view_test.exs similarity index 100% rename from test/web/mastodon_api/conversation_view_test.exs rename to test/web/mastodon_api/views/conversation_view_test.exs diff --git a/test/web/mastodon_api/notification_view_test.exs b/test/web/mastodon_api/views/notification_view_test.exs similarity index 100% rename from test/web/mastodon_api/notification_view_test.exs rename to test/web/mastodon_api/views/notification_view_test.exs diff --git a/test/web/mastodon_api/push_subscription_view_test.exs b/test/web/mastodon_api/views/push_subscription_view_test.exs similarity index 100% rename from test/web/mastodon_api/push_subscription_view_test.exs rename to test/web/mastodon_api/views/push_subscription_view_test.exs diff --git a/test/web/mastodon_api/scheduled_activity_view_test.exs b/test/web/mastodon_api/views/scheduled_activity_view_test.exs similarity index 100% rename from test/web/mastodon_api/scheduled_activity_view_test.exs rename to test/web/mastodon_api/views/scheduled_activity_view_test.exs diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/views/status_view_test.exs similarity index 100% rename from test/web/mastodon_api/status_view_test.exs rename to test/web/mastodon_api/views/status_view_test.exs From 66c1966688e9bb24ce1703217b89d8ec390b6095 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 26 Aug 2019 20:36:44 +0700 Subject: [PATCH 40/48] Disable rate limiter by default --- config/config.exs | 11 +---------- docs/config.md | 2 ++ 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/config/config.exs b/config/config.exs index e58454d68..f630771a3 100644 --- a/config/config.exs +++ b/config/config.exs @@ -556,16 +556,7 @@ config :http_signatures, adapter: Pleroma.Signature -config :pleroma, :rate_limit, - search: [{1000, 10}, {1000, 30}], - app_account_creation: {1_800_000, 25}, - relations_actions: {10_000, 10}, - relation_id_action: {60_000, 2}, - statuses_actions: {10_000, 15}, - status_id_action: {60_000, 3}, - password_reset: {1_800_000, 5}, - account_confirmation_resend: {8_640_000, 5}, - ap_routes: {60_000, 15} +config :pleroma, :rate_limit, nil config :pleroma, Pleroma.ActivityExpiration, enabled: true diff --git a/docs/config.md b/docs/config.md index 414b54660..61aa7db9b 100644 --- a/docs/config.md +++ b/docs/config.md @@ -671,6 +671,8 @@ This will probably take a long time. ## :rate_limit +This is an advanced feature and disabled by default. + A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where: * The first element: `scale` (Integer). The time scale in milliseconds. From c338224c93c3e8111cecdd3ef652016a574b55f4 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Mon, 26 Aug 2019 17:24:22 +0300 Subject: [PATCH 41/48] Fix sporadic test --- test/web/admin_api/admin_api_controller_test.exs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 1afdb6a50..4e2c27431 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -64,8 +64,7 @@ test "Create" do log_entry = Repo.one(ModerationLog) - assert ModerationLog.get_log_entry_message(log_entry) == - "@#{admin.nickname} created users: @lain2, @lain" + assert ["lain", "lain2"] -- Enum.map(log_entry.data["subjects"], & &1["nickname"]) == [] end test "Cannot create user with exisiting email" do From fd076def0a2d42ca4b406cdde3fc54b665512362 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 27 Aug 2019 02:24:14 +0700 Subject: [PATCH 42/48] Fix typo --- docs/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/config.md b/docs/config.md index 61aa7db9b..7a8819c91 100644 --- a/docs/config.md +++ b/docs/config.md @@ -8,7 +8,7 @@ If you run Pleroma with ``MIX_ENV=prod`` the file is ``prod.secret.exs``, otherw * `filters`: List of `Pleroma.Upload.Filter` to use. * `link_name`: When enabled Pleroma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers when using filters like `Pleroma.Upload.Filter.Dedupe` * `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host. -* `proxy_remote`: If you\'re using a remote uploader, Pleroma will proxy media requests instead of redirecting to it. +* `proxy_remote`: If you're using a remote uploader, Pleroma will proxy media requests instead of redirecting to it. * `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation. Note: `strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`. From 3da65292b389c1f1edeff03fd5097579721fb681 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 26 Aug 2019 14:34:52 -0500 Subject: [PATCH 43/48] Transmogrifier: Fix follow handling when the actor is an object. --- CHANGELOG.md | 1 + lib/pleroma/object.ex | 4 ++ .../web/activity_pub/transmogrifier.ex | 4 +- test/fixtures/osada-follow-activity.json | 56 +++++++++++++++++++ .../fixtures/tesla_mock/osada-user-indio.json | 1 + test/support/http_request_mock.ex | 5 ++ .../transmogrifier/follow_handling_test.exs | 19 +++++++ 7 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 test/fixtures/osada-follow-activity.json create mode 100644 test/fixtures/tesla_mock/osada-user-indio.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fdcb014a..20af9badc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Improve digest email template ### Fixed +- Following from Osada - Not being able to pin unlisted posts - Objects being re-embedded to activities after being updated (e.g faved/reposted). Running 'mix pleroma.database prune_objects' again is advised. - Favorites timeline doing database-intensive queries diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index c8d339c19..468549c87 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -230,4 +230,8 @@ def increase_vote_count(ap_id, name) do _ -> :noop end end + + def get_ap_id(%{"id" => id}), do: id + def get_ap_id(id) when is_binary(id), do: id + def get_ap_id(_), do: {:error, "Object is not a string and has no id."} end diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 36340a3a1..6c4259c02 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -464,8 +464,8 @@ def handle_incoming( %{"type" => "Follow", "object" => followed, "actor" => follower, "id" => id} = data, _options ) do - with %User{local: true} = followed <- User.get_cached_by_ap_id(followed), - {:ok, %User{} = follower} <- User.get_or_fetch_by_ap_id(follower), + with %User{local: true} = followed <- User.get_cached_by_ap_id(Object.get_ap_id(followed)), + {:ok, %User{} = follower} <- User.get_or_fetch_by_ap_id(Object.get_ap_id(follower)), {:ok, activity} <- ActivityPub.follow(follower, followed, id, false) do with deny_follow_blocked <- Pleroma.Config.get([:user, :deny_follow_blocked]), {_, false} <- {:user_blocked, User.blocks?(followed, follower) && deny_follow_blocked}, diff --git a/test/fixtures/osada-follow-activity.json b/test/fixtures/osada-follow-activity.json new file mode 100644 index 000000000..b991eea36 --- /dev/null +++ b/test/fixtures/osada-follow-activity.json @@ -0,0 +1,56 @@ +{ + "@context":[ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + "https://apfed.club/apschema/v1.4" + ], + "id":"https://apfed.club/follow/9", + "type":"Follow", + "actor":{ + "type":"Person", + "id":"https://apfed.club/channel/indio", + "preferredUsername":"indio", + "name":"Indio", + "updated":"2019-08-20T23:52:34Z", + "icon":{ + "type":"Image", + "mediaType":"image/jpeg", + "updated":"2019-08-20T23:53:37Z", + "url":"https://apfed.club/photo/profile/l/2", + "height":300, + "width":300 + }, + "url":"https://apfed.club/channel/indio", + "inbox":"https://apfed.club/inbox/indio", + "outbox":"https://apfed.club/outbox/indio", + "followers":"https://apfed.club/followers/indio", + "following":"https://apfed.club/following/indio", + "endpoints":{ + "sharedInbox":"https://apfed.club/inbox" + }, + "publicKey":{ + "id":"https://apfed.club/channel/indio", + "owner":"https://apfed.club/channel/indio", + "publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA77TIR1VuSYFnmDRFGHHb\n4vaGdx9ranzRX4bfOKAqa++Ch5L4EqJpPy08RuM+NrYCYiYl4QQFDSSDXAEgb5g9\nC1TgWTfI7q/E0UBX2Vr0mU6X4i1ztv0tuQvegRjcSJ7l1AvoBs8Ip4MEJ3OPEQhB\ngJqAACB3Gnps4zi2I0yavkxUfGVKr6zKT3BxWh5hTpKC7Do+ChIrVZC2EwxND9K6 +\nsAnQHThcb5EQuvuzUQZKeS7IEOsd0JpZDmJjbfMGrAWE81pLIfEeeA2joCJiBBTO\nglDsW+juvZ+lWqJpMr2hMWpvfrFjJeUawNJCIzsLdVIZR+aKj5yy6yqoS8hkN9Ha\n1MljZpsXl+EmwcwAIqim1YeLwERCEAQ/JWbSt8pQTQbzZ6ibwQ4mchCxacrRbIVR +\nnL59fWMBassJcbY0VwrTugm2SBsYbDjESd55UZV03Rwr8qseGTyi+hH8O7w2SIaY\nzjN6AdZiPmsh00YflzlCk8MSLOHMol1vqIUzXxU8CdXn9+KsuQdZGrTz0YKN/db4\naVwUGJatz2Tsvf7R1tJBjJfeQWOWbbn3pycLVH86LjZ83qngp9ZVnAveUnUqz0yS +\nhe+buZ6UMsfGzbIYon2bKNlz6gYTH0YPcr+cLe+29drtt0GZiXha1agbpo4RB8zE +\naNL2fucF5YT0yNpbd/5WoV0CAwEAAQ==\n-----END PUBLIC KEY-----\n" + } + }, + "object":"https://pleroma.site/users/kaniini", + "to":[ + "https://pleroma.site/users/kaniini" + ], + "signature":{ + "@context":[ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1" + ], + "type":"RsaSignature2017", + "nonce":"52c035e0a9e81dce8b486159204e97c22637e91f75cdfad5378de91de68e9117", + "creator":"https://apfed.club/channel/indio/public_key_pem", + "created":"2019-08-22T03:38:02Z", + "signatureValue":"oVliRCIqNIh6yUp851dYrF0y21aHp3Rz6VkIpW1pFMWfXuzExyWSfcELpyLseeRmsw5bUu9zJkH44B4G2LiJQKA9UoEQDjrDMZBmbeUpiQqq3DVUzkrBOI8bHZ7xyJ/CjSZcNHHh0MHhSKxswyxWMGi4zIqzkAZG3vRRgoPVHdjPm00sR3B8jBLw1cjoffv+KKeM/zEUpe13gqX9qHAWHHqZepxgSWmq+EKOkRvHUPBXiEJZfXzc5uW+vZ09F3WBYmaRoy8Y0e1P29fnRLqSy7EEINdrHaGclRqoUZyiawpkgy3lWWlynesV/HiLBR7EXT79eKstxf4wfTDaPKBCfTCsOWuMWHr7Genu37ew2/t7eiBGqCwwW12ylhml/OLHgNK3LOhmRABhtfpaFZSxfDVnlXfaLpY1xekVOj2oC0FpBtnoxVKLpIcyLw6dkfSil5ANd+hl59W/bpPA8KT90ii1fSNCo3+FcwQVx0YsPznJNA60XfFuVsme7zNcOst6393e1WriZxBanFpfB63zVQc9u1fjyfktx/yiUNxIlre+sz9OCc0AACn94iRhBYh4bbzdleUOTnM7lnD4Dj2FP+xeDIP8CA8wXUeq5+9kopSp2kAmlUEyFUdg4no7naIeu1SZnopfUg56PsVCp9JHiUK1SYAyWbdC+FbUECu5CvI=" + } +} diff --git a/test/fixtures/tesla_mock/osada-user-indio.json b/test/fixtures/tesla_mock/osada-user-indio.json new file mode 100644 index 000000000..c1d52c92a --- /dev/null +++ b/test/fixtures/tesla_mock/osada-user-indio.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1"],"type":"Person","id":"https://apfed.club/channel/indio","preferredUsername":"indio","name":"Indio","updated":"2019-08-20T23:52:34Z","icon":{"type":"Image","mediaType":"image/jpeg","updated":"2019-08-20T23:53:37Z","url":"https://apfed.club/photo/profile/l/2","height":300,"width":300},"url":"https://apfed.club/channel/indio","inbox":"https://apfed.club/inbox/indio","outbox":"https://apfed.club/outbox/indio","followers":"https://apfed.club/followers/indio","following":"https://apfed.club/following/indio","endpoints":{"sharedInbox":"https://apfed.club/inbox"},"publicKey":{"id":"https://apfed.club/channel/indio","owner":"https://apfed.club/channel/indio","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA77TIR1VuSYFnmDRFGHHb\n4vaGdx9ranzRX4bfOKAqa++Ch5L4EqJpPy08RuM+NrYCYiYl4QQFDSSDXAEgb5g9\nC1TgWTfI7q/E0UBX2Vr0mU6X4i1ztv0tuQvegRjcSJ7l1AvoBs8Ip4MEJ3OPEQhB\ngJqAACB3Gnps4zi2I0yavkxUfGVKr6zKT3BxWh5hTpKC7Do+ChIrVZC2EwxND9K6\nsAnQHThcb5EQuvuzUQZKeS7IEOsd0JpZDmJjbfMGrAWE81pLIfEeeA2joCJiBBTO\nglDsW+juvZ+lWqJpMr2hMWpvfrFjJeUawNJCIzsLdVIZR+aKj5yy6yqoS8hkN9Ha\n1MljZpsXl+EmwcwAIqim1YeLwERCEAQ/JWbSt8pQTQbzZ6ibwQ4mchCxacrRbIVR\nnL59fWMBassJcbY0VwrTugm2SBsYbDjESd55UZV03Rwr8qseGTyi+hH8O7w2SIaY\nzjN6AdZiPmsh00YflzlCk8MSLOHMol1vqIUzXxU8CdXn9+KsuQdZGrTz0YKN/db4\naVwUGJatz2Tsvf7R1tJBjJfeQWOWbbn3pycLVH86LjZ83qngp9ZVnAveUnUqz0yS\nhe+buZ6UMsfGzbIYon2bKNlz6gYTH0YPcr+cLe+29drtt0GZiXha1agbpo4RB8zE\naNL2fucF5YT0yNpbd/5WoV0CAwEAAQ==\n-----END PUBLIC KEY-----\n"},"signature":{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1"],"type":"RsaSignature2017","nonce":"c672a408d2e88b322b36a61bf0c25f586be9245d30293c55b8d653dcc867aaf7","creator":"https://apfed.club/channel/indio/public_key_pem","created":"2019-08-26T07:24:03Z","signatureValue":"MyAv5gnedu6L/DYFaE1TUYvp4LjI9ZUU0axwGYOhgD7qsjivMgwbOrjX/iH32xlcfF8nWOMh/ogu3+Qwr5sqLHkS2AimWmw1+Ubf2KccE58b8vI8zWfyu8QJnMuE92jtBPv8UTQUHw8ZebbExk3L99oXaeyVihKiMBmd63NpVTpGXZTg6m+H+KfWchVajPoyNKZtKMd3nH99x5j54Cqkz0BN5CSTwCSG0wP95G0VtZHtmhX+tsAPM3oAj0d+gtCZSCd8Nu8fvFAwCyTg1oKSfRqKb27EKHlskqK9X57x0jURH77CTAIQSejgGcKJ5GGLtvofubJkafadjagqrtqz6Mz6BZ642ssJ2KGkRAn79Q4F08goI6cfU5lLk2Tooe5A55XERnmE3SkYGyTvLpacZplxJdU0sa+deX9D7+alSGFJZSziaxpCxzrO6lEApe4b9kHXAzn9VaZt9trijkHq/kkq0i3NRcP7n8JG9q+Vv8jY9ddY6HcH89RNCBIA6MKLtAqc+vSc5G24qeZlw2MzlQWBp0KGuVG8DQR00AL6cXLBzF1WY8JZeEg6zqm+DMznbuNzgiS34BP+AehBSHlQ4MZebwDnK3ZPPqGSwioIWMxIFfZDaVDX9Pp1pXAARQMw0c/y4sDcf9FMzsr8jteEa7ZQcoqq5kXQTSCP56TEHnI="}} \ No newline at end of file diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 55b141dd8..05eebbe9b 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -775,6 +775,11 @@ def get("https://mastodon.social/users/lambadalambda", _, _, _) do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/lambadalambda.json")}} end + def get("https://apfed.club/channel/indio", _, _, _) do + {:ok, + %Tesla.Env{status: 200, body: File.read!("test/fixtures/tesla_mock/osada-user-indio.json")}} + end + def get("https://social.heldscal.la/user/23211", _, _, Accept: "application/activity+json") do {:ok, Tesla.Mock.json(%{"id" => "https://social.heldscal.la/user/23211"}, status: 200)} end diff --git a/test/web/activity_pub/transmogrifier/follow_handling_test.exs b/test/web/activity_pub/transmogrifier/follow_handling_test.exs index 857d65564..fe89f7cb0 100644 --- a/test/web/activity_pub/transmogrifier/follow_handling_test.exs +++ b/test/web/activity_pub/transmogrifier/follow_handling_test.exs @@ -19,6 +19,25 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.FollowHandlingTest do end describe "handle_incoming" do + test "it works for osada follow request" do + user = insert(:user) + + data = + File.read!("test/fixtures/osada-follow-activity.json") + |> Poison.decode!() + |> Map.put("object", user.ap_id) + + {:ok, %Activity{data: data, local: false} = activity} = Transmogrifier.handle_incoming(data) + + assert data["actor"] == "https://apfed.club/channel/indio" + assert data["type"] == "Follow" + assert data["id"] == "https://apfed.club/follow/9" + + activity = Repo.get(Activity, activity.id) + assert activity.data["state"] == "accept" + assert User.following?(User.get_cached_by_ap_id(data["actor"]), user) + end + test "it works for incoming follow requests" do user = insert(:user) From 00abe099cd85b03b880908eef1e469e656d56365 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Tue, 27 Aug 2019 16:21:03 +0300 Subject: [PATCH 44/48] added tests for ActivityPub.like\unlike --- lib/pleroma/activity/queries.ex | 49 ++++++ lib/pleroma/object.ex | 2 - lib/pleroma/web/activity_pub/activity_pub.ex | 9 +- .../activity_pub/activity_pub_controller.ex | 59 +++---- lib/pleroma/web/activity_pub/utils.ex | 150 ++++++++---------- test/support/factory.ex | 16 +- test/web/activity_pub/activity_pub_test.exs | 44 +++++ test/web/activity_pub/utils_test.exs | 102 ++++++++++++ 8 files changed, 304 insertions(+), 127 deletions(-) create mode 100644 lib/pleroma/activity/queries.ex diff --git a/lib/pleroma/activity/queries.ex b/lib/pleroma/activity/queries.ex new file mode 100644 index 000000000..aa5b29566 --- /dev/null +++ b/lib/pleroma/activity/queries.ex @@ -0,0 +1,49 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2018 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Activity.Queries do + @moduledoc """ + Contains queries for Activity. + """ + + import Ecto.Query, only: [from: 2] + + @type query :: Ecto.Queryable.t() | Activity.t() + + alias Pleroma.Activity + + @spec by_actor(query, String.t()) :: query + def by_actor(query \\ Activity, actor) do + from( + activity in query, + where: fragment("(?)->>'actor' = ?", activity.data, ^actor) + ) + end + + @spec by_object_id(query, String.t()) :: query + def by_object_id(query \\ Activity, object_id) do + from(activity in query, + where: + fragment( + "coalesce((?)->'object'->>'id', (?)->>'object') = ?", + activity.data, + activity.data, + ^object_id + ) + ) + end + + @spec by_type(query, String.t()) :: query + def by_type(query \\ Activity, activity_type) do + from( + activity in query, + where: fragment("(?)->>'type' = ?", activity.data, ^activity_type) + ) + end + + @spec limit(query, pos_integer()) :: query + def limit(query \\ Activity, limit) do + from(activity in query, limit: ^limit) + end +end diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index c8d339c19..d58eb7f7d 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -150,8 +150,6 @@ def set_cache(%Object{data: %{"id" => ap_id}} = object) do def update_and_set_cache(changeset) do with {:ok, object} <- Repo.update(changeset) do set_cache(object) - else - e -> e end end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 172c952d4..eeb826814 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -139,7 +139,7 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when # Splice in the child object if we have one. activity = - if !is_nil(object) do + if not is_nil(object) do Map.put(activity, :object, object) else activity @@ -331,12 +331,7 @@ def like( end end - def unlike( - %User{} = actor, - %Object{} = object, - activity_id \\ nil, - local \\ true - ) do + def unlike(%User{} = actor, %Object{} = object, activity_id \\ nil, local \\ true) do with %Activity{} = like_activity <- get_existing_like(actor.ap_id, object), unlike_data <- make_unlike_data(actor, like_activity, activity_id), {:ok, unlike_activity} <- insert(unlike_data, local), diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index ed801a7ae..5c73fc9f3 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -309,42 +309,43 @@ def handle_user_activity(_, _) do end def update_outbox( - %{assigns: %{user: user}} = conn, + %{assigns: %{user: %User{nickname: user_nickname} = user}} = conn, %{"nickname" => nickname} = params - ) do - if nickname == user.nickname do - actor = user.ap_id() + ) + when user_nickname == nickname do + actor = user.ap_id() - params = - params - |> Map.drop(["id"]) - |> Map.put("actor", actor) - |> Transmogrifier.fix_addressing() - - with {:ok, %Activity{} = activity} <- handle_user_activity(user, params) do - conn - |> put_status(:created) - |> put_resp_header("location", activity.data["id"]) - |> json(activity.data) - else - {:error, message} -> - conn - |> put_status(:bad_request) - |> json(message) - end - else - err = - dgettext("errors", "can't update outbox of %{nickname} as %{as_nickname}", - nickname: nickname, - as_nickname: user.nickname - ) + params = + params + |> Map.drop(["id"]) + |> Map.put("actor", actor) + |> Transmogrifier.fix_addressing() + with {:ok, %Activity{} = activity} <- handle_user_activity(user, params) do conn - |> put_status(:forbidden) - |> json(err) + |> put_status(:created) + |> put_resp_header("location", activity.data["id"]) + |> json(activity.data) + else + {:error, message} -> + conn + |> put_status(:bad_request) + |> json(message) end end + def update_outbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = _) do + err = + dgettext("errors", "can't update outbox of %{nickname} as %{as_nickname}", + nickname: nickname, + as_nickname: user.nickname + ) + + conn + |> put_status(:forbidden) + |> json(err) + end + def errors(conn, {:error, :not_found}) do conn |> put_status(:not_found) diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 1c3058658..c9c0c3763 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -166,6 +166,7 @@ def create_context(context) do @doc """ Enqueues an activity for federation if it's local """ + @spec maybe_federate(any()) :: :ok def maybe_federate(%Activity{local: true} = activity) do if Pleroma.Config.get!([:instance, :federating]) do priority = @@ -256,46 +257,27 @@ def insert_full_object(map), do: {:ok, map, nil} @doc """ Returns an existing like if a user already liked an object """ + @spec get_existing_like(String.t(), map()) :: Activity.t() | nil def get_existing_like(actor, %{data: %{"id" => id}}) do - query = - from( - activity in Activity, - where: fragment("(?)->>'actor' = ?", activity.data, ^actor), - # this is to use the index - where: - fragment( - "coalesce((?)->'object'->>'id', (?)->>'object') = ?", - activity.data, - activity.data, - ^id - ), - where: fragment("(?)->>'type' = 'Like'", activity.data) - ) - - Repo.one(query) + actor + |> Activity.Queries.by_actor() + |> Activity.Queries.by_object_id(id) + |> Activity.Queries.by_type("Like") + |> Activity.Queries.limit(1) + |> Repo.one() end @doc """ Returns like activities targeting an object """ def get_object_likes(%{data: %{"id" => id}}) do - query = - from( - activity in Activity, - # this is to use the index - where: - fragment( - "coalesce((?)->'object'->>'id', (?)->>'object') = ?", - activity.data, - activity.data, - ^id - ), - where: fragment("(?)->>'type' = 'Like'", activity.data) - ) - - Repo.all(query) + id + |> Activity.Queries.by_object_id() + |> Activity.Queries.by_type("Like") + |> Repo.all() end + @spec make_like_data(User.t(), map(), String.t()) :: map() def make_like_data( %User{ap_id: ap_id} = actor, %{data: %{"actor" => object_actor_id, "id" => id}} = object, @@ -315,7 +297,7 @@ def make_like_data( |> List.delete(actor.ap_id) |> List.delete(object_actor.follower_address) - data = %{ + %{ "type" => "Like", "actor" => ap_id, "object" => id, @@ -323,38 +305,49 @@ def make_like_data( "cc" => cc, "context" => object.data["context"] } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end + @spec update_element_in_object(String.t(), list(any), Object.t()) :: + {:ok, Object.t()} | {:error, Ecto.Changeset.t()} def update_element_in_object(property, element, object) do - with new_data <- - object.data - |> Map.put("#{property}_count", length(element)) - |> Map.put("#{property}s", element), - changeset <- Changeset.change(object, data: new_data), - {:ok, object} <- Object.update_and_set_cache(changeset) do - {:ok, object} - end + data = + Map.merge( + object.data, + %{"#{property}_count" => length(element), "#{property}s" => element} + ) + + object + |> Changeset.change(data: data) + |> Object.update_and_set_cache() end - def update_likes_in_object(likes, object) do + @spec add_like_to_object(Activity.t(), Object.t()) :: + {:ok, Object.t()} | {:error, Ecto.Changeset.t()} + def add_like_to_object(%Activity{data: %{"actor" => actor}}, object) do + [actor | fetch_likes(object)] + |> Enum.uniq() + |> update_likes_in_object(object) + end + + @spec remove_like_from_object(Activity.t(), Object.t()) :: + {:ok, Object.t()} | {:error, Ecto.Changeset.t()} + def remove_like_from_object(%Activity{data: %{"actor" => actor}}, object) do + object + |> fetch_likes() + |> List.delete(actor) + |> update_likes_in_object(object) + end + + defp update_likes_in_object(likes, object) do update_element_in_object("like", likes, object) end - def add_like_to_object(%Activity{data: %{"actor" => actor}}, object) do - likes = if is_list(object.data["likes"]), do: object.data["likes"], else: [] - - with likes <- [actor | likes] |> Enum.uniq() do - update_likes_in_object(likes, object) - end - end - - def remove_like_from_object(%Activity{data: %{"actor" => actor}}, object) do - likes = if is_list(object.data["likes"]), do: object.data["likes"], else: [] - - with likes <- likes |> List.delete(actor) do - update_likes_in_object(likes, object) + defp fetch_likes(object) do + if is_list(object.data["likes"]) do + object.data["likes"] + else + [] end end @@ -405,7 +398,7 @@ def make_follow_data( %User{ap_id: followed_id} = _followed, activity_id ) do - data = %{ + %{ "type" => "Follow", "actor" => follower_id, "to" => [followed_id], @@ -413,10 +406,7 @@ def make_follow_data( "object" => followed_id, "state" => "pending" } - - data = if activity_id, do: Map.put(data, "id", activity_id), else: data - - data + |> maybe_put("id", activity_id) end def fetch_latest_follow(%User{ap_id: follower_id}, %User{ap_id: followed_id}) do @@ -478,7 +468,7 @@ def make_announce_data( activity_id, false ) do - data = %{ + %{ "type" => "Announce", "actor" => ap_id, "object" => id, @@ -486,8 +476,7 @@ def make_announce_data( "cc" => [], "context" => object.data["context"] } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end def make_announce_data( @@ -496,7 +485,7 @@ def make_announce_data( activity_id, true ) do - data = %{ + %{ "type" => "Announce", "actor" => ap_id, "object" => id, @@ -504,8 +493,7 @@ def make_announce_data( "cc" => [Pleroma.Constants.as_public()], "context" => object.data["context"] } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end @doc """ @@ -516,7 +504,7 @@ def make_unannounce_data( %Activity{data: %{"context" => context}} = activity, activity_id ) do - data = %{ + %{ "type" => "Undo", "actor" => ap_id, "object" => activity.data, @@ -524,8 +512,7 @@ def make_unannounce_data( "cc" => [Pleroma.Constants.as_public()], "context" => context } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end def make_unlike_data( @@ -533,7 +520,7 @@ def make_unlike_data( %Activity{data: %{"context" => context}} = activity, activity_id ) do - data = %{ + %{ "type" => "Undo", "actor" => ap_id, "object" => activity.data, @@ -541,8 +528,7 @@ def make_unlike_data( "cc" => [Pleroma.Constants.as_public()], "context" => context } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end def add_announce_to_object( @@ -573,14 +559,13 @@ def remove_announce_from_object(%Activity{data: %{"actor" => actor}}, object) do #### Unfollow-related helpers def make_unfollow_data(follower, followed, follow_activity, activity_id) do - data = %{ + %{ "type" => "Undo", "actor" => follower.ap_id, "to" => [followed.ap_id], "object" => follow_activity.data } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end #### Block-related helpers @@ -610,25 +595,23 @@ def fetch_latest_block(%User{ap_id: blocker_id}, %User{ap_id: blocked_id}) do end def make_block_data(blocker, blocked, activity_id) do - data = %{ + %{ "type" => "Block", "actor" => blocker.ap_id, "to" => [blocked.ap_id], "object" => blocked.ap_id } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end def make_unblock_data(blocker, blocked, block_activity, activity_id) do - data = %{ + %{ "type" => "Undo", "actor" => blocker.ap_id, "to" => [blocked.ap_id], "object" => block_activity.data } - - if activity_id, do: Map.put(data, "id", activity_id), else: data + |> maybe_put("id", activity_id) end #### Create-related helpers @@ -799,4 +782,7 @@ def get_existing_votes(actor, %{data: %{"id" => id}}) do Repo.all(query) end + + defp maybe_put(map, _key, nil), do: map + defp maybe_put(map, key, value), do: Map.put(map, key, value) end diff --git a/test/support/factory.ex b/test/support/factory.ex index 62d1de717..719115003 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -207,13 +207,15 @@ def like_activity_factory(attrs \\ %{}) do object = Object.normalize(note_activity) user = insert(:user) - data = %{ - "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(), - "actor" => user.ap_id, - "type" => "Like", - "object" => object.data["id"], - "published_at" => DateTime.utc_now() |> DateTime.to_iso8601() - } + data = + %{ + "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(), + "actor" => user.ap_id, + "type" => "Like", + "object" => object.data["id"], + "published_at" => DateTime.utc_now() |> DateTime.to_iso8601() + } + |> Map.merge(attrs[:data_attrs] || %{}) %Pleroma.Activity{ data: data diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 1515f4eb6..f72b44aed 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -21,6 +21,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do :ok end + clear_config([:instance, :federating]) + describe "streaming out participations" do test "it streams them out" do user = insert(:user) @@ -676,6 +678,29 @@ test "returns reblogs for users for whom reblogs have not been muted" do end describe "like an object" do + test_with_mock "sends an activity to federation", Pleroma.Web.Federator, [:passthrough], [] do + Pleroma.Config.put([:instance, :federating], true) + note_activity = insert(:note_activity) + assert object_activity = Object.normalize(note_activity) + + user = insert(:user) + + {:ok, like_activity, _object} = ActivityPub.like(user, object_activity) + assert called(Pleroma.Web.Federator.publish(like_activity, 5)) + end + + test "returns exist activity if object already liked" do + note_activity = insert(:note_activity) + assert object_activity = Object.normalize(note_activity) + + user = insert(:user) + + {:ok, like_activity, _object} = ActivityPub.like(user, object_activity) + + {:ok, like_activity_exist, _object} = ActivityPub.like(user, object_activity) + assert like_activity == like_activity_exist + end + test "adds a like activity to the db" do note_activity = insert(:note_activity) assert object = Object.normalize(note_activity) @@ -706,6 +731,25 @@ test "adds a like activity to the db" do end describe "unliking" do + test_with_mock "sends an activity to federation", Pleroma.Web.Federator, [:passthrough], [] do + Pleroma.Config.put([:instance, :federating], true) + + note_activity = insert(:note_activity) + object = Object.normalize(note_activity) + user = insert(:user) + + {:ok, object} = ActivityPub.unlike(user, object) + refute called(Pleroma.Web.Federator.publish()) + + {:ok, _like_activity, object} = ActivityPub.like(user, object) + assert object.data["like_count"] == 1 + + {:ok, unlike_activity, _, object} = ActivityPub.unlike(user, object) + assert object.data["like_count"] == 0 + + assert called(Pleroma.Web.Federator.publish(unlike_activity, 5)) + end + test "unliking a previously liked object" do note_activity = insert(:note_activity) object = Object.normalize(note_activity) diff --git a/test/web/activity_pub/utils_test.exs b/test/web/activity_pub/utils_test.exs index ca5f057a7..eb429b2c4 100644 --- a/test/web/activity_pub/utils_test.exs +++ b/test/web/activity_pub/utils_test.exs @@ -14,6 +14,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do import Pleroma.Factory + require Pleroma.Constants + describe "fetch the latest Follow" do test "fetches the latest Follow activity" do %Activity{data: %{"type" => "Follow"}} = activity = insert(:follow_activity) @@ -87,6 +89,32 @@ test "works with an object that has only IR tags" do end end + describe "make_unlike_data/3" do + test "returns data for unlike activity" do + user = insert(:user) + like_activity = insert(:like_activity, data_attrs: %{"context" => "test context"}) + + assert Utils.make_unlike_data(user, like_activity, nil) == %{ + "type" => "Undo", + "actor" => user.ap_id, + "object" => like_activity.data, + "to" => [user.follower_address, like_activity.data["actor"]], + "cc" => [Pleroma.Constants.as_public()], + "context" => like_activity.data["context"] + } + + assert Utils.make_unlike_data(user, like_activity, "9mJEZK0tky1w2xD2vY") == %{ + "type" => "Undo", + "actor" => user.ap_id, + "object" => like_activity.data, + "to" => [user.follower_address, like_activity.data["actor"]], + "cc" => [Pleroma.Constants.as_public()], + "context" => like_activity.data["context"], + "id" => "9mJEZK0tky1w2xD2vY" + } + end + end + describe "make_like_data" do setup do user = insert(:user) @@ -299,4 +327,78 @@ test "updates the state of the given follow activity" do assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject" end end + + describe "update_element_in_object/3" do + test "updates likes" do + user = insert(:user) + activity = insert(:note_activity) + object = Object.normalize(activity) + + assert {:ok, updated_object} = + Utils.update_element_in_object( + "like", + [user.ap_id], + object + ) + + assert updated_object.data["likes"] == [user.ap_id] + assert updated_object.data["like_count"] == 1 + end + end + + describe "add_like_to_object/2" do + test "add actor to likes" do + user = insert(:user) + user2 = insert(:user) + object = insert(:note) + + assert {:ok, updated_object} = + Utils.add_like_to_object( + %Activity{data: %{"actor" => user.ap_id}}, + object + ) + + assert updated_object.data["likes"] == [user.ap_id] + assert updated_object.data["like_count"] == 1 + + assert {:ok, updated_object2} = + Utils.add_like_to_object( + %Activity{data: %{"actor" => user2.ap_id}}, + updated_object + ) + + assert updated_object2.data["likes"] == [user2.ap_id, user.ap_id] + assert updated_object2.data["like_count"] == 2 + end + end + + describe "remove_like_from_object/2" do + test "removes ap_id from likes" do + user = insert(:user) + user2 = insert(:user) + object = insert(:note, data: %{"likes" => [user.ap_id, user2.ap_id], "like_count" => 2}) + + assert {:ok, updated_object} = + Utils.remove_like_from_object( + %Activity{data: %{"actor" => user.ap_id}}, + object + ) + + assert updated_object.data["likes"] == [user2.ap_id] + assert updated_object.data["like_count"] == 1 + end + end + + describe "get_existing_like/2" do + test "fetches existing like" do + note_activity = insert(:note_activity) + assert object = Object.normalize(note_activity) + + user = insert(:user) + refute Utils.get_existing_like(user.ap_id, object) + {:ok, like_activity, _object} = ActivityPub.like(user, object) + + assert ^like_activity = Utils.get_existing_like(user.ap_id, object) + end + end end From c30cc039e423e8f31d0222747e301514b7d0dd9e Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 27 Aug 2019 12:22:30 -0500 Subject: [PATCH 45/48] Transmogrifier: Use Containment.get_actor to get actors. --- lib/pleroma/object.ex | 4 ---- lib/pleroma/web/activity_pub/transmogrifier.ex | 6 ++++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index 468549c87..c8d339c19 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -230,8 +230,4 @@ def increase_vote_count(ap_id, name) do _ -> :noop end end - - def get_ap_id(%{"id" => id}), do: id - def get_ap_id(id) when is_binary(id), do: id - def get_ap_id(_), do: {:error, "Object is not a string and has no id."} end diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 6c4259c02..468961bd0 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -464,8 +464,10 @@ def handle_incoming( %{"type" => "Follow", "object" => followed, "actor" => follower, "id" => id} = data, _options ) do - with %User{local: true} = followed <- User.get_cached_by_ap_id(Object.get_ap_id(followed)), - {:ok, %User{} = follower} <- User.get_or_fetch_by_ap_id(Object.get_ap_id(follower)), + with %User{local: true} = followed <- + User.get_cached_by_ap_id(Containment.get_actor(%{"actor" => followed})), + {:ok, %User{} = follower} <- + User.get_or_fetch_by_ap_id(Containment.get_actor(%{"actor" => follower})), {:ok, activity} <- ActivityPub.follow(follower, followed, id, false) do with deny_follow_blocked <- Pleroma.Config.get([:user, :deny_follow_blocked]), {_, false} <- {:user_blocked, User.blocks?(followed, follower) && deny_follow_blocked}, From ffcd742aa0797b5bb872e58c1e605f22c8652250 Mon Sep 17 00:00:00 2001 From: Maksim Date: Tue, 27 Aug 2019 17:37:19 +0000 Subject: [PATCH 46/48] Apply suggestion to lib/pleroma/web/activity_pub/activity_pub_controller.ex --- lib/pleroma/web/activity_pub/activity_pub_controller.ex | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 5c73fc9f3..08bf1c752 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -309,10 +309,9 @@ def handle_user_activity(_, _) do end def update_outbox( - %{assigns: %{user: %User{nickname: user_nickname} = user}} = conn, + %{assigns: %{user: %User{nickname: nickname} = user}} = conn, %{"nickname" => nickname} = params - ) - when user_nickname == nickname do + ) do actor = user.ap_id() params = From 7853b3f17d3b57d7ac91bc909a57143674f57272 Mon Sep 17 00:00:00 2001 From: feld Date: Fri, 30 Aug 2019 00:38:03 +0000 Subject: [PATCH 47/48] Fix AntiFollowbotPolicy when trying to follow a relay --- CHANGELOG.md | 1 + .../web/activity_pub/mrf/anti_followbot_policy.ex | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 20af9badc..4acb749ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances - MRF: fix use of unserializable keyword lists in describe() implementations - ActivityPub: Deactivated user deletion +- MRF: fix ability to follow a relay when AntiFollowbotPolicy was enabled ### Added - Expiring/ephemeral activites. All activities can have expires_at value set, which controls when they should be deleted automatically. diff --git a/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex b/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex index de1eb4aa5..b3547ecd4 100644 --- a/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex @@ -25,11 +25,15 @@ defp score_displayname("fedibot"), do: 1.0 defp score_displayname(_), do: 0.0 defp determine_if_followbot(%User{nickname: nickname, name: displayname}) do - # nickname will always be a binary string because it's generated by Pleroma. + # nickname will be a binary string except when following a relay nick_score = - nickname - |> String.downcase() - |> score_nickname() + if is_binary(nickname) do + nickname + |> String.downcase() + |> score_nickname() + else + 0.0 + end # displayname will either be a binary string or nil, if a displayname isn't set. name_score = From 99b4847da3244a0d023ae25b2669afb07a4eda4f Mon Sep 17 00:00:00 2001 From: kPherox Date: Fri, 30 Aug 2019 21:00:50 +0900 Subject: [PATCH 48/48] Fix missing changes in pleroma/pleroma!1197 --- installation/pleroma.nginx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index e3c70de54..4da9918ca 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -71,26 +71,26 @@ server { proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; - # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only - # and `localhost.` resolves to [::0] on some systems: see issue #930 + # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only + # and `localhost.` resolves to [::0] on some systems: see issue #930 proxy_pass http://127.0.0.1:4000; client_max_body_size 16m; } location ~ ^/(media|proxy) { - proxy_cache pleroma_media_cache; + proxy_cache pleroma_media_cache; slice 1m; proxy_cache_key $host$uri$is_args$args$slice_range; proxy_set_header Range $slice_range; proxy_http_version 1.1; proxy_cache_valid 200 206 301 304 1h; - proxy_cache_lock on; + proxy_cache_lock on; proxy_ignore_client_abort on; - proxy_buffering on; + proxy_buffering on; chunked_transfer_encoding on; proxy_ignore_headers Cache-Control; - proxy_hide_header Cache-Control; - proxy_pass http://localhost:4000; + proxy_hide_header Cache-Control; + proxy_pass http://127.0.0.1:4000; } }