From 90facd359813197060f6c33f2389fce772550fc3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:28:11 +0000 Subject: [PATCH 1/7] user view: add AP C2S oauth endpoints to local user profiles --- .../web/activity_pub/views/user_view.ex | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 15e6c1f68..0d880212e 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -15,6 +15,20 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query + def render("endpoints.json", %{user: %{local: true} = _user}) do + %{ + "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", + "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" + } + |> Map.merge(render("endpoints.json", nil)) + end + + def render("endpoints.json", _) do + %{ + "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" + } + end + # the instance itself is not a Person, but instead an Application def render("user.json", %{user: %{nickname: nil} = user}) do {:ok, user} = WebFinger.ensure_keys_present(user) @@ -22,6 +36,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) public_key = :public_key.pem_encode([public_key]) + endpoints = render("endpoints.json", %{user: user}) + %{ "id" => user.ap_id, "type" => "Application", @@ -37,9 +53,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "owner" => user.ap_id, "publicKeyPem" => public_key }, - "endpoints" => %{ - "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" - } + "endpoints" => endpoints } |> Map.merge(Utils.make_json_ld_header()) end @@ -50,6 +64,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) public_key = :public_key.pem_encode([public_key]) + endpoints = render("endpoints.json", %{user: user}) + %{ "id" => user.ap_id, "type" => "Person", @@ -67,9 +83,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "owner" => user.ap_id, "publicKeyPem" => public_key }, - "endpoints" => %{ - "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" - }, + "endpoints" => endpoints, "icon" => %{ "type" => "Image", "url" => User.avatar_url(user) From dd989962e681a126ff086064d22cbcbd9bfaf7a2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:37:37 +0000 Subject: [PATCH 2/7] litepub schema: add oauthRegistrationEndpoint [ci skip] --- priv/static/schemas/litepub-0.1.jsonld | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/priv/static/schemas/litepub-0.1.jsonld b/priv/static/schemas/litepub-0.1.jsonld index 15645646a..f36b231c5 100644 --- a/priv/static/schemas/litepub-0.1.jsonld +++ b/priv/static/schemas/litepub-0.1.jsonld @@ -19,7 +19,11 @@ "value": "schema:value", "sensitive": "as:sensitive", "litepub": "http://litepub.social/ns#", - "directMessage": "litepub:directMessage" + "directMessage": "litepub:directMessage", + "oauthRegistrationEndpoint": { + "@id": "litepub:oauthRegistrationEndpoint", + "@type": "@id" + } } ] } From db8abd958dc2266262def048352466280c12d3a7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:42:32 +0000 Subject: [PATCH 3/7] activitypub: user view: fix up endpoints rendering --- lib/pleroma/web/activity_pub/views/user_view.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 0d880212e..44beee728 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -15,12 +15,12 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query - def render("endpoints.json", %{user: %{local: true} = _user}) do + def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" } - |> Map.merge(render("endpoints.json", nil)) + |> Map.merge(render("endpoints.json", %{user: nil})) end def render("endpoints.json", _) do From 29e946ace43f5dd3342e2bd3699004e9c56e711d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:49:48 +0000 Subject: [PATCH 4/7] activitypub: user view: add oauthRegistrationEndpoint to user profiles --- lib/pleroma/web/activity_pub/views/user_view.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 44beee728..af75546dd 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -18,6 +18,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", + "oauthRegistrationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/api/v1/apps", "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" } |> Map.merge(render("endpoints.json", %{user: nil})) From 9bd6ed975ec57f46ff6796fadb8822faec262bbc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 13 Feb 2019 19:20:41 +0000 Subject: [PATCH 5/7] activitypub: user view: use route helpers instead of hardcoded URIs --- .../web/activity_pub/views/user_view.ex | 18 ++++++++---------- lib/pleroma/web/router.ex | 2 +- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index af75546dd..035463de2 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -12,23 +12,21 @@ defmodule Pleroma.Web.ActivityPub.UserView do alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.Router.Helpers + alias Pleroma.Web.Endpoint import Ecto.Query - def render("endpoints.json", %{user: %User{local: true} = _user}) do + def render("endpoints.json", %{user: %User{nickname: _nickname, local: true} = _user}) do %{ - "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", - "oauthRegistrationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/api/v1/apps", - "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" + "oauthAuthorizationEndpoint" => Helpers.o_auth_url(Endpoint, :authorize), + "oauthRegistrationEndpoint" => Helpers.mastodon_api_url(Endpoint, :create_app), + "oauthTokenEndpoint" => Helpers.o_auth_url(Endpoint, :token_exchange), + "sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox) } - |> Map.merge(render("endpoints.json", %{user: nil})) end - def render("endpoints.json", _) do - %{ - "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" - } - end + def render("endpoints.json", _), do: %{} # the instance itself is not a Person, but instead an Application def render("user.json", %{user: %{nickname: nil} = user}) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5b5627ce8..d66a1c2a1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -468,8 +468,8 @@ defmodule Pleroma.Web.Router do scope "/", Pleroma.Web.ActivityPub do pipe_through(:activitypub) - post("/users/:nickname/inbox", ActivityPubController, :inbox) post("/inbox", ActivityPubController, :inbox) + post("/users/:nickname/inbox", ActivityPubController, :inbox) end scope "/.well-known", Pleroma.Web do From d54c483964692e1ca6b813d6b35a0635d3c0abf9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 13 Feb 2019 19:48:24 +0000 Subject: [PATCH 6/7] tests: add tests for endpoints --- .../web/activity_pub/views/user_view_test.exs | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/web/activity_pub/views/user_view_test.exs b/test/web/activity_pub/views/user_view_test.exs index 7fc870e96..95d736c50 100644 --- a/test/web/activity_pub/views/user_view_test.exs +++ b/test/web/activity_pub/views/user_view_test.exs @@ -15,4 +15,32 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do assert String.contains?(result["publicKey"]["publicKeyPem"], "BEGIN PUBLIC KEY") end + + describe "endpoints" do + test "local users have a usable endpoints structure" do + user = insert(:user) + {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user) + + result = UserView.render("user.json", %{user: user}) + + assert result["id"] == user.ap_id + + %{ + "sharedInbox" => _, + "oauthAuthorizationEndpoint" => _, + "oauthRegistrationEndpoint" => _, + "oauthTokenEndpoint" => _ + } = result["endpoints"] + end + + test "remote users have an empty endpoints structure" do + user = insert(:user, local: false) + {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user) + + result = UserView.render("user.json", %{user: user}) + + assert result["id"] == user.ap_id + assert result["endpoints"] == %{} + end + end end From 64620d8980e3e93791d3f880296be2060ffc4d39 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 02:41:21 +0000 Subject: [PATCH 7/7] activitypub: user view: do not expose oAuth endpoints for instance users --- lib/pleroma/web/activity_pub/views/user_view.ex | 6 +++++- test/web/activity_pub/views/user_view_test.exs | 11 +++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 035463de2..b363a3dc4 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -17,7 +17,11 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query - def render("endpoints.json", %{user: %User{nickname: _nickname, local: true} = _user}) do + def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) do + %{"sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox)} + end + + def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ "oauthAuthorizationEndpoint" => Helpers.o_auth_url(Endpoint, :authorize), "oauthRegistrationEndpoint" => Helpers.mastodon_api_url(Endpoint, :create_app), diff --git a/test/web/activity_pub/views/user_view_test.exs b/test/web/activity_pub/views/user_view_test.exs index 95d736c50..0bc1d4728 100644 --- a/test/web/activity_pub/views/user_view_test.exs +++ b/test/web/activity_pub/views/user_view_test.exs @@ -42,5 +42,16 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do assert result["id"] == user.ap_id assert result["endpoints"] == %{} end + + test "instance users do not expose oAuth endpoints" do + user = insert(:user, nickname: nil, local: true) + {:ok, user} = Pleroma.Web.WebFinger.ensure_keys_present(user) + + result = UserView.render("user.json", %{user: user}) + + refute result["endpoints"]["oauthAuthorizationEndpoint"] + refute result["endpoints"]["oauthRegistrationEndpoint"] + refute result["endpoints"]["oauthTokenEndpoint"] + end end end