From a3dc02d282f886d3b4842ec70976cfa84f2e4099 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 1 May 2019 16:11:17 +0700 Subject: [PATCH 01/29] Add addressable lists --- lib/pleroma/web/activity_pub/activity_pub.ex | 74 +++++++++++++------ .../web/activity_pub/transmogrifier.ex | 5 +- lib/pleroma/web/common_api/common_api.ex | 28 +++---- lib/pleroma/web/common_api/utils.ex | 15 ++++ lib/pleroma/web/salmon/salmon.ex | 8 +- 5 files changed, 92 insertions(+), 38 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 604ffae7b..84d7f47b1 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -28,19 +28,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. defp get_recipients(%{"type" => "Announce"} = data) do - to = data["to"] || [] - cc = data["cc"] || [] + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) actor = User.get_cached_by_ap_id(data["actor"]) recipients = - (to ++ cc) - |> Enum.filter(fn recipient -> + Enum.filter(Enum.concat([to, cc, bcc]), fn recipient -> case User.get_cached_by_ap_id(recipient) do - nil -> - true - - user -> - User.following?(user, actor) + nil -> true + user -> User.following?(user, actor) end end) @@ -48,17 +45,19 @@ defp get_recipients(%{"type" => "Announce"} = data) do end defp get_recipients(%{"type" => "Create"} = data) do - to = data["to"] || [] - cc = data["cc"] || [] - actor = data["actor"] || [] - recipients = (to ++ cc ++ [actor]) |> Enum.uniq() + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) + actor = Map.get(data, "actor", []) + recipients = [to, cc, bcc, [actor]] |> Enum.concat() |> Enum.uniq() {recipients, to, cc} end defp get_recipients(data) do - to = data["to"] || [] - cc = data["cc"] || [] - recipients = to ++ cc + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) + recipients = Enum.concat([to, cc, bcc]) {recipients, to, cc} end @@ -917,22 +916,55 @@ def should_federate?(inbox, public) do end end - def publish(actor, activity) do - remote_followers = + defp recipients(actor, activity) do + Pleroma.Web.Salmon.remote_users(activity) ++ if actor.follower_address in activity.recipients do {:ok, followers} = User.get_followers(actor) followers |> Enum.filter(&(!&1.local)) else [] end + end + def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bcc != [] do public = is_public?(activity) - {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) + + recipients = recipients(actor, activity) + + recipients + |> Enum.filter(&User.ap_enabled?/1) + |> Enum.map(fn %{info: %{source_data: data}} -> data["inbox"] end) + |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) + |> Instances.filter_reachable() + |> Enum.each(fn {inbox, unreachable_since} -> + %User{ap_id: cc} = + Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + + json = + data + |> Map.put("cc", [cc]) + |> Map.put("directMessage", true) + |> Jason.encode!() + + Federator.publish_single_ap(%{ + inbox: inbox, + json: json, + actor: actor, + id: activity.data["id"], + unreachable_since: unreachable_since + }) + end) + end + + def publish(actor, activity) do + public = is_public?(activity) + {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) + json = Jason.encode!(data) - (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers) - |> Enum.filter(fn user -> User.ap_enabled?(user) end) + recipients(actor, activity) + |> Enum.filter(&User.ap_enabled?/1) |> Enum.map(fn %{info: %{source_data: data}} -> (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"] end) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index b1e859d7c..3b7193eaa 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -741,13 +741,16 @@ def prepare_object(object) do def prepare_outgoing(%{"type" => "Create", "object" => object_id} = data) do object = - Object.normalize(object_id).data + object_id + |> Object.normalize() + |> Map.get(:data) |> prepare_object data = data |> Map.put("object", object) |> Map.merge(Utils.make_json_ld_header()) + |> Map.delete("bcc") {:ok, data} end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index cfbc5dc10..4ca59110f 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -119,6 +119,10 @@ def get_visibility(%{"visibility" => visibility}) when visibility in ~w{public unlisted private direct}, do: visibility + def get_visibility(%{"visibility" => "list:" <> list_id}) do + {:list, String.to_integer(list_id)} + end + def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do case get_replied_to_activity(status_id) do nil -> @@ -149,6 +153,7 @@ def post(user, %{"status" => status} = data) do visibility ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), + {:ok, bcc} <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -174,19 +179,16 @@ def post(user, %{"status" => status} = data) do Map.put(acc, name, "#{Pleroma.Web.Endpoint.static_url()}#{file}") end) ) do - res = - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) - - res + ActivityPub.create( + %{ + to: to, + actor: user, + context: context, + object: object, + additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} + }, + Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + ) end end diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 887f878c4..83a745b58 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter + alias Pleroma.List alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -102,6 +103,20 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do end end + def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} + + def bcc_for_list(user, {:list, list_id}) do + with {_, %List{} = list} <- {:list, List.get(list_id, user)}, + {:ok, following} <- List.get_following(list) do + {:ok, Enum.map(following, & &1.ap_id)} + else + {:list, _} -> {:error, "List not found"} + err -> err + end + end + + def bcc_for_list(_, _), do: {:ok, []} + def make_content_html( status, attachments, diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 0a9e51656..4d89f4bdb 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -157,10 +157,12 @@ def encode(private_key, doc) do end def remote_users(%{data: %{"to" => to} = data}) do - to = to ++ (data["cc"] || []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) - to - |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end) + [to, cc, bcc] + |> Enum.concat() + |> Enum.map(&User.get_cached_by_ap_id/1) |> Enum.filter(fn user -> user && !user.local end) end From 23276e8d6848fa8eae390c16b6e0619c12546e4a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 13 May 2019 16:15:14 +0700 Subject: [PATCH 02/29] Use pseudo ap id of a list in BCC --- lib/pleroma/list.ex | 32 ++++++++++++++ lib/pleroma/web/activity_pub/activity_pub.ex | 46 ++++++++++++++++---- lib/pleroma/web/common_api/common_api.ex | 8 ++-- lib/pleroma/web/common_api/utils.ex | 11 +---- lib/pleroma/web/salmon/salmon.ex | 19 ++++++-- 5 files changed, 92 insertions(+), 24 deletions(-) diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index a5b1cad68..81b842e9c 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -12,6 +12,8 @@ defmodule Pleroma.List do alias Pleroma.Repo alias Pleroma.User + @ap_id_regex ~r/^\/users\/(?\w+)\/lists\/(?\d+)/ + schema "lists" do belongs_to(:user, User, type: Pleroma.FlakeId) field(:title, :string) @@ -32,6 +34,12 @@ def follow_changeset(list, attrs \\ %{}) do |> validate_required([:following]) end + def ap_id(%User{nickname: nickname}, list_id) do + Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" + end + + def ap_id({nickname, list_id}), do: ap_id(%User{nickname: nickname}, list_id) + def for_user(user, _opts) do query = from( @@ -55,6 +63,19 @@ def get(id, %{id: user_id} = _user) do Repo.one(query) end + def get_by_ap_id(ap_id) do + host = Pleroma.Web.Endpoint.host() + + with %{host: ^host, path: path} <- URI.parse(ap_id), + %{"list_id" => list_id, "nickname" => nickname} <- + Regex.named_captures(@ap_id_regex, path), + %User{} = user <- User.get_cached_by_nickname(nickname) do + get(list_id, user) + else + _ -> nil + end + end + def get_following(%Pleroma.List{following: following} = _list) do q = from( @@ -125,4 +146,15 @@ def update_follows(%Pleroma.List{} = list, attrs) do |> follow_changeset(attrs) |> Repo.update() end + + def memberships(%User{follower_address: follower_address}) do + Pleroma.List + |> where([l], ^follower_address in l.following) + |> join(:inner, [l], u in User, on: l.user_id == u.id) + |> select([l, u], {u.nickname, l.id}) + |> Repo.all() + |> Enum.map(&ap_id/1) + end + + def memberships(_), do: [] end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 84d7f47b1..3b71e0369 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -783,9 +783,7 @@ defp maybe_preload_objects(query, _) do end def fetch_activities_query(recipients, opts \\ %{}) do - base_query = from(activity in Activity) - - base_query + Activity |> maybe_preload_objects(opts) |> restrict_recipients(recipients, opts["user"]) |> restrict_tag(opts) @@ -807,9 +805,29 @@ def fetch_activities_query(recipients, opts \\ %{}) do end def fetch_activities(recipients, opts \\ %{}) do - fetch_activities_query(recipients, opts) + list_memberships = Pleroma.List.memberships(opts["user"]) + + fetch_activities_query(recipients ++ list_memberships, opts) |> Pagination.fetch_paginated(opts) |> Enum.reverse() + |> maybe_update_cc(list_memberships, opts["user"]) + end + + defp maybe_update_cc(activities, [], _), do: activities + defp maybe_update_cc(activities, _, nil), do: activities + + defp maybe_update_cc(activities, list_memberships, user) do + Enum.map(activities, fn + %{data: %{"bcc" => bcc}} = activity when is_list(bcc) -> + if Enum.any?(bcc, &(&1 in list_memberships)) do + update_in(activity.data["cc"], &[user.ap_id | &1]) + else + activity + end + + activity -> + activity + end) end def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do @@ -917,13 +935,23 @@ def should_federate?(inbox, public) do end defp recipients(actor, activity) do - Pleroma.Web.Salmon.remote_users(activity) ++ + followers = if actor.follower_address in activity.recipients do {:ok, followers} = User.get_followers(actor) - followers |> Enum.filter(&(!&1.local)) + Enum.filter(followers, &(!&1.local)) else [] end + + Pleroma.Web.Salmon.remote_users(actor, activity) ++ followers + end + + defp get_cc_ap_ids(ap_id, recipients) do + host = Map.get(URI.parse(ap_id), :host) + + recipients + |> Enum.filter(fn %User{ap_id: ap_id} -> Map.get(URI.parse(ap_id), :host) == host end) + |> Enum.map(& &1.ap_id) end def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bcc != [] do @@ -938,12 +966,14 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) |> Instances.filter_reachable() |> Enum.each(fn {inbox, unreachable_since} -> - %User{ap_id: cc} = + %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + cc = get_cc_ap_ids(ap_id, recipients) + json = data - |> Map.put("cc", [cc]) + |> Map.put("cc", cc) |> Map.put("directMessage", true) |> Jason.encode!() diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 4ca59110f..d47d5788c 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -153,7 +153,7 @@ def post(user, %{"status" => status} = data) do visibility ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), - {:ok, bcc} <- bcc_for_list(user, visibility), + bcc <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -197,7 +197,7 @@ def update(user) do user = with emoji <- emoji_from_profile(user), source_data <- (user.info.source_data || %{}) |> Map.put("tag", emoji), - info_cng <- Pleroma.User.Info.set_source_data(user.info, source_data), + info_cng <- User.Info.set_source_data(user.info, source_data), change <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), {:ok, user} <- User.update_and_set_cache(change) do user @@ -230,7 +230,7 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do } = activity <- get_by_id_or_ap_id(id_or_ap_id), true <- Enum.member?(object_to, "https://www.w3.org/ns/activitystreams#Public"), %{valid?: true} = info_changeset <- - Pleroma.User.Info.add_pinnned_activity(user.info, activity), + User.Info.add_pinnned_activity(user.info, activity), changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset), {:ok, _user} <- User.update_and_set_cache(changeset) do @@ -247,7 +247,7 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do def unpin(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), %{valid?: true} = info_changeset <- - Pleroma.User.Info.remove_pinnned_activity(user.info, activity), + User.Info.remove_pinnned_activity(user.info, activity), changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset), {:ok, _user} <- User.update_and_set_cache(changeset) do diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 83a745b58..32c3b4b98 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -8,7 +8,6 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter - alias Pleroma.List alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -106,16 +105,10 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} def bcc_for_list(user, {:list, list_id}) do - with {_, %List{} = list} <- {:list, List.get(list_id, user)}, - {:ok, following} <- List.get_following(list) do - {:ok, Enum.map(following, & &1.ap_id)} - else - {:list, _} -> {:error, "List not found"} - err -> err - end + [Pleroma.List.ap_id(user, list_id)] end - def bcc_for_list(_, _), do: {:ok, []} + def bcc_for_list(_, _), do: [] def make_content_html( status, diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 4d89f4bdb..ca51255f3 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -156,9 +156,22 @@ def encode(private_key, doc) do {:ok, salmon} end - def remote_users(%{data: %{"to" => to} = data}) do + def remote_users(%User{id: user_id}, %{data: %{"to" => to} = data}) do cc = Map.get(data, "cc", []) - bcc = Map.get(data, "bcc", []) + + bcc = + data + |> Map.get("bcc", []) + |> Enum.reduce([], fn ap_id, bcc -> + case Pleroma.List.get_by_ap_id(ap_id) do + %Pleroma.List{user_id: ^user_id} = list -> + {:ok, following} = Pleroma.List.get_following(list) + bcc ++ Enum.map(following, & &1.ap_id) + + _ -> + bcc + end + end) [to, cc, bcc] |> Enum.concat() @@ -220,7 +233,7 @@ def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity {:ok, private, _} = keys_from_pem(keys) {:ok, feed} = encode(private, feed) - remote_users = remote_users(activity) + remote_users = remote_users(user, activity) salmon_urls = Enum.map(remote_users, & &1.info.salmon) reachable_urls_metadata = Instances.filter_reachable(salmon_urls) From d474995efa83e03f8aeaf57c1437aaa483960f7a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:12:47 +0700 Subject: [PATCH 03/29] Add Tests --- test/list_test.exs | 29 +++++++++++++++++++ test/web/activity_pub/activity_pub_test.exs | 14 +++++++++ test/web/activity_pub/transmogrifier_test.exs | 12 ++++++++ test/web/common_api/common_api_test.exs | 13 +++++++++ 4 files changed, 68 insertions(+) diff --git a/test/list_test.exs b/test/list_test.exs index 1909c0cd9..0e72b6660 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -113,4 +113,33 @@ test "getting own lists a given user belongs to" do assert owned_list in lists_2 refute not_owned_list in lists_2 end + + test "get ap_id by user nickname and list id" do + nickname = "foo" + list_id = 42 + + expected = Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" + + assert Pleroma.List.ap_id(%Pleroma.User{nickname: nickname}, list_id) == expected + assert Pleroma.List.ap_id({nickname, list_id}) == expected + end + + test "get by ap_id" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + ap_id = Pleroma.List.ap_id(user, list.id) + + assert Pleroma.List.get_by_ap_id(ap_id) == list + end + + test "memberships" do + user = insert(:user) + member = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + assert Pleroma.List.memberships(member) == [list_ap_id] + end end diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 0f90aa1ac..e38de388b 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1156,6 +1156,20 @@ test "it can create a Flag activity" do end end + test "fetch_activities/2 returns activities addressed to a list " do + user = insert(:user) + member = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + activity = Repo.preload(activity, :bookmark) + + assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity] + end + def data_uri do File.read!("test/fixtures/avatar_data_uri") end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index c24b50f8c..e93189df6 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -1028,6 +1028,18 @@ test "the directMessage flag is present" do assert modified["directMessage"] == true end + + test "it strips BCC field" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert is_nil(modified["bcc"]) + end end describe "user upgrade" do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index a5b07c446..11f3c8357 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -87,6 +87,19 @@ test "it filters out obviously bad tags when accepting a post as Markdown" do assert object.data["content"] == "

2hu

alert('xss')" end + + test "it allows to address a list" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + assert activity.data["bcc"] == [list_ap_id] + assert activity.recipients == [list_ap_id, user.ap_id] + end end describe "reactions" do From 8feea72781e5813941d986effe785cae6a5dee90 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:14:51 +0700 Subject: [PATCH 04/29] Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c0baa317..2fadb5f18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - OAuth: added support for refresh tokens - Emoji packs and emoji pack manager - AdminFE: initial release with basic user management accessible at /pleroma/admin/ +- Addressable lists ### Changed - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer From fc9b4410c4182747fbcbc2cbe2b94090c887b96f Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:27:40 +0700 Subject: [PATCH 05/29] Add documentation --- docs/api/differences_in_mastoapi_responses.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 36b47608e..946e0e885 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -69,6 +69,7 @@ Additional parameters can be added to the JSON body/Form data: - `preview`: boolean, if set to `true` the post won't be actually posted, but the status entitiy would still be rendered back. This could be useful for previewing rich text/custom emoji, for example. - `content_type`: string, contain the MIME type of the status, it is transformed into HTML by the backend. You can get the list of the supported MIME types with the nodeinfo endpoint. +- `visibility`: string, besides standard MastoAPI values (`direct`, `private`, `unlisted` or `public`) it can be used to address a List by setting it to `list:LIST_ID`. ## PATCH `/api/v1/update_credentials` From f2936e0a0723956c167a06dc51518da172a508b2 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 17 May 2019 19:56:37 +0700 Subject: [PATCH 06/29] Add `ap_id` to List --- lib/pleroma/list.ex | 33 +++++++------------ lib/pleroma/web/common_api/utils.ex | 3 +- .../20190516112144_add_ap_id_to_lists.exs | 26 +++++++++++++++ test/list_test.exs | 18 ++-------- test/web/common_api/common_api_test.exs | 6 ++-- 5 files changed, 43 insertions(+), 43 deletions(-) create mode 100644 priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 81b842e9c..16955b3b5 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -12,12 +12,11 @@ defmodule Pleroma.List do alias Pleroma.Repo alias Pleroma.User - @ap_id_regex ~r/^\/users\/(?\w+)\/lists\/(?\d+)/ - schema "lists" do belongs_to(:user, User, type: Pleroma.FlakeId) field(:title, :string) field(:following, {:array, :string}, default: []) + field(:ap_id, :string) timestamps() end @@ -34,12 +33,6 @@ def follow_changeset(list, attrs \\ %{}) do |> validate_required([:following]) end - def ap_id(%User{nickname: nickname}, list_id) do - Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" - end - - def ap_id({nickname, list_id}), do: ap_id(%User{nickname: nickname}, list_id) - def for_user(user, _opts) do query = from( @@ -64,16 +57,7 @@ def get(id, %{id: user_id} = _user) do end def get_by_ap_id(ap_id) do - host = Pleroma.Web.Endpoint.host() - - with %{host: ^host, path: path} <- URI.parse(ap_id), - %{"list_id" => list_id, "nickname" => nickname} <- - Regex.named_captures(@ap_id_regex, path), - %User{} = user <- User.get_cached_by_nickname(nickname) do - get(list_id, user) - else - _ -> nil - end + Repo.get_by(__MODULE__, ap_id: ap_id) end def get_following(%Pleroma.List{following: following} = _list) do @@ -126,7 +110,14 @@ def rename(%Pleroma.List{} = list, title) do def create(title, %User{} = creator) do list = %Pleroma.List{user_id: creator.id, title: title} - Repo.insert(list) + + Repo.transaction(fn -> + list = Repo.insert!(list) + + list + |> change(ap_id: "#{creator.ap_id}/lists/#{list.id}") + |> Repo.update!() + end) end def follow(%Pleroma.List{following: following} = list, %User{} = followed) do @@ -150,10 +141,8 @@ def update_follows(%Pleroma.List{} = list, attrs) do def memberships(%User{follower_address: follower_address}) do Pleroma.List |> where([l], ^follower_address in l.following) - |> join(:inner, [l], u in User, on: l.user_id == u.id) - |> select([l, u], {u.nickname, l.id}) + |> select([l], l.ap_id) |> Repo.all() - |> Enum.map(&ap_id/1) end def memberships(_), do: [] diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index f082b77d8..ba6ed67ef 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -105,7 +105,8 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} def bcc_for_list(user, {:list, list_id}) do - [Pleroma.List.ap_id(user, list_id)] + list = Pleroma.List.get(list_id, user) + [list.ap_id] end def bcc_for_list(_, _), do: [] diff --git a/priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs b/priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs new file mode 100644 index 000000000..3c32bc355 --- /dev/null +++ b/priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs @@ -0,0 +1,26 @@ +defmodule Pleroma.Repo.Migrations.AddApIdToLists do + use Ecto.Migration + + def up do + alter table(:lists) do + add(:ap_id, :string) + end + + execute(""" + UPDATE lists + SET ap_id = u.ap_id || '/lists/' || lists.id + FROM users AS u + WHERE lists.user_id = u.id + """) + + create(unique_index(:lists, :ap_id)) + end + + def down do + drop(index(:lists, [:ap_id])) + + alter table(:lists) do + remove(:ap_id) + end + end +end diff --git a/test/list_test.exs b/test/list_test.exs index 0e72b6660..6c5c6b197 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -114,22 +114,10 @@ test "getting own lists a given user belongs to" do refute not_owned_list in lists_2 end - test "get ap_id by user nickname and list id" do - nickname = "foo" - list_id = 42 - - expected = Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" - - assert Pleroma.List.ap_id(%Pleroma.User{nickname: nickname}, list_id) == expected - assert Pleroma.List.ap_id({nickname, list_id}) == expected - end - test "get by ap_id" do user = insert(:user) {:ok, list} = Pleroma.List.create("foo", user) - ap_id = Pleroma.List.ap_id(user, list.id) - - assert Pleroma.List.get_by_ap_id(ap_id) == list + assert Pleroma.List.get_by_ap_id(list.ap_id) == list end test "memberships" do @@ -138,8 +126,6 @@ test "memberships" do {:ok, list} = Pleroma.List.create("foo", user) {:ok, list} = Pleroma.List.follow(list, member) - list_ap_id = Pleroma.List.ap_id(user, list.id) - - assert Pleroma.List.memberships(member) == [list_ap_id] + assert Pleroma.List.memberships(member) == [list.ap_id] end end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 23e89d685..84744e5af 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -114,13 +114,11 @@ test "it allows to address a list" do user = insert(:user) {:ok, list} = Pleroma.List.create("foo", user) - list_ap_id = Pleroma.List.ap_id(user, list.id) - {:ok, activity} = CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) - assert activity.data["bcc"] == [list_ap_id] - assert activity.recipients == [list_ap_id, user.ap_id] + assert activity.data["bcc"] == [list.ap_id] + assert activity.recipients == [list.ap_id, user.ap_id] end end From 3b71612d3d8b5e2ad53bda4399eb7f687cd6c30e Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Sat, 18 May 2019 01:17:14 +0700 Subject: [PATCH 07/29] Improve Pleroma.Web.ActivityPub.ActivityPub.maybe_update_cc/3 --- lib/pleroma/web/activity_pub/activity_pub.ex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 048b9202b..8a5b3b8b4 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -881,14 +881,12 @@ def fetch_activities(recipients, opts \\ %{}) do |> maybe_update_cc(list_memberships, opts["user"]) end - defp maybe_update_cc(activities, [], _), do: activities - defp maybe_update_cc(activities, _, nil), do: activities - - defp maybe_update_cc(activities, list_memberships, user) do + defp maybe_update_cc(activities, list_memberships, %User{ap_id: user_ap_id}) + when is_list(list_memberships) and length(list_memberships) > 0 do Enum.map(activities, fn - %{data: %{"bcc" => bcc}} = activity when is_list(bcc) -> + %{data: %{"bcc" => bcc}} = activity when is_list(bcc) and length(bcc) > 0 -> if Enum.any?(bcc, &(&1 in list_memberships)) do - update_in(activity.data["cc"], &[user.ap_id | &1]) + update_in(activity.data["cc"], &[user_ap_id | &1]) else activity end @@ -898,6 +896,8 @@ defp maybe_update_cc(activities, list_memberships, user) do end) end + defp maybe_update_cc(activities, _, _), do: activities + def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do fetch_activities_query([], opts) |> restrict_to_cc(recipients_to, recipients_cc) From a7affbdd6d46caddea05ee6b34e0b2a24a62e721 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 24 May 2019 21:41:11 +0700 Subject: [PATCH 08/29] Fix tests --- test/web/activity_pub/activity_pub_test.exs | 1 + 1 file changed, 1 insertion(+) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 5d0d5a40e..23b11d015 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1193,6 +1193,7 @@ test "fetch_activities/2 returns activities addressed to a list " do CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) activity = Repo.preload(activity, :bookmark) + activity = %Activity{activity | thread_muted?: !!activity.thread_muted?} assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity] end From ddd4a09b72ede65345ddf45a68eb239b54eda86c Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 5 Jun 2019 17:55:00 +0700 Subject: [PATCH 09/29] Fix merge conflict --- lib/pleroma/web/common_api/utils.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 22ce1ea90..6c9e117ae 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -98,6 +98,8 @@ def get_to_and_cc(_user, mentioned_users, inReplyTo, "direct") do end end + def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []} + def get_addressed_users(_, to) when is_list(to) do User.get_ap_ids_by_nicknames(to) end From 958fb9aa8082eabf63b106007b3bef09847cafc6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 16:36:08 +0700 Subject: [PATCH 10/29] Add "listMessage" --- lib/pleroma/web/activity_pub/publisher.ex | 1 - lib/pleroma/web/common_api/common_api.ex | 26 +++++++++++++---------- lib/pleroma/web/common_api/utils.ex | 15 +++++++++---- test/web/common_api/common_api_test.exs | 1 + 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index b7dc90caa..ffdd33351 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -136,7 +136,6 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc json = data |> Map.put("cc", cc) - |> Map.put("directMessage", true) |> Jason.encode!() Pleroma.Web.Federator.Publisher.enqueue_one(__MODULE__, %{ diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8e3892bdf..1c47a31d7 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -215,7 +215,6 @@ def post(user, %{"status" => status} = data) do addressed_users <- get_addressed_users(mentioned_users, data["to"]), {poll, poll_emoji} <- make_poll_data(data), {to, cc} <- get_to_and_cc(user, addressed_users, in_reply_to, visibility), - bcc <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"] || "", sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}), @@ -241,16 +240,21 @@ def post(user, %{"status" => status} = data) do "emoji", Map.merge(Formatter.get_emoji_map(full_payload), poll_emoji) ) do - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) + preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + direct? = visibility == "direct" + + additional_data = + %{"cc" => cc, "directMessage" => direct?} |> maybe_add_list_data(user, visibility) + + params = %{ + to: to, + actor: user, + context: context, + object: object, + additional: additional_data + } + + ActivityPub.create(params, preview?) else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index d4bfdd7e4..94b2c50fc 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -108,12 +108,19 @@ def get_addressed_users(_, to) when is_list(to) do def get_addressed_users(mentioned_users, _), do: mentioned_users - def bcc_for_list(user, {:list, list_id}) do - list = Pleroma.List.get(list_id, user) - [list.ap_id] + def maybe_add_list_data(additional_data, user, {:list, list_id}) do + case Pleroma.List.get(list_id, user) do + %Pleroma.List{} = list -> + additional_data + |> Map.put("listMessage", list.ap_id) + |> Map.put("bcc", [list.ap_id]) + + _ -> + additional_data + end end - def bcc_for_list(_, _), do: [] + def maybe_add_list_data(additional_data, _, _), do: additional_data def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data) when is_list(options) do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 694b52356..932c6877d 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -139,6 +139,7 @@ test "it allows to address a list" do assert activity.data["bcc"] == [list.ap_id] assert activity.recipients == [list.ap_id, user.ap_id] + assert activity.data["listMessage"] == list.ap_id end end From 9e06873d58e031a0f90c6a4d436a6abb5f1ebbae Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 19:29:24 +0700 Subject: [PATCH 11/29] Add `list` to Visibility --- lib/pleroma/list.ex | 6 ++ lib/pleroma/web/activity_pub/visibility.ex | 16 +++++ test/list_test.exs | 11 ++++ test/web/activity_pub/visibilty_test.exs | 72 +++++++++++++++++++--- 4 files changed, 98 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 16955b3b5..1d320206e 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -146,4 +146,10 @@ def memberships(%User{follower_address: follower_address}) do end def memberships(_), do: [] + + def member?(%Pleroma.List{following: following}, %User{follower_address: follower_address}) do + Enum.member?(following, follower_address) + end + + def member?(_, _), do: false end diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex index 9908a2e75..e0282d758 100644 --- a/lib/pleroma/web/activity_pub/visibility.ex +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -34,6 +34,19 @@ def is_direct?(activity) do !is_public?(activity) && !is_private?(activity) end + def is_list?(%{data: %{"listMessage" => _}}), do: true + def is_list?(_), do: false + + def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true + + def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do + list_ap_id + |> Pleroma.List.get_by_ap_id() + |> Pleroma.List.member?(user) + end + + def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false + def visible_for_user?(activity, nil) do is_public?(activity) end @@ -73,6 +86,9 @@ def get_visibility(object) do object.data["directMessage"] == true -> "direct" + is_binary(object.data["listMessage"]) -> + "list" + length(cc) > 0 -> "private" diff --git a/test/list_test.exs b/test/list_test.exs index 6c5c6b197..f39033d02 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -128,4 +128,15 @@ test "memberships" do assert Pleroma.List.memberships(member) == [list.ap_id] end + + test "member?" do + user = insert(:user) + member = insert(:user) + + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + assert Pleroma.List.member?(list, member) + refute Pleroma.List.member?(list, user) + end end diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs index 4d5c07da4..2ce6928c4 100644 --- a/test/web/activity_pub/visibilty_test.exs +++ b/test/web/activity_pub/visibilty_test.exs @@ -16,6 +16,9 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do following = insert(:user) unrelated = insert(:user) {:ok, following} = Pleroma.User.follow(following, user) + {:ok, list} = Pleroma.List.create("foo", user) + + Pleroma.List.follow(list, unrelated) {:ok, public} = CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "public"}) @@ -29,6 +32,12 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do {:ok, unlisted} = CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "unlisted"}) + {:ok, list} = + CommonAPI.post(user, %{ + "status" => "@#{mentioned.nickname}", + "visibility" => "list:#{list.id}" + }) + %{ public: public, private: private, @@ -37,29 +46,65 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do user: user, mentioned: mentioned, following: following, - unrelated: unrelated + unrelated: unrelated, + list: list } end - test "is_direct?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_direct?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do assert Visibility.is_direct?(direct) refute Visibility.is_direct?(public) refute Visibility.is_direct?(private) refute Visibility.is_direct?(unlisted) + assert Visibility.is_direct?(list) end - test "is_public?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_public?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do refute Visibility.is_public?(direct) assert Visibility.is_public?(public) refute Visibility.is_public?(private) assert Visibility.is_public?(unlisted) + refute Visibility.is_public?(list) end - test "is_private?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_private?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do refute Visibility.is_private?(direct) refute Visibility.is_private?(public) assert Visibility.is_private?(private) refute Visibility.is_private?(unlisted) + refute Visibility.is_private?(list) + end + + test "is_list?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do + refute Visibility.is_list?(direct) + refute Visibility.is_list?(public) + refute Visibility.is_list?(private) + refute Visibility.is_list?(unlisted) + assert Visibility.is_list?(list) end test "visible_for_user?", %{ @@ -70,7 +115,8 @@ test "visible_for_user?", %{ user: user, mentioned: mentioned, following: following, - unrelated: unrelated + unrelated: unrelated, + list: list } do # All visible to author @@ -78,13 +124,15 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(private, user) assert Visibility.visible_for_user?(unlisted, user) assert Visibility.visible_for_user?(direct, user) + assert Visibility.visible_for_user?(list, user) - # All visible to a mentioned user + # All visible to a mentioned user, except when it's a list activity assert Visibility.visible_for_user?(public, mentioned) assert Visibility.visible_for_user?(private, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(direct, mentioned) + refute(Visibility.visible_for_user?(list, mentioned)) # DM not visible for just follower @@ -92,6 +140,7 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(private, following) assert Visibility.visible_for_user?(unlisted, following) refute Visibility.visible_for_user?(direct, following) + refute Visibility.visible_for_user?(list, following) # Public and unlisted visible for unrelated user @@ -99,6 +148,9 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(unlisted, unrelated) refute Visibility.visible_for_user?(private, unrelated) refute Visibility.visible_for_user?(direct, unrelated) + + # Visible for a list member + assert Visibility.visible_for_user?(list, unrelated) end test "doesn't die when the user doesn't exist", @@ -115,18 +167,24 @@ test "get_visibility", %{ public: public, private: private, direct: direct, - unlisted: unlisted + unlisted: unlisted, + list: list } do assert Visibility.get_visibility(public) == "public" assert Visibility.get_visibility(private) == "private" assert Visibility.get_visibility(direct) == "direct" assert Visibility.get_visibility(unlisted) == "unlisted" + assert Visibility.get_visibility(list) == "list" end test "get_visibility with directMessage flag" do assert Visibility.get_visibility(%{data: %{"directMessage" => true}}) == "direct" end + test "get_visibility with listMessage flag" do + assert Visibility.get_visibility(%{data: %{"listMessage" => ""}}) == "list" + end + describe "entire_thread_visible_for_user?/2" do test "returns false if not found activity", %{user: user} do refute Visibility.entire_thread_visible_for_user?(%Activity{}, user) From 9991254c064c63e3d45786379953414c8a26073a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 20:17:03 +0700 Subject: [PATCH 12/29] Update CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff0cb8740..3403ce64e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ Configuration: `federation_incoming_replies_max_depth` option - Added synchronization of following/followers counters for external users - Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`. - Mastodon API: Add support for categories for custom emojis by reusing the group feature. +- Addressable lists ## [1.0.0] - 2019-06-29 ### Security @@ -89,7 +90,6 @@ Configuration: `federation_incoming_replies_max_depth` option - MRF: Support for rejecting reports from specific instances (`mrf_simple`) - MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`) - MRF: Support for running subchains. -- Addressable lists - Configuration: `skip_thread_containment` option - Configuration: `rate_limit` option. See `Pleroma.Plugs.RateLimiter` documentation for details. - MRF: Support for filtering out likely spam messages by rejecting posts from new users that contain links. From f8e3ae61545de45ce4dd395471149ed1e71e0343 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Fri, 12 Jul 2019 22:19:30 +0545 Subject: [PATCH 13/29] try to always match the filename for proxy url --- lib/pleroma/web/media_proxy/controller.ex | 7 ++++++- test/media_proxy_test.exs | 11 +++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index ea33d7685..a711b54e9 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -30,10 +30,15 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do def filename_matches(has_filename, path, url) do filename = url |> MediaProxy.filename() - if has_filename && filename && Path.basename(path) != filename do + if has_filename && filename && does_not_match(path, filename) do {:wrong_filename, filename} else :ok end end + + defp does_not_match(path, filename) do + basename = Path.basename(path) + basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename + end end diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs index fbf200931..176b09914 100644 --- a/test/media_proxy_test.exs +++ b/test/media_proxy_test.exs @@ -108,6 +108,17 @@ test "filename_matches preserves the encoded or decoded path" do ) == :ok end + test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do + # conn.request_path will return encoded url + request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" + + assert MediaProxyController.filename_matches( + true, + request_path, + "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" + ) == :ok + end + test "uses the configured base_url" do base_url = Pleroma.Config.get([:media_proxy, :base_url]) From f98f7ad1b9c1aede0ddefecfefb73919564d73ed Mon Sep 17 00:00:00 2001 From: Moonman Date: Sun, 14 Jul 2019 09:48:42 -0700 Subject: [PATCH 14/29] detect and use sha512-crypt for stored password hash. --- lib/pleroma/plugs/authentication_plug.ex | 13 +++++++++++++ lib/pleroma/web/auth/pleroma_authenticator.ex | 4 ++-- lib/pleroma/web/common_api/utils.ex | 4 ++-- .../web/twitter_api/controllers/util_controller.ex | 4 ++-- 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index da4ed4226..48dc1f818 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -6,11 +6,24 @@ defmodule Pleroma.Plugs.AuthenticationPlug do alias Comeonin.Pbkdf2 import Plug.Conn alias Pleroma.User + require Logger def init(options) do options end + def checkpw(password, password_hash) do + cond do + String.starts_with?(password_hash, "$pbkdf2") -> + Pbkdf2.checkpw(password, password_hash) + String.starts_with?(password_hash, "$6") -> + :crypt.crypt(password, password_hash) == password_hash + true -> + Logger.error("Password hash not recognized") + false + end + end + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call( diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index a9164ad98..f4234b743 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Auth.PleromaAuthenticator do - alias Comeonin.Pbkdf2 + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Registration alias Pleroma.Repo alias Pleroma.User @@ -16,7 +16,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do def get_user(%Plug.Conn{} = conn) do with {:ok, {name, password}} <- fetch_credentials(conn), {_, %User{} = user} <- {:user, fetch_user(name)}, - {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do + {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)} do {:ok, user} else error -> diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 8e482eef7..e013188cf 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -6,11 +6,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do import Pleroma.Web.Gettext alias Calendar.Strftime - alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter alias Pleroma.Object + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.ActivityPub.Utils @@ -371,7 +371,7 @@ defp shortname(name) do def confirm_current_password(user, password) do with %User{local: true} = db_user <- User.get_cached_by_id(user.id), - true <- Pbkdf2.checkpw(password, db_user.password_hash) do + true <- AuthenticationPlug.checkpw(password, db_user.password_hash) do {:ok, db_user} else _ -> {:error, dgettext("errors", "Invalid password.")} diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index b1863528f..c10c66ff2 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -7,10 +7,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do require Logger - alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Emoji alias Pleroma.Notification + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.User alias Pleroma.Web alias Pleroma.Web.ActivityPub.ActivityPub @@ -96,7 +96,7 @@ def do_remote_follow(conn, %{ name = followee.nickname with %User{} = user <- User.get_cached_by_nickname(username), - true <- Pbkdf2.checkpw(password, user.password_hash), + true <- AuthenticationPlug.checkpw(password, user.password_hash), %User{} = _followed <- User.get_cached_by_id(id), {:ok, follower} <- User.follow(user, followee), {:ok, _activity} <- ActivityPub.follow(follower, followee) do From a87c313309b73ced5970c59d00117c357f51fecb Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:00:29 +0700 Subject: [PATCH 15/29] Support `list` visibility in StatusView --- lib/pleroma/web/common_api/common_api.ex | 11 ++++------- lib/pleroma/web/common_api/utils.ex | 13 +++++++------ test/web/mastodon_api/status_view_test.exs | 13 +++++++++++++ 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 1c47a31d7..f764e87af 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -243,18 +243,15 @@ def post(user, %{"status" => status} = data) do preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false direct? = visibility == "direct" - additional_data = - %{"cc" => cc, "directMessage" => direct?} |> maybe_add_list_data(user, visibility) - - params = %{ + %{ to: to, actor: user, context: context, object: object, - additional: additional_data + additional: %{"cc" => cc, "directMessage" => direct?} } - - ActivityPub.create(params, preview?) + |> maybe_add_list_data(user, visibility) + |> ActivityPub.create(preview?) else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 94b2c50fc..fed5f9de7 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -108,19 +108,20 @@ def get_addressed_users(_, to) when is_list(to) do def get_addressed_users(mentioned_users, _), do: mentioned_users - def maybe_add_list_data(additional_data, user, {:list, list_id}) do + def maybe_add_list_data(activity_params, user, {:list, list_id}) do case Pleroma.List.get(list_id, user) do %Pleroma.List{} = list -> - additional_data - |> Map.put("listMessage", list.ap_id) - |> Map.put("bcc", [list.ap_id]) + activity_params + |> put_in([:additional, "bcc"], [list.ap_id]) + |> put_in([:additional, "listMessage"], list.ap_id) + |> put_in([:object, "listMessage"], list.ap_id) _ -> - additional_data + activity_params end end - def maybe_add_list_data(additional_data, _, _), do: additional_data + def maybe_add_list_data(activity_params, _, _), do: activity_params def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data) when is_list(options) do diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index ac42819d8..995bd52c8 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -541,4 +541,17 @@ test "embeds a relationship in the account in reposts" do assert result[:reblog][:account][:pleroma][:relationship] == AccountView.render("relationship.json", %{user: user, target: user}) end + + test "visibility/list" do + user = insert(:user) + + {:ok, list} = Pleroma.List.create("foo", user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + status = StatusView.render("status.json", activity: activity) + + assert status.visibility == "list" + end end From d86a97abfb1ef32fbe76f455e8dce4ec429696b6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:20:31 +0700 Subject: [PATCH 16/29] Add an explanation comment to Publisher.publish/2 --- lib/pleroma/web/activity_pub/publisher.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index ffdd33351..18145e45f 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -131,6 +131,8 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + # Get all the recipients on the same host and add them to cc. Otherwise it a remote + # instance would only accept a first message for the first recipient and ignore the rest. cc = get_cc_ap_ids(ap_id, recipients) json = From 0c66bb5857ca5c67630f07ff25878aaa70f3ce4b Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:27:56 +0700 Subject: [PATCH 17/29] Update documentation --- docs/api/differences_in_mastoapi_responses.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 03917fffc..d2e9bcc4b 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -16,9 +16,11 @@ Adding the parameter `with_muted=true` to the timeline queries will also return ## Statuses +- `visibility`: has an additional possible value `list` + Has these additional fields under the `pleroma` object: -- `local`: true if the post was made on the local instance. +- `local`: true if the post was made on the local instance - `conversation_id`: the ID of the conversation the status is associated with (if any) - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` From 04f18a144bdbb58f0fc774ea5530029f166b6821 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:29:13 +0700 Subject: [PATCH 18/29] Add `listMessage` to to the JSON-LD context --- priv/static/schemas/litepub-0.1.jsonld | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/priv/static/schemas/litepub-0.1.jsonld b/priv/static/schemas/litepub-0.1.jsonld index f36b231c5..57ed05eba 100644 --- a/priv/static/schemas/litepub-0.1.jsonld +++ b/priv/static/schemas/litepub-0.1.jsonld @@ -20,6 +20,10 @@ "sensitive": "as:sensitive", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", + "listMessage": { + "@id": "litepub:listMessage", + "@type": "@id" + }, "oauthRegistrationEndpoint": { "@id": "litepub:oauthRegistrationEndpoint", "@type": "@id" From d302fcaa6181cb6e2df890b724d871cb86d1e27b Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 15 Jul 2019 16:47:39 +0900 Subject: [PATCH 19/29] Dependencies: Update tzdata and related packages. --- mix.exs | 1 + mix.lock | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mix.exs b/mix.exs index aa4440351..a26bb6202 100644 --- a/mix.exs +++ b/mix.exs @@ -95,6 +95,7 @@ defp oauth_deps do defp deps do [ {:phoenix, "~> 1.4.8"}, + {:tzdata, "~> 1.0"}, {:plug_cowboy, "~> 2.0"}, {:phoenix_pubsub, "~> 1.1"}, {:phoenix_ecto, "~> 4.0"}, diff --git a/mix.lock b/mix.lock index 9c0fd0e98..dcbf80f01 100644 --- a/mix.lock +++ b/mix.lock @@ -6,7 +6,7 @@ "benchee": {:hex, :benchee, "1.0.1", "66b211f9bfd84bd97e6d1beaddf8fc2312aaabe192f776e8931cb0c16f53a521", [:mix], [{:deep_merge, "~> 1.0", [hex: :deep_merge, repo: "hexpm", optional: false]}], "hexpm"}, "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm"}, "cachex": {:hex, :cachex, "3.0.2", "1351caa4e26e29f7d7ec1d29b53d6013f0447630bbf382b4fb5d5bad0209f203", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm"}, - "calendar": {:hex, :calendar, "0.17.4", "22c5e8d98a4db9494396e5727108dffb820ee0d18fed4b0aa8ab76e4f5bc32f1", [:mix], [{:tzdata, "~> 0.5.8 or ~> 0.1.201603", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, + "calendar": {:hex, :calendar, "0.17.6", "ec291cb2e4ba499c2e8c0ef5f4ace974e2f9d02ae9e807e711a9b0c7850b9aee", [:mix], [{:tzdata, "~> 0.5.20 or ~> 0.1.201603 or ~> 1.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm"}, "comeonin": {:hex, :comeonin, "4.1.1", "c7304fc29b45b897b34142a91122bc72757bc0c295e9e824999d5179ffc08416", [:mix], [{:argon2_elixir, "~> 1.2", [hex: :argon2_elixir, repo: "hexpm", optional: true]}, {:bcrypt_elixir, "~> 0.12.1 or ~> 1.0", [hex: :bcrypt_elixir, repo: "hexpm", optional: true]}, {:pbkdf2_elixir, "~> 0.12", [hex: :pbkdf2_elixir, repo: "hexpm", optional: true]}], "hexpm"}, @@ -82,9 +82,9 @@ "syslog": {:git, "https://github.com/Vagabond/erlang-syslog.git", "4a6c6f2c996483e86c1320e9553f91d337bcb6aa", [tag: "1.0.5"]}, "telemetry": {:hex, :telemetry, "0.4.0", "8339bee3fa8b91cb84d14c2935f8ecf399ccd87301ad6da6b71c09553834b2ab", [:rebar3], [], "hexpm"}, "tesla": {:hex, :tesla, "1.2.1", "864783cc27f71dd8c8969163704752476cec0f3a51eb3b06393b3971dc9733ff", [:mix], [{:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "~> 4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm"}, - "timex": {:hex, :timex, "3.5.0", "b0a23167da02d0fe4f1a4e104d1f929a00d348502b52432c05de875d0b9cffa5", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, + "timex": {:hex, :timex, "3.6.1", "efdf56d0e67a6b956cc57774353b0329c8ab7726766a11547e529357ffdc1d56", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, - "tzdata": {:hex, :tzdata, "0.5.20", "304b9e98a02840fb32a43ec111ffbe517863c8566eb04a061f1c4dbb90b4d84c", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"}, + "tzdata": {:hex, :tzdata, "1.0.1", "f6027a331af7d837471248e62733c6ebee86a72e57c613aa071ebb1f750fc71a", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"}, "ueberauth": {:hex, :ueberauth, "0.6.1", "9e90d3337dddf38b1ca2753aca9b1e53d8a52b890191cdc55240247c89230412", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm"}, "unsafe": {:hex, :unsafe, "1.0.0", "7c21742cd05380c7875546b023481d3a26f52df8e5dfedcb9f958f322baae305", [:mix], [], "hexpm"}, From de13c9bb8fc08b12d9694f63f92935ba39a51118 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:54:40 +0700 Subject: [PATCH 20/29] List messages must be visible for mentioned users --- lib/pleroma/web/activity_pub/visibility.ex | 9 +++++---- lib/pleroma/web/common_api/utils.ex | 2 +- test/web/activity_pub/visibilty_test.exs | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex index e0282d758..2666edc7c 100644 --- a/lib/pleroma/web/activity_pub/visibility.ex +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -39,10 +39,11 @@ def is_list?(_), do: false def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true - def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do - list_ap_id - |> Pleroma.List.get_by_ap_id() - |> Pleroma.List.member?(user) + def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{} = user) do + user.ap_id in activity.data["to"] || + list_ap_id + |> Pleroma.List.get_by_ap_id() + |> Pleroma.List.member?(user) end def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index fed5f9de7..f28a96320 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -100,7 +100,7 @@ def get_to_and_cc(_user, mentioned_users, inReplyTo, "direct") do end end - def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []} + def get_to_and_cc(_user, mentions, _inReplyTo, {:list, _}), do: {mentions, []} def get_addressed_users(_, to) when is_list(to) do User.get_ap_ids_by_nicknames(to) diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs index 2ce6928c4..b62a89e68 100644 --- a/test/web/activity_pub/visibilty_test.exs +++ b/test/web/activity_pub/visibilty_test.exs @@ -126,13 +126,13 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(direct, user) assert Visibility.visible_for_user?(list, user) - # All visible to a mentioned user, except when it's a list activity + # All visible to a mentioned user assert Visibility.visible_for_user?(public, mentioned) assert Visibility.visible_for_user?(private, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(direct, mentioned) - refute(Visibility.visible_for_user?(list, mentioned)) + assert Visibility.visible_for_user?(list, mentioned) # DM not visible for just follower From c66044b923bf90647abd7f581ea67542ba53db10 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 11:00:55 +0300 Subject: [PATCH 21/29] atom keys with leading : --- lib/mix/tasks/pleroma/config.ex | 6 +-- lib/pleroma/config/transfer_task.ex | 2 +- .../admin_api/admin_api_controller_test.exs | 47 +++++++++++++++++-- 3 files changed, 47 insertions(+), 8 deletions(-) diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index a71bcd447..4868866d6 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -59,11 +59,11 @@ def run(["migrate_from_db", env, delete?]) do do: ",", else: ":" + key = String.trim_leading(config.key, ":") + IO.write( file, - "config :#{config.group}, #{config.key}#{mark} #{ - inspect(Config.from_binary(config.value)) - }\r\n" + "config :#{config.group}, #{key}#{mark} #{inspect(Config.from_binary(config.value))}\r\n" ) if delete? do diff --git a/lib/pleroma/config/transfer_task.ex b/lib/pleroma/config/transfer_task.ex index 3c13a0558..7799b2a78 100644 --- a/lib/pleroma/config/transfer_task.ex +++ b/lib/pleroma/config/transfer_task.ex @@ -35,7 +35,7 @@ defp update_env(setting) do if String.starts_with?(setting.key, "Pleroma.") do "Elixir." <> setting.key else - setting.key + String.trim_leading(setting.key, ":") end group = String.to_existing_atom(setting.group) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 1b71cbff3..ee48b752c 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -1720,7 +1720,7 @@ test "settings with nesting map", %{conn: conn} do configs: [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => [ %{"tuple" => [":key2", "some_val"]}, %{ @@ -1750,7 +1750,7 @@ test "settings with nesting map", %{conn: conn} do "configs" => [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => [ %{"tuple" => [":key2", "some_val"]}, %{ @@ -1782,7 +1782,7 @@ test "value as map", %{conn: conn} do configs: [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => %{"key" => "some_val"} } ] @@ -1793,7 +1793,7 @@ test "value as map", %{conn: conn} do "configs" => [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => %{"key" => "some_val"} } ] @@ -1862,6 +1862,45 @@ test "dispatch setting", %{conn: conn} do ] } end + + test "queues key as atom", %{conn: conn} do + conn = + post(conn, "/api/pleroma/admin/config", %{ + configs: [ + %{ + "group" => "pleroma_job_queue", + "key" => ":queues", + "value" => [ + %{"tuple" => [":federator_incoming", 50]}, + %{"tuple" => [":federator_outgoing", 50]}, + %{"tuple" => [":web_push", 50]}, + %{"tuple" => [":mailer", 10]}, + %{"tuple" => [":transmogrifier", 20]}, + %{"tuple" => [":scheduled_activities", 10]}, + %{"tuple" => [":background", 5]} + ] + } + ] + }) + + assert json_response(conn, 200) == %{ + "configs" => [ + %{ + "group" => "pleroma_job_queue", + "key" => ":queues", + "value" => [ + %{"tuple" => [":federator_incoming", 50]}, + %{"tuple" => [":federator_outgoing", 50]}, + %{"tuple" => [":web_push", 50]}, + %{"tuple" => [":mailer", 10]}, + %{"tuple" => [":transmogrifier", 20]}, + %{"tuple" => [":scheduled_activities", 10]}, + %{"tuple" => [":background", 5]} + ] + } + ] + } + end end end From b8607c151c946f64e6cfadf84caa3921fffad02d Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 15:45:27 +0300 Subject: [PATCH 22/29] migrating task refactor --- lib/mix/tasks/pleroma/config.ex | 18 +++++++++--------- test/tasks/config_test.exs | 12 ++++++------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index 4868866d6..a7d0fac5d 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -28,6 +28,14 @@ def run(["migrate_to_db"]) do |> Enum.reject(fn {k, _v} -> k in [Pleroma.Repo, :env] end) |> Enum.each(fn {k, v} -> key = to_string(k) |> String.replace("Elixir.", "") + + key = + if String.starts_with?(key, "Pleroma.") do + key + else + ":" <> key + end + {:ok, _} = Config.update_or_create(%{group: "pleroma", key: key, value: v}) Mix.shell().info("#{key} is migrated.") end) @@ -53,17 +61,9 @@ def run(["migrate_from_db", env, delete?]) do Repo.all(Config) |> Enum.each(fn config -> - mark = - if String.starts_with?(config.key, "Pleroma.") or - String.starts_with?(config.key, "Ueberauth"), - do: ",", - else: ":" - - key = String.trim_leading(config.key, ":") - IO.write( file, - "config :#{config.group}, #{key}#{mark} #{inspect(Config.from_binary(config.value))}\r\n" + "config :#{config.group}, #{config.key}, #{inspect(Config.from_binary(config.value))}\r\n\r\n" ) if delete? do diff --git a/test/tasks/config_test.exs b/test/tasks/config_test.exs index bbcc57217..a9b79eb5b 100644 --- a/test/tasks/config_test.exs +++ b/test/tasks/config_test.exs @@ -34,8 +34,8 @@ test "settings are migrated to db" do Mix.Tasks.Pleroma.Config.run(["migrate_to_db"]) - first_db = Config.get_by_params(%{group: "pleroma", key: "first_setting"}) - second_db = Config.get_by_params(%{group: "pleroma", key: "second_setting"}) + first_db = Config.get_by_params(%{group: "pleroma", key: ":first_setting"}) + second_db = Config.get_by_params(%{group: "pleroma", key: ":second_setting"}) refute Config.get_by_params(%{group: "pleroma", key: "Pleroma.Repo"}) assert Config.from_binary(first_db.value) == [key: "value", key2: [Pleroma.Repo]] @@ -45,13 +45,13 @@ test "settings are migrated to db" do test "settings are migrated to file and deleted from db", %{temp_file: temp_file} do Config.create(%{ group: "pleroma", - key: "setting_first", + key: ":setting_first", value: [key: "value", key2: [Pleroma.Activity]] }) Config.create(%{ group: "pleroma", - key: "setting_second", + key: ":setting_second", value: [key: "valu2", key2: [Pleroma.Repo]] }) @@ -61,7 +61,7 @@ test "settings are migrated to file and deleted from db", %{temp_file: temp_file assert File.exists?(temp_file) {:ok, file} = File.read(temp_file) - assert file =~ "config :pleroma, setting_first:" - assert file =~ "config :pleroma, setting_second:" + assert file =~ "config :pleroma, :setting_first," + assert file =~ "config :pleroma, :setting_second," end end From c32384c1ea433bb0f5f087707d0165cea1f23d45 Mon Sep 17 00:00:00 2001 From: Maksim Date: Mon, 15 Jul 2019 13:01:22 +0000 Subject: [PATCH 23/29] tests for Pleroma.Signature --- lib/pleroma/keys.ex | 12 ++-- lib/pleroma/user.ex | 21 +++--- lib/pleroma/web/activity_pub/utils.ex | 8 +-- test/signature_test.exs | 99 +++++++++++++++++++++++++++ 4 files changed, 116 insertions(+), 24 deletions(-) create mode 100644 test/signature_test.exs diff --git a/lib/pleroma/keys.ex b/lib/pleroma/keys.ex index b7bc7a4da..6dd31d3bd 100644 --- a/lib/pleroma/keys.ex +++ b/lib/pleroma/keys.ex @@ -35,10 +35,12 @@ def generate_rsa_pem do end def keys_from_pem(pem) do - [private_key_code] = :public_key.pem_decode(pem) - private_key = :public_key.pem_entry_decode(private_key_code) - {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key - public_key = {:RSAPublicKey, modulus, exponent} - {:ok, private_key, public_key} + with [private_key_code] <- :public_key.pem_decode(pem), + private_key <- :public_key.pem_entry_decode(private_key_code), + {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} <- private_key do + {:ok, private_key, {:RSAPublicKey, modulus, exponent}} + else + error -> {:error, error} + end end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 29c87d4a9..ffba3f390 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1190,10 +1190,12 @@ def public_key_from_info(%{ end # OStatus Magic Key - def public_key_from_info(%{magic_key: magic_key}) do + def public_key_from_info(%{magic_key: magic_key}) when not is_nil(magic_key) do {:ok, Pleroma.Web.Salmon.decode_key(magic_key)} end + def public_key_from_info(_), do: {:error, "not found key"} + def get_public_key_for_ap_id(ap_id) do with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id), {:ok, public_key} <- public_key_from_info(user.info) do @@ -1379,23 +1381,16 @@ def get_mascot(%{info: %{mascot: mascot}}) when is_nil(mascot) do } end - def ensure_keys_present(user) do - info = user.info - + def ensure_keys_present(%User{info: info} = user) do if info.keys do {:ok, user} else {:ok, pem} = Keys.generate_rsa_pem() - info_cng = - info - |> User.Info.set_keys(pem) - - cng = - Ecto.Changeset.change(user) - |> Ecto.Changeset.put_embed(:info, info_cng) - - update_and_set_cache(cng) + user + |> Ecto.Changeset.change() + |> Ecto.Changeset.put_embed(:info, User.Info.set_keys(info, pem)) + |> update_and_set_cache() end end diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 4288ea4c8..c146f59d4 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -25,12 +25,8 @@ defmodule Pleroma.Web.ActivityPub.Utils do # Some implementations send the actor URI as the actor field, others send the entire actor object, # so figure out what the actor's URI is based on what we have. - def get_ap_id(object) do - case object do - %{"id" => id} -> id - id -> id - end - end + def get_ap_id(%{"id" => id} = _), do: id + def get_ap_id(id), do: id def normalize_params(params) do Map.put(params, "actor", get_ap_id(params["actor"])) diff --git a/test/signature_test.exs b/test/signature_test.exs new file mode 100644 index 000000000..4920196c7 --- /dev/null +++ b/test/signature_test.exs @@ -0,0 +1,99 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.SignatureTest do + use Pleroma.DataCase + + import Pleroma.Factory + import Tesla.Mock + + alias Pleroma.Signature + + setup do + mock(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + @private_key "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA48qb4v6kqigZutO9Ot0wkp27GIF2LiVaADgxQORZozZR63jH\nTaoOrS3Xhngbgc8SSOhfXET3omzeCLqaLNfXnZ8OXmuhJfJSU6mPUvmZ9QdT332j\nfN/g3iWGhYMf/M9ftCKh96nvFVO/tMruzS9xx7tkrfJjehdxh/3LlJMMImPtwcD7\nkFXwyt1qZTAU6Si4oQAJxRDQXHp1ttLl3Ob829VM7IKkrVmY8TD+JSlV0jtVJPj6\n1J19ytKTx/7UaucYvb9HIiBpkuiy5n/irDqKLVf5QEdZoNCdojOZlKJmTLqHhzKP\n3E9TxsUjhrf4/EqegNc/j982RvOxeu4i40zMQwIDAQABAoIBAQDH5DXjfh21i7b4\ncXJuw0cqget617CDUhemdakTDs9yH+rHPZd3mbGDWuT0hVVuFe4vuGpmJ8c+61X0\nRvugOlBlavxK8xvYlsqTzAmPgKUPljyNtEzQ+gz0I+3mH2jkin2rL3D+SksZZgKm\nfiYMPIQWB2WUF04gB46DDb2mRVuymGHyBOQjIx3WC0KW2mzfoFUFRlZEF+Nt8Ilw\nT+g/u0aZ1IWoszbsVFOEdghgZET0HEarum0B2Je/ozcPYtwmU10iBANGMKdLqaP/\nj954BPunrUf6gmlnLZKIKklJj0advx0NA+cL79+zeVB3zexRYSA5o9q0WPhiuTwR\n/aedWHnBAoGBAP0sDWBAM1Y4TRAf8ZI9PcztwLyHPzfEIqzbObJJnx1icUMt7BWi\n+/RMOnhrlPGE1kMhOqSxvXYN3u+eSmWTqai2sSH5Hdw2EqnrISSTnwNUPINX7fHH\njEkgmXQ6ixE48SuBZnb4w1EjdB/BA6/sjL+FNhggOc87tizLTkMXmMtTAoGBAOZV\n+wPuAMBDBXmbmxCuDIjoVmgSlgeRunB1SA8RCPAFAiUo3+/zEgzW2Oz8kgI+xVwM\n33XkLKrWG1Orhpp6Hm57MjIc5MG+zF4/YRDpE/KNG9qU1tiz0UD5hOpIU9pP4bR/\ngxgPxZzvbk4h5BfHWLpjlk8UUpgk6uxqfti48c1RAoGBALBOKDZ6HwYRCSGMjUcg\n3NPEUi84JD8qmFc2B7Tv7h2he2ykIz9iFAGpwCIyETQsJKX1Ewi0OlNnD3RhEEAy\nl7jFGQ+mkzPSeCbadmcpYlgIJmf1KN/x7fDTAepeBpCEzfZVE80QKbxsaybd3Dp8\nCfwpwWUFtBxr4c7J+gNhAGe/AoGAPn8ZyqkrPv9wXtyfqFjxQbx4pWhVmNwrkBPi\nZ2Qh3q4dNOPwTvTO8vjghvzIyR8rAZzkjOJKVFgftgYWUZfM5gE7T2mTkBYq8W+U\n8LetF+S9qAM2gDnaDx0kuUTCq7t87DKk6URuQ/SbI0wCzYjjRD99KxvChVGPBHKo\n1DjqMuECgYEAgJGNm7/lJCS2wk81whfy/ttKGsEIkyhPFYQmdGzSYC5aDc2gp1R3\nxtOkYEvdjfaLfDGEa4UX8CHHF+w3t9u8hBtcdhMH6GYb9iv6z0VBTt4A/11HUR49\n3Z7TQ18Iyh3jAUCzFV9IJlLIExq5Y7P4B3ojWFBN607sDCt8BMPbDYs=\n-----END RSA PRIVATE KEY-----" + + @public_key %{ + "id" => "https://mastodon.social/users/lambadalambda#main-key", + "owner" => "https://mastodon.social/users/lambadalambda", + "publicKeyPem" => + "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0P/Tq4gb4G/QVuMGbJo\nC/AfMNcv+m7NfrlOwkVzcU47jgESuYI4UtJayissCdBycHUnfVUd9qol+eznSODz\nCJhfJloqEIC+aSnuEPGA0POtWad6DU0E6/Ho5zQn5WAWUwbRQqowbrsm/GHo2+3v\neR5jGenwA6sYhINg/c3QQbksyV0uJ20Umyx88w8+TJuv53twOfmyDWuYNoQ3y5cc\nHKOZcLHxYOhvwg3PFaGfFHMFiNmF40dTXt9K96r7sbzc44iLD+VphbMPJEjkMuf8\nPGEFOBzy8pm3wJZw2v32RNW2VESwMYyqDzwHXGSq1a73cS7hEnc79gXlELsK04L9\nQQIDAQAB\n-----END PUBLIC KEY-----\n" + } + + @rsa_public_key { + :RSAPublicKey, + 24_650_000_183_914_698_290_885_268_529_673_621_967_457_234_469_123_179_408_466_269_598_577_505_928_170_923_974_132_111_403_341_217_239_999_189_084_572_368_839_502_170_501_850_920_051_662_384_964_248_315_257_926_552_945_648_828_895_432_624_227_029_881_278_113_244_073_644_360_744_504_606_177_648_469_825_063_267_913_017_309_199_785_535_546_734_904_379_798_564_556_494_962_268_682_532_371_146_333_972_821_570_577_277_375_020_977_087_539_994_500_097_107_935_618_711_808_260_846_821_077_839_605_098_669_707_417_692_791_905_543_116_911_754_774_323_678_879_466_618_738_207_538_013_885_607_095_203_516_030_057_611_111_308_904_599_045_146_148_350_745_339_208_006_497_478_057_622_336_882_506_112_530_056_970_653_403_292_123_624_453_213_574_011_183_684_739_084_105_206_483_178_943_532_208_537_215_396_831_110_268_758_639_826_369_857, + # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength + 65_537 + } + + describe "fetch_public_key/1" do + test "it returns key" do + expected_result = {:ok, @rsa_public_key} + + user = insert(:user, %{info: %{source_data: %{"publicKey" => @public_key}}}) + + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => user.ap_id}}) == + expected_result + end + + test "it returns error when not found user" do + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => "test-ap_id"}}) == + {:error, :error} + end + + test "it returns error if public key is empty" do + user = insert(:user, %{info: %{source_data: %{"publicKey" => %{}}}}) + + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => user.ap_id}}) == + {:error, :error} + end + end + + describe "refetch_public_key/1" do + test "it returns key" do + ap_id = "https://mastodon.social/users/lambadalambda" + + assert Signature.refetch_public_key(%Plug.Conn{params: %{"actor" => ap_id}}) == + {:ok, @rsa_public_key} + end + + test "it returns error when not found user" do + assert Signature.refetch_public_key(%Plug.Conn{params: %{"actor" => "test-ap_id"}}) == + {:error, {:error, :ok}} + end + end + + describe "sign/2" do + test "it returns signature headers" do + user = + insert(:user, %{ + ap_id: "https://mastodon.social/users/lambadalambda", + info: %{keys: @private_key} + }) + + assert Signature.sign( + user, + %{ + host: "test.test", + "content-length": 100 + } + ) == + "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\"" + end + + test "it returns error" do + user = + insert(:user, %{ap_id: "https://mastodon.social/users/lambadalambda", info: %{keys: ""}}) + + assert Signature.sign( + user, + %{host: "test.test", "content-length": 100} + ) == {:error, []} + end + end +end From 105f437ce91e1416f10ad90f56dfd47d16913f40 Mon Sep 17 00:00:00 2001 From: Moonman Date: Mon, 15 Jul 2019 08:36:51 -0700 Subject: [PATCH 24/29] formatting --- lib/pleroma/plugs/authentication_plug.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 48dc1f818..eec514892 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -16,8 +16,10 @@ def checkpw(password, password_hash) do cond do String.starts_with?(password_hash, "$pbkdf2") -> Pbkdf2.checkpw(password, password_hash) + String.starts_with?(password_hash, "$6") -> :crypt.crypt(password, password_hash) == password_hash + true -> Logger.error("Password hash not recognized") false From 33fd4c0ed7dd11b87c17424a568c44569797a609 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 20:53:07 +0300 Subject: [PATCH 25/29] query fix --- lib/pleroma/notification.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index ee7b37aab..d47229258 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -65,7 +65,7 @@ def for_user_query(user, opts) do |> join(:left, [n, a], tm in Pleroma.ThreadMute, on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data) ) - |> where([n, a, o, tm], is_nil(tm.id)) + |> where([n, a, o, tm], is_nil(tm.user_id)) end end From b74300bc7a02912489033ea23ccaf876881ef650 Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Mon, 15 Jul 2019 19:47:23 +0000 Subject: [PATCH 26/29] Add more tests for MastodonAPIController and CommonAPI --- lib/pleroma/web/common_api/common_api.ex | 10 - .../mastodon_api/mastodon_api_controller.ex | 20 +- test/reverse_proxy_test.exs | 1 - test/web/common_api/common_api_test.exs | 38 +++ test/web/common_api/common_api_utils_test.exs | 19 +- .../mastodon_api_controller_test.exs | 251 ++++++++++++++++-- 6 files changed, 289 insertions(+), 50 deletions(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 44669b228..44af6a773 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -4,7 +4,6 @@ defmodule Pleroma.Web.CommonAPI do alias Pleroma.Activity - alias Pleroma.Bookmark alias Pleroma.Formatter alias Pleroma.Object alias Pleroma.ThreadMute @@ -356,15 +355,6 @@ def thread_muted?(user, activity) do end end - def bookmarked?(user, activity) do - with %Bookmark{} <- Bookmark.get(user.id, activity.id) do - true - else - _ -> - false - end - end - def report(user, data) do with {:account_id, %{"account_id" => account_id}} <- {:account_id, data}, {:account, %User{} = account} <- {:account, User.get_cached_by_id(account_id)}, diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index b3513b5bf..f4aa576f7 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -693,11 +693,6 @@ def pin_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) - else - {:error, reason} -> - conn - |> put_status(:bad_request) - |> json(%{"error" => reason}) end end @@ -738,11 +733,6 @@ def mute_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) - else - {:error, reason} -> - conn - |> put_resp_content_type("application/json") - |> send_resp(:bad_request, Jason.encode!(%{"error" => reason})) end end @@ -881,7 +871,7 @@ def get_mascot(%{assigns: %{user: user}} = conn, _params) do end def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), + with %Activity{data: %{"object" => object}} <- Activity.get_by_id(id), %Object{data: %{"likes" => likes}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^likes) users = Repo.all(q) @@ -895,7 +885,7 @@ def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do end def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), + with %Activity{data: %{"object" => object}} <- Activity.get_by_id(id), %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^announces) users = Repo.all(q) @@ -1651,6 +1641,12 @@ def errors(conn, {:error, :not_found}) do render_error(conn, :not_found, "Record not found") end + def errors(conn, {:error, error_message}) do + conn + |> put_status(:bad_request) + |> json(%{error: error_message}) + end + def errors(conn, _) do conn |> put_status(:internal_server_error) diff --git a/test/reverse_proxy_test.exs b/test/reverse_proxy_test.exs index f542de97c..f4b7d6add 100644 --- a/test/reverse_proxy_test.exs +++ b/test/reverse_proxy_test.exs @@ -5,7 +5,6 @@ defmodule Pleroma.ReverseProxyTest do use Pleroma.Web.ConnCase, async: true import ExUnit.CaptureLog - import ExUnit.CaptureLog import Mox alias Pleroma.ReverseProxy alias Pleroma.ReverseProxy.ClientMock diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 7d8eeb12e..16b3f121d 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -141,6 +141,25 @@ test "it allows to address a list" do assert activity.recipients == [list.ap_id, user.ap_id] assert activity.data["listMessage"] == list.ap_id end + + test "it returns error when status is empty and no attachments" do + user = insert(:user) + + assert {:error, "Cannot post an empty status without attachments"} = + CommonAPI.post(user, %{"status" => ""}) + end + + test "it returns error when character limit is exceeded" do + limit = Pleroma.Config.get([:instance, :limit]) + Pleroma.Config.put([:instance, :limit], 5) + + user = insert(:user) + + assert {:error, "The status is over the character limit"} = + CommonAPI.post(user, %{"status" => "foobar"}) + + Pleroma.Config.put([:instance, :limit], limit) + end end describe "reactions" do @@ -413,4 +432,23 @@ test "after rejection, it sets all existing pending follow request states to 're assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending" end end + + describe "vote/3" do + test "does not allow to vote twice" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "Am I cute?", + "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20} + }) + + object = Object.normalize(activity) + + {:ok, _, object} = CommonAPI.vote(other_user, object, [0]) + + assert {:error, "Already voted"} == CommonAPI.vote(other_user, object, [1]) + end + end end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index b3a334d50..af320f31f 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -10,6 +10,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do alias Pleroma.Web.Endpoint use Pleroma.DataCase + import ExUnit.CaptureLog import Pleroma.Factory @public_address "https://www.w3.org/ns/activitystreams#Public" @@ -202,7 +203,9 @@ test "when date is a binary in wrong format" do expected = "" - assert Utils.date_to_asctime(date) == expected + assert capture_log(fn -> + assert Utils.date_to_asctime(date) == expected + end) =~ "[warn] Date #{date} in wrong format, must be ISO 8601" end test "when date is a Unix timestamp" do @@ -210,13 +213,23 @@ test "when date is a Unix timestamp" do expected = "" - assert Utils.date_to_asctime(date) == expected + assert capture_log(fn -> + assert Utils.date_to_asctime(date) == expected + end) =~ "[warn] Date #{date} in wrong format, must be ISO 8601" end test "when date is nil" do expected = "" - assert Utils.date_to_asctime(nil) == expected + assert capture_log(fn -> + assert Utils.date_to_asctime(nil) == expected + end) =~ "[warn] Date in wrong format, must be ISO 8601" + end + + test "when date is a random string" do + assert capture_log(fn -> + assert Utils.date_to_asctime("foo") == "" + end) =~ "[warn] Date foo in wrong format, must be ISO 8601" end end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6ffa64dc8..af24fddc1 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -35,7 +35,7 @@ test "the home timeline", %{conn: conn} do user = insert(:user) following = insert(:user) - {:ok, _activity} = TwitterAPI.create_status(following, %{"status" => "test"}) + {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"}) conn = conn @@ -58,7 +58,7 @@ test "the public timeline", %{conn: conn} do following = insert(:user) capture_log(fn -> - {:ok, _activity} = TwitterAPI.create_status(following, %{"status" => "test"}) + {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"}) {:ok, [_activity]} = OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") @@ -1004,8 +1004,8 @@ test "deleting a list", %{conn: conn} do test "list timeline", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, _activity_one} = TwitterAPI.create_status(user, %{"status" => "Marisa is cute."}) - {:ok, activity_two} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."}) + {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."}) {:ok, list} = Pleroma.List.create("name", user) {:ok, list} = Pleroma.List.follow(list, other_user) @@ -1022,10 +1022,10 @@ test "list timeline", %{conn: conn} do test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."}) {:ok, _activity_two} = - TwitterAPI.create_status(other_user, %{ + CommonAPI.post(other_user, %{ "status" => "Marisa is cute.", "visibility" => "private" }) @@ -1049,8 +1049,7 @@ test "list of notifications", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [_notification]} = Notification.create_notifications(activity) @@ -1072,8 +1071,7 @@ test "getting a single notification", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [notification]} = Notification.create_notifications(activity) @@ -1095,8 +1093,7 @@ test "dismissing a single notification", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [notification]} = Notification.create_notifications(activity) @@ -1112,8 +1109,7 @@ test "clearing all notifications", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [_notification]} = Notification.create_notifications(activity) @@ -1395,6 +1391,17 @@ test "reblogged status for another user", %{conn: conn} do assert to_string(activity.id) == id end + + test "returns 400 error when activity is not exist", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/foo/reblog") + + assert json_response(conn, 400) == %{"error" => "Could not repeat"} + end end describe "unreblogging" do @@ -1413,6 +1420,17 @@ test "unreblogs and returns the unreblogged status", %{conn: conn} do assert to_string(activity.id) == id end + + test "returns 400 error when activity is not exist", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/foo/unreblog") + + assert json_response(conn, 400) == %{"error" => "Could not unrepeat"} + end end describe "favoriting" do @@ -1431,16 +1449,15 @@ test "favs a status and returns it", %{conn: conn} do assert to_string(activity.id) == id end - test "returns 500 for a wrong id", %{conn: conn} do + test "returns 400 error for a wrong id", %{conn: conn} do user = insert(:user) - resp = + conn = conn |> assign(:user, user) |> post("/api/v1/statuses/1/favourite") - |> json_response(500) - assert resp == "Something went wrong" + assert json_response(conn, 400) == %{"error" => "Could not favorite"} end end @@ -1461,6 +1478,17 @@ test "unfavorites a status and returns it", %{conn: conn} do assert to_string(activity.id) == id end + + test "returns 400 error for a wrong id", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/1/unfavourite") + + assert json_response(conn, 400) == %{"error" => "Could not unfavorite"} + end end describe "user timelines" do @@ -1531,10 +1559,10 @@ test "gets an users media", %{conn: conn} do media = TwitterAPI.upload(file, user, "json") - |> Poison.decode!() + |> Jason.decode!() {:ok, image_post} = - TwitterAPI.create_status(user, %{"status" => "cofe", "media_ids" => [media["media_id"]]}) + CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media["media_id"]]}) conn = conn @@ -1857,7 +1885,7 @@ test "hashtag timeline", %{conn: conn} do following = insert(:user) capture_log(fn -> - {:ok, activity} = TwitterAPI.create_status(following, %{"status" => "test #2hu"}) + {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"}) {:ok, [_activity]} = OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") @@ -2616,7 +2644,7 @@ test "get instance stats", %{conn: conn} do insert(:user, %{local: false, nickname: "u@peer1.com"}) insert(:user, %{local: false, nickname: "u@peer2.com"}) - {:ok, _} = TwitterAPI.create_status(user, %{"status" => "cofe"}) + {:ok, _} = CommonAPI.post(user, %{"status" => "cofe"}) # Stats should count users with missing or nil `info.deactivated` value user = User.get_cached_by_id(user.id) @@ -2709,6 +2737,17 @@ test "pin status", %{conn: conn, user: user, activity: activity} do |> json_response(200) end + test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do + {:ok, dm} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"}) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/#{dm.id}/pin") + + assert json_response(conn, 400) == %{"error" => "Could not pin"} + end + test "unpin status", %{conn: conn, user: user, activity: activity} do {:ok, _} = CommonAPI.pin(activity.id, user) @@ -2728,6 +2767,15 @@ test "unpin status", %{conn: conn, user: user, activity: activity} do |> json_response(200) end + test "/unpin: returns 400 error when activity is not exist", %{conn: conn, user: user} do + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/1/unpin") + + assert json_response(conn, 400) == %{"error" => "Could not unpin"} + end + test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"}) @@ -2902,6 +2950,17 @@ test "mute conversation", %{conn: conn, user: user, activity: activity} do |> json_response(200) end + test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do + {:ok, _} = CommonAPI.add_mute(user, activity) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/#{activity.id}/mute") + + assert json_response(conn, 400) == %{"error" => "conversation is already muted"} + end + test "unmute conversation", %{conn: conn, user: user, activity: activity} do {:ok, _} = CommonAPI.add_mute(user, activity) @@ -2946,7 +3005,8 @@ test "submit a report with statuses and comment", %{ |> post("/api/v1/reports", %{ "account_id" => target_user.id, "status_ids" => [activity.id], - "comment" => "bad status!" + "comment" => "bad status!", + "forward" => "false" }) |> json_response(200) end @@ -2979,6 +3039,19 @@ test "comment must be up to the size specified in the config", %{ |> post("/api/v1/reports", %{"account_id" => target_user.id, "comment" => comment}) |> json_response(400) end + + test "returns error when account is not exist", %{ + conn: conn, + reporter: reporter, + activity: activity + } do + conn = + conn + |> assign(:user, reporter) + |> post("/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"}) + + assert json_response(conn, 400) == %{"error" => "Account not found"} + end end describe "link headers" do @@ -3338,7 +3411,7 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c user2 = insert(:user) user3 = insert(:user) - {:ok, replied_to} = TwitterAPI.create_status(user1, %{"status" => "cofe"}) + {:ok, replied_to} = CommonAPI.post(user1, %{"status" => "cofe"}) # Reply to status from another user conn1 = @@ -3603,5 +3676,135 @@ test "does not allow multiple choices on a single-choice question", %{conn: conn total_items == 1 end) end + + test "does not allow choice index to be greater than options count", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "Am I cute?", + "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20} + }) + + object = Object.normalize(activity) + + conn = + conn + |> assign(:user, other_user) + |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]}) + + assert json_response(conn, 422) == %{"error" => "Invalid indices"} + end + + test "returns 404 error when object is not exist", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/polls/1/votes", %{"choices" => [0]}) + + assert json_response(conn, 404) == %{"error" => "Record not found"} + end + + test "returns 404 when poll is private and not available for user", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "Am I cute?", + "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}, + "visibility" => "private" + }) + + object = Object.normalize(activity) + + conn = + conn + |> assign(:user, other_user) + |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]}) + + assert json_response(conn, 404) == %{"error" => "Record not found"} + end + end + + describe "GET /api/v1/statuses/:id/favourited_by" do + setup do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "test"}) + + conn = + build_conn() + |> assign(:user, user) + + [conn: conn, activity: activity] + end + + test "returns users who have favorited the status", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + response = + conn + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(:ok) + + [%{"id" => id}] = response + + assert id == other_user.id + end + + test "returns empty array when status has not been favorited yet", %{ + conn: conn, + activity: activity + } do + response = + conn + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(:ok) + + assert Enum.empty?(response) + end + end + + describe "GET /api/v1/statuses/:id/reblogged_by" do + setup do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "test"}) + + conn = + build_conn() + |> assign(:user, user) + + [conn: conn, activity: activity] + end + + test "returns users who have reblogged the status", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + response = + conn + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(:ok) + + [%{"id" => id}] = response + + assert id == other_user.id + end + + test "returns empty array when status has not been reblogged yet", %{ + conn: conn, + activity: activity + } do + response = + conn + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(:ok) + + assert Enum.empty?(response) + end end end From 345a38778ee6861b36e7601e581eb14bebe31d82 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Mon, 15 Jul 2019 21:43:04 +0000 Subject: [PATCH 27/29] Remove dead link from the installation docs --- docs/installation/alpine_linux_en.md | 1 - docs/installation/arch_linux_en.md | 1 - docs/installation/centos7_en.md | 1 - docs/installation/debian_based_en.md | 1 - docs/installation/debian_based_jp.md | 1 - docs/installation/gentoo_en.md | 1 - 6 files changed, 6 deletions(-) diff --git a/docs/installation/alpine_linux_en.md b/docs/installation/alpine_linux_en.md index a9b5afd33..1f300f353 100644 --- a/docs/installation/alpine_linux_en.md +++ b/docs/installation/alpine_linux_en.md @@ -202,7 +202,6 @@ sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new Date: Tue, 16 Jul 2019 12:47:40 +0900 Subject: [PATCH 28/29] Status View: Poll ids are strings. All ids in mastodon are strings, in general. --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- test/web/mastodon_api/status_view_test.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 06a7251d8..de9425959 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -382,7 +382,7 @@ def render("poll.json", %{object: object} = opts) do %{ # Mastodon uses separate ids for polls, but an object can't have # more than one poll embedded so object id is fine - id: object.id, + id: to_string(object.id), expires_at: Utils.to_masto_date(end_time), expired: expired, multiple: multiple, diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index ac42819d8..6507e9864 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -423,7 +423,7 @@ test "renders a poll" do expected = %{ emojis: [], expired: false, - id: object.id, + id: to_string(object.id), multiple: false, options: [ %{title: "absolutely!", votes_count: 0}, From 7a24def4731cf773970c87b340d99d4ec3cd8906 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 16 Jul 2019 14:01:18 +0900 Subject: [PATCH 29/29] Mastodon Controller: Fix tests. --- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6ffa64dc8..f7c8ccde5 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3503,7 +3503,7 @@ test "returns poll entity for object id", %{conn: conn} do |> get("/api/v1/polls/#{object.id}") response = json_response(conn, 200) - id = object.id + id = to_string(object.id) assert %{"id" => ^id, "expired" => false, "multiple" => false} = response end