From cc83d7ffe786f639172e28005e2912a0bad26234 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 13 Dec 2018 16:30:10 +0300 Subject: [PATCH 1/7] [#114] Naive implementation of email invitations. --- lib/pleroma/emails/user_email.ex | 21 ++++++++++++ .../web/twitter_api/twitter_api_controller.ex | 10 ++++++ .../twitter_api_controller_test.exs | 32 +++++++++++++++++++ 3 files changed, 63 insertions(+) diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex index 9cdf002f3..47dcd42e0 100644 --- a/lib/pleroma/emails/user_email.ex +++ b/lib/pleroma/emails/user_email.ex @@ -37,4 +37,25 @@ def password_reset_email(user, password_reset_token) when is_binary(password_res |> subject("Password reset") |> html_body(html_body) end + + def user_invitation_email(user, to_email, to_name \\ nil) do + registration_url = + Router.Helpers.redirect_url( + Endpoint, + :registration_page, + "" + ) + + html_body = """ +

You are invited to #{instance_name()}

+

#{user.name} invites you to join #{instance_name()}, an instance of Pleroma federated social networking platform.

+

Click the following link to register: accept invitation.

+ """ + + new() + |> to(recipient(to_email, to_name)) + |> from(sender()) + |> subject("Invitation to #{instance_name()}") + |> html_body(html_body) + end end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 38eff8191..d51d71299 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -333,6 +333,16 @@ def password_reset(conn, params) do end end + def confirm_email(_conn, _params), do: :noop + + def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do + with true <- Pleroma.Config.get([:instance, :invites_enabled]), + email <- Pleroma.UserEmail.user_invitation_email(user, email, params["name"]), + {:ok, _} <- Pleroma.Mailer.deliver(email) do + json_response(conn, :no_content, "") + end + end + def update_avatar(%{assigns: %{user: user}} = conn, params) do {:ok, object} = ActivityPub.upload(params, type: :avatar) change = Changeset.change(user, %{avatar: object.data}) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index c16c0cdc0..cbb5f7796 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -873,6 +873,38 @@ test "it returns 500 when user is not local", %{conn: conn, user: user} do end end + describe "POST /api/email_invite, with valid parameters" do + setup [:valid_user] + + setup do + invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) + Pleroma.Config.put([:instance, :invites_enabled], true) + + on_exit(fn -> + Pleroma.Config.put([:instance, :invites_enabled], invites_enabled) + :ok + end) + + :ok + end + + test "it returns 204", %{conn: conn, user: user} do + recipient_email = "foo@bar.com" + recipient_name = "J. D." + + conn = + conn + |> assign(:user, user) + |> post("/api/email_invite?email=#{recipient_email}&name=#{recipient_name}") + + assert json_response(conn, :no_content) + + Swoosh.TestAssertions.assert_email_sent( + Pleroma.UserEmail.user_invitation_email(user, recipient_email, recipient_name) + ) + end + end + describe "GET /api/externalprofile/show" do test "it returns the user", %{conn: conn} do user = insert(:user) From 3cbf16a5fe9f7618cae557eb260093881febd1d1 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 13 Dec 2018 17:58:40 +0300 Subject: [PATCH 2/7] [#114] Added UserInviteToken creation, adjusted invitation email link to include it. --- lib/pleroma/emails/user_email.ex | 4 ++-- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 8 ++++++-- test/web/twitter_api/twitter_api_controller_test.exs | 9 +++++---- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex index 47dcd42e0..ee41ce50a 100644 --- a/lib/pleroma/emails/user_email.ex +++ b/lib/pleroma/emails/user_email.ex @@ -38,12 +38,12 @@ def password_reset_email(user, password_reset_token) when is_binary(password_res |> html_body(html_body) end - def user_invitation_email(user, to_email, to_name \\ nil) do + def user_invitation_email(user, user_invite_token, to_email, to_name \\ nil) do registration_url = Router.Helpers.redirect_url( Endpoint, :registration_page, - "" + user_invite_token.token ) html_body = """ diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index d51d71299..0607a1a6a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -336,8 +336,12 @@ def password_reset(conn, params) do def confirm_email(_conn, _params), do: :noop def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do - with true <- Pleroma.Config.get([:instance, :invites_enabled]), - email <- Pleroma.UserEmail.user_invitation_email(user, email, params["name"]), + with true <- + Pleroma.Config.get([:instance, :invites_enabled]) && + !Pleroma.Config.get([:instance, :registrations_open]), + {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(), + email <- + Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]), {:ok, _} <- Pleroma.Mailer.deliver(email) do json_response(conn, :no_content, "") end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index cbb5f7796..e5c6f848d 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -877,10 +877,13 @@ test "it returns 500 when user is not local", %{conn: conn, user: user} do setup [:valid_user] setup do + registrations_open = Pleroma.Config.get([:instance, :registrations_open]) invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) + Pleroma.Config.put([:instance, :registrations_open], false) Pleroma.Config.put([:instance, :invites_enabled], true) on_exit(fn -> + Pleroma.Config.put([:instance, :registrations_open], registrations_open) Pleroma.Config.put([:instance, :invites_enabled], invites_enabled) :ok end) @@ -888,7 +891,7 @@ test "it returns 500 when user is not local", %{conn: conn, user: user} do :ok end - test "it returns 204", %{conn: conn, user: user} do + test "sends invitation and returns 204", %{conn: conn, user: user} do recipient_email = "foo@bar.com" recipient_name = "J. D." @@ -899,9 +902,7 @@ test "it returns 204", %{conn: conn, user: user} do assert json_response(conn, :no_content) - Swoosh.TestAssertions.assert_email_sent( - Pleroma.UserEmail.user_invitation_email(user, recipient_email, recipient_name) - ) + Swoosh.TestAssertions.assert_email_sent() end end From a89e3b4b60b357992aeaedad8e3ff8d086f693a0 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 13 Dec 2018 18:23:05 +0300 Subject: [PATCH 3/7] [#114] Moved email_invite action to AdminAPIController, adjusted tests. --- .../web/admin_api/admin_api_controller.ex | 13 ++++++++ lib/pleroma/web/router.ex | 2 ++ .../web/twitter_api/twitter_api_controller.ex | 12 ------- .../admin_api/admin_api_controller_test.exs | 31 +++++++++++++++++ .../twitter_api_controller_test.exs | 33 ------------------- 5 files changed, 46 insertions(+), 45 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 06c3c7c81..4d73cf219 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -147,6 +147,19 @@ def relay_unfollow(conn, %{"relay_url" => target}) do end end + @doc "Sends registration invite via email" + def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do + with true <- + Pleroma.Config.get([:instance, :invites_enabled]) && + !Pleroma.Config.get([:instance, :registrations_open]), + {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(), + email <- + Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]), + {:ok, _} <- Pleroma.Mailer.deliver(email) do + json_response(conn, :no_content, "") + end + end + @doc "Get a account registeration invite token (base64 string)" def get_invite_token(conn, _params) do {:ok, token} = Pleroma.UserInviteToken.create_token() diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 6253a28db..daff3362c 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -117,6 +117,8 @@ defmodule Pleroma.Web.Router do delete("/relay", AdminAPIController, :relay_unfollow) get("/invite_token", AdminAPIController, :get_invite_token) + post("/email_invite", AdminAPIController, :email_invite) + get("/password_reset", AdminAPIController, :get_password_reset) end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 0607a1a6a..0ae0a0fea 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -335,18 +335,6 @@ def password_reset(conn, params) do def confirm_email(_conn, _params), do: :noop - def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do - with true <- - Pleroma.Config.get([:instance, :invites_enabled]) && - !Pleroma.Config.get([:instance, :registrations_open]), - {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(), - email <- - Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]), - {:ok, _} <- Pleroma.Mailer.deliver(email) do - json_response(conn, :no_content, "") - end - end - def update_avatar(%{assigns: %{user: user}} = conn, params) do {:ok, object} = ActivityPub.upload(params, type: :avatar) change = Changeset.change(user, %{avatar: object.data}) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 4c12dd988..e7ad60aa3 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -154,6 +154,37 @@ test "/:right DELETE, can remove from a permission group" do end end + describe "POST /api/pleroma/admin/email_invite, with valid parameters" do + setup do + registrations_open = Pleroma.Config.get([:instance, :registrations_open]) + invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) + Pleroma.Config.put([:instance, :registrations_open], false) + Pleroma.Config.put([:instance, :invites_enabled], true) + + on_exit(fn -> + Pleroma.Config.put([:instance, :registrations_open], registrations_open) + Pleroma.Config.put([:instance, :invites_enabled], invites_enabled) + :ok + end) + + [user: insert(:user, info: %{is_admin: true})] + end + + test "sends invitation and returns 204", %{conn: conn, user: user} do + recipient_email = "foo@bar.com" + recipient_name = "J. D." + + conn = + conn + |> assign(:user, user) + |> post("/api/pleroma/admin/email_invite?email=#{recipient_email}&name=#{recipient_name}") + + assert json_response(conn, :no_content) + + Swoosh.TestAssertions.assert_email_sent() + end + end + test "/api/pleroma/admin/invite_token" do admin = insert(:user, info: %{is_admin: true}) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index e5c6f848d..c16c0cdc0 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -873,39 +873,6 @@ test "it returns 500 when user is not local", %{conn: conn, user: user} do end end - describe "POST /api/email_invite, with valid parameters" do - setup [:valid_user] - - setup do - registrations_open = Pleroma.Config.get([:instance, :registrations_open]) - invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) - Pleroma.Config.put([:instance, :registrations_open], false) - Pleroma.Config.put([:instance, :invites_enabled], true) - - on_exit(fn -> - Pleroma.Config.put([:instance, :registrations_open], registrations_open) - Pleroma.Config.put([:instance, :invites_enabled], invites_enabled) - :ok - end) - - :ok - end - - test "sends invitation and returns 204", %{conn: conn, user: user} do - recipient_email = "foo@bar.com" - recipient_name = "J. D." - - conn = - conn - |> assign(:user, user) - |> post("/api/email_invite?email=#{recipient_email}&name=#{recipient_name}") - - assert json_response(conn, :no_content) - - Swoosh.TestAssertions.assert_email_sent() - end - end - describe "GET /api/externalprofile/show" do test "it returns the user", %{conn: conn} do user = insert(:user) From 9666376f5f98a66f8006971d9b29b2e529b2af68 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 14 Dec 2018 12:37:06 +0300 Subject: [PATCH 4/7] [#114] Readded `invites_enabled` config setting, updated readme. --- config/config.md | 3 ++- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/config/config.md b/config/config.md index 165f5d9f8..2fca5baa1 100644 --- a/config/config.md +++ b/config/config.md @@ -67,7 +67,8 @@ config :pleroma, Pleroma.Mailer, * `avatar_upload_limit`: File size limit of user’s profile avatars * `background_upload_limit`: File size limit of user’s profile backgrounds * `banner_upload_limit`: File size limit of user’s profile banners -* `registrations_open`: Enable registrations for anyone, invitations can be used when false. +* `registrations_open`: Enable registrations for anyone, invitations can be enabled when false. +* `invites_enabled`: Enable user invitations for admins (depends on `registrations_open: false`). * `federating`: Enable federation with other instances * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance * `rewrite_policy`: Message Rewrite Policy, either one or a list. Here are the ones available by default: diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index b1e4c77e8..fb3b99d25 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -166,7 +166,8 @@ def config(conn, _params) do textlimit: to_string(Keyword.get(instance, :limit)), closed: if(Keyword.get(instance, :registrations_open), do: "0", else: "1"), private: if(Keyword.get(instance, :public, true), do: "0", else: "1"), - vapidPublicKey: vapid_public_key + vapidPublicKey: vapid_public_key, + invitesEnabled: if(Keyword.get(instance, :invites_enabled, false), do: "1", else: "0") } pleroma_fe = %{ From 07e93f99404787b2c6b6193f90cb4102d00a72f9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 14 Dec 2018 13:52:04 +0300 Subject: [PATCH 5/7] [#114] Improved tests. --- lib/pleroma/emails/user_email.ex | 7 +- .../admin_api/admin_api_controller_test.exs | 72 ++++++++++++++++++- 2 files changed, 76 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex index ee41ce50a..7e3e9b020 100644 --- a/lib/pleroma/emails/user_email.ex +++ b/lib/pleroma/emails/user_email.ex @@ -38,7 +38,12 @@ def password_reset_email(user, password_reset_token) when is_binary(password_res |> html_body(html_body) end - def user_invitation_email(user, user_invite_token, to_email, to_name \\ nil) do + def user_invitation_email( + user, + %Pleroma.UserInviteToken{} = user_invite_token, + to_email, + to_name \\ nil + ) do registration_url = Router.Helpers.redirect_url( Endpoint, diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index e7ad60aa3..e183da3a1 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -154,7 +154,7 @@ test "/:right DELETE, can remove from a permission group" do end end - describe "POST /api/pleroma/admin/email_invite, with valid parameters" do + describe "POST /api/pleroma/admin/email_invite, with valid config" do setup do registrations_open = Pleroma.Config.get([:instance, :registrations_open]) invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) @@ -181,7 +181,75 @@ test "sends invitation and returns 204", %{conn: conn, user: user} do assert json_response(conn, :no_content) - Swoosh.TestAssertions.assert_email_sent() + token_record = List.last(Pleroma.Repo.all(Pleroma.UserInviteToken)) + assert token_record + refute token_record.used + + Swoosh.TestAssertions.assert_email_sent( + Pleroma.UserEmail.user_invitation_email( + user, + token_record, + recipient_email, + recipient_name + ) + ) + end + + test "it returns 403 if requested by a non-admin", %{conn: conn} do + non_admin_user = insert(:user) + + conn = + conn + |> assign(:user, non_admin_user) + |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD") + + assert json_response(conn, :forbidden) + end + end + + describe "POST /api/pleroma/admin/email_invite, with invalid config" do + setup do + [user: insert(:user, info: %{is_admin: true})] + end + + test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do + registrations_open = Pleroma.Config.get([:instance, :registrations_open]) + invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) + Pleroma.Config.put([:instance, :registrations_open], false) + Pleroma.Config.put([:instance, :invites_enabled], false) + + on_exit(fn -> + Pleroma.Config.put([:instance, :registrations_open], registrations_open) + Pleroma.Config.put([:instance, :invites_enabled], invites_enabled) + :ok + end) + + conn = + conn + |> assign(:user, user) + |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD") + + assert json_response(conn, :internal_server_error) + end + + test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do + registrations_open = Pleroma.Config.get([:instance, :registrations_open]) + invites_enabled = Pleroma.Config.get([:instance, :invites_enabled]) + Pleroma.Config.put([:instance, :registrations_open], true) + Pleroma.Config.put([:instance, :invites_enabled], true) + + on_exit(fn -> + Pleroma.Config.put([:instance, :registrations_open], registrations_open) + Pleroma.Config.put([:instance, :invites_enabled], invites_enabled) + :ok + end) + + conn = + conn + |> assign(:user, user) + |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD") + + assert json_response(conn, :internal_server_error) end end From 66380b0641534f252f297b67b03d811a714b848d Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 14 Dec 2018 14:01:00 +0300 Subject: [PATCH 6/7] [#114] Removed `confirm_email` action stub (to be addressed in a separate MR). --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 0ae0a0fea..38eff8191 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -333,8 +333,6 @@ def password_reset(conn, params) do end end - def confirm_email(_conn, _params), do: :noop - def update_avatar(%{assigns: %{user: user}} = conn, params) do {:ok, object} = ActivityPub.upload(params, type: :avatar) change = Changeset.change(user, %{avatar: object.data}) From 69fd63e248d39cf2e10657646bc11e9e559e6e45 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 14 Dec 2018 14:13:13 +0300 Subject: [PATCH 7/7] [#114] Added `invitesEnabled` to `metadata` of nodeinfo. --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 277dc6ba1..44c11f40a 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -132,6 +132,7 @@ def nodeinfo(conn, %{"version" => "2.0"}) do banner: Keyword.get(instance, :banner_upload_limit), background: Keyword.get(instance, :background_upload_limit) }, + invitesEnabled: Keyword.get(instance, :invites_enabled, false), features: features } }