From 0484f3a8b1ae2103d1d756e5c09f2bdb218a7207 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 16:58:22 +0700 Subject: [PATCH 01/13] generating tokens with mix --- lib/mix/tasks/pleroma/user.ex | 75 +++++++++++++++- lib/pleroma/user_invite_token.ex | 89 +++++++++++++++++-- ...50946_add_fields_to_user_invite_tokens.exs | 12 +++ test/tasks/user_test.exs | 81 ++++++++++++++++- 4 files changed, 246 insertions(+), 11 deletions(-) create mode 100644 priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 0d0bea8c0..00a933292 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -7,6 +7,7 @@ defmodule Mix.Tasks.Pleroma.User do import Ecto.Changeset alias Mix.Tasks.Pleroma.Common alias Pleroma.User + alias Pleroma.UserInviteToken @shortdoc "Manages Pleroma users" @moduledoc """ @@ -26,7 +27,19 @@ defmodule Mix.Tasks.Pleroma.User do ## Generate an invite link. - mix pleroma.user invite + mix pleroma.user invite [OPTION...] + + Options: + - `--expire_date DATE` - last day on which token is active (e.g. "2019-04-05") + - `--max_use NUMBER` - maximum numbers of token use + + ## Generated invites list + + mix pleroma.user invites_list + + ## Revoke invite + + mix pleroma.user invite_revoke TOKEN OR TOKEN_ID ## Delete the user's account. @@ -287,11 +300,28 @@ def run(["untag", nickname | tags]) do end end - def run(["invite"]) do + def run(["invite" | rest]) do + {options, [], []} = + OptionParser.parse(rest, + strict: [ + expire_date: :string, + max_use: :integer + ] + ) + + expire_at = + with expire_date when expire_date != nil <- Keyword.get(options, :expire_date) do + Date.from_iso8601!(expire_date) + end + + options = Keyword.put(options, :expire_at, expire_at) + Common.start_pleroma() - with {:ok, token} <- Pleroma.UserInviteToken.create_token() do - Mix.shell().info("Generated user invite token") + with {:ok, token} <- UserInviteToken.create_token(options) do + Mix.shell().info( + "Generated user invite token " <> String.replace(token.token_type, "_", " ") + ) url = Pleroma.Web.Router.Helpers.redirect_url( @@ -307,6 +337,43 @@ def run(["invite"]) do end end + def run(["invites_list"]) do + Common.start_pleroma() + + Mix.shell().info("Invites list:") + + UserInviteToken.list_invites() + |> Enum.each(fn invite -> + expire_date = + case invite.expire_at do + nil -> nil + date -> " | Expire date: #{Date.to_string(date)}" + end + + using_info = + case invite.max_use do + nil -> nil + max_use -> " | Max use: #{max_use} Left use: #{max_use - invite.uses}" + end + + Mix.shell().info( + "ID: #{invite.id} | Token: #{invite.token} | Token type: #{invite.token_type} | Used: #{ + invite.used + }#{expire_date}#{using_info}" + ) + end) + end + + def run(["invite_revoke", token]) do + Common.start_pleroma() + + with {:ok, _} <- UserInviteToken.mark_as_used(token) do + Mix.shell().info("Invite for token #{token} was revoked.") + else + _ -> Mix.shell().error("No invite found with token #{token}") + end + end + def run(["delete_activities", nickname]) do Common.start_pleroma() diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index 9c5579934..3ed39ddd3 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -6,34 +6,54 @@ defmodule Pleroma.UserInviteToken do use Ecto.Schema import Ecto.Changeset - + import Ecto.Query alias Pleroma.Repo alias Pleroma.UserInviteToken + @type token :: String.t() + schema "user_invite_tokens" do field(:token, :string) field(:used, :boolean, default: false) + field(:max_use, :integer) + field(:expire_at, :date) + field(:uses, :integer) + field(:token_type) timestamps() end - def create_token do + def create_token(options \\ []) do token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() - token = %UserInviteToken{ - used: false, - token: token - } + max_use = options[:max_use] + expire_at = options[:expire_at] + + token = + %UserInviteToken{ + used: false, + token: token, + max_use: max_use, + expire_at: expire_at, + uses: 0 + } + |> token_type() Repo.insert(token) end + def list_invites do + query = from(u in UserInviteToken, order_by: u.id) + Repo.all(query) + end + def used_changeset(struct) do struct |> cast(%{}, []) |> put_change(:used, true) end + @spec mark_as_used(token()) :: {:ok, UserInviteToken.t()} | {:error, token()} def mark_as_used(token) do with %{used: false} = token <- Repo.get_by(UserInviteToken, %{token: token}), {:ok, token} <- Repo.update(used_changeset(token)) do @@ -42,4 +62,61 @@ def mark_as_used(token) do _e -> {:error, token} end end + + defp token_type(%{expire_at: nil, max_use: nil} = token), do: %{token | token_type: "one_time"} + + defp token_type(%{expire_at: _expire_at, max_use: nil} = token), + do: %{token | token_type: "date_limited"} + + defp token_type(%{expire_at: nil, max_use: _max_use} = token), + do: %{token | token_type: "reusable"} + + defp token_type(%{expire_at: _expire_at, max_use: _max_use} = token), + do: %{token | token_type: "reusable_date_limited"} + + @spec valid_token?(UserInviteToken.t()) :: boolean() + def valid_token?(%{token_type: "one_time"} = token) do + not token.used + end + + def valid_token?(%{token_type: "date_limited"} = token) do + not_overdue_date?(token) and not token.used + end + + def valid_token?(%{token_type: "reusable"} = token) do + token.uses < token.max_use and not token.used + end + + def valid_token?(%{token_type: "reusable_date_limited"} = token) do + not_overdue_date?(token) and token.uses < token.max_use and not token.used + end + + defp not_overdue_date?(%{expire_at: expire_at} = token) do + Date.compare(Date.utc_today(), expire_at) in [:lt, :eq] || + (Repo.update!(change(token, used: true)) && false) + end + + def update_usage(%{token_type: "date_limited"}), do: nil + + def update_usage(%{token_type: "one_time"} = token) do + UserInviteToken.mark_as_used(token.token) + end + + def update_usage(%{token_type: token_type} = token) + when token_type == "reusable" or token_type == "reusable_date_limited" do + new_uses = token.uses + 1 + + changes = %{ + uses: new_uses + } + + changes = + if new_uses >= token.max_use do + Map.put(changes, :used, true) + else + changes + end + + change(token, changes) |> Repo.update!() + end end diff --git a/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs b/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs new file mode 100644 index 000000000..abdd5e277 --- /dev/null +++ b/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs @@ -0,0 +1,12 @@ +defmodule Pleroma.Repo.Migrations.AddFieldsToUserInviteTokens do + use Ecto.Migration + + def change do + alter table(:user_invite_tokens) do + add(:expire_at, :date) + add(:uses, :integer, default: 0) + add(:max_use, :integer) + add(:token_type, :string, default: "one_time") + end + end +end diff --git a/test/tasks/user_test.exs b/test/tasks/user_test.exs index 1030bd555..c55711b04 100644 --- a/test/tasks/user_test.exs +++ b/test/tasks/user_test.exs @@ -245,7 +245,86 @@ test "invite token is generated" do end) =~ "http" assert_received {:mix_shell, :info, [message]} - assert message =~ "Generated" + assert message =~ "Generated user invite token one time" + end + + test "token is generated with expire_at" do + assert capture_io(fn -> + Mix.Tasks.Pleroma.User.run([ + "invite", + "--expire-date", + Date.to_string(Date.utc_today()) + ]) + end) + + assert_received {:mix_shell, :info, [message]} + assert message =~ "Generated user invite token date limited" + end + + test "token is generated with max use" do + assert capture_io(fn -> + Mix.Tasks.Pleroma.User.run([ + "invite", + "--max-use", + "5" + ]) + end) + + assert_received {:mix_shell, :info, [message]} + assert message =~ "Generated user invite token reusable" + end + + test "token is generated with max use and expire date" do + assert capture_io(fn -> + Mix.Tasks.Pleroma.User.run([ + "invite", + "--max-use", + "5", + "--expire-date", + Date.to_string(Date.utc_today()) + ]) + end) + + assert_received {:mix_shell, :info, [message]} + assert message =~ "Generated user invite token reusable date limited" + end + end + + describe "running invites_list" do + test "invites are listed" do + {:ok, invite} = Pleroma.UserInviteToken.create_token() + + {:ok, invite2} = + Pleroma.UserInviteToken.create_token(expire_at: Date.utc_today(), max_use: 15) + + assert capture_io(fn -> + Mix.Tasks.Pleroma.User.run([ + "invites_list" + ]) + end) + + assert_received {:mix_shell, :info, [message]} + assert_received {:mix_shell, :info, [message2]} + assert_received {:mix_shell, :info, [message3]} + assert message =~ "Invites list:" + assert message2 =~ invite.token_type + assert message3 =~ invite2.token_type + end + end + + describe "running invite revoke" do + test "invite is revoked" do + {:ok, invite} = Pleroma.UserInviteToken.create_token(expire_at: Date.utc_today()) + + assert capture_io(fn -> + Mix.Tasks.Pleroma.User.run([ + "invite_revoke", + invite.token + ]) + end) + + assert_received {:mix_shell, :info, [message]} + assert message =~ "Invite for token #{invite.token} was revoked." end end From be54e40890432d2cd8e592e6d4acfa9f1e98586c Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 17:18:59 +0700 Subject: [PATCH 02/13] twitter api registration fix for twitter api tests --- lib/pleroma/web/twitter_api/twitter_api.ex | 67 ++-- test/fixtures/lambadalambda.json | 64 ++++ test/support/http_request_mock.ex | 4 + test/web/twitter_api/twitter_api_test.exs | 361 ++++++++++++++++++--- 4 files changed, 420 insertions(+), 76 deletions(-) create mode 100644 test/fixtures/lambadalambda.json diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 9b081a316..a578fbbf4 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -163,36 +163,49 @@ def register_user(params) do {:error, %{error: Jason.encode!(%{captcha: [error]})}} else registrations_open = Pleroma.Config.get([:instance, :registrations_open]) + registration_process(registrations_open, params, token_string) + end + end - # no need to query DB if registration is open - token = - unless registrations_open || is_nil(token_string) do - Repo.get_by(UserInviteToken, %{token: token_string}) - end + defp registration_process(_registration_open = true, params, _token_string) do + create_user(params) + end - cond do - registrations_open || (!is_nil(token) && !token.used) -> - changeset = User.register_changeset(%User{}, params) - - with {:ok, user} <- User.register(changeset) do - !registrations_open && UserInviteToken.mark_as_used(token.token) - - {:ok, user} - else - {:error, changeset} -> - errors = - Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) - |> Jason.encode!() - - {:error, %{error: errors}} - end - - !registrations_open && is_nil(token) -> - {:error, "Invalid token"} - - !registrations_open && token.used -> - {:error, "Expired token"} + defp registration_process(registration_open, params, token_string) + when registration_open == false or is_nil(registration_open) do + token = + unless is_nil(token_string) do + Repo.get_by(UserInviteToken, %{token: token_string}) end + + valid_token? = token && UserInviteToken.valid_token?(token) + + case token do + nil -> + {:error, "Invalid token"} + + token when valid_token? -> + UserInviteToken.update_usage(token) + create_user(params) + + _ -> + {:error, "Expired token"} + end + end + + defp create_user(params) do + changeset = User.register_changeset(%User{}, params) + + case User.register(changeset) do + {:ok, user} -> + {:ok, user} + + {:error, changeset} -> + errors = + Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) + |> Jason.encode!() + + {:error, %{error: errors}} end end diff --git a/test/fixtures/lambadalambda.json b/test/fixtures/lambadalambda.json new file mode 100644 index 000000000..1f09fb591 --- /dev/null +++ b/test/fixtures/lambadalambda.json @@ -0,0 +1,64 @@ +{ + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "toot": "http://joinmastodon.org/ns#", + "featured": { + "@id": "toot:featured", + "@type": "@id" + }, + "alsoKnownAs": { + "@id": "as:alsoKnownAs", + "@type": "@id" + }, + "movedTo": { + "@id": "as:movedTo", + "@type": "@id" + }, + "schema": "http://schema.org#", + "PropertyValue": "schema:PropertyValue", + "value": "schema:value", + "Hashtag": "as:Hashtag", + "Emoji": "toot:Emoji", + "IdentityProof": "toot:IdentityProof", + "focalPoint": { + "@container": "@list", + "@id": "toot:focalPoint" + } + } + ], + "id": "https://mastodon.social/users/lambadalambda", + "type": "Person", + "following": "https://mastodon.social/users/lambadalambda/following", + "followers": "https://mastodon.social/users/lambadalambda/followers", + "inbox": "https://mastodon.social/users/lambadalambda/inbox", + "outbox": "https://mastodon.social/users/lambadalambda/outbox", + "featured": "https://mastodon.social/users/lambadalambda/collections/featured", + "preferredUsername": "lambadalambda", + "name": "Critical Value", + "summary": "\u003cp\u003e\u003c/p\u003e", + "url": "https://mastodon.social/@lambadalambda", + "manuallyApprovesFollowers": false, + "publicKey": { + "id": "https://mastodon.social/users/lambadalambda#main-key", + "owner": "https://mastodon.social/users/lambadalambda", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0P/Tq4gb4G/QVuMGbJo\nC/AfMNcv+m7NfrlOwkVzcU47jgESuYI4UtJayissCdBycHUnfVUd9qol+eznSODz\nCJhfJloqEIC+aSnuEPGA0POtWad6DU0E6/Ho5zQn5WAWUwbRQqowbrsm/GHo2+3v\neR5jGenwA6sYhINg/c3QQbksyV0uJ20Umyx88w8+TJuv53twOfmyDWuYNoQ3y5cc\nHKOZcLHxYOhvwg3PFaGfFHMFiNmF40dTXt9K96r7sbzc44iLD+VphbMPJEjkMuf8\nPGEFOBzy8pm3wJZw2v32RNW2VESwMYyqDzwHXGSq1a73cS7hEnc79gXlELsK04L9\nQQIDAQAB\n-----END PUBLIC KEY-----\n" + }, + "tag": [], + "attachment": [], + "endpoints": { + "sharedInbox": "https://mastodon.social/inbox" + }, + "icon": { + "type": "Image", + "mediaType": "image/gif", + "url": "https://files.mastodon.social/accounts/avatars/000/000/264/original/1429214160519.gif" + }, + "image": { + "type": "Image", + "mediaType": "image/gif", + "url": "https://files.mastodon.social/accounts/headers/000/000/264/original/28b26104f83747d2.gif" + } +} diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index d3b547d91..5b355bfe6 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -716,6 +716,10 @@ def get("https://mastodon.social/users/lambadalambda.atom", _, _, _) do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/lambadalambda.atom")}} end + def get("https://mastodon.social/users/lambadalambda", _, _, _) do + {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/lambadalambda.json")}} + end + def get("https://social.heldscal.la/user/23211", _, _, Accept: "application/activity+json") do {:ok, Tesla.Mock.json(%{"id" => "https://social.heldscal.la/user/23211"}, status: 200)} end diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 6c00244de..716fccfb2 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -16,6 +16,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do import Pleroma.Factory + setup_all do + Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + test "create a status" do user = insert(:user) mentioned_user = insert(:user, %{nickname: "shp", ap_id: "shp"}) @@ -299,7 +304,6 @@ test "it registers a new user with empty string in bio and returns the user." do UserView.render("show.json", %{user: fetched_user}) end - @moduletag skip: "needs 'account_activation_required: true' in config" test "it sends confirmation email if :account_activation_required is specified in instance config" do setting = Pleroma.Config.get([:instance, :account_activation_required]) @@ -353,68 +357,327 @@ test "it registers a new user and parses mentions in the bio" do assert user2.bio == expected_text end - @moduletag skip: "needs 'registrations_open: false' in config" - test "it registers a new user via invite token and returns the user." do - {:ok, token} = UserInviteToken.create_token() + describe "register with one time token" do + setup do + setting = Pleroma.Config.get([:instance, :registrations_open]) - data = %{ - "nickname" => "vinny", - "email" => "pasta@pizza.vs", - "fullname" => "Vinny Vinesauce", - "bio" => "streamer", - "password" => "hiptofbees", - "confirm" => "hiptofbees", - "token" => token.token - } + if setting do + Pleroma.Config.put([:instance, :registrations_open], false) + on_exit(fn -> Pleroma.Config.put([:instance, :registrations_open], setting) end) + end - {:ok, user} = TwitterAPI.register_user(data) + :ok + end - fetched_user = User.get_by_nickname("vinny") - token = Repo.get_by(UserInviteToken, token: token.token) + test "returns user on success" do + {:ok, token} = UserInviteToken.create_token() - assert token.used == true + data = %{ + "nickname" => "vinny", + "email" => "pasta@pizza.vs", + "fullname" => "Vinny Vinesauce", + "bio" => "streamer", + "password" => "hiptofbees", + "confirm" => "hiptofbees", + "token" => token.token + } - assert UserView.render("show.json", %{user: user}) == - UserView.render("show.json", %{user: fetched_user}) + {:ok, user} = TwitterAPI.register_user(data) + + fetched_user = User.get_by_nickname("vinny") + token = Repo.get_by(UserInviteToken, token: token.token) + + assert token.used == true + + assert UserView.render("show.json", %{user: user}) == + UserView.render("show.json", %{user: fetched_user}) + end + + test "returns error on invalid token" do + data = %{ + "nickname" => "GrimReaper", + "email" => "death@reapers.afterlife", + "fullname" => "Reaper Grim", + "bio" => "Your time has come", + "password" => "scythe", + "confirm" => "scythe", + "token" => "DudeLetMeInImAFairy" + } + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Invalid token" + refute User.get_by_nickname("GrimReaper") + end + + test "returns error on expired token" do + {:ok, token} = UserInviteToken.create_token() + UserInviteToken.mark_as_used(token.token) + + data = %{ + "nickname" => "GrimReaper", + "email" => "death@reapers.afterlife", + "fullname" => "Reaper Grim", + "bio" => "Your time has come", + "password" => "scythe", + "confirm" => "scythe", + "token" => token.token + } + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Expired token" + refute User.get_by_nickname("GrimReaper") + end end - @moduletag skip: "needs 'registrations_open: false' in config" - test "it returns an error if invalid token submitted" do - data = %{ - "nickname" => "GrimReaper", - "email" => "death@reapers.afterlife", - "fullname" => "Reaper Grim", - "bio" => "Your time has come", - "password" => "scythe", - "confirm" => "scythe", - "token" => "DudeLetMeInImAFairy" - } + describe "registers with date limited token" do + setup do + setting = Pleroma.Config.get([:instance, :registrations_open]) - {:error, msg} = TwitterAPI.register_user(data) + if setting do + Pleroma.Config.put([:instance, :registrations_open], false) + on_exit(fn -> Pleroma.Config.put([:instance, :registrations_open], setting) end) + end - assert msg == "Invalid token" - refute User.get_by_nickname("GrimReaper") + data = %{ + "nickname" => "vinny", + "email" => "pasta@pizza.vs", + "fullname" => "Vinny Vinesauce", + "bio" => "streamer", + "password" => "hiptofbees", + "confirm" => "hiptofbees" + } + + check_fn = fn token -> + data = Map.put(data, "token", token.token) + {:ok, user} = TwitterAPI.register_user(data) + fetched_user = User.get_by_nickname("vinny") + + assert UserView.render("show.json", %{user: user}) == + UserView.render("show.json", %{user: fetched_user}) + end + + {:ok, data: data, check_fn: check_fn} + end + + test "returns user on success", %{check_fn: check_fn} do + {:ok, token} = UserInviteToken.create_token(expire_at: Date.utc_today()) + + check_fn.(token) + + token = Repo.get_by(UserInviteToken, token: token.token) + + refute token.used + end + + test "returns user on token which expired tomorrow", %{check_fn: check_fn} do + {:ok, token} = UserInviteToken.create_token(expire_at: Date.add(Date.utc_today(), 1)) + + check_fn.(token) + + token = Repo.get_by(UserInviteToken, token: token.token) + + refute token.used + end + + test "returns an error on overdue date", %{data: data} do + {:ok, token} = UserInviteToken.create_token(expire_at: Date.add(Date.utc_today(), -1)) + + data = Map.put(data, "token", token.token) + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Expired token" + refute User.get_by_nickname("vinny") + token = Repo.get_by(UserInviteToken, token: token.token) + + assert token.used == true + end end - @moduletag skip: "needs 'registrations_open: false' in config" - test "it returns an error if expired token submitted" do - {:ok, token} = UserInviteToken.create_token() - UserInviteToken.mark_as_used(token.token) + describe "registers with reusable token" do + setup do + setting = Pleroma.Config.get([:instance, :registrations_open]) - data = %{ - "nickname" => "GrimReaper", - "email" => "death@reapers.afterlife", - "fullname" => "Reaper Grim", - "bio" => "Your time has come", - "password" => "scythe", - "confirm" => "scythe", - "token" => token.token - } + if setting do + Pleroma.Config.put([:instance, :registrations_open], false) + on_exit(fn -> Pleroma.Config.put([:instance, :registrations_open], setting) end) + end - {:error, msg} = TwitterAPI.register_user(data) + :ok + end - assert msg == "Expired token" - refute User.get_by_nickname("GrimReaper") + test "returns user on success, after him registration fails" do + {:ok, token} = UserInviteToken.create_token(max_use: 100) + + Ecto.Changeset.change(token, uses: 99) |> Repo.update!() + + data = %{ + "nickname" => "vinny", + "email" => "pasta@pizza.vs", + "fullname" => "Vinny Vinesauce", + "bio" => "streamer", + "password" => "hiptofbees", + "confirm" => "hiptofbees", + "token" => token.token + } + + {:ok, user} = TwitterAPI.register_user(data) + fetched_user = User.get_by_nickname("vinny") + token = Repo.get_by(UserInviteToken, token: token.token) + + assert token.used == true + + assert UserView.render("show.json", %{user: user}) == + UserView.render("show.json", %{user: fetched_user}) + + data = %{ + "nickname" => "GrimReaper", + "email" => "death@reapers.afterlife", + "fullname" => "Reaper Grim", + "bio" => "Your time has come", + "password" => "scythe", + "confirm" => "scythe", + "token" => token.token + } + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Expired token" + refute User.get_by_nickname("GrimReaper") + end + end + + describe "registers with reusable date limited token" do + setup do + setting = Pleroma.Config.get([:instance, :registrations_open]) + + if setting do + Pleroma.Config.put([:instance, :registrations_open], false) + on_exit(fn -> Pleroma.Config.put([:instance, :registrations_open], setting) end) + end + + :ok + end + + test "returns user on success" do + {:ok, token} = + UserInviteToken.create_token( + expire_at: Date.utc_today(), + max_use: 100 + ) + + data = %{ + "nickname" => "vinny", + "email" => "pasta@pizza.vs", + "fullname" => "Vinny Vinesauce", + "bio" => "streamer", + "password" => "hiptofbees", + "confirm" => "hiptofbees", + "token" => token.token + } + + {:ok, user} = TwitterAPI.register_user(data) + fetched_user = User.get_by_nickname("vinny") + token = Repo.get_by(UserInviteToken, token: token.token) + + refute token.used + + assert UserView.render("show.json", %{user: user}) == + UserView.render("show.json", %{user: fetched_user}) + end + + test "error after max uses" do + {:ok, token} = + UserInviteToken.create_token( + expire_at: Date.utc_today(), + max_use: 100 + ) + + Ecto.Changeset.change(token, uses: 99) |> Repo.update!() + + data = %{ + "nickname" => "vinny", + "email" => "pasta@pizza.vs", + "fullname" => "Vinny Vinesauce", + "bio" => "streamer", + "password" => "hiptofbees", + "confirm" => "hiptofbees", + "token" => token.token + } + + {:ok, user} = TwitterAPI.register_user(data) + fetched_user = User.get_by_nickname("vinny") + token = Repo.get_by(UserInviteToken, token: token.token) + assert token.used == true + + assert UserView.render("show.json", %{user: user}) == + UserView.render("show.json", %{user: fetched_user}) + + data = %{ + "nickname" => "GrimReaper", + "email" => "death@reapers.afterlife", + "fullname" => "Reaper Grim", + "bio" => "Your time has come", + "password" => "scythe", + "confirm" => "scythe", + "token" => token.token + } + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Expired token" + refute User.get_by_nickname("GrimReaper") + end + + test "returns error on overdue date" do + {:ok, token} = + UserInviteToken.create_token( + expire_at: Date.add(Date.utc_today(), -1), + max_use: 100 + ) + + data = %{ + "nickname" => "GrimReaper", + "email" => "death@reapers.afterlife", + "fullname" => "Reaper Grim", + "bio" => "Your time has come", + "password" => "scythe", + "confirm" => "scythe", + "token" => token.token + } + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Expired token" + refute User.get_by_nickname("GrimReaper") + end + + test "returns error on with overdue date and after max" do + {:ok, token} = + UserInviteToken.create_token( + expire_at: Date.add(Date.utc_today(), -1), + max_use: 100 + ) + + Ecto.Changeset.change(token, uses: 100) |> Repo.update!() + + data = %{ + "nickname" => "GrimReaper", + "email" => "death@reapers.afterlife", + "fullname" => "Reaper Grim", + "bio" => "Your time has come", + "password" => "scythe", + "confirm" => "scythe", + "token" => token.token + } + + {:error, msg} = TwitterAPI.register_user(data) + + assert msg == "Expired token" + refute User.get_by_nickname("GrimReaper") + end end test "it returns the error on registration problems" do From 47b07cec495528ce22f83ca56717cc74aa0096f3 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 20:24:22 +0700 Subject: [PATCH 03/13] token -> invite renaming --- lib/mix/tasks/pleroma/user.ex | 12 +- lib/pleroma/user_invite_token.ex | 121 +++++++++--------- lib/pleroma/web/twitter_api/twitter_api.ex | 22 ++-- ...50946_add_fields_to_user_invite_tokens.exs | 2 +- test/tasks/user_test.exs | 6 +- test/web/twitter_api/twitter_api_test.exs | 102 +++++++-------- 6 files changed, 124 insertions(+), 141 deletions(-) diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 00a933292..887f45029 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -315,19 +315,19 @@ def run(["invite" | rest]) do end options = Keyword.put(options, :expire_at, expire_at) - + options = Enum.into(options, %{}) Common.start_pleroma() - with {:ok, token} <- UserInviteToken.create_token(options) do + with {:ok, invite} <- UserInviteToken.create_invite(options) do Mix.shell().info( - "Generated user invite token " <> String.replace(token.token_type, "_", " ") + "Generated user invite token " <> String.replace(invite.invite_type, "_", " ") ) url = Pleroma.Web.Router.Helpers.redirect_url( Pleroma.Web.Endpoint, :registration_page, - token.token + invite.token ) IO.puts(url) @@ -367,7 +367,9 @@ def run(["invites_list"]) do def run(["invite_revoke", token]) do Common.start_pleroma() - with {:ok, _} <- UserInviteToken.mark_as_used(token) do + invite = UserInviteToken.find_by_token!(token) + + with {:ok, _} <- UserInviteToken.update_invite(invite, %{used: true}) do Mix.shell().info("Invite for token #{token} was revoked.") else _ -> Mix.shell().error("No invite found with token #{token}") diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index 3ed39ddd3..4efdbdc32 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -17,106 +17,101 @@ defmodule Pleroma.UserInviteToken do field(:used, :boolean, default: false) field(:max_use, :integer) field(:expire_at, :date) - field(:uses, :integer) - field(:token_type) + field(:uses, :integer, default: 0) + field(:invite_type, :string) timestamps() end - def create_token(options \\ []) do - token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() - - max_use = options[:max_use] - expire_at = options[:expire_at] - - token = - %UserInviteToken{ - used: false, - token: token, - max_use: max_use, - expire_at: expire_at, - uses: 0 - } - |> token_type() - - Repo.insert(token) + @spec create_invite(map()) :: UserInviteToken.t() + def create_invite(params \\ %{}) do + %UserInviteToken{} + |> cast(params, ~w(max_use expire_at)a) + |> add_token() + |> assign_type() + |> Repo.insert() end + defp add_token(changeset) do + token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() + put_change(changeset, :token, token) + end + + defp assign_type(%{changes: %{max_use: _max_use, expire_at: _expire_at}} = changeset) do + put_change(changeset, :invite_type, "reusable_date_limited") + end + + defp assign_type(%{changes: %{expire_at: _expire_at}} = changeset) do + put_change(changeset, :invite_type, "date_limited") + end + + defp assign_type(%{changes: %{max_use: _max_use}} = changeset) do + put_change(changeset, :invite_type, "reusable") + end + + defp assign_type(changeset), do: put_change(changeset, :invite_type, "one_time") + + @spec list_invites() :: [UserInviteToken.t()] def list_invites do query = from(u in UserInviteToken, order_by: u.id) Repo.all(query) end - def used_changeset(struct) do - struct - |> cast(%{}, []) - |> put_change(:used, true) + @spec update_invite!(UserInviteToken.t(), map()) :: UserInviteToken.t() | no_return() + def update_invite!(invite, changes) do + change(invite, changes) |> Repo.update!() end - @spec mark_as_used(token()) :: {:ok, UserInviteToken.t()} | {:error, token()} - def mark_as_used(token) do - with %{used: false} = token <- Repo.get_by(UserInviteToken, %{token: token}), - {:ok, token} <- Repo.update(used_changeset(token)) do - {:ok, token} - else - _e -> {:error, token} - end + @spec update_invite(UserInviteToken.t(), map()) :: + {:ok, UserInviteToken.t()} | {:error, Changeset.t()} + def update_invite(invite, changes) do + change(invite, changes) |> Repo.update() end - defp token_type(%{expire_at: nil, max_use: nil} = token), do: %{token | token_type: "one_time"} + @spec find_by_token!(token()) :: UserInviteToken.t() | no_return() + def find_by_token!(token), do: Repo.get_by!(UserInviteToken, token: token) - defp token_type(%{expire_at: _expire_at, max_use: nil} = token), - do: %{token | token_type: "date_limited"} - - defp token_type(%{expire_at: nil, max_use: _max_use} = token), - do: %{token | token_type: "reusable"} - - defp token_type(%{expire_at: _expire_at, max_use: _max_use} = token), - do: %{token | token_type: "reusable_date_limited"} - - @spec valid_token?(UserInviteToken.t()) :: boolean() - def valid_token?(%{token_type: "one_time"} = token) do - not token.used + @spec valid_invite?(UserInviteToken.t()) :: boolean() + def valid_invite?(%{invite_type: "one_time"} = invite) do + not invite.used end - def valid_token?(%{token_type: "date_limited"} = token) do - not_overdue_date?(token) and not token.used + def valid_invite?(%{invite_type: "date_limited"} = invite) do + not_overdue_date?(invite) and not invite.used end - def valid_token?(%{token_type: "reusable"} = token) do - token.uses < token.max_use and not token.used + def valid_invite?(%{invite_type: "reusable"} = invite) do + invite.uses < invite.max_use and not invite.used end - def valid_token?(%{token_type: "reusable_date_limited"} = token) do - not_overdue_date?(token) and token.uses < token.max_use and not token.used + def valid_invite?(%{invite_type: "reusable_date_limited"} = invite) do + not_overdue_date?(invite) and invite.uses < invite.max_use and not invite.used end - defp not_overdue_date?(%{expire_at: expire_at} = token) do + defp not_overdue_date?(%{expire_at: expire_at} = invite) do Date.compare(Date.utc_today(), expire_at) in [:lt, :eq] || - (Repo.update!(change(token, used: true)) && false) + (update_invite!(invite, %{used: true}) && false) end - def update_usage(%{token_type: "date_limited"}), do: nil + @spec update_usage!(UserInviteToken.t()) :: nil | UserInviteToken.t() | no_return() + def update_usage!(%{invite_type: "date_limited"}), do: nil - def update_usage(%{token_type: "one_time"} = token) do - UserInviteToken.mark_as_used(token.token) - end - - def update_usage(%{token_type: token_type} = token) - when token_type == "reusable" or token_type == "reusable_date_limited" do - new_uses = token.uses + 1 + def update_usage!(%{invite_type: "one_time"} = invite), + do: update_invite!(invite, %{used: true}) + def update_usage!(%{invite_type: invite_type} = invite) + when invite_type == "reusable" or invite_type == "reusable_date_limited" do changes = %{ - uses: new_uses + uses: invite.uses + 1 } changes = - if new_uses >= token.max_use do + if changes.uses >= invite.max_use do Map.put(changes, :used, true) else changes end - change(token, changes) |> Repo.update!() + update_invite!(invite, changes) end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index a578fbbf4..402fd195f 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -129,7 +129,7 @@ def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do end def register_user(params) do - token_string = params["token"] + token = params["token"] params = %{ nickname: params["nickname"], @@ -163,29 +163,29 @@ def register_user(params) do {:error, %{error: Jason.encode!(%{captcha: [error]})}} else registrations_open = Pleroma.Config.get([:instance, :registrations_open]) - registration_process(registrations_open, params, token_string) + registration_process(registrations_open, params, token) end end - defp registration_process(_registration_open = true, params, _token_string) do + defp registration_process(_registration_open = true, params, _token) do create_user(params) end - defp registration_process(registration_open, params, token_string) + defp registration_process(registration_open, params, token) when registration_open == false or is_nil(registration_open) do - token = - unless is_nil(token_string) do - Repo.get_by(UserInviteToken, %{token: token_string}) + invite = + unless is_nil(token) do + Repo.get_by(UserInviteToken, %{token: token}) end - valid_token? = token && UserInviteToken.valid_token?(token) + valid_invite? = invite && UserInviteToken.valid_invite?(invite) - case token do + case invite do nil -> {:error, "Invalid token"} - token when valid_token? -> - UserInviteToken.update_usage(token) + invite when valid_invite? -> + UserInviteToken.update_usage!(invite) create_user(params) _ -> diff --git a/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs b/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs index abdd5e277..46fa1cb32 100644 --- a/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs +++ b/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs @@ -6,7 +6,7 @@ def change do add(:expire_at, :date) add(:uses, :integer, default: 0) add(:max_use, :integer) - add(:token_type, :string, default: "one_time") + add(:invite_type, :string, default: "one_time") end end end diff --git a/test/tasks/user_test.exs b/test/tasks/user_test.exs index c55711b04..c9e5dd625 100644 --- a/test/tasks/user_test.exs +++ b/test/tasks/user_test.exs @@ -292,10 +292,10 @@ test "token is generated with max use and expire date" do describe "running invites_list" do test "invites are listed" do - {:ok, invite} = Pleroma.UserInviteToken.create_token() + {:ok, invite} = Pleroma.UserInviteToken.create_invite() {:ok, invite2} = - Pleroma.UserInviteToken.create_token(expire_at: Date.utc_today(), max_use: 15) + Pleroma.UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 15}) assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ @@ -314,7 +314,7 @@ test "invites are listed" do describe "running invite revoke" do test "invite is revoked" do - {:ok, invite} = Pleroma.UserInviteToken.create_token(expire_at: Date.utc_today()) + {:ok, invite} = Pleroma.UserInviteToken.create_invite(%{expire_at: Date.utc_today()}) assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 716fccfb2..519141c96 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -370,7 +370,7 @@ test "it registers a new user and parses mentions in the bio" do end test "returns user on success" do - {:ok, token} = UserInviteToken.create_token() + {:ok, invite} = UserInviteToken.create_invite() data = %{ "nickname" => "vinny", @@ -379,15 +379,15 @@ test "returns user on success" do "bio" => "streamer", "password" => "hiptofbees", "confirm" => "hiptofbees", - "token" => token.token + "token" => invite.token } {:ok, user} = TwitterAPI.register_user(data) fetched_user = User.get_by_nickname("vinny") - token = Repo.get_by(UserInviteToken, token: token.token) + invite = Repo.get_by(UserInviteToken, token: invite.token) - assert token.used == true + assert invite.used == true assert UserView.render("show.json", %{user: user}) == UserView.render("show.json", %{user: fetched_user}) @@ -411,8 +411,8 @@ test "returns error on invalid token" do end test "returns error on expired token" do - {:ok, token} = UserInviteToken.create_token() - UserInviteToken.mark_as_used(token.token) + {:ok, invite} = UserInviteToken.create_invite() + UserInviteToken.update_invite!(invite, used: true) data = %{ "nickname" => "GrimReaper", @@ -421,7 +421,7 @@ test "returns error on expired token" do "bio" => "Your time has come", "password" => "scythe", "confirm" => "scythe", - "token" => token.token + "token" => invite.token } {:error, msg} = TwitterAPI.register_user(data) @@ -449,8 +449,8 @@ test "returns error on expired token" do "confirm" => "hiptofbees" } - check_fn = fn token -> - data = Map.put(data, "token", token.token) + check_fn = fn invite -> + data = Map.put(data, "token", invite.token) {:ok, user} = TwitterAPI.register_user(data) fetched_user = User.get_by_nickname("vinny") @@ -462,37 +462,37 @@ test "returns error on expired token" do end test "returns user on success", %{check_fn: check_fn} do - {:ok, token} = UserInviteToken.create_token(expire_at: Date.utc_today()) + {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.utc_today()}) - check_fn.(token) + check_fn.(invite) - token = Repo.get_by(UserInviteToken, token: token.token) + invite = Repo.get_by(UserInviteToken, token: invite.token) - refute token.used + refute invite.used end test "returns user on token which expired tomorrow", %{check_fn: check_fn} do - {:ok, token} = UserInviteToken.create_token(expire_at: Date.add(Date.utc_today(), 1)) + {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), 1)}) - check_fn.(token) + check_fn.(invite) - token = Repo.get_by(UserInviteToken, token: token.token) + invite = Repo.get_by(UserInviteToken, token: invite.token) - refute token.used + refute invite.used end test "returns an error on overdue date", %{data: data} do - {:ok, token} = UserInviteToken.create_token(expire_at: Date.add(Date.utc_today(), -1)) + {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), -1)}) - data = Map.put(data, "token", token.token) + data = Map.put(data, "token", invite.token) {:error, msg} = TwitterAPI.register_user(data) assert msg == "Expired token" refute User.get_by_nickname("vinny") - token = Repo.get_by(UserInviteToken, token: token.token) + invite = Repo.get_by(UserInviteToken, token: invite.token) - assert token.used == true + assert invite.used == true end end @@ -509,9 +509,9 @@ test "returns an error on overdue date", %{data: data} do end test "returns user on success, after him registration fails" do - {:ok, token} = UserInviteToken.create_token(max_use: 100) + {:ok, invite} = UserInviteToken.create_invite(%{max_use: 100}) - Ecto.Changeset.change(token, uses: 99) |> Repo.update!() + UserInviteToken.update_invite!(invite, uses: 99) data = %{ "nickname" => "vinny", @@ -520,14 +520,14 @@ test "returns user on success, after him registration fails" do "bio" => "streamer", "password" => "hiptofbees", "confirm" => "hiptofbees", - "token" => token.token + "token" => invite.token } {:ok, user} = TwitterAPI.register_user(data) fetched_user = User.get_by_nickname("vinny") - token = Repo.get_by(UserInviteToken, token: token.token) + invite = Repo.get_by(UserInviteToken, token: invite.token) - assert token.used == true + assert invite.used == true assert UserView.render("show.json", %{user: user}) == UserView.render("show.json", %{user: fetched_user}) @@ -539,7 +539,7 @@ test "returns user on success, after him registration fails" do "bio" => "Your time has come", "password" => "scythe", "confirm" => "scythe", - "token" => token.token + "token" => invite.token } {:error, msg} = TwitterAPI.register_user(data) @@ -562,11 +562,7 @@ test "returns user on success, after him registration fails" do end test "returns user on success" do - {:ok, token} = - UserInviteToken.create_token( - expire_at: Date.utc_today(), - max_use: 100 - ) + {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 100}) data = %{ "nickname" => "vinny", @@ -575,27 +571,23 @@ test "returns user on success" do "bio" => "streamer", "password" => "hiptofbees", "confirm" => "hiptofbees", - "token" => token.token + "token" => invite.token } {:ok, user} = TwitterAPI.register_user(data) fetched_user = User.get_by_nickname("vinny") - token = Repo.get_by(UserInviteToken, token: token.token) + invite = Repo.get_by(UserInviteToken, token: invite.token) - refute token.used + refute invite.used assert UserView.render("show.json", %{user: user}) == UserView.render("show.json", %{user: fetched_user}) end test "error after max uses" do - {:ok, token} = - UserInviteToken.create_token( - expire_at: Date.utc_today(), - max_use: 100 - ) + {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 100}) - Ecto.Changeset.change(token, uses: 99) |> Repo.update!() + UserInviteToken.update_invite!(invite, uses: 99) data = %{ "nickname" => "vinny", @@ -604,13 +596,13 @@ test "error after max uses" do "bio" => "streamer", "password" => "hiptofbees", "confirm" => "hiptofbees", - "token" => token.token + "token" => invite.token } {:ok, user} = TwitterAPI.register_user(data) fetched_user = User.get_by_nickname("vinny") - token = Repo.get_by(UserInviteToken, token: token.token) - assert token.used == true + invite = Repo.get_by(UserInviteToken, token: invite.token) + assert invite.used == true assert UserView.render("show.json", %{user: user}) == UserView.render("show.json", %{user: fetched_user}) @@ -622,7 +614,7 @@ test "error after max uses" do "bio" => "Your time has come", "password" => "scythe", "confirm" => "scythe", - "token" => token.token + "token" => invite.token } {:error, msg} = TwitterAPI.register_user(data) @@ -632,11 +624,8 @@ test "error after max uses" do end test "returns error on overdue date" do - {:ok, token} = - UserInviteToken.create_token( - expire_at: Date.add(Date.utc_today(), -1), - max_use: 100 - ) + {:ok, invite} = + UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), -1), max_use: 100}) data = %{ "nickname" => "GrimReaper", @@ -645,7 +634,7 @@ test "returns error on overdue date" do "bio" => "Your time has come", "password" => "scythe", "confirm" => "scythe", - "token" => token.token + "token" => invite.token } {:error, msg} = TwitterAPI.register_user(data) @@ -655,13 +644,10 @@ test "returns error on overdue date" do end test "returns error on with overdue date and after max" do - {:ok, token} = - UserInviteToken.create_token( - expire_at: Date.add(Date.utc_today(), -1), - max_use: 100 - ) + {:ok, invite} = + UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), -1), max_use: 100}) - Ecto.Changeset.change(token, uses: 100) |> Repo.update!() + UserInviteToken.update_invite!(invite, uses: 100) data = %{ "nickname" => "GrimReaper", @@ -670,7 +656,7 @@ test "returns error on with overdue date and after max" do "bio" => "Your time has come", "password" => "scythe", "confirm" => "scythe", - "token" => token.token + "token" => invite.token } {:error, msg} = TwitterAPI.register_user(data) From dcc54f8cfab2c3d278ea3f3eb54d866c8436703a Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 20:25:19 +0700 Subject: [PATCH 04/13] admin api endpoints for invites --- .../web/admin_api/admin_api_controller.ex | 28 ++- .../web/admin_api/views/account_view.ex | 18 ++ lib/pleroma/web/router.ex | 2 + .../admin_api/admin_api_controller_test.exs | 163 ++++++++++++++++-- 4 files changed, 191 insertions(+), 20 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 78bf31893..8b74efdd3 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -9,6 +9,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.AccountView alias Pleroma.Web.AdminAPI.Search + alias Pleroma.UserInviteToken + import Pleroma.Web.ControllerHelper, only: [json_response: 3] require Logger @@ -235,7 +237,7 @@ def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) with true <- Pleroma.Config.get([:instance, :invites_enabled]) && !Pleroma.Config.get([:instance, :registrations_open]), - {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(), + {:ok, invite_token} <- UserInviteToken.create_invite(), email <- Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]), {:ok, _} <- Pleroma.Mailer.deliver(email) do @@ -244,11 +246,29 @@ def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) end @doc "Get a account registeration invite token (base64 string)" - def get_invite_token(conn, _params) do - {:ok, token} = Pleroma.UserInviteToken.create_token() + def get_invite_token(conn, params) do + options = params["invite"] || %{} + {:ok, invite} = UserInviteToken.create_invite(options) conn - |> json(token.token) + |> json(invite.token) + end + + @doc "Get list of created invites" + def invites_list(conn, _params) do + invites = UserInviteToken.list_invites() + + conn + |> json(AccountView.render("invites.json", %{invites: invites})) + end + + @doc "Revokes invite by token" + def invite_revoke(conn, %{"token" => token}) do + invite = UserInviteToken.find_by_token!(token) + {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true}) + + conn + |> json(AccountView.render("invite.json", %{invite: updated_invite})) end @doc "Get a password reset token (base64 string) for given nickname" diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index 4d6f921ef..fd7917500 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -26,4 +26,22 @@ def render("show.json", %{user: user}) do "tags" => user.tags || [] } end + + def render("invite.json", %{invite: invite}) do + %{ + "id" => invite.id, + "token" => invite.token, + "used" => invite.used, + "expire_at" => invite.expire_at, + "uses" => invite.uses, + "max_use" => invite.max_use, + "invite_type" => invite.invite_type + } + end + + def render("invites.json", %{invites: invites}) do + %{ + invites: render_many(invites, AccountView, "invite.json", as: :invite) + } + end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1c752e44c..f628baa44 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -163,6 +163,8 @@ defmodule Pleroma.Web.Router do delete("/relay", AdminAPIController, :relay_unfollow) get("/invite_token", AdminAPIController, :get_invite_token) + get("/invites_list", AdminAPIController, :invites_list) + post("/invite_revoke", AdminAPIController, :invite_revoke) post("/email_invite", AdminAPIController, :email_invite) get("/password_reset", AdminAPIController, :get_password_reset) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index dd2fbfb15..ae287a953 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do use Pleroma.Web.ConnCase alias Pleroma.User + alias Pleroma.UserInviteToken import Pleroma.Factory describe "/api/pleroma/admin/user" do @@ -80,14 +81,13 @@ test "allows to force-follow another user" do user = insert(:user) follower = insert(:user) - conn = - build_conn() - |> assign(:user, admin) - |> put_req_header("accept", "application/json") - |> post("/api/pleroma/admin/user/follow", %{ - "follower" => follower.nickname, - "followed" => user.nickname - }) + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user/follow", %{ + "follower" => follower.nickname, + "followed" => user.nickname + }) user = User.get_by_id(user.id) follower = User.get_by_id(follower.id) @@ -104,14 +104,13 @@ test "allows to force-unfollow another user" do User.follow(follower, user) - conn = - build_conn() - |> assign(:user, admin) - |> put_req_header("accept", "application/json") - |> post("/api/pleroma/admin/user/unfollow", %{ - "follower" => follower.nickname, - "followed" => user.nickname - }) + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user/unfollow", %{ + "follower" => follower.nickname, + "followed" => user.nickname + }) user = User.get_by_id(user.id) follower = User.get_by_id(follower.id) @@ -642,4 +641,136 @@ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do "tags" => [] } end + + describe "GET /api/pleroma/admin/invite_token" do + test "without options" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token") + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + refute invite.used + refute invite.expire_at + refute invite.max_use + assert invite.invite_type == "one_time" + end + + test "with expire_at" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token", %{ + "invite" => %{"expire_at" => Date.to_string(Date.utc_today())} + }) + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + + refute invite.used + assert invite.expire_at == Date.utc_today() + refute invite.max_use + assert invite.invite_type == "date_limited" + end + + test "with max_use" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token", %{ + "invite" => %{"max_use" => 150} + }) + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + refute invite.used + refute invite.expire_at + assert invite.max_use == 150 + assert invite.invite_type == "reusable" + end + + test "with max use and expire_at" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token", %{ + "invite" => %{"max_use" => 150, "expire_at" => Date.to_string(Date.utc_today())} + }) + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + refute invite.used + assert invite.expire_at == Date.utc_today() + assert invite.max_use == 150 + assert invite.invite_type == "reusable_date_limited" + end + end + + describe "GET /api/pleroma/admin/invites_list" do + test "no invites" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invites_list") + + assert json_response(conn, 200) == %{"invites" => []} + end + + test "with invite" do + admin = insert(:user, info: %{is_admin: true}) + {:ok, invite} = UserInviteToken.create_invite() + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invites_list") + + assert json_response(conn, 200) == %{ + "invites" => [ + %{ + "expire_at" => nil, + "id" => invite.id, + "invite_type" => "one_time", + "max_use" => nil, + "token" => invite.token, + "used" => false, + "uses" => 0 + } + ] + } + end + end + + describe "POST /api/pleroma/admin/invite_revoke" do + test "with token" do + admin = insert(:user, info: %{is_admin: true}) + {:ok, invite} = UserInviteToken.create_invite() + + conn = + build_conn() + |> assign(:user, admin) + |> post("/api/pleroma/admin/invite_revoke", %{"token" => invite.token}) + + assert json_response(conn, 200) == %{ + "expire_at" => nil, + "id" => invite.id, + "invite_type" => "one_time", + "max_use" => nil, + "token" => invite.token, + "used" => true, + "uses" => 0 + } + end + end end From a53d591ac5bc8f19965f1edc71836e42bab3e393 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 20:47:05 +0700 Subject: [PATCH 05/13] code style --- lib/pleroma/web/twitter_api/twitter_api.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 402fd195f..9e9a46cf1 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -167,10 +167,6 @@ def register_user(params) do end end - defp registration_process(_registration_open = true, params, _token) do - create_user(params) - end - defp registration_process(registration_open, params, token) when registration_open == false or is_nil(registration_open) do invite = @@ -193,6 +189,10 @@ defp registration_process(registration_open, params, token) end end + defp registration_process(true, params, _token) do + create_user(params) + end + defp create_user(params) do changeset = User.register_changeset(%User{}, params) From 76d8928cf1bf9759d4eb24351eedd0d5f46c3df2 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 20:49:43 +0700 Subject: [PATCH 06/13] fix for field name --- test/tasks/user_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tasks/user_test.exs b/test/tasks/user_test.exs index c9e5dd625..bde8f421c 100644 --- a/test/tasks/user_test.exs +++ b/test/tasks/user_test.exs @@ -307,8 +307,8 @@ test "invites are listed" do assert_received {:mix_shell, :info, [message2]} assert_received {:mix_shell, :info, [message3]} assert message =~ "Invites list:" - assert message2 =~ invite.token_type - assert message3 =~ invite2.token_type + assert message2 =~ invite.invite_type + assert message3 =~ invite2.invite_type end end From ce8d45713287d8f1c413699385950f295085ee77 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 22:38:35 +0700 Subject: [PATCH 07/13] little channges --- lib/mix/tasks/pleroma/user.ex | 58 ++++++++++++++++---------------- lib/pleroma/user_invite_token.ex | 7 ++++ test/tasks/user_test.exs | 21 ++++++------ 3 files changed, 47 insertions(+), 39 deletions(-) diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 887f45029..80b07d1ac 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -30,16 +30,16 @@ defmodule Mix.Tasks.Pleroma.User do mix pleroma.user invite [OPTION...] Options: - - `--expire_date DATE` - last day on which token is active (e.g. "2019-04-05") - - `--max_use NUMBER` - maximum numbers of token use + - `--expire_at DATE` - last day on which token is active (e.g. "2019-04-05") + - `--max_use NUMBER` - maximum numbers of token uses - ## Generated invites list + ## List generated invites - mix pleroma.user invites_list + mix pleroma.user invites ## Revoke invite - mix pleroma.user invite_revoke TOKEN OR TOKEN_ID + mix pleroma.user revoke_invite TOKEN OR TOKEN_ID ## Delete the user's account. @@ -304,21 +304,24 @@ def run(["invite" | rest]) do {options, [], []} = OptionParser.parse(rest, strict: [ - expire_date: :string, + expire_at: :string, max_use: :integer ] ) - expire_at = - with expire_date when expire_date != nil <- Keyword.get(options, :expire_date) do - Date.from_iso8601!(expire_date) - end + options = + options + |> Keyword.update(:expire_at, {:ok, nil}, fn + nil -> {:ok, nil} + val -> Date.from_iso8601(val) + end) + |> Enum.into(%{}) - options = Keyword.put(options, :expire_at, expire_at) - options = Enum.into(options, %{}) Common.start_pleroma() - with {:ok, invite} <- UserInviteToken.create_invite(options) do + with {:ok, val} <- options[:expire_at], + options = Map.put(options, :expire_at, val), + {:ok, invite} <- UserInviteToken.create_invite(options) do Mix.shell().info( "Generated user invite token " <> String.replace(invite.invite_type, "_", " ") ) @@ -332,44 +335,41 @@ def run(["invite" | rest]) do IO.puts(url) else - _ -> - Mix.shell().error("Could not create invite token.") + error -> + Mix.shell().error("Could not create invite token: #{inspect(error)}") end end - def run(["invites_list"]) do + def run(["invites"]) do Common.start_pleroma() Mix.shell().info("Invites list:") UserInviteToken.list_invites() |> Enum.each(fn invite -> - expire_date = - case invite.expire_at do - nil -> nil - date -> " | Expire date: #{Date.to_string(date)}" + expire_info = + with expire_at when not is_nil(expire_at) <- invite.expire_at do + " | Expire at: #{Date.to_string(expire_at)}" end using_info = - case invite.max_use do - nil -> nil - max_use -> " | Max use: #{max_use} Left use: #{max_use - invite.uses}" + with max_use when not is_nil(max_use) <- invite.max_use do + " | Max use: #{max_use} Left use: #{max_use - invite.uses}" end Mix.shell().info( - "ID: #{invite.id} | Token: #{invite.token} | Token type: #{invite.token_type} | Used: #{ + "ID: #{invite.id} | Token: #{invite.token} | Token type: #{invite.invite_type} | Used: #{ invite.used - }#{expire_date}#{using_info}" + }#{expire_info}#{using_info}" ) end) end - def run(["invite_revoke", token]) do + def run(["revoke_invite", token]) do Common.start_pleroma() - invite = UserInviteToken.find_by_token!(token) - - with {:ok, _} <- UserInviteToken.update_invite(invite, %{used: true}) do + with {:ok, invite} <- UserInviteToken.find_by_token(token), + {:ok, _} <- UserInviteToken.update_invite(invite, %{used: true}) do Mix.shell().info("Invite for token #{token} was revoked.") else _ -> Mix.shell().error("No invite found with token #{token}") diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index 4efdbdc32..f08309485 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -71,6 +71,13 @@ def update_invite(invite, changes) do @spec find_by_token!(token()) :: UserInviteToken.t() | no_return() def find_by_token!(token), do: Repo.get_by!(UserInviteToken, token: token) + @spec find_by_token(token()) :: {:ok, UserInviteToken.t()} | nil + def find_by_token(token) do + with invite <- Repo.get_by(UserInviteToken, token: token) do + {:ok, invite} + end + end + @spec valid_invite?(UserInviteToken.t()) :: boolean() def valid_invite?(%{invite_type: "one_time"} = invite) do not invite.used diff --git a/test/tasks/user_test.exs b/test/tasks/user_test.exs index bde8f421c..630ac06c1 100644 --- a/test/tasks/user_test.exs +++ b/test/tasks/user_test.exs @@ -252,7 +252,7 @@ test "token is generated with expire_at" do assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ "invite", - "--expire-date", + "--expire-at", Date.to_string(Date.utc_today()) ]) end) @@ -280,7 +280,7 @@ test "token is generated with max use and expire date" do "invite", "--max-use", "5", - "--expire-date", + "--expire-at", Date.to_string(Date.utc_today()) ]) end) @@ -290,18 +290,19 @@ test "token is generated with max use and expire date" do end end - describe "running invites_list" do + describe "running invites" do test "invites are listed" do {:ok, invite} = Pleroma.UserInviteToken.create_invite() {:ok, invite2} = Pleroma.UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 15}) - assert capture_io(fn -> - Mix.Tasks.Pleroma.User.run([ - "invites_list" - ]) - end) + # assert capture_io(fn -> + Mix.Tasks.Pleroma.User.run([ + "invites" + ]) + + # end) assert_received {:mix_shell, :info, [message]} assert_received {:mix_shell, :info, [message2]} @@ -312,13 +313,13 @@ test "invites are listed" do end end - describe "running invite revoke" do + describe "running revoke_invite" do test "invite is revoked" do {:ok, invite} = Pleroma.UserInviteToken.create_invite(%{expire_at: Date.utc_today()}) assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ - "invite_revoke", + "revoke_invite", invite.token ]) end) From b810aac117563a941b50180f19bca2d96a329a0a Mon Sep 17 00:00:00 2001 From: Alex S Date: Sun, 7 Apr 2019 19:48:52 +0700 Subject: [PATCH 08/13] added docs to docs/api/admin_api.md code style and little renamings --- docs/api/admin_api.md | 59 ++++++++++++++++++- .../web/admin_api/admin_api_controller.ex | 5 +- lib/pleroma/web/router.ex | 4 +- .../admin_api/admin_api_controller_test.exs | 10 ++-- 4 files changed, 65 insertions(+), 13 deletions(-) diff --git a/docs/api/admin_api.md b/docs/api/admin_api.md index 86cacebb1..638b235b8 100644 --- a/docs/api/admin_api.md +++ b/docs/api/admin_api.md @@ -200,11 +200,64 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret ## `/api/pleroma/admin/invite_token` -### Get a account registeration invite token +### Get an account registration invite token + +- Methods: `GET` +- Params: + - *optional* `invite` => [ + - *optional* `max_use` (integer) + - *optional* `expire_at` (date string e.g. "2019-04-07") + ] +- Response: invite token (base64 string) + +## `/api/pleroma/admin/invites` + +### Get a list of generated invites - Methods: `GET` - Params: none -- Response: invite token (base64 string) +- Response: + +```JSON +{ + + "invites": [ + { + "id": integer, + "token": string, + "used": boolean, + "expire_at": date, + "uses": integer, + "max_use": integer, + "invite_type": string (possible values: `one_time`, `reusable`, `date_limited`, `reusable_date_limited`) + }, + ... + ] +} +``` + +## `/api/pleroma/admin/revoke_invite` + +### Revoke invite by token + +- Methods: `POST` +- Params: + - `token` +- Response: + +```JSON +{ + "id": integer, + "token": string, + "used": boolean, + "expire_at": date, + "uses": integer, + "max_use": integer, + "invite_type": string (possible values: `one_time`, `reusable`, `date_limited`, `reusable_date_limited`) + +} +``` + ## `/api/pleroma/admin/email_invite` @@ -213,7 +266,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - Methods: `POST` - Params: - `email` - - `name`, optionnal + - `name`, optional ## `/api/pleroma/admin/password_reset` diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 8b74efdd3..df729ee02 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -8,7 +8,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.AdminAPI.AccountView alias Pleroma.Web.AdminAPI.Search - alias Pleroma.UserInviteToken import Pleroma.Web.ControllerHelper, only: [json_response: 3] @@ -255,7 +254,7 @@ def get_invite_token(conn, params) do end @doc "Get list of created invites" - def invites_list(conn, _params) do + def invites(conn, _params) do invites = UserInviteToken.list_invites() conn @@ -263,7 +262,7 @@ def invites_list(conn, _params) do end @doc "Revokes invite by token" - def invite_revoke(conn, %{"token" => token}) do + def revoke_invite(conn, %{"token" => token}) do invite = UserInviteToken.find_by_token!(token) {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true}) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index f628baa44..b65eaf357 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -163,8 +163,8 @@ defmodule Pleroma.Web.Router do delete("/relay", AdminAPIController, :relay_unfollow) get("/invite_token", AdminAPIController, :get_invite_token) - get("/invites_list", AdminAPIController, :invites_list) - post("/invite_revoke", AdminAPIController, :invite_revoke) + get("/invites", AdminAPIController, :invites) + post("/revoke_invite", AdminAPIController, :revoke_invite) post("/email_invite", AdminAPIController, :email_invite) get("/password_reset", AdminAPIController, :get_password_reset) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index ae287a953..67ee0f3fa 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -715,14 +715,14 @@ test "with max use and expire_at" do end end - describe "GET /api/pleroma/admin/invites_list" do + describe "GET /api/pleroma/admin/invites" do test "no invites" do admin = insert(:user, info: %{is_admin: true}) conn = build_conn() |> assign(:user, admin) - |> get("/api/pleroma/admin/invites_list") + |> get("/api/pleroma/admin/invites") assert json_response(conn, 200) == %{"invites" => []} end @@ -734,7 +734,7 @@ test "with invite" do conn = build_conn() |> assign(:user, admin) - |> get("/api/pleroma/admin/invites_list") + |> get("/api/pleroma/admin/invites") assert json_response(conn, 200) == %{ "invites" => [ @@ -752,7 +752,7 @@ test "with invite" do end end - describe "POST /api/pleroma/admin/invite_revoke" do + describe "POST /api/pleroma/admin/revoke_invite" do test "with token" do admin = insert(:user, info: %{is_admin: true}) {:ok, invite} = UserInviteToken.create_invite() @@ -760,7 +760,7 @@ test "with token" do conn = build_conn() |> assign(:user, admin) - |> post("/api/pleroma/admin/invite_revoke", %{"token" => invite.token}) + |> post("/api/pleroma/admin/revoke_invite", %{"token" => invite.token}) assert json_response(conn, 200) == %{ "expire_at" => nil, From 56c75aec123bc22bd0be94cef627beec324bff15 Mon Sep 17 00:00:00 2001 From: Alex S Date: Sun, 7 Apr 2019 20:59:53 +0700 Subject: [PATCH 09/13] credo fix --- lib/pleroma/web/admin_api/admin_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index df729ee02..70a5b5c5d 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -5,10 +5,10 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller alias Pleroma.User + alias Pleroma.UserInviteToken alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.AdminAPI.AccountView alias Pleroma.Web.AdminAPI.Search - alias Pleroma.UserInviteToken import Pleroma.Web.ControllerHelper, only: [json_response: 3] From 012bb5dcc9bfbf6f3ea210ec4e865f3adcea9dfd Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 8 Apr 2019 16:01:28 +0700 Subject: [PATCH 10/13] renaming expire_at -> expires_at keyword style change --- docs/api/admin_api.md | 6 +++--- lib/mix/tasks/pleroma/user.ex | 14 ++++++------- lib/pleroma/user_invite_token.ex | 12 +++++------ .../web/admin_api/views/account_view.ex | 2 +- ...50946_add_fields_to_user_invite_tokens.exs | 2 +- test/tasks/user_test.exs | 12 +++++------ .../admin_api/admin_api_controller_test.exs | 20 +++++++++---------- test/web/twitter_api/twitter_api_test.exs | 14 ++++++------- 8 files changed, 41 insertions(+), 41 deletions(-) diff --git a/docs/api/admin_api.md b/docs/api/admin_api.md index 638b235b8..8befa8ea0 100644 --- a/docs/api/admin_api.md +++ b/docs/api/admin_api.md @@ -206,7 +206,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - Params: - *optional* `invite` => [ - *optional* `max_use` (integer) - - *optional* `expire_at` (date string e.g. "2019-04-07") + - *optional* `expires_at` (date string e.g. "2019-04-07") ] - Response: invite token (base64 string) @@ -226,7 +226,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret "id": integer, "token": string, "used": boolean, - "expire_at": date, + "expires_at": date, "uses": integer, "max_use": integer, "invite_type": string (possible values: `one_time`, `reusable`, `date_limited`, `reusable_date_limited`) @@ -250,7 +250,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret "id": integer, "token": string, "used": boolean, - "expire_at": date, + "expires_at": date, "uses": integer, "max_use": integer, "invite_type": string (possible values: `one_time`, `reusable`, `date_limited`, `reusable_date_limited`) diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 80b07d1ac..441168df2 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -30,7 +30,7 @@ defmodule Mix.Tasks.Pleroma.User do mix pleroma.user invite [OPTION...] Options: - - `--expire_at DATE` - last day on which token is active (e.g. "2019-04-05") + - `--expires_at DATE` - last day on which token is active (e.g. "2019-04-05") - `--max_use NUMBER` - maximum numbers of token uses ## List generated invites @@ -304,14 +304,14 @@ def run(["invite" | rest]) do {options, [], []} = OptionParser.parse(rest, strict: [ - expire_at: :string, + expires_at: :string, max_use: :integer ] ) options = options - |> Keyword.update(:expire_at, {:ok, nil}, fn + |> Keyword.update(:expires_at, {:ok, nil}, fn nil -> {:ok, nil} val -> Date.from_iso8601(val) end) @@ -319,8 +319,8 @@ def run(["invite" | rest]) do Common.start_pleroma() - with {:ok, val} <- options[:expire_at], - options = Map.put(options, :expire_at, val), + with {:ok, val} <- options[:expires_at], + options = Map.put(options, :expires_at, val), {:ok, invite} <- UserInviteToken.create_invite(options) do Mix.shell().info( "Generated user invite token " <> String.replace(invite.invite_type, "_", " ") @@ -348,8 +348,8 @@ def run(["invites"]) do UserInviteToken.list_invites() |> Enum.each(fn invite -> expire_info = - with expire_at when not is_nil(expire_at) <- invite.expire_at do - " | Expire at: #{Date.to_string(expire_at)}" + with expires_at when not is_nil(expires_at) <- invite.expires_at do + " | Expires at: #{Date.to_string(expires_at)}" end using_info = diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index f08309485..11f1dcb16 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -16,7 +16,7 @@ defmodule Pleroma.UserInviteToken do field(:token, :string) field(:used, :boolean, default: false) field(:max_use, :integer) - field(:expire_at, :date) + field(:expires_at, :date) field(:uses, :integer, default: 0) field(:invite_type, :string) @@ -26,7 +26,7 @@ defmodule Pleroma.UserInviteToken do @spec create_invite(map()) :: UserInviteToken.t() def create_invite(params \\ %{}) do %UserInviteToken{} - |> cast(params, ~w(max_use expire_at)a) + |> cast(params, [:max_use, :expires_at]) |> add_token() |> assign_type() |> Repo.insert() @@ -37,11 +37,11 @@ defp add_token(changeset) do put_change(changeset, :token, token) end - defp assign_type(%{changes: %{max_use: _max_use, expire_at: _expire_at}} = changeset) do + defp assign_type(%{changes: %{max_use: _max_use, expires_at: _expires_at}} = changeset) do put_change(changeset, :invite_type, "reusable_date_limited") end - defp assign_type(%{changes: %{expire_at: _expire_at}} = changeset) do + defp assign_type(%{changes: %{expires_at: _expires_at}} = changeset) do put_change(changeset, :invite_type, "date_limited") end @@ -95,8 +95,8 @@ def valid_invite?(%{invite_type: "reusable_date_limited"} = invite) do not_overdue_date?(invite) and invite.uses < invite.max_use and not invite.used end - defp not_overdue_date?(%{expire_at: expire_at} = invite) do - Date.compare(Date.utc_today(), expire_at) in [:lt, :eq] || + defp not_overdue_date?(%{expires_at: expires_at} = invite) do + Date.compare(Date.utc_today(), expires_at) in [:lt, :eq] || (update_invite!(invite, %{used: true}) && false) end diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index fd7917500..28bb667d8 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -32,7 +32,7 @@ def render("invite.json", %{invite: invite}) do "id" => invite.id, "token" => invite.token, "used" => invite.used, - "expire_at" => invite.expire_at, + "expires_at" => invite.expires_at, "uses" => invite.uses, "max_use" => invite.max_use, "invite_type" => invite.invite_type diff --git a/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs b/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs index 46fa1cb32..211a14135 100644 --- a/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs +++ b/priv/repo/migrations/20190404050946_add_fields_to_user_invite_tokens.exs @@ -3,7 +3,7 @@ defmodule Pleroma.Repo.Migrations.AddFieldsToUserInviteTokens do def change do alter table(:user_invite_tokens) do - add(:expire_at, :date) + add(:expires_at, :date) add(:uses, :integer, default: 0) add(:max_use, :integer) add(:invite_type, :string, default: "one_time") diff --git a/test/tasks/user_test.exs b/test/tasks/user_test.exs index 630ac06c1..242265da5 100644 --- a/test/tasks/user_test.exs +++ b/test/tasks/user_test.exs @@ -248,11 +248,11 @@ test "invite token is generated" do assert message =~ "Generated user invite token one time" end - test "token is generated with expire_at" do + test "token is generated with expires_at" do assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ "invite", - "--expire-at", + "--expires-at", Date.to_string(Date.utc_today()) ]) end) @@ -274,13 +274,13 @@ test "token is generated with max use" do assert message =~ "Generated user invite token reusable" end - test "token is generated with max use and expire date" do + test "token is generated with max use and expires date" do assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ "invite", "--max-use", "5", - "--expire-at", + "--expires-at", Date.to_string(Date.utc_today()) ]) end) @@ -295,7 +295,7 @@ test "invites are listed" do {:ok, invite} = Pleroma.UserInviteToken.create_invite() {:ok, invite2} = - Pleroma.UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 15}) + Pleroma.UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 15}) # assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ @@ -315,7 +315,7 @@ test "invites are listed" do describe "running revoke_invite" do test "invite is revoked" do - {:ok, invite} = Pleroma.UserInviteToken.create_invite(%{expire_at: Date.utc_today()}) + {:ok, invite} = Pleroma.UserInviteToken.create_invite(%{expires_at: Date.utc_today()}) assert capture_io(fn -> Mix.Tasks.Pleroma.User.run([ diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 67ee0f3fa..d44392c9d 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -654,26 +654,26 @@ test "without options" do token = json_response(conn, 200) invite = UserInviteToken.find_by_token!(token) refute invite.used - refute invite.expire_at + refute invite.expires_at refute invite.max_use assert invite.invite_type == "one_time" end - test "with expire_at" do + test "with expires_at" do admin = insert(:user, info: %{is_admin: true}) conn = build_conn() |> assign(:user, admin) |> get("/api/pleroma/admin/invite_token", %{ - "invite" => %{"expire_at" => Date.to_string(Date.utc_today())} + "invite" => %{"expires_at" => Date.to_string(Date.utc_today())} }) token = json_response(conn, 200) invite = UserInviteToken.find_by_token!(token) refute invite.used - assert invite.expire_at == Date.utc_today() + assert invite.expires_at == Date.utc_today() refute invite.max_use assert invite.invite_type == "date_limited" end @@ -691,25 +691,25 @@ test "with max_use" do token = json_response(conn, 200) invite = UserInviteToken.find_by_token!(token) refute invite.used - refute invite.expire_at + refute invite.expires_at assert invite.max_use == 150 assert invite.invite_type == "reusable" end - test "with max use and expire_at" do + test "with max use and expires_at" do admin = insert(:user, info: %{is_admin: true}) conn = build_conn() |> assign(:user, admin) |> get("/api/pleroma/admin/invite_token", %{ - "invite" => %{"max_use" => 150, "expire_at" => Date.to_string(Date.utc_today())} + "invite" => %{"max_use" => 150, "expires_at" => Date.to_string(Date.utc_today())} }) token = json_response(conn, 200) invite = UserInviteToken.find_by_token!(token) refute invite.used - assert invite.expire_at == Date.utc_today() + assert invite.expires_at == Date.utc_today() assert invite.max_use == 150 assert invite.invite_type == "reusable_date_limited" end @@ -739,7 +739,7 @@ test "with invite" do assert json_response(conn, 200) == %{ "invites" => [ %{ - "expire_at" => nil, + "expires_at" => nil, "id" => invite.id, "invite_type" => "one_time", "max_use" => nil, @@ -763,7 +763,7 @@ test "with token" do |> post("/api/pleroma/admin/revoke_invite", %{"token" => invite.token}) assert json_response(conn, 200) == %{ - "expire_at" => nil, + "expires_at" => nil, "id" => invite.id, "invite_type" => "one_time", "max_use" => nil, diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 519141c96..798a009fe 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -462,7 +462,7 @@ test "returns error on expired token" do end test "returns user on success", %{check_fn: check_fn} do - {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.utc_today()}) + {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today()}) check_fn.(invite) @@ -472,7 +472,7 @@ test "returns user on success", %{check_fn: check_fn} do end test "returns user on token which expired tomorrow", %{check_fn: check_fn} do - {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), 1)}) + {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), 1)}) check_fn.(invite) @@ -482,7 +482,7 @@ test "returns user on token which expired tomorrow", %{check_fn: check_fn} do end test "returns an error on overdue date", %{data: data} do - {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), -1)}) + {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1)}) data = Map.put(data, "token", invite.token) @@ -562,7 +562,7 @@ test "returns user on success, after him registration fails" do end test "returns user on success" do - {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 100}) + {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100}) data = %{ "nickname" => "vinny", @@ -585,7 +585,7 @@ test "returns user on success" do end test "error after max uses" do - {:ok, invite} = UserInviteToken.create_invite(%{expire_at: Date.utc_today(), max_use: 100}) + {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100}) UserInviteToken.update_invite!(invite, uses: 99) @@ -625,7 +625,7 @@ test "error after max uses" do test "returns error on overdue date" do {:ok, invite} = - UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), -1), max_use: 100}) + UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100}) data = %{ "nickname" => "GrimReaper", @@ -645,7 +645,7 @@ test "returns error on overdue date" do test "returns error on with overdue date and after max" do {:ok, invite} = - UserInviteToken.create_invite(%{expire_at: Date.add(Date.utc_today(), -1), max_use: 100}) + UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100}) UserInviteToken.update_invite!(invite, uses: 100) From f0ca0696c812e804ddaa840d4cdeab032dbdf1d0 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 8 Apr 2019 17:06:04 +0700 Subject: [PATCH 11/13] test for valid_invite? --- test/user_invite_token_test.exs | 96 +++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 test/user_invite_token_test.exs diff --git a/test/user_invite_token_test.exs b/test/user_invite_token_test.exs new file mode 100644 index 000000000..276788254 --- /dev/null +++ b/test/user_invite_token_test.exs @@ -0,0 +1,96 @@ +defmodule Pleroma.UserInviteTokenTest do + use ExUnit.Case, async: true + use Pleroma.DataCase + alias Pleroma.UserInviteToken + + describe "valid_invite?/1 one time invites" do + setup do + invite = %UserInviteToken{invite_type: "one_time"} + + {:ok, invite: invite} + end + + test "not used returns true", %{invite: invite} do + invite = %{invite | used: false} + assert UserInviteToken.valid_invite?(invite) + end + + test "used returns false", %{invite: invite} do + invite = %{invite | used: true} + refute UserInviteToken.valid_invite?(invite) + end + end + + describe "valid_invite?/1 reusable invites" do + setup do + invite = %UserInviteToken{ + invite_type: "reusable", + max_use: 5 + } + + {:ok, invite: invite} + end + + test "with less uses then max use returns true", %{invite: invite} do + invite = %{invite | uses: 4} + assert UserInviteToken.valid_invite?(invite) + end + + test "with equal or more uses then max use returns false", %{invite: invite} do + invite = %{invite | uses: 5} + + refute UserInviteToken.valid_invite?(invite) + + invite = %{invite | uses: 6} + + refute UserInviteToken.valid_invite?(invite) + end + end + + describe "valid_token?/1 date limited invites" do + setup do + invite = %UserInviteToken{invite_type: "date_limited"} + {:ok, invite: invite} + end + + test "expires today returns true", %{invite: invite} do + invite = %{invite | expires_at: Date.utc_today()} + assert UserInviteToken.valid_invite?(invite) + end + + test "expires yesterday returns false", %{invite: invite} do + invite = %{invite | expires_at: Date.add(Date.utc_today(), -1)} + invite = Repo.insert!(invite) + refute UserInviteToken.valid_invite?(invite) + end + end + + describe "valid_token?/1 reusable date limited invites" do + setup do + invite = %UserInviteToken{invite_type: "reusable_date_limited", max_use: 5} + {:ok, invite: invite} + end + + test "not overdue date and less uses returns true", %{invite: invite} do + invite = %{invite | expires_at: Date.utc_today(), uses: 4} + assert UserInviteToken.valid_invite?(invite) + end + + test "overdue date and less uses returns false", %{invite: invite} do + invite = %{invite | expires_at: Date.add(Date.utc_today(), -1)} + invite = Repo.insert!(invite) + refute UserInviteToken.valid_invite?(invite) + end + + test "not overdue date with more uses returns false", %{invite: invite} do + invite = %{invite | expires_at: Date.utc_today(), uses: 5} + refute UserInviteToken.valid_invite?(invite) + end + + test "overdue date with more uses returns false", %{invite: invite} do + invite = %{invite | expires_at: Date.add(Date.utc_today(), -1), uses: 5} + invite = Repo.insert!(invite) + refute UserInviteToken.valid_invite?(invite) + end + end +end From d0696fdfd6acaee011f4011d69b8221448bfa89e Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 8 Apr 2019 19:16:59 +0700 Subject: [PATCH 12/13] fix for elixir 1.7.4 --- lib/pleroma/user_invite_token.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index 11f1dcb16..6247831d5 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -10,6 +10,7 @@ defmodule Pleroma.UserInviteToken do alias Pleroma.Repo alias Pleroma.UserInviteToken + @type t :: %__MODULE__{} @type token :: String.t() schema "user_invite_tokens" do From fee50636d07c54328ececfe8805c658e3bb80cc6 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 8 Apr 2019 20:08:16 +0700 Subject: [PATCH 13/13] removing not needed invite update --- lib/pleroma/user_invite_token.ex | 5 ++--- test/web/twitter_api/twitter_api_test.exs | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex index 6247831d5..86f0a5486 100644 --- a/lib/pleroma/user_invite_token.ex +++ b/lib/pleroma/user_invite_token.ex @@ -96,9 +96,8 @@ def valid_invite?(%{invite_type: "reusable_date_limited"} = invite) do not_overdue_date?(invite) and invite.uses < invite.max_use and not invite.used end - defp not_overdue_date?(%{expires_at: expires_at} = invite) do - Date.compare(Date.utc_today(), expires_at) in [:lt, :eq] || - (update_invite!(invite, %{used: true}) && false) + defp not_overdue_date?(%{expires_at: expires_at}) do + Date.compare(Date.utc_today(), expires_at) in [:lt, :eq] end @spec update_usage!(UserInviteToken.t()) :: nil | UserInviteToken.t() | no_return() diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 798a009fe..a4540e651 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -492,7 +492,7 @@ test "returns an error on overdue date", %{data: data} do refute User.get_by_nickname("vinny") invite = Repo.get_by(UserInviteToken, token: invite.token) - assert invite.used == true + refute invite.used end end