From a3dc02d282f886d3b4842ec70976cfa84f2e4099 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 1 May 2019 16:11:17 +0700 Subject: [PATCH 01/36] Add addressable lists --- lib/pleroma/web/activity_pub/activity_pub.ex | 74 +++++++++++++------ .../web/activity_pub/transmogrifier.ex | 5 +- lib/pleroma/web/common_api/common_api.ex | 28 +++---- lib/pleroma/web/common_api/utils.ex | 15 ++++ lib/pleroma/web/salmon/salmon.ex | 8 +- 5 files changed, 92 insertions(+), 38 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 604ffae7b..84d7f47b1 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -28,19 +28,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. defp get_recipients(%{"type" => "Announce"} = data) do - to = data["to"] || [] - cc = data["cc"] || [] + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) actor = User.get_cached_by_ap_id(data["actor"]) recipients = - (to ++ cc) - |> Enum.filter(fn recipient -> + Enum.filter(Enum.concat([to, cc, bcc]), fn recipient -> case User.get_cached_by_ap_id(recipient) do - nil -> - true - - user -> - User.following?(user, actor) + nil -> true + user -> User.following?(user, actor) end end) @@ -48,17 +45,19 @@ defp get_recipients(%{"type" => "Announce"} = data) do end defp get_recipients(%{"type" => "Create"} = data) do - to = data["to"] || [] - cc = data["cc"] || [] - actor = data["actor"] || [] - recipients = (to ++ cc ++ [actor]) |> Enum.uniq() + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) + actor = Map.get(data, "actor", []) + recipients = [to, cc, bcc, [actor]] |> Enum.concat() |> Enum.uniq() {recipients, to, cc} end defp get_recipients(data) do - to = data["to"] || [] - cc = data["cc"] || [] - recipients = to ++ cc + to = Map.get(data, "to", []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) + recipients = Enum.concat([to, cc, bcc]) {recipients, to, cc} end @@ -917,22 +916,55 @@ def should_federate?(inbox, public) do end end - def publish(actor, activity) do - remote_followers = + defp recipients(actor, activity) do + Pleroma.Web.Salmon.remote_users(activity) ++ if actor.follower_address in activity.recipients do {:ok, followers} = User.get_followers(actor) followers |> Enum.filter(&(!&1.local)) else [] end + end + def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bcc != [] do public = is_public?(activity) - {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) + + recipients = recipients(actor, activity) + + recipients + |> Enum.filter(&User.ap_enabled?/1) + |> Enum.map(fn %{info: %{source_data: data}} -> data["inbox"] end) + |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) + |> Instances.filter_reachable() + |> Enum.each(fn {inbox, unreachable_since} -> + %User{ap_id: cc} = + Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + + json = + data + |> Map.put("cc", [cc]) + |> Map.put("directMessage", true) + |> Jason.encode!() + + Federator.publish_single_ap(%{ + inbox: inbox, + json: json, + actor: actor, + id: activity.data["id"], + unreachable_since: unreachable_since + }) + end) + end + + def publish(actor, activity) do + public = is_public?(activity) + {:ok, data} = Transmogrifier.prepare_outgoing(activity.data) + json = Jason.encode!(data) - (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers) - |> Enum.filter(fn user -> User.ap_enabled?(user) end) + recipients(actor, activity) + |> Enum.filter(&User.ap_enabled?/1) |> Enum.map(fn %{info: %{source_data: data}} -> (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"] end) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index b1e859d7c..3b7193eaa 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -741,13 +741,16 @@ def prepare_object(object) do def prepare_outgoing(%{"type" => "Create", "object" => object_id} = data) do object = - Object.normalize(object_id).data + object_id + |> Object.normalize() + |> Map.get(:data) |> prepare_object data = data |> Map.put("object", object) |> Map.merge(Utils.make_json_ld_header()) + |> Map.delete("bcc") {:ok, data} end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index cfbc5dc10..4ca59110f 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -119,6 +119,10 @@ def get_visibility(%{"visibility" => visibility}) when visibility in ~w{public unlisted private direct}, do: visibility + def get_visibility(%{"visibility" => "list:" <> list_id}) do + {:list, String.to_integer(list_id)} + end + def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do case get_replied_to_activity(status_id) do nil -> @@ -149,6 +153,7 @@ def post(user, %{"status" => status} = data) do visibility ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), + {:ok, bcc} <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -174,19 +179,16 @@ def post(user, %{"status" => status} = data) do Map.put(acc, name, "#{Pleroma.Web.Endpoint.static_url()}#{file}") end) ) do - res = - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) - - res + ActivityPub.create( + %{ + to: to, + actor: user, + context: context, + object: object, + additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} + }, + Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + ) end end diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 887f878c4..83a745b58 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter + alias Pleroma.List alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -102,6 +103,20 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do end end + def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} + + def bcc_for_list(user, {:list, list_id}) do + with {_, %List{} = list} <- {:list, List.get(list_id, user)}, + {:ok, following} <- List.get_following(list) do + {:ok, Enum.map(following, & &1.ap_id)} + else + {:list, _} -> {:error, "List not found"} + err -> err + end + end + + def bcc_for_list(_, _), do: {:ok, []} + def make_content_html( status, attachments, diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 0a9e51656..4d89f4bdb 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -157,10 +157,12 @@ def encode(private_key, doc) do end def remote_users(%{data: %{"to" => to} = data}) do - to = to ++ (data["cc"] || []) + cc = Map.get(data, "cc", []) + bcc = Map.get(data, "bcc", []) - to - |> Enum.map(fn id -> User.get_cached_by_ap_id(id) end) + [to, cc, bcc] + |> Enum.concat() + |> Enum.map(&User.get_cached_by_ap_id/1) |> Enum.filter(fn user -> user && !user.local end) end From 23276e8d6848fa8eae390c16b6e0619c12546e4a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 13 May 2019 16:15:14 +0700 Subject: [PATCH 02/36] Use pseudo ap id of a list in BCC --- lib/pleroma/list.ex | 32 ++++++++++++++ lib/pleroma/web/activity_pub/activity_pub.ex | 46 ++++++++++++++++---- lib/pleroma/web/common_api/common_api.ex | 8 ++-- lib/pleroma/web/common_api/utils.ex | 11 +---- lib/pleroma/web/salmon/salmon.ex | 19 ++++++-- 5 files changed, 92 insertions(+), 24 deletions(-) diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index a5b1cad68..81b842e9c 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -12,6 +12,8 @@ defmodule Pleroma.List do alias Pleroma.Repo alias Pleroma.User + @ap_id_regex ~r/^\/users\/(?\w+)\/lists\/(?\d+)/ + schema "lists" do belongs_to(:user, User, type: Pleroma.FlakeId) field(:title, :string) @@ -32,6 +34,12 @@ def follow_changeset(list, attrs \\ %{}) do |> validate_required([:following]) end + def ap_id(%User{nickname: nickname}, list_id) do + Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" + end + + def ap_id({nickname, list_id}), do: ap_id(%User{nickname: nickname}, list_id) + def for_user(user, _opts) do query = from( @@ -55,6 +63,19 @@ def get(id, %{id: user_id} = _user) do Repo.one(query) end + def get_by_ap_id(ap_id) do + host = Pleroma.Web.Endpoint.host() + + with %{host: ^host, path: path} <- URI.parse(ap_id), + %{"list_id" => list_id, "nickname" => nickname} <- + Regex.named_captures(@ap_id_regex, path), + %User{} = user <- User.get_cached_by_nickname(nickname) do + get(list_id, user) + else + _ -> nil + end + end + def get_following(%Pleroma.List{following: following} = _list) do q = from( @@ -125,4 +146,15 @@ def update_follows(%Pleroma.List{} = list, attrs) do |> follow_changeset(attrs) |> Repo.update() end + + def memberships(%User{follower_address: follower_address}) do + Pleroma.List + |> where([l], ^follower_address in l.following) + |> join(:inner, [l], u in User, on: l.user_id == u.id) + |> select([l, u], {u.nickname, l.id}) + |> Repo.all() + |> Enum.map(&ap_id/1) + end + + def memberships(_), do: [] end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 84d7f47b1..3b71e0369 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -783,9 +783,7 @@ defp maybe_preload_objects(query, _) do end def fetch_activities_query(recipients, opts \\ %{}) do - base_query = from(activity in Activity) - - base_query + Activity |> maybe_preload_objects(opts) |> restrict_recipients(recipients, opts["user"]) |> restrict_tag(opts) @@ -807,9 +805,29 @@ def fetch_activities_query(recipients, opts \\ %{}) do end def fetch_activities(recipients, opts \\ %{}) do - fetch_activities_query(recipients, opts) + list_memberships = Pleroma.List.memberships(opts["user"]) + + fetch_activities_query(recipients ++ list_memberships, opts) |> Pagination.fetch_paginated(opts) |> Enum.reverse() + |> maybe_update_cc(list_memberships, opts["user"]) + end + + defp maybe_update_cc(activities, [], _), do: activities + defp maybe_update_cc(activities, _, nil), do: activities + + defp maybe_update_cc(activities, list_memberships, user) do + Enum.map(activities, fn + %{data: %{"bcc" => bcc}} = activity when is_list(bcc) -> + if Enum.any?(bcc, &(&1 in list_memberships)) do + update_in(activity.data["cc"], &[user.ap_id | &1]) + else + activity + end + + activity -> + activity + end) end def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do @@ -917,13 +935,23 @@ def should_federate?(inbox, public) do end defp recipients(actor, activity) do - Pleroma.Web.Salmon.remote_users(activity) ++ + followers = if actor.follower_address in activity.recipients do {:ok, followers} = User.get_followers(actor) - followers |> Enum.filter(&(!&1.local)) + Enum.filter(followers, &(!&1.local)) else [] end + + Pleroma.Web.Salmon.remote_users(actor, activity) ++ followers + end + + defp get_cc_ap_ids(ap_id, recipients) do + host = Map.get(URI.parse(ap_id), :host) + + recipients + |> Enum.filter(fn %User{ap_id: ap_id} -> Map.get(URI.parse(ap_id), :host) == host end) + |> Enum.map(& &1.ap_id) end def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bcc != [] do @@ -938,12 +966,14 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) |> Instances.filter_reachable() |> Enum.each(fn {inbox, unreachable_since} -> - %User{ap_id: cc} = + %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + cc = get_cc_ap_ids(ap_id, recipients) + json = data - |> Map.put("cc", [cc]) + |> Map.put("cc", cc) |> Map.put("directMessage", true) |> Jason.encode!() diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 4ca59110f..d47d5788c 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -153,7 +153,7 @@ def post(user, %{"status" => status} = data) do visibility ), {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility), - {:ok, bcc} <- bcc_for_list(user, visibility), + bcc <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -197,7 +197,7 @@ def update(user) do user = with emoji <- emoji_from_profile(user), source_data <- (user.info.source_data || %{}) |> Map.put("tag", emoji), - info_cng <- Pleroma.User.Info.set_source_data(user.info, source_data), + info_cng <- User.Info.set_source_data(user.info, source_data), change <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng), {:ok, user} <- User.update_and_set_cache(change) do user @@ -230,7 +230,7 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do } = activity <- get_by_id_or_ap_id(id_or_ap_id), true <- Enum.member?(object_to, "https://www.w3.org/ns/activitystreams#Public"), %{valid?: true} = info_changeset <- - Pleroma.User.Info.add_pinnned_activity(user.info, activity), + User.Info.add_pinnned_activity(user.info, activity), changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset), {:ok, _user} <- User.update_and_set_cache(changeset) do @@ -247,7 +247,7 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do def unpin(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), %{valid?: true} = info_changeset <- - Pleroma.User.Info.remove_pinnned_activity(user.info, activity), + User.Info.remove_pinnned_activity(user.info, activity), changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset), {:ok, _user} <- User.update_and_set_cache(changeset) do diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 83a745b58..32c3b4b98 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -8,7 +8,6 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter - alias Pleroma.List alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -106,16 +105,10 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} def bcc_for_list(user, {:list, list_id}) do - with {_, %List{} = list} <- {:list, List.get(list_id, user)}, - {:ok, following} <- List.get_following(list) do - {:ok, Enum.map(following, & &1.ap_id)} - else - {:list, _} -> {:error, "List not found"} - err -> err - end + [Pleroma.List.ap_id(user, list_id)] end - def bcc_for_list(_, _), do: {:ok, []} + def bcc_for_list(_, _), do: [] def make_content_html( status, diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 4d89f4bdb..ca51255f3 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -156,9 +156,22 @@ def encode(private_key, doc) do {:ok, salmon} end - def remote_users(%{data: %{"to" => to} = data}) do + def remote_users(%User{id: user_id}, %{data: %{"to" => to} = data}) do cc = Map.get(data, "cc", []) - bcc = Map.get(data, "bcc", []) + + bcc = + data + |> Map.get("bcc", []) + |> Enum.reduce([], fn ap_id, bcc -> + case Pleroma.List.get_by_ap_id(ap_id) do + %Pleroma.List{user_id: ^user_id} = list -> + {:ok, following} = Pleroma.List.get_following(list) + bcc ++ Enum.map(following, & &1.ap_id) + + _ -> + bcc + end + end) [to, cc, bcc] |> Enum.concat() @@ -220,7 +233,7 @@ def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity {:ok, private, _} = keys_from_pem(keys) {:ok, feed} = encode(private, feed) - remote_users = remote_users(activity) + remote_users = remote_users(user, activity) salmon_urls = Enum.map(remote_users, & &1.info.salmon) reachable_urls_metadata = Instances.filter_reachable(salmon_urls) From d474995efa83e03f8aeaf57c1437aaa483960f7a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:12:47 +0700 Subject: [PATCH 03/36] Add Tests --- test/list_test.exs | 29 +++++++++++++++++++ test/web/activity_pub/activity_pub_test.exs | 14 +++++++++ test/web/activity_pub/transmogrifier_test.exs | 12 ++++++++ test/web/common_api/common_api_test.exs | 13 +++++++++ 4 files changed, 68 insertions(+) diff --git a/test/list_test.exs b/test/list_test.exs index 1909c0cd9..0e72b6660 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -113,4 +113,33 @@ test "getting own lists a given user belongs to" do assert owned_list in lists_2 refute not_owned_list in lists_2 end + + test "get ap_id by user nickname and list id" do + nickname = "foo" + list_id = 42 + + expected = Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" + + assert Pleroma.List.ap_id(%Pleroma.User{nickname: nickname}, list_id) == expected + assert Pleroma.List.ap_id({nickname, list_id}) == expected + end + + test "get by ap_id" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + ap_id = Pleroma.List.ap_id(user, list.id) + + assert Pleroma.List.get_by_ap_id(ap_id) == list + end + + test "memberships" do + user = insert(:user) + member = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + assert Pleroma.List.memberships(member) == [list_ap_id] + end end diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 0f90aa1ac..e38de388b 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1156,6 +1156,20 @@ test "it can create a Flag activity" do end end + test "fetch_activities/2 returns activities addressed to a list " do + user = insert(:user) + member = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + activity = Repo.preload(activity, :bookmark) + + assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity] + end + def data_uri do File.read!("test/fixtures/avatar_data_uri") end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index c24b50f8c..e93189df6 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -1028,6 +1028,18 @@ test "the directMessage flag is present" do assert modified["directMessage"] == true end + + test "it strips BCC field" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert is_nil(modified["bcc"]) + end end describe "user upgrade" do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index a5b07c446..11f3c8357 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -87,6 +87,19 @@ test "it filters out obviously bad tags when accepting a post as Markdown" do assert object.data["content"] == "

2hu

alert('xss')" end + + test "it allows to address a list" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + assert activity.data["bcc"] == [list_ap_id] + assert activity.recipients == [list_ap_id, user.ap_id] + end end describe "reactions" do From 8feea72781e5813941d986effe785cae6a5dee90 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:14:51 +0700 Subject: [PATCH 04/36] Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c0baa317..2fadb5f18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - OAuth: added support for refresh tokens - Emoji packs and emoji pack manager - AdminFE: initial release with basic user management accessible at /pleroma/admin/ +- Addressable lists ### Changed - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer From fc9b4410c4182747fbcbc2cbe2b94090c887b96f Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:27:40 +0700 Subject: [PATCH 05/36] Add documentation --- docs/api/differences_in_mastoapi_responses.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 36b47608e..946e0e885 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -69,6 +69,7 @@ Additional parameters can be added to the JSON body/Form data: - `preview`: boolean, if set to `true` the post won't be actually posted, but the status entitiy would still be rendered back. This could be useful for previewing rich text/custom emoji, for example. - `content_type`: string, contain the MIME type of the status, it is transformed into HTML by the backend. You can get the list of the supported MIME types with the nodeinfo endpoint. +- `visibility`: string, besides standard MastoAPI values (`direct`, `private`, `unlisted` or `public`) it can be used to address a List by setting it to `list:LIST_ID`. ## PATCH `/api/v1/update_credentials` From f2936e0a0723956c167a06dc51518da172a508b2 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 17 May 2019 19:56:37 +0700 Subject: [PATCH 06/36] Add `ap_id` to List --- lib/pleroma/list.ex | 33 +++++++------------ lib/pleroma/web/common_api/utils.ex | 3 +- .../20190516112144_add_ap_id_to_lists.exs | 26 +++++++++++++++ test/list_test.exs | 18 ++-------- test/web/common_api/common_api_test.exs | 6 ++-- 5 files changed, 43 insertions(+), 43 deletions(-) create mode 100644 priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 81b842e9c..16955b3b5 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -12,12 +12,11 @@ defmodule Pleroma.List do alias Pleroma.Repo alias Pleroma.User - @ap_id_regex ~r/^\/users\/(?\w+)\/lists\/(?\d+)/ - schema "lists" do belongs_to(:user, User, type: Pleroma.FlakeId) field(:title, :string) field(:following, {:array, :string}, default: []) + field(:ap_id, :string) timestamps() end @@ -34,12 +33,6 @@ def follow_changeset(list, attrs \\ %{}) do |> validate_required([:following]) end - def ap_id(%User{nickname: nickname}, list_id) do - Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" - end - - def ap_id({nickname, list_id}), do: ap_id(%User{nickname: nickname}, list_id) - def for_user(user, _opts) do query = from( @@ -64,16 +57,7 @@ def get(id, %{id: user_id} = _user) do end def get_by_ap_id(ap_id) do - host = Pleroma.Web.Endpoint.host() - - with %{host: ^host, path: path} <- URI.parse(ap_id), - %{"list_id" => list_id, "nickname" => nickname} <- - Regex.named_captures(@ap_id_regex, path), - %User{} = user <- User.get_cached_by_nickname(nickname) do - get(list_id, user) - else - _ -> nil - end + Repo.get_by(__MODULE__, ap_id: ap_id) end def get_following(%Pleroma.List{following: following} = _list) do @@ -126,7 +110,14 @@ def rename(%Pleroma.List{} = list, title) do def create(title, %User{} = creator) do list = %Pleroma.List{user_id: creator.id, title: title} - Repo.insert(list) + + Repo.transaction(fn -> + list = Repo.insert!(list) + + list + |> change(ap_id: "#{creator.ap_id}/lists/#{list.id}") + |> Repo.update!() + end) end def follow(%Pleroma.List{following: following} = list, %User{} = followed) do @@ -150,10 +141,8 @@ def update_follows(%Pleroma.List{} = list, attrs) do def memberships(%User{follower_address: follower_address}) do Pleroma.List |> where([l], ^follower_address in l.following) - |> join(:inner, [l], u in User, on: l.user_id == u.id) - |> select([l, u], {u.nickname, l.id}) + |> select([l], l.ap_id) |> Repo.all() - |> Enum.map(&ap_id/1) end def memberships(_), do: [] diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index f082b77d8..ba6ed67ef 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -105,7 +105,8 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do def to_for_user_and_mentions(_user, _mentions, _inReplyTo, _), do: {[], []} def bcc_for_list(user, {:list, list_id}) do - [Pleroma.List.ap_id(user, list_id)] + list = Pleroma.List.get(list_id, user) + [list.ap_id] end def bcc_for_list(_, _), do: [] diff --git a/priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs b/priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs new file mode 100644 index 000000000..3c32bc355 --- /dev/null +++ b/priv/repo/migrations/20190516112144_add_ap_id_to_lists.exs @@ -0,0 +1,26 @@ +defmodule Pleroma.Repo.Migrations.AddApIdToLists do + use Ecto.Migration + + def up do + alter table(:lists) do + add(:ap_id, :string) + end + + execute(""" + UPDATE lists + SET ap_id = u.ap_id || '/lists/' || lists.id + FROM users AS u + WHERE lists.user_id = u.id + """) + + create(unique_index(:lists, :ap_id)) + end + + def down do + drop(index(:lists, [:ap_id])) + + alter table(:lists) do + remove(:ap_id) + end + end +end diff --git a/test/list_test.exs b/test/list_test.exs index 0e72b6660..6c5c6b197 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -114,22 +114,10 @@ test "getting own lists a given user belongs to" do refute not_owned_list in lists_2 end - test "get ap_id by user nickname and list id" do - nickname = "foo" - list_id = 42 - - expected = Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" - - assert Pleroma.List.ap_id(%Pleroma.User{nickname: nickname}, list_id) == expected - assert Pleroma.List.ap_id({nickname, list_id}) == expected - end - test "get by ap_id" do user = insert(:user) {:ok, list} = Pleroma.List.create("foo", user) - ap_id = Pleroma.List.ap_id(user, list.id) - - assert Pleroma.List.get_by_ap_id(ap_id) == list + assert Pleroma.List.get_by_ap_id(list.ap_id) == list end test "memberships" do @@ -138,8 +126,6 @@ test "memberships" do {:ok, list} = Pleroma.List.create("foo", user) {:ok, list} = Pleroma.List.follow(list, member) - list_ap_id = Pleroma.List.ap_id(user, list.id) - - assert Pleroma.List.memberships(member) == [list_ap_id] + assert Pleroma.List.memberships(member) == [list.ap_id] end end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 23e89d685..84744e5af 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -114,13 +114,11 @@ test "it allows to address a list" do user = insert(:user) {:ok, list} = Pleroma.List.create("foo", user) - list_ap_id = Pleroma.List.ap_id(user, list.id) - {:ok, activity} = CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) - assert activity.data["bcc"] == [list_ap_id] - assert activity.recipients == [list_ap_id, user.ap_id] + assert activity.data["bcc"] == [list.ap_id] + assert activity.recipients == [list.ap_id, user.ap_id] end end From 3b71612d3d8b5e2ad53bda4399eb7f687cd6c30e Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Sat, 18 May 2019 01:17:14 +0700 Subject: [PATCH 07/36] Improve Pleroma.Web.ActivityPub.ActivityPub.maybe_update_cc/3 --- lib/pleroma/web/activity_pub/activity_pub.ex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 048b9202b..8a5b3b8b4 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -881,14 +881,12 @@ def fetch_activities(recipients, opts \\ %{}) do |> maybe_update_cc(list_memberships, opts["user"]) end - defp maybe_update_cc(activities, [], _), do: activities - defp maybe_update_cc(activities, _, nil), do: activities - - defp maybe_update_cc(activities, list_memberships, user) do + defp maybe_update_cc(activities, list_memberships, %User{ap_id: user_ap_id}) + when is_list(list_memberships) and length(list_memberships) > 0 do Enum.map(activities, fn - %{data: %{"bcc" => bcc}} = activity when is_list(bcc) -> + %{data: %{"bcc" => bcc}} = activity when is_list(bcc) and length(bcc) > 0 -> if Enum.any?(bcc, &(&1 in list_memberships)) do - update_in(activity.data["cc"], &[user.ap_id | &1]) + update_in(activity.data["cc"], &[user_ap_id | &1]) else activity end @@ -898,6 +896,8 @@ defp maybe_update_cc(activities, list_memberships, user) do end) end + defp maybe_update_cc(activities, _, _), do: activities + def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do fetch_activities_query([], opts) |> restrict_to_cc(recipients_to, recipients_cc) From a7affbdd6d46caddea05ee6b34e0b2a24a62e721 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 24 May 2019 21:41:11 +0700 Subject: [PATCH 08/36] Fix tests --- test/web/activity_pub/activity_pub_test.exs | 1 + 1 file changed, 1 insertion(+) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 5d0d5a40e..23b11d015 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1193,6 +1193,7 @@ test "fetch_activities/2 returns activities addressed to a list " do CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) activity = Repo.preload(activity, :bookmark) + activity = %Activity{activity | thread_muted?: !!activity.thread_muted?} assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity] end From ddd4a09b72ede65345ddf45a68eb239b54eda86c Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 5 Jun 2019 17:55:00 +0700 Subject: [PATCH 09/36] Fix merge conflict --- lib/pleroma/web/common_api/utils.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 22ce1ea90..6c9e117ae 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -98,6 +98,8 @@ def get_to_and_cc(_user, mentioned_users, inReplyTo, "direct") do end end + def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []} + def get_addressed_users(_, to) when is_list(to) do User.get_ap_ids_by_nicknames(to) end From 958fb9aa8082eabf63b106007b3bef09847cafc6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 16:36:08 +0700 Subject: [PATCH 10/36] Add "listMessage" --- lib/pleroma/web/activity_pub/publisher.ex | 1 - lib/pleroma/web/common_api/common_api.ex | 26 +++++++++++++---------- lib/pleroma/web/common_api/utils.ex | 15 +++++++++---- test/web/common_api/common_api_test.exs | 1 + 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index b7dc90caa..ffdd33351 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -136,7 +136,6 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc json = data |> Map.put("cc", cc) - |> Map.put("directMessage", true) |> Jason.encode!() Pleroma.Web.Federator.Publisher.enqueue_one(__MODULE__, %{ diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8e3892bdf..1c47a31d7 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -215,7 +215,6 @@ def post(user, %{"status" => status} = data) do addressed_users <- get_addressed_users(mentioned_users, data["to"]), {poll, poll_emoji} <- make_poll_data(data), {to, cc} <- get_to_and_cc(user, addressed_users, in_reply_to, visibility), - bcc <- bcc_for_list(user, visibility), context <- make_context(in_reply_to), cw <- data["spoiler_text"] || "", sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}), @@ -241,16 +240,21 @@ def post(user, %{"status" => status} = data) do "emoji", Map.merge(Formatter.get_emoji_map(full_payload), poll_emoji) ) do - ActivityPub.create( - %{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "bcc" => bcc, "directMessage" => visibility == "direct"} - }, - Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false - ) + preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false + direct? = visibility == "direct" + + additional_data = + %{"cc" => cc, "directMessage" => direct?} |> maybe_add_list_data(user, visibility) + + params = %{ + to: to, + actor: user, + context: context, + object: object, + additional: additional_data + } + + ActivityPub.create(params, preview?) else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index d4bfdd7e4..94b2c50fc 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -108,12 +108,19 @@ def get_addressed_users(_, to) when is_list(to) do def get_addressed_users(mentioned_users, _), do: mentioned_users - def bcc_for_list(user, {:list, list_id}) do - list = Pleroma.List.get(list_id, user) - [list.ap_id] + def maybe_add_list_data(additional_data, user, {:list, list_id}) do + case Pleroma.List.get(list_id, user) do + %Pleroma.List{} = list -> + additional_data + |> Map.put("listMessage", list.ap_id) + |> Map.put("bcc", [list.ap_id]) + + _ -> + additional_data + end end - def bcc_for_list(_, _), do: [] + def maybe_add_list_data(additional_data, _, _), do: additional_data def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data) when is_list(options) do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 694b52356..932c6877d 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -139,6 +139,7 @@ test "it allows to address a list" do assert activity.data["bcc"] == [list.ap_id] assert activity.recipients == [list.ap_id, user.ap_id] + assert activity.data["listMessage"] == list.ap_id end end From 9e06873d58e031a0f90c6a4d436a6abb5f1ebbae Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 19:29:24 +0700 Subject: [PATCH 11/36] Add `list` to Visibility --- lib/pleroma/list.ex | 6 ++ lib/pleroma/web/activity_pub/visibility.ex | 16 +++++ test/list_test.exs | 11 ++++ test/web/activity_pub/visibilty_test.exs | 72 +++++++++++++++++++--- 4 files changed, 98 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 16955b3b5..1d320206e 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -146,4 +146,10 @@ def memberships(%User{follower_address: follower_address}) do end def memberships(_), do: [] + + def member?(%Pleroma.List{following: following}, %User{follower_address: follower_address}) do + Enum.member?(following, follower_address) + end + + def member?(_, _), do: false end diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex index 9908a2e75..e0282d758 100644 --- a/lib/pleroma/web/activity_pub/visibility.ex +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -34,6 +34,19 @@ def is_direct?(activity) do !is_public?(activity) && !is_private?(activity) end + def is_list?(%{data: %{"listMessage" => _}}), do: true + def is_list?(_), do: false + + def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true + + def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do + list_ap_id + |> Pleroma.List.get_by_ap_id() + |> Pleroma.List.member?(user) + end + + def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false + def visible_for_user?(activity, nil) do is_public?(activity) end @@ -73,6 +86,9 @@ def get_visibility(object) do object.data["directMessage"] == true -> "direct" + is_binary(object.data["listMessage"]) -> + "list" + length(cc) > 0 -> "private" diff --git a/test/list_test.exs b/test/list_test.exs index 6c5c6b197..f39033d02 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -128,4 +128,15 @@ test "memberships" do assert Pleroma.List.memberships(member) == [list.ap_id] end + + test "member?" do + user = insert(:user) + member = insert(:user) + + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + assert Pleroma.List.member?(list, member) + refute Pleroma.List.member?(list, user) + end end diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs index 4d5c07da4..2ce6928c4 100644 --- a/test/web/activity_pub/visibilty_test.exs +++ b/test/web/activity_pub/visibilty_test.exs @@ -16,6 +16,9 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do following = insert(:user) unrelated = insert(:user) {:ok, following} = Pleroma.User.follow(following, user) + {:ok, list} = Pleroma.List.create("foo", user) + + Pleroma.List.follow(list, unrelated) {:ok, public} = CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "public"}) @@ -29,6 +32,12 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do {:ok, unlisted} = CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "unlisted"}) + {:ok, list} = + CommonAPI.post(user, %{ + "status" => "@#{mentioned.nickname}", + "visibility" => "list:#{list.id}" + }) + %{ public: public, private: private, @@ -37,29 +46,65 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do user: user, mentioned: mentioned, following: following, - unrelated: unrelated + unrelated: unrelated, + list: list } end - test "is_direct?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_direct?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do assert Visibility.is_direct?(direct) refute Visibility.is_direct?(public) refute Visibility.is_direct?(private) refute Visibility.is_direct?(unlisted) + assert Visibility.is_direct?(list) end - test "is_public?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_public?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do refute Visibility.is_public?(direct) assert Visibility.is_public?(public) refute Visibility.is_public?(private) assert Visibility.is_public?(unlisted) + refute Visibility.is_public?(list) end - test "is_private?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_private?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do refute Visibility.is_private?(direct) refute Visibility.is_private?(public) assert Visibility.is_private?(private) refute Visibility.is_private?(unlisted) + refute Visibility.is_private?(list) + end + + test "is_list?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do + refute Visibility.is_list?(direct) + refute Visibility.is_list?(public) + refute Visibility.is_list?(private) + refute Visibility.is_list?(unlisted) + assert Visibility.is_list?(list) end test "visible_for_user?", %{ @@ -70,7 +115,8 @@ test "visible_for_user?", %{ user: user, mentioned: mentioned, following: following, - unrelated: unrelated + unrelated: unrelated, + list: list } do # All visible to author @@ -78,13 +124,15 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(private, user) assert Visibility.visible_for_user?(unlisted, user) assert Visibility.visible_for_user?(direct, user) + assert Visibility.visible_for_user?(list, user) - # All visible to a mentioned user + # All visible to a mentioned user, except when it's a list activity assert Visibility.visible_for_user?(public, mentioned) assert Visibility.visible_for_user?(private, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(direct, mentioned) + refute(Visibility.visible_for_user?(list, mentioned)) # DM not visible for just follower @@ -92,6 +140,7 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(private, following) assert Visibility.visible_for_user?(unlisted, following) refute Visibility.visible_for_user?(direct, following) + refute Visibility.visible_for_user?(list, following) # Public and unlisted visible for unrelated user @@ -99,6 +148,9 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(unlisted, unrelated) refute Visibility.visible_for_user?(private, unrelated) refute Visibility.visible_for_user?(direct, unrelated) + + # Visible for a list member + assert Visibility.visible_for_user?(list, unrelated) end test "doesn't die when the user doesn't exist", @@ -115,18 +167,24 @@ test "get_visibility", %{ public: public, private: private, direct: direct, - unlisted: unlisted + unlisted: unlisted, + list: list } do assert Visibility.get_visibility(public) == "public" assert Visibility.get_visibility(private) == "private" assert Visibility.get_visibility(direct) == "direct" assert Visibility.get_visibility(unlisted) == "unlisted" + assert Visibility.get_visibility(list) == "list" end test "get_visibility with directMessage flag" do assert Visibility.get_visibility(%{data: %{"directMessage" => true}}) == "direct" end + test "get_visibility with listMessage flag" do + assert Visibility.get_visibility(%{data: %{"listMessage" => ""}}) == "list" + end + describe "entire_thread_visible_for_user?/2" do test "returns false if not found activity", %{user: user} do refute Visibility.entire_thread_visible_for_user?(%Activity{}, user) From 9991254c064c63e3d45786379953414c8a26073a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 20:17:03 +0700 Subject: [PATCH 12/36] Update CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff0cb8740..3403ce64e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ Configuration: `federation_incoming_replies_max_depth` option - Added synchronization of following/followers counters for external users - Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`. - Mastodon API: Add support for categories for custom emojis by reusing the group feature. +- Addressable lists ## [1.0.0] - 2019-06-29 ### Security @@ -89,7 +90,6 @@ Configuration: `federation_incoming_replies_max_depth` option - MRF: Support for rejecting reports from specific instances (`mrf_simple`) - MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`) - MRF: Support for running subchains. -- Addressable lists - Configuration: `skip_thread_containment` option - Configuration: `rate_limit` option. See `Pleroma.Plugs.RateLimiter` documentation for details. - MRF: Support for filtering out likely spam messages by rejecting posts from new users that contain links. From f8e3ae61545de45ce4dd395471149ed1e71e0343 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Fri, 12 Jul 2019 22:19:30 +0545 Subject: [PATCH 13/36] try to always match the filename for proxy url --- lib/pleroma/web/media_proxy/controller.ex | 7 ++++++- test/media_proxy_test.exs | 11 +++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index ea33d7685..a711b54e9 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -30,10 +30,15 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do def filename_matches(has_filename, path, url) do filename = url |> MediaProxy.filename() - if has_filename && filename && Path.basename(path) != filename do + if has_filename && filename && does_not_match(path, filename) do {:wrong_filename, filename} else :ok end end + + defp does_not_match(path, filename) do + basename = Path.basename(path) + basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename + end end diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs index fbf200931..176b09914 100644 --- a/test/media_proxy_test.exs +++ b/test/media_proxy_test.exs @@ -108,6 +108,17 @@ test "filename_matches preserves the encoded or decoded path" do ) == :ok end + test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do + # conn.request_path will return encoded url + request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" + + assert MediaProxyController.filename_matches( + true, + request_path, + "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" + ) == :ok + end + test "uses the configured base_url" do base_url = Pleroma.Config.get([:media_proxy, :base_url]) From f98f7ad1b9c1aede0ddefecfefb73919564d73ed Mon Sep 17 00:00:00 2001 From: Moonman Date: Sun, 14 Jul 2019 09:48:42 -0700 Subject: [PATCH 14/36] detect and use sha512-crypt for stored password hash. --- lib/pleroma/plugs/authentication_plug.ex | 13 +++++++++++++ lib/pleroma/web/auth/pleroma_authenticator.ex | 4 ++-- lib/pleroma/web/common_api/utils.ex | 4 ++-- .../web/twitter_api/controllers/util_controller.ex | 4 ++-- 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index da4ed4226..48dc1f818 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -6,11 +6,24 @@ defmodule Pleroma.Plugs.AuthenticationPlug do alias Comeonin.Pbkdf2 import Plug.Conn alias Pleroma.User + require Logger def init(options) do options end + def checkpw(password, password_hash) do + cond do + String.starts_with?(password_hash, "$pbkdf2") -> + Pbkdf2.checkpw(password, password_hash) + String.starts_with?(password_hash, "$6") -> + :crypt.crypt(password, password_hash) == password_hash + true -> + Logger.error("Password hash not recognized") + false + end + end + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call( diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index a9164ad98..f4234b743 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Auth.PleromaAuthenticator do - alias Comeonin.Pbkdf2 + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Registration alias Pleroma.Repo alias Pleroma.User @@ -16,7 +16,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do def get_user(%Plug.Conn{} = conn) do with {:ok, {name, password}} <- fetch_credentials(conn), {_, %User{} = user} <- {:user, fetch_user(name)}, - {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do + {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)} do {:ok, user} else error -> diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 8e482eef7..e013188cf 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -6,11 +6,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do import Pleroma.Web.Gettext alias Calendar.Strftime - alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Config alias Pleroma.Formatter alias Pleroma.Object + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.ActivityPub.Utils @@ -371,7 +371,7 @@ defp shortname(name) do def confirm_current_password(user, password) do with %User{local: true} = db_user <- User.get_cached_by_id(user.id), - true <- Pbkdf2.checkpw(password, db_user.password_hash) do + true <- AuthenticationPlug.checkpw(password, db_user.password_hash) do {:ok, db_user} else _ -> {:error, dgettext("errors", "Invalid password.")} diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index b1863528f..c10c66ff2 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -7,10 +7,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do require Logger - alias Comeonin.Pbkdf2 alias Pleroma.Activity alias Pleroma.Emoji alias Pleroma.Notification + alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.User alias Pleroma.Web alias Pleroma.Web.ActivityPub.ActivityPub @@ -96,7 +96,7 @@ def do_remote_follow(conn, %{ name = followee.nickname with %User{} = user <- User.get_cached_by_nickname(username), - true <- Pbkdf2.checkpw(password, user.password_hash), + true <- AuthenticationPlug.checkpw(password, user.password_hash), %User{} = _followed <- User.get_cached_by_id(id), {:ok, follower} <- User.follow(user, followee), {:ok, _activity} <- ActivityPub.follow(follower, followee) do From 739bbe0d3bbe06ca9d634498ea5909f35fc5ad84 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 14 Jul 2019 17:47:08 +0000 Subject: [PATCH 15/36] security: detect object containment violations at the IR level It is more efficient to check for object containment violations at the IR level instead of in the protocol handlers. OStatus containment is especially a tricky situation, as the containment rules don't match those of IR and ActivityPub. Accordingly, we just always do a final containment check at the IR level before the object is added to the IR object graph. --- lib/pleroma/object/containment.ex | 8 ++++++ lib/pleroma/web/activity_pub/activity_pub.ex | 2 ++ test/object/containment_test.exs | 30 ++++++++++++++++++++ 3 files changed, 40 insertions(+) diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex index ada9da0bb..f077a9f32 100644 --- a/lib/pleroma/object/containment.ex +++ b/lib/pleroma/object/containment.ex @@ -48,6 +48,9 @@ def contain_origin(id, %{"actor" => _actor} = params) do end end + def contain_origin(id, %{"attributedTo" => actor} = params), + do: contain_origin(id, Map.put(params, "actor", actor)) + def contain_origin_from_id(_id, %{"id" => nil}), do: :error def contain_origin_from_id(id, %{"id" => other_id} = _params) do @@ -60,4 +63,9 @@ def contain_origin_from_id(id, %{"id" => other_id} = _params) do :error end end + + def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}), + do: contain_origin(id, object) + + def contain_child(_), do: :ok end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index a3174a787..87963b691 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do alias Pleroma.Conversation alias Pleroma.Notification alias Pleroma.Object + alias Pleroma.Object.Containment alias Pleroma.Object.Fetcher alias Pleroma.Pagination alias Pleroma.Repo @@ -126,6 +127,7 @@ def insert(map, local \\ true, fake \\ false) when is_map(map) do {:ok, map} <- MRF.filter(map), {recipients, _, _} = get_recipients(map), {:fake, false, map, recipients} <- {:fake, fake, map, recipients}, + :ok <- Containment.contain_child(map), {:ok, map, object} <- insert_full_object(map) do {:ok, activity} = Repo.insert(%Activity{ diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs index 1beed6236..61cd1b412 100644 --- a/test/object/containment_test.exs +++ b/test/object/containment_test.exs @@ -68,4 +68,34 @@ test "users cannot be collided through fake direction spoofing attempts" do "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}" end end + + describe "containment of children" do + test "contain_child() catches spoofing attempts" do + data = %{ + "id" => "http://example.com/whatever", + "type" => "Create", + "object" => %{ + "id" => "http://example.net/~alyssa/activities/1234", + "attributedTo" => "http://example.org/~alyssa" + }, + "actor" => "http://example.com/~bob" + } + + :error = Containment.contain_child(data) + end + + test "contain_child() allows correct origins" do + data = %{ + "id" => "http://example.org/~alyssa/activities/5678", + "type" => "Create", + "object" => %{ + "id" => "http://example.org/~alyssa/activities/1234", + "attributedTo" => "http://example.org/~alyssa" + }, + "actor" => "http://example.org/~alyssa" + } + + :ok = Containment.contain_child(data) + end + end end From 841314c2d504ad108f6a85713546b188096ad735 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 14 Jul 2019 17:49:12 +0000 Subject: [PATCH 16/36] tests: fix object containment violations in the transmogrifier tests Some objects were not completely rewritten in the tests, which caused object containment violations. Fix them by rewriting the object IDs to be in an appropriate namespace. --- CHANGELOG.md | 4 ++++ test/web/activity_pub/transmogrifier_test.exs | 2 ++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0cec3bf5c..e7d7e0ef5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Admin API: changed json structure for saving config settings. - RichMedia: parsers and their order are configured in `rich_media` config. +## [1.0.1] - 2019-07-14 +### Security +- OStatus: fix an object spoofing vulnerability. + ## [1.0.0] - 2019-06-29 ### Security - Mastodon API: Fix display names not being sanitized diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index b896a532b..cabe925f9 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -416,6 +416,7 @@ test "it ensures that as:Public activities make it to their followers collection |> Map.put("attributedTo", user.ap_id) |> Map.put("to", ["https://www.w3.org/ns/activitystreams#Public"]) |> Map.put("cc", []) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) @@ -439,6 +440,7 @@ test "it ensures that address fields become lists" do |> Map.put("attributedTo", user.ap_id) |> Map.put("to", nil) |> Map.put("cc", nil) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) From dce8ebc9eabac1a597491a0edc5c145285c55671 Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Sun, 14 Jul 2019 19:25:03 +0000 Subject: [PATCH 17/36] Unfollow should also unsubscribe --- CHANGELOG.md | 1 + lib/pleroma/web/common_api/common_api.ex | 3 ++- test/web/common_api/common_api_test.exs | 14 ++++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7d7e0ef5..7fc8db31c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text - Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have `hide_followers`/`hide_follows` set - NodeInfo: Return `skipThreadContainment` in `metadata` for the `skip_thread_containment` option +- Mastodon API: Unsubscribe followers when they unfollow a user ### Fixed - Not being able to pin unlisted posts diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index f1450b113..949baa3b0 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -31,7 +31,8 @@ def follow(follower, followed) do def unfollow(follower, unfollowed) do with {:ok, follower, _follow_activity} <- User.unfollow(follower, unfollowed), - {:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed) do + {:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed), + {:ok, _unfollowed} <- User.unsubscribe(follower, unfollowed) do {:ok, follower} end end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 958c931c4..b59b6cbf6 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -346,6 +346,20 @@ test "remove a reblog mute", %{muter: muter, muted: muted} do end end + describe "unfollow/2" do + test "also unsubscribes a user" do + [follower, followed] = insert_pair(:user) + {:ok, follower, followed, _} = CommonAPI.follow(follower, followed) + {:ok, followed} = User.subscribe(follower, followed) + + assert User.subscribed_to?(follower, followed) + + {:ok, follower} = CommonAPI.unfollow(follower, followed) + + refute User.subscribed_to?(follower, followed) + end + end + describe "accept_follow_request/2" do test "after acceptance, it sets all existing pending follow request states to 'accept'" do user = insert(:user, info: %{locked: true}) From fa17879c204980c6fb0025b2e51a978669c441da Mon Sep 17 00:00:00 2001 From: Maksim Date: Sun, 14 Jul 2019 21:01:32 +0000 Subject: [PATCH 18/36] added tests for Web.MediaProxy --- lib/pleroma/web/media_proxy/media_proxy.ex | 39 +++++----- ...ontroller.ex => media_proxy_controller.ex} | 10 ++- mix.exs | 2 +- .../media_proxy_controller_test.exs | 73 +++++++++++++++++++ .../media_proxy}/media_proxy_test.exs | 14 +++- 5 files changed, 111 insertions(+), 27 deletions(-) rename lib/pleroma/web/media_proxy/{controller.ex => media_proxy_controller.ex} (80%) create mode 100644 test/web/media_proxy/media_proxy_controller_test.exs rename test/{ => web/media_proxy}/media_proxy_test.exs (92%) diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index dd8888a02..a661e9bb7 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -3,68 +3,71 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MediaProxy do + alias Pleroma.Config + alias Pleroma.Web + @base64_opts [padding: false] - def url(nil), do: nil - - def url(""), do: nil - + def url(url) when is_nil(url) or url == "", do: nil def url("/" <> _ = url), do: url def url(url) do - if !enabled?() or local?(url) or whitelisted?(url) do + if disabled?() or local?(url) or whitelisted?(url) do url else encode_url(url) end end - defp enabled?, do: Pleroma.Config.get([:media_proxy, :enabled], false) + defp disabled?, do: !Config.get([:media_proxy, :enabled], false) defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url()) defp whitelisted?(url) do %{host: domain} = URI.parse(url) - Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern -> + Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern -> String.equivalent?(domain, pattern) end) end def encode_url(url) do - secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) base64 = Base.url_encode64(url, @base64_opts) - sig = :crypto.hmac(:sha, secret, base64) - sig64 = sig |> Base.url_encode64(@base64_opts) + + sig64 = + base64 + |> signed_url + |> Base.url_encode64(@base64_opts) build_url(sig64, base64, filename(url)) end def decode_url(sig, url) do - secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) - sig = Base.url_decode64!(sig, @base64_opts) - local_sig = :crypto.hmac(:sha, secret, url) - - if local_sig == sig do + with {:ok, sig} <- Base.url_decode64(sig, @base64_opts), + signature when signature == sig <- signed_url(url) do {:ok, Base.url_decode64!(url, @base64_opts)} else - {:error, :invalid_signature} + _ -> {:error, :invalid_signature} end end + defp signed_url(url) do + :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url) + end + def filename(url_or_path) do if path = URI.parse(url_or_path).path, do: Path.basename(path) end def build_url(sig_base64, url_base64, filename \\ nil) do [ - Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()), + Pleroma.Config.get([:media_proxy, :base_url], Web.base_url()), "proxy", sig_base64, url_base64, filename ] - |> Enum.filter(fn value -> value end) + |> Enum.filter(& &1) |> Path.join() end end diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex similarity index 80% rename from lib/pleroma/web/media_proxy/controller.ex rename to lib/pleroma/web/media_proxy/media_proxy_controller.ex index ea33d7685..1e9520d46 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -13,7 +13,7 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do with config <- Pleroma.Config.get([:media_proxy], []), true <- Keyword.get(config, :enabled, false), {:ok, url} <- MediaProxy.decode_url(sig64, url64), - :ok <- filename_matches(Map.has_key?(params, "filename"), conn.request_path, url) do + :ok <- filename_matches(params, conn.request_path, url) do ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) else false -> @@ -27,13 +27,15 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do end end - def filename_matches(has_filename, path, url) do - filename = url |> MediaProxy.filename() + def filename_matches(%{"filename" => _} = _, path, url) do + filename = MediaProxy.filename(url) - if has_filename && filename && Path.basename(path) != filename do + if filename && Path.basename(path) != filename do {:wrong_filename, filename} else :ok end end + + def filename_matches(_, _, _), do: :ok end diff --git a/mix.exs b/mix.exs index f96789d21..aa4440351 100644 --- a/mix.exs +++ b/mix.exs @@ -14,7 +14,7 @@ def project do aliases: aliases(), deps: deps(), test_coverage: [tool: ExCoveralls], - + preferred_cli_env: ["coveralls.html": :test], # Docs name: "Pleroma", homepage_url: "https://pleroma.social/", diff --git a/test/web/media_proxy/media_proxy_controller_test.exs b/test/web/media_proxy/media_proxy_controller_test.exs new file mode 100644 index 000000000..53b8f556b --- /dev/null +++ b/test/web/media_proxy/media_proxy_controller_test.exs @@ -0,0 +1,73 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2018 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do + use Pleroma.Web.ConnCase + import Mock + alias Pleroma.Config + + setup do + media_proxy_config = Config.get([:media_proxy]) || [] + on_exit(fn -> Config.put([:media_proxy], media_proxy_config) end) + :ok + end + + test "it returns 404 when MediaProxy disabled", %{conn: conn} do + Config.put([:media_proxy, :enabled], false) + + assert %Plug.Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/hhgfh/eeeee") + + assert %Plug.Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/hhgfh/eeee/fff") + end + + test "it returns 403 when signature invalidated", %{conn: conn} do + Config.put([:media_proxy, :enabled], true) + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + path = URI.parse(Pleroma.Web.MediaProxy.encode_url("https://google.fn")).path + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "000") + + assert %Plug.Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, path) + + assert %Plug.Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, "/proxy/hhgfh/eeee") + + assert %Plug.Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, "/proxy/hhgfh/eeee/fff") + end + + test "redirects on valid url when filename invalidated", %{conn: conn} do + Config.put([:media_proxy, :enabled], true) + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png") + invalid_url = String.replace(url, "test.png", "test-file.png") + response = get(conn, invalid_url) + html = "You are being redirected." + assert response.status == 302 + assert response.resp_body == html + end + + test "it performs ReverseProxy.call when signature valid", %{conn: conn} do + Config.put([:media_proxy, :enabled], true) + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png") + + with_mock Pleroma.ReverseProxy, + call: fn _conn, _url, _opts -> %Plug.Conn{status: :success} end do + assert %Plug.Conn{status: :success} = get(conn, url) + end + end +end diff --git a/test/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs similarity index 92% rename from test/media_proxy_test.exs rename to test/web/media_proxy/media_proxy_test.exs index fbf200931..cb4807e0b 100644 --- a/test/media_proxy_test.exs +++ b/test/web/media_proxy/media_proxy_test.exs @@ -2,7 +2,7 @@ # Copyright © 2017-2018 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.MediaProxyTest do +defmodule Pleroma.Web.MediaProxyTest do use ExUnit.Case import Pleroma.Web.MediaProxy alias Pleroma.Web.MediaProxy.MediaProxyController @@ -90,22 +90,28 @@ test "validates signature" do test "filename_matches preserves the encoded or decoded path" do assert MediaProxyController.filename_matches( - true, + %{"filename" => "/Hello world.jpg"}, "/Hello world.jpg", "http://pleroma.social/Hello world.jpg" ) == :ok assert MediaProxyController.filename_matches( - true, + %{"filename" => "/Hello%20world.jpg"}, "/Hello%20world.jpg", "http://pleroma.social/Hello%20world.jpg" ) == :ok assert MediaProxyController.filename_matches( - true, + %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}, "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" ) == :ok + + assert MediaProxyController.filename_matches( + %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"}, + "/my%2Flong%2Furl%2F2019%2F07%2FS.jp", + "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" + ) == {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"} end test "uses the configured base_url" do From a87c313309b73ced5970c59d00117c357f51fecb Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:00:29 +0700 Subject: [PATCH 19/36] Support `list` visibility in StatusView --- lib/pleroma/web/common_api/common_api.ex | 11 ++++------- lib/pleroma/web/common_api/utils.ex | 13 +++++++------ test/web/mastodon_api/status_view_test.exs | 13 +++++++++++++ 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 1c47a31d7..f764e87af 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -243,18 +243,15 @@ def post(user, %{"status" => status} = data) do preview? = Pleroma.Web.ControllerHelper.truthy_param?(data["preview"]) || false direct? = visibility == "direct" - additional_data = - %{"cc" => cc, "directMessage" => direct?} |> maybe_add_list_data(user, visibility) - - params = %{ + %{ to: to, actor: user, context: context, object: object, - additional: additional_data + additional: %{"cc" => cc, "directMessage" => direct?} } - - ActivityPub.create(params, preview?) + |> maybe_add_list_data(user, visibility) + |> ActivityPub.create(preview?) else {:private_to_public, true} -> {:error, dgettext("errors", "The message visibility must be direct")} diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 94b2c50fc..fed5f9de7 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -108,19 +108,20 @@ def get_addressed_users(_, to) when is_list(to) do def get_addressed_users(mentioned_users, _), do: mentioned_users - def maybe_add_list_data(additional_data, user, {:list, list_id}) do + def maybe_add_list_data(activity_params, user, {:list, list_id}) do case Pleroma.List.get(list_id, user) do %Pleroma.List{} = list -> - additional_data - |> Map.put("listMessage", list.ap_id) - |> Map.put("bcc", [list.ap_id]) + activity_params + |> put_in([:additional, "bcc"], [list.ap_id]) + |> put_in([:additional, "listMessage"], list.ap_id) + |> put_in([:object, "listMessage"], list.ap_id) _ -> - additional_data + activity_params end end - def maybe_add_list_data(additional_data, _, _), do: additional_data + def maybe_add_list_data(activity_params, _, _), do: activity_params def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data) when is_list(options) do diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index ac42819d8..995bd52c8 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -541,4 +541,17 @@ test "embeds a relationship in the account in reposts" do assert result[:reblog][:account][:pleroma][:relationship] == AccountView.render("relationship.json", %{user: user, target: user}) end + + test "visibility/list" do + user = insert(:user) + + {:ok, list} = Pleroma.List.create("foo", user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + status = StatusView.render("status.json", activity: activity) + + assert status.visibility == "list" + end end From d86a97abfb1ef32fbe76f455e8dce4ec429696b6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:20:31 +0700 Subject: [PATCH 20/36] Add an explanation comment to Publisher.publish/2 --- lib/pleroma/web/activity_pub/publisher.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index ffdd33351..18145e45f 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -131,6 +131,8 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) + # Get all the recipients on the same host and add them to cc. Otherwise it a remote + # instance would only accept a first message for the first recipient and ignore the rest. cc = get_cc_ap_ids(ap_id, recipients) json = From 0c66bb5857ca5c67630f07ff25878aaa70f3ce4b Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:27:56 +0700 Subject: [PATCH 21/36] Update documentation --- docs/api/differences_in_mastoapi_responses.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 03917fffc..d2e9bcc4b 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -16,9 +16,11 @@ Adding the parameter `with_muted=true` to the timeline queries will also return ## Statuses +- `visibility`: has an additional possible value `list` + Has these additional fields under the `pleroma` object: -- `local`: true if the post was made on the local instance. +- `local`: true if the post was made on the local instance - `conversation_id`: the ID of the conversation the status is associated with (if any) - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` From 04f18a144bdbb58f0fc774ea5530029f166b6821 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:29:13 +0700 Subject: [PATCH 22/36] Add `listMessage` to to the JSON-LD context --- priv/static/schemas/litepub-0.1.jsonld | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/priv/static/schemas/litepub-0.1.jsonld b/priv/static/schemas/litepub-0.1.jsonld index f36b231c5..57ed05eba 100644 --- a/priv/static/schemas/litepub-0.1.jsonld +++ b/priv/static/schemas/litepub-0.1.jsonld @@ -20,6 +20,10 @@ "sensitive": "as:sensitive", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", + "listMessage": { + "@id": "litepub:listMessage", + "@type": "@id" + }, "oauthRegistrationEndpoint": { "@id": "litepub:oauthRegistrationEndpoint", "@type": "@id" From d302fcaa6181cb6e2df890b724d871cb86d1e27b Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 15 Jul 2019 16:47:39 +0900 Subject: [PATCH 23/36] Dependencies: Update tzdata and related packages. --- mix.exs | 1 + mix.lock | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mix.exs b/mix.exs index aa4440351..a26bb6202 100644 --- a/mix.exs +++ b/mix.exs @@ -95,6 +95,7 @@ defp oauth_deps do defp deps do [ {:phoenix, "~> 1.4.8"}, + {:tzdata, "~> 1.0"}, {:plug_cowboy, "~> 2.0"}, {:phoenix_pubsub, "~> 1.1"}, {:phoenix_ecto, "~> 4.0"}, diff --git a/mix.lock b/mix.lock index 9c0fd0e98..dcbf80f01 100644 --- a/mix.lock +++ b/mix.lock @@ -6,7 +6,7 @@ "benchee": {:hex, :benchee, "1.0.1", "66b211f9bfd84bd97e6d1beaddf8fc2312aaabe192f776e8931cb0c16f53a521", [:mix], [{:deep_merge, "~> 1.0", [hex: :deep_merge, repo: "hexpm", optional: false]}], "hexpm"}, "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm"}, "cachex": {:hex, :cachex, "3.0.2", "1351caa4e26e29f7d7ec1d29b53d6013f0447630bbf382b4fb5d5bad0209f203", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm"}, - "calendar": {:hex, :calendar, "0.17.4", "22c5e8d98a4db9494396e5727108dffb820ee0d18fed4b0aa8ab76e4f5bc32f1", [:mix], [{:tzdata, "~> 0.5.8 or ~> 0.1.201603", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, + "calendar": {:hex, :calendar, "0.17.6", "ec291cb2e4ba499c2e8c0ef5f4ace974e2f9d02ae9e807e711a9b0c7850b9aee", [:mix], [{:tzdata, "~> 0.5.20 or ~> 0.1.201603 or ~> 1.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm"}, "comeonin": {:hex, :comeonin, "4.1.1", "c7304fc29b45b897b34142a91122bc72757bc0c295e9e824999d5179ffc08416", [:mix], [{:argon2_elixir, "~> 1.2", [hex: :argon2_elixir, repo: "hexpm", optional: true]}, {:bcrypt_elixir, "~> 0.12.1 or ~> 1.0", [hex: :bcrypt_elixir, repo: "hexpm", optional: true]}, {:pbkdf2_elixir, "~> 0.12", [hex: :pbkdf2_elixir, repo: "hexpm", optional: true]}], "hexpm"}, @@ -82,9 +82,9 @@ "syslog": {:git, "https://github.com/Vagabond/erlang-syslog.git", "4a6c6f2c996483e86c1320e9553f91d337bcb6aa", [tag: "1.0.5"]}, "telemetry": {:hex, :telemetry, "0.4.0", "8339bee3fa8b91cb84d14c2935f8ecf399ccd87301ad6da6b71c09553834b2ab", [:rebar3], [], "hexpm"}, "tesla": {:hex, :tesla, "1.2.1", "864783cc27f71dd8c8969163704752476cec0f3a51eb3b06393b3971dc9733ff", [:mix], [{:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "~> 4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm"}, - "timex": {:hex, :timex, "3.5.0", "b0a23167da02d0fe4f1a4e104d1f929a00d348502b52432c05de875d0b9cffa5", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, + "timex": {:hex, :timex, "3.6.1", "efdf56d0e67a6b956cc57774353b0329c8ab7726766a11547e529357ffdc1d56", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, - "tzdata": {:hex, :tzdata, "0.5.20", "304b9e98a02840fb32a43ec111ffbe517863c8566eb04a061f1c4dbb90b4d84c", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"}, + "tzdata": {:hex, :tzdata, "1.0.1", "f6027a331af7d837471248e62733c6ebee86a72e57c613aa071ebb1f750fc71a", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"}, "ueberauth": {:hex, :ueberauth, "0.6.1", "9e90d3337dddf38b1ca2753aca9b1e53d8a52b890191cdc55240247c89230412", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm"}, "unsafe": {:hex, :unsafe, "1.0.0", "7c21742cd05380c7875546b023481d3a26f52df8e5dfedcb9f958f322baae305", [:mix], [], "hexpm"}, From de13c9bb8fc08b12d9694f63f92935ba39a51118 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:54:40 +0700 Subject: [PATCH 24/36] List messages must be visible for mentioned users --- lib/pleroma/web/activity_pub/visibility.ex | 9 +++++---- lib/pleroma/web/common_api/utils.ex | 2 +- test/web/activity_pub/visibilty_test.exs | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex index e0282d758..2666edc7c 100644 --- a/lib/pleroma/web/activity_pub/visibility.ex +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -39,10 +39,11 @@ def is_list?(_), do: false def visible_for_user?(%{actor: ap_id}, %User{ap_id: ap_id}), do: true - def visible_for_user?(%{data: %{"listMessage" => list_ap_id}}, %User{} = user) do - list_ap_id - |> Pleroma.List.get_by_ap_id() - |> Pleroma.List.member?(user) + def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{} = user) do + user.ap_id in activity.data["to"] || + list_ap_id + |> Pleroma.List.get_by_ap_id() + |> Pleroma.List.member?(user) end def visible_for_user?(%{data: %{"listMessage" => _}}, nil), do: false diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index fed5f9de7..f28a96320 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -100,7 +100,7 @@ def get_to_and_cc(_user, mentioned_users, inReplyTo, "direct") do end end - def get_to_and_cc(_user, _mentions, _inReplyTo, _), do: {[], []} + def get_to_and_cc(_user, mentions, _inReplyTo, {:list, _}), do: {mentions, []} def get_addressed_users(_, to) when is_list(to) do User.get_ap_ids_by_nicknames(to) diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs index 2ce6928c4..b62a89e68 100644 --- a/test/web/activity_pub/visibilty_test.exs +++ b/test/web/activity_pub/visibilty_test.exs @@ -126,13 +126,13 @@ test "visible_for_user?", %{ assert Visibility.visible_for_user?(direct, user) assert Visibility.visible_for_user?(list, user) - # All visible to a mentioned user, except when it's a list activity + # All visible to a mentioned user assert Visibility.visible_for_user?(public, mentioned) assert Visibility.visible_for_user?(private, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(direct, mentioned) - refute(Visibility.visible_for_user?(list, mentioned)) + assert Visibility.visible_for_user?(list, mentioned) # DM not visible for just follower From c66044b923bf90647abd7f581ea67542ba53db10 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 11:00:55 +0300 Subject: [PATCH 25/36] atom keys with leading : --- lib/mix/tasks/pleroma/config.ex | 6 +-- lib/pleroma/config/transfer_task.ex | 2 +- .../admin_api/admin_api_controller_test.exs | 47 +++++++++++++++++-- 3 files changed, 47 insertions(+), 8 deletions(-) diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index a71bcd447..4868866d6 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -59,11 +59,11 @@ def run(["migrate_from_db", env, delete?]) do do: ",", else: ":" + key = String.trim_leading(config.key, ":") + IO.write( file, - "config :#{config.group}, #{config.key}#{mark} #{ - inspect(Config.from_binary(config.value)) - }\r\n" + "config :#{config.group}, #{key}#{mark} #{inspect(Config.from_binary(config.value))}\r\n" ) if delete? do diff --git a/lib/pleroma/config/transfer_task.ex b/lib/pleroma/config/transfer_task.ex index 3c13a0558..7799b2a78 100644 --- a/lib/pleroma/config/transfer_task.ex +++ b/lib/pleroma/config/transfer_task.ex @@ -35,7 +35,7 @@ defp update_env(setting) do if String.starts_with?(setting.key, "Pleroma.") do "Elixir." <> setting.key else - setting.key + String.trim_leading(setting.key, ":") end group = String.to_existing_atom(setting.group) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 1b71cbff3..ee48b752c 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -1720,7 +1720,7 @@ test "settings with nesting map", %{conn: conn} do configs: [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => [ %{"tuple" => [":key2", "some_val"]}, %{ @@ -1750,7 +1750,7 @@ test "settings with nesting map", %{conn: conn} do "configs" => [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => [ %{"tuple" => [":key2", "some_val"]}, %{ @@ -1782,7 +1782,7 @@ test "value as map", %{conn: conn} do configs: [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => %{"key" => "some_val"} } ] @@ -1793,7 +1793,7 @@ test "value as map", %{conn: conn} do "configs" => [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => %{"key" => "some_val"} } ] @@ -1862,6 +1862,45 @@ test "dispatch setting", %{conn: conn} do ] } end + + test "queues key as atom", %{conn: conn} do + conn = + post(conn, "/api/pleroma/admin/config", %{ + configs: [ + %{ + "group" => "pleroma_job_queue", + "key" => ":queues", + "value" => [ + %{"tuple" => [":federator_incoming", 50]}, + %{"tuple" => [":federator_outgoing", 50]}, + %{"tuple" => [":web_push", 50]}, + %{"tuple" => [":mailer", 10]}, + %{"tuple" => [":transmogrifier", 20]}, + %{"tuple" => [":scheduled_activities", 10]}, + %{"tuple" => [":background", 5]} + ] + } + ] + }) + + assert json_response(conn, 200) == %{ + "configs" => [ + %{ + "group" => "pleroma_job_queue", + "key" => ":queues", + "value" => [ + %{"tuple" => [":federator_incoming", 50]}, + %{"tuple" => [":federator_outgoing", 50]}, + %{"tuple" => [":web_push", 50]}, + %{"tuple" => [":mailer", 10]}, + %{"tuple" => [":transmogrifier", 20]}, + %{"tuple" => [":scheduled_activities", 10]}, + %{"tuple" => [":background", 5]} + ] + } + ] + } + end end end From b8607c151c946f64e6cfadf84caa3921fffad02d Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 15:45:27 +0300 Subject: [PATCH 26/36] migrating task refactor --- lib/mix/tasks/pleroma/config.ex | 18 +++++++++--------- test/tasks/config_test.exs | 12 ++++++------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index 4868866d6..a7d0fac5d 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -28,6 +28,14 @@ def run(["migrate_to_db"]) do |> Enum.reject(fn {k, _v} -> k in [Pleroma.Repo, :env] end) |> Enum.each(fn {k, v} -> key = to_string(k) |> String.replace("Elixir.", "") + + key = + if String.starts_with?(key, "Pleroma.") do + key + else + ":" <> key + end + {:ok, _} = Config.update_or_create(%{group: "pleroma", key: key, value: v}) Mix.shell().info("#{key} is migrated.") end) @@ -53,17 +61,9 @@ def run(["migrate_from_db", env, delete?]) do Repo.all(Config) |> Enum.each(fn config -> - mark = - if String.starts_with?(config.key, "Pleroma.") or - String.starts_with?(config.key, "Ueberauth"), - do: ",", - else: ":" - - key = String.trim_leading(config.key, ":") - IO.write( file, - "config :#{config.group}, #{key}#{mark} #{inspect(Config.from_binary(config.value))}\r\n" + "config :#{config.group}, #{config.key}, #{inspect(Config.from_binary(config.value))}\r\n\r\n" ) if delete? do diff --git a/test/tasks/config_test.exs b/test/tasks/config_test.exs index bbcc57217..a9b79eb5b 100644 --- a/test/tasks/config_test.exs +++ b/test/tasks/config_test.exs @@ -34,8 +34,8 @@ test "settings are migrated to db" do Mix.Tasks.Pleroma.Config.run(["migrate_to_db"]) - first_db = Config.get_by_params(%{group: "pleroma", key: "first_setting"}) - second_db = Config.get_by_params(%{group: "pleroma", key: "second_setting"}) + first_db = Config.get_by_params(%{group: "pleroma", key: ":first_setting"}) + second_db = Config.get_by_params(%{group: "pleroma", key: ":second_setting"}) refute Config.get_by_params(%{group: "pleroma", key: "Pleroma.Repo"}) assert Config.from_binary(first_db.value) == [key: "value", key2: [Pleroma.Repo]] @@ -45,13 +45,13 @@ test "settings are migrated to db" do test "settings are migrated to file and deleted from db", %{temp_file: temp_file} do Config.create(%{ group: "pleroma", - key: "setting_first", + key: ":setting_first", value: [key: "value", key2: [Pleroma.Activity]] }) Config.create(%{ group: "pleroma", - key: "setting_second", + key: ":setting_second", value: [key: "valu2", key2: [Pleroma.Repo]] }) @@ -61,7 +61,7 @@ test "settings are migrated to file and deleted from db", %{temp_file: temp_file assert File.exists?(temp_file) {:ok, file} = File.read(temp_file) - assert file =~ "config :pleroma, setting_first:" - assert file =~ "config :pleroma, setting_second:" + assert file =~ "config :pleroma, :setting_first," + assert file =~ "config :pleroma, :setting_second," end end From c32384c1ea433bb0f5f087707d0165cea1f23d45 Mon Sep 17 00:00:00 2001 From: Maksim Date: Mon, 15 Jul 2019 13:01:22 +0000 Subject: [PATCH 27/36] tests for Pleroma.Signature --- lib/pleroma/keys.ex | 12 ++-- lib/pleroma/user.ex | 21 +++--- lib/pleroma/web/activity_pub/utils.ex | 8 +-- test/signature_test.exs | 99 +++++++++++++++++++++++++++ 4 files changed, 116 insertions(+), 24 deletions(-) create mode 100644 test/signature_test.exs diff --git a/lib/pleroma/keys.ex b/lib/pleroma/keys.ex index b7bc7a4da..6dd31d3bd 100644 --- a/lib/pleroma/keys.ex +++ b/lib/pleroma/keys.ex @@ -35,10 +35,12 @@ def generate_rsa_pem do end def keys_from_pem(pem) do - [private_key_code] = :public_key.pem_decode(pem) - private_key = :public_key.pem_entry_decode(private_key_code) - {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key - public_key = {:RSAPublicKey, modulus, exponent} - {:ok, private_key, public_key} + with [private_key_code] <- :public_key.pem_decode(pem), + private_key <- :public_key.pem_entry_decode(private_key_code), + {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} <- private_key do + {:ok, private_key, {:RSAPublicKey, modulus, exponent}} + else + error -> {:error, error} + end end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 29c87d4a9..ffba3f390 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1190,10 +1190,12 @@ def public_key_from_info(%{ end # OStatus Magic Key - def public_key_from_info(%{magic_key: magic_key}) do + def public_key_from_info(%{magic_key: magic_key}) when not is_nil(magic_key) do {:ok, Pleroma.Web.Salmon.decode_key(magic_key)} end + def public_key_from_info(_), do: {:error, "not found key"} + def get_public_key_for_ap_id(ap_id) do with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id), {:ok, public_key} <- public_key_from_info(user.info) do @@ -1379,23 +1381,16 @@ def get_mascot(%{info: %{mascot: mascot}}) when is_nil(mascot) do } end - def ensure_keys_present(user) do - info = user.info - + def ensure_keys_present(%User{info: info} = user) do if info.keys do {:ok, user} else {:ok, pem} = Keys.generate_rsa_pem() - info_cng = - info - |> User.Info.set_keys(pem) - - cng = - Ecto.Changeset.change(user) - |> Ecto.Changeset.put_embed(:info, info_cng) - - update_and_set_cache(cng) + user + |> Ecto.Changeset.change() + |> Ecto.Changeset.put_embed(:info, User.Info.set_keys(info, pem)) + |> update_and_set_cache() end end diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 4288ea4c8..c146f59d4 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -25,12 +25,8 @@ defmodule Pleroma.Web.ActivityPub.Utils do # Some implementations send the actor URI as the actor field, others send the entire actor object, # so figure out what the actor's URI is based on what we have. - def get_ap_id(object) do - case object do - %{"id" => id} -> id - id -> id - end - end + def get_ap_id(%{"id" => id} = _), do: id + def get_ap_id(id), do: id def normalize_params(params) do Map.put(params, "actor", get_ap_id(params["actor"])) diff --git a/test/signature_test.exs b/test/signature_test.exs new file mode 100644 index 000000000..4920196c7 --- /dev/null +++ b/test/signature_test.exs @@ -0,0 +1,99 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.SignatureTest do + use Pleroma.DataCase + + import Pleroma.Factory + import Tesla.Mock + + alias Pleroma.Signature + + setup do + mock(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + @private_key "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA48qb4v6kqigZutO9Ot0wkp27GIF2LiVaADgxQORZozZR63jH\nTaoOrS3Xhngbgc8SSOhfXET3omzeCLqaLNfXnZ8OXmuhJfJSU6mPUvmZ9QdT332j\nfN/g3iWGhYMf/M9ftCKh96nvFVO/tMruzS9xx7tkrfJjehdxh/3LlJMMImPtwcD7\nkFXwyt1qZTAU6Si4oQAJxRDQXHp1ttLl3Ob829VM7IKkrVmY8TD+JSlV0jtVJPj6\n1J19ytKTx/7UaucYvb9HIiBpkuiy5n/irDqKLVf5QEdZoNCdojOZlKJmTLqHhzKP\n3E9TxsUjhrf4/EqegNc/j982RvOxeu4i40zMQwIDAQABAoIBAQDH5DXjfh21i7b4\ncXJuw0cqget617CDUhemdakTDs9yH+rHPZd3mbGDWuT0hVVuFe4vuGpmJ8c+61X0\nRvugOlBlavxK8xvYlsqTzAmPgKUPljyNtEzQ+gz0I+3mH2jkin2rL3D+SksZZgKm\nfiYMPIQWB2WUF04gB46DDb2mRVuymGHyBOQjIx3WC0KW2mzfoFUFRlZEF+Nt8Ilw\nT+g/u0aZ1IWoszbsVFOEdghgZET0HEarum0B2Je/ozcPYtwmU10iBANGMKdLqaP/\nj954BPunrUf6gmlnLZKIKklJj0advx0NA+cL79+zeVB3zexRYSA5o9q0WPhiuTwR\n/aedWHnBAoGBAP0sDWBAM1Y4TRAf8ZI9PcztwLyHPzfEIqzbObJJnx1icUMt7BWi\n+/RMOnhrlPGE1kMhOqSxvXYN3u+eSmWTqai2sSH5Hdw2EqnrISSTnwNUPINX7fHH\njEkgmXQ6ixE48SuBZnb4w1EjdB/BA6/sjL+FNhggOc87tizLTkMXmMtTAoGBAOZV\n+wPuAMBDBXmbmxCuDIjoVmgSlgeRunB1SA8RCPAFAiUo3+/zEgzW2Oz8kgI+xVwM\n33XkLKrWG1Orhpp6Hm57MjIc5MG+zF4/YRDpE/KNG9qU1tiz0UD5hOpIU9pP4bR/\ngxgPxZzvbk4h5BfHWLpjlk8UUpgk6uxqfti48c1RAoGBALBOKDZ6HwYRCSGMjUcg\n3NPEUi84JD8qmFc2B7Tv7h2he2ykIz9iFAGpwCIyETQsJKX1Ewi0OlNnD3RhEEAy\nl7jFGQ+mkzPSeCbadmcpYlgIJmf1KN/x7fDTAepeBpCEzfZVE80QKbxsaybd3Dp8\nCfwpwWUFtBxr4c7J+gNhAGe/AoGAPn8ZyqkrPv9wXtyfqFjxQbx4pWhVmNwrkBPi\nZ2Qh3q4dNOPwTvTO8vjghvzIyR8rAZzkjOJKVFgftgYWUZfM5gE7T2mTkBYq8W+U\n8LetF+S9qAM2gDnaDx0kuUTCq7t87DKk6URuQ/SbI0wCzYjjRD99KxvChVGPBHKo\n1DjqMuECgYEAgJGNm7/lJCS2wk81whfy/ttKGsEIkyhPFYQmdGzSYC5aDc2gp1R3\nxtOkYEvdjfaLfDGEa4UX8CHHF+w3t9u8hBtcdhMH6GYb9iv6z0VBTt4A/11HUR49\n3Z7TQ18Iyh3jAUCzFV9IJlLIExq5Y7P4B3ojWFBN607sDCt8BMPbDYs=\n-----END RSA PRIVATE KEY-----" + + @public_key %{ + "id" => "https://mastodon.social/users/lambadalambda#main-key", + "owner" => "https://mastodon.social/users/lambadalambda", + "publicKeyPem" => + "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0P/Tq4gb4G/QVuMGbJo\nC/AfMNcv+m7NfrlOwkVzcU47jgESuYI4UtJayissCdBycHUnfVUd9qol+eznSODz\nCJhfJloqEIC+aSnuEPGA0POtWad6DU0E6/Ho5zQn5WAWUwbRQqowbrsm/GHo2+3v\neR5jGenwA6sYhINg/c3QQbksyV0uJ20Umyx88w8+TJuv53twOfmyDWuYNoQ3y5cc\nHKOZcLHxYOhvwg3PFaGfFHMFiNmF40dTXt9K96r7sbzc44iLD+VphbMPJEjkMuf8\nPGEFOBzy8pm3wJZw2v32RNW2VESwMYyqDzwHXGSq1a73cS7hEnc79gXlELsK04L9\nQQIDAQAB\n-----END PUBLIC KEY-----\n" + } + + @rsa_public_key { + :RSAPublicKey, + 24_650_000_183_914_698_290_885_268_529_673_621_967_457_234_469_123_179_408_466_269_598_577_505_928_170_923_974_132_111_403_341_217_239_999_189_084_572_368_839_502_170_501_850_920_051_662_384_964_248_315_257_926_552_945_648_828_895_432_624_227_029_881_278_113_244_073_644_360_744_504_606_177_648_469_825_063_267_913_017_309_199_785_535_546_734_904_379_798_564_556_494_962_268_682_532_371_146_333_972_821_570_577_277_375_020_977_087_539_994_500_097_107_935_618_711_808_260_846_821_077_839_605_098_669_707_417_692_791_905_543_116_911_754_774_323_678_879_466_618_738_207_538_013_885_607_095_203_516_030_057_611_111_308_904_599_045_146_148_350_745_339_208_006_497_478_057_622_336_882_506_112_530_056_970_653_403_292_123_624_453_213_574_011_183_684_739_084_105_206_483_178_943_532_208_537_215_396_831_110_268_758_639_826_369_857, + # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength + 65_537 + } + + describe "fetch_public_key/1" do + test "it returns key" do + expected_result = {:ok, @rsa_public_key} + + user = insert(:user, %{info: %{source_data: %{"publicKey" => @public_key}}}) + + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => user.ap_id}}) == + expected_result + end + + test "it returns error when not found user" do + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => "test-ap_id"}}) == + {:error, :error} + end + + test "it returns error if public key is empty" do + user = insert(:user, %{info: %{source_data: %{"publicKey" => %{}}}}) + + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => user.ap_id}}) == + {:error, :error} + end + end + + describe "refetch_public_key/1" do + test "it returns key" do + ap_id = "https://mastodon.social/users/lambadalambda" + + assert Signature.refetch_public_key(%Plug.Conn{params: %{"actor" => ap_id}}) == + {:ok, @rsa_public_key} + end + + test "it returns error when not found user" do + assert Signature.refetch_public_key(%Plug.Conn{params: %{"actor" => "test-ap_id"}}) == + {:error, {:error, :ok}} + end + end + + describe "sign/2" do + test "it returns signature headers" do + user = + insert(:user, %{ + ap_id: "https://mastodon.social/users/lambadalambda", + info: %{keys: @private_key} + }) + + assert Signature.sign( + user, + %{ + host: "test.test", + "content-length": 100 + } + ) == + "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\"" + end + + test "it returns error" do + user = + insert(:user, %{ap_id: "https://mastodon.social/users/lambadalambda", info: %{keys: ""}}) + + assert Signature.sign( + user, + %{host: "test.test", "content-length": 100} + ) == {:error, []} + end + end +end From 105f437ce91e1416f10ad90f56dfd47d16913f40 Mon Sep 17 00:00:00 2001 From: Moonman Date: Mon, 15 Jul 2019 08:36:51 -0700 Subject: [PATCH 28/36] formatting --- lib/pleroma/plugs/authentication_plug.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 48dc1f818..eec514892 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -16,8 +16,10 @@ def checkpw(password, password_hash) do cond do String.starts_with?(password_hash, "$pbkdf2") -> Pbkdf2.checkpw(password, password_hash) + String.starts_with?(password_hash, "$6") -> :crypt.crypt(password, password_hash) == password_hash + true -> Logger.error("Password hash not recognized") false From 33fd4c0ed7dd11b87c17424a568c44569797a609 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 20:53:07 +0300 Subject: [PATCH 29/36] query fix --- lib/pleroma/notification.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index ee7b37aab..d47229258 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -65,7 +65,7 @@ def for_user_query(user, opts) do |> join(:left, [n, a], tm in Pleroma.ThreadMute, on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data) ) - |> where([n, a, o, tm], is_nil(tm.id)) + |> where([n, a, o, tm], is_nil(tm.user_id)) end end From b74300bc7a02912489033ea23ccaf876881ef650 Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Mon, 15 Jul 2019 19:47:23 +0000 Subject: [PATCH 30/36] Add more tests for MastodonAPIController and CommonAPI --- lib/pleroma/web/common_api/common_api.ex | 10 - .../mastodon_api/mastodon_api_controller.ex | 20 +- test/reverse_proxy_test.exs | 1 - test/web/common_api/common_api_test.exs | 38 +++ test/web/common_api/common_api_utils_test.exs | 19 +- .../mastodon_api_controller_test.exs | 251 ++++++++++++++++-- 6 files changed, 289 insertions(+), 50 deletions(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 44669b228..44af6a773 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -4,7 +4,6 @@ defmodule Pleroma.Web.CommonAPI do alias Pleroma.Activity - alias Pleroma.Bookmark alias Pleroma.Formatter alias Pleroma.Object alias Pleroma.ThreadMute @@ -356,15 +355,6 @@ def thread_muted?(user, activity) do end end - def bookmarked?(user, activity) do - with %Bookmark{} <- Bookmark.get(user.id, activity.id) do - true - else - _ -> - false - end - end - def report(user, data) do with {:account_id, %{"account_id" => account_id}} <- {:account_id, data}, {:account, %User{} = account} <- {:account, User.get_cached_by_id(account_id)}, diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index b3513b5bf..f4aa576f7 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -693,11 +693,6 @@ def pin_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) - else - {:error, reason} -> - conn - |> put_status(:bad_request) - |> json(%{"error" => reason}) end end @@ -738,11 +733,6 @@ def mute_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user, as: :activity}) - else - {:error, reason} -> - conn - |> put_resp_content_type("application/json") - |> send_resp(:bad_request, Jason.encode!(%{"error" => reason})) end end @@ -881,7 +871,7 @@ def get_mascot(%{assigns: %{user: user}} = conn, _params) do end def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), + with %Activity{data: %{"object" => object}} <- Activity.get_by_id(id), %Object{data: %{"likes" => likes}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^likes) users = Repo.all(q) @@ -895,7 +885,7 @@ def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do end def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id), + with %Activity{data: %{"object" => object}} <- Activity.get_by_id(id), %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do q = from(u in User, where: u.ap_id in ^announces) users = Repo.all(q) @@ -1651,6 +1641,12 @@ def errors(conn, {:error, :not_found}) do render_error(conn, :not_found, "Record not found") end + def errors(conn, {:error, error_message}) do + conn + |> put_status(:bad_request) + |> json(%{error: error_message}) + end + def errors(conn, _) do conn |> put_status(:internal_server_error) diff --git a/test/reverse_proxy_test.exs b/test/reverse_proxy_test.exs index f542de97c..f4b7d6add 100644 --- a/test/reverse_proxy_test.exs +++ b/test/reverse_proxy_test.exs @@ -5,7 +5,6 @@ defmodule Pleroma.ReverseProxyTest do use Pleroma.Web.ConnCase, async: true import ExUnit.CaptureLog - import ExUnit.CaptureLog import Mox alias Pleroma.ReverseProxy alias Pleroma.ReverseProxy.ClientMock diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 7d8eeb12e..16b3f121d 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -141,6 +141,25 @@ test "it allows to address a list" do assert activity.recipients == [list.ap_id, user.ap_id] assert activity.data["listMessage"] == list.ap_id end + + test "it returns error when status is empty and no attachments" do + user = insert(:user) + + assert {:error, "Cannot post an empty status without attachments"} = + CommonAPI.post(user, %{"status" => ""}) + end + + test "it returns error when character limit is exceeded" do + limit = Pleroma.Config.get([:instance, :limit]) + Pleroma.Config.put([:instance, :limit], 5) + + user = insert(:user) + + assert {:error, "The status is over the character limit"} = + CommonAPI.post(user, %{"status" => "foobar"}) + + Pleroma.Config.put([:instance, :limit], limit) + end end describe "reactions" do @@ -413,4 +432,23 @@ test "after rejection, it sets all existing pending follow request states to 're assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending" end end + + describe "vote/3" do + test "does not allow to vote twice" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "Am I cute?", + "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20} + }) + + object = Object.normalize(activity) + + {:ok, _, object} = CommonAPI.vote(other_user, object, [0]) + + assert {:error, "Already voted"} == CommonAPI.vote(other_user, object, [1]) + end + end end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index b3a334d50..af320f31f 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -10,6 +10,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do alias Pleroma.Web.Endpoint use Pleroma.DataCase + import ExUnit.CaptureLog import Pleroma.Factory @public_address "https://www.w3.org/ns/activitystreams#Public" @@ -202,7 +203,9 @@ test "when date is a binary in wrong format" do expected = "" - assert Utils.date_to_asctime(date) == expected + assert capture_log(fn -> + assert Utils.date_to_asctime(date) == expected + end) =~ "[warn] Date #{date} in wrong format, must be ISO 8601" end test "when date is a Unix timestamp" do @@ -210,13 +213,23 @@ test "when date is a Unix timestamp" do expected = "" - assert Utils.date_to_asctime(date) == expected + assert capture_log(fn -> + assert Utils.date_to_asctime(date) == expected + end) =~ "[warn] Date #{date} in wrong format, must be ISO 8601" end test "when date is nil" do expected = "" - assert Utils.date_to_asctime(nil) == expected + assert capture_log(fn -> + assert Utils.date_to_asctime(nil) == expected + end) =~ "[warn] Date in wrong format, must be ISO 8601" + end + + test "when date is a random string" do + assert capture_log(fn -> + assert Utils.date_to_asctime("foo") == "" + end) =~ "[warn] Date foo in wrong format, must be ISO 8601" end end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6ffa64dc8..af24fddc1 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -35,7 +35,7 @@ test "the home timeline", %{conn: conn} do user = insert(:user) following = insert(:user) - {:ok, _activity} = TwitterAPI.create_status(following, %{"status" => "test"}) + {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"}) conn = conn @@ -58,7 +58,7 @@ test "the public timeline", %{conn: conn} do following = insert(:user) capture_log(fn -> - {:ok, _activity} = TwitterAPI.create_status(following, %{"status" => "test"}) + {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"}) {:ok, [_activity]} = OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") @@ -1004,8 +1004,8 @@ test "deleting a list", %{conn: conn} do test "list timeline", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, _activity_one} = TwitterAPI.create_status(user, %{"status" => "Marisa is cute."}) - {:ok, activity_two} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."}) + {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."}) {:ok, list} = Pleroma.List.create("name", user) {:ok, list} = Pleroma.List.follow(list, other_user) @@ -1022,10 +1022,10 @@ test "list timeline", %{conn: conn} do test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."}) {:ok, _activity_two} = - TwitterAPI.create_status(other_user, %{ + CommonAPI.post(other_user, %{ "status" => "Marisa is cute.", "visibility" => "private" }) @@ -1049,8 +1049,7 @@ test "list of notifications", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [_notification]} = Notification.create_notifications(activity) @@ -1072,8 +1071,7 @@ test "getting a single notification", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [notification]} = Notification.create_notifications(activity) @@ -1095,8 +1093,7 @@ test "dismissing a single notification", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [notification]} = Notification.create_notifications(activity) @@ -1112,8 +1109,7 @@ test "clearing all notifications", %{conn: conn} do user = insert(:user) other_user = insert(:user) - {:ok, activity} = - TwitterAPI.create_status(other_user, %{"status" => "hi @#{user.nickname}"}) + {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"}) {:ok, [_notification]} = Notification.create_notifications(activity) @@ -1395,6 +1391,17 @@ test "reblogged status for another user", %{conn: conn} do assert to_string(activity.id) == id end + + test "returns 400 error when activity is not exist", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/foo/reblog") + + assert json_response(conn, 400) == %{"error" => "Could not repeat"} + end end describe "unreblogging" do @@ -1413,6 +1420,17 @@ test "unreblogs and returns the unreblogged status", %{conn: conn} do assert to_string(activity.id) == id end + + test "returns 400 error when activity is not exist", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/foo/unreblog") + + assert json_response(conn, 400) == %{"error" => "Could not unrepeat"} + end end describe "favoriting" do @@ -1431,16 +1449,15 @@ test "favs a status and returns it", %{conn: conn} do assert to_string(activity.id) == id end - test "returns 500 for a wrong id", %{conn: conn} do + test "returns 400 error for a wrong id", %{conn: conn} do user = insert(:user) - resp = + conn = conn |> assign(:user, user) |> post("/api/v1/statuses/1/favourite") - |> json_response(500) - assert resp == "Something went wrong" + assert json_response(conn, 400) == %{"error" => "Could not favorite"} end end @@ -1461,6 +1478,17 @@ test "unfavorites a status and returns it", %{conn: conn} do assert to_string(activity.id) == id end + + test "returns 400 error for a wrong id", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/1/unfavourite") + + assert json_response(conn, 400) == %{"error" => "Could not unfavorite"} + end end describe "user timelines" do @@ -1531,10 +1559,10 @@ test "gets an users media", %{conn: conn} do media = TwitterAPI.upload(file, user, "json") - |> Poison.decode!() + |> Jason.decode!() {:ok, image_post} = - TwitterAPI.create_status(user, %{"status" => "cofe", "media_ids" => [media["media_id"]]}) + CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media["media_id"]]}) conn = conn @@ -1857,7 +1885,7 @@ test "hashtag timeline", %{conn: conn} do following = insert(:user) capture_log(fn -> - {:ok, activity} = TwitterAPI.create_status(following, %{"status" => "test #2hu"}) + {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"}) {:ok, [_activity]} = OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") @@ -2616,7 +2644,7 @@ test "get instance stats", %{conn: conn} do insert(:user, %{local: false, nickname: "u@peer1.com"}) insert(:user, %{local: false, nickname: "u@peer2.com"}) - {:ok, _} = TwitterAPI.create_status(user, %{"status" => "cofe"}) + {:ok, _} = CommonAPI.post(user, %{"status" => "cofe"}) # Stats should count users with missing or nil `info.deactivated` value user = User.get_cached_by_id(user.id) @@ -2709,6 +2737,17 @@ test "pin status", %{conn: conn, user: user, activity: activity} do |> json_response(200) end + test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do + {:ok, dm} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"}) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/#{dm.id}/pin") + + assert json_response(conn, 400) == %{"error" => "Could not pin"} + end + test "unpin status", %{conn: conn, user: user, activity: activity} do {:ok, _} = CommonAPI.pin(activity.id, user) @@ -2728,6 +2767,15 @@ test "unpin status", %{conn: conn, user: user, activity: activity} do |> json_response(200) end + test "/unpin: returns 400 error when activity is not exist", %{conn: conn, user: user} do + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/1/unpin") + + assert json_response(conn, 400) == %{"error" => "Could not unpin"} + end + test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"}) @@ -2902,6 +2950,17 @@ test "mute conversation", %{conn: conn, user: user, activity: activity} do |> json_response(200) end + test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do + {:ok, _} = CommonAPI.add_mute(user, activity) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/#{activity.id}/mute") + + assert json_response(conn, 400) == %{"error" => "conversation is already muted"} + end + test "unmute conversation", %{conn: conn, user: user, activity: activity} do {:ok, _} = CommonAPI.add_mute(user, activity) @@ -2946,7 +3005,8 @@ test "submit a report with statuses and comment", %{ |> post("/api/v1/reports", %{ "account_id" => target_user.id, "status_ids" => [activity.id], - "comment" => "bad status!" + "comment" => "bad status!", + "forward" => "false" }) |> json_response(200) end @@ -2979,6 +3039,19 @@ test "comment must be up to the size specified in the config", %{ |> post("/api/v1/reports", %{"account_id" => target_user.id, "comment" => comment}) |> json_response(400) end + + test "returns error when account is not exist", %{ + conn: conn, + reporter: reporter, + activity: activity + } do + conn = + conn + |> assign(:user, reporter) + |> post("/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"}) + + assert json_response(conn, 400) == %{"error" => "Account not found"} + end end describe "link headers" do @@ -3338,7 +3411,7 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c user2 = insert(:user) user3 = insert(:user) - {:ok, replied_to} = TwitterAPI.create_status(user1, %{"status" => "cofe"}) + {:ok, replied_to} = CommonAPI.post(user1, %{"status" => "cofe"}) # Reply to status from another user conn1 = @@ -3603,5 +3676,135 @@ test "does not allow multiple choices on a single-choice question", %{conn: conn total_items == 1 end) end + + test "does not allow choice index to be greater than options count", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "Am I cute?", + "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20} + }) + + object = Object.normalize(activity) + + conn = + conn + |> assign(:user, other_user) + |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]}) + + assert json_response(conn, 422) == %{"error" => "Invalid indices"} + end + + test "returns 404 error when object is not exist", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/polls/1/votes", %{"choices" => [0]}) + + assert json_response(conn, 404) == %{"error" => "Record not found"} + end + + test "returns 404 when poll is private and not available for user", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "Am I cute?", + "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}, + "visibility" => "private" + }) + + object = Object.normalize(activity) + + conn = + conn + |> assign(:user, other_user) + |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]}) + + assert json_response(conn, 404) == %{"error" => "Record not found"} + end + end + + describe "GET /api/v1/statuses/:id/favourited_by" do + setup do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "test"}) + + conn = + build_conn() + |> assign(:user, user) + + [conn: conn, activity: activity] + end + + test "returns users who have favorited the status", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + response = + conn + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(:ok) + + [%{"id" => id}] = response + + assert id == other_user.id + end + + test "returns empty array when status has not been favorited yet", %{ + conn: conn, + activity: activity + } do + response = + conn + |> get("/api/v1/statuses/#{activity.id}/favourited_by") + |> json_response(:ok) + + assert Enum.empty?(response) + end + end + + describe "GET /api/v1/statuses/:id/reblogged_by" do + setup do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "test"}) + + conn = + build_conn() + |> assign(:user, user) + + [conn: conn, activity: activity] + end + + test "returns users who have reblogged the status", %{conn: conn, activity: activity} do + other_user = insert(:user) + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + response = + conn + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(:ok) + + [%{"id" => id}] = response + + assert id == other_user.id + end + + test "returns empty array when status has not been reblogged yet", %{ + conn: conn, + activity: activity + } do + response = + conn + |> get("/api/v1/statuses/#{activity.id}/reblogged_by") + |> json_response(:ok) + + assert Enum.empty?(response) + end end end From 345a38778ee6861b36e7601e581eb14bebe31d82 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Mon, 15 Jul 2019 21:43:04 +0000 Subject: [PATCH 31/36] Remove dead link from the installation docs --- docs/installation/alpine_linux_en.md | 1 - docs/installation/arch_linux_en.md | 1 - docs/installation/centos7_en.md | 1 - docs/installation/debian_based_en.md | 1 - docs/installation/debian_based_jp.md | 1 - docs/installation/gentoo_en.md | 1 - 6 files changed, 6 deletions(-) diff --git a/docs/installation/alpine_linux_en.md b/docs/installation/alpine_linux_en.md index a9b5afd33..1f300f353 100644 --- a/docs/installation/alpine_linux_en.md +++ b/docs/installation/alpine_linux_en.md @@ -202,7 +202,6 @@ sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new Date: Tue, 16 Jul 2019 12:47:40 +0900 Subject: [PATCH 32/36] Status View: Poll ids are strings. All ids in mastodon are strings, in general. --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- test/web/mastodon_api/status_view_test.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 06a7251d8..de9425959 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -382,7 +382,7 @@ def render("poll.json", %{object: object} = opts) do %{ # Mastodon uses separate ids for polls, but an object can't have # more than one poll embedded so object id is fine - id: object.id, + id: to_string(object.id), expires_at: Utils.to_masto_date(end_time), expired: expired, multiple: multiple, diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index ac42819d8..6507e9864 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -423,7 +423,7 @@ test "renders a poll" do expected = %{ emojis: [], expired: false, - id: object.id, + id: to_string(object.id), multiple: false, options: [ %{title: "absolutely!", votes_count: 0}, From 7a24def4731cf773970c87b340d99d4ec3cd8906 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 16 Jul 2019 14:01:18 +0900 Subject: [PATCH 33/36] Mastodon Controller: Fix tests. --- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6ffa64dc8..f7c8ccde5 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3503,7 +3503,7 @@ test "returns poll entity for object id", %{conn: conn} do |> get("/api/v1/polls/#{object.id}") response = json_response(conn, 200) - id = object.id + id = to_string(object.id) assert %{"id" => ^id, "expired" => false, "multiple" => false} = response end From 70439494af587484550510e51ad1a31c05f66d38 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 16 Jul 2019 14:56:07 +0700 Subject: [PATCH 34/36] Fix typo --- lib/pleroma/web/activity_pub/publisher.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 18145e45f..c505223f7 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -131,7 +131,7 @@ def publish(actor, %{data: %{"bcc" => bcc}} = activity) when is_list(bcc) and bc %User{ap_id: ap_id} = Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end) - # Get all the recipients on the same host and add them to cc. Otherwise it a remote + # Get all the recipients on the same host and add them to cc. Otherwise, a remote # instance would only accept a first message for the first recipient and ignore the rest. cc = get_cc_ap_ids(ap_id, recipients) From c4ca142e14444a03250f246e189c78e70aafe9d7 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Tue, 16 Jul 2019 11:04:11 +0000 Subject: [PATCH 35/36] Add the `blocked_by` attribute to the relationship API (`GET /api/v1/accounts/relationships`) --- CHANGELOG.md | 1 + .../web/mastodon_api/views/account_view.ex | 1 + test/web/mastodon_api/account_view_test.exs | 102 ++++++++++++++---- 3 files changed, 85 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86c90da0b..f121d0fbf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API, extension: Ability to reset avatar, profile banner, and background - Mastodon API: Add support for categories for custom emojis by reusing the group feature. - Mastodon API: Add support for muting/unmuting notifications +- Mastodon API: Add support for the `blocked_by` attribute in the relationship API (`GET /api/v1/accounts/relationships`). - Admin API: Return users' tags when querying reports - Admin API: Return avatar and display name when querying users - Admin API: Allow querying user by ID diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 65bab4062..de1eef9d2 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -51,6 +51,7 @@ def render("relationship.json", %{user: %User{} = user, target: %User{} = target following: User.following?(user, target), followed_by: User.following?(target, user), blocking: User.blocks?(user, target), + blocked_by: User.blocks?(target, user), muting: User.mutes?(user, target), muting_notifications: User.muted_notifications?(user, target), subscribing: User.subscribed_to?(user, target), diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index de6aeec72..83b9db071 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -6,6 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do use Pleroma.DataCase import Pleroma.Factory alias Pleroma.User + alias Pleroma.Web.CommonAPI alias Pleroma.Web.MastodonAPI.AccountView test "Represent a user account" do @@ -165,28 +166,90 @@ test "Represent a smaller mention" do assert expected == AccountView.render("mention.json", %{user: user}) end - test "represent a relationship" do - user = insert(:user) - other_user = insert(:user) + describe "relationship" do + test "represent a relationship for the following and followed user" do + user = insert(:user) + other_user = insert(:user) - {:ok, user} = User.follow(user, other_user) - {:ok, user} = User.block(user, other_user) + {:ok, user} = User.follow(user, other_user) + {:ok, other_user} = User.follow(other_user, user) + {:ok, other_user} = User.subscribe(user, other_user) + {:ok, user} = User.mute(user, other_user, true) + {:ok, user} = CommonAPI.hide_reblogs(user, other_user) - expected = %{ - id: to_string(other_user.id), - following: false, - followed_by: false, - blocking: true, - muting: false, - muting_notifications: false, - subscribing: false, - requested: false, - domain_blocking: false, - showing_reblogs: true, - endorsed: false - } + expected = %{ + id: to_string(other_user.id), + following: true, + followed_by: true, + blocking: false, + blocked_by: false, + muting: true, + muting_notifications: true, + subscribing: true, + requested: false, + domain_blocking: false, + showing_reblogs: false, + endorsed: false + } - assert expected == AccountView.render("relationship.json", %{user: user, target: other_user}) + assert expected == + AccountView.render("relationship.json", %{user: user, target: other_user}) + end + + test "represent a relationship for the blocking and blocked user" do + user = insert(:user) + other_user = insert(:user) + + {:ok, user} = User.follow(user, other_user) + {:ok, other_user} = User.subscribe(user, other_user) + {:ok, user} = User.block(user, other_user) + {:ok, other_user} = User.block(other_user, user) + + expected = %{ + id: to_string(other_user.id), + following: false, + followed_by: false, + blocking: true, + blocked_by: true, + muting: false, + muting_notifications: false, + subscribing: false, + requested: false, + domain_blocking: false, + showing_reblogs: true, + endorsed: false + } + + assert expected == + AccountView.render("relationship.json", %{user: user, target: other_user}) + end + + test "represent a relationship for the user with a pending follow request" do + user = insert(:user) + other_user = insert(:user, %{info: %User.Info{locked: true}}) + + {:ok, user, other_user, _} = CommonAPI.follow(user, other_user) + user = User.get_cached_by_id(user.id) + other_user = User.get_cached_by_id(other_user.id) + + expected = %{ + id: to_string(other_user.id), + following: false, + followed_by: false, + blocking: false, + blocked_by: false, + muting: false, + muting_notifications: false, + subscribing: false, + requested: true, + domain_blocking: false, + showing_reblogs: true, + endorsed: false + } + + assert expected == + AccountView.render("relationship.json", %{user: user, target: other_user}) + end end test "represent an embedded relationship" do @@ -240,6 +303,7 @@ test "represent an embedded relationship" do following: false, followed_by: false, blocking: true, + blocked_by: false, subscribing: false, muting: false, muting_notifications: false, From 520ee6c59162c26caf032b2d16ca975c99b5beb5 Mon Sep 17 00:00:00 2001 From: Eugenij Date: Tue, 16 Jul 2019 11:14:46 +0000 Subject: [PATCH 36/36] Add `pleroma.deactivated` to the Account entity (Mastodon API) --- CHANGELOG.md | 1 + docs/api/differences_in_mastoapi_responses.md | 1 + lib/pleroma/web/mastodon_api/views/account_view.ex | 7 +++++++ test/web/mastodon_api/account_view_test.exs | 7 +++++++ 4 files changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f121d0fbf..f3630a1c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Add support for categories for custom emojis by reusing the group feature. - Mastodon API: Add support for muting/unmuting notifications - Mastodon API: Add support for the `blocked_by` attribute in the relationship API (`GET /api/v1/accounts/relationships`). +- Mastodon API: Add `pleroma.deactivated` to the Account entity - Admin API: Return users' tags when querying reports - Admin API: Return avatar and display name when querying users - Admin API: Allow querying user by ID diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index d2e9bcc4b..c65b11872 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -47,6 +47,7 @@ Has these additional fields under the `pleroma` object: - `hide_follows`: boolean, true when the user has follow hiding enabled - `settings_store`: A generic map of settings for frontends. Opaque to the backend. Only returned in `verify_credentials` and `update_credentials` - `chat_token`: The token needed for Pleroma chat. Only returned in `verify_credentials` +- `deactivated`: boolean, true when the user is deactivated ### Source diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index de1eef9d2..befb35c26 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -137,6 +137,7 @@ defp do_render("account.json", %{user: user} = opts) do |> maybe_put_notification_settings(user, opts[:for]) |> maybe_put_settings_store(user, opts[:for], opts) |> maybe_put_chat_token(user, opts[:for], opts) + |> maybe_put_activation_status(user, opts[:for]) end defp username_from_nickname(string) when is_binary(string) do @@ -197,6 +198,12 @@ defp maybe_put_notification_settings(data, %User{id: user_id} = user, %User{id: defp maybe_put_notification_settings(data, _, _), do: data + defp maybe_put_activation_status(data, user, %User{info: %{is_admin: true}}) do + Kernel.put_in(data, [:pleroma, :deactivated], user.info.deactivated) + end + + defp maybe_put_activation_status(data, _, _), do: data + defp image_url(%{"url" => [%{"href" => href} | _]}), do: href defp image_url(_), do: nil end diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 83b9db071..fa44d35cc 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -153,6 +153,13 @@ test "Represent a Service(bot) account" do assert expected == AccountView.render("account.json", %{user: user}) end + test "Represent a deactivated user for an admin" do + admin = insert(:user, %{info: %{is_admin: true}}) + deactivated_user = insert(:user, %{info: %{deactivated: true}}) + represented = AccountView.render("account.json", %{user: deactivated_user, for: admin}) + assert represented[:pleroma][:deactivated] == true + end + test "Represent a smaller mention" do user = insert(:user)