Merge branch 'release/1.1.6' into 'stable'

Release/1.1.6

See merge request pleroma/pleroma!1995
This commit is contained in:
rinpatch 2019-11-19 20:04:19 +00:00
commit 0ba3f1ffb2
21 changed files with 90 additions and 10 deletions

View file

@ -3,6 +3,22 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [1.1.6] - 2019-11-19
### Fixed
- Not being able to log into to third party apps when the browser is logged into mastofe
- Email confirmation not being required even when enabled
- Mastodon API: conversations API crashing when one status is malformed
### Bundled Pleroma-FE Changes
#### Added
- About page
- Meme arrows
#### Fixed
- Image modal not closing unless clicked outside of image
- Attachment upload spinner not being centered
- Showing follow counters being 0 when they are actually hidden
## [1.1.5] - 2019-11-09 ## [1.1.5] - 2019-11-09
### Fixed ### Fixed
- Polls having different numbers in timelines/notifications/poll api endpoints due to cache desyncronization - Polls having different numbers in timelines/notifications/poll api endpoints due to cache desyncronization

View file

@ -71,7 +71,7 @@ defp fetch_user_and_token(token) do
) )
# credo:disable-for-next-line Credo.Check.Readability.MaxLineLength # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
with %Token{user: %{info: %{deactivated: false} = _} = user} = token_record <- Repo.one(query) do with %Token{user: user} = token_record <- Repo.one(query) do
{:ok, user, token_record} {:ok, user, token_record}
end end
end end

View file

@ -10,10 +10,14 @@ def init(options) do
options options
end end
def call(%{assigns: %{user: %User{info: %{deactivated: true}}}} = conn, _) do def call(%{assigns: %{user: %User{} = user}} = conn, _) do
if User.auth_active?(user) do
conn
else
conn conn
|> assign(:user, nil) |> assign(:user, nil)
end end
end
def call(conn, _) do def call(conn, _) do
conn conn

View file

@ -70,6 +70,8 @@ defmodule Pleroma.User do
def auth_active?(%User{info: %User.Info{confirmation_pending: true}}), def auth_active?(%User{info: %User.Info{confirmation_pending: true}}),
do: !Pleroma.Config.get([:instance, :account_activation_required]) do: !Pleroma.Config.get([:instance, :account_activation_required])
def auth_active?(%User{info: %User.Info{deactivated: true}}), do: false
def auth_active?(%User{}), do: true def auth_active?(%User{}), do: true
def visible_for?(user, for_user \\ nil) def visible_for?(user, for_user \\ nil)

View file

@ -1671,9 +1671,10 @@ def conversations(%{assigns: %{user: user}} = conn, params) do
participations = Participation.for_user_with_last_activity_id(user, params) participations = Participation.for_user_with_last_activity_id(user, params)
conversations = conversations =
Enum.map(participations, fn participation -> ConversationView.safe_render_many(participations, ConversationView, "participation.json", %{
ConversationView.render("participation.json", %{participation: participation, for: user}) as: :participation,
end) for: user
})
conn conn
|> add_link_headers(:conversations, participations) |> add_link_headers(:conversations, participations)

View file

@ -35,7 +35,7 @@ def authorize(%Plug.Conn{} = conn, %{"authorization" => _} = params) do
authorize(conn, Map.merge(params, auth_attrs)) authorize(conn, Map.merge(params, auth_attrs))
end end
def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, params) do def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, %{"force_login" => _} = params) do
if ControllerHelper.truthy_param?(params["force_login"]) do if ControllerHelper.truthy_param?(params["force_login"]) do
do_authorize(conn, params) do_authorize(conn, params)
else else
@ -43,6 +43,22 @@ def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, params) do
end end
end end
# Note: the token is set in oauth_plug, but the token and client do not always go together.
# For example, MastodonFE's token is set if user requests with another client,
# after user already authorized to MastodonFE.
# So we have to check client and token.
def authorize(
%Plug.Conn{assigns: %{token: %Token{} = token}} = conn,
%{"client_id" => client_id} = params
) do
with %Token{} = t <- Repo.get_by(Token, token: token.token) |> Repo.preload(:app),
^client_id <- t.app.client_id do
handle_existing_authorization(conn, params)
else
_ -> do_authorize(conn, params)
end
end
def authorize(%Plug.Conn{} = conn, params), do: do_authorize(conn, params) def authorize(%Plug.Conn{} = conn, params), do: do_authorize(conn, params)
defp do_authorize(%Plug.Conn{} = conn, params) do defp do_authorize(%Plug.Conn{} = conn, params) do

View file

@ -13,6 +13,7 @@ defmodule Pleroma.Web.Router do
pipeline :oauth do pipeline :oauth do
plug(:fetch_session) plug(:fetch_session)
plug(Pleroma.Plugs.OAuthPlug) plug(Pleroma.Plugs.OAuthPlug)
plug(Pleroma.Plugs.UserEnabledPlug)
end end
pipeline :api do pipeline :api do

View file

@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do def project do
[ [
app: :pleroma, app: :pleroma,
version: version("1.1.5"), version: version("1.1.6"),
elixir: "~> 1.7", elixir: "~> 1.7",
elixirc_paths: elixirc_paths(Mix.env()), elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix, :gettext] ++ Mix.compilers(), compilers: [:phoenix, :gettext] ++ Mix.compilers(),

View file

@ -1 +1 @@
<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.fd71461124f3eb029b1b.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><script type=text/javascript src=/static/js/vendors~app.5c3fab032deb5f2793cb.js></script><script type=text/javascript src=/static/js/app.105d64a8fcdd6724ccde.js></script></body></html> <!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.fd71461124f3eb029b1b.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><script type=text/javascript src=/static/js/vendors~app.76db8e4cdf29decd5cab.js></script><script type=text/javascript src=/static/js/app.d20ca27d22d74eb7bce0.js></script></body></html>

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -16,6 +16,23 @@ test "doesn't do anything if the user isn't set", %{conn: conn} do
assert ret_conn == conn assert ret_conn == conn
end end
test "with a user that's not confirmed and a config requiring confirmation, it removes that user",
%{conn: conn} do
old = Pleroma.Config.get([:instance, :account_activation_required])
Pleroma.Config.put([:instance, :account_activation_required], true)
user = insert(:user, info: %{confirmation_pending: true})
conn =
conn
|> assign(:user, user)
|> UserEnabledPlug.call(%{})
assert conn.assigns.user == nil
Pleroma.Config.put([:instance, :account_activation_required], old)
end
test "with a user that is deactivated, it removes that user", %{conn: conn} do test "with a user that is deactivated, it removes that user", %{conn: conn} do
user = insert(:user, info: %{deactivated: true}) user = insert(:user, info: %{deactivated: true})

View file

@ -468,6 +468,29 @@ test "renders authentication page if user is already authenticated but `force_lo
assert html_response(conn, 200) =~ ~s(type="submit") assert html_response(conn, 200) =~ ~s(type="submit")
end end
test "renders authentication page if user is already authenticated but user request with another client",
%{
app: app,
conn: conn
} do
token = insert(:oauth_token, app_id: app.id)
conn =
conn
|> put_session(:oauth_token, token.token)
|> get(
"/oauth/authorize",
%{
"response_type" => "code",
"client_id" => "another_client_id",
"redirect_uri" => OAuthController.default_redirect_uri(app),
"scope" => "read"
}
)
assert html_response(conn, 200) =~ ~s(type="submit")
end
test "with existing authentication and non-OOB `redirect_uri`, redirects to app with `token` and `state` params", test "with existing authentication and non-OOB `redirect_uri`, redirects to app with `token` and `state` params",
%{ %{
app: app, app: app,