From eb7313b0d364ce6a0298d43fc86403d2e7dfc739 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Wed, 21 Oct 2020 10:23:10 +0200 Subject: [PATCH 01/15] Pipeline Ingestion: Page --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- .../web/activity_pub/object_validator.ex | 15 ++--- ...ator.ex => article_note_page_validator.ex} | 4 +- lib/pleroma/web/activity_pub/side_effects.ex | 2 +- .../web/activity_pub/transmogrifier.ex | 62 +------------------ test/fixtures/tesla_mock/lemmy-page.json | 17 +++++ test/fixtures/tesla_mock/lemmy-user.json | 27 ++++++++ ...s => article_note_page_validator_test.exs} | 6 +- .../transmogrifier/page_handling_test.exs | 36 +++++++++++ 9 files changed, 96 insertions(+), 75 deletions(-) rename lib/pleroma/web/activity_pub/object_validators/{article_note_validator.ex => article_note_page_validator.ex} (96%) create mode 100644 test/fixtures/tesla_mock/lemmy-page.json create mode 100644 test/fixtures/tesla_mock/lemmy-user.json rename test/pleroma/web/activity_pub/object_validators/{article_note_validator_test.exs => article_note_page_validator_test.exs} (76%) create mode 100644 test/pleroma/web/activity_pub/transmogrifier/page_handling_test.exs diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 18368943d..30b4f65d3 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -88,7 +88,7 @@ defp increase_replies_count_if_reply(%{ defp increase_replies_count_if_reply(_create_data), do: :noop - @object_types ~w[ChatMessage Question Answer Audio Video Event Article Note] + @object_types ~w[ChatMessage Question Answer Audio Video Event Article Note Page] @impl true def persist(%{"type" => type} = object, meta) when type in @object_types do with {:ok, object} <- Object.create(object) do diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex index 248a12a36..e642916d8 100644 --- a/lib/pleroma/web/activity_pub/object_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validator.ex @@ -20,7 +20,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do alias Pleroma.Web.ActivityPub.ObjectValidators.AddRemoveValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AnnounceValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AnswerValidator - alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AudioVideoValidator alias Pleroma.Web.ActivityPub.ObjectValidators.BlockValidator alias Pleroma.Web.ActivityPub.ObjectValidators.ChatMessageValidator @@ -102,7 +102,7 @@ def validate( %{"type" => "Create", "object" => %{"type" => objtype} = object} = create_activity, meta ) - when objtype in ~w[Question Answer Audio Video Event Article Note] do + when objtype in ~w[Question Answer Audio Video Event Article Note Page] do with {:ok, object_data} <- cast_and_apply(object), meta = Keyword.put(meta, :object_data, object_data |> stringify_keys), {:ok, create_activity} <- @@ -115,15 +115,16 @@ def validate( end def validate(%{"type" => type} = object, meta) - when type in ~w[Event Question Audio Video Article Note] do + when type in ~w[Event Question Audio Video Article Note Page] do validator = case type do "Event" -> EventValidator "Question" -> QuestionValidator "Audio" -> AudioVideoValidator "Video" -> AudioVideoValidator - "Article" -> ArticleNoteValidator - "Note" -> ArticleNoteValidator + "Article" -> ArticleNotePageValidator + "Note" -> ArticleNotePageValidator + "Page" -> ArticleNotePageValidator end with {:ok, object} <- @@ -195,8 +196,8 @@ def cast_and_apply(%{"type" => "Event"} = object) do EventValidator.cast_and_apply(object) end - def cast_and_apply(%{"type" => type} = object) when type in ~w[Article Note] do - ArticleNoteValidator.cast_and_apply(object) + def cast_and_apply(%{"type" => type} = object) when type in ~w[Article Note Page] do + ArticleNotePageValidator.cast_and_apply(object) end def cast_and_apply(o), do: {:error, {:validator_not_set, o}} diff --git a/lib/pleroma/web/activity_pub/object_validators/article_note_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex similarity index 96% rename from lib/pleroma/web/activity_pub/object_validators/article_note_validator.ex rename to lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex index 193f85f49..0d987116c 100644 --- a/lib/pleroma/web/activity_pub/object_validators/article_note_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex @@ -2,7 +2,7 @@ # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidator do +defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do use Ecto.Schema alias Pleroma.EctoType.ActivityPub.ObjectValidators @@ -113,7 +113,7 @@ def changeset(struct, data) do defp validate_data(data_cng) do data_cng - |> validate_inclusion(:type, ["Article", "Note"]) + |> validate_inclusion(:type, ["Article", "Note", "Page"]) |> validate_required([:id, :actor, :attributedTo, :type, :context, :context_id]) |> CommonValidations.validate_any_presence([:cc, :to]) |> CommonValidations.validate_fields_match([:actor, :attributedTo]) diff --git a/lib/pleroma/web/activity_pub/side_effects.ex b/lib/pleroma/web/activity_pub/side_effects.ex index 674356d9a..3670de45c 100644 --- a/lib/pleroma/web/activity_pub/side_effects.ex +++ b/lib/pleroma/web/activity_pub/side_effects.ex @@ -436,7 +436,7 @@ def handle_object_creation(%{"type" => "Answer"} = object_map, meta) do end def handle_object_creation(%{"type" => objtype} = object, meta) - when objtype in ~w[Audio Video Question Event Article Note] do + when objtype in ~w[Audio Video Question Event Article Note Page] do with {:ok, object, meta} <- Pipeline.common_pipeline(object, meta) do {:ok, object, meta} end diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 51c0cc860..142af1a13 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -353,29 +353,6 @@ defp get_reported(objects) do end) end - # Compatibility wrapper for Mastodon votes - defp handle_create(%{"object" => %{"type" => "Answer"}} = data, _user) do - handle_incoming(data) - end - - defp handle_create(%{"object" => object} = data, user) do - %{ - to: data["to"], - object: object, - actor: user, - context: object["context"], - local: false, - published: data["published"], - additional: - Map.take(data, [ - "cc", - "directMessage", - "id" - ]) - } - |> ActivityPub.create() - end - def handle_incoming(data, options \\ []) # Flag objects are placed ahead of the ID check because Mastodon 2.8 and earlier send them @@ -407,43 +384,6 @@ def handle_incoming(%{"id" => ""}, _options), do: :error def handle_incoming(%{"id" => id}, _options) when is_binary(id) and byte_size(id) < 8, do: :error - # TODO: validate those with a Ecto scheme - # - tags - # - emoji - def handle_incoming( - %{"type" => "Create", "object" => %{"type" => "Page"} = object} = data, - options - ) do - actor = Containment.get_actor(data) - - with nil <- Activity.get_create_by_object_ap_id(object["id"]), - {:ok, %User{} = user} <- User.get_or_fetch_by_ap_id(actor) do - data = - data - |> Map.put("object", fix_object(object, options)) - |> Map.put("actor", actor) - |> fix_addressing() - - with {:ok, created_activity} <- handle_create(data, user) do - reply_depth = (options[:depth] || 0) + 1 - - if Federator.allowed_thread_distance?(reply_depth) do - for reply_id <- replies(object) do - Pleroma.Workers.RemoteFetcherWorker.enqueue("fetch_remote", %{ - "id" => reply_id, - "depth" => reply_depth - }) - end - end - - {:ok, created_activity} - end - else - %Activity{} = activity -> {:ok, activity} - _e -> :error - end - end - def handle_incoming( %{"type" => "Listen", "object" => %{"type" => "Audio"} = object} = data, options @@ -507,7 +447,7 @@ def handle_incoming( %{"type" => "Create", "object" => %{"type" => objtype, "id" => obj_id}} = data, options ) - when objtype in ~w{Question Answer ChatMessage Audio Video Event Article Note} do + when objtype in ~w{Question Answer ChatMessage Audio Video Event Article Note Page} do fetch_options = Keyword.put(options, :depth, (options[:depth] || 0) + 1) object = diff --git a/test/fixtures/tesla_mock/lemmy-page.json b/test/fixtures/tesla_mock/lemmy-page.json new file mode 100644 index 000000000..f07097a0e --- /dev/null +++ b/test/fixtures/tesla_mock/lemmy-page.json @@ -0,0 +1,17 @@ +{ + "commentsEnabled": true, + "sensitive": false, + "stickied": false, + "attributedTo": "https://enterprise.lemmy.ml/u/nutomic", + "summary": "Hello Federation!", + "url": "https://enterprise.lemmy.ml/pictrs/image/US52d9DPvf.jpg", + "image": { + "type": "Image", + "url": "https://enterprise.lemmy.ml/pictrs/image/lwFAcXHUjS.jpg" + }, + "published": "2020-09-14T15:03:11.909105+00:00", + "to": "https://enterprise.lemmy.ml/c/main", + "@context": "https://www.w3.org/ns/activitystreams", + "id": "https://enterprise.lemmy.ml/post/3", + "type": "Page" +} diff --git a/test/fixtures/tesla_mock/lemmy-user.json b/test/fixtures/tesla_mock/lemmy-user.json new file mode 100644 index 000000000..d0e9066ac --- /dev/null +++ b/test/fixtures/tesla_mock/lemmy-user.json @@ -0,0 +1,27 @@ +{ + "publicKey": { + "id": "https://enterprise.lemmy.ml/u/nutomic#main-key", + "owner": "https://enterprise.lemmy.ml/u/nutomic", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfwAYPxp1gOk2HcCRoUd\nupoecvmnpzRc5Gu6/N3YQyOyRsrYuiYLNQq2cgM3kcU80ZeEetkwkYgXkRJOKu/b\nBWb7i1zt2tdr5k6lUdW8dfCyjht8ooFPQdov8J3QYHfgBHyUYxuCNfSujryxx2wu\nLQcdjRQa5NIWcomSO8OXmCF5/Yhg2XWCbtnlxEq6Y+AFddr1mAlTOy5pBr5d+xZz\njLw/U3CioNJ79yGi/sJhgp6IyJqtUSoN3b4BgRIEts2QVvn44W1rQy9wCbRYQrO1\nBcB9Wel4k3rJJK8uHg+LpHVMaZppkNaWGkMBhMbzr8qmIlcNWNi7cbMK/p5vyviy\nSwIDAQAB\n-----END PUBLIC KEY-----\n" + }, + "inbox": "https://enterprise.lemmy.ml/u/nutomic/inbox", + "preferredUsername": "Nutomic", + "endpoints": { + "sharedInbox": "https://enterprise.lemmy.ml/inbox" + }, + "summary": "some bio", + "icon": { + "type": "Image", + "url": "https://enterprise.lemmy.ml/pictrs/image/F6Z7QcWZRJ.jpg" + }, + "image": { + "type": "Image", + "url": "https://enterprise.lemmy.ml:/pictrs/image/Q79N9oCDEG.png" + }, + "published": "2020-09-14T14:54:53.080949+00:00", + "updated": "2020-10-14T10:58:28.139178+00:00", + "@context": "https://www.w3.org/ns/activitystreams", + "id": "https://enterprise.lemmy.ml/u/nutomic", + "type": "Person", + "name": "nutomic" +} diff --git a/test/pleroma/web/activity_pub/object_validators/article_note_validator_test.exs b/test/pleroma/web/activity_pub/object_validators/article_note_page_validator_test.exs similarity index 76% rename from test/pleroma/web/activity_pub/object_validators/article_note_validator_test.exs rename to test/pleroma/web/activity_pub/object_validators/article_note_page_validator_test.exs index e408c85c3..720c17d8d 100644 --- a/test/pleroma/web/activity_pub/object_validators/article_note_validator_test.exs +++ b/test/pleroma/web/activity_pub/object_validators/article_note_page_validator_test.exs @@ -2,10 +2,10 @@ # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidatorTest do +defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidatorTest do use Pleroma.DataCase, async: true - alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator alias Pleroma.Web.ActivityPub.Utils import Pleroma.Factory @@ -29,7 +29,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidatorTest do end test "a basic note validates", %{note: note} do - %{valid?: true} = ArticleNoteValidator.cast_and_validate(note) + %{valid?: true} = ArticleNotePageValidator.cast_and_validate(note) end end end diff --git a/test/pleroma/web/activity_pub/transmogrifier/page_handling_test.exs b/test/pleroma/web/activity_pub/transmogrifier/page_handling_test.exs new file mode 100644 index 000000000..4ac71e066 --- /dev/null +++ b/test/pleroma/web/activity_pub/transmogrifier/page_handling_test.exs @@ -0,0 +1,36 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.Transmogrifier.PageHandlingTest do + use Oban.Testing, repo: Pleroma.Repo + use Pleroma.DataCase + + alias Pleroma.Object.Fetcher + + test "Lemmy Page" do + Tesla.Mock.mock(fn + %{url: "https://enterprise.lemmy.ml/post/3"} -> + %Tesla.Env{ + status: 200, + headers: [{"content-type", "application/activity+json"}], + body: File.read!("test/fixtures/tesla_mock/lemmy-page.json") + } + + %{url: "https://enterprise.lemmy.ml/u/nutomic"} -> + %Tesla.Env{ + status: 200, + headers: [{"content-type", "application/activity+json"}], + body: File.read!("test/fixtures/tesla_mock/lemmy-user.json") + } + end) + + {:ok, object} = Fetcher.fetch_object_from_id("https://enterprise.lemmy.ml/post/3") + + assert object.data["summary"] == "Hello Federation!" + assert object.data["published"] == "2020-09-14T15:03:11.909105Z" + + # WAT + assert object.data["url"] == "https://enterprise.lemmy.ml/pictrs/image/US52d9DPvf.jpg" + end +end From be2da95c36c14ac42eee4009c6e3e803bafd3d2c Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 29 Jun 2021 21:45:38 -0500 Subject: [PATCH 02/15] Correctly purge a remote user --- lib/pleroma/user.ex | 16 ++++++++++------ test/pleroma/user_test.exs | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 9942617d8..aebb5da95 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1713,6 +1713,12 @@ def purge_user_changeset(user) do }) end + def purge(%User{} = user) do + user + |> purge_user_changeset() + |> update_and_set_cache() + end + def delete(users) when is_list(users) do for user <- users, do: delete(user) end @@ -1726,9 +1732,9 @@ defp delete_and_invalidate_cache(%User{} = user) do Repo.delete(user) end - defp delete_or_deactivate(%User{local: false} = user), do: delete_and_invalidate_cache(user) + defp delete_or_purge(%User{local: false} = user), do: purge(user) - defp delete_or_deactivate(%User{local: true} = user) do + defp delete_or_purge(%User{local: true} = user) do status = account_status(user) case status do @@ -1739,9 +1745,7 @@ defp delete_or_deactivate(%User{local: true} = user) do delete_and_invalidate_cache(user) _ -> - user - |> purge_user_changeset() - |> update_and_set_cache() + purge(user) end end @@ -1769,7 +1773,7 @@ def perform(:delete, %User{} = user) do delete_outgoing_pending_follow_requests(user) - delete_or_deactivate(user) + delete_or_purge(user) end def perform(:set_activation_async, user, status), do: set_activation(user, status) diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 6f5bcab57..529f837e8 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1684,6 +1684,24 @@ test "delete/1 purges a user when they wouldn't be fully deleted" do } = user end + test "delete/1 purges a remote user" do + user = + insert(:user, %{ + name: "qqqqqqq", + avatar: %{"a" => "b"}, + banner: %{"a" => "b"}, + local: false + }) + + {:ok, job} = User.delete(user) + {:ok, _} = ObanHelpers.perform(job) + user = User.get_by_id(user.id) + + assert user.name == nil + assert user.avatar == %{} + assert user.banner == %{} + end + test "get_public_key_for_ap_id fetches a user that's not in the db" do assert {:ok, _key} = User.get_public_key_for_ap_id("http://mastodon.example.org/users/admin") end From c6d4133727ba623d4c96358e3c4de5f2194d07f8 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 29 Jun 2021 22:30:48 -0500 Subject: [PATCH 03/15] Deletions: purge the user immediately --- lib/pleroma/user.ex | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index aebb5da95..406a7f5f9 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1724,31 +1724,27 @@ def delete(users) when is_list(users) do end def delete(%User{} = user) do + purge(user) BackgroundWorker.enqueue("delete_user", %{"user_id" => user.id}) end - defp delete_and_invalidate_cache(%User{} = user) do + defp delete_from_db(%User{} = user) do invalidate_cache(user) Repo.delete(user) end - defp delete_or_purge(%User{local: false} = user), do: purge(user) - - defp delete_or_purge(%User{local: true} = user) do + defp maybe_delete_from_db(%User{local: true} = user) do status = account_status(user) - case status do - :confirmation_pending -> - delete_and_invalidate_cache(user) - - :approval_pending -> - delete_and_invalidate_cache(user) - - _ -> - purge(user) + if status in [:confirmation_pending, :approval_pending] do + delete_from_db(user) + else + {:ok, user} end end + defp maybe_delete_from_db(user), do: {:ok, user} + def perform(:force_password_reset, user), do: force_password_reset(user) @spec perform(atom(), User.t()) :: {:ok, User.t()} @@ -1770,10 +1766,9 @@ def perform(:delete, %User{} = user) do delete_user_activities(user) delete_notifications_from_user_activities(user) - delete_outgoing_pending_follow_requests(user) - delete_or_purge(user) + maybe_delete_from_db(user) end def perform(:set_activation_async, user, status), do: set_activation(user, status) From 01c2d2a29670d8b3a4acee06c5f91b52e371fd00 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 29 Jun 2021 22:53:33 -0500 Subject: [PATCH 04/15] Also purge the user in User.perform/2 --- lib/pleroma/user.ex | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 406a7f5f9..f3cf3c69b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1724,6 +1724,7 @@ def delete(users) when is_list(users) do end def delete(%User{} = user) do + # Purge the user immediately purge(user) BackgroundWorker.enqueue("delete_user", %{"user_id" => user.id}) end @@ -1749,6 +1750,9 @@ def perform(:force_password_reset, user), do: force_password_reset(user) @spec perform(atom(), User.t()) :: {:ok, User.t()} def perform(:delete, %User{} = user) do + # Purge the user again, in case perform/2 is called directly + purge(user) + # Remove all relationships user |> get_followers() From a7929c4d89a07a7f577e7cde5638bde8b1cb586a Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 29 Jun 2021 23:56:19 -0500 Subject: [PATCH 05/15] Deletions: preserve account status fields during purge, fix checks --- lib/pleroma/user.ex | 22 ++++++++++++---------- test/pleroma/user_test.exs | 4 ++-- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f3cf3c69b..5d8b936aa 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1692,9 +1692,7 @@ def purge_user_changeset(user) do follower_count: 0, following_count: 0, is_locked: false, - is_confirmed: true, password_reset_pending: false, - is_approved: true, registration_reason: nil, confirmation_token: nil, domain_blocks: [], @@ -1710,9 +1708,15 @@ def purge_user_changeset(user) do raw_fields: [], is_discoverable: false, also_known_as: [] + # id: preserved + # ap_id: preserved + # nickname: preserved }) end + # Purge doesn't delete the user from the database. + # It just nulls all its fields and deactivates it. + # See `User.purge_user_changeset/1` above. def purge(%User{} = user) do user |> purge_user_changeset() @@ -1729,20 +1733,18 @@ def delete(%User{} = user) do BackgroundWorker.enqueue("delete_user", %{"user_id" => user.id}) end + # *Actually* delete the user from the DB defp delete_from_db(%User{} = user) do invalidate_cache(user) Repo.delete(user) end - defp maybe_delete_from_db(%User{local: true} = user) do - status = account_status(user) + # If the user never finalized their account, it's safe to delete them. + defp maybe_delete_from_db(%User{local: true, is_confirmed: false} = user), + do: delete_from_db(user) - if status in [:confirmation_pending, :approval_pending] do - delete_from_db(user) - else - {:ok, user} - end - end + defp maybe_delete_from_db(%User{local: true, is_approved: false} = user), + do: delete_from_db(user) defp maybe_delete_from_db(user), do: {:ok, user} diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 529f837e8..60bc58a48 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1663,9 +1663,9 @@ test "delete/1 purges a user when they wouldn't be fully deleted" do follower_count: 0, following_count: 0, is_locked: false, - is_confirmed: true, + is_confirmed: false, password_reset_pending: false, - is_approved: true, + is_approved: false, registration_reason: nil, confirmation_token: nil, domain_blocks: [], From 43800d83f4fc3b251cdd93c28dab2df7297021b3 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Wed, 30 Jun 2021 01:14:34 -0500 Subject: [PATCH 06/15] Deletions: allow deactivated users to be deleted --- lib/pleroma/web/activity_pub/activity_pub.ex | 9 ++++++--- .../object_validators/delete_validator.ex | 12 +++++++++++- .../activity_pub/object_validators/undo_validator.ex | 12 +++++++++++- test/pleroma/user_test.exs | 8 ++++---- 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 5b45e2ca1..787b5884f 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -52,15 +52,18 @@ defp get_recipients(data) do {recipients, to, cc} end - defp check_actor_is_active(nil), do: true + defp check_actor_can_insert(%{"type" => "Delete"}), do: true + defp check_actor_can_insert(%{"type" => "Undo"}), do: true - defp check_actor_is_active(actor) when is_binary(actor) do + defp check_actor_can_insert(%{"actor" => actor}) when is_binary(actor) do case User.get_cached_by_ap_id(actor) do %User{is_active: true} -> true _ -> false end end + defp check_actor_can_insert(_), do: true + defp check_remote_limit(%{"object" => %{"content" => content}}) when not is_nil(content) do limit = Config.get([:instance, :remote_limit]) String.length(content) <= limit @@ -116,7 +119,7 @@ def persist(object, meta) do def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when is_map(map) do with nil <- Activity.normalize(map), map <- lazy_put_activity_defaults(map, fake), - {_, true} <- {:actor_check, bypass_actor_check || check_actor_is_active(map["actor"])}, + {_, true} <- {:actor_check, bypass_actor_check || check_actor_can_insert(map)}, {_, true} <- {:remote_limit_pass, check_remote_limit(map)}, {:ok, map} <- MRF.filter(map), {recipients, _, _} = get_recipients(map), diff --git a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex index fc1a79a72..750ea0f7f 100644 --- a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidator do alias Pleroma.Activity alias Pleroma.EctoType.ActivityPub.ObjectValidators + alias Pleroma.User import Ecto.Changeset import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations @@ -57,7 +58,7 @@ def validate_data(cng) do cng |> validate_required([:id, :type, :actor, :to, :cc, :object]) |> validate_inclusion(:type, ["Delete"]) - |> validate_actor_presence() + |> validate_delete_actor(:actor) |> validate_modification_rights() |> validate_object_or_user_presence(allowed_types: @deletable_types) |> add_deleted_activity_id() @@ -72,4 +73,13 @@ def cast_and_validate(data) do |> cast_data |> validate_data end + + defp validate_delete_actor(cng, field_name) do + validate_change(cng, field_name, fn field_name, actor -> + case User.get_cached_by_ap_id(actor) do + %User{} -> [] + _ -> [{field_name, "can't find user"}] + end + end) + end end diff --git a/lib/pleroma/web/activity_pub/object_validators/undo_validator.ex b/lib/pleroma/web/activity_pub/object_validators/undo_validator.ex index 783a79ddb..ab29f9820 100644 --- a/lib/pleroma/web/activity_pub/object_validators/undo_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/undo_validator.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UndoValidator do alias Pleroma.Activity alias Pleroma.EctoType.ActivityPub.ObjectValidators + alias Pleroma.User import Ecto.Changeset import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations @@ -42,7 +43,7 @@ def validate_data(data_cng) do data_cng |> validate_inclusion(:type, ["Undo"]) |> validate_required([:id, :type, :object, :actor, :to, :cc]) - |> validate_actor_presence() + |> validate_undo_actor(:actor) |> validate_object_presence() |> validate_undo_rights() end @@ -59,4 +60,13 @@ def validate_undo_rights(cng) do _ -> cng end end + + defp validate_undo_actor(cng, field_name) do + validate_change(cng, field_name, fn field_name, actor -> + case User.get_cached_by_ap_id(actor) do + %User{} -> [] + _ -> [{field_name, "can't find user"}] + end + end) + end end diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 60bc58a48..181990e4b 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1621,9 +1621,9 @@ test "delete/1 purges a user when they wouldn't be fully deleted" do follower_count: 9, following_count: 9001, is_locked: true, - is_confirmed: false, + is_confirmed: true, password_reset_pending: true, - is_approved: false, + is_approved: true, registration_reason: "ahhhhh", confirmation_token: "qqqq", domain_blocks: ["lain.com"], @@ -1663,9 +1663,9 @@ test "delete/1 purges a user when they wouldn't be fully deleted" do follower_count: 0, following_count: 0, is_locked: false, - is_confirmed: false, + is_confirmed: true, password_reset_pending: false, - is_approved: false, + is_approved: true, registration_reason: nil, confirmation_token: nil, domain_blocks: [], From beb1c98ab5e0848127a4490180364552f6fcdbf5 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Wed, 30 Jun 2021 01:48:17 -0500 Subject: [PATCH 07/15] Deletions: don't purge keys so Delete/Undo activities can be signed --- lib/pleroma/user.ex | 2 -- test/pleroma/user_test.exs | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 5d8b936aa..de3b8ca3b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1680,8 +1680,6 @@ def purge_user_changeset(user) do email: nil, name: nil, password_hash: nil, - keys: nil, - public_key: nil, avatar: %{}, tags: [], last_refreshed_at: nil, diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 181990e4b..ec0aaa9eb 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -1651,8 +1651,8 @@ test "delete/1 purges a user when they wouldn't be fully deleted" do email: nil, name: nil, password_hash: nil, - keys: nil, - public_key: nil, + keys: "RSA begin buplic key", + public_key: "--PRIVATE KEYE--", avatar: %{}, tags: [], last_refreshed_at: nil, From 310ef6b70d9ca18d857f43677d857d09d91ffe0e Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Wed, 30 Jun 2021 12:25:20 -0500 Subject: [PATCH 08/15] Deletions: change User.purge/1 to defp, add CHANGELOG entry --- CHANGELOG.md | 2 ++ lib/pleroma/user.ex | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52d92c6d2..330802b29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Don't crash so hard when email settings are invalid. - Checking activated Upload Filters for required commands. +- Remote users can no longer reappear after being deleted. +- Deactivated users may now be deleted. - Mix task `pleroma.database prune_objects` ### Removed diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f5b12abad..62506f37a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1730,7 +1730,7 @@ def purge_user_changeset(user) do # Purge doesn't delete the user from the database. # It just nulls all its fields and deactivates it. # See `User.purge_user_changeset/1` above. - def purge(%User{} = user) do + defp purge(%User{} = user) do user |> purge_user_changeset() |> update_and_set_cache() From 6ef8e1776dc6b797daec923a365ae367d8279452 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <me@mkljczk.pl> Date: Fri, 2 Jul 2021 13:03:41 +0000 Subject: [PATCH 09/15] fix the fucking list timelines on mastofe/soapbox-fe --- .../web/mastodon_api/controllers/timeline_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex index 4b49b74ca..10c279893 100644 --- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex @@ -193,7 +193,9 @@ def list(%{assigns: %{user: user}} = conn, %{list_id: id} = params) do |> ActivityPub.fetch_activities_bounded(following, params) |> Enum.reverse() - render(conn, "index.json", + conn + |> add_link_headers(activities) + |> render("index.json", activities: activities, for: user, as: :activity, From 64d009693e35039025b0ff1cc536206054c2b918 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@feld.me> Date: Thu, 8 Jul 2021 12:33:17 -0500 Subject: [PATCH 10/15] Update Linkify to fix crash on posts with a URL we failed to parse correctly --- CHANGELOG.md | 1 + mix.exs | 2 +- mix.lock | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 330802b29..9854eb531 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Remote users can no longer reappear after being deleted. - Deactivated users may now be deleted. - Mix task `pleroma.database prune_objects` +- Linkify: Parsing crash with URLs ending in unbalanced closed paren, no path separator, and no query parameters ### Removed - **Breaking**: Remove deprecated `/api/qvitter/statuses/notifications/read` (replaced by `/api/v1/pleroma/notifications/read`) diff --git a/mix.exs b/mix.exs index e4b160971..1a7aac6a4 100644 --- a/mix.exs +++ b/mix.exs @@ -157,7 +157,7 @@ defp deps do {:floki, "~> 0.27"}, {:timex, "~> 3.6"}, {:ueberauth, "~> 0.4"}, - {:linkify, "~> 0.5.0"}, + {:linkify, "~> 0.5.1"}, {:http_signatures, "~> 0.1.0"}, {:telemetry, "~> 0.3"}, {:poolboy, "~> 1.5"}, diff --git a/mix.lock b/mix.lock index 65a225504..b78ae0bc9 100644 --- a/mix.lock +++ b/mix.lock @@ -67,7 +67,7 @@ "jose": {:hex, :jose, "1.11.1", "59da64010c69aad6cde2f5b9248b896b84472e99bd18f246085b7b9fe435dcdb", [:mix, :rebar3], [], "hexpm", "078f6c9fb3cd2f4cfafc972c814261a7d1e8d2b3685c0a76eb87e158efff1ac5"}, "jumper": {:hex, :jumper, "1.0.1", "3c00542ef1a83532b72269fab9f0f0c82bf23a35e27d278bfd9ed0865cecabff", [:mix], [], "hexpm", "318c59078ac220e966d27af3646026db9b5a5e6703cb2aa3e26bcfaba65b7433"}, "libring": {:hex, :libring, "1.4.0", "41246ba2f3fbc76b3971f6bce83119dfec1eee17e977a48d8a9cfaaf58c2a8d6", [:mix], [], "hexpm"}, - "linkify": {:hex, :linkify, "0.5.0", "e0ea8de73ff44742d6a889721221f4c4eccaad5284957ee9832ffeb347602d54", [:mix], [], "hexpm", "4ccd958350aee7c51c89e21f05b15d30596ebbba707e051d21766be1809df2d7"}, + "linkify": {:hex, :linkify, "0.5.1", "6dc415cbc948b2f6ecec7cb226aab7ba9d3a1815bb501ae33e042334d707ecee", [:mix], [], "hexpm", "a3128c7e22fada4aa7214009501d8131e1fa3faf2f0a68b33dba379dc84ff944"}, "majic": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/majic.git", "289cda1b6d0d70ccb2ba508a2b0bd24638db2880", [ref: "289cda1b6d0d70ccb2ba508a2b0bd24638db2880"]}, "makeup": {:hex, :makeup, "1.0.5", "d5a830bc42c9800ce07dd97fa94669dfb93d3bf5fcf6ea7a0c67b2e0e4a7f26c", [:mix], [{:nimble_parsec, "~> 0.5 or ~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "cfa158c02d3f5c0c665d0af11512fed3fba0144cf1aadee0f2ce17747fba2ca9"}, "makeup_elixir": {:hex, :makeup_elixir, "0.14.1", "4f0e96847c63c17841d42c08107405a005a2680eb9c7ccadfd757bd31dabccfb", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "f2438b1a80eaec9ede832b5c41cd4f373b38fd7aa33e3b22d9db79e640cbde11"}, From 6dc78f5f6f8c607c90246ff30520aeb2f84634df Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Fri, 18 Sep 2020 14:22:27 +0200 Subject: [PATCH 11/15] AP C2S: Remove restrictions and make it go through pipeline --- CHANGELOG.md | 1 + lib/pleroma/activity.ex | 3 +- .../activity_pub/activity_pub_controller.ex | 104 +++++++++--------- .../web/activity_pub/object_validator.ex | 2 + .../activity_pub_controller_test.exs | 31 +++--- 5 files changed, 77 insertions(+), 64 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9854eb531..036b9e775 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising. - Email address is now returned if requesting user is the owner of the user account so it can be exposed in client and FE user settings UIs. - Improved Twittercard and OpenGraph meta tag generation including thumbnails and image dimension metadata when available. +- ActivityPub Client-to-Server(C2S): Limitation on the type of Activity/Object are lifted as they are now passed through ObjectValidators ### Added diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 7e36c1b53..6a991c48e 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -292,7 +292,8 @@ def get_in_reply_to_activity(%Activity{} = activity) do get_in_reply_to_activity_from_object(Object.normalize(activity, fetch: false)) end - def normalize(obj) when is_map(obj), do: get_by_ap_id_with_object(obj["id"]) + def normalize(%Activity{data: %{"id" => ap_id}}), do: get_by_ap_id_with_object(ap_id) + def normalize(%{"id" => ap_id}), do: get_by_ap_id_with_object(ap_id) def normalize(ap_id) when is_binary(ap_id), do: get_by_ap_id_with_object(ap_id) def normalize(_), do: nil diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 5aa3b281a..57ac40b42 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -11,7 +11,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.Object.Fetcher alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub - alias Pleroma.Web.ActivityPub.Builder alias Pleroma.Web.ActivityPub.InternalFetchActor alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.ActivityPub.Pipeline @@ -403,83 +402,90 @@ def read_inbox(%{assigns: %{user: %User{nickname: as_nickname}}} = conn, %{ |> json(err) end - defp handle_user_activity( - %User{} = user, - %{"type" => "Create", "object" => %{"type" => "Note"} = object} = params - ) do - content = if is_binary(object["content"]), do: object["content"], else: "" - name = if is_binary(object["name"]), do: object["name"], else: "" - summary = if is_binary(object["summary"]), do: object["summary"], else: "" - length = String.length(content <> name <> summary) + defp fix_user_message(%User{ap_id: actor}, %{"type" => "Create", "object" => object} = activity) + when is_map(object) do + length = + [object["content"], object["summary"], object["name"]] + |> Enum.filter(&is_binary(&1)) + |> Enum.join("") + |> String.length() - if length > Pleroma.Config.get([:instance, :limit]) do - {:error, dgettext("errors", "Note is over the character limit")} - else + limit = Pleroma.Config.get([:instance, :limit]) + + if length < limit do object = object - |> Map.merge(Map.take(params, ["to", "cc"])) - |> Map.put("attributedTo", user.ap_id) - |> Transmogrifier.fix_object() + |> Transmogrifier.strip_internal_fields() + |> Map.put("attributedTo", actor) + |> Map.put("actor", actor) + |> Map.put("id", Utils.generate_object_id()) - ActivityPub.create(%{ - to: params["to"], - actor: user, - context: object["context"], - object: object, - additional: Map.take(params, ["cc"]) - }) - end - end - - defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do - with %Object{} = object <- Object.normalize(params["object"], fetch: false), - true <- user.is_moderator || user.ap_id == object.data["actor"], - {:ok, delete_data, _} <- Builder.delete(user, object.data["id"]), - {:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do - {:ok, delete} + {:ok, Map.put(activity, "object", object)} else - _ -> {:error, dgettext("errors", "Can't delete object")} + {:error, + dgettext( + "errors", + "Character limit (%{limit} characters) exceeded, contains %{length} characters", + limit: limit, + length: length + )} end end - defp handle_user_activity(%User{} = user, %{"type" => "Like"} = params) do - with %Object{} = object <- Object.normalize(params["object"], fetch: false), - {_, {:ok, like_object, meta}} <- {:build_object, Builder.like(user, object)}, - {_, {:ok, %Activity{} = activity, _meta}} <- - {:common_pipeline, - Pipeline.common_pipeline(like_object, Keyword.put(meta, :local, true))} do + defp fix_user_message( + %User{ap_id: actor} = user, + %{"type" => "Delete", "object" => object} = activity + ) do + with {_, %Object{data: object_data}} <- {:normalize, Object.normalize(object, fetch: false)}, + {_, true} <- {:permission, user.is_moderator || actor == object_data["actor"]} do {:ok, activity} else - _ -> {:error, dgettext("errors", "Can't like object")} + {:normalize, _} -> + {:error, "No such object found"} + + {:permission, _} -> + {:forbidden, "You can't delete this object"} end end - defp handle_user_activity(_, _) do - {:error, dgettext("errors", "Unhandled activity type")} + defp fix_user_message(%User{}, activity) do + {:ok, activity} end def update_outbox( - %{assigns: %{user: %User{nickname: nickname} = user}} = conn, + %{assigns: %{user: %User{nickname: nickname, ap_id: actor} = user}} = conn, %{"nickname" => nickname} = params ) do - actor = user.ap_id - params = params - |> Map.drop(["id"]) + |> Map.drop(["nickname"]) + |> Map.put("id", Utils.generate_activity_id()) |> Map.put("actor", actor) - |> Transmogrifier.fix_addressing() - with {:ok, %Activity{} = activity} <- handle_user_activity(user, params) do + with {:ok, params} <- fix_user_message(user, params), + {:ok, activity, _} <- Pipeline.common_pipeline(params, local: true), + %Activity{data: activity_data} <- Activity.normalize(activity) do conn |> put_status(:created) - |> put_resp_header("location", activity.data["id"]) - |> json(activity.data) + |> put_resp_header("location", activity_data["id"]) + |> json(activity_data) else + {:forbidden, message} -> + conn + |> put_status(:forbidden) + |> json(message) + {:error, message} -> conn |> put_status(:bad_request) |> json(message) + + e -> + Logger.warn(fn -> "AP C2S: #{inspect(e)}" end) + + conn + |> put_status(:bad_request) + |> json("Bad Request") end end diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex index 248a12a36..50999539c 100644 --- a/lib/pleroma/web/activity_pub/object_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validator.ex @@ -175,6 +175,8 @@ def validate(%{"type" => type} = object, meta) when type in ~w(Add Remove) do end end + def validate(o, m), do: {:error, {:validator_not_set, {o, m}}} + def cast_and_apply(%{"type" => "ChatMessage"} = object) do ChatMessageValidator.cast_and_apply(object) end diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs index c7039d1f8..50315e21f 100644 --- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs @@ -1334,9 +1334,12 @@ test "It returns poll Answers when authenticated", %{conn: conn} do activity: %{ "@context" => "https://www.w3.org/ns/activitystreams", "type" => "Create", - "object" => %{"type" => "Note", "content" => "AP C2S test"}, - "to" => "https://www.w3.org/ns/activitystreams#Public", - "cc" => [] + "object" => %{ + "type" => "Note", + "content" => "AP C2S test", + "to" => "https://www.w3.org/ns/activitystreams#Public", + "cc" => [] + } } ] end @@ -1442,19 +1445,19 @@ test "it erects a tombstone when receiving a delete activity", %{conn: conn} do user = User.get_cached_by_ap_id(note_activity.data["actor"]) data = %{ - type: "Delete", - object: %{ - id: note_object.data["id"] + "type" => "Delete", + "object" => %{ + "id" => note_object.data["id"] } } - conn = + result = conn |> assign(:user, user) |> put_req_header("content-type", "application/activity+json") |> post("/users/#{user.nickname}/outbox", data) + |> json_response(201) - result = json_response(conn, 201) assert Activity.get_by_ap_id(result["id"]) assert object = Object.get_by_ap_id(note_object.data["id"]) @@ -1479,7 +1482,7 @@ test "it rejects delete activity of object from other actor", %{conn: conn} do |> put_req_header("content-type", "application/activity+json") |> post("/users/#{user.nickname}/outbox", data) - assert json_response(conn, 400) + assert json_response(conn, 403) end test "it increases like count when receiving a like action", %{conn: conn} do @@ -1557,7 +1560,7 @@ test "Character limitation", %{conn: conn, activity: activity} do |> post("/users/#{user.nickname}/outbox", activity) |> json_response(400) - assert result == "Note is over the character limit" + assert result == "Character limit (5 characters) exceeded, contains 11 characters" end end @@ -1934,10 +1937,10 @@ test "POST /api/ap/upload_media", %{conn: conn} do "object" => %{ "type" => "Note", "content" => "AP C2S test, attachment", - "attachment" => [object] - }, - "to" => "https://www.w3.org/ns/activitystreams#Public", - "cc" => [] + "attachment" => [object], + "to" => "https://www.w3.org/ns/activitystreams#Public", + "cc" => [] + } } activity_response = From 5e88796784e0ac2dbf57d9cf954fdc8ae8aeae43 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 13 Jul 2021 21:37:25 -0500 Subject: [PATCH 12/15] AdminAPI: sort user results by ID descending --- lib/pleroma/web/admin_api/search.ex | 2 +- .../controllers/user_controller_test.exs | 123 ++++++++---------- test/pleroma/web/admin_api/search_test.exs | 4 +- 3 files changed, 58 insertions(+), 71 deletions(-) diff --git a/lib/pleroma/web/admin_api/search.ex b/lib/pleroma/web/admin_api/search.ex index eeeebdf4e..f7d2b7327 100644 --- a/lib/pleroma/web/admin_api/search.ex +++ b/lib/pleroma/web/admin_api/search.ex @@ -23,7 +23,7 @@ def user(params \\ %{}) do |> Map.drop([:page, :page_size]) |> Map.put(:invisible, false) |> User.Query.build() - |> order_by([u], u.nickname) + |> order_by(desc: :id) paginated_query = User.Query.paginate(query, params[:page] || 1, params[:page_size] || @page_size) diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index beb8a5d58..5ae2c9180 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -376,24 +376,22 @@ test "renders users array for the first page", %{conn: conn, admin: admin} do conn = get(conn, "/api/pleroma/admin/users?page=1") - users = - [ - user_response( - admin, - %{"roles" => %{"admin" => true, "moderator" => false}} - ), - user_response(user, %{"local" => false, "tags" => ["foo", "bar"]}), - user_response( - user2, - %{ - "local" => true, - "is_approved" => false, - "registration_reason" => "I'm a chill dude", - "actor_type" => "Person" - } - ) - ] - |> Enum.sort_by(& &1["nickname"]) + users = [ + user_response( + user2, + %{ + "local" => true, + "is_approved" => false, + "registration_reason" => "I'm a chill dude", + "actor_type" => "Person" + } + ), + user_response(user, %{"local" => false, "tags" => ["foo", "bar"]}), + user_response( + admin, + %{"roles" => %{"admin" => true, "moderator" => false}} + ) + ] assert json_response(conn, 200) == %{ "count" => 3, @@ -517,7 +515,7 @@ test "regular search with page size", %{conn: conn} do assert json_response(conn1, 200) == %{ "count" => 2, "page_size" => 1, - "users" => [user_response(user)] + "users" => [user_response(user2)] } conn2 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=2") @@ -525,7 +523,7 @@ test "regular search with page size", %{conn: conn} do assert json_response(conn2, 200) == %{ "count" => 2, "page_size" => 1, - "users" => [user_response(user2)] + "users" => [user_response(user)] } end @@ -557,18 +555,16 @@ test "only local users with no query", %{conn: conn, admin: old_admin} do conn = get(conn, "/api/pleroma/admin/users?filters=local") - users = - [ - user_response(user), - user_response(admin, %{ - "roles" => %{"admin" => true, "moderator" => false} - }), - user_response(old_admin, %{ - "is_active" => true, - "roles" => %{"admin" => true, "moderator" => false} - }) - ] - |> Enum.sort_by(& &1["nickname"]) + users = [ + user_response(user), + user_response(admin, %{ + "roles" => %{"admin" => true, "moderator" => false} + }), + user_response(old_admin, %{ + "is_active" => true, + "roles" => %{"admin" => true, "moderator" => false} + }) + ] assert json_response(conn, 200) == %{ "count" => 3, @@ -596,7 +592,6 @@ test "only unconfirmed users", %{conn: conn} do "is_approved" => true }) end) - |> Enum.sort_by(& &1["nickname"]) assert result == %{"count" => 2, "page_size" => 50, "users" => users} end @@ -634,18 +629,16 @@ test "load only admins", %{conn: conn, admin: admin} do conn = get(conn, "/api/pleroma/admin/users?filters=is_admin") - users = - [ - user_response(admin, %{ - "is_active" => true, - "roles" => %{"admin" => true, "moderator" => false} - }), - user_response(second_admin, %{ - "is_active" => true, - "roles" => %{"admin" => true, "moderator" => false} - }) - ] - |> Enum.sort_by(& &1["nickname"]) + users = [ + user_response(second_admin, %{ + "is_active" => true, + "roles" => %{"admin" => true, "moderator" => false} + }), + user_response(admin, %{ + "is_active" => true, + "roles" => %{"admin" => true, "moderator" => false} + }) + ] assert json_response(conn, 200) == %{ "count" => 2, @@ -685,13 +678,11 @@ test "load users with actor_type is Person", %{admin: admin, conn: conn} do |> get(user_path(conn, :list), %{actor_types: ["Person"]}) |> json_response(200) - users = - [ - user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}}), - user_response(user1), - user_response(user2) - ] - |> Enum.sort_by(& &1["nickname"]) + users = [ + user_response(user2), + user_response(user1), + user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}}) + ] assert response == %{"count" => 3, "page_size" => 50, "users" => users} end @@ -708,14 +699,12 @@ test "load users with actor_type is Person and Service", %{admin: admin, conn: c |> get(user_path(conn, :list), %{actor_types: ["Person", "Service"]}) |> json_response(200) - users = - [ - user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}}), - user_response(user1), - user_response(user2), - user_response(user_service, %{"actor_type" => "Service"}) - ] - |> Enum.sort_by(& &1["nickname"]) + users = [ + user_response(user2), + user_response(user1), + user_response(user_service, %{"actor_type" => "Service"}), + user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}}) + ] assert response == %{"count" => 4, "page_size" => 50, "users" => users} end @@ -744,12 +733,10 @@ test "load users with tags list", %{conn: conn} do conn = get(conn, "/api/pleroma/admin/users?tags[]=first&tags[]=second") - users = - [ - user_response(user1, %{"tags" => ["first"]}), - user_response(user2, %{"tags" => ["second"]}) - ] - |> Enum.sort_by(& &1["nickname"]) + users = [ + user_response(user2, %{"tags" => ["second"]}), + user_response(user1, %{"tags" => ["first"]}) + ] assert json_response(conn, 200) == %{ "count" => 2, @@ -773,8 +760,8 @@ test "`active` filters out users pending approval", %{token: token} do "count" => 2, "page_size" => 50, "users" => [ - %{"id" => ^admin_id}, - %{"id" => ^user_id} + %{"id" => ^user_id}, + %{"id" => ^admin_id} ] } = json_response(conn, 200) end diff --git a/test/pleroma/web/admin_api/search_test.exs b/test/pleroma/web/admin_api/search_test.exs index b8eeec65b..2335c5228 100644 --- a/test/pleroma/web/admin_api/search_test.exs +++ b/test/pleroma/web/admin_api/search_test.exs @@ -151,9 +151,9 @@ test "it returns users by actor_types" do {:ok, [^user_service], 1} = Search.user(%{actor_types: ["Service"]}) {:ok, [^user_application], 1} = Search.user(%{actor_types: ["Application"]}) - {:ok, [^user1, ^user2], 2} = Search.user(%{actor_types: ["Person"]}) + {:ok, [^user2, ^user1], 2} = Search.user(%{actor_types: ["Person"]}) - {:ok, [^user_service, ^user1, ^user2], 3} = + {:ok, [^user2, ^user1, ^user_service], 3} = Search.user(%{actor_types: ["Person", "Service"]}) end From 5681a007d73453d941e00530cef99a78f5bb5251 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 13 Jul 2021 21:44:42 -0500 Subject: [PATCH 13/15] CHANGELOG: AdminAPI users sort --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 036b9e775..171429592 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising. - Email address is now returned if requesting user is the owner of the user account so it can be exposed in client and FE user settings UIs. - Improved Twittercard and OpenGraph meta tag generation including thumbnails and image dimension metadata when available. +- AdminAPI: sort users so the newest are at the top. - ActivityPub Client-to-Server(C2S): Limitation on the type of Activity/Object are lifted as they are now passed through ObjectValidators ### Added From 167e14416bec2846d3282a121cfcfd147a04a8bf Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 13 Jul 2021 23:51:32 -0500 Subject: [PATCH 14/15] AdminAPI: add date to users --- lib/pleroma/web/admin_api/views/account_view.ex | 4 +++- .../web/admin_api/controllers/user_controller_test.exs | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index d7c63d385..022e97489 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do alias Pleroma.User alias Pleroma.Web.AdminAPI alias Pleroma.Web.AdminAPI.AccountView + alias Pleroma.Web.CommonAPI alias Pleroma.Web.MastodonAPI alias Pleroma.Web.MediaProxy @@ -81,7 +82,8 @@ def render("show.json", %{user: user}) do "is_approved" => user.is_approved, "url" => user.uri || user.ap_id, "registration_reason" => user.registration_reason, - "actor_type" => user.actor_type + "actor_type" => user.actor_type, + "created_at" => CommonAPI.Utils.to_masto_date(user.inserted_at) } end diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index beb8a5d58..6c410e94c 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -907,7 +907,8 @@ defp user_response(user, attrs \\ %{}) do "is_approved" => true, "url" => user.ap_id, "registration_reason" => nil, - "actor_type" => "Person" + "actor_type" => "Person", + "created_at" => CommonAPI.Utils.to_masto_date(user.inserted_at) } |> Map.merge(attrs) end From 117b3edf54bef4b2d9c2e13d584da7f14923e998 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Wed, 14 Jul 2021 09:03:20 -0500 Subject: [PATCH 15/15] CHANGELOG: AdminAPI return date with users --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 036b9e775..e66412606 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded. - Return OAuth token `id` (primary key) in POST `/oauth/token`. +- AdminAPI: return `created_at` date with users. - `AnalyzeMetadata` upload filter for extracting image/video attachment dimensions and generating blurhashes for images. Blurhashes for videos are not generated at this time. - Attachment dimensions and blurhashes are federated when available. - Pinned posts federation