forked from AkkomaGang/akkoma
Merge branch 'email-stub-in-verify-credentials' into 'develop'
Email-like field in /api/v1/accounts/verify_credentials (for PeerTube OAuth plugin and alike) See merge request pleroma/pleroma!3286
This commit is contained in:
commit
f1f773f2c7
10 changed files with 67 additions and 15 deletions
|
@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Admin API: Reports now ordered by newest
|
- Admin API: Reports now ordered by newest
|
||||||
- Deprecated `Pleroma.Uploaders.S3, :public_endpoint`. Now `Pleroma.Upload, :base_url` is the standard configuration key for all uploaders.
|
- Deprecated `Pleroma.Uploaders.S3, :public_endpoint`. Now `Pleroma.Upload, :base_url` is the standard configuration key for all uploaders.
|
||||||
- Improved Apache webserver support: updated sample configuration, MediaProxy cache invalidation verified with the included sample script
|
- Improved Apache webserver support: updated sample configuration, MediaProxy cache invalidation verified with the included sample script
|
||||||
|
- Improve OAuth 2.0 provider support. A missing `fqn` field was added to the response, but does not expose the user's email address.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
|
1
docs/configuration/auth.md
Normal file
1
docs/configuration/auth.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
See `Authentication` section of [the configuration cheatsheet](../configuration/cheatsheet.md#authentication).
|
|
@ -893,6 +893,22 @@ Pleroma account will be created with the same name as the LDAP user name.
|
||||||
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
|
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
|
||||||
OpenLDAP server the value may be `uid: "uid"`.
|
OpenLDAP server the value may be `uid: "uid"`.
|
||||||
|
|
||||||
|
### :oauth2 (Pleroma as OAuth 2.0 provider settings)
|
||||||
|
|
||||||
|
OAuth 2.0 provider settings:
|
||||||
|
|
||||||
|
* `token_expires_in` - The lifetime in seconds of the access token.
|
||||||
|
* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
|
||||||
|
* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
|
||||||
|
|
||||||
|
OAuth 2.0 provider and related endpoints:
|
||||||
|
|
||||||
|
* `POST /api/v1/apps` creates client app basing on provided params.
|
||||||
|
* `GET/POST /oauth/authorize` renders/submits authorization form.
|
||||||
|
* `POST /oauth/token` creates/renews OAuth token.
|
||||||
|
* `POST /oauth/revoke` revokes provided OAuth token.
|
||||||
|
* `GET /api/v1/accounts/verify_credentials` (with proper `Authorization` header or `access_token` URI param) returns user info on requester (with `acct` field containing local nickname and `fqn` field containing fully-qualified nickname which could generally be used as email stub for OAuth software that demands email field in identity endpoint response, like Peertube).
|
||||||
|
|
||||||
### OAuth consumer mode
|
### OAuth consumer mode
|
||||||
|
|
||||||
OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
|
OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
|
||||||
|
@ -965,14 +981,6 @@ config :ueberauth, Ueberauth,
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
### OAuth 2.0 provider - :oauth2
|
|
||||||
|
|
||||||
Configure OAuth 2 provider capabilities:
|
|
||||||
|
|
||||||
* `token_expires_in` - The lifetime in seconds of the access token.
|
|
||||||
* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
|
|
||||||
* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
|
|
||||||
|
|
||||||
## Link parsing
|
## Link parsing
|
||||||
|
|
||||||
### :uri_schemes
|
### :uri_schemes
|
||||||
|
|
|
@ -2031,6 +2031,15 @@ def local_nickname(nickname_or_mention) do
|
||||||
|> hd()
|
|> hd()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def full_nickname(%User{} = user) do
|
||||||
|
if String.contains?(user.nickname, "@") do
|
||||||
|
user.nickname
|
||||||
|
else
|
||||||
|
%{host: host} = URI.parse(user.ap_id)
|
||||||
|
user.nickname <> "@" <> host
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def full_nickname(nickname_or_mention),
|
def full_nickname(nickname_or_mention),
|
||||||
do: String.trim_leading(nickname_or_mention, "@")
|
do: String.trim_leading(nickname_or_mention, "@")
|
||||||
|
|
||||||
|
|
|
@ -262,7 +262,9 @@ defp do_render("show.json", %{user: user} = opts) do
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
# Pleroma extension
|
# Pleroma extensions
|
||||||
|
# Note: it's insecure to output :email but fully-qualified nickname may serve as safe stub
|
||||||
|
fqn: User.full_nickname(user),
|
||||||
pleroma: %{
|
pleroma: %{
|
||||||
ap_id: user.ap_id,
|
ap_id: user.ap_id,
|
||||||
also_known_as: user.also_known_as,
|
also_known_as: user.also_known_as,
|
||||||
|
|
|
@ -320,6 +320,8 @@ defmodule Pleroma.Web.Router do
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/oauth", Pleroma.Web.OAuth do
|
scope "/oauth", Pleroma.Web.OAuth do
|
||||||
|
# Note: use /api/v1/accounts/verify_credentials for userinfo of signed-in user
|
||||||
|
|
||||||
get("/registration_details", OAuthController, :registration_details)
|
get("/registration_details", OAuthController, :registration_details)
|
||||||
|
|
||||||
post("/mfa/verify", MFAController, :verify, as: :mfa_verify)
|
post("/mfa/verify", MFAController, :verify, as: :mfa_verify)
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
</div>
|
</div>
|
||||||
<span class="display-name" style="padding-left: 0.5em;">
|
<span class="display-name" style="padding-left: 0.5em;">
|
||||||
<bdi><%= raw (@author.name |> Formatter.emojify(@author.emoji)) %></bdi>
|
<bdi><%= raw (@author.name |> Formatter.emojify(@author.emoji)) %></bdi>
|
||||||
<span class="nickname"><%= full_nickname(@author) %></span>
|
<span class="nickname">@<%= full_nickname(@author) %></span>
|
||||||
</span>
|
</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -17,6 +17,8 @@ defmodule Pleroma.Web.EmbedView do
|
||||||
|
|
||||||
use Phoenix.HTML
|
use Phoenix.HTML
|
||||||
|
|
||||||
|
defdelegate full_nickname(user), to: User
|
||||||
|
|
||||||
@media_types ["image", "audio", "video"]
|
@media_types ["image", "audio", "video"]
|
||||||
|
|
||||||
defp fetch_media_type(%{"mediaType" => mediaType}) do
|
defp fetch_media_type(%{"mediaType" => mediaType}) do
|
||||||
|
@ -30,11 +32,6 @@ defp open_content? do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
defp full_nickname(user) do
|
|
||||||
%{host: host} = URI.parse(user.ap_id)
|
|
||||||
"@" <> user.nickname <> "@" <> host
|
|
||||||
end
|
|
||||||
|
|
||||||
defp status_title(%Activity{object: %Object{data: %{"name" => name}}}) when is_binary(name),
|
defp status_title(%Activity{object: %Object{data: %{"name" => name}}}) when is_binary(name),
|
||||||
do: name
|
do: name
|
||||||
|
|
||||||
|
|
|
@ -2232,6 +2232,36 @@ test "Notifications are updated", %{user: user} do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "local_nickname/1" do
|
||||||
|
test "returns nickname without host" do
|
||||||
|
assert User.local_nickname("@mentioned") == "mentioned"
|
||||||
|
assert User.local_nickname("a_local_nickname") == "a_local_nickname"
|
||||||
|
assert User.local_nickname("nickname@host.com") == "nickname"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "full_nickname/1" do
|
||||||
|
test "returns fully qualified nickname for local and remote users" do
|
||||||
|
local_user =
|
||||||
|
insert(:user, nickname: "local_user", ap_id: "https://somehost.com/users/local_user")
|
||||||
|
|
||||||
|
remote_user = insert(:user, nickname: "remote@host.com", local: false)
|
||||||
|
|
||||||
|
assert User.full_nickname(local_user) == "local_user@somehost.com"
|
||||||
|
assert User.full_nickname(remote_user) == "remote@host.com"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "strips leading @ from mentions" do
|
||||||
|
assert User.full_nickname("@mentioned") == "mentioned"
|
||||||
|
assert User.full_nickname("@nickname@host.com") == "nickname@host.com"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not modify nicknames" do
|
||||||
|
assert User.full_nickname("nickname") == "nickname"
|
||||||
|
assert User.full_nickname("nickname@host.com") == "nickname@host.com"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
test "avatar fallback" do
|
test "avatar fallback" do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
assert User.avatar_url(user) =~ "/images/avi.png"
|
assert User.avatar_url(user) =~ "/images/avi.png"
|
||||||
|
|
|
@ -73,6 +73,7 @@ test "Represent a user account" do
|
||||||
},
|
},
|
||||||
fields: []
|
fields: []
|
||||||
},
|
},
|
||||||
|
fqn: "shp@shitposter.club",
|
||||||
pleroma: %{
|
pleroma: %{
|
||||||
ap_id: user.ap_id,
|
ap_id: user.ap_id,
|
||||||
also_known_as: ["https://shitposter.zone/users/shp"],
|
also_known_as: ["https://shitposter.zone/users/shp"],
|
||||||
|
@ -172,6 +173,7 @@ test "Represent a Service(bot) account" do
|
||||||
},
|
},
|
||||||
fields: []
|
fields: []
|
||||||
},
|
},
|
||||||
|
fqn: "shp@shitposter.club",
|
||||||
pleroma: %{
|
pleroma: %{
|
||||||
ap_id: user.ap_id,
|
ap_id: user.ap_id,
|
||||||
also_known_as: [],
|
also_known_as: [],
|
||||||
|
|
Loading…
Reference in a new issue