admin api endpoints for invites

lib/pleroma/web/admin_api/admin_api_controller.ex

@@ -9,6 +9,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   alias Pleroma.Web.AdminAPI.AccountView
   alias Pleroma.Web.AdminAPI.Search
 
+  alias Pleroma.UserInviteToken
+
   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
 
   require Logger
@@ -235,7 +237,7 @@ def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params)
     with true <-
            Pleroma.Config.get([:instance, :invites_enabled]) &&
              !Pleroma.Config.get([:instance, :registrations_open]),
-         {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
+         {:ok, invite_token} <- UserInviteToken.create_invite(),
          email <-
            Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
          {:ok, _} <- Pleroma.Mailer.deliver(email) do
@@ -244,11 +246,29 @@ def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params)
   end
 
   @doc "Get a account registeration invite token (base64 string)"
-  def get_invite_token(conn, _params) do
+  def get_invite_token(conn, params) do
-    {:ok, token} = Pleroma.UserInviteToken.create_token()
+    options = params["invite"] || %{}
+    {:ok, invite} = UserInviteToken.create_invite(options)
 
     conn
-    |> json(token.token)
+    |> json(invite.token)
+  end
+
+  @doc "Get list of created invites"
+  def invites_list(conn, _params) do
+    invites = UserInviteToken.list_invites()
+
+    conn
+    |> json(AccountView.render("invites.json", %{invites: invites}))
+  end
+
+  @doc "Revokes invite by token"
+  def invite_revoke(conn, %{"token" => token}) do
+    invite = UserInviteToken.find_by_token!(token)
+    {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true})
+
+    conn
+    |> json(AccountView.render("invite.json", %{invite: updated_invite}))
   end
 
   @doc "Get a password reset token (base64 string) for given nickname"

lib/pleroma/web/admin_api/views/account_view.ex

@@ -26,4 +26,22 @@ def render("show.json", %{user: user}) do
       "tags" => user.tags || []
     }
   end
+
+  def render("invite.json", %{invite: invite}) do
+    %{
+      "id" => invite.id,
+      "token" => invite.token,
+      "used" => invite.used,
+      "expire_at" => invite.expire_at,
+      "uses" => invite.uses,
+      "max_use" => invite.max_use,
+      "invite_type" => invite.invite_type
+    }
+  end
+
+  def render("invites.json", %{invites: invites}) do
+    %{
+      invites: render_many(invites, AccountView, "invite.json", as: :invite)
+    }
+  end
 end

lib/pleroma/web/router.ex

@@ -163,6 +163,8 @@ defmodule Pleroma.Web.Router do
     delete("/relay", AdminAPIController, :relay_unfollow)
 
     get("/invite_token", AdminAPIController, :get_invite_token)
+    get("/invites_list", AdminAPIController, :invites_list)
+    post("/invite_revoke", AdminAPIController, :invite_revoke)
     post("/email_invite", AdminAPIController, :email_invite)
 
     get("/password_reset", AdminAPIController, :get_password_reset)

test/web/admin_api/admin_api_controller_test.exs

@@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
   use Pleroma.Web.ConnCase
 
   alias Pleroma.User
+  alias Pleroma.UserInviteToken
   import Pleroma.Factory
 
   describe "/api/pleroma/admin/user" do
@@ -80,14 +81,13 @@ test "allows to force-follow another user" do
       user = insert(:user)
       follower = insert(:user)
 
-      conn =
+      build_conn()
-        build_conn()
+      |> assign(:user, admin)
-        |> assign(:user, admin)
+      |> put_req_header("accept", "application/json")
-        |> put_req_header("accept", "application/json")
+      |> post("/api/pleroma/admin/user/follow", %{
-        |> post("/api/pleroma/admin/user/follow", %{
+        "follower" => follower.nickname,
-          "follower" => follower.nickname,
+        "followed" => user.nickname
-          "followed" => user.nickname
+      })
-        })
 
       user = User.get_by_id(user.id)
       follower = User.get_by_id(follower.id)
@@ -104,14 +104,13 @@ test "allows to force-unfollow another user" do
 
       User.follow(follower, user)
 
-      conn =
+      build_conn()
-        build_conn()
+      |> assign(:user, admin)
-        |> assign(:user, admin)
+      |> put_req_header("accept", "application/json")
-        |> put_req_header("accept", "application/json")
+      |> post("/api/pleroma/admin/user/unfollow", %{
-        |> post("/api/pleroma/admin/user/unfollow", %{
+        "follower" => follower.nickname,
-          "follower" => follower.nickname,
+        "followed" => user.nickname
-          "followed" => user.nickname
+      })
-        })
 
       user = User.get_by_id(user.id)
       follower = User.get_by_id(follower.id)
@@ -642,4 +641,136 @@ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
                "tags" => []
              }
   end
+
+  describe "GET /api/pleroma/admin/invite_token" do
+    test "without options" do
+      admin = insert(:user, info: %{is_admin: true})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/invite_token")
+
+      token = json_response(conn, 200)
+      invite = UserInviteToken.find_by_token!(token)
+      refute invite.used
+      refute invite.expire_at
+      refute invite.max_use
+      assert invite.invite_type == "one_time"
+    end
+
+    test "with expire_at" do
+      admin = insert(:user, info: %{is_admin: true})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/invite_token", %{
+          "invite" => %{"expire_at" => Date.to_string(Date.utc_today())}
+        })
+
+      token = json_response(conn, 200)
+      invite = UserInviteToken.find_by_token!(token)
+
+      refute invite.used
+      assert invite.expire_at == Date.utc_today()
+      refute invite.max_use
+      assert invite.invite_type == "date_limited"
+    end
+
+    test "with max_use" do
+      admin = insert(:user, info: %{is_admin: true})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/invite_token", %{
+          "invite" => %{"max_use" => 150}
+        })
+
+      token = json_response(conn, 200)
+      invite = UserInviteToken.find_by_token!(token)
+      refute invite.used
+      refute invite.expire_at
+      assert invite.max_use == 150
+      assert invite.invite_type == "reusable"
+    end
+
+    test "with max use and expire_at" do
+      admin = insert(:user, info: %{is_admin: true})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/invite_token", %{
+          "invite" => %{"max_use" => 150, "expire_at" => Date.to_string(Date.utc_today())}
+        })
+
+      token = json_response(conn, 200)
+      invite = UserInviteToken.find_by_token!(token)
+      refute invite.used
+      assert invite.expire_at == Date.utc_today()
+      assert invite.max_use == 150
+      assert invite.invite_type == "reusable_date_limited"
+    end
+  end
+
+  describe "GET /api/pleroma/admin/invites_list" do
+    test "no invites" do
+      admin = insert(:user, info: %{is_admin: true})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/invites_list")
+
+      assert json_response(conn, 200) == %{"invites" => []}
+    end
+
+    test "with invite" do
+      admin = insert(:user, info: %{is_admin: true})
+      {:ok, invite} = UserInviteToken.create_invite()
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/invites_list")
+
+      assert json_response(conn, 200) == %{
+               "invites" => [
+                 %{
+                   "expire_at" => nil,
+                   "id" => invite.id,
+                   "invite_type" => "one_time",
+                   "max_use" => nil,
+                   "token" => invite.token,
+                   "used" => false,
+                   "uses" => 0
+                 }
+               ]
+             }
+    end
+  end
+
+  describe "POST /api/pleroma/admin/invite_revoke" do
+    test "with token" do
+      admin = insert(:user, info: %{is_admin: true})
+      {:ok, invite} = UserInviteToken.create_invite()
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> post("/api/pleroma/admin/invite_revoke", %{"token" => invite.token})
+
+      assert json_response(conn, 200) == %{
+               "expire_at" => nil,
+               "id" => invite.id,
+               "invite_type" => "one_time",
+               "max_use" => nil,
+               "token" => invite.token,
+               "used" => true,
+               "uses" => 0
+             }
+    end
+  end
 end