diff options
| author | lain <lain@soykaf.club> | 2020-04-09 13:25:27 +0200 | 
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-04-09 13:25:27 +0200 | 
| commit | d35e114acddf339ed398aeab02bf94abe229ac36 (patch) | |
| tree | e35bbf60afa823fd1fdf2b0366249a31f040cd29 | |
| parent | 8e637ae1a7b75fa08679ae9cf424650fc105de85 (diff) | |
| parent | b87b798ca1660224a3192c32b035c19b18e11587 (diff) | |
| download | pleroma-d35e114acddf339ed398aeab02bf94abe229ac36.tar.gz pleroma-d35e114acddf339ed398aeab02bf94abe229ac36.zip | |
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms
26 files changed, 467 insertions, 91 deletions
| diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index 58d702347..57fb6bc6a 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -392,6 +392,19 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret    - `email`    - `name`, optional +- Response: +  - On success: `204`, empty response +  - On failure: +    - 400 Bad Request, JSON: + +    ```json +      [ +        { +          "error": "Appropriate error message here" +        } +      ] +    ``` +  ## `GET /api/pleroma/admin/users/:nickname/password_reset`  ### Get a password reset token for a given nickname diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index e2a658cb3..c44e7fc8b 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -35,9 +35,19 @@ defmodule Pleroma.Formatter do          nickname_text = get_nickname_text(nickname, opts)          link = -          ~s(<span class="h-card"><a data-user="#{id}" class="u-url mention" href="#{ap_id}" rel="ugc">@<span>#{ -            nickname_text -          }</span></a></span>) +          Phoenix.HTML.Tag.content_tag( +            :span, +            Phoenix.HTML.Tag.content_tag( +              :a, +              ["@", Phoenix.HTML.Tag.content_tag(:span, nickname_text)], +              "data-user": id, +              class: "u-url mention", +              href: ap_id, +              rel: "ugc" +            ), +            class: "h-card" +          ) +          |> Phoenix.HTML.safe_to_string()          {link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}} @@ -49,7 +59,15 @@ defmodule Pleroma.Formatter do    def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do      tag = String.downcase(tag)      url = "#{Pleroma.Web.base_url()}/tag/#{tag}" -    link = ~s(<a class="hashtag" data-tag="#{tag}" href="#{url}" rel="tag ugc">#{tag_text}</a>) + +    link = +      Phoenix.HTML.Tag.content_tag(:a, tag_text, +        class: "hashtag", +        "data-tag": tag, +        href: url, +        rel: "tag ugc" +      ) +      |> Phoenix.HTML.safe_to_string()      {link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}}    end diff --git a/lib/pleroma/gun/conn.ex b/lib/pleroma/gun/conn.ex index 20823a765..cd25a2e74 100644 --- a/lib/pleroma/gun/conn.ex +++ b/lib/pleroma/gun/conn.ex @@ -49,8 +49,10 @@ defmodule Pleroma.Gun.Conn do      key = "#{uri.scheme}:#{uri.host}:#{uri.port}" +    max_connections = pool_opts[:max_connections] || 250 +      conn_pid = -      if Connections.count(name) < opts[:max_connection] do +      if Connections.count(name) < max_connections do          do_open(uri, opts)        else          close_least_used_and_do_open(name, uri, opts) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index ff828aa17..71c8c3a4e 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -16,6 +16,7 @@ defmodule Pleroma.User do    alias Pleroma.Conversation.Participation    alias Pleroma.Delivery    alias Pleroma.FollowingRelationship +  alias Pleroma.Formatter    alias Pleroma.HTML    alias Pleroma.Keys    alias Pleroma.Notification @@ -452,7 +453,7 @@ defmodule Pleroma.User do        fields =          raw_fields -        |> Enum.map(fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end) +        |> Enum.map(fn f -> Map.update!(f, "value", &parse_fields(&1)) end)        changeset        |> put_change(:raw_fields, raw_fields) @@ -462,6 +463,12 @@ defmodule Pleroma.User do      end    end +  defp parse_fields(value) do +    value +    |> Formatter.linkify(mentions_format: :full) +    |> elem(0) +  end +    defp put_change_if_present(changeset, map_field, value_function) do      if value = get_change(changeset, map_field) do        with {:ok, new_value} <- value_function.(value) do @@ -1979,17 +1986,6 @@ defmodule Pleroma.User do    def fields(%{fields: fields}), do: fields -  def sanitized_fields(%User{} = user) do -    user -    |> User.fields() -    |> Enum.map(fn %{"name" => name, "value" => value} -> -      %{ -        "name" => name, -        "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly) -      } -    end) -  end -    def validate_fields(changeset, remote? \\ false) do      limit_name = if remote?, do: :max_remote_account_fields, else: :max_account_fields      limit = Pleroma.Config.get([:instance, limit_name], 0) diff --git a/lib/pleroma/web/activity_pub/object_validators/types/object_id.ex b/lib/pleroma/web/activity_pub/object_validators/types/object_id.ex index ee10be0b0..f6e749b33 100644 --- a/lib/pleroma/web/activity_pub/object_validators/types/object_id.ex +++ b/lib/pleroma/web/activity_pub/object_validators/types/object_id.ex @@ -6,14 +6,10 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.Types.ObjectID do    def cast(object) when is_binary(object) do      # Host has to be present and scheme has to be an http scheme (for now)      case URI.parse(object) do -      %URI{host: nil} -> -        :error - -      %URI{scheme: scheme} when scheme in ["https", "http"] -> -        {:ok, object} - -      _ -> -        :error +      %URI{host: nil} -> :error +      %URI{host: ""} -> :error +      %URI{scheme: scheme} when scheme in ["https", "http"] -> {:ok, object} +      _ -> :error      end    end diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index ca5439920..fdbd24acb 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -576,9 +576,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do    @doc "Sends registration invite via email"    def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do -    with true <- -           Config.get([:instance, :invites_enabled]) && -             !Config.get([:instance, :registrations_open]), +    with {_, false} <- {:registrations_open, Config.get([:instance, :registrations_open])}, +         {_, true} <- {:invites_enabled, Config.get([:instance, :invites_enabled])},           {:ok, invite_token} <- UserInviteToken.create_invite(),           email <-             Pleroma.Emails.UserEmail.user_invitation_email( @@ -589,6 +588,18 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do             ),           {:ok, _} <- Pleroma.Emails.Mailer.deliver(email) do        json_response(conn, :no_content, "") +    else +      {:registrations_open, _} -> +        errors( +          conn, +          {:error, "To send invites you need to set the `registrations_open` option to false."} +        ) + +      {:invites_enabled, _} -> +        errors( +          conn, +          {:error, "To send invites you need to set the `invites_enabled` option to true."} +        )      end    end diff --git a/lib/pleroma/web/api_spec.ex b/lib/pleroma/web/api_spec.ex new file mode 100644 index 000000000..41e48a085 --- /dev/null +++ b/lib/pleroma/web/api_spec.ex @@ -0,0 +1,44 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec do +  alias OpenApiSpex.OpenApi +  alias Pleroma.Web.Endpoint +  alias Pleroma.Web.Router + +  @behaviour OpenApi + +  @impl OpenApi +  def spec do +    %OpenApi{ +      servers: [ +        # Populate the Server info from a phoenix endpoint +        OpenApiSpex.Server.from_endpoint(Endpoint) +      ], +      info: %OpenApiSpex.Info{ +        title: "Pleroma", +        description: Application.spec(:pleroma, :description) |> to_string(), +        version: Application.spec(:pleroma, :vsn) |> to_string() +      }, +      # populate the paths from a phoenix router +      paths: OpenApiSpex.Paths.from_router(Router), +      components: %OpenApiSpex.Components{ +        securitySchemes: %{ +          "oAuth" => %OpenApiSpex.SecurityScheme{ +            type: "oauth2", +            flows: %OpenApiSpex.OAuthFlows{ +              password: %OpenApiSpex.OAuthFlow{ +                authorizationUrl: "/oauth/authorize", +                tokenUrl: "/oauth/token", +                scopes: %{"read" => "read"} +              } +            } +          } +        } +      } +    } +    # discover request/response schemas from path specs +    |> OpenApiSpex.resolve_schema_modules() +  end +end diff --git a/lib/pleroma/web/api_spec/helpers.ex b/lib/pleroma/web/api_spec/helpers.ex new file mode 100644 index 000000000..35cf4c0d8 --- /dev/null +++ b/lib/pleroma/web/api_spec/helpers.ex @@ -0,0 +1,27 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.Helpers do +  def request_body(description, schema_ref, opts \\ []) do +    media_types = ["application/json", "multipart/form-data"] + +    content = +      media_types +      |> Enum.map(fn type -> +        {type, +         %OpenApiSpex.MediaType{ +           schema: schema_ref, +           example: opts[:example], +           examples: opts[:examples] +         }} +      end) +      |> Enum.into(%{}) + +    %OpenApiSpex.RequestBody{ +      description: description, +      content: content, +      required: opts[:required] || false +    } +  end +end diff --git a/lib/pleroma/web/api_spec/operations/app_operation.ex b/lib/pleroma/web/api_spec/operations/app_operation.ex new file mode 100644 index 000000000..26d8dbd42 --- /dev/null +++ b/lib/pleroma/web/api_spec/operations/app_operation.ex @@ -0,0 +1,96 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.AppOperation do +  alias OpenApiSpex.Operation +  alias OpenApiSpex.Schema +  alias Pleroma.Web.ApiSpec.Helpers +  alias Pleroma.Web.ApiSpec.Schemas.AppCreateRequest +  alias Pleroma.Web.ApiSpec.Schemas.AppCreateResponse + +  @spec open_api_operation(atom) :: Operation.t() +  def open_api_operation(action) do +    operation = String.to_existing_atom("#{action}_operation") +    apply(__MODULE__, operation, []) +  end + +  @spec create_operation() :: Operation.t() +  def create_operation do +    %Operation{ +      tags: ["apps"], +      summary: "Create an application", +      description: "Create a new application to obtain OAuth2 credentials", +      operationId: "AppController.create", +      requestBody: Helpers.request_body("Parameters", AppCreateRequest, required: true), +      responses: %{ +        200 => Operation.response("App", "application/json", AppCreateResponse), +        422 => +          Operation.response( +            "Unprocessable Entity", +            "application/json", +            %Schema{ +              type: :object, +              description: +                "If a required parameter is missing or improperly formatted, the request will fail.", +              properties: %{ +                error: %Schema{type: :string} +              }, +              example: %{ +                "error" => "Validation failed: Redirect URI must be an absolute URI." +              } +            } +          ) +      } +    } +  end + +  def verify_credentials_operation do +    %Operation{ +      tags: ["apps"], +      summary: "Verify your app works", +      description: "Confirm that the app's OAuth2 credentials work.", +      operationId: "AppController.verify_credentials", +      security: [ +        %{ +          "oAuth" => ["read"] +        } +      ], +      responses: %{ +        200 => +          Operation.response("App", "application/json", %Schema{ +            type: :object, +            description: +              "If the Authorization header was provided with a valid token, you should see your app returned as an Application entity.", +            properties: %{ +              name: %Schema{type: :string}, +              vapid_key: %Schema{type: :string}, +              website: %Schema{type: :string, nullable: true} +            }, +            example: %{ +              "name" => "My App", +              "vapid_key" => +                "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=", +              "website" => "https://myapp.com/" +            } +          }), +        422 => +          Operation.response( +            "Unauthorized", +            "application/json", +            %Schema{ +              type: :object, +              description: +                "If the Authorization header contains an invalid token, is malformed, or is not present, an error will be returned indicating an authorization failure.", +              properties: %{ +                error: %Schema{type: :string} +              }, +              example: %{ +                "error" => "The access token is invalid." +              } +            } +          ) +      } +    } +  end +end diff --git a/lib/pleroma/web/api_spec/schemas/app_create_request.ex b/lib/pleroma/web/api_spec/schemas/app_create_request.ex new file mode 100644 index 000000000..8a83abef3 --- /dev/null +++ b/lib/pleroma/web/api_spec/schemas/app_create_request.ex @@ -0,0 +1,33 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.Schemas.AppCreateRequest do +  alias OpenApiSpex.Schema +  require OpenApiSpex + +  OpenApiSpex.schema(%{ +    title: "AppCreateRequest", +    description: "POST body for creating an app", +    type: :object, +    properties: %{ +      client_name: %Schema{type: :string, description: "A name for your application."}, +      redirect_uris: %Schema{ +        type: :string, +        description: +          "Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter." +      }, +      scopes: %Schema{ +        type: :string, +        description: "Space separated list of scopes. If none is provided, defaults to `read`." +      }, +      website: %Schema{type: :string, description: "A URL to the homepage of your app"} +    }, +    required: [:client_name, :redirect_uris], +    example: %{ +      "client_name" => "My App", +      "redirect_uris" => "https://myapp.com/auth/callback", +      "website" => "https://myapp.com/" +    } +  }) +end diff --git a/lib/pleroma/web/api_spec/schemas/app_create_response.ex b/lib/pleroma/web/api_spec/schemas/app_create_response.ex new file mode 100644 index 000000000..f290fb031 --- /dev/null +++ b/lib/pleroma/web/api_spec/schemas/app_create_response.ex @@ -0,0 +1,33 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.Schemas.AppCreateResponse do +  alias OpenApiSpex.Schema + +  require OpenApiSpex + +  OpenApiSpex.schema(%{ +    title: "AppCreateResponse", +    description: "Response schema for an app", +    type: :object, +    properties: %{ +      id: %Schema{type: :string}, +      name: %Schema{type: :string}, +      client_id: %Schema{type: :string}, +      client_secret: %Schema{type: :string}, +      redirect_uri: %Schema{type: :string}, +      vapid_key: %Schema{type: :string}, +      website: %Schema{type: :string, nullable: true} +    }, +    example: %{ +      "id" => "123", +      "name" => "My App", +      "client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM", +      "client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw", +      "vapid_key" => +        "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=", +      "website" => "https://myapp.com/" +    } +  }) +end diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex index 5e2871f18..005c60444 100644 --- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex @@ -14,17 +14,20 @@ defmodule Pleroma.Web.MastodonAPI.AppController do    action_fallback(Pleroma.Web.MastodonAPI.FallbackController)    plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :verify_credentials) +  plug(OpenApiSpex.Plug.CastAndValidate)    @local_mastodon_name "Mastodon-Local" +  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AppOperation +    @doc "POST /api/v1/apps" -  def create(conn, params) do +  def create(%{body_params: params} = conn, _params) do      scopes = Scopes.fetch_scopes(params, ["read"])      app_attrs =        params -      |> Map.drop(["scope", "scopes"]) -      |> Map.put("scopes", scopes) +      |> Map.take([:client_name, :redirect_uris, :website]) +      |> Map.put(:scopes, scopes)      with cs <- App.register_changeset(%App{}, app_attrs),           false <- cs.changes[:client_name] == @local_mastodon_name, diff --git a/lib/pleroma/web/oauth/scopes.ex b/lib/pleroma/web/oauth/scopes.ex index 8ecf901f3..1023f16d4 100644 --- a/lib/pleroma/web/oauth/scopes.ex +++ b/lib/pleroma/web/oauth/scopes.ex @@ -15,7 +15,12 @@ defmodule Pleroma.Web.OAuth.Scopes do    Note: `scopes` is used by Mastodon — supporting it but sticking to    OAuth's standard `scope` wherever we control it    """ -  @spec fetch_scopes(map(), list()) :: list() +  @spec fetch_scopes(map() | struct(), list()) :: list() + +  def fetch_scopes(%Pleroma.Web.ApiSpec.Schemas.AppCreateRequest{scopes: scopes}, default) do +    parse_scopes(scopes, default) +  end +    def fetch_scopes(params, default) do      parse_scopes(params["scope"] || params["scopes"], default)    end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5a0902739..3ecd59cd1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -29,6 +29,7 @@ defmodule Pleroma.Web.Router do      plug(Pleroma.Plugs.SetUserSessionIdPlug)      plug(Pleroma.Plugs.EnsureUserKeyPlug)      plug(Pleroma.Plugs.IdempotencyPlug) +    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)    end    pipeline :authenticated_api do @@ -44,6 +45,7 @@ defmodule Pleroma.Web.Router do      plug(Pleroma.Plugs.SetUserSessionIdPlug)      plug(Pleroma.Plugs.EnsureAuthenticatedPlug)      plug(Pleroma.Plugs.IdempotencyPlug) +    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)    end    pipeline :admin_api do @@ -61,6 +63,7 @@ defmodule Pleroma.Web.Router do      plug(Pleroma.Plugs.EnsureAuthenticatedPlug)      plug(Pleroma.Plugs.UserIsAdminPlug)      plug(Pleroma.Plugs.IdempotencyPlug) +    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)    end    pipeline :mastodon_html do @@ -94,10 +97,12 @@ defmodule Pleroma.Web.Router do    pipeline :config do      plug(:accepts, ["json", "xml"]) +    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)    end    pipeline :pleroma_api do      plug(:accepts, ["html", "json"]) +    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)    end    pipeline :mailbox_preview do @@ -500,6 +505,12 @@ defmodule Pleroma.Web.Router do      )    end +  scope "/api" do +    pipe_through(:api) + +    get("/openapi", OpenApiSpex.Plug.RenderSpec, []) +  end +    scope "/api", Pleroma.Web, as: :authenticated_twitter_api do      pipe_through(:authenticated_api) @@ -179,7 +179,8 @@ defmodule Pleroma.Mixfile do         git: "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git",         ref: "e0f16822d578866e186a0974d65ad58cddc1e2ab"},        {:mox, "~> 0.5", only: :test}, -      {:restarter, path: "./restarter"} +      {:restarter, path: "./restarter"}, +      {:open_api_spex, "~> 3.6"}      ] ++ oauth_deps()    end @@ -74,6 +74,7 @@    "nimble_parsec": {:hex, :nimble_parsec, "0.5.3", "def21c10a9ed70ce22754fdeea0810dafd53c2db3219a0cd54cf5526377af1c6", [:mix], [], "hexpm", "589b5af56f4afca65217a1f3eb3fee7e79b09c40c742fddc1c312b3ac0b3399f"},    "nodex": {:git, "https://git.pleroma.social/pleroma/nodex", "cb6730f943cfc6aad674c92161be23a8411f15d1", [ref: "cb6730f943cfc6aad674c92161be23a8411f15d1"]},    "oban": {:hex, :oban, "0.12.1", "695e9490c6e0edfca616d80639528e448bd29b3bff7b7dd10a56c79b00a5d7fb", [:mix], [{:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.14", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c1d58d69b8b5a86e7167abbb8cc92764a66f25f12f6172052595067fc6a30a17"}, +  "open_api_spex": {:hex, :open_api_spex, "3.6.0", "64205aba9f2607f71b08fd43e3351b9c5e9898ec5ef49fc0ae35890da502ade9", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 3.1", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm", "126ba3473966277132079cb1d5bf1e3df9e36fe2acd00166e75fd125cecb59c5"},    "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},    "pbkdf2_elixir": {:hex, :pbkdf2_elixir, "0.12.4", "8dd29ed783f2e12195d7e0a4640effc0a7c37e6537da491f1db01839eee6d053", [:mix], [], "hexpm", "595d09db74cb093b1903381c9de423276a931a2480a46a1a5dc7f932a2a6375b"},    "phoenix": {:hex, :phoenix, "1.4.13", "67271ad69b51f3719354604f4a3f968f83aa61c19199343656c9caee057ff3b8", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.8.1 or ~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ab765a0feddb81fc62e2116c827b5f068df85159c162bee760745276ad7ddc1b"}, diff --git a/test/formatter_test.exs b/test/formatter_test.exs index cf8441cf6..93fd8eab7 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -150,13 +150,13 @@ defmodule Pleroma.FormatterTest do        assert length(mentions) == 3        expected_text = -        ~s(<span class="h-card"><a data-user="#{gsimg.id}" class="u-url mention" href="#{ +        ~s(<span class="h-card"><a class="u-url mention" data-user="#{gsimg.id}" href="#{            gsimg.ap_id -        }" rel="ugc">@<span>gsimg</span></a></span> According to <span class="h-card"><a data-user="#{ +        }" rel="ugc">@<span>gsimg</span></a></span> According to <span class="h-card"><a class="u-url mention" data-user="#{            archaeme.id -        }" class="u-url mention" href="#{"https://archeme/@archa_eme_"}" rel="ugc">@<span>archa_eme_</span></a></span>, that is @daggsy. Also hello <span class="h-card"><a data-user="#{ +        }" href="#{"https://archeme/@archa_eme_"}" rel="ugc">@<span>archa_eme_</span></a></span>, that is @daggsy. Also hello <span class="h-card"><a class="u-url mention" data-user="#{            archaeme_remote.id -        }" class="u-url mention" href="#{archaeme_remote.ap_id}" rel="ugc">@<span>archaeme</span></a></span>) +        }" href="#{archaeme_remote.ap_id}" rel="ugc">@<span>archaeme</span></a></span>)        assert expected_text == text      end @@ -171,7 +171,7 @@ defmodule Pleroma.FormatterTest do        assert length(mentions) == 1        expected_text = -        ~s(<span class="h-card"><a data-user="#{mike.id}" class="u-url mention" href="#{ +        ~s(<span class="h-card"><a class="u-url mention" data-user="#{mike.id}" href="#{            mike.ap_id          }" rel="ugc">@<span>mike</span></a></span> test) @@ -187,7 +187,7 @@ defmodule Pleroma.FormatterTest do        assert length(mentions) == 1        expected_text = -        ~s(<span class="h-card"><a data-user="#{o.id}" class="u-url mention" href="#{o.ap_id}" rel="ugc">@<span>o</span></a></span> hi) +        ~s(<span class="h-card"><a class="u-url mention" data-user="#{o.id}" href="#{o.ap_id}" rel="ugc">@<span>o</span></a></span> hi)        assert expected_text == text      end @@ -209,17 +209,13 @@ defmodule Pleroma.FormatterTest do        assert mentions == [{"@#{user.nickname}", user}, {"@#{other_user.nickname}", other_user}]        assert expected_text == -               ~s(<span class="h-card"><a data-user="#{user.id}" class="u-url mention" href="#{ +               ~s(<span class="h-card"><a class="u-url mention" data-user="#{user.id}" href="#{                   user.ap_id -               }" rel="ugc">@<span>#{user.nickname}</span></a></span> <span class="h-card"><a data-user="#{ +               }" rel="ugc">@<span>#{user.nickname}</span></a></span> <span class="h-card"><a class="u-url mention" data-user="#{                   other_user.id -               }" class="u-url mention" href="#{other_user.ap_id}" rel="ugc">@<span>#{ -                 other_user.nickname -               }</span></a></span> hey dudes i hate <span class="h-card"><a data-user="#{ +               }" href="#{other_user.ap_id}" rel="ugc">@<span>#{other_user.nickname}</span></a></span> hey dudes i hate <span class="h-card"><a class="u-url mention" data-user="#{                   third_user.id -               }" class="u-url mention" href="#{third_user.ap_id}" rel="ugc">@<span>#{ -                 third_user.nickname -               }</span></a></span>) +               }" href="#{third_user.ap_id}" rel="ugc">@<span>#{third_user.nickname}</span></a></span>)      end      test "given the 'safe_mention' option, it will still work without any mention" do diff --git a/test/user_test.exs b/test/user_test.exs index 0479f294d..d39787f35 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1404,7 +1404,7 @@ defmodule Pleroma.UserTest do        bio = "A.k.a. @nick@domain.com"        expected_text = -        ~s(A.k.a. <span class="h-card"><a data-user="#{remote_user.id}" class="u-url mention" href="#{ +        ~s(A.k.a. <span class="h-card"><a class="u-url mention" data-user="#{remote_user.id}" href="#{            remote_user.ap_id          }" rel="ugc">@<span>nick@domain.com</span></a></span>) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index fe8a086d8..f02f6ae7a 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -625,6 +625,39 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do        assert json_response(conn, :forbidden)      end + +    test "email with +", %{conn: conn, admin: admin} do +      recipient_email = "foo+bar@baz.com" + +      conn +      |> put_req_header("content-type", "application/json;charset=utf-8") +      |> post("/api/pleroma/admin/users/email_invite", %{email: recipient_email}) +      |> json_response(:no_content) + +      token_record = +        Pleroma.UserInviteToken +        |> Repo.all() +        |> List.last() + +      assert token_record +      refute token_record.used + +      notify_email = Config.get([:instance, :notify_email]) +      instance_name = Config.get([:instance, :name]) + +      email = +        Pleroma.Emails.UserEmail.user_invitation_email( +          admin, +          token_record, +          recipient_email +        ) + +      Swoosh.TestAssertions.assert_email_sent( +        from: {instance_name, notify_email}, +        to: recipient_email, +        html_body: email.html_body +      ) +    end    end    describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do @@ -637,7 +670,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do        conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD") -      assert json_response(conn, :internal_server_error) +      assert json_response(conn, :bad_request) == +               "To send invites you need to set the `invites_enabled` option to true."      end      test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do @@ -646,7 +680,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do        conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD") -      assert json_response(conn, :internal_server_error) +      assert json_response(conn, :bad_request) == +               "To send invites you need to set the `registrations_open` option to false."      end    end diff --git a/test/web/api_spec/app_operation_test.exs b/test/web/api_spec/app_operation_test.exs new file mode 100644 index 000000000..5b96abb44 --- /dev/null +++ b/test/web/api_spec/app_operation_test.exs @@ -0,0 +1,45 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.AppOperationTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Web.ApiSpec +  alias Pleroma.Web.ApiSpec.Schemas.AppCreateRequest +  alias Pleroma.Web.ApiSpec.Schemas.AppCreateResponse + +  import OpenApiSpex.TestAssertions +  import Pleroma.Factory + +  test "AppCreateRequest example matches schema" do +    api_spec = ApiSpec.spec() +    schema = AppCreateRequest.schema() +    assert_schema(schema.example, "AppCreateRequest", api_spec) +  end + +  test "AppCreateResponse example matches schema" do +    api_spec = ApiSpec.spec() +    schema = AppCreateResponse.schema() +    assert_schema(schema.example, "AppCreateResponse", api_spec) +  end + +  test "AppController produces a AppCreateResponse", %{conn: conn} do +    api_spec = ApiSpec.spec() +    app_attrs = build(:oauth_app) + +    json = +      conn +      |> put_req_header("content-type", "application/json") +      |> post( +        "/api/v1/apps", +        Jason.encode!(%{ +          client_name: app_attrs.client_name, +          redirect_uris: app_attrs.redirect_uris +        }) +      ) +      |> json_response(200) + +    assert_schema(json, "AppCreateResponse", api_spec) +  end +end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index d383d1714..98cf02d49 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -159,11 +159,11 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do        {output, _, _} = Utils.format_input(text, "text/markdown")        assert output == -               ~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a data-user="#{ +               ~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a class="u-url mention" data-user="#{                   user.id -               }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a data-user="#{ +               }" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a class="u-url mention" data-user="#{                   user.id -               }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>) +               }" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>)      end    end diff --git a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs index b693c1a47..2d256f63c 100644 --- a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs @@ -82,9 +82,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do        assert user_data = json_response(conn, 200)        assert user_data["note"] == -               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{ +               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{                   user2.id -               }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..) +               }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)      end      test "updates the user's locking status", %{conn: conn} do @@ -273,7 +273,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do      test "update fields", %{conn: conn} do        fields = [          %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"}, -        %{"name" => "link", "value" => "cofe.io"} +        %{"name" => "link.io", "value" => "cofe.io"}        ]        account_data = @@ -283,7 +283,10 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do        assert account_data["fields"] == [                 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"}, -               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)} +               %{ +                 "name" => "link.io", +                 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>) +               }               ]        assert account_data["source"]["fields"] == [ @@ -291,14 +294,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do                   "name" => "<a href=\"http://google.com\">foo</a>",                   "value" => "<script>bar</script>"                 }, -               %{"name" => "link", "value" => "cofe.io"} +               %{"name" => "link.io", "value" => "cofe.io"}               ] +    end +    test "update fields via x-www-form-urlencoded", %{conn: conn} do        fields =          [            "fields_attributes[1][name]=link", -          "fields_attributes[1][value]=cofe.io", -          "fields_attributes[0][name]=<a href=\"http://google.com\">foo</a>", +          "fields_attributes[1][value]=http://cofe.io", +          "fields_attributes[0][name]=foo",            "fields_attributes[0][value]=bar"          ]          |> Enum.join("&") @@ -310,32 +315,49 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do          |> json_response(200)        assert account["fields"] == [ -               %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"}, -               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)} +               %{"name" => "foo", "value" => "bar"}, +               %{ +                 "name" => "link", +                 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>) +               }               ]        assert account["source"]["fields"] == [ -               %{ -                 "name" => "<a href=\"http://google.com\">foo</a>", -                 "value" => "bar" -               }, -               %{"name" => "link", "value" => "cofe.io"} +               %{"name" => "foo", "value" => "bar"}, +               %{"name" => "link", "value" => "http://cofe.io"}               ] +    end +    test "update fields with empty name", %{conn: conn} do +      fields = [ +        %{"name" => "foo", "value" => ""}, +        %{"name" => "", "value" => "bar"} +      ] + +      account = +        conn +        |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) +        |> json_response(200) + +      assert account["fields"] == [ +               %{"name" => "foo", "value" => ""} +             ] +    end + +    test "update fields when invalid request", %{conn: conn} do        name_limit = Pleroma.Config.get([:instance, :account_field_name_length])        value_limit = Pleroma.Config.get([:instance, :account_field_value_length]) +      long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()        long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join() -      fields = [%{"name" => "<b>foo<b>", "value" => long_value}] +      fields = [%{"name" => "foo", "value" => long_value}]        assert %{"error" => "Invalid request"} ==                 conn                 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})                 |> json_response(403) -      long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join() -        fields = [%{"name" => long_name, "value" => "bar"}]        assert %{"error" => "Invalid request"} == @@ -346,7 +368,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do        Pleroma.Config.put([:instance, :max_account_fields], 1)        fields = [ -        %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"}, +        %{"name" => "foo", "value" => "bar"},          %{"name" => "link", "value" => "cofe.io"}        ] @@ -354,20 +376,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do                 conn                 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})                 |> json_response(403) - -      fields = [ -        %{"name" => "foo", "value" => ""}, -        %{"name" => "", "value" => "bar"} -      ] - -      account = -        conn -        |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) -        |> json_response(200) - -      assert account["fields"] == [ -               %{"name" => "foo", "value" => ""} -             ]      end    end  end diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index a9fa0ce48..a450a732c 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -794,7 +794,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do      test "Account registration via Application", %{conn: conn} do        conn = -        post(conn, "/api/v1/apps", %{ +        conn +        |> put_req_header("content-type", "application/json") +        |> post("/api/v1/apps", %{            client_name: "client_name",            redirect_uris: "urn:ietf:wg:oauth:2.0:oob",            scopes: "read, write, follow" diff --git a/test/web/mastodon_api/controllers/app_controller_test.exs b/test/web/mastodon_api/controllers/app_controller_test.exs index 77d234d67..e7b11d14e 100644 --- a/test/web/mastodon_api/controllers/app_controller_test.exs +++ b/test/web/mastodon_api/controllers/app_controller_test.exs @@ -16,8 +16,7 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do      conn =        conn -      |> assign(:user, token.user) -      |> assign(:token, token) +      |> put_req_header("authorization", "Bearer #{token.token}")        |> get("/api/v1/apps/verify_credentials")      app = Repo.preload(token, :app).app @@ -37,6 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do      conn =        conn +      |> put_req_header("content-type", "application/json")        |> assign(:user, user)        |> post("/api/v1/apps", %{          client_name: app_attrs.client_name, diff --git a/test/web/mastodon_api/controllers/notification_controller_test.exs b/test/web/mastodon_api/controllers/notification_controller_test.exs index 344eabb4a..6f1fab069 100644 --- a/test/web/mastodon_api/controllers/notification_controller_test.exs +++ b/test/web/mastodon_api/controllers/notification_controller_test.exs @@ -26,7 +26,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do        |> get("/api/v1/notifications")      expected_response = -      "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{ +      "hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{          user.ap_id        }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>" @@ -45,7 +45,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do      conn = get(conn, "/api/v1/notifications/#{notification.id}")      expected_response = -      "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{ +      "hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{          user.ap_id        }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>" diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 92f9aa0f5..f6e13b661 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -109,7 +109,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do      {:ok, user2} = TwitterAPI.register_user(data2)      expected_text = -      ~s(<span class="h-card"><a data-user="#{user1.id}" class="u-url mention" href="#{ +      ~s(<span class="h-card"><a class="u-url mention" data-user="#{user1.id}" href="#{          user1.ap_id        }" rel="ugc">@<span>john</span></a></span> test) | 
