diff options
| -rw-r--r-- | lib/pleroma/plugs/http_security_plug.ex | 1 | ||||
| -rw-r--r-- | lib/pleroma/user.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 7 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api_controller.ex | 9 | ||||
| -rw-r--r-- | test/plugs/http_security_plug_test.exs | 2 | ||||
| -rw-r--r-- | test/user_test.exs | 12 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 27 |
7 files changed, 54 insertions, 6 deletions
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 960c7f6bf..31c7332f8 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do [ "default-src 'none'", "base-uri 'self'", - "form-action *", "frame-ancestors 'none'", "img-src 'self' data: https:", "media-src 'self' https:", diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index be634a8e1..6e1d5559d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -498,7 +498,7 @@ defmodule Pleroma.User do Repo.all(query) end - def search(query, resolve) do + def search(query, resolve \\ false) do # strip the beginning @ off if there is a query query = String.trim_leading(query, "@") diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5e81db00b..462369806 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -250,7 +250,12 @@ defmodule Pleroma.Web.Router do get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline) end - scope "/api", Pleroma.Web do + scope "/api", Pleroma.Web, as: :twitter_api_search do + pipe_through(:api) + get("/pleroma/search_user", TwitterAPI.Controller, :search_user) + end + + scope "/api", Pleroma.Web, as: :authenticated_twitter_api do pipe_through(:authenticated_api) get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index dfcafdcc9..cd0e2121c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -130,7 +130,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do query = ActivityPub.fetch_activities_query( [user.ap_id], - Map.merge(params, %{"type" => "Create", visibility: "direct"}) + Map.merge(params, %{"type" => "Create", "user" => user, visibility: "direct"}) ) activities = Repo.all(query) @@ -529,6 +529,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do |> render(ActivityView, "index.json", %{activities: activities, for: user}) end + def search_user(%{assigns: %{user: user}} = conn, %{"query" => query}) do + users = User.search(query, true) + + conn + |> render(UserView, "index.json", %{users: users, for: user}) + end + defp bad_request_reply(conn, error_message) do json = error_json(conn, error_message) json_reply(conn, 400, json) diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs index 55040a108..169c3b3a8 100644 --- a/test/plugs/http_security_plug_test.exs +++ b/test/plugs/http_security_plug_test.exs @@ -60,6 +60,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do end test "referrer-policy header reflects configured value", %{conn: conn} do + Config.put([:http_security, :enabled], true) + conn = conn |> get("/api/v1/instance") diff --git a/test/user_test.exs b/test/user_test.exs index 7dec3462f..231f1d94d 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -578,4 +578,16 @@ defmodule Pleroma.UserTest do assert cached_user != user end end + + describe "User.search" do + test "finds a user, ranking by similarity" do + user = insert(:user, %{name: "lain"}) + user_two = insert(:user, %{name: "ean"}) + user_three = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social"}) + user_four = insert(:user, %{nickname: "lain@pleroma.soykaf.com"}) + + assert user_four == + User.search("lain@ple") |> List.first() |> Map.put(:search_distance, nil) + end + end end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 788e3a6eb..6bdcb4fd8 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -284,6 +284,12 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do "visibility" => "direct" }) + {:ok, direct_two} = + CommonAPI.post(user_two, %{ + "status" => "Hi @#{user_one.nickname}!", + "visibility" => "direct" + }) + {:ok, _follower_only} = CommonAPI.post(user_one, %{ "status" => "Hi @#{user_two.nickname}!", @@ -296,8 +302,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> assign(:user, user_two) |> get("/api/statuses/dm_timeline.json") - [status] = json_response(res_conn, 200) - assert status["id"] == direct.id + [status, status_two] = json_response(res_conn, 200) + assert status["id"] == direct_two.id + assert status_two["id"] == direct.id end end @@ -1211,4 +1218,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert relationship["follows_you"] == false end end + + describe "GET /api/pleroma/search_user" do + test "it returns users, ordered by similarity", %{conn: conn} do + user = insert(:user, %{name: "eal"}) + user_two = insert(:user, %{name: "ean"}) + user_three = insert(:user, %{name: "ebn"}) + + resp = + conn + |> get(twitter_api_search__path(conn, :search_user), query: "eal") + |> json_response(200) + + assert length(resp) == 3 + assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end) + end + end end |