summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/pleroma/bbs/authenticator.ex3
-rw-r--r--lib/pleroma/mfa.ex3
-rw-r--r--lib/pleroma/plugs/authentication_plug.ex7
-rw-r--r--lib/pleroma/user.ex3
-rw-r--r--lib/pleroma/web/api_spec/operations/timeline_operation.ex199
-rw-r--r--lib/pleroma/web/auth/totp_authenticator.ex3
-rw-r--r--lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex18
-rw-r--r--lib/pleroma/web/mongooseim/mongoose_im_controller.ex3
8 files changed, 220 insertions, 19 deletions
diff --git a/lib/pleroma/bbs/authenticator.ex b/lib/pleroma/bbs/authenticator.ex
index e5b37f33e..d4494b003 100644
--- a/lib/pleroma/bbs/authenticator.ex
+++ b/lib/pleroma/bbs/authenticator.ex
@@ -4,7 +4,6 @@
defmodule Pleroma.BBS.Authenticator do
use Sshd.PasswordAuthenticator
- alias Comeonin.Pbkdf2
alias Pleroma.User
def authenticate(username, password) do
@@ -12,7 +11,7 @@ defmodule Pleroma.BBS.Authenticator do
password = to_string(password)
with %User{} = user <- User.get_by_nickname(username) do
- Pbkdf2.checkpw(password, user.password_hash)
+ Pbkdf2.verify_pass(password, user.password_hash)
else
_e -> false
end
diff --git a/lib/pleroma/mfa.ex b/lib/pleroma/mfa.ex
index d353a4dad..2b77f5426 100644
--- a/lib/pleroma/mfa.ex
+++ b/lib/pleroma/mfa.ex
@@ -7,7 +7,6 @@ defmodule Pleroma.MFA do
The MFA context.
"""
- alias Comeonin.Pbkdf2
alias Pleroma.User
alias Pleroma.MFA.BackupCodes
@@ -72,7 +71,7 @@ defmodule Pleroma.MFA do
@spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
def generate_backup_codes(%User{} = user) do
with codes <- BackupCodes.generate(),
- hashed_codes <- Enum.map(codes, &Pbkdf2.hashpwsalt/1),
+ hashed_codes <- Enum.map(codes, &Pbkdf2.hash_pwd_salt/1),
changeset <- Changeset.cast_backup_codes(user, hashed_codes),
{:ok, _} <- User.update_and_set_cache(changeset) do
{:ok, codes}
diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex
index 0061c69dc..ae4a235bd 100644
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@@ -3,7 +3,6 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.AuthenticationPlug do
- alias Comeonin.Pbkdf2
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
@@ -18,7 +17,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
end
def checkpw(password, "$pbkdf2" <> _ = password_hash) do
- Pbkdf2.checkpw(password, password_hash)
+ Pbkdf2.verify_pass(password, password_hash)
end
def checkpw(_password, _password_hash) do
@@ -37,7 +36,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
} = conn,
_
) do
- if Pbkdf2.checkpw(password, password_hash) do
+ if Pbkdf2.verify_pass(password, password_hash) do
conn
|> assign(:user, auth_user)
|> OAuthScopesPlug.skip_plug()
@@ -47,7 +46,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
end
def call(%{assigns: %{auth_credentials: %{password: _}}} = conn, _) do
- Pbkdf2.dummy_checkpw()
+ Pbkdf2.no_user_verify()
conn
end
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index a86cc3202..cba391072 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -9,7 +9,6 @@ defmodule Pleroma.User do
import Ecto.Query
import Ecto, only: [assoc: 2]
- alias Comeonin.Pbkdf2
alias Ecto.Multi
alias Pleroma.Activity
alias Pleroma.Config
@@ -1926,7 +1925,7 @@ defmodule Pleroma.User do
defp put_password_hash(
%Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
) do
- change(changeset, password_hash: Pbkdf2.hashpwsalt(password))
+ change(changeset, password_hash: Pbkdf2.hash_pwd_salt(password))
end
defp put_password_hash(changeset), do: changeset
diff --git a/lib/pleroma/web/api_spec/operations/timeline_operation.ex b/lib/pleroma/web/api_spec/operations/timeline_operation.ex
new file mode 100644
index 000000000..1b89035d4
--- /dev/null
+++ b/lib/pleroma/web/api_spec/operations/timeline_operation.ex
@@ -0,0 +1,199 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.TimelineOperation do
+ alias OpenApiSpex.Operation
+ alias OpenApiSpex.Schema
+ alias Pleroma.Web.ApiSpec.Schemas.ApiError
+ alias Pleroma.Web.ApiSpec.Schemas.BooleanLike
+ alias Pleroma.Web.ApiSpec.Schemas.Status
+ alias Pleroma.Web.ApiSpec.Schemas.VisibilityScope
+
+ import Pleroma.Web.ApiSpec.Helpers
+
+ def open_api_operation(action) do
+ operation = String.to_existing_atom("#{action}_operation")
+ apply(__MODULE__, operation, [])
+ end
+
+ def home_operation do
+ %Operation{
+ tags: ["Timelines"],
+ summary: "Home timeline",
+ description: "View statuses from followed users",
+ security: [%{"oAuth" => ["read:statuses"]}],
+ parameters: [
+ local_param(),
+ with_muted_param(),
+ exclude_visibilities_param(),
+ reply_visibility_param(),
+ with_relationships_param() | pagination_params()
+ ],
+ operationId: "TimelineController.home",
+ responses: %{
+ 200 => Operation.response("Array of Status", "application/json", array_of_statuses())
+ }
+ }
+ end
+
+ def direct_operation do
+ %Operation{
+ tags: ["Timelines"],
+ summary: "Direct timeline",
+ description:
+ "View statuses with a “direct” privacy, from your account or in your notifications",
+ deprecated: true,
+ parameters: pagination_params(),
+ security: [%{"oAuth" => ["read:statuses"]}],
+ operationId: "TimelineController.direct",
+ responses: %{
+ 200 => Operation.response("Array of Status", "application/json", array_of_statuses())
+ }
+ }
+ end
+
+ def public_operation do
+ %Operation{
+ tags: ["Timelines"],
+ summary: "Public timeline",
+ security: [%{"oAuth" => ["read:statuses"]}],
+ parameters: [
+ local_param(),
+ only_media_param(),
+ with_muted_param(),
+ exclude_visibilities_param(),
+ reply_visibility_param(),
+ with_relationships_param() | pagination_params()
+ ],
+ operationId: "TimelineController.public",
+ responses: %{
+ 200 => Operation.response("Array of Status", "application/json", array_of_statuses()),
+ 401 => Operation.response("Error", "application/json", ApiError)
+ }
+ }
+ end
+
+ def hashtag_operation do
+ %Operation{
+ tags: ["Timelines"],
+ summary: "Hashtag timeline",
+ description: "View public statuses containing the given hashtag",
+ security: [%{"oAuth" => ["read:statuses"]}],
+ parameters: [
+ Operation.parameter(
+ :tag,
+ :path,
+ %Schema{type: :string},
+ "Content of a #hashtag, not including # symbol.",
+ required: true
+ ),
+ Operation.parameter(
+ :any,
+ :query,
+ %Schema{type: :array, items: %Schema{type: :string}},
+ "Statuses that also includes any of these tags"
+ ),
+ Operation.parameter(
+ :all,
+ :query,
+ %Schema{type: :array, items: %Schema{type: :string}},
+ "Statuses that also includes all of these tags"
+ ),
+ Operation.parameter(
+ :none,
+ :query,
+ %Schema{type: :array, items: %Schema{type: :string}},
+ "Statuses that do not include these tags"
+ ),
+ local_param(),
+ only_media_param(),
+ with_muted_param(),
+ exclude_visibilities_param(),
+ with_relationships_param() | pagination_params()
+ ],
+ operationId: "TimelineController.hashtag",
+ responses: %{
+ 200 => Operation.response("Array of Status", "application/json", array_of_statuses())
+ }
+ }
+ end
+
+ def list_operation do
+ %Operation{
+ tags: ["Timelines"],
+ summary: "List timeline",
+ description: "View statuses in the given list timeline",
+ security: [%{"oAuth" => ["read:lists"]}],
+ parameters: [
+ Operation.parameter(
+ :list_id,
+ :path,
+ %Schema{type: :string},
+ "Local ID of the list in the database",
+ required: true
+ ),
+ with_muted_param(),
+ exclude_visibilities_param(),
+ with_relationships_param() | pagination_params()
+ ],
+ operationId: "TimelineController.list",
+ responses: %{
+ 200 => Operation.response("Array of Status", "application/json", array_of_statuses())
+ }
+ }
+ end
+
+ defp array_of_statuses do
+ %Schema{
+ title: "ArrayOfStatuses",
+ type: :array,
+ items: Status,
+ example: [Status.schema().example]
+ }
+ end
+
+ defp with_relationships_param do
+ Operation.parameter(:with_relationships, :query, BooleanLike, "Include relationships")
+ end
+
+ defp local_param do
+ Operation.parameter(
+ :local,
+ :query,
+ %Schema{allOf: [BooleanLike], default: false},
+ "Show only local statuses?"
+ )
+ end
+
+ defp with_muted_param do
+ Operation.parameter(:with_muted, :query, BooleanLike, "Includeactivities by muted users")
+ end
+
+ defp exclude_visibilities_param do
+ Operation.parameter(
+ :exclude_visibilities,
+ :query,
+ %Schema{type: :array, items: VisibilityScope},
+ "Exclude the statuses with the given visibilities"
+ )
+ end
+
+ defp reply_visibility_param do
+ Operation.parameter(
+ :reply_visibility,
+ :query,
+ %Schema{type: :string, enum: ["following", "self"]},
+ "Filter replies. Possible values: without parameter (default) shows all replies, `following` - replies directed to you or users you follow, `self` - replies directed to you."
+ )
+ end
+
+ defp only_media_param do
+ Operation.parameter(
+ :only_media,
+ :query,
+ %Schema{allOf: [BooleanLike], default: false},
+ "Show only statuses with media attached?"
+ )
+ end
+end
diff --git a/lib/pleroma/web/auth/totp_authenticator.ex b/lib/pleroma/web/auth/totp_authenticator.ex
index 98aca9a51..04e489c83 100644
--- a/lib/pleroma/web/auth/totp_authenticator.ex
+++ b/lib/pleroma/web/auth/totp_authenticator.ex
@@ -3,7 +3,6 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Auth.TOTPAuthenticator do
- alias Comeonin.Pbkdf2
alias Pleroma.MFA
alias Pleroma.MFA.TOTP
alias Pleroma.User
@@ -31,7 +30,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticator do
code
)
when is_list(codes) and is_binary(code) do
- hash_code = Enum.find(codes, fn hash -> Pbkdf2.checkpw(code, hash) end)
+ hash_code = Enum.find(codes, fn hash -> Pbkdf2.verify_pass(code, hash) end)
if hash_code do
MFA.invalidate_backup_code(user, hash_code)
diff --git a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
index 2d67e19da..bbd576ffd 100644
--- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
use Pleroma.Web, :controller
import Pleroma.Web.ControllerHelper,
- only: [add_link_headers: 2, add_link_headers: 3, truthy_param?: 1, skip_relationships?: 1]
+ only: [add_link_headers: 2, add_link_headers: 3, skip_relationships?: 1]
alias Pleroma.Pagination
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
@@ -15,6 +15,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
+ plug(Pleroma.Web.ApiSpec.CastAndValidate)
plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:public, :hashtag])
# TODO: Replace with a macro when there is a Phoenix release with the following commit in it:
@@ -37,10 +38,13 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
+ defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TimelineOperation
+
# GET /api/v1/timelines/home
def home(%{assigns: %{user: user}} = conn, params) do
params =
params
+ |> Map.new(fn {key, value} -> {to_string(key), value} end)
|> Map.put("type", ["Create", "Announce"])
|> Map.put("blocking_user", user)
|> Map.put("muting_user", user)
@@ -68,6 +72,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
def direct(%{assigns: %{user: user}} = conn, params) do
params =
params
+ |> Map.new(fn {key, value} -> {to_string(key), value} end)
|> Map.put("type", "Create")
|> Map.put("blocking_user", user)
|> Map.put("user", user)
@@ -90,7 +95,9 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
# GET /api/v1/timelines/public
def public(%{assigns: %{user: user}} = conn, params) do
- local_only = truthy_param?(params["local"])
+ params = Map.new(params, fn {key, value} -> {to_string(key), value} end)
+
+ local_only = params["local"]
cfg_key =
if local_only do
@@ -157,8 +164,8 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
# GET /api/v1/timelines/tag/:tag
def hashtag(%{assigns: %{user: user}} = conn, params) do
- local_only = truthy_param?(params["local"])
-
+ params = Map.new(params, fn {key, value} -> {to_string(key), value} end)
+ local_only = params["local"]
activities = hashtag_fetching(params, user, local_only)
conn
@@ -172,10 +179,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
end
# GET /api/v1/timelines/list/:list_id
- def list(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do
+ def list(%{assigns: %{user: user}} = conn, %{list_id: id} = params) do
with %Pleroma.List{title: _title, following: following} <- Pleroma.List.get(id, user) do
params =
params
+ |> Map.new(fn {key, value} -> {to_string(key), value} end)
|> Map.put("type", "Create")
|> Map.put("blocking_user", user)
|> Map.put("user", user)
diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
index 1ed6ee521..0814b3bc3 100644
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@@ -5,7 +5,6 @@
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
use Pleroma.Web, :controller
- alias Comeonin.Pbkdf2
alias Pleroma.Plugs.RateLimiter
alias Pleroma.Repo
alias Pleroma.User
@@ -28,7 +27,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
def check_password(conn, %{"user" => username, "pass" => password}) do
with %User{password_hash: password_hash, deactivated: false} <-
Repo.get_by(User, nickname: username, local: true),
- true <- Pbkdf2.checkpw(password, password_hash) do
+ true <- Pbkdf2.verify_pass(password, password_hash) do
conn
|> json(true)
else
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 09:36:33 +0000