From a05cb10a95901ff0daacfc17a7709f3a277f1cd4 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 14 Dec 2018 16:38:56 +0300 Subject: [#114] Email confirmation route, action, node setting, User.Info fields. --- lib/pleroma/user.ex | 4 ++++ lib/pleroma/user/info.ex | 6 ++++++ lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 1 + lib/pleroma/web/router.ex | 1 + lib/pleroma/web/twitter_api/twitter_api_controller.ex | 13 +++++++++++++ 5 files changed, 25 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 3ad1ab87a..ee0a0dfb9 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -364,6 +364,10 @@ defmodule Pleroma.User do end end + def get_by_confirmation_token(token) do + Repo.one(from(u in User, where: fragment("? ->> 'confirmation_token' = ?", u.info, ^token))) + end + def get_followers_query(%User{id: id, follower_address: follower_address}) do from( u in User, diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index a3785447c..f75984038 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -9,6 +9,8 @@ defmodule Pleroma.User.Info do field(:note_count, :integer, default: 0) field(:follower_count, :integer, default: 0) field(:locked, :boolean, default: false) + field(:confirmation_pending, :boolean, default: false) + field(:confirmation_token, :string, default: nil) field(:default_scope, :string, default: "public") field(:blocks, {:array, :string}, default: []) field(:domain_blocks, {:array, :string}, default: []) @@ -141,6 +143,10 @@ defmodule Pleroma.User.Info do ]) end + def confirmation_update(info, params) do + cast(info, params, [:confirmation_pending, :confirmation_token]) + end + def mastodon_profile_update(info, params) do info |> cast(params, [ diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 44c11f40a..70921605d 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -132,6 +132,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do banner: Keyword.get(instance, :banner_upload_limit), background: Keyword.get(instance, :background_upload_limit) }, + accountActivationRequired: Keyword.get(instance, :account_activation_required, false), invitesEnabled: Keyword.get(instance, :invites_enabled, false), features: features } diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index dd1985d6e..b2fbc088d 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -281,6 +281,7 @@ defmodule Pleroma.Web.Router do post("/account/register", TwitterAPI.Controller, :register) post("/account/password_reset", TwitterAPI.Controller, :password_reset) + get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email) get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 327620302..2680be25f 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -372,6 +372,19 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end + def confirm_email(conn, %{"token" => token}) do + with %User{} = user <- User.get_by_confirmation_token(token), + true <- user.local, + new_info_fields <- %{confirmation_pending: false, confirmation_token: nil}, + info_change <- User.Info.confirmation_update(user.info, new_info_fields), + changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change), + {:ok, _} <- User.update_and_set_cache(changeset) do + conn + |> put_flash(:info, "Email confirmed. Please sign in.") + |> redirect(to: "/") + end + end + def update_avatar(%{assigns: %{user: user}} = conn, params) do {:ok, object} = ActivityPub.upload(params, type: :avatar) change = Changeset.change(user, %{avatar: object.data}) -- cgit v1.2.3 From 1de0aa2f1025d4a860a11e658ce5fed26fe1c4ad Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Mon, 17 Dec 2018 17:28:58 +0300 Subject: [#114] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed. --- lib/pleroma/emails/user_email.ex | 24 +++++++++++++++++++++- lib/pleroma/user.ex | 2 ++ lib/pleroma/user/info.ex | 14 +++++++++++++ lib/pleroma/web/oauth/oauth_controller.ex | 2 ++ lib/pleroma/web/router.ex | 3 ++- .../web/twitter_api/controllers/util_controller.ex | 2 ++ lib/pleroma/web/twitter_api/twitter_api.ex | 22 ++++++++++++++++++-- .../web/twitter_api/twitter_api_controller.ex | 4 ++-- 8 files changed, 67 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex index 7e3e9b020..856816386 100644 --- a/lib/pleroma/emails/user_email.ex +++ b/lib/pleroma/emails/user_email.ex @@ -15,6 +15,7 @@ defmodule Pleroma.UserEmail do defp recipient(email, nil), do: email defp recipient(email, name), do: {name, email} + defp recipient(%Pleroma.User{} = user), do: recipient(user.email, user.name) def password_reset_email(user, password_reset_token) when is_binary(password_reset_token) do password_reset_url = @@ -32,7 +33,7 @@ defmodule Pleroma.UserEmail do """ new() - |> to(recipient(user.email, user.name)) + |> to(recipient(user)) |> from(sender()) |> subject("Password reset") |> html_body(html_body) @@ -63,4 +64,25 @@ defmodule Pleroma.UserEmail do |> subject("Invitation to #{instance_name()}") |> html_body(html_body) end + + def account_confirmation_email(user) do + confirmation_url = + Router.Helpers.confirm_email_url( + Endpoint, + :confirm_email, + to_string(user.info.confirmation_token) + ) + + html_body = """ +

Welcome to #{instance_name()}!

+

Email confirmation is required to activate the account.

+

Click the following link to proceed: activate your account.

+ """ + + new() + |> to(recipient(user)) + |> from(sender()) + |> subject("#{instance_name()} account confirmation") + |> html_body(html_body) + end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index ee0a0dfb9..a38ead81a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -38,6 +38,8 @@ defmodule Pleroma.User do timestamps() end + def auth_active?(user), do: user.info && !user.info.confirmation_pending + def avatar_url(user) do case user.avatar do %{"url" => [%{"href" => href} | _]} -> href diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index f75984038..9ce9129cd 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -143,6 +143,20 @@ defmodule Pleroma.User.Info do ]) end + def confirmation_update(info, :confirmed) do + confirmation_update(info, %{ + confirmation_pending: false, + confirmation_token: nil + }) + end + + def confirmation_update(info, :unconfirmed) do + confirmation_update(info, %{ + confirmation_pending: true, + confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64() + }) + end + def confirmation_update(info, params) do cast(info, params, [:confirmation_pending, :confirmation_token]) end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 20c2e799b..10158f07e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -31,6 +31,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do }) do with %User{} = user <- User.get_by_nickname_or_email(name), true <- Pbkdf2.checkpw(password, user.password_hash), + true <- User.auth_active?(user), %App{} = app <- Repo.get_by(App, client_id: client_id), {:ok, auth} <- Authorization.create_authorization(app, user) do # Special case: Local MastodonFE. @@ -101,6 +102,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do with %App{} = app <- get_app_from_request(conn, params), %User{} = user <- User.get_by_nickname_or_email(name), true <- Pbkdf2.checkpw(password, user.password_hash), + true <- User.auth_active?(user), {:ok, auth} <- Authorization.create_authorization(app, user), {:ok, token} <- Token.exchange_token(app, auth) do response = %{ diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b2fbc088d..0e4589116 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -281,7 +281,8 @@ defmodule Pleroma.Web.Router do post("/account/register", TwitterAPI.Controller, :register) post("/account/password_reset", TwitterAPI.Controller, :password_reset) - get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email) + + get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email, as: :confirm_email) get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 38653f0b8..3baeba619 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -174,6 +174,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do closed: if(Keyword.get(instance, :registrations_open), do: "0", else: "1"), private: if(Keyword.get(instance, :public, true), do: "0", else: "1"), vapidPublicKey: vapid_public_key, + accountActivationRequired: + if(Keyword.get(instance, :account_activation_required, false), do: "1", else: "0"), invitesEnabled: if(Keyword.get(instance, :invites_enabled, false), do: "1", else: "0") } diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 90b8345c5..b77761aa4 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -1,8 +1,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do alias Pleroma.{UserInviteToken, User, Activity, Repo, Object} + alias Pleroma.{UserEmail, Mailer} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.TwitterAPI.UserView alias Pleroma.Web.CommonAPI + import Ecto.Query def create_status(%User{} = user, %{"status" => _} = data) do @@ -165,6 +167,22 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do with {:ok, user} <- Repo.insert(changeset) do !registrations_open && UserInviteToken.mark_as_used(token.token) + + if Pleroma.Config.get([:instance, :account_activation_required]) do + info_change = User.Info.confirmation_update(user.info, :unconfirmed) + + {:ok, unconfirmed_user} = + user + |> Ecto.Changeset.change() + |> Ecto.Changeset.put_embed(:info, info_change) + |> Repo.update() + + {:ok, _} = + unconfirmed_user + |> UserEmail.account_confirmation_email() + |> Mailer.deliver() + end + {:ok, user} else {:error, changeset} -> @@ -189,8 +207,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do %User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email), {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do user - |> Pleroma.UserEmail.password_reset_email(token_record.token) - |> Pleroma.Mailer.deliver() + |> UserEmail.password_reset_email(token_record.token) + |> Mailer.deliver() else false -> {:error, "bad user identifier"} diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 2680be25f..e8a3150e9 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do require Logger plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline]) + plug(:fetch_flash when action in [:confirm_email]) action_fallback(:errors) def verify_credentials(%{assigns: %{user: user}} = conn, _params) do @@ -375,8 +376,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def confirm_email(conn, %{"token" => token}) do with %User{} = user <- User.get_by_confirmation_token(token), true <- user.local, - new_info_fields <- %{confirmation_pending: false, confirmation_token: nil}, - info_change <- User.Info.confirmation_update(user.info, new_info_fields), + info_change <- User.Info.confirmation_update(user.info, :confirmed), changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change), {:ok, _} <- User.update_and_set_cache(changeset) do conn -- cgit v1.2.3 From b86057cc7f45c79767ff5b83730c2c15ad6bb3bd Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Dec 2018 13:13:57 +0300 Subject: [#114] Refactored User.register_changeset to init confirmation data. Introduced User.register/1 to encapsulate User record creation and post-registration actions. --- lib/pleroma/user.ex | 25 ++++++++++++-- lib/pleroma/web/admin_api/admin_api_controller.ex | 10 +++--- lib/pleroma/web/twitter_api/twitter_api.ex | 41 +++++++---------------- 3 files changed, 41 insertions(+), 35 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a38ead81a..234617574 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -170,7 +170,14 @@ defmodule Pleroma.User do update_and_set_cache(password_update_changeset(user, data)) end - def register_changeset(struct, params \\ %{}) do + def register_changeset(struct, params \\ %{}, opts \\ []) do + confirmation_status = + if opts[:confirmed] || !Pleroma.Config.get([:instance, :account_activation_required]) do + :confirmed + else + :unconfirmed + end + changeset = struct |> cast(params, [:bio, :email, :name, :nickname, :password, :password_confirmation]) @@ -182,7 +189,7 @@ defmodule Pleroma.User do |> validate_format(:email, @email_regex) |> validate_length(:bio, max: 1000) |> validate_length(:name, min: 1, max: 100) - |> put_change(:info, %Pleroma.User.Info{}) + |> put_change(:info, User.Info.confirmation_update(%User.Info{}, confirmation_status)) if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) @@ -199,6 +206,20 @@ defmodule Pleroma.User do end end + @doc "Inserts provided changeset, performs post-registration actions (confirmation email sending etc.)" + def register(%Ecto.Changeset{} = changeset) do + with {:ok, user} <- Repo.insert(changeset) do + if user.info.confirmation_pending do + {:ok, _} = + user + |> Pleroma.UserEmail.account_confirmation_email() + |> Pleroma.Mailer.deliver() + end + + {:ok, user} + end + end + def needs_update?(%User{local: true}), do: false def needs_update?(%User{local: false, last_refreshed_at: nil}), do: true diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 4d73cf219..683310168 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -1,6 +1,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller - alias Pleroma.{User, Repo} + alias Pleroma.User alias Pleroma.Web.ActivityPub.Relay import Pleroma.Web.ControllerHelper, only: [json_response: 3] @@ -26,7 +26,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do conn, %{"nickname" => nickname, "email" => email, "password" => password} ) do - new_user = %{ + user_data = %{ nickname: nickname, name: nickname, email: email, @@ -35,11 +35,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do bio: "." } - User.register_changeset(%User{}, new_user) - |> Repo.insert!() + changeset = User.register_changeset(%User{}, user_data, confirmed: true) + {:ok, user} = User.register(changeset) conn - |> json(new_user.nickname) + |> json(user.nickname) end def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index b77761aa4..d8dd7dfa8 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -161,34 +161,19 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do Repo.get_by(UserInviteToken, %{token: tokenString}) end - cond do - registrations_open || (!is_nil(token) && !token.used) -> - changeset = User.register_changeset(%User{info: %{}}, params) - - with {:ok, user} <- Repo.insert(changeset) do - !registrations_open && UserInviteToken.mark_as_used(token.token) - - if Pleroma.Config.get([:instance, :account_activation_required]) do - info_change = User.Info.confirmation_update(user.info, :unconfirmed) - - {:ok, unconfirmed_user} = - user - |> Ecto.Changeset.change() - |> Ecto.Changeset.put_embed(:info, info_change) - |> Repo.update() - - {:ok, _} = - unconfirmed_user - |> UserEmail.account_confirmation_email() - |> Mailer.deliver() - end - - {:ok, user} - else - {:error, changeset} -> - errors = - Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) - |> Jason.encode!() + cond do + registrations_open || (!is_nil(token) && !token.used) -> + changeset = User.register_changeset(%User{}, params) + + with {:ok, user} <- User.register(changeset) do + !registrations_open && UserInviteToken.mark_as_used(token.token) + + {:ok, user} + else + {:error, changeset} -> + errors = + Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) + |> Jason.encode!() {:error, %{error: errors}} end -- cgit v1.2.3 From aed0f902871524ecc1db0d8c088ce5939e7c685a Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Dec 2018 14:07:05 +0300 Subject: [#114] Added `pleroma.confirmation_pending` to user views, adjusted view tests. --- lib/pleroma/web/mastodon_api/views/account_view.ex | 1 + lib/pleroma/web/twitter_api/views/user_view.ex | 1 + 2 files changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index ebcf9230b..50df88aca 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -62,6 +62,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do # Pleroma extension pleroma: %{ + confirmation_pending: user_info.confirmation_pending, tags: user.tags } } diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 8a88d72b1..45b893eda 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -81,6 +81,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do # Pleroma extension "pleroma" => %{ + "confirmation_pending" => user_info.confirmation_pending, "tags" => user.tags } } -- cgit v1.2.3 From b096e30cffc79a4adf12be88da412a290cd0d190 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Dec 2018 17:13:52 +0300 Subject: [#114] Added email confirmation resend action. Added tests for registration, authentication, email confirmation, confirmation resending. Made admin methods create confirmed users. --- lib/mix/tasks/pleroma/user.ex | 4 ++-- lib/pleroma/user.ex | 28 +++++++++++++--------- lib/pleroma/web/oauth/oauth_controller.ex | 18 ++++++++++++-- lib/pleroma/web/router.ex | 2 ++ .../web/twitter_api/twitter_api_controller.ex | 13 +++++++++- 5 files changed, 49 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 3d30e3a81..51086a443 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -103,8 +103,8 @@ defmodule Mix.Tasks.Pleroma.User do bio: bio } - user = User.register_changeset(%User{}, params) - Repo.insert!(user) + changeset = User.register_changeset(%User{}, params, confirmed: true) + {:ok, _user} = User.register(changeset) Mix.shell().info("User #{nickname} created") diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 234617574..0cd7bc463 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -74,13 +74,15 @@ defmodule Pleroma.User do def user_info(%User{} = user) do oneself = if user.local, do: 1, else: 0 + user_info = user.info %{ following_count: length(user.following) - oneself, - note_count: user.info.note_count, - follower_count: user.info.follower_count, - locked: user.info.locked, - default_scope: user.info.default_scope + note_count: user_info.note_count, + follower_count: user_info.follower_count, + locked: user_info.locked, + confirmation_pending: user_info.confirmation_pending, + default_scope: user_info.default_scope } end @@ -209,17 +211,21 @@ defmodule Pleroma.User do @doc "Inserts provided changeset, performs post-registration actions (confirmation email sending etc.)" def register(%Ecto.Changeset{} = changeset) do with {:ok, user} <- Repo.insert(changeset) do - if user.info.confirmation_pending do - {:ok, _} = - user - |> Pleroma.UserEmail.account_confirmation_email() - |> Pleroma.Mailer.deliver() - end - + {:ok, _} = try_send_confirmation_email(user) {:ok, user} end end + def try_send_confirmation_email(%User{} = user) do + if user.info.confirmation_pending do + user + |> Pleroma.UserEmail.account_confirmation_email() + |> Pleroma.Mailer.deliver() + else + {:ok, :noop} + end + end + def needs_update?(%User{local: true}), do: false def needs_update?(%User{local: false, last_refreshed_at: nil}), do: true diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 10158f07e..9a972ee47 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -31,7 +31,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do }) do with %User{} = user <- User.get_by_nickname_or_email(name), true <- Pbkdf2.checkpw(password, user.password_hash), - true <- User.auth_active?(user), + {:auth_active, true} <- {:auth_active, User.auth_active?(user)}, %App{} = app <- Repo.get_by(App, client_id: client_id), {:ok, auth} <- Authorization.create_authorization(app, user) do # Special case: Local MastodonFE. @@ -64,6 +64,15 @@ defmodule Pleroma.Web.OAuth.OAuthController do redirect(conn, external: url) end + else + {:auth_active, false} -> + conn + |> put_flash(:error, "Account confirmation pending") + |> put_status(:forbidden) + |> authorize(params) + + error -> + error end end @@ -102,7 +111,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do with %App{} = app <- get_app_from_request(conn, params), %User{} = user <- User.get_by_nickname_or_email(name), true <- Pbkdf2.checkpw(password, user.password_hash), - true <- User.auth_active?(user), + {:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:ok, auth} <- Authorization.create_authorization(app, user), {:ok, token} <- Token.exchange_token(app, auth) do response = %{ @@ -115,6 +124,11 @@ defmodule Pleroma.Web.OAuth.OAuthController do json(conn, response) else + {:auth_active, false} -> + conn + |> put_status(:forbidden) + |> json(%{error: "Account confirmation pending"}) + _error -> put_status(conn, 400) |> json(%{error: "Invalid credentials"}) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 0e4589116..ca069ab99 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -284,6 +284,8 @@ defmodule Pleroma.Web.Router do get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email, as: :confirm_email) + post("/account/resend_confirmation_email", TwitterAPI.Controller, :resend_confirmation_email) + get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index e8a3150e9..7286c153b 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -13,7 +13,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do require Logger plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline]) - plug(:fetch_flash when action in [:confirm_email]) + plug(:fetch_flash when action in [:confirm_email, :resend_confirmation_email]) action_fallback(:errors) def verify_credentials(%{assigns: %{user: user}} = conn, _params) do @@ -385,6 +385,17 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end + def resend_confirmation_email(conn, params) do + nickname_or_email = params["email"] || params["nickname"] + + with %User{} = user <- User.get_by_nickname_or_email(nickname_or_email), + {:ok, _} <- User.try_send_confirmation_email(user) do + conn + |> put_flash(:info, "Email confirmation has been sent.") + |> json_response(:no_content, "") + end + end + def update_avatar(%{assigns: %{user: user}} = conn, params) do {:ok, object} = ActivityPub.upload(params, type: :avatar) change = Changeset.change(user, %{avatar: object.data}) -- cgit v1.2.3 From 3371a45884b5d80ff4e8178ea921fe6f6c8d174d Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Dec 2018 17:30:30 +0300 Subject: [#114] Formatting fix. --- lib/pleroma/web/twitter_api/twitter_api.ex | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index d8dd7dfa8..d816dc3bc 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -161,19 +161,19 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do Repo.get_by(UserInviteToken, %{token: tokenString}) end - cond do - registrations_open || (!is_nil(token) && !token.used) -> - changeset = User.register_changeset(%User{}, params) - - with {:ok, user} <- User.register(changeset) do - !registrations_open && UserInviteToken.mark_as_used(token.token) - - {:ok, user} - else - {:error, changeset} -> - errors = - Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) - |> Jason.encode!() + cond do + registrations_open || (!is_nil(token) && !token.used) -> + changeset = User.register_changeset(%User{}, params) + + with {:ok, user} <- User.register(changeset) do + !registrations_open && UserInviteToken.mark_as_used(token.token) + + {:ok, user} + else + {:error, changeset} -> + errors = + Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) + |> Jason.encode!() {:error, %{error: errors}} end -- cgit v1.2.3 From 59fc5d15dfde0120fb10ec14631ad1115a6087a9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 16:27:16 +0300 Subject: [#114] User.Info: renamed `confirmation_update` to `confirmation_change`. --- lib/pleroma/user.ex | 2 +- lib/pleroma/user/info.ex | 10 +++++----- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 0cd7bc463..41d01cbf5 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -191,7 +191,7 @@ defmodule Pleroma.User do |> validate_format(:email, @email_regex) |> validate_length(:bio, max: 1000) |> validate_length(:name, min: 1, max: 100) - |> put_change(:info, User.Info.confirmation_update(%User.Info{}, confirmation_status)) + |> put_change(:info, User.Info.confirmation_change(%User.Info{}, confirmation_status)) if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 9ce9129cd..2800e9cff 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -143,21 +143,21 @@ defmodule Pleroma.User.Info do ]) end - def confirmation_update(info, :confirmed) do - confirmation_update(info, %{ + def confirmation_change(info, :confirmed) do + confirmation_change(info, %{ confirmation_pending: false, confirmation_token: nil }) end - def confirmation_update(info, :unconfirmed) do - confirmation_update(info, %{ + def confirmation_change(info, :unconfirmed) do + confirmation_change(info, %{ confirmation_pending: true, confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64() }) end - def confirmation_update(info, params) do + def confirmation_change(info, params) do cast(info, params, [:confirmation_pending, :confirmation_token]) end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 7286c153b..4bd729b77 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -376,7 +376,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def confirm_email(conn, %{"token" => token}) do with %User{} = user <- User.get_by_confirmation_token(token), true <- user.local, - info_change <- User.Info.confirmation_update(user.info, :confirmed), + info_change <- User.Info.confirmation_change(user.info, :confirmed), changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change), {:ok, _} <- User.update_and_set_cache(changeset) do conn -- cgit v1.2.3 From 968d7490b689ba501a64f350841dc8f9b33b5244 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 16:27:16 +0300 Subject: [#114] User.Info: renamed `confirmation_update` to `confirmation_changeset`. --- lib/pleroma/user.ex | 2 +- lib/pleroma/user/info.ex | 10 +++++----- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 41d01cbf5..4e227b08d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -191,7 +191,7 @@ defmodule Pleroma.User do |> validate_format(:email, @email_regex) |> validate_length(:bio, max: 1000) |> validate_length(:name, min: 1, max: 100) - |> put_change(:info, User.Info.confirmation_change(%User.Info{}, confirmation_status)) + |> put_change(:info, User.Info.confirmation_changeset(%User.Info{}, confirmation_status)) if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 2800e9cff..ad9fe1bbe 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -143,21 +143,21 @@ defmodule Pleroma.User.Info do ]) end - def confirmation_change(info, :confirmed) do - confirmation_change(info, %{ + def confirmation_changeset(info, :confirmed) do + confirmation_changeset(info, %{ confirmation_pending: false, confirmation_token: nil }) end - def confirmation_change(info, :unconfirmed) do - confirmation_change(info, %{ + def confirmation_changeset(info, :unconfirmed) do + confirmation_changeset(info, %{ confirmation_pending: true, confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64() }) end - def confirmation_change(info, params) do + def confirmation_changeset(info, params) do cast(info, params, [:confirmation_pending, :confirmation_token]) end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 4bd729b77..b362f3946 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -376,7 +376,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def confirm_email(conn, %{"token" => token}) do with %User{} = user <- User.get_by_confirmation_token(token), true <- user.local, - info_change <- User.Info.confirmation_change(user.info, :confirmed), + info_change <- User.Info.confirmation_changeset(user.info, :confirmed), changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change), {:ok, _} <- User.update_and_set_cache(changeset) do conn -- cgit v1.2.3 From a532ad5d720cbbe3ef58e09f8ad209bfe15b43c9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 17:24:55 +0300 Subject: [#114] User.register/1 tweak. --- lib/pleroma/user.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 4e227b08d..4b8caf65c 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -210,8 +210,8 @@ defmodule Pleroma.User do @doc "Inserts provided changeset, performs post-registration actions (confirmation email sending etc.)" def register(%Ecto.Changeset{} = changeset) do - with {:ok, user} <- Repo.insert(changeset) do - {:ok, _} = try_send_confirmation_email(user) + with {:ok, user} <- Repo.insert(changeset), + {:ok, _} = try_send_confirmation_email(user) do {:ok, user} end end -- cgit v1.2.3 From 279096228c8b0113a8ea63a73e011934a3226df7 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 18:56:52 +0300 Subject: [#114] Made MastodonAPI and TwitterAPI user show actions return 404 for auth-inactive users unless requested by admin or moderator. --- lib/pleroma/user.ex | 4 +++- lib/pleroma/user/info.ex | 2 ++ lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 3 ++- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 14 +++++++++++--- 4 files changed, 18 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 4b8caf65c..7e792cb0c 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -38,7 +38,9 @@ defmodule Pleroma.User do timestamps() end - def auth_active?(user), do: user.info && !user.info.confirmation_pending + def auth_active?(%User{} = user), do: user.info && !user.info.confirmation_pending + + def superuser?(%User{} = user), do: user.info && User.Info.superuser?(user.info) def avatar_url(user) do case user.avatar do diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index ad9fe1bbe..3de4af56c 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -37,6 +37,8 @@ defmodule Pleroma.User.Info do # subject _> Where is this used? end + def superuser?(info), do: info.is_admin || info.is_moderator + def set_activation_status(info, deactivated) do params = %{deactivated: deactivated} diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 665b75437..c6db89442 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -110,7 +110,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def user(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do - with %User{} = user <- Repo.get(User, id) do + with %User{} = user <- Repo.get(User, id), + true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do account = AccountView.render("account.json", %{user: user, for: for_user}) json(conn, account) else diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index b362f3946..e047ed0ad 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -97,10 +97,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def show_user(conn, params) do - with {:ok, shown} <- TwitterAPI.get_user(params) do + for_user = conn.assigns.user + + with {:ok, shown} <- TwitterAPI.get_user(params), + true <- User.auth_active?(shown) || for_user && (for_user.id == shown.id || User.superuser?(for_user)) do params = - if user = conn.assigns.user do - %{user: shown, for: user} + if for_user do + %{user: shown, for: for_user} else %{user: shown} end @@ -111,6 +114,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do else {:error, msg} -> bad_request_reply(conn, msg) + + false -> + conn + |> put_status(404) + |> json(%{error: "Unconfirmed user"}) end end -- cgit v1.2.3 From b520d44b58db3bac7a883c2220d83d05b07784d0 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 19:03:39 +0300 Subject: [#114] `mix format` --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index e047ed0ad..2b0f7135a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -100,7 +100,9 @@ defmodule Pleroma.Web.TwitterAPI.Controller do for_user = conn.assigns.user with {:ok, shown} <- TwitterAPI.get_user(params), - true <- User.auth_active?(shown) || for_user && (for_user.id == shown.id || User.superuser?(for_user)) do + true <- + User.auth_active?(shown) || + (for_user && (for_user.id == shown.id || User.superuser?(for_user))) do params = if for_user do %{user: shown, for: for_user} -- cgit v1.2.3 From 501ce34d7fbb74f91e8afcaa491625c5a0152597 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 12:55:12 +0300 Subject: [#114] Stylistic adjustments. --- lib/pleroma/user.ex | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 7e792cb0c..7e3a342f1 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -76,15 +76,14 @@ defmodule Pleroma.User do def user_info(%User{} = user) do oneself = if user.local, do: 1, else: 0 - user_info = user.info %{ following_count: length(user.following) - oneself, - note_count: user_info.note_count, - follower_count: user_info.follower_count, - locked: user_info.locked, - confirmation_pending: user_info.confirmation_pending, - default_scope: user_info.default_scope + note_count: user.info.note_count, + follower_count: user.info.follower_count, + locked: user.info.locked, + confirmation_pending: user.info.confirmation_pending, + default_scope: user.info.default_scope } end @@ -182,6 +181,8 @@ defmodule Pleroma.User do :unconfirmed end + info_change = User.Info.confirmation_changeset(%User.Info{}, confirmation_status) + changeset = struct |> cast(params, [:bio, :email, :name, :nickname, :password, :password_confirmation]) @@ -193,7 +194,7 @@ defmodule Pleroma.User do |> validate_format(:email, @email_regex) |> validate_length(:bio, max: 1000) |> validate_length(:name, min: 1, max: 100) - |> put_change(:info, User.Info.confirmation_changeset(%User.Info{}, confirmation_status)) + |> put_change(:info, info_change) if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) -- cgit v1.2.3 From 8adcd1e80f78cdacd245e9b6aacea4b05cb1a880 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 13:05:42 +0300 Subject: [#114] Removed flash messages rendering on redirects. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 2b0f7135a..46dc9b12c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -13,7 +13,6 @@ defmodule Pleroma.Web.TwitterAPI.Controller do require Logger plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline]) - plug(:fetch_flash when action in [:confirm_email, :resend_confirmation_email]) action_fallback(:errors) def verify_credentials(%{assigns: %{user: user}} = conn, _params) do @@ -390,7 +389,6 @@ defmodule Pleroma.Web.TwitterAPI.Controller do changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change), {:ok, _} <- User.update_and_set_cache(changeset) do conn - |> put_flash(:info, "Email confirmed. Please sign in.") |> redirect(to: "/") end end @@ -401,7 +399,6 @@ defmodule Pleroma.Web.TwitterAPI.Controller do with %User{} = user <- User.get_by_nickname_or_email(nickname_or_email), {:ok, _} <- User.try_send_confirmation_email(user) do conn - |> put_flash(:info, "Email confirmation has been sent.") |> json_response(:no_content, "") end end -- cgit v1.2.3 From f69cbf4755b974de0303731327180bb51ed244fc Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 13:41:30 +0300 Subject: [#114] Added :user_id component to email confirmation path to improve the security. Added tests for `confirm_email` action. --- lib/pleroma/emails/user_email.ex | 1 + lib/pleroma/user.ex | 4 ---- lib/pleroma/web/router.ex | 7 ++++++- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 6 ++++-- 4 files changed, 11 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/emails/user_email.ex b/lib/pleroma/emails/user_email.ex index 856816386..8f916f470 100644 --- a/lib/pleroma/emails/user_email.ex +++ b/lib/pleroma/emails/user_email.ex @@ -70,6 +70,7 @@ defmodule Pleroma.UserEmail do Router.Helpers.confirm_email_url( Endpoint, :confirm_email, + user.id, to_string(user.info.confirmation_token) ) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 7e3a342f1..ad50cf558 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -396,10 +396,6 @@ defmodule Pleroma.User do end end - def get_by_confirmation_token(token) do - Repo.one(from(u in User, where: fragment("? ->> 'confirmation_token' = ?", u.info, ^token))) - end - def get_followers_query(%User{id: id, follower_address: follower_address}) do from( u in User, diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index ca069ab99..d1c3b34f6 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -282,7 +282,12 @@ defmodule Pleroma.Web.Router do post("/account/register", TwitterAPI.Controller, :register) post("/account/password_reset", TwitterAPI.Controller, :password_reset) - get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email, as: :confirm_email) + get( + "/account/confirm_email/:user_id/:token", + TwitterAPI.Controller, + :confirm_email, + as: :confirm_email + ) post("/account/resend_confirmation_email", TwitterAPI.Controller, :resend_confirmation_email) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 46dc9b12c..c644681b0 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -382,9 +382,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end - def confirm_email(conn, %{"token" => token}) do - with %User{} = user <- User.get_by_confirmation_token(token), + def confirm_email(conn, %{"user_id" => uid, "token" => token}) do + with %User{} = user <- Repo.get(User, uid), true <- user.local, + true <- user.info.confirmation_pending, + true <- user.info.confirmation_token == token, info_change <- User.Info.confirmation_changeset(user.info, :confirmed), changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change), {:ok, _} <- User.update_and_set_cache(changeset) do -- cgit v1.2.3 From 7cab7de9ff0432a582cfca0852a4b66fdd124c41 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 14:48:48 +0300 Subject: [#114] Allowed unconfirmed users to authenticate if :account_activation_required is disabled prior to confirmation. Ensured that no confirmation emails are sent if :account_activation_required is not true. Adjusted tests. --- lib/pleroma/user.ex | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index ad50cf558..f8827abec 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -38,7 +38,10 @@ defmodule Pleroma.User do timestamps() end - def auth_active?(%User{} = user), do: user.info && !user.info.confirmation_pending + def auth_active?(%User{} = user) do + (user.info && !user.info.confirmation_pending) || + !Pleroma.Config.get([:instance, :account_activation_required]) + end def superuser?(%User{} = user), do: user.info && User.Info.superuser?(user.info) @@ -220,7 +223,8 @@ defmodule Pleroma.User do end def try_send_confirmation_email(%User{} = user) do - if user.info.confirmation_pending do + if user.info.confirmation_pending && + Pleroma.Config.get([:instance, :account_activation_required]) do user |> Pleroma.UserEmail.account_confirmation_email() |> Pleroma.Mailer.deliver() -- cgit v1.2.3