From a62f17da17fbebf817796b0278060abe2829c903 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Sun, 12 Jul 2020 19:11:30 -0500 Subject: Add `approval_pending` field to User --- lib/pleroma/user.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index b9989f901..25c63fc44 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -106,6 +106,7 @@ defmodule Pleroma.User do field(:locked, :boolean, default: false) field(:confirmation_pending, :boolean, default: false) field(:password_reset_pending, :boolean, default: false) + field(:approval_pending, :boolean, default: false) field(:confirmation_token, :string, default: nil) field(:default_scope, :string, default: "public") field(:domain_blocks, {:array, :string}, default: []) @@ -262,6 +263,7 @@ defmodule Pleroma.User do @spec account_status(User.t()) :: account_status() def account_status(%User{deactivated: true}), do: :deactivated def account_status(%User{password_reset_pending: true}), do: :password_reset_pending + def account_status(%User{approval_pending: true}), do: :approval_pending def account_status(%User{confirmation_pending: true}) do if Config.get([:instance, :account_activation_required]) do -- cgit v1.2.3 From 51ab8d0128970dd7458e93578acb36c20b1c185c Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Sun, 12 Jul 2020 20:14:57 -0500 Subject: Add `account_approval_required` instance setting --- lib/pleroma/web/mastodon_api/views/instance_view.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/instance_view.ex b/lib/pleroma/web/mastodon_api/views/instance_view.ex index 5deb0d7ed..243067a73 100644 --- a/lib/pleroma/web/mastodon_api/views/instance_view.ex +++ b/lib/pleroma/web/mastodon_api/views/instance_view.ex @@ -39,6 +39,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do pleroma: %{ metadata: %{ account_activation_required: Keyword.get(instance, :account_activation_required), + account_approval_required: Keyword.get(instance, :account_approval_required), features: features(), federation: federation(), fields_limits: fields_limits() -- cgit v1.2.3 From e4e557781877c7c3e4f6197cc52963025485dbb3 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Sun, 12 Jul 2020 20:15:27 -0500 Subject: Prevent unapproved users from logging in --- lib/pleroma/web/oauth/oauth_controller.ex | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 7683589cf..61fe81d33 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -337,6 +337,16 @@ defmodule Pleroma.Web.OAuth.OAuthController do ) end + defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :approval_pending}) do + render_error( + conn, + :forbidden, + "Your account is awaiting approval.", + %{}, + "awaiting_approval" + ) + end + defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do render_invalid_credentials_error(conn) end -- cgit v1.2.3 From bcfd38c8f3ecd2620bae7fc756ffc3f4bbe2b89e Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Sun, 12 Jul 2020 21:31:13 -0500 Subject: Make a user unapproved when registering with `account_approval_required` on --- lib/pleroma/user.ex | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 25c63fc44..e84900c4f 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -634,8 +634,16 @@ defmodule Pleroma.User do opts[:need_confirmation] end + need_approval? = + if is_nil(opts[:need_approval]) do + Config.get([:instance, :account_approval_required]) + else + opts[:need_approval] + end + struct |> confirmation_changeset(need_confirmation: need_confirmation?) + |> approval_changeset(need_approval: need_approval?) |> cast(params, [ :bio, :raw_bio, @@ -2145,6 +2153,12 @@ defmodule Pleroma.User do cast(user, params, [:confirmation_pending, :confirmation_token]) end + @spec approval_changeset(User.t(), keyword()) :: Changeset.t() + def approval_changeset(user, need_approval: need_approval?) do + params = if need_approval?, do: %{approval_pending: true}, else: %{approval_pending: false} + cast(user, params, [:approval_pending]) + end + def add_pinnned_activity(user, %Pleroma.Activity{id: id}) do if id not in user.pinned_activities do max_pinned_statuses = Config.get([:instance, :max_pinned_statuses], 0) -- cgit v1.2.3 From 5ddf0415c4fd6021422eb38b4625c01ad27582c5 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 00:22:12 -0500 Subject: Accept `reason` in POST /api/v1/accounts and store in DB --- lib/pleroma/user.ex | 4 +++- lib/pleroma/web/twitter_api/twitter_api.ex | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index e84900c4f..51ccf6ffa 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -107,6 +107,7 @@ defmodule Pleroma.User do field(:confirmation_pending, :boolean, default: false) field(:password_reset_pending, :boolean, default: false) field(:approval_pending, :boolean, default: false) + field(:registration_reason, :string, default: nil) field(:confirmation_token, :string, default: nil) field(:default_scope, :string, default: "public") field(:domain_blocks, {:array, :string}, default: []) @@ -653,7 +654,8 @@ defmodule Pleroma.User do :password, :password_confirmation, :emoji, - :accepts_chat_messages + :accepts_chat_messages, + :registration_reason ]) |> validate_required([:name, :nickname, :password, :password_confirmation]) |> validate_confirmation(:password) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 5cfb385ac..4ff021b82 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -19,6 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do |> Map.put(:nickname, params[:username]) |> Map.put(:name, Map.get(params, :fullname, params[:username])) |> Map.put(:password_confirmation, params[:password]) + |> Map.put(:registration_reason, params[:reason]) if Pleroma.Config.get([:instance, :registrations_open]) do create_user(params, opts) -- cgit v1.2.3 From 3062f86613696419f4716a53c3272ceef1b2b119 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Tue, 14 Jul 2020 07:31:21 +0300 Subject: added generated `pleroma.env` --- lib/mix/tasks/pleroma/release_env.ex | 64 ++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 lib/mix/tasks/pleroma/release_env.ex (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/release_env.ex b/lib/mix/tasks/pleroma/release_env.ex new file mode 100644 index 000000000..cbbbdeff6 --- /dev/null +++ b/lib/mix/tasks/pleroma/release_env.ex @@ -0,0 +1,64 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Mix.Tasks.Pleroma.ReleaseEnv do + use Mix.Task + import Mix.Pleroma + + @shortdoc "Generate Pleroma environment file." + @moduledoc File.read!("docs/administration/CLI_tasks/release_environments.md") + + def run(["gen" | rest]) do + {options, [], []} = + OptionParser.parse( + rest, + strict: [ + force: :boolean, + path: :string + ], + aliases: [ + p: :path, + f: :force + ] + ) + + env_path = + get_option( + options, + :path, + "Environment file path", + "config/pleroma.env" + ) + |> Path.expand() + + proceed? = + if File.exists?(env_path) do + get_option( + options, + :force, + "Environment file is exist. Do you want overwritten the #{env_path} file? (y/n)", + "n" + ) === "y" + else + true + end + + if proceed? do + do_generate(env_path) + + shell_info( + "The file generated: #{env_path}.\nTo use the enviroment file need to add the line ';EnvironmentFile=#{ + env_path + }' in service file (/installation/pleroma.service)." + ) + end + end + + def do_generate(path) do + content = "RELEASE_COOKIE=#{Base.encode32(:crypto.strong_rand_bytes(32))}" + + File.mkdir_p!(Path.dirname(path)) + File.write!(path, content) + end +end -- cgit v1.2.3 From a1570ba6ad4c871df3783d06772b2eb8d2d6c4f1 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 13:04:57 -0500 Subject: AdminAPI: Return `registration_reason` with users --- lib/pleroma/web/admin_api/views/account_view.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index e1e929632..78062e520 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -77,7 +77,8 @@ defmodule Pleroma.Web.AdminAPI.AccountView do "roles" => User.roles(user), "tags" => user.tags || [], "confirmation_pending" => user.confirmation_pending, - "url" => user.uri || user.ap_id + "url" => user.uri || user.ap_id, + "registration_reason" => user.registration_reason } end -- cgit v1.2.3 From b750129da1434823746e3dbc237d0e04552fa753 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 13:47:05 -0500 Subject: AdminAPI: Return `approval_pending` with users --- lib/pleroma/web/admin_api/views/account_view.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index 78062e520..bdab04ad2 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -77,6 +77,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do "roles" => User.roles(user), "tags" => user.tags || [], "confirmation_pending" => user.confirmation_pending, + "approval_pending" => user.approval_pending, "url" => user.uri || user.ap_id, "registration_reason" => user.registration_reason } -- cgit v1.2.3 From 33f1b29b2c9cfe6f09c6b088b8b6f7bf14379b9b Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 14:14:43 -0500 Subject: AdminAPI: Filter users by `need_approval` --- lib/pleroma/user/query.ex | 5 +++++ lib/pleroma/web/admin_api/controllers/admin_api_controller.ex | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user/query.ex b/lib/pleroma/user/query.ex index 66ffe9090..45553cb6c 100644 --- a/lib/pleroma/user/query.ex +++ b/lib/pleroma/user/query.ex @@ -42,6 +42,7 @@ defmodule Pleroma.User.Query do external: boolean(), active: boolean(), deactivated: boolean(), + need_approval: boolean(), is_admin: boolean(), is_moderator: boolean(), super_users: boolean(), @@ -146,6 +147,10 @@ defmodule Pleroma.User.Query do |> where([u], not is_nil(u.nickname)) end + defp compose_query({:need_approval, _}, query) do + where(query, [u], u.approval_pending) + end + defp compose_query({:followers, %User{id: id}}, query) do query |> where([u], u.id != ^id) diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index e5f14269a..037a6f269 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -350,7 +350,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end end - @filters ~w(local external active deactivated is_admin is_moderator) + @filters ~w(local external active deactivated need_approval is_admin is_moderator) @spec maybe_parse_filters(String.t()) :: %{required(String.t()) => true} | %{} defp maybe_parse_filters(filters) when is_nil(filters) or filters == "", do: %{} -- cgit v1.2.3 From 20d24741af8ae755ce7f753680a55ca24ef7c1d4 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 18:02:44 -0500 Subject: AdminAPI: Add `PATCH /api/pleroma/admin/users/approve` endpoint --- lib/pleroma/moderation_log.ex | 11 +++++++++++ lib/pleroma/user.ex | 13 +++++++++++++ .../web/admin_api/controllers/admin_api_controller.ex | 16 ++++++++++++++++ lib/pleroma/web/router.ex | 1 + 4 files changed, 41 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/moderation_log.ex b/lib/pleroma/moderation_log.ex index 7aacd9d80..31c9afe2a 100644 --- a/lib/pleroma/moderation_log.ex +++ b/lib/pleroma/moderation_log.ex @@ -409,6 +409,17 @@ defmodule Pleroma.ModerationLog do "@#{actor_nickname} deactivated users: #{users_to_nicknames_string(users)}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "approve", + "subject" => users + } + }) do + "@#{actor_nickname} approved users: #{users_to_nicknames_string(users)}" + end + @spec get_log_entry_message(ModerationLog) :: String.t() def get_log_entry_message(%ModerationLog{ data: %{ diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 51ccf6ffa..439c2c9b6 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1471,6 +1471,19 @@ defmodule Pleroma.User do end end + def approve(users) when is_list(users) do + Repo.transaction(fn -> + Enum.map(users, fn user -> + with {:ok, user} <- approve(user), do: user + end) + end) + end + + def approve(%User{} = user) do + change(user, approval_pending: false) + |> update_and_set_cache() + end + def update_notification_settings(%User{} = user, settings) do user |> cast(%{notification_settings: settings}, []) diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index 037a6f269..53f71fcbf 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -44,6 +44,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do :user_toggle_activation, :user_activate, :user_deactivate, + :user_approve, :tag_users, :untag_users, :right_add, @@ -303,6 +304,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> render("index.json", %{users: Keyword.values(updated_users)}) end + def user_approve(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do + users = Enum.map(nicknames, &User.get_cached_by_nickname/1) + {:ok, updated_users} = User.approve(users) + + ModerationLog.insert_log(%{ + actor: admin, + subject: users, + action: "approve" + }) + + conn + |> put_view(AccountView) + |> render("index.json", %{users: updated_users}) + end + def tag_users(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames, "tags" => tags}) do with {:ok, _} <- User.tag(nicknames, tags) do ModerationLog.insert_log(%{ diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 386308362..c6433cc53 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -138,6 +138,7 @@ defmodule Pleroma.Web.Router do patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation) patch("/users/activate", AdminAPIController, :user_activate) patch("/users/deactivate", AdminAPIController, :user_deactivate) + patch("/users/approve", AdminAPIController, :user_approve) put("/users/tag", AdminAPIController, :tag_users) delete("/users/tag", AdminAPIController, :untag_users) -- cgit v1.2.3 From df3d1bf5e57389e41a70676ccab1df81d83e3d74 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 18:48:17 -0500 Subject: Add :approval_pending to User @type account_status --- lib/pleroma/user.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 439c2c9b6..9c3b46ae8 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -42,7 +42,12 @@ defmodule Pleroma.User do require Logger @type t :: %__MODULE__{} - @type account_status :: :active | :deactivated | :password_reset_pending | :confirmation_pending + @type account_status :: + :active + | :deactivated + | :password_reset_pending + | :confirmation_pending + | :approval_pending @primary_key {:id, FlakeId.Ecto.CompatType, autogenerate: true} # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength -- cgit v1.2.3 From 0d004a9d046f279be8462e8c751b5f1bcec3d35b Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 20:31:20 -0500 Subject: Email admins when a new unapproved account is up for review --- lib/pleroma/emails/admin_email.ex | 14 ++++++++++++++ lib/pleroma/web/twitter_api/twitter_api.ex | 13 +++++++++++++ 2 files changed, 27 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/emails/admin_email.ex b/lib/pleroma/emails/admin_email.ex index aa0b2a66b..fae7faf00 100644 --- a/lib/pleroma/emails/admin_email.ex +++ b/lib/pleroma/emails/admin_email.ex @@ -82,4 +82,18 @@ defmodule Pleroma.Emails.AdminEmail do |> subject("#{instance_name()} Report") |> html_body(html_body) end + + def new_unapproved_registration(to, account) do + html_body = """ +

New account for review: @#{account.nickname}

+
#{account.registration_reason}
+ Visit AdminFE + """ + + new() + |> to({to.name, to.email}) + |> from({instance_name(), instance_notify_email()}) + |> subject("New account up for review on #{instance_name()} (@#{account.nickname})") + |> html_body(html_body) + end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 4ff021b82..2294d9d0d 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -45,6 +45,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do case User.register(changeset) do {:ok, user} -> + maybe_notify_admins(user) {:ok, user} {:error, changeset} -> @@ -57,6 +58,18 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end end + defp maybe_notify_admins(%User{} = account) do + if Pleroma.Config.get([:instance, :account_approval_required]) do + User.all_superusers() + |> Enum.filter(fn user -> not is_nil(user.email) end) + |> Enum.each(fn superuser -> + superuser + |> Pleroma.Emails.AdminEmail.new_unapproved_registration(account) + |> Pleroma.Emails.Mailer.deliver_async() + end) + end + end + def password_reset(nickname_or_email) do with true <- is_binary(nickname_or_email), %User{local: true, email: email} = user when is_binary(email) <- -- cgit v1.2.3 From 9ce95fa68f933c911c10e640b9a32ddae8a631c9 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Wed, 15 Jul 2020 17:04:30 -0500 Subject: Use `approval_required` in /api/v1/instance --- lib/pleroma/web/mastodon_api/views/instance_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/instance_view.ex b/lib/pleroma/web/mastodon_api/views/instance_view.ex index 243067a73..5389d63cd 100644 --- a/lib/pleroma/web/mastodon_api/views/instance_view.ex +++ b/lib/pleroma/web/mastodon_api/views/instance_view.ex @@ -26,6 +26,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do thumbnail: Keyword.get(instance, :instance_thumbnail), languages: ["en"], registrations: Keyword.get(instance, :registrations_open), + approval_required: Keyword.get(instance, :account_approval_required), # Extra (not present in Mastodon): max_toot_chars: Keyword.get(instance, :limit), poll_limits: Keyword.get(instance, :poll_limits), @@ -39,7 +40,6 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do pleroma: %{ metadata: %{ account_activation_required: Keyword.get(instance, :account_activation_required), - account_approval_required: Keyword.get(instance, :account_approval_required), features: features(), federation: federation(), fields_limits: fields_limits() -- cgit v1.2.3 From 4e0e19a7060da9f3eb06ffb0bdb816c7dedb720b Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Thu, 16 Jul 2020 08:52:14 +0300 Subject: update task messages --- lib/mix/tasks/pleroma/release_env.ex | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/release_env.ex b/lib/mix/tasks/pleroma/release_env.ex index cbbbdeff6..63030c5cc 100644 --- a/lib/mix/tasks/pleroma/release_env.ex +++ b/lib/mix/tasks/pleroma/release_env.ex @@ -23,14 +23,15 @@ defmodule Mix.Tasks.Pleroma.ReleaseEnv do ] ) - env_path = + file_path = get_option( options, :path, "Environment file path", - "config/pleroma.env" + "./config/pleroma.env" ) - |> Path.expand() + + env_path = Path.expand(file_path) proceed? = if File.exists?(env_path) do @@ -45,13 +46,24 @@ defmodule Mix.Tasks.Pleroma.ReleaseEnv do end if proceed? do - do_generate(env_path) + case do_generate(env_path) do + {:error, reason} -> + shell_error( + File.Error.message(%{action: "write to file", reason: reason, path: env_path}) + ) - shell_info( - "The file generated: #{env_path}.\nTo use the enviroment file need to add the line ';EnvironmentFile=#{ - env_path - }' in service file (/installation/pleroma.service)." - ) + _ -> + shell_info("\nThe file generated: #{env_path}.\n") + + shell_info(""" + WARNING: before start pleroma app please to made the file read-only and non-modifiable. + Example: + chmod 0444 #{file_path} + chattr +i #{file_path} + """) + end + else + shell_info("\nThe file is exist. #{env_path}.\n") end end @@ -59,6 +71,6 @@ defmodule Mix.Tasks.Pleroma.ReleaseEnv do content = "RELEASE_COOKIE=#{Base.encode32(:crypto.strong_rand_bytes(32))}" File.mkdir_p!(Path.dirname(path)) - File.write!(path, content) + File.write(path, content) end end -- cgit v1.2.3 From c72676d22f9c2e9ed83ba793fe9a85efd7e9a544 Mon Sep 17 00:00:00 2001 From: Maksim Date: Thu, 16 Jul 2020 13:30:17 +0000 Subject: Apply 1 suggestion(s) to 1 file(s) --- lib/mix/tasks/pleroma/release_env.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/release_env.ex b/lib/mix/tasks/pleroma/release_env.ex index 63030c5cc..4d8b6ff27 100644 --- a/lib/mix/tasks/pleroma/release_env.ex +++ b/lib/mix/tasks/pleroma/release_env.ex @@ -56,7 +56,7 @@ defmodule Mix.Tasks.Pleroma.ReleaseEnv do shell_info("\nThe file generated: #{env_path}.\n") shell_info(""" - WARNING: before start pleroma app please to made the file read-only and non-modifiable. + WARNING: before start pleroma app please make sure to make the file read-only and non-modifiable. Example: chmod 0444 #{file_path} chattr +i #{file_path} -- cgit v1.2.3 From 16da9f5cfd63237549da7156e5297d356628a70f Mon Sep 17 00:00:00 2001 From: Maksim Date: Thu, 16 Jul 2020 13:30:28 +0000 Subject: Apply 1 suggestion(s) to 1 file(s) --- lib/mix/tasks/pleroma/release_env.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/mix/tasks/pleroma/release_env.ex b/lib/mix/tasks/pleroma/release_env.ex index 4d8b6ff27..9da74ffcf 100644 --- a/lib/mix/tasks/pleroma/release_env.ex +++ b/lib/mix/tasks/pleroma/release_env.ex @@ -38,7 +38,7 @@ defmodule Mix.Tasks.Pleroma.ReleaseEnv do get_option( options, :force, - "Environment file is exist. Do you want overwritten the #{env_path} file? (y/n)", + "Environment file already exists. Do you want to overwrite the #{env_path} file? (y/n)", "n" ) === "y" else -- cgit v1.2.3 From 5e745567031e87ee0854dca8d10065449af27d9c Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Thu, 16 Jul 2020 20:25:53 -0500 Subject: Sanitize `reason` param in POST /api/v1/accounts --- lib/pleroma/web/twitter_api/twitter_api.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 2294d9d0d..424a705dd 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do alias Pleroma.Emails.Mailer alias Pleroma.Emails.UserEmail + alias Pleroma.HTML alias Pleroma.Repo alias Pleroma.User alias Pleroma.UserInviteToken @@ -19,7 +20,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do |> Map.put(:nickname, params[:username]) |> Map.put(:name, Map.get(params, :fullname, params[:username])) |> Map.put(:password_confirmation, params[:password]) - |> Map.put(:registration_reason, params[:reason]) + |> Map.put(:registration_reason, HTML.strip_tags(params[:reason])) if Pleroma.Config.get([:instance, :registrations_open]) do create_user(params, opts) -- cgit v1.2.3 From 57568437361dd14151e3aa0590c7d1da05141cf4 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Fri, 17 Jul 2020 12:19:41 -0500 Subject: Fully delete users with status :approval_pending --- lib/pleroma/user.ex | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 8e2c9fbe2..23288d434 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1525,12 +1525,13 @@ defmodule Pleroma.User do defp delete_or_deactivate(%User{local: true} = user) do status = account_status(user) - if status == :confirmation_pending do - delete_and_invalidate_cache(user) - else - user - |> change(%{deactivated: true, email: nil}) - |> update_and_set_cache() + case status do + :confirmation_pending -> delete_and_invalidate_cache(user) + :approval_pending -> delete_and_invalidate_cache(user) + _ -> + user + |> change(%{deactivated: true, email: nil}) + |> update_and_set_cache() end end -- cgit v1.2.3 From 6f44a0ee84a8dca7a94a38b45493a444390f13ec Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 27 Jul 2020 15:13:34 -0500 Subject: Add configurable registration_reason limit --- lib/pleroma/user.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a78123fe4..913b6afd1 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -641,6 +641,7 @@ defmodule Pleroma.User do def register_changeset(struct, params \\ %{}, opts \\ []) do bio_limit = Config.get([:instance, :user_bio_length], 5000) name_limit = Config.get([:instance, :user_name_length], 100) + reason_limit = Config.get([:instance, :registration_reason_length], 500) params = Map.put_new(params, :accepts_chat_messages, true) need_confirmation? = @@ -681,6 +682,7 @@ defmodule Pleroma.User do |> validate_format(:email, @email_regex) |> validate_length(:bio, max: bio_limit) |> validate_length(:name, min: 1, max: name_limit) + |> validate_length(:registration_reason, max: reason_limit) |> maybe_validate_required_email(opts[:external]) |> put_password_hash |> put_ap_id() -- cgit v1.2.3 From f43518eb7433a6c50d635d6536c3fbe3a37ea82b Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 27 Jul 2020 19:19:14 -0500 Subject: Lint, fix test --- lib/pleroma/user.ex | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 913b6afd1..dcf6ebee2 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1553,8 +1553,12 @@ defmodule Pleroma.User do status = account_status(user) case status do - :confirmation_pending -> delete_and_invalidate_cache(user) - :approval_pending -> delete_and_invalidate_cache(user) + :confirmation_pending -> + delete_and_invalidate_cache(user) + + :approval_pending -> + delete_and_invalidate_cache(user) + _ -> user |> change(%{deactivated: true, email: nil}) -- cgit v1.2.3 From f688c8df82b955b50552b3198ddc153a716451c2 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 27 Jul 2020 20:36:31 -0500 Subject: Fix User.registration_reason HTML sanitizing issues --- lib/pleroma/emails/admin_email.ex | 3 ++- lib/pleroma/web/twitter_api/twitter_api.ex | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/emails/admin_email.ex b/lib/pleroma/emails/admin_email.ex index fae7faf00..c27ad1065 100644 --- a/lib/pleroma/emails/admin_email.ex +++ b/lib/pleroma/emails/admin_email.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Emails.AdminEmail do import Swoosh.Email alias Pleroma.Config + alias Pleroma.HTML alias Pleroma.Web.Router.Helpers defp instance_config, do: Config.get(:instance) @@ -86,7 +87,7 @@ defmodule Pleroma.Emails.AdminEmail do def new_unapproved_registration(to, account) do html_body = """

New account for review: @#{account.nickname}

-
#{account.registration_reason}
+
#{HTML.strip_tags(account.registration_reason)}
Visit AdminFE """ diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 424a705dd..2294d9d0d 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do alias Pleroma.Emails.Mailer alias Pleroma.Emails.UserEmail - alias Pleroma.HTML alias Pleroma.Repo alias Pleroma.User alias Pleroma.UserInviteToken @@ -20,7 +19,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do |> Map.put(:nickname, params[:username]) |> Map.put(:name, Map.get(params, :fullname, params[:username])) |> Map.put(:password_confirmation, params[:password]) - |> Map.put(:registration_reason, HTML.strip_tags(params[:reason])) + |> Map.put(:registration_reason, params[:reason]) if Pleroma.Config.get([:instance, :registrations_open]) do create_user(params, opts) -- cgit v1.2.3 From edf8b6abfeba487406db756254a00524e3a9dce2 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 29 Jul 2020 10:53:08 +0200 Subject: EnsureRePrepended: Don't break on chat messages. --- lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex index 2627a0007..3bf70b894 100644 --- a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex +++ b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex @@ -27,7 +27,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do def filter_by_summary(_in_reply_to, child), do: child - def filter(%{"type" => "Create", "object" => child_object} = object) do + def filter(%{"type" => "Create", "object" => child_object} = object) + when is_map(child_object) do child = child_object["inReplyTo"] |> Object.normalize(child_object["inReplyTo"]) -- cgit v1.2.3 From 2e27847573e91946e6777f9aa18b9cf9ccaf820d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 29 Jul 2020 14:02:02 +0200 Subject: feed/user_controller: Return 404 when the user is remote --- lib/pleroma/web/feed/user_controller.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/feed/user_controller.ex b/lib/pleroma/web/feed/user_controller.ex index d56f43818..9cd334a33 100644 --- a/lib/pleroma/web/feed/user_controller.ex +++ b/lib/pleroma/web/feed/user_controller.ex @@ -47,7 +47,7 @@ defmodule Pleroma.Web.Feed.UserController do "atom" end - with {_, %User{} = user} <- {:fetch_user, User.get_cached_by_nickname(nickname)} do + with {_, %User{local: true} = user} <- {:fetch_user, User.get_cached_by_nickname(nickname)} do activities = %{ type: ["Create"], @@ -71,6 +71,7 @@ defmodule Pleroma.Web.Feed.UserController do render_error(conn, :not_found, "Not found") end + def errors(conn, {:fetch_user, %User{local: false}}), do: errors(conn, {:error, :not_found}) def errors(conn, {:fetch_user, nil}), do: errors(conn, {:error, :not_found}) def errors(conn, _) do -- cgit v1.2.3