From e7837bc14e3fd539837802bca0c2ed05e2178ea5 Mon Sep 17 00:00:00 2001
From: feld <feld@feld.me>
Date: Wed, 11 Mar 2020 16:53:05 +0000
Subject: Merge branch 'fix/signup-without-email' into 'develop'

Allow account registration without an email

See merge request pleroma/pleroma!2246
---
 .../controllers/account_controller_test.exs        | 52 +++++++++++++++++++++-
 1 file changed, 51 insertions(+), 1 deletion(-)

(limited to 'test/web/mastodon_api/controllers/account_controller_test.exs')

diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index 57d0f4416..7f7d8cea3 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -601,6 +601,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       [valid_params: valid_params]
     end
 
+    clear_config([:instance, :account_activation_required])
+
     test "Account registration via Application", %{conn: conn} do
       conn =
         post(conn, "/api/v1/apps", %{
@@ -685,7 +687,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert json_response(res, 200)
 
       [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
-      |> Stream.zip(valid_params)
+      |> Stream.zip(Map.delete(valid_params, :email))
       |> Enum.each(fn {ip, {attr, _}} ->
         res =
           conn
@@ -697,6 +699,54 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       end)
     end
 
+    clear_config([:instance, :account_activation_required])
+
+    test "returns bad_request if missing email params when :account_activation_required is enabled",
+         %{conn: conn, valid_params: valid_params} do
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+
+      app_token = insert(:oauth_token, user: nil)
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 5})
+        |> post("/api/v1/accounts", Map.delete(valid_params, :email))
+
+      assert json_response(res, 400) == %{"error" => "Missing parameters"}
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 6})
+        |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
+
+      assert json_response(res, 400) == %{"error" => "{\"email\":[\"can't be blank\"]}"}
+    end
+
+    test "allow registration without an email", %{conn: conn, valid_params: valid_params} do
+      app_token = insert(:oauth_token, user: nil)
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 7})
+        |> post("/api/v1/accounts", Map.delete(valid_params, :email))
+
+      assert json_response(res, 200)
+    end
+
+    test "allow registration with an empty email", %{conn: conn, valid_params: valid_params} do
+      app_token = insert(:oauth_token, user: nil)
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 8})
+        |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
+
+      assert json_response(res, 200)
+    end
+
     test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
       conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
 
-- 
cgit v1.2.3


From c46d035f7bc79f451c8b2356f3b809c29684cfe4 Mon Sep 17 00:00:00 2001
From: rinpatch <rinpatch@sdf.org>
Date: Fri, 13 Mar 2020 21:15:42 +0300
Subject: rate limiter: disable based on if remote ip was found, not on if the
 plug was enabled

The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable  when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.

Also closes #1620
---
 test/web/mastodon_api/controllers/account_controller_test.exs | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'test/web/mastodon_api/controllers/account_controller_test.exs')

diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index 7f7d8cea3..7efccd9c4 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -756,10 +756,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   end
 
   describe "create account by app / rate limit" do
-    clear_config([Pleroma.Plugs.RemoteIp, :enabled]) do
-      Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
-    end
-
     clear_config([:rate_limit, :app_account_creation]) do
       Pleroma.Config.put([:rate_limit, :app_account_creation], {10_000, 2})
     end
-- 
cgit v1.2.3