Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms
This commit is contained in:
commit
0d417e005d
|
@ -123,7 +123,7 @@ def generate_tagged_activities(opts \\ []) do
|
||||||
Enum.each(1..activity_count, fn _ ->
|
Enum.each(1..activity_count, fn _ ->
|
||||||
random = :rand.uniform()
|
random = :rand.uniform()
|
||||||
i = Enum.find_index(intervals, fn {lower, upper} -> lower <= random && upper > random end)
|
i = Enum.find_index(intervals, fn {lower, upper} -> lower <= random && upper > random end)
|
||||||
CommonAPI.post(Enum.random(users), %{"status" => "a post with the tag #tag_#{i}"})
|
CommonAPI.post(Enum.random(users), %{status: "a post with the tag #tag_#{i}"})
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -137,8 +137,8 @@ defp generate_long_thread(visibility, user, friends, non_friends, _opts) do
|
||||||
|
|
||||||
{:ok, activity} =
|
{:ok, activity} =
|
||||||
CommonAPI.post(user, %{
|
CommonAPI.post(user, %{
|
||||||
"status" => "Start of #{visibility} long thread",
|
status: "Start of #{visibility} long thread",
|
||||||
"visibility" => visibility
|
visibility: visibility
|
||||||
})
|
})
|
||||||
|
|
||||||
Agent.update(:benchmark_state, fn state ->
|
Agent.update(:benchmark_state, fn state ->
|
||||||
|
@ -186,7 +186,7 @@ defp insert_activity("simple", visibility, group, user, friends, non_friends, _o
|
||||||
{:ok, _activity} =
|
{:ok, _activity} =
|
||||||
group
|
group
|
||||||
|> get_actor(user, friends, non_friends)
|
|> get_actor(user, friends, non_friends)
|
||||||
|> CommonAPI.post(%{"status" => "Simple status", "visibility" => visibility})
|
|> CommonAPI.post(%{status: "Simple status", visibility: visibility})
|
||||||
end
|
end
|
||||||
|
|
||||||
defp insert_activity("emoji", visibility, group, user, friends, non_friends, _opts) do
|
defp insert_activity("emoji", visibility, group, user, friends, non_friends, _opts) do
|
||||||
|
@ -194,8 +194,8 @@ defp insert_activity("emoji", visibility, group, user, friends, non_friends, _op
|
||||||
group
|
group
|
||||||
|> get_actor(user, friends, non_friends)
|
|> get_actor(user, friends, non_friends)
|
||||||
|> CommonAPI.post(%{
|
|> CommonAPI.post(%{
|
||||||
"status" => "Simple status with emoji :firefox:",
|
status: "Simple status with emoji :firefox:",
|
||||||
"visibility" => visibility
|
visibility: visibility
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -213,8 +213,8 @@ defp insert_activity("mentions", visibility, group, user, friends, non_friends,
|
||||||
group
|
group
|
||||||
|> get_actor(user, friends, non_friends)
|
|> get_actor(user, friends, non_friends)
|
||||||
|> CommonAPI.post(%{
|
|> CommonAPI.post(%{
|
||||||
"status" => Enum.join(user_mentions, ", ") <> " simple status with mentions",
|
status: Enum.join(user_mentions, ", ") <> " simple status with mentions",
|
||||||
"visibility" => visibility
|
visibility: visibility
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -236,8 +236,8 @@ defp insert_activity("hell_thread", visibility, group, user, friends, non_friend
|
||||||
group
|
group
|
||||||
|> get_actor(user, friends, non_friends)
|
|> get_actor(user, friends, non_friends)
|
||||||
|> CommonAPI.post(%{
|
|> CommonAPI.post(%{
|
||||||
"status" => mentions <> " hell thread status",
|
status: mentions <> " hell thread status",
|
||||||
"visibility" => visibility
|
visibility: visibility
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -262,9 +262,9 @@ defp insert_activity("attachment", visibility, group, user, friends, non_friends
|
||||||
|
|
||||||
{:ok, _activity} =
|
{:ok, _activity} =
|
||||||
CommonAPI.post(actor, %{
|
CommonAPI.post(actor, %{
|
||||||
"status" => "Post with attachment",
|
status: "Post with attachment",
|
||||||
"visibility" => visibility,
|
visibility: visibility,
|
||||||
"media_ids" => [object.id]
|
media_ids: [object.id]
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -272,7 +272,7 @@ defp insert_activity("tag", visibility, group, user, friends, non_friends, _opts
|
||||||
{:ok, _activity} =
|
{:ok, _activity} =
|
||||||
group
|
group
|
||||||
|> get_actor(user, friends, non_friends)
|
|> get_actor(user, friends, non_friends)
|
||||||
|> CommonAPI.post(%{"status" => "Status with #tag", "visibility" => visibility})
|
|> CommonAPI.post(%{status: "Status with #tag", visibility: visibility})
|
||||||
end
|
end
|
||||||
|
|
||||||
defp insert_activity("like", visibility, group, user, friends, non_friends, opts) do
|
defp insert_activity("like", visibility, group, user, friends, non_friends, opts) do
|
||||||
|
@ -312,8 +312,7 @@ defp insert_activity("simple_thread", visibility, group, user, friends, non_frie
|
||||||
actor = get_actor(group, user, friends, non_friends)
|
actor = get_actor(group, user, friends, non_friends)
|
||||||
tasks = get_reply_tasks(visibility, group)
|
tasks = get_reply_tasks(visibility, group)
|
||||||
|
|
||||||
{:ok, activity} =
|
{:ok, activity} = CommonAPI.post(user, %{status: "Simple status", visibility: visibility})
|
||||||
CommonAPI.post(user, %{"status" => "Simple status", "visibility" => visibility})
|
|
||||||
|
|
||||||
acc = {activity.id, ["@" <> actor.nickname, "reply to status"]}
|
acc = {activity.id, ["@" <> actor.nickname, "reply to status"]}
|
||||||
insert_replies(tasks, visibility, user, friends, non_friends, acc)
|
insert_replies(tasks, visibility, user, friends, non_friends, acc)
|
||||||
|
@ -336,8 +335,8 @@ defp insert_activity("simple_thread", "direct", group, user, friends, non_friend
|
||||||
|
|
||||||
{:ok, activity} =
|
{:ok, activity} =
|
||||||
CommonAPI.post(actor, %{
|
CommonAPI.post(actor, %{
|
||||||
"status" => Enum.join(data, ", ") <> "simple status",
|
status: Enum.join(data, ", ") <> "simple status",
|
||||||
"visibility" => "direct"
|
visibility: "direct"
|
||||||
})
|
})
|
||||||
|
|
||||||
acc = {activity.id, ["@" <> user.nickname | data] ++ ["reply to status"]}
|
acc = {activity.id, ["@" <> user.nickname | data] ++ ["reply to status"]}
|
||||||
|
@ -527,9 +526,9 @@ defp insert_direct_replies(tasks, user, list, acc) do
|
||||||
defp insert_reply(actor, data, activity_id, visibility) do
|
defp insert_reply(actor, data, activity_id, visibility) do
|
||||||
{:ok, reply} =
|
{:ok, reply} =
|
||||||
CommonAPI.post(actor, %{
|
CommonAPI.post(actor, %{
|
||||||
"status" => Enum.join(data, ", "),
|
status: Enum.join(data, ", "),
|
||||||
"visibility" => visibility,
|
visibility: visibility,
|
||||||
"in_reply_to_status_id" => activity_id
|
in_reply_to_status_id: activity_id
|
||||||
})
|
})
|
||||||
|
|
||||||
{reply.id, ["@" <> actor.nickname | data]}
|
{reply.id, ["@" <> actor.nickname | data]}
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
# Storing Remote Media
|
||||||
|
|
||||||
|
Pleroma does not store remote/federated media by default. The best way to achieve this is to change Nginx to keep its reverse proxy cache
|
||||||
|
for a year and to activate the `MediaProxyWarmingPolicy` MRF policy in Pleroma which will automatically fetch all media through the proxy
|
||||||
|
as soon as the post is received by your instance.
|
||||||
|
|
||||||
|
## Nginx
|
||||||
|
|
||||||
|
```
|
||||||
|
proxy_cache_path /long/term/storage/path/pleroma-media-cache levels=1:2
|
||||||
|
keys_zone=pleroma_media_cache:10m inactive=1y use_temp_path=off;
|
||||||
|
|
||||||
|
location ~ ^/(media|proxy) {
|
||||||
|
proxy_cache pleroma_media_cache;
|
||||||
|
slice 1m;
|
||||||
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||||
|
proxy_set_header Range $slice_range;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_cache_valid 206 301 302 304 1h;
|
||||||
|
proxy_cache_valid 200 1y;
|
||||||
|
proxy_cache_use_stale error timeout invalid_header updating;
|
||||||
|
proxy_ignore_client_abort on;
|
||||||
|
proxy_buffering on;
|
||||||
|
chunked_transfer_encoding on;
|
||||||
|
proxy_ignore_headers Cache-Control Expires;
|
||||||
|
proxy_hide_header Cache-Control Expires;
|
||||||
|
proxy_pass http://127.0.0.1:4000;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Pleroma
|
||||||
|
|
||||||
|
Add to your `prod.secret.exs`:
|
||||||
|
|
||||||
|
```
|
||||||
|
config :pleroma, :instance,
|
||||||
|
rewrite_policy: [Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy]
|
||||||
|
```
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.MFA do
|
defmodule Pleroma.MFA do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.MFA.BackupCodes do
|
defmodule Pleroma.MFA.BackupCodes do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.MFA.Changeset do
|
defmodule Pleroma.MFA.Changeset do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.MFA.Settings do
|
defmodule Pleroma.MFA.Settings do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.MFA.Token do
|
defmodule Pleroma.MFA.Token do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.MFA.TOTP do
|
defmodule Pleroma.MFA.TOTP do
|
||||||
|
|
|
@ -138,12 +138,17 @@ def normalize(ap_id, true, options) when is_binary(ap_id) do
|
||||||
|
|
||||||
def normalize(_, _, _), do: nil
|
def normalize(_, _, _), do: nil
|
||||||
|
|
||||||
# Owned objects can only be mutated by their owner
|
# Owned objects can only be accessed by their owner
|
||||||
def authorize_mutation(%Object{data: %{"actor" => actor}}, %User{ap_id: ap_id}),
|
def authorize_access(%Object{data: %{"actor" => actor}}, %User{ap_id: ap_id}) do
|
||||||
do: actor == ap_id
|
if actor == ap_id do
|
||||||
|
:ok
|
||||||
|
else
|
||||||
|
{:error, :forbidden}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# Legacy objects can be mutated by anybody
|
# Legacy objects can be accessed by anybody
|
||||||
def authorize_mutation(%Object{}, %User{}), do: true
|
def authorize_access(%Object{}, %User{}), do: :ok
|
||||||
|
|
||||||
@spec get_cached_by_ap_id(String.t()) :: Object.t() | nil
|
@spec get_cached_by_ap_id(String.t()) :: Object.t() | nil
|
||||||
def get_cached_by_ap_id(ap_id) do
|
def get_cached_by_ap_id(ap_id) do
|
||||||
|
|
|
@ -30,6 +30,25 @@ def checkpw(_password, _password_hash) do
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do
|
||||||
|
do_update_password(user, password)
|
||||||
|
end
|
||||||
|
|
||||||
|
def maybe_update_password(%User{password_hash: "$6" <> _} = user, password) do
|
||||||
|
do_update_password(user, password)
|
||||||
|
end
|
||||||
|
|
||||||
|
def maybe_update_password(user, _), do: {:ok, user}
|
||||||
|
|
||||||
|
defp do_update_password(user, password) do
|
||||||
|
user
|
||||||
|
|> User.password_update_changeset(%{
|
||||||
|
"password" => password,
|
||||||
|
"password_confirmation" => password
|
||||||
|
})
|
||||||
|
|> Pleroma.Repo.update()
|
||||||
|
end
|
||||||
|
|
||||||
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
||||||
|
|
||||||
def call(
|
def call(
|
||||||
|
@ -42,6 +61,8 @@ def call(
|
||||||
_
|
_
|
||||||
) do
|
) do
|
||||||
if checkpw(password, password_hash) do
|
if checkpw(password, password_hash) do
|
||||||
|
{:ok, auth_user} = maybe_update_password(auth_user, password)
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> assign(:user, auth_user)
|
|> assign(:user, auth_user)
|
||||||
|> OAuthScopesPlug.skip_plug()
|
|> OAuthScopesPlug.skip_plug()
|
||||||
|
|
|
@ -43,7 +43,7 @@ def direct_operation do
|
||||||
description:
|
description:
|
||||||
"View statuses with a “direct” privacy, from your account or in your notifications",
|
"View statuses with a “direct” privacy, from your account or in your notifications",
|
||||||
deprecated: true,
|
deprecated: true,
|
||||||
parameters: pagination_params(),
|
parameters: [with_muted_param() | pagination_params()],
|
||||||
security: [%{"oAuth" => ["read:statuses"]}],
|
security: [%{"oAuth" => ["read:statuses"]}],
|
||||||
operationId: "TimelineController.direct",
|
operationId: "TimelineController.direct",
|
||||||
responses: %{
|
responses: %{
|
||||||
|
|
|
@ -16,7 +16,8 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
|
||||||
def get_user(%Plug.Conn{} = conn) do
|
def get_user(%Plug.Conn{} = conn) do
|
||||||
with {:ok, {name, password}} <- fetch_credentials(conn),
|
with {:ok, {name, password}} <- fetch_credentials(conn),
|
||||||
{_, %User{} = user} <- {:user, fetch_user(name)},
|
{_, %User{} = user} <- {:user, fetch_user(name)},
|
||||||
{_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)} do
|
{_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)},
|
||||||
|
{:ok, user} <- AuthenticationPlug.maybe_update_password(user, password) do
|
||||||
{:ok, user}
|
{:ok, user}
|
||||||
else
|
else
|
||||||
{:error, _reason} = error -> error
|
{:error, _reason} = error -> error
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.Auth.TOTPAuthenticator do
|
defmodule Pleroma.Web.Auth.TOTPAuthenticator do
|
||||||
|
|
|
@ -20,6 +20,10 @@ def call(conn, {:error, :not_found}) do
|
||||||
render_error(conn, :not_found, "Record not found")
|
render_error(conn, :not_found, "Record not found")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def call(conn, {:error, :forbidden}) do
|
||||||
|
render_error(conn, :forbidden, "Access denied")
|
||||||
|
end
|
||||||
|
|
||||||
def call(conn, {:error, error_message}) do
|
def call(conn, {:error, error_message}) do
|
||||||
conn
|
conn
|
||||||
|> put_status(:bad_request)
|
|> put_status(:bad_request)
|
||||||
|
|
|
@ -14,7 +14,8 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
|
||||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||||
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
|
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:media"]})
|
plug(OAuthScopesPlug, %{scopes: ["read:media"]} when action == :show)
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action != :show)
|
||||||
|
|
||||||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.MediaOperation
|
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.MediaOperation
|
||||||
|
|
||||||
|
@ -55,7 +56,7 @@ def create2(_conn, _data), do: {:error, :bad_request}
|
||||||
@doc "PUT /api/v1/media/:id"
|
@doc "PUT /api/v1/media/:id"
|
||||||
def update(%{assigns: %{user: user}, body_params: %{description: description}} = conn, %{id: id}) do
|
def update(%{assigns: %{user: user}, body_params: %{description: description}} = conn, %{id: id}) do
|
||||||
with %Object{} = object <- Object.get_by_id(id),
|
with %Object{} = object <- Object.get_by_id(id),
|
||||||
true <- Object.authorize_mutation(object, user),
|
:ok <- Object.authorize_access(object, user),
|
||||||
{:ok, %Object{data: data}} <- Object.update_data(object, %{"name" => description}) do
|
{:ok, %Object{data: data}} <- Object.update_data(object, %{"name" => description}) do
|
||||||
attachment_data = Map.put(data, "id", object.id)
|
attachment_data = Map.put(data, "id", object.id)
|
||||||
|
|
||||||
|
@ -66,13 +67,14 @@ def update(%{assigns: %{user: user}, body_params: %{description: description}} =
|
||||||
def update(conn, data), do: show(conn, data)
|
def update(conn, data), do: show(conn, data)
|
||||||
|
|
||||||
@doc "GET /api/v1/media/:id"
|
@doc "GET /api/v1/media/:id"
|
||||||
def show(conn, %{id: id}) do
|
def show(%{assigns: %{user: user}} = conn, %{id: id}) do
|
||||||
with %Object{data: data, id: object_id} <- Object.get_by_id(id) do
|
with %Object{data: data, id: object_id} = object <- Object.get_by_id(id),
|
||||||
|
:ok <- Object.authorize_access(object, user) do
|
||||||
attachment_data = Map.put(data, "id", object_id)
|
attachment_data = Map.put(data, "id", object_id)
|
||||||
|
|
||||||
render(conn, "attachment.json", %{attachment: attachment_data})
|
render(conn, "attachment.json", %{attachment: attachment_data})
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_media(_conn, _data), do: {:error, :bad_request}
|
def show(_conn, _data), do: {:error, :bad_request}
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.OAuth.MFAController do
|
defmodule Pleroma.Web.OAuth.MFAController do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.OAuth.MFAView do
|
defmodule Pleroma.Web.OAuth.MFAView do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.OAuth.Token.CleanWorker do
|
defmodule Pleroma.Web.OAuth.Token.CleanWorker do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do
|
defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do
|
||||||
|
|
|
@ -11,6 +11,7 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
import ExUnit.CaptureLog
|
import ExUnit.CaptureLog
|
||||||
|
import Pleroma.Factory
|
||||||
|
|
||||||
setup %{conn: conn} do
|
setup %{conn: conn} do
|
||||||
user = %User{
|
user = %User{
|
||||||
|
@ -50,16 +51,41 @@ test "with a correct password in the credentials, " <>
|
||||||
assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
|
assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "with a wrong password in the credentials, it does nothing", %{conn: conn} do
|
test "with a bcrypt hash, it updates to a pkbdf2 hash", %{conn: conn} do
|
||||||
|
user = insert(:user, password_hash: Bcrypt.hash_pwd_salt("123"))
|
||||||
|
assert "$2" <> _ = user.password_hash
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
||||||
|> assign(:auth_credentials, %{password: "wrong"})
|
|> assign(:auth_user, user)
|
||||||
|
|> assign(:auth_credentials, %{password: "123"})
|
||||||
ret_conn =
|
|
||||||
conn
|
|
||||||
|> AuthenticationPlug.call(%{})
|
|> AuthenticationPlug.call(%{})
|
||||||
|
|
||||||
assert conn == ret_conn
|
assert conn.assigns.user.id == conn.assigns.auth_user.id
|
||||||
|
assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
|
||||||
|
|
||||||
|
user = User.get_by_id(user.id)
|
||||||
|
assert "$pbkdf2" <> _ = user.password_hash
|
||||||
|
end
|
||||||
|
|
||||||
|
test "with a crypt hash, it updates to a pkbdf2 hash", %{conn: conn} do
|
||||||
|
user =
|
||||||
|
insert(:user,
|
||||||
|
password_hash:
|
||||||
|
"$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
|
||||||
|
)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:auth_user, user)
|
||||||
|
|> assign(:auth_credentials, %{password: "password"})
|
||||||
|
|> AuthenticationPlug.call(%{})
|
||||||
|
|
||||||
|
assert conn.assigns.user.id == conn.assigns.auth_user.id
|
||||||
|
assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
|
||||||
|
|
||||||
|
user = User.get_by_id(user.id)
|
||||||
|
assert "$pbkdf2" <> _ = user.password_hash
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "checkpw/2" do
|
describe "checkpw/2" do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
|
defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
|
||||||
|
@ -15,11 +15,16 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
|
||||||
{:ok, [user: user, name: name, password: password]}
|
{:ok, [user: user, name: name, password: password]}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "get_user/authorization", %{user: user, name: name, password: password} do
|
test "get_user/authorization", %{name: name, password: password} do
|
||||||
|
name = name <> "1"
|
||||||
|
user = insert(:user, nickname: name, password_hash: Bcrypt.hash_pwd_salt(password))
|
||||||
|
|
||||||
params = %{"authorization" => %{"name" => name, "password" => password}}
|
params = %{"authorization" => %{"name" => name, "password" => password}}
|
||||||
res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
|
res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
|
||||||
|
|
||||||
assert {:ok, user} == res
|
assert {:ok, returned_user} = res
|
||||||
|
assert returned_user.id == user.id
|
||||||
|
assert "$pbkdf2" <> _ = returned_user.password_hash
|
||||||
end
|
end
|
||||||
|
|
||||||
test "get_user/authorization with invalid password", %{name: name} do
|
test "get_user/authorization with invalid password", %{name: name} do
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Pleroma: A lightweight social networking server
|
# Pleroma: A lightweight social networking server
|
||||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
|
defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
|
||||||
|
|
|
@ -9,9 +9,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
|
|
||||||
setup do: oauth_access(["write:media"])
|
|
||||||
|
|
||||||
describe "Upload media" do
|
describe "Upload media" do
|
||||||
|
setup do: oauth_access(["write:media"])
|
||||||
|
|
||||||
setup do
|
setup do
|
||||||
image = %Plug.Upload{
|
image = %Plug.Upload{
|
||||||
content_type: "image/jpg",
|
content_type: "image/jpg",
|
||||||
|
@ -42,7 +42,7 @@ test "/api/v1/media", %{conn: conn, image: image} do
|
||||||
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
|
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "/api/v2/media", %{conn: conn, image: image} do
|
test "/api/v2/media", %{conn: conn, user: user, image: image} do
|
||||||
desc = "Description of the image"
|
desc = "Description of the image"
|
||||||
|
|
||||||
response =
|
response =
|
||||||
|
@ -53,6 +53,8 @@ test "/api/v2/media", %{conn: conn, image: image} do
|
||||||
|
|
||||||
assert media_id = response["id"]
|
assert media_id = response["id"]
|
||||||
|
|
||||||
|
%{conn: conn} = oauth_access(["read:media"], user: user)
|
||||||
|
|
||||||
media =
|
media =
|
||||||
conn
|
conn
|
||||||
|> get("/api/v1/media/#{media_id}")
|
|> get("/api/v1/media/#{media_id}")
|
||||||
|
@ -61,12 +63,15 @@ test "/api/v2/media", %{conn: conn, image: image} do
|
||||||
assert media["type"] == "image"
|
assert media["type"] == "image"
|
||||||
assert media["description"] == desc
|
assert media["description"] == desc
|
||||||
assert media["id"]
|
assert media["id"]
|
||||||
|
|
||||||
object = Object.get_by_id(media["id"])
|
object = Object.get_by_id(media["id"])
|
||||||
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
|
assert object.data["actor"] == user.ap_id
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "Update media description" do
|
describe "Update media description" do
|
||||||
|
setup do: oauth_access(["write:media"])
|
||||||
|
|
||||||
setup %{user: actor} do
|
setup %{user: actor} do
|
||||||
file = %Plug.Upload{
|
file = %Plug.Upload{
|
||||||
content_type: "image/jpg",
|
content_type: "image/jpg",
|
||||||
|
@ -96,7 +101,9 @@ test "/api/v1/media/:id good request", %{conn: conn, object: object} do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "Get media by id" do
|
describe "Get media by id (/api/v1/media/:id)" do
|
||||||
|
setup do: oauth_access(["read:media"])
|
||||||
|
|
||||||
setup %{user: actor} do
|
setup %{user: actor} do
|
||||||
file = %Plug.Upload{
|
file = %Plug.Upload{
|
||||||
content_type: "image/jpg",
|
content_type: "image/jpg",
|
||||||
|
@ -114,7 +121,7 @@ test "/api/v1/media/:id good request", %{conn: conn, object: object} do
|
||||||
[object: object]
|
[object: object]
|
||||||
end
|
end
|
||||||
|
|
||||||
test "/api/v1/media/:id", %{conn: conn, object: object} do
|
test "it returns media object when requested by owner", %{conn: conn, object: object} do
|
||||||
media =
|
media =
|
||||||
conn
|
conn
|
||||||
|> get("/api/v1/media/#{object.id}")
|
|> get("/api/v1/media/#{object.id}")
|
||||||
|
@ -124,5 +131,16 @@ test "/api/v1/media/:id", %{conn: conn, object: object} do
|
||||||
assert media["type"] == "image"
|
assert media["type"] == "image"
|
||||||
assert media["id"]
|
assert media["id"]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do
|
||||||
|
%{conn: conn, user: other_user} = oauth_access(["read:media"])
|
||||||
|
|
||||||
|
assert object.data["actor"] == user.ap_id
|
||||||
|
refute user.id == other_user.id
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> get("/api/v1/media/#{object.id}")
|
||||||
|
|> json_response(403)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue