From 896e40cd2bbd064548a1a9cb730f79d793e6d6f5 Mon Sep 17 00:00:00 2001 From: dtluna Date: Mon, 10 Apr 2017 16:38:21 +0300 Subject: [PATCH 01/10] Add following using screen_name parameter --- lib/pleroma/web/twitter_api/twitter_api.ex | 16 +++++++++++++++- .../web/twitter_api/twitter_api_controller.ex | 4 ++-- test/web/twitter_api/twitter_api_test.exs | 17 +++++++++++++++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 0a942e880..f6793cc21 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -101,7 +101,7 @@ def fetch_status(user, id) do end end - def follow(%User{} = follower, followed_id) do + def follow(%User{} = follower, %{ "user_id" => followed_id }) do with %User{} = followed <- Repo.get(User, followed_id), { :ok, follower } <- User.follow(follower, followed), { :ok, activity } <- ActivityPub.insert(%{ @@ -115,6 +115,20 @@ def follow(%User{} = follower, followed_id) do end end + def follow(%User{} = follower, %{ "screen_name" => followed_name }) do + with %User{} = followed <- Repo.get_by(User, nickname: followed_name), + { :ok, follower } <- User.follow(follower, followed), + { :ok, activity } <- ActivityPub.insert(%{ + "type" => "Follow", + "actor" => follower.ap_id, + "object" => followed.ap_id, + "published" => make_date() + }) + do + { :ok, follower, followed, activity } + end + end + def unfollow(%User{} = follower, followed_id) do with %User{} = followed <- Repo.get(User, followed_id), { :ok, follower } <- User.unfollow(follower, followed) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index f2c893e96..dc53e09ec 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -43,8 +43,8 @@ def friends_timeline(%{assigns: %{user: user}} = conn, params) do |> json_reply(200, json) end - def follow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do - { :ok, _user, follower, _activity } = TwitterAPI.follow(user, followed_id) + def follow(%{assigns: %{user: user}} = conn, params) do + { :ok, _user, follower, _activity } = TwitterAPI.follow(user, params) response = follower |> UserRepresenter.to_json(%{for: user}) diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index ad932131a..65d7b0ca8 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -103,11 +103,24 @@ test "fetch a single status" do assert status == ActivityRepresenter.to_map(activity, %{for: user, user: actor}) end - test "Follow another user" do + test "Follow another user using user_id" do { :ok, user } = UserBuilder.insert { :ok, following } = UserBuilder.insert(%{nickname: "guy"}) - {:ok, user, following, activity } = TwitterAPI.follow(user, following.id) + {:ok, user, following, activity } = TwitterAPI.follow(user, %{"user_id" => following.id}) + + user = Repo.get(User, user.id) + follow = Repo.get(Activity, activity.id) + + assert user.following == [User.ap_followers(following)] + assert follow == activity + end + + test "Follow another user using screen_name" do + { :ok, user } = UserBuilder.insert + { :ok, following } = UserBuilder.insert(%{nickname: "guy"}) + + {:ok, user, following, activity } = TwitterAPI.follow(user, %{"screen_name" => following.nickname}) user = Repo.get(User, user.id) follow = Repo.get(Activity, activity.id) From c0e5b3459fa7c53abf6969584b3298184e0094bd Mon Sep 17 00:00:00 2001 From: dtluna Date: Mon, 10 Apr 2017 16:45:47 +0300 Subject: [PATCH 02/10] Add unfollowing using screen_name parameter --- lib/pleroma/web/twitter_api/twitter_api.ex | 10 +++++++++- .../web/twitter_api/twitter_api_controller.ex | 4 ++-- test/web/twitter_api/twitter_api_test.exs | 15 +++++++++++++-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 0a942e880..897adf5ee 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -115,7 +115,7 @@ def follow(%User{} = follower, followed_id) do end end - def unfollow(%User{} = follower, followed_id) do + def unfollow(%User{} = follower, %{ "user_id" => followed_id }) do with %User{} = followed <- Repo.get(User, followed_id), { :ok, follower } <- User.unfollow(follower, followed) do @@ -123,6 +123,14 @@ def unfollow(%User{} = follower, followed_id) do end end + def unfollow(%User{} = follower, %{ "screen_name" => followed_name }) do + with %User{} = followed <- Repo.get_by(User, nickname: followed_name), + { :ok, follower } <- User.unfollow(follower, followed) + do + { :ok, follower, followed } + end + end + def upload(%Plug.Upload{} = file) do {:ok, object} = ActivityPub.upload(file) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index f2c893e96..835461af0 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -52,8 +52,8 @@ def follow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do |> json_reply(200, response) end - def unfollow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do - { :ok, user, follower } = TwitterAPI.unfollow(user, followed_id) + def unfollow(%{assigns: %{user: user}} = conn, params) do + { :ok, user, follower } = TwitterAPI.unfollow(user, params) response = follower |> UserRepresenter.to_json(%{for: user}) diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index ad932131a..7bce7806e 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -116,11 +116,22 @@ test "Follow another user" do assert follow == activity end - test "Unfollow another user" do + test "Unfollow another user using user_id" do { :ok, following } = UserBuilder.insert(%{nickname: "guy"}) { :ok, user } = UserBuilder.insert(%{following: [User.ap_followers(following)]}) - {:ok, user, _following } = TwitterAPI.unfollow(user, following.id) + {:ok, user, _following } = TwitterAPI.unfollow(user, %{"user_id" => following.id}) + + user = Repo.get(User, user.id) + + assert user.following == [] + end + + test "Unfollow another user using screen_name" do + { :ok, following } = UserBuilder.insert(%{nickname: "guy"}) + { :ok, user } = UserBuilder.insert(%{following: [User.ap_followers(following)]}) + + {:ok, user, _following } = TwitterAPI.unfollow(user, %{"screen_name" => following.nickname}) user = Repo.get(User, user.id) From 594dd01ab2864482d8c1cdb0153d7b4b0972b3b4 Mon Sep 17 00:00:00 2001 From: dtluna Date: Thu, 13 Apr 2017 15:32:13 +0300 Subject: [PATCH 03/10] Refactor follow API --- lib/pleroma/web/twitter_api/twitter_api.ex | 27 ++++++++----------- .../web/twitter_api/twitter_api_controller.ex | 8 +++--- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 425ff4ad2..1456aea0b 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -101,8 +101,8 @@ def fetch_status(user, id) do end end - def follow(%User{} = follower, %{ "user_id" => followed_id }) do - with %User{} = followed <- Repo.get(User, followed_id), + def follow(%User{} = follower, params) do + with %User{} = followed <- get_user(params), { :ok, follower } <- User.follow(follower, followed), { :ok, activity } <- ActivityPub.insert(%{ "type" => "Follow", @@ -115,20 +115,6 @@ def follow(%User{} = follower, %{ "user_id" => followed_id }) do end end - def follow(%User{} = follower, %{ "screen_name" => followed_name }) do - with %User{} = followed <- Repo.get_by(User, nickname: followed_name), - { :ok, follower } <- User.follow(follower, followed), - { :ok, activity } <- ActivityPub.insert(%{ - "type" => "Follow", - "actor" => follower.ap_id, - "object" => followed.ap_id, - "published" => make_date() - }) - do - { :ok, follower, followed, activity } - end - end - def unfollow(%User{} = follower, followed_id) do with %User{} = followed <- Repo.get(User, followed_id), { :ok, follower } <- User.unfollow(follower, followed) @@ -202,4 +188,13 @@ defp activity_to_status(activity, opts) do defp make_date do DateTime.utc_now() |> DateTime.to_iso8601 end + + defp get_user(params) do + case params do + %{ "user_id" => user_id } -> + Repo.get(User, user_id) + %{ "screen_name" => nickname } -> + Repo.get_by(User, nickname: nickname) + end + end end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 6d4172dfe..b5e52807e 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -44,18 +44,18 @@ def friends_timeline(%{assigns: %{user: user}} = conn, params) do end def follow(%{assigns: %{user: user}} = conn, params) do - { :ok, _user, follower, _activity } = TwitterAPI.follow(user, params) + { :ok, user, followed, _activity } = TwitterAPI.follow(user, params) - response = follower |> UserRepresenter.to_json(%{for: user}) + response = followed |> UserRepresenter.to_json(%{for: user}) conn |> json_reply(200, response) end def unfollow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do - { :ok, user, follower } = TwitterAPI.unfollow(user, followed_id) + { :ok, user, followed } = TwitterAPI.unfollow(user, followed_id) - response = follower |> UserRepresenter.to_json(%{for: user}) + response = followed |> UserRepresenter.to_json(%{for: user}) conn |> json_reply(200, response) From f6e632d25b726048a9a8ad3abfa1e4adef418966 Mon Sep 17 00:00:00 2001 From: dtluna Date: Sun, 16 Apr 2017 17:39:34 +0300 Subject: [PATCH 04/10] Remove unnecesary asserts --- test/web/twitter_api/twitter_api_test.exs | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 67b47163d..eda1c8c1c 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -122,7 +122,6 @@ test "Follow another user using user_id" do follow = Repo.get(Activity, activity.id) assert user.following == [User.ap_followers(following)] - assert follow == activity end test "Follow another user using screen_name" do @@ -135,7 +134,6 @@ test "Follow another user using screen_name" do follow = Repo.get(Activity, activity.id) assert user.following == [User.ap_followers(following)] - assert follow == activity end test "Unfollow another user" do From 369be708b2126e15fd870977810b3e71514d9979 Mon Sep 17 00:00:00 2001 From: dtluna Date: Sun, 16 Apr 2017 17:41:30 +0300 Subject: [PATCH 05/10] Remove unnecesary queries --- test/web/twitter_api/twitter_api_test.exs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index eda1c8c1c..4993da3ed 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -118,9 +118,6 @@ test "Follow another user using user_id" do {:ok, user, following, activity } = TwitterAPI.follow(user, %{"user_id" => following.id}) - user = Repo.get(User, user.id) - follow = Repo.get(Activity, activity.id) - assert user.following == [User.ap_followers(following)] end @@ -130,9 +127,6 @@ test "Follow another user using screen_name" do {:ok, user, following, activity } = TwitterAPI.follow(user, %{"screen_name" => following.nickname}) - user = Repo.get(User, user.id) - follow = Repo.get(Activity, activity.id) - assert user.following == [User.ap_followers(following)] end From b248fc7dfb8c0d3b42a75225d4ad5489c51b5103 Mon Sep 17 00:00:00 2001 From: dtluna Date: Thu, 20 Apr 2017 10:57:37 +0300 Subject: [PATCH 06/10] Refactor unfollow/2 --- lib/pleroma/web/twitter_api/twitter_api.ex | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 32d38b276..912467dee 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -124,24 +124,16 @@ def follow(%User{} = follower, params) do end end - def unfollow(%User{} = follower, %{ "user_id" => followed_id }) do - with %User{} = followed <- Repo.get(User, followed_id), - { :ok, follower } <- User.unfollow(follower, followed) + def unfollow(%User{} = follower, params) do + with { :ok, %User{} = unfollowed } <- get_user(params), + { :ok, follower } <- User.unfollow(follower, unfollowed) do - { :ok, follower, followed } + { :ok, follower, unfollowed} else err -> err end end - def unfollow(%User{} = follower, %{ "screen_name" => followed_name }) do - with %User{} = followed <- Repo.get_by(User, nickname: followed_name), - { :ok, follower } <- User.unfollow(follower, followed) - do - { :ok, follower, followed } - end - end - def favorite(%User{} = user, %Activity{data: %{"object" => object}} = activity) do object = Object.get_by_ap_id(object["id"]) From 1e3791877caa15cc6ef5873c747a4a466ba6cbd4 Mon Sep 17 00:00:00 2001 From: dtluna Date: Sun, 23 Apr 2017 19:08:25 +0300 Subject: [PATCH 07/10] Add error response on empty status --- .../web/twitter_api/twitter_api_controller.ex | 24 +++++++++++++++---- .../twitter_api_controller_test.exs | 16 +++++++++---- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 8ea54852d..2ea45603a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -12,13 +12,25 @@ def verify_credentials(%{assigns: %{user: user}} = conn, _params) do |> json_reply(200, response) end - def status_update(%{assigns: %{user: user}} = conn, status_data) do + def status_update(conn, %{"status" => ""} = _status_data) do + empty_status_reply(conn) + end + + def status_update(%{assigns: %{user: user}} = conn, %{"status" => _status_text} = status_data) do media_ids = extract_media_ids(status_data) {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) conn |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) end + def status_update(conn, _status_data) do + empty_status_reply(conn) + end + + defp empty_status_reply(conn) do + bad_request_reply(conn, "Client must provide a 'status' parameter with a value.") + end + defp extract_media_ids(status_data) do with media_ids when not is_nil(media_ids) <- status_data["media_ids"], split_ids <- String.split(media_ids, ","), @@ -183,7 +195,7 @@ def update_avatar(%{assigns: %{user: user}} = conn, params) do end defp bad_request_reply(conn, error_message) do - json = Poison.encode!(%{"error" => error_message}) + json = error_json(conn, error_message) json_reply(conn, 400, json) end @@ -194,9 +206,11 @@ defp json_reply(conn, status, json) do end defp forbidden_json_reply(conn, error_message) do - json = %{"error" => error_message, "request" => conn.request_path} - |> Poison.encode! - + json = error_json(conn, error_message) json_reply(conn, 403, json) end + + defp error_json(conn, error_message) do + %{"error" => error_message, "request" => conn.request_path} |> Poison.encode! + end end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 0761d0566..0bd27c8c7 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -31,10 +31,18 @@ test "without valid credentials", %{conn: conn} do end test "with credentials", %{conn: conn, user: user} do - conn = conn - |> with_credentials(user.nickname, "test") - |> post("/api/statuses/update.json", %{ status: "Nice meme." }) + conn_with_creds = conn |> with_credentials(user.nickname, "test") + request_path = "/api/statuses/update.json" + error_response = %{"request" => request_path, + "error" => "Client must provide a 'status' parameter with a value."} + conn = conn_with_creds |> post(request_path) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: "" }) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: "Nice meme." }) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) end end @@ -139,7 +147,7 @@ test "with credentials", %{conn: conn, user: current_user} do setup [:valid_user] test "without any params", %{conn: conn} do conn = get(conn, "/api/statuses/user_timeline.json") - assert json_response(conn, 400) == %{"error" => "You need to specify screen_name or user_id"} + assert json_response(conn, 400) == %{"error" => "You need to specify screen_name or user_id", "request" => "/api/statuses/user_timeline.json"} end test "with user_id", %{conn: conn} do From 5b6070ec404f83055db8c9be083b6d3a2a30df75 Mon Sep 17 00:00:00 2001 From: dtluna Date: Mon, 24 Apr 2017 12:09:11 +0300 Subject: [PATCH 08/10] Deny whitespace statuses --- .../web/twitter_api/twitter_api_controller.ex | 14 +++++++++----- .../twitter_api/twitter_api_controller_test.exs | 3 +++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 2ea45603a..4740c3a4c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -16,11 +16,15 @@ def status_update(conn, %{"status" => ""} = _status_data) do empty_status_reply(conn) end - def status_update(%{assigns: %{user: user}} = conn, %{"status" => _status_text} = status_data) do - media_ids = extract_media_ids(status_data) - {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) - conn - |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) + def status_update(%{assigns: %{user: user}} = conn, %{"status" => status_text} = status_data) do + if status_text |> String.trim |> String.length != 0 do + media_ids = extract_media_ids(status_data) + {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) + conn + |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) + else + empty_status_reply(conn) + end end def status_update(conn, _status_data) do diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 0bd27c8c7..766268ce9 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -42,6 +42,9 @@ test "with credentials", %{conn: conn, user: user} do conn = conn_with_creds |> post(request_path, %{ status: "" }) assert json_response(conn, 400) == error_response + conn = conn_with_creds |> post(request_path, %{ status: " " }) + assert json_response(conn, 400) == error_response + conn = conn_with_creds |> post(request_path, %{ status: "Nice meme." }) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) end From 668b01da0b9f339aabedaae424023e60a38c2529 Mon Sep 17 00:00:00 2001 From: dtluna Date: Mon, 24 Apr 2017 15:33:27 +0300 Subject: [PATCH 09/10] Add restriction on names --- lib/pleroma/user.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 3ce07d510..5e579dc44 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -63,6 +63,7 @@ def register_changeset(struct, params \\ %{}) do |> validate_confirmation(:password) |> unique_constraint(:email) |> unique_constraint(:nickname) + |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/) if changeset.valid? do hashed = Comeonin.Pbkdf2.hashpwsalt(changeset.changes[:password]) From a25adfbfeedb049f44bb05275ce1040ed00a4ad2 Mon Sep 17 00:00:00 2001 From: Roger Braun Date: Tue, 25 Apr 2017 11:33:32 +0200 Subject: [PATCH 10/10] Remove superflous function. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index f80b66858..d9ff7e530 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -12,10 +12,6 @@ def verify_credentials(%{assigns: %{user: user}} = conn, _params) do |> json_reply(200, response) end - def status_update(conn, %{"status" => ""} = _status_data) do - empty_status_reply(conn) - end - def status_update(%{assigns: %{user: user}} = conn, %{"status" => status_text} = status_data) do if status_text |> String.trim |> String.length != 0 do media_ids = extract_media_ids(status_data)