1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.User do
8 import Ecto.{Changeset, Query}
9 alias Pleroma.{Repo, User, Object, Web, Activity, Notification}
11 alias Pleroma.Formatter
12 alias Pleroma.Web.CommonAPI.Utils, as: CommonUtils
13 alias Pleroma.Web.{OStatus, Websub, OAuth}
14 alias Pleroma.Web.ActivityPub.{Utils, ActivityPub}
18 @type t :: %__MODULE__{}
20 @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
22 @strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/
23 @extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/
27 field(:email, :string)
29 field(:nickname, :string)
30 field(:password_hash, :string)
31 field(:password, :string, virtual: true)
32 field(:password_confirmation, :string, virtual: true)
33 field(:following, {:array, :string}, default: [])
34 field(:ap_id, :string)
36 field(:local, :boolean, default: true)
37 field(:follower_address, :string)
38 field(:search_distance, :float, virtual: true)
39 field(:tags, {:array, :string}, default: [])
40 field(:last_refreshed_at, :naive_datetime)
41 has_many(:notifications, Notification)
42 embeds_one(:info, Pleroma.User.Info)
47 def auth_active?(%User{local: false}), do: true
49 def auth_active?(%User{info: %User.Info{confirmation_pending: false}}), do: true
51 def auth_active?(%User{info: %User.Info{confirmation_pending: true}}),
52 do: !Pleroma.Config.get([:instance, :account_activation_required])
54 def auth_active?(_), do: false
56 def visible_for?(user, for_user \\ nil)
58 def visible_for?(%User{id: user_id}, %User{id: for_id}) when user_id == for_id, do: true
60 def visible_for?(%User{} = user, for_user) do
61 auth_active?(user) || superuser?(for_user)
64 def visible_for?(_, _), do: false
66 def superuser?(%User{local: true, info: %User.Info{is_admin: true}}), do: true
67 def superuser?(%User{local: true, info: %User.Info{is_moderator: true}}), do: true
68 def superuser?(_), do: false
70 def avatar_url(user) do
72 %{"url" => [%{"href" => href} | _]} -> href
73 _ -> "#{Web.base_url()}/images/avi.png"
77 def banner_url(user) do
78 case user.info.banner do
79 %{"url" => [%{"href" => href} | _]} -> href
80 _ -> "#{Web.base_url()}/images/banner.png"
84 def profile_url(%User{info: %{source_data: %{"url" => url}}}), do: url
85 def profile_url(%User{ap_id: ap_id}), do: ap_id
86 def profile_url(_), do: nil
88 def ap_id(%User{nickname: nickname}) do
89 "#{Web.base_url()}/users/#{nickname}"
92 def ap_followers(%User{} = user) do
93 "#{ap_id(user)}/followers"
96 def follow_changeset(struct, params \\ %{}) do
98 |> cast(params, [:following])
99 |> validate_required([:following])
102 def user_info(%User{} = user) do
103 oneself = if user.local, do: 1, else: 0
106 following_count: length(user.following) - oneself,
107 note_count: user.info.note_count,
108 follower_count: user.info.follower_count,
109 locked: user.info.locked,
110 confirmation_pending: user.info.confirmation_pending,
111 default_scope: user.info.default_scope
115 def remote_user_creation(params) do
118 |> Map.put(:info, params[:info] || %{})
120 info_cng = User.Info.remote_user_creation(%User.Info{}, params[:info])
124 |> cast(params, [:bio, :name, :ap_id, :nickname, :avatar])
125 |> validate_required([:name, :ap_id])
126 |> unique_constraint(:nickname)
127 |> validate_format(:nickname, @email_regex)
128 |> validate_length(:bio, max: 5000)
129 |> validate_length(:name, max: 100)
130 |> put_change(:local, false)
131 |> put_embed(:info, info_cng)
134 case info_cng.changes[:source_data] do
135 %{"followers" => followers} ->
137 |> put_change(:follower_address, followers)
140 followers = User.ap_followers(%User{nickname: changes.changes[:nickname]})
143 |> put_change(:follower_address, followers)
150 def update_changeset(struct, params \\ %{}) do
152 |> cast(params, [:bio, :name, :avatar])
153 |> unique_constraint(:nickname)
154 |> validate_format(:nickname, local_nickname_regex())
155 |> validate_length(:bio, max: 5000)
156 |> validate_length(:name, min: 1, max: 100)
159 def upgrade_changeset(struct, params \\ %{}) do
162 |> Map.put(:last_refreshed_at, NaiveDateTime.utc_now())
166 |> User.Info.user_upgrade(params[:info])
169 |> cast(params, [:bio, :name, :follower_address, :avatar, :last_refreshed_at])
170 |> unique_constraint(:nickname)
171 |> validate_format(:nickname, local_nickname_regex())
172 |> validate_length(:bio, max: 5000)
173 |> validate_length(:name, max: 100)
174 |> put_embed(:info, info_cng)
177 def password_update_changeset(struct, params) do
180 |> cast(params, [:password, :password_confirmation])
181 |> validate_required([:password, :password_confirmation])
182 |> validate_confirmation(:password)
184 OAuth.Token.delete_user_tokens(struct)
185 OAuth.Authorization.delete_user_authorizations(struct)
187 if changeset.valid? do
188 hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])
191 |> put_change(:password_hash, hashed)
197 def reset_password(user, data) do
198 update_and_set_cache(password_update_changeset(user, data))
201 def register_changeset(struct, params \\ %{}, opts \\ []) do
202 confirmation_status =
203 if opts[:confirmed] || !Pleroma.Config.get([:instance, :account_activation_required]) do
209 info_change = User.Info.confirmation_changeset(%User.Info{}, confirmation_status)
213 |> cast(params, [:bio, :email, :name, :nickname, :password, :password_confirmation])
214 |> validate_required([:email, :name, :nickname, :password, :password_confirmation])
215 |> validate_confirmation(:password)
216 |> unique_constraint(:email)
217 |> unique_constraint(:nickname)
218 |> validate_exclusion(:nickname, Pleroma.Config.get([Pleroma.User, :restricted_nicknames]))
219 |> validate_format(:nickname, local_nickname_regex())
220 |> validate_format(:email, @email_regex)
221 |> validate_length(:bio, max: 1000)
222 |> validate_length(:name, min: 1, max: 100)
223 |> put_change(:info, info_change)
225 if changeset.valid? do
226 hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])
227 ap_id = User.ap_id(%User{nickname: changeset.changes[:nickname]})
228 followers = User.ap_followers(%User{nickname: changeset.changes[:nickname]})
231 |> put_change(:password_hash, hashed)
232 |> put_change(:ap_id, ap_id)
233 |> put_change(:following, [followers])
234 |> put_change(:follower_address, followers)
240 defp autofollow_users(user) do
241 candidates = Pleroma.Config.get([:instance, :autofollowed_nicknames])
245 where: u.local == true,
246 where: u.nickname in ^candidates
251 |> Enum.reduce({:ok, user}, fn other_user, {:ok, user} ->
252 follow(user, other_user)
256 @doc "Inserts provided changeset, performs post-registration actions (confirmation email sending etc.)"
257 def register(%Ecto.Changeset{} = changeset) do
258 with {:ok, user} <- Repo.insert(changeset),
259 {:ok, _} <- try_send_confirmation_email(user),
260 {:ok, user} <- autofollow_users(user) do
265 def try_send_confirmation_email(%User{} = user) do
266 if user.info.confirmation_pending &&
267 Pleroma.Config.get([:instance, :account_activation_required]) do
269 |> Pleroma.UserEmail.account_confirmation_email()
270 |> Pleroma.Mailer.deliver()
276 def needs_update?(%User{local: true}), do: false
278 def needs_update?(%User{local: false, last_refreshed_at: nil}), do: true
280 def needs_update?(%User{local: false} = user) do
281 NaiveDateTime.diff(NaiveDateTime.utc_now(), user.last_refreshed_at) >= 86400
284 def needs_update?(_), do: true
286 def maybe_direct_follow(%User{} = follower, %User{local: true, info: %{locked: true}}) do
290 def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do
291 follow(follower, followed)
294 def maybe_direct_follow(%User{} = follower, %User{} = followed) do
295 if not User.ap_enabled?(followed) do
296 follow(follower, followed)
302 def maybe_follow(%User{} = follower, %User{info: _info} = followed) do
303 if not following?(follower, followed) do
304 follow(follower, followed)
310 def follow(%User{} = follower, %User{info: info} = followed) do
311 user_config = Application.get_env(:pleroma, :user)
312 deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked)
314 ap_followers = followed.follower_address
317 following?(follower, followed) or info.deactivated ->
318 {:error, "Could not follow user: #{followed.nickname} is already on your list."}
320 deny_follow_blocked and blocks?(followed, follower) ->
321 {:error, "Could not follow user: #{followed.nickname} blocked you."}
324 if !followed.local && follower.local && !ap_enabled?(followed) do
325 Websub.subscribe(follower, followed)
329 [ap_followers | follower.following]
334 |> follow_changeset(%{following: following})
335 |> update_and_set_cache
337 {:ok, _} = update_follower_count(followed)
343 def unfollow(%User{} = follower, %User{} = followed) do
344 ap_followers = followed.follower_address
346 if following?(follower, followed) and follower.ap_id != followed.ap_id do
349 |> List.delete(ap_followers)
353 |> follow_changeset(%{following: following})
354 |> update_and_set_cache
356 {:ok, followed} = update_follower_count(followed)
358 {:ok, follower, Utils.fetch_latest_follow(follower, followed)}
360 {:error, "Not subscribed!"}
364 @spec following?(User.t(), User.t()) :: boolean
365 def following?(%User{} = follower, %User{} = followed) do
366 Enum.member?(follower.following, followed.follower_address)
369 def follow_import(%User{} = follower, followed_identifiers)
370 when is_list(followed_identifiers) do
372 followed_identifiers,
373 fn followed_identifier ->
374 with %User{} = followed <- get_or_fetch(followed_identifier),
375 {:ok, follower} <- maybe_direct_follow(follower, followed),
376 {:ok, _} <- ActivityPub.follow(follower, followed) do
380 Logger.debug("follow_import failed for #{followed_identifier} with: #{inspect(err)}")
387 def locked?(%User{} = user) do
388 user.info.locked || false
391 def get_by_ap_id(ap_id) do
392 Repo.get_by(User, ap_id: ap_id)
395 # This is mostly an SPC migration fix. This guesses the user nickname (by taking the last part of the ap_id and the domain) and tries to get that user
396 def get_by_guessed_nickname(ap_id) do
397 domain = URI.parse(ap_id).host
398 name = List.last(String.split(ap_id, "/"))
399 nickname = "#{name}@#{domain}"
401 get_by_nickname(nickname)
404 def update_and_set_cache(changeset) do
405 with {:ok, user} <- Repo.update(changeset) do
406 Cachex.put(:user_cache, "ap_id:#{user.ap_id}", user)
407 Cachex.put(:user_cache, "nickname:#{user.nickname}", user)
408 Cachex.put(:user_cache, "user_info:#{user.id}", user_info(user))
415 def invalidate_cache(user) do
416 Cachex.del(:user_cache, "ap_id:#{user.ap_id}")
417 Cachex.del(:user_cache, "nickname:#{user.nickname}")
418 Cachex.del(:user_cache, "user_info:#{user.id}")
421 def get_cached_by_ap_id(ap_id) do
422 key = "ap_id:#{ap_id}"
423 Cachex.fetch!(:user_cache, key, fn _ -> get_by_ap_id(ap_id) end)
426 def get_cached_by_nickname(nickname) do
427 key = "nickname:#{nickname}"
428 Cachex.fetch!(:user_cache, key, fn _ -> get_or_fetch_by_nickname(nickname) end)
431 def get_by_nickname(nickname) do
432 Repo.get_by(User, nickname: nickname) ||
433 if Regex.match?(~r(@#{Pleroma.Web.Endpoint.host()})i, nickname) do
434 [local_nickname, _] = String.split(nickname, "@")
435 Repo.get_by(User, nickname: local_nickname)
439 def get_by_nickname_or_email(nickname_or_email) do
440 case user = Repo.get_by(User, nickname: nickname_or_email) do
442 nil -> Repo.get_by(User, email: nickname_or_email)
446 def get_cached_user_info(user) do
447 key = "user_info:#{user.id}"
448 Cachex.fetch!(:user_cache, key, fn _ -> user_info(user) end)
451 def fetch_by_nickname(nickname) do
452 ap_try = ActivityPub.make_user_from_nickname(nickname)
455 {:ok, user} -> {:ok, user}
456 _ -> OStatus.make_user(nickname)
460 def get_or_fetch_by_nickname(nickname) do
461 with %User{} = user <- get_by_nickname(nickname) do
465 with [_nick, _domain] <- String.split(nickname, "@"),
466 {:ok, user} <- fetch_by_nickname(nickname) do
474 def get_followers_query(%User{id: id, follower_address: follower_address}) do
477 where: fragment("? <@ ?", ^[follower_address], u.following),
482 def get_followers(user) do
483 q = get_followers_query(user)
488 def get_friends_query(%User{id: id, following: following}) do
491 where: u.follower_address in ^following,
496 def get_friends(user) do
497 q = get_friends_query(user)
502 def get_follow_requests_query(%User{} = user) do
507 "? ->> 'type' = 'Follow'",
512 "? ->> 'state' = 'pending'",
519 ^%{"object" => user.ap_id}
524 def get_follow_requests(%User{} = user) do
525 q = get_follow_requests_query(user)
529 Enum.map(reqs, fn req -> req.actor end)
531 |> Enum.map(fn ap_id -> get_by_ap_id(ap_id) end)
532 |> Enum.filter(fn u -> !is_nil(u) end)
533 |> Enum.filter(fn u -> !following?(u, user) end)
538 def increase_note_count(%User{} = user) do
539 info_cng = User.Info.add_to_note_count(user.info, 1)
543 |> put_embed(:info, info_cng)
545 update_and_set_cache(cng)
548 def decrease_note_count(%User{} = user) do
549 info_cng = User.Info.add_to_note_count(user.info, -1)
553 |> put_embed(:info, info_cng)
555 update_and_set_cache(cng)
558 def update_note_count(%User{} = user) do
562 where: fragment("?->>'actor' = ? and ?->>'type' = 'Note'", a.data, ^user.ap_id, a.data),
566 note_count = Repo.one(note_count_query)
568 info_cng = User.Info.set_note_count(user.info, note_count)
572 |> put_embed(:info, info_cng)
574 update_and_set_cache(cng)
577 def update_follower_count(%User{} = user) do
578 follower_count_query =
581 where: ^user.follower_address in u.following,
582 where: u.id != ^user.id,
586 follower_count = Repo.one(follower_count_query)
590 |> User.Info.set_follower_count(follower_count)
594 |> put_embed(:info, info_cng)
596 update_and_set_cache(cng)
599 def get_users_from_set_query(ap_ids, false) do
602 where: u.ap_id in ^ap_ids
606 def get_users_from_set_query(ap_ids, true) do
607 query = get_users_from_set_query(ap_ids, false)
611 where: u.local == true
615 def get_users_from_set(ap_ids, local_only \\ true) do
616 get_users_from_set_query(ap_ids, local_only)
620 def get_recipients_from_activity(%Activity{recipients: to}) do
624 where: u.ap_id in ^to,
625 or_where: fragment("? && ?", u.following, ^to)
628 query = from(u in query, where: u.local == true)
633 def search(query, resolve \\ false) do
634 # strip the beginning @ off if there is a query
635 query = String.trim_leading(query, "@")
638 User.get_or_fetch_by_nickname(query)
647 "? <-> (? || coalesce(?, ''))",
653 where: not is_nil(u.nickname)
658 s in subquery(inner),
659 order_by: s.search_distance,
666 def blocks_import(%User{} = blocker, blocked_identifiers) when is_list(blocked_identifiers) do
669 fn blocked_identifier ->
670 with %User{} = blocked <- get_or_fetch(blocked_identifier),
671 {:ok, blocker} <- block(blocker, blocked),
672 {:ok, _} <- ActivityPub.block(blocker, blocked) do
676 Logger.debug("blocks_import failed for #{blocked_identifier} with: #{inspect(err)}")
683 def block(blocker, %User{ap_id: ap_id} = blocked) do
684 # sever any follow relationships to prevent leaks per activitypub (Pleroma issue #213)
686 if following?(blocker, blocked) do
687 {:ok, blocker, _} = unfollow(blocker, blocked)
693 if following?(blocked, blocker) do
694 unfollow(blocked, blocker)
699 |> User.Info.add_to_block(ap_id)
703 |> put_embed(:info, info_cng)
705 update_and_set_cache(cng)
708 # helper to handle the block given only an actor's AP id
709 def block(blocker, %{ap_id: ap_id}) do
710 block(blocker, User.get_by_ap_id(ap_id))
713 def unblock(blocker, %{ap_id: ap_id}) do
716 |> User.Info.remove_from_block(ap_id)
720 |> put_embed(:info, info_cng)
722 update_and_set_cache(cng)
725 def blocks?(user, %{ap_id: ap_id}) do
726 blocks = user.info.blocks
727 domain_blocks = user.info.domain_blocks
728 %{host: host} = URI.parse(ap_id)
730 Enum.member?(blocks, ap_id) ||
731 Enum.any?(domain_blocks, fn domain ->
736 def blocked_users(user),
737 do: Repo.all(from(u in User, where: u.ap_id in ^user.info.blocks))
739 def block_domain(user, domain) do
742 |> User.Info.add_to_domain_block(domain)
746 |> put_embed(:info, info_cng)
748 update_and_set_cache(cng)
751 def unblock_domain(user, domain) do
754 |> User.Info.remove_from_domain_block(domain)
758 |> put_embed(:info, info_cng)
760 update_and_set_cache(cng)
763 def local_user_query() do
766 where: u.local == true,
767 where: not is_nil(u.nickname)
771 def moderator_user_query() do
774 where: u.local == true,
775 where: fragment("?->'is_moderator' @> 'true'", u.info)
779 def deactivate(%User{} = user, status \\ true) do
780 info_cng = User.Info.set_activation_status(user.info, status)
784 |> put_embed(:info, info_cng)
786 update_and_set_cache(cng)
789 def delete(%User{} = user) do
790 {:ok, user} = User.deactivate(user)
792 # Remove all relationships
793 {:ok, followers} = User.get_followers(user)
796 |> Enum.each(fn follower -> User.unfollow(follower, user) end)
798 {:ok, friends} = User.get_friends(user)
801 |> Enum.each(fn followed -> User.unfollow(user, followed) end)
803 query = from(a in Activity, where: a.actor == ^user.ap_id)
806 |> Enum.each(fn activity ->
807 case activity.data["type"] do
809 ActivityPub.delete(Object.normalize(activity.data["object"]))
811 # TODO: Do something with likes, follows, repeats.
820 def html_filter_policy(%User{info: %{no_rich_text: true}}) do
821 Pleroma.HTML.Scrubber.TwitterText
824 @default_scrubbers Pleroma.Config.get([:markup, :scrub_policy])
826 def html_filter_policy(_), do: @default_scrubbers
828 def get_or_fetch_by_ap_id(ap_id) do
829 user = get_by_ap_id(ap_id)
831 if !is_nil(user) and !User.needs_update?(user) do
834 ap_try = ActivityPub.make_user_from_ap_id(ap_id)
841 case OStatus.make_user(ap_id) do
843 _ -> {:error, "Could not fetch by AP id"}
849 def get_or_create_instance_user do
850 relay_uri = "#{Pleroma.Web.Endpoint.url()}/relay"
852 if user = get_by_ap_id(relay_uri) do
856 %User{info: %User.Info{}}
857 |> cast(%{}, [:ap_id, :nickname, :local])
858 |> put_change(:ap_id, relay_uri)
859 |> put_change(:nickname, nil)
860 |> put_change(:local, true)
861 |> put_change(:follower_address, relay_uri <> "/followers")
863 {:ok, user} = Repo.insert(changes)
869 def public_key_from_info(%{
870 source_data: %{"publicKey" => %{"publicKeyPem" => public_key_pem}}
874 |> :public_key.pem_decode()
876 |> :public_key.pem_entry_decode()
882 def public_key_from_info(%{magic_key: magic_key}) do
883 {:ok, Pleroma.Web.Salmon.decode_key(magic_key)}
886 def get_public_key_for_ap_id(ap_id) do
887 with %User{} = user <- get_or_fetch_by_ap_id(ap_id),
888 {:ok, public_key} <- public_key_from_info(user.info) do
895 defp blank?(""), do: nil
896 defp blank?(n), do: n
898 def insert_or_update_user(data) do
901 |> Map.put(:name, blank?(data[:name]) || data[:nickname])
903 cs = User.remote_user_creation(data)
905 Repo.insert(cs, on_conflict: :replace_all, conflict_target: :nickname)
908 def ap_enabled?(%User{local: true}), do: true
909 def ap_enabled?(%User{info: info}), do: info.ap_enabled
910 def ap_enabled?(_), do: false
912 @doc "Gets or fetch a user by uri or nickname."
913 @spec get_or_fetch(String.t()) :: User.t()
914 def get_or_fetch("http" <> _host = uri), do: get_or_fetch_by_ap_id(uri)
915 def get_or_fetch(nickname), do: get_or_fetch_by_nickname(nickname)
917 # wait a period of time and return newest version of the User structs
918 # this is because we have synchronous follow APIs and need to simulate them
919 # with an async handshake
920 def wait_and_refresh(_, %User{local: true} = a, %User{local: true} = b) do
921 with %User{} = a <- Repo.get(User, a.id),
922 %User{} = b <- Repo.get(User, b.id) do
930 def wait_and_refresh(timeout, %User{} = a, %User{} = b) do
931 with :ok <- :timer.sleep(timeout),
932 %User{} = a <- Repo.get(User, a.id),
933 %User{} = b <- Repo.get(User, b.id) do
941 def parse_bio(bio, user \\ %User{info: %{source_data: %{}}})
942 def parse_bio(nil, _user), do: ""
943 def parse_bio(bio, _user) when bio == "", do: bio
945 def parse_bio(bio, user) do
946 mentions = Formatter.parse_mentions(bio)
947 tags = Formatter.parse_tags(bio)
950 (user.info.source_data["tag"] || [])
951 |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end)
952 |> Enum.map(fn %{"icon" => %{"url" => url}, "name" => name} ->
953 {String.trim(name, ":"), url}
957 |> CommonUtils.format_input(mentions, tags, "text/plain")
958 |> Formatter.emojify(emoji)
961 def tag(user_identifiers, tags) when is_list(user_identifiers) do
962 Repo.transaction(fn ->
963 for user_identifier <- user_identifiers, do: tag(user_identifier, tags)
967 def tag(nickname, tags) when is_binary(nickname),
968 do: tag(User.get_by_nickname(nickname), tags)
970 def tag(%User{} = user, tags),
971 do: update_tags(user, Enum.uniq((user.tags || []) ++ normalize_tags(tags)))
973 def untag(user_identifiers, tags) when is_list(user_identifiers) do
974 Repo.transaction(fn ->
975 for user_identifier <- user_identifiers, do: untag(user_identifier, tags)
979 def untag(nickname, tags) when is_binary(nickname),
980 do: untag(User.get_by_nickname(nickname), tags)
982 def untag(%User{} = user, tags),
983 do: update_tags(user, (user.tags || []) -- normalize_tags(tags))
985 defp update_tags(%User{} = user, new_tags) do
986 {:ok, updated_user} =
988 |> change(%{tags: new_tags})
994 defp normalize_tags(tags) do
997 |> Enum.map(&String.downcase(&1))
1000 defp local_nickname_regex() do
1001 if Pleroma.Config.get([:instance, :extended_nickname_format]) do
1002 @extended_local_nickname_regex
1004 @strict_local_nickname_regex