+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
- alias Pleroma.{User, Activity, Repo, Object}
+ alias Pleroma.{UserInviteToken, User, Activity, Repo, Object}
+ alias Pleroma.{UserEmail, Mailer}
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.TwitterAPI.UserView
- alias Pleroma.Web.{OStatus, CommonAPI}
- import Ecto.Query
+ alias Pleroma.Web.CommonAPI
- @httpoison Application.get_env(:pleroma, :httpoison)
+ import Ecto.Query
def create_status(%User{} = user, %{"status" => _} = data) do
CommonAPI.post(user, data)
end
def delete(%User{} = user, id) do
- # TwitterAPI does not have an "unretweet" endpoint; instead this is done
- # via the "destroy" endpoint. Therefore, we need to handle
- # when the status to "delete" is actually an Announce (repeat) object.
- with %Activity{data: %{"type" => type}} <- Repo.get(Activity, id) do
- case type do
- "Announce" -> unrepeat(user, id)
- _ -> CommonAPI.delete(id, user)
- end
+ with %Activity{data: %{"type" => _type}} <- Repo.get(Activity, id),
+ {:ok, activity} <- CommonAPI.delete(id, user) do
+ {:ok, activity}
end
end
def follow(%User{} = follower, params) do
with {:ok, %User{} = followed} <- get_user(params),
{:ok, follower} <- User.maybe_direct_follow(follower, followed),
- {:ok, activity} <- ActivityPub.follow(follower, followed) do
+ {:ok, activity} <- ActivityPub.follow(follower, followed),
+ {:ok, follower, followed} <-
+ User.wait_and_refresh(
+ Pleroma.Config.get([:activitypub, :follow_handshake_timeout]),
+ follower,
+ followed
+ ) do
{:ok, follower, followed, activity}
else
err -> err
def unfollow(%User{} = follower, params) do
with {:ok, %User{} = unfollowed} <- get_user(params),
- {:ok, follower, follow_activity} <- User.unfollow(follower, unfollowed),
+ {:ok, follower, _follow_activity} <- User.unfollow(follower, unfollowed),
{:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed) do
{:ok, follower, unfollowed}
else
end
end
- defp unrepeat(%User{} = user, ap_id_or_id) do
- with {:ok, _unannounce, activity, _object} <- CommonAPI.unrepeat(ap_id_or_id, user) do
+ def unrepeat(%User{} = user, ap_id_or_id) do
+ with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user),
+ %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do
{:ok, activity}
end
end
end
end
- def upload(%Plug.Upload{} = file, format \\ "xml") do
- {:ok, object} = ActivityPub.upload(file)
+ def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do
+ {:ok, object} = ActivityPub.upload(file, actor: User.ap_id(user))
url = List.first(object.data["url"])
href = url["href"]
end
def register_user(params) do
+ tokenString = params["token"]
+
params = %{
nickname: params["nickname"],
name: params["fullname"],
- bio: params["bio"],
+ bio: User.parse_bio(params["bio"]),
email: params["email"],
password: params["password"],
- password_confirmation: params["confirm"]
+ password_confirmation: params["confirm"],
+ captcha_solution: params["captcha_solution"],
+ captcha_token: params["captcha_token"]
}
- changeset = User.register_changeset(%User{}, params)
+ captcha_enabled = Pleroma.Config.get([Pleroma.Captcha, :enabled])
+ # true if captcha is disabled or enabled and valid, false otherwise
+ captcha_ok =
+ if !captcha_enabled do
+ true
+ else
+ Pleroma.Captcha.validate(params[:captcha_token], params[:captcha_solution])
+ end
+
+ # Captcha invalid
+ if not captcha_ok do
+ # I have no idea how this error handling works
+ {:error, %{error: Jason.encode!(%{captcha: ["Invalid CAPTCHA"]})}}
+ else
+ registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+
+ # no need to query DB if registration is open
+ token =
+ unless registrations_open || is_nil(tokenString) do
+ Repo.get_by(UserInviteToken, %{token: tokenString})
+ end
+
+ cond do
+ registrations_open || (!is_nil(token) && !token.used) ->
+ changeset = User.register_changeset(%User{}, params)
- with {:ok, user} <- Repo.insert(changeset) do
- {:ok, user}
+ with {:ok, user} <- User.register(changeset) do
+ !registrations_open && UserInviteToken.mark_as_used(token.token)
+
+ {:ok, user}
+ else
+ {:error, changeset} ->
+ errors =
+ Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
+ |> Jason.encode!()
+
+ {:error, %{error: errors}}
+ end
+
+ !registrations_open && is_nil(token) ->
+ {:error, "Invalid token"}
+
+ !registrations_open && token.used ->
+ {:error, "Expired token"}
+ end
+ end
+ end
+
+ def password_reset(nickname_or_email) do
+ with true <- is_binary(nickname_or_email),
+ %User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email),
+ {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
+ user
+ |> UserEmail.password_reset_email(token_record.token)
+ |> Mailer.deliver()
else
- {:error, changeset} ->
- errors =
- Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
- |> Jason.encode!()
+ false ->
+ {:error, "bad user identifier"}
+
+ %User{local: false} ->
+ {:error, "remote user"}
- {:error, %{error: errors}}
+ nil ->
+ {:error, "unknown user"}
end
end
_activities = Repo.all(q)
end
- defp make_date do
- DateTime.utc_now() |> DateTime.to_iso8601()
- end
-
# DEPRECATED mostly, context objects are now created at insertion time.
def context_to_conversation_id(context) do
with %Object{id: id} <- Object.get_cached_by_ap_id(context) do
def get_external_profile(for_user, uri) do
with %User{} = user <- User.get_or_fetch(uri) do
- spawn(fn ->
- with url <- user.info["topic"],
- {:ok, %{body: body}} <-
- @httpoison.get(url, [], follow_redirect: true, timeout: 10000, recv_timeout: 20000) do
- OStatus.handle_incoming(body)
- end
- end)
-
{:ok, UserView.render("show.json", %{user: user, for: for_user})}
else
_e ->