X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Ftwitter_api%2Fcontrollers%2Futil_controller.ex;h=70b0fbd546f32ddaeb62a3110b83c7d81d5dfd94;hb=9775955974171c19e2dd9e6930e96e33f25cb4db;hp=aaca182ecc1ac5c194abfdb4e86a501585cddc5a;hpb=b950fb01db51f14a9fd3a827b90573418a5b95da;p=akkoma

diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index aaca182ec..ccbef6d9f 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright Â© 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright Â© 2017-2021 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.TwitterAPI.UtilController do
@@ -10,23 +10,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   alias Pleroma.Config
   alias Pleroma.Emoji
   alias Pleroma.Healthcheck
-  alias Pleroma.Notification
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
-  alias Pleroma.Web
   alias Pleroma.Web.CommonAPI
-  alias Pleroma.Web.TwitterAPI.UtilView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
   alias Pleroma.Web.WebFinger
 
-  plug(Pleroma.Web.FederatingPlug when action == :remote_subscribe)
-
-  plug(
-    OAuthScopesPlug,
-    %{scopes: ["follow", "write:follows"]}
-    when action == :follow_import
-  )
-
-  plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)
+  plug(Pleroma.Web.ApiSpec.CastAndValidate when action != :remote_subscribe)
+  plug(Pleroma.Web.Plugs.FederatingPlug when action == :remote_subscribe)
 
   plug(
     OAuthScopesPlug,
@@ -40,13 +30,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
          ]
   )
 
-  plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
-
-  plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version])
-
-  def help_test(conn, _params) do
-    json(conn, "ok")
-  end
+  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TwitterUtilOperation
 
   def remote_subscribe(conn, %{"nickname" => nick, "profile" => _}) do
     with %User{} = user <- User.get_cached_by_nickname(nick),
@@ -78,89 +62,17 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
-    with {:ok, _} <- Notification.read_one(user, notification_id) do
-      json(conn, %{status: "success"})
+  def remote_interaction(%{body_params: %{ap_id: ap_id, profile: profile}} = conn, _params) do
+    with {:ok, %{"subscribe_address" => template}} <- WebFinger.finger(profile) do
+      conn
+      |> json(%{url: String.replace(template, "{uri}", ap_id)})
     else
-      {:error, message} ->
-        conn
-        |> put_resp_content_type("application/json")
-        |> send_resp(403, Jason.encode!(%{"error" => message}))
+      _e -> json(conn, %{error: "Couldn't find user"})
     end
   end
 
-  def config(%{assigns: %{format: "xml"}} = conn, _params) do
-    instance = Pleroma.Config.get(:instance)
-    response = UtilView.status_net_config(instance)
-
-    conn
-    |> put_resp_content_type("application/xml")
-    |> send_resp(200, response)
-  end
-
-  def config(conn, _params) do
-    instance = Pleroma.Config.get(:instance)
-
-    vapid_public_key = Keyword.get(Pleroma.Web.Push.vapid_config(), :public_key)
-
-    uploadlimit = %{
-      uploadlimit: to_string(Keyword.get(instance, :upload_limit)),
-      avatarlimit: to_string(Keyword.get(instance, :avatar_upload_limit)),
-      backgroundlimit: to_string(Keyword.get(instance, :background_upload_limit)),
-      bannerlimit: to_string(Keyword.get(instance, :banner_upload_limit))
-    }
-
-    data = %{
-      name: Keyword.get(instance, :name),
-      description: Keyword.get(instance, :description),
-      server: Web.base_url(),
-      textlimit: to_string(Keyword.get(instance, :limit)),
-      uploadlimit: uploadlimit,
-      closed: bool_to_val(Keyword.get(instance, :registrations_open), "0", "1"),
-      private: bool_to_val(Keyword.get(instance, :public, true), "0", "1"),
-      vapidPublicKey: vapid_public_key,
-      accountActivationRequired:
-        bool_to_val(Keyword.get(instance, :account_activation_required, false)),
-      invitesEnabled: bool_to_val(Keyword.get(instance, :invites_enabled, false)),
-      safeDMMentionsEnabled: bool_to_val(Pleroma.Config.get([:instance, :safe_dm_mentions]))
-    }
-
-    managed_config = Keyword.get(instance, :managed_config)
-
-    data =
-      if managed_config do
-        pleroma_fe = Pleroma.Config.get([:frontend_configurations, :pleroma_fe])
-        Map.put(data, "pleromafe", pleroma_fe)
-      else
-        data
-      end
-
-    json(conn, %{site: data})
-  end
-
-  defp bool_to_val(true), do: "1"
-  defp bool_to_val(_), do: "0"
-  defp bool_to_val(true, val, _), do: val
-  defp bool_to_val(_, _, val), do: val
-
   def frontend_configurations(conn, _params) do
-    config =
-      Pleroma.Config.get(:frontend_configurations, %{})
-      |> Enum.into(%{})
-
-    json(conn, config)
-  end
-
-  def version(%{assigns: %{format: "xml"}} = conn, _params) do
-    version = Pleroma.Application.named_version()
-
-    conn
-    |> put_resp_content_type("application/xml")
-    |> send_resp(200, "<version>#{version}</version>")
-  end
-
-  def version(conn, _params) do
-    json(conn, Pleroma.Application.named_version())
+    render(conn, "frontend_configurations.json")
   end
 
   def emoji(conn, _params) do
@@ -178,40 +90,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def follow_import(conn, %{"list" => %Plug.Upload{} = listfile}) do
-    follow_import(conn, %{"list" => File.read!(listfile.path)})
-  end
-
-  def follow_import(%{assigns: %{user: follower}} = conn, %{"list" => list}) do
-    followed_identifiers =
-      list
-      |> String.split("\n")
-      |> Enum.map(&(&1 |> String.split(",") |> List.first()))
-      |> List.delete("Account address")
-      |> Enum.map(&(&1 |> String.trim() |> String.trim_leading("@")))
-      |> Enum.reject(&(&1 == ""))
-
-    User.follow_import(follower, followed_identifiers)
-    json(conn, "job started")
-  end
-
-  def blocks_import(conn, %{"list" => %Plug.Upload{} = listfile}) do
-    blocks_import(conn, %{"list" => File.read!(listfile.path)})
-  end
-
-  def blocks_import(%{assigns: %{user: blocker}} = conn, %{"list" => list}) do
-    blocked_identifiers = list |> String.split() |> Enum.map(&String.trim_leading(&1, "@"))
-    User.blocks_import(blocker, blocked_identifiers)
-    json(conn, "job started")
-  end
-
-  def change_password(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+  def change_password(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
+    case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
       {:ok, user} ->
         with {:ok, _user} <-
                User.reset_password(user, %{
-                 password: params["new_password"],
-                 password_confirmation: params["new_password_confirmation"]
+                 password: body_params.new_password,
+                 password_confirmation: body_params.new_password_confirmation
                }) do
           json(conn, %{status: "success"})
         else
@@ -228,10 +113,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def change_email(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+  def change_email(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
+    case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
       {:ok, user} ->
-        with {:ok, _user} <- User.change_email(user, params["email"]) do
+        with {:ok, _user} <- User.change_email(user, body_params.email) do
           json(conn, %{status: "success"})
         else
           {:error, changeset} ->
@@ -247,8 +132,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def delete_account(%{assigns: %{user: user}} = conn, params) do
-    password = params["password"] || ""
+  def delete_account(%{assigns: %{user: user}, body_params: body_params} = conn, params) do
+    # This endpoint can accept a query param or JSON body for backwards-compatibility.
+    # Submitting a JSON body is recommended, so passwords don't end up in server logs.
+    password = body_params[:password] || params[:password] || ""
 
     case CommonAPI.Utils.confirm_current_password(user, password) do
       {:ok, user} ->
@@ -261,9 +148,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   end
 
   def disable_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+    case CommonAPI.Utils.confirm_current_password(user, params[:password]) do
       {:ok, user} ->
-        User.deactivate_async(user)
+        User.set_activation_async(user, false)
         json(conn, %{status: "success"})
 
       {:error, msg} ->