# variables.
/config/*.secret.exs
/config/generated_config.exs
-/config/*.env
-
# Database setup file, some may forget to delete it
/config/setup_db.psql
- docker
before_script:
+ - apt-get update && apt-get install -y cmake
- mix local.hex --force
- mix local.rebar --force
- Configuration: `:instance, rewrite_policy` moved to `:mrf, policies`, `:instance, :mrf_transparency` moved to `:mrf, :transparency`, `:instance, :mrf_transparency_exclusions` moved to `:mrf, :transparency_exclusions`. Old config namespace is deprecated.
- Configuration: `:media_proxy, whitelist` format changed to host with scheme (e.g. `http://example.com` instead of `example.com`). Domain format is deprecated.
- **Breaking:** Configuration: `:instance, welcome_user_nickname` moved to `:welcome, :direct_message, :sender_nickname`, `:instance, :welcome_message` moved to `:welcome, :direct_message, :message`. Old config namespace is deprecated.
+- **Breaking:** LDAP: Fallback to local database authentication has been removed for security reasons and lack of a mechanism to ensure the passwords are synchronized when LDAP passwords are updated.
<details>
<summary>API Changes</summary>
--- /dev/null
+# Pleroma backend security policy
+
+## Supported versions
+
+Currently, Pleroma offers bugfixes and security patches only for the latest minor release.
+
+| Version | Support
+|---------| --------
+| 2.0 | Bugfixes and security patches
+
+## Reporting a vulnerability
+
+Please use confidential issues (tick the "This issue is confidential and should only be visible to team members with at least Reporter access." box when submitting) at our [bugtracker](https://git.pleroma.social/pleroma/pleroma/-/issues/new) for reporting vulnerabilities.
+## Announcements
+
+New releases are announced at [pleroma.social](https://pleroma.social/announcements/). All security releases are tagged with ["Security"](https://pleroma.social/announcements/tags/security/). You can be notified of them by subscribing to an Atom feed at <https://pleroma.social/announcements/tags/security/feed.xml>.
config :pleroma, :instances_favicons, enabled: false
+config :floki, :html_parser, Floki.HTMLParser.FastHtml
+
+config :pleroma, Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.PleromaAuthenticator
+
# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs"
```sh tab="From Source"
mix pleroma.database vacuum full
-```
\ No newline at end of file
+```
+
+## Add expiration to all local statuses
+
+```sh tab="OTP"
+./bin/pleroma_ctl database ensure_expiration
+```
+
+```sh tab="From Source"
+mix pleroma.database ensure_expiration
+```
+++ /dev/null
-# Generate release environment file
-
-```sh tab="OTP"
- ./bin/pleroma_ctl release_env gen
-```
-
-```sh tab="From Source"
-mix pleroma.release_env gen
-```
### :auth
-* `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator.
-* `Pleroma.Web.Auth.LDAPAuthenticator`: LDAP authentication.
-
Authentication / authorization settings.
* `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`.
* `base`: LDAP base, e.g. "dc=example,dc=com"
* `uid`: LDAP attribute name to authenticate the user, e.g. when "cn", the filter will be "cn=username,base"
+Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
+OpenLDAP server the value may be `uid: "uid"`.
+
### OAuth consumer mode
OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
* `erlang-xmerl`
* `git`
* Development Tools
+* `cmake`
#### Optional packages used in this guide
* Install some tools, which are needed later:
```shell
-sudo apk add git build-base
+sudo apk add git build-base cmake
```
### Install Elixir and Erlang
* `elixir`
* `git`
* `base-devel`
+* `cmake`
#### Optional packages used in this guide
* Install some of the above mentioned programs:
```shell
-sudo pacman -S git base-devel elixir
+sudo pacman -S git base-devel elixir cmake
```
### Install PostgreSQL
* `erlang-nox`
* `git`
* `build-essential`
+* `cmake`
#### Optional packages used in this guide
* Install some of the above mentioned programs:
```shell
-sudo apt install git build-essential postgresql postgresql-contrib
+sudo apt install git build-essential postgresql postgresql-contrib cmake
```
### Install Elixir and Erlang
- `erlang-nox`
- `git`
- `build-essential`
+- `cmake`
#### このガイドで利用している追加パッケージ
* 上記に挙げたパッケージをインストールしておきます。
```
-sudo apt install git build-essential postgresql postgresql-contrib
+sudo apt install git build-essential postgresql postgresql-contrib cmake
```
* `dev-db/postgresql`
* `dev-lang/elixir`
* `dev-vcs/git`
+* `dev-util/cmake`
#### Optional ebuilds used in this guide
* Emerge all required the required and suggested software in one go:
```shell
- # emerge --ask dev-db/postgresql dev-lang/elixir dev-vcs/git www-servers/nginx app-crypt/certbot app-crypt/certbot-nginx
+ # emerge --ask dev-db/postgresql dev-lang/elixir dev-vcs/git www-servers/nginx app-crypt/certbot app-crypt/certbot-nginx dev-util/cmake
```
If you would not like to install the optional packages, remove them from this line.
databases/postgresql11-server
devel/git-base
devel/git-docs
+devel/cmake
lang/elixir
security/acmesh
security/sudo
* git
* postgresql-server
* postgresql-contrib
+ * cmake
To install them, run the following command (with doas or as root):
```
-pkg_add elixir gmake ImageMagick git postgresql-server postgresql-contrib
+pkg_add elixir gmake ImageMagick git postgresql-server postgresql-contrib cmake
```
Pleroma requires a reverse proxy, OpenBSD has relayd in base (and is used in this guide) and packages/ports are available for nginx (www/nginx) and apache (www/apache-httpd). Independently of the reverse proxy, [acme-client(1)](https://man.openbsd.org/acme-client) can be used to get a certificate from Let's Encrypt.
Asenna tarvittava ohjelmisto:
-`# pkg_add git elixir gmake postgresql-server-10.3 postgresql-contrib-10.3`
+`# pkg_add git elixir gmake postgresql-server-10.3 postgresql-contrib-10.3 cmake`
Luo postgresql-tietokanta:
# Run the config generator
su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
-# Run the environment file generator.
-su pleroma -s $SHELL -lc "./bin/pleroma_ctl release_env gen"
-
# Create the postgres database
su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
# su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
# Start the instance to verify that everything is working as expected
-su pleroma -s $SHELL -lc "export $(cat /opt/pleroma/config/pleroma.env); ./bin/pleroma daemon"
+su pleroma -s $SHELL -lc "./bin/pleroma daemon"
# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
sleep 20 && curl http://localhost:4000/api/v1/instance
# Copy the service into a proper directory
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
-
# Start pleroma and enable it on boot
systemctl start pleroma
systemctl enable pleroma
## Questions
Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**.
+
directory=/opt/pleroma
healthcheck_delay=60
healthcheck_timer=30
-export $(cat /opt/pleroma/config/pleroma.env)
: ${pleroma_port:-4000}
Environment="HOME=/var/lib/pleroma"
; Path to the folder containing the Pleroma installation.
WorkingDirectory=/opt/pleroma
-; Path to the environment file. the file contains RELEASE_COOKIE and etc
-EnvironmentFile=/opt/pleroma/config/pleroma.env
; Path to the Mix binary.
ExecStart=/usr/bin/mix phx.server
alias Pleroma.User
require Logger
require Pleroma.Constants
+ import Ecto.Query
import Mix.Pleroma
use Mix.Task
end
def run(["prune_objects" | args]) do
- import Ecto.Query
-
{options, [], []} =
OptionParser.parse(
args,
end
def run(["fix_likes_collections"]) do
- import Ecto.Query
-
start_pleroma()
from(object in Object,
Maintenance.vacuum(args)
end
+
+ def run(["ensure_expiration"]) do
+ start_pleroma()
+ days = Pleroma.Config.get([:mrf_activity_expiration, :days], 365)
+
+ Pleroma.Activity
+ |> join(:left, [a], u in assoc(a, :expiration))
+ |> where(local: true)
+ |> where([a, u], is_nil(u))
+ |> Pleroma.RepoStreamer.chunk_stream(100)
+ |> Stream.each(fn activities ->
+ Enum.each(activities, fn activity ->
+ expires_at = Timex.shift(activity.inserted_at, days: days)
+
+ Pleroma.ActivityExpiration.create(activity, expires_at, false)
+ end)
+ end)
+ |> Stream.run()
+ end
end
+++ /dev/null
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Mix.Tasks.Pleroma.ReleaseEnv do
- use Mix.Task
- import Mix.Pleroma
-
- @shortdoc "Generate Pleroma environment file."
- @moduledoc File.read!("docs/administration/CLI_tasks/release_environments.md")
-
- def run(["gen" | rest]) do
- {options, [], []} =
- OptionParser.parse(
- rest,
- strict: [
- force: :boolean,
- path: :string
- ],
- aliases: [
- p: :path,
- f: :force
- ]
- )
-
- file_path =
- get_option(
- options,
- :path,
- "Environment file path",
- "./config/pleroma.env"
- )
-
- env_path = Path.expand(file_path)
-
- proceed? =
- if File.exists?(env_path) do
- get_option(
- options,
- :force,
- "Environment file already exists. Do you want to overwrite the #{env_path} file? (y/n)",
- "n"
- ) === "y"
- else
- true
- end
-
- if proceed? do
- case do_generate(env_path) do
- {:error, reason} ->
- shell_error(
- File.Error.message(%{action: "write to file", reason: reason, path: env_path})
- )
-
- _ ->
- shell_info("\nThe file generated: #{env_path}.\n")
-
- shell_info("""
- WARNING: before start pleroma app please make sure to make the file read-only and non-modifiable.
- Example:
- chmod 0444 #{file_path}
- chattr +i #{file_path}
- """)
- end
- else
- shell_info("\nThe file is exist. #{env_path}.\n")
- end
- end
-
- def do_generate(path) do
- content = "RELEASE_COOKIE=#{Base.encode32(:crypto.strong_rand_bytes(32))}"
-
- File.mkdir_p!(Path.dirname(path))
- File.write(path, content)
- end
-end
field(:scheduled_at, :naive_datetime)
end
- def changeset(%ActivityExpiration{} = expiration, attrs) do
+ def changeset(%ActivityExpiration{} = expiration, attrs, validate_scheduled_at) do
expiration
|> cast(attrs, [:scheduled_at])
|> validate_required([:scheduled_at])
- |> validate_scheduled_at()
+ |> validate_scheduled_at(validate_scheduled_at)
end
def get_by_activity_id(activity_id) do
|> Repo.one()
end
- def create(%Activity{} = activity, scheduled_at) do
+ def create(%Activity{} = activity, scheduled_at, validate_scheduled_at \\ true) do
%ActivityExpiration{activity_id: activity.id}
- |> changeset(%{scheduled_at: scheduled_at})
+ |> changeset(%{scheduled_at: scheduled_at}, validate_scheduled_at)
|> Repo.insert()
end
|> Repo.all()
end
- def validate_scheduled_at(changeset) do
+ def validate_scheduled_at(changeset, false), do: changeset
+
+ def validate_scheduled_at(changeset, true) do
validate_change(changeset, :scheduled_at, fn _, scheduled_at ->
if not expires_late_enough?(scheduled_at) do
[scheduled_at: "an ephemeral activity must live for at least one hour"]
@spec force_password_reset(User.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
def force_password_reset(user), do: update_password_reset_pending(user, true)
+ # Used to auto-register LDAP accounts which won't have a password hash stored locally
+ def register_changeset_ldap(struct, params = %{password: password})
+ when is_nil(password) do
+ params = Map.put_new(params, :accepts_chat_messages, true)
+
+ params =
+ if Map.has_key?(params, :email) do
+ Map.put_new(params, :email, params[:email])
+ else
+ params
+ end
+
+ struct
+ |> cast(params, [
+ :name,
+ :nickname,
+ :email,
+ :accepts_chat_messages
+ ])
+ |> validate_required([:name, :nickname])
+ |> unique_constraint(:nickname)
+ |> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
+ |> validate_format(:nickname, local_nickname_regex())
+ |> put_ap_id()
+ |> unique_constraint(:ap_id)
+ |> put_following_and_follower_address()
+ end
+
def register_changeset(struct, params \\ %{}, opts \\ []) do
bio_limit = Config.get([:instance, :user_bio_length], 5000)
name_limit = Config.get([:instance, :user_name_length], 100)
defp compose_query({:active, _}, query) do
User.restrict_deactivated(query)
|> where([u], not is_nil(u.nickname))
+ |> where([u], u.approval_pending == false)
end
defp compose_query({:legacy_active, _}, query) do
end
end
- def handle_incoming(
- %{"type" => "Create", "object" => %{"type" => "ChatMessage"}} = data,
- _options
- ) do
- with {:ok, %User{}} <- ObjectValidator.fetch_actor(data),
- {:ok, activity, _} <- Pipeline.common_pipeline(data, local: false) do
- {:ok, activity}
- end
- end
-
def handle_incoming(%{"type" => type} = data, _options)
when type in ~w{Like EmojiReact Announce} do
with :ok <- ObjectValidator.fetch_actor_and_object(data),
%User{} = user <- ldap_user(name, password) do
{:ok, user}
else
- {:error, {:ldap_connection_error, _}} ->
- # When LDAP is unavailable, try default authenticator
- @base.get_user(conn)
-
{:ldap, _} ->
@base.get_user(conn)
user
_ ->
- register_user(connection, base, uid, name, password)
+ register_user(connection, base, uid, name)
end
error ->
end
end
- defp register_user(connection, base, uid, name, password) do
+ defp register_user(connection, base, uid, name) do
case :eldap.search(connection, [
{:base, to_charlist(base)},
{:filter, :eldap.equalityMatch(to_charlist(uid), to_charlist(name))},
{:scope, :eldap.wholeSubtree()},
- {:attributes, ['mail', 'email']},
{:timeout, @search_timeout}
]) do
{:ok, {:eldap_search_result, [{:eldap_entry, _, attributes}], _}} ->
- with {_, [mail]} <- List.keyfind(attributes, 'mail', 0) do
- params = %{
- email: :erlang.list_to_binary(mail),
- name: name,
- nickname: name,
- password: password,
- password_confirmation: password
- }
-
- changeset = User.register_changeset(%User{}, params)
-
- case User.register(changeset) do
- {:ok, user} -> user
- error -> error
+ params = %{
+ name: name,
+ nickname: name,
+ password: nil
+ }
+
+ params =
+ case List.keyfind(attributes, 'mail', 0) do
+ {_, [mail]} -> Map.put_new(params, :email, :erlang.list_to_binary(mail))
+ _ -> params
end
- else
- _ ->
- Logger.error("Could not find LDAP attribute mail: #{inspect(attributes)}")
- {:error, :ldap_registration_missing_attributes}
+
+ changeset = User.register_changeset_ldap(%User{}, params)
+
+ case User.register(changeset) do
+ {:ok, user} -> user
+ error -> error
end
error ->
with changeset <- User.update_changeset(user, user_params),
{:ok, unpersisted_user} <- Ecto.Changeset.apply_action(changeset, :update),
updated_object <-
- Pleroma.Web.ActivityPub.UserView.render("user.json", user: user)
+ Pleroma.Web.ActivityPub.UserView.render("user.json", user: unpersisted_user)
|> Map.delete("@context"),
{:ok, update_data, []} <- Builder.update(user, updated_object),
{:ok, _update, _} <-
{:pbkdf2_elixir, "~> 1.2"},
{:bcrypt_elixir, "~> 2.2"},
{:trailing_format_plug, "~> 0.0.7"},
- {:fast_sanitize, "~> 0.1"},
+ {:fast_sanitize, "~> 0.2.0"},
{:html_entities, "~> 0.5", override: true},
{:phoenix_html, "~> 2.14"},
{:calendar, "~> 1.0"},
"ex_machina": {:hex, :ex_machina, "2.4.0", "09a34c5d371bfb5f78399029194a8ff67aff340ebe8ba19040181af35315eabb", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "a20bc9ddc721b33ea913b93666c5d0bdca5cbad7a67540784ae277228832d72c"},
"ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"},
"excoveralls": {:hex, :excoveralls, "0.13.1", "b9f1697f7c9e0cfe15d1a1d737fb169c398803ffcbc57e672aa007e9fd42864c", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4bb550e045def1b4d531a37fb766cbbe1307f7628bf8f0414168b3f52021cce"},
- "fast_html": {:hex, :fast_html, "1.0.3", "2cc0d4b68496266a1530e0c852cafeaede0bd10cfdee26fda50dc696c203162f", [:make, :mix], [], "hexpm", "ab3d782b639d3c4655fbaec0f9d032c91f8cab8dd791ac7469c2381bc7c32f85"},
- "fast_sanitize": {:hex, :fast_sanitize, "0.1.7", "2a7cd8734c88a2de6de55022104f8a3b87f1fdbe8bbf131d9049764b53d50d0d", [:mix], [{:fast_html, "~> 1.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f39fe8ea08fbac17487c30bf09b7d9f3e12472e51fb07a88ffeb8fd17da8ab67"},
+ "fast_html": {:hex, :fast_html, "2.0.1", "e126c74d287768ae78c48938da6711164517300d108a78f8a38993df8d588335", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "bdd6f8525c95ad391a4f10d9a1b3da4cea94078ec8638487aa8c24015ad9393a"},
+ "fast_sanitize": {:hex, :fast_sanitize, "0.2.0", "004b40d5bbecda182b6fdba762a51fffd3501e689e8eafe196e1a97eb0caf733", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "11fcb37f26d272a3a2aff861872bf100be4eeacea69505908b8cdbcea5b0813a"},
"flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm", "31fc8090fde1acd267c07c36ea7365b8604055f897d3a53dd967658c691bd827"},
"floki": {:hex, :floki, "0.27.0", "6b29a14283f1e2e8fad824bc930eaa9477c462022075df6bea8f0ad811c13599", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm", "583b8c13697c37179f1f82443bcc7ad2f76fbc0bf4c186606eebd658f7f2631b"},
"gen_smtp": {:hex, :gen_smtp, "0.15.0", "9f51960c17769b26833b50df0b96123605a8024738b62db747fece14eb2fbfcc", [:rebar3], [], "hexpm", "29bd14a88030980849c7ed2447b8db6d6c9278a28b11a44cafe41b791205440f"},
"mox": {:hex, :mox, "0.5.2", "55a0a5ba9ccc671518d068c8dddd20eeb436909ea79d1799e2209df7eaa98b6c", [:mix], [], "hexpm", "df4310628cd628ee181df93f50ddfd07be3e5ecc30232d3b6aadf30bdfe6092b"},
"myhtmlex": {:git, "https://git.pleroma.social/pleroma/myhtmlex.git", "ad0097e2f61d4953bfef20fb6abddf23b87111e6", [ref: "ad0097e2f61d4953bfef20fb6abddf23b87111e6", submodules: true]},
"nimble_parsec": {:hex, :nimble_parsec, "0.6.0", "32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263", [:mix], [], "hexpm", "27eac315a94909d4dc68bc07a4a83e06c8379237c5ea528a9acff4ca1c873c52"},
+ "nimble_pool": {:hex, :nimble_pool, "0.1.0", "ffa9d5be27eee2b00b0c634eb649aa27f97b39186fec3c493716c2a33e784ec6", [:mix], [], "hexpm", "343a1eaa620ddcf3430a83f39f2af499fe2370390d4f785cd475b4df5acaf3f9"},
"nodex": {:git, "https://git.pleroma.social/pleroma/nodex", "cb6730f943cfc6aad674c92161be23a8411f15d1", [ref: "cb6730f943cfc6aad674c92161be23a8411f15d1"]},
"oban": {:hex, :oban, "2.0.0", "e6ce70d94dd46815ec0882a1ffb7356df9a9d5b8a40a64ce5c2536617a447379", [:mix], [{:ecto_sql, ">= 3.4.3", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.14", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "cf574813bd048b98a698aa587c21367d2e06842d4e1b1993dcd6a696e9e633bd"},
"open_api_spex": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", "f296ac0924ba3cf79c7a588c4c252889df4c2edd", [ref: "f296ac0924ba3cf79c7a588c4c252889df4c2edd"]},
def change do
legacy_tags = Map.keys(@old_new_map)
- from(u in User, where: fragment("? && ?", u.tags, ^legacy_tags))
- |> Repo.all()
+ from(u in User,
+ where: fragment("? && ?", u.tags, ^legacy_tags),
+ select: struct(u, [:tags, :id])
+ )
+ |> Repo.chunk_stream(100)
|> Enum.each(fn user ->
fix_tags_changeset(user)
|> Repo.update()
assert Enum.empty?(Object.get_by_id(object2.id).data["likes"])
end
end
+
+ describe "ensure_expiration" do
+ test "it adds to expiration old statuses" do
+ %{id: activity_id1} = insert(:note_activity)
+
+ %{id: activity_id2} =
+ insert(:note_activity, %{inserted_at: NaiveDateTime.from_iso8601!("2015-01-23 23:50:07")})
+
+ %{id: activity_id3} = activity3 = insert(:note_activity)
+
+ expires_at =
+ NaiveDateTime.utc_now()
+ |> NaiveDateTime.add(60 * 61, :second)
+ |> NaiveDateTime.truncate(:second)
+
+ Pleroma.ActivityExpiration.create(activity3, expires_at)
+
+ Mix.Tasks.Pleroma.Database.run(["ensure_expiration"])
+
+ expirations =
+ Pleroma.ActivityExpiration
+ |> order_by(:activity_id)
+ |> Repo.all()
+
+ assert [
+ %Pleroma.ActivityExpiration{
+ activity_id: ^activity_id1
+ },
+ %Pleroma.ActivityExpiration{
+ activity_id: ^activity_id2,
+ scheduled_at: ~N[2016-01-23 23:50:07]
+ },
+ %Pleroma.ActivityExpiration{
+ activity_id: ^activity_id3,
+ scheduled_at: ^expires_at
+ }
+ ] = expirations
+ end
+ end
end
+++ /dev/null
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Mix.Tasks.Pleroma.ReleaseEnvTest do
- use ExUnit.Case
- import ExUnit.CaptureIO, only: [capture_io: 1]
-
- @path "config/pleroma.test.env"
-
- def do_clean do
- if File.exists?(@path) do
- File.rm_rf(@path)
- end
- end
-
- setup do
- do_clean()
- on_exit(fn -> do_clean() end)
- :ok
- end
-
- test "generate pleroma.env" do
- assert capture_io(fn ->
- Mix.Tasks.Pleroma.ReleaseEnv.run(["gen", "--path", @path, "--force"])
- end) =~ "The file generated"
-
- assert File.read!(@path) =~ "RELEASE_COOKIE="
- end
-end
}
end
+ test "`active` filters out users pending approval", %{token: token} do
+ insert(:user, approval_pending: true)
+ %{id: user_id} = insert(:user, approval_pending: false)
+ %{id: admin_id} = token.user
+
+ conn =
+ build_conn()
+ |> assign(:user, token.user)
+ |> assign(:token, token)
+ |> get("/api/pleroma/admin/users?filters=active")
+
+ assert %{
+ "count" => 2,
+ "page_size" => 50,
+ "users" => [
+ %{"id" => ^admin_id},
+ %{"id" => ^user_id}
+ ]
+ } = json_response(conn, 200)
+ end
+
test "it works with multiple filters" do
admin = insert(:user, nickname: "john", is_admin: true)
token = insert(:oauth_admin_token, user: admin)
assert user_data = json_response_and_validate_schema(conn, 200)
assert user_data["display_name"] == "markorepairs"
+
+ update_activity = Repo.one(Pleroma.Activity)
+ assert update_activity.data["type"] == "Update"
+ assert update_activity.data["object"]["name"] == "markorepairs"
end
test "updates the user's avatar", %{user: user, conn: conn} do
test "it renders all links with rel='me' from user bio" do
bio =
- ~s(<a href="https://some-link.com">https://some-link.com</a> <a rel="me" href="https://another-link.com">https://another-link.com</a>
- <link href="http://some.com"> <link rel="me" href="http://some3.com>")
+ ~s(<a href="https://some-link.com">https://some-link.com</a> <a rel="me" href="https://another-link.com">https://another-link.com</a> <link href="http://some.com"> <link rel="me" href="http://some3.com">)
user = insert(:user, %{bio: bio})
assert RelMe.build_tags(%{user: user}) == [
- {:link, [rel: "me", href: "http://some3.com>"], []},
+ {:link, [rel: "me", href: "http://some3.com"], []},
{:link, [rel: "me", href: "https://another-link.com"], []}
]
end
alias Pleroma.Repo
alias Pleroma.Web.OAuth.Token
import Pleroma.Factory
- import ExUnit.CaptureLog
import Mock
@skip if !Code.ensure_loaded?(:eldap), do: :skip
equalityMatch: fn _type, _value -> :ok end,
wholeSubtree: fn -> :ok end,
search: fn _connection, _options ->
- {:ok,
- {:eldap_search_result, [{:eldap_entry, '', [{'mail', [to_charlist(user.email)]}]}],
- []}}
+ {:ok, {:eldap_search_result, [{:eldap_entry, '', []}], []}}
end,
close: fn _connection ->
send(self(), :close_connection)
end
end
- @tag @skip
- test "falls back to the default authorization when LDAP is unavailable" do
- password = "testpassword"
- user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
- app = insert(:oauth_app, scopes: ["read", "write"])
-
- host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
- port = Pleroma.Config.get([:ldap, :port])
-
- with_mocks [
- {:eldap, [],
- [
- open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
- simple_bind: fn _connection, _dn, ^password -> :ok end,
- close: fn _connection ->
- send(self(), :close_connection)
- :ok
- end
- ]}
- ] do
- log =
- capture_log(fn ->
- conn =
- build_conn()
- |> post("/oauth/token", %{
- "grant_type" => "password",
- "username" => user.nickname,
- "password" => password,
- "client_id" => app.client_id,
- "client_secret" => app.client_secret
- })
-
- assert %{"access_token" => token} = json_response(conn, 200)
-
- token = Repo.get_by(Token, token: token)
-
- assert token.user_id == user.id
- end)
-
- assert log =~ "Could not open LDAP connection: 'connect failed'"
- refute_received :close_connection
- end
- end
-
@tag @skip
test "disallow authorization for wrong LDAP credentials" do
password = "testpassword"
projects / akkoma / commitdiff