# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.User do
alias Comeonin.Pbkdf2
alias Ecto.Multi
alias Pleroma.Activity
+ alias Pleroma.Config
alias Pleroma.Conversation.Participation
alias Pleroma.Delivery
alias Pleroma.FollowingRelationship
+ alias Pleroma.Formatter
+ alias Pleroma.HTML
alias Pleroma.Keys
alias Pleroma.Notification
alias Pleroma.Object
require Logger
@type t :: %__MODULE__{}
-
+ @type account_status :: :active | :deactivated | :password_reset_pending | :confirmation_pending
@primary_key {:id, FlakeId.Ecto.CompatType, autogenerate: true}
# credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
{outgoing_relation, outgoing_relation_target},
{incoming_relation, incoming_relation_source}
]} <- @user_relationships_config do
- # Definitions of `has_many :blocker_blocks`, `has_many :muter_mutes` etc.
+ # Definitions of `has_many` relations: :blocker_blocks, :muter_mutes, :reblog_muter_mutes,
+ # :notification_muter_mutes, :subscribee_subscriptions
has_many(outgoing_relation, UserRelationship,
foreign_key: :source_id,
where: [relationship_type: relationship_type]
)
- # Definitions of `has_many :blockee_blocks`, `has_many :mutee_mutes` etc.
+ # Definitions of `has_many` relations: :blockee_blocks, :mutee_mutes, :reblog_mutee_mutes,
+ # :notification_mutee_mutes, :subscriber_subscriptions
has_many(incoming_relation, UserRelationship,
foreign_key: :target_id,
where: [relationship_type: relationship_type]
)
- # Definitions of `has_many :blocked_users`, `has_many :muted_users` etc.
+ # Definitions of `has_many` relations: :blocked_users, :muted_users, :reblog_muted_users,
+ # :notification_muted_users, :subscriber_users
has_many(outgoing_relation_target, through: [outgoing_relation, :target])
- # Definitions of `has_many :blocker_users`, `has_many :muter_users` etc.
+ # Definitions of `has_many` relations: :blocker_users, :muter_users, :reblog_muter_users,
+ # :notification_muter_users, :subscribee_users
has_many(incoming_relation_source, through: [incoming_relation, :source])
end
for {_relationship_type, [{_outgoing_relation, outgoing_relation_target}, _]} <-
@user_relationships_config do
- # Definitions of `blocked_users_relation/1`, `muted_users_relation/1`, etc.
+ # `def blocked_users_relation/2`, `def muted_users_relation/2`,
+ # `def reblog_muted_users_relation/2`, `def notification_muted_users/2`,
+ # `def subscriber_users/2`
def unquote(:"#{outgoing_relation_target}_relation")(user, restrict_deactivated? \\ false) do
target_users_query = assoc(user, unquote(outgoing_relation_target))
end
end
- # Definitions of `blocked_users/1`, `muted_users/1`, etc.
+ # `def blocked_users/2`, `def muted_users/2`, `def reblog_muted_users/2`,
+ # `def notification_muted_users/2`, `def subscriber_users/2`
def unquote(outgoing_relation_target)(user, restrict_deactivated? \\ false) do
__MODULE__
|> apply(unquote(:"#{outgoing_relation_target}_relation"), [
|> Repo.all()
end
- # Definitions of `blocked_users_ap_ids/1`, `muted_users_ap_ids/1`, etc.
+ # `def blocked_users_ap_ids/2`, `def muted_users_ap_ids/2`, `def reblog_muted_users_ap_ids/2`,
+ # `def notification_muted_users_ap_ids/2`, `def subscriber_users_ap_ids/2`
def unquote(:"#{outgoing_relation_target}_ap_ids")(user, restrict_deactivated? \\ false) do
__MODULE__
|> apply(unquote(:"#{outgoing_relation_target}_relation"), [
end
end
- @doc "Returns if the user should be allowed to authenticate"
- def auth_active?(%User{deactivated: true}), do: false
+ @doc """
+ Dumps Flake Id to SQL-compatible format (16-byte UUID).
+ E.g. "9pQtDGXuq4p3VlcJEm" -> <<0, 0, 1, 110, 179, 218, 42, 92, 213, 41, 44, 227, 95, 213, 0, 0>>
+ """
+ def binary_id(source_id) when is_binary(source_id) do
+ with {:ok, dumped_id} <- FlakeId.Ecto.CompatType.dump(source_id) do
+ dumped_id
+ else
+ _ -> source_id
+ end
+ end
+
+ def binary_id(source_ids) when is_list(source_ids) do
+ Enum.map(source_ids, &binary_id/1)
+ end
+
+ def binary_id(%User{} = user), do: binary_id(user.id)
- def auth_active?(%User{confirmation_pending: true}),
- do: !Pleroma.Config.get([:instance, :account_activation_required])
+ @doc "Returns status account"
+ @spec account_status(User.t()) :: account_status()
+ def account_status(%User{deactivated: true}), do: :deactivated
+ def account_status(%User{password_reset_pending: true}), do: :password_reset_pending
- def auth_active?(%User{}), do: true
+ def account_status(%User{confirmation_pending: true}) do
+ case Config.get([:instance, :account_activation_required]) do
+ true -> :confirmation_pending
+ _ -> :active
+ end
+ end
+
+ def account_status(%User{}), do: :active
+ @spec visible_for?(User.t(), User.t() | nil) :: boolean()
def visible_for?(user, for_user \\ nil)
def visible_for?(%User{invisible: true}, _), do: false
- def visible_for?(%User{id: user_id}, %User{id: for_id}) when user_id == for_id, do: true
+ def visible_for?(%User{id: user_id}, %User{id: user_id}), do: true
+
+ def visible_for?(%User{local: local} = user, nil) do
+ cfg_key =
+ if local,
+ do: :local,
+ else: :remote
+
+ if Config.get([:restrict_unauthenticated, :profiles, cfg_key]),
+ do: false,
+ else: account_status(user) == :active
+ end
def visible_for?(%User{} = user, for_user) do
- auth_active?(user) || superuser?(for_user)
+ account_status(user) == :active || superuser?(for_user)
end
def visible_for?(_, _), do: false
+ @spec superuser?(User.t()) :: boolean()
def superuser?(%User{local: true, is_admin: true}), do: true
def superuser?(%User{local: true, is_moderator: true}), do: true
def superuser?(_), do: false
+ @spec invisible?(User.t()) :: boolean()
def invisible?(%User{invisible: true}), do: true
def invisible?(_), do: false
end
end
- def profile_url(%User{source_data: %{"url" => url}}), do: url
- def profile_url(%User{ap_id: ap_id}), do: ap_id
- def profile_url(_), do: nil
-
def ap_id(%User{nickname: nickname}), do: "#{Web.base_url()}/users/#{nickname}"
def ap_followers(%User{follower_address: fa}) when is_binary(fa), do: fa
def ap_followers(%User{} = user), do: "#{ap_id(user)}/followers"
- @spec ap_following(User.t()) :: Sring.t()
+ @spec ap_following(User.t()) :: String.t()
def ap_following(%User{following_address: fa}) when is_binary(fa), do: fa
def ap_following(%User{} = user), do: "#{ap_id(user)}/following"
- def follow_state(%User{} = user, %User{} = target) do
- case Utils.fetch_latest_follow(user, target) do
- %{data: %{"state" => state}} -> state
- # Ideally this would be nil, but then Cachex does not commit the value
- _ -> false
- end
- end
-
- def get_cached_follow_state(user, target) do
- key = "follow_state:#{user.ap_id}|#{target.ap_id}"
- Cachex.fetch!(:user_cache, key, fn _ -> {:commit, follow_state(user, target)} end)
- end
-
- @spec set_follow_state_cache(String.t(), String.t(), String.t()) :: {:ok | :error, boolean()}
- def set_follow_state_cache(user_ap_id, target_ap_id, state) do
- Cachex.put(:user_cache, "follow_state:#{user_ap_id}|#{target_ap_id}", state)
- end
-
@spec restrict_deactivated(Ecto.Query.t()) :: Ecto.Query.t()
def restrict_deactivated(query) do
from(u in query, where: u.deactivated != ^true)
|> validate_format(:nickname, local_nickname_regex())
|> validate_length(:bio, max: bio_limit)
|> validate_length(:name, min: 1, max: name_limit)
+ |> put_fields()
+ |> put_change_if_present(:bio, &{:ok, parse_bio(&1, struct)})
+ |> put_change_if_present(:avatar, &put_upload(&1, :avatar))
+ |> put_change_if_present(:banner, &put_upload(&1, :banner))
+ |> put_change_if_present(:background, &put_upload(&1, :background))
+ |> put_change_if_present(
+ :pleroma_settings_store,
+ &{:ok, Map.merge(struct.pleroma_settings_store, &1)}
+ )
|> validate_fields(false)
end
+ defp put_fields(changeset) do
+ if raw_fields = get_change(changeset, :raw_fields) do
+ raw_fields =
+ raw_fields
+ |> Enum.filter(fn %{"name" => n} -> n != "" end)
+
+ fields =
+ raw_fields
+ |> Enum.map(fn f -> Map.update!(f, "value", &parse_fields(&1)) end)
+
+ changeset
+ |> put_change(:raw_fields, raw_fields)
+ |> put_change(:fields, fields)
+ else
+ changeset
+ end
+ end
+
+ defp parse_fields(value) do
+ value
+ |> Formatter.linkify(mentions_format: :full)
+ |> elem(0)
+ end
+
+ defp put_change_if_present(changeset, map_field, value_function) do
+ if value = get_change(changeset, map_field) do
+ with {:ok, new_value} <- value_function.(value) do
+ put_change(changeset, map_field, new_value)
+ else
+ _ -> changeset
+ end
+ else
+ changeset
+ end
+ end
+
+ defp put_upload(value, type) do
+ with %Plug.Upload{} <- value,
+ {:ok, object} <- ActivityPub.upload(value, type: type) do
+ {:ok, object.data}
+ end
+ end
+
def upgrade_changeset(struct, params \\ %{}, remote? \\ false) do
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000)
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100)
|> validate_fields(remote?)
end
+ def update_as_admin_changeset(struct, params) do
+ struct
+ |> update_changeset(params)
+ |> cast(params, [:email])
+ |> delete_change(:also_known_as)
+ |> unique_constraint(:email)
+ |> validate_format(:email, @email_regex)
+ end
+
+ @spec update_as_admin(%User{}, map) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
+ def update_as_admin(user, params) do
+ params = Map.put(params, "password_confirmation", params["password"])
+ changeset = update_as_admin_changeset(user, params)
+
+ if params["password"] do
+ reset_password(user, changeset, params)
+ else
+ User.update_and_set_cache(changeset)
+ end
+ end
+
def password_update_changeset(struct, params) do
struct
|> cast(params, [:password, :password_confirmation])
end
@spec reset_password(User.t(), map) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
- def reset_password(%User{id: user_id} = user, data) do
+ def reset_password(%User{} = user, params) do
+ reset_password(user, user, params)
+ end
+
+ def reset_password(%User{id: user_id} = user, struct, params) do
multi =
Multi.new()
- |> Multi.update(:user, password_update_changeset(user, data))
+ |> Multi.update(:user, password_update_changeset(struct, params))
|> Multi.delete_all(:tokens, OAuth.Token.Query.get_by_user(user_id))
|> Multi.delete_all(:auth, OAuth.Authorization.delete_by_user_query(user))
end
def maybe_validate_required_email(changeset, true), do: changeset
- def maybe_validate_required_email(changeset, _), do: validate_required(changeset, [:email])
+
+ def maybe_validate_required_email(changeset, _) do
+ if Pleroma.Config.get([:instance, :account_activation_required]) do
+ validate_required(changeset, [:email])
+ else
+ changeset
+ end
+ end
defp put_ap_id(changeset) do
ap_id = ap_id(%User{nickname: get_field(changeset, :nickname)})
end
end
+ def unfollow(%User{ap_id: ap_id}, %User{ap_id: ap_id}) do
+ {:error, "Not subscribed!"}
+ end
+
def unfollow(%User{} = follower, %User{} = followed) do
- if following?(follower, followed) and follower.ap_id != followed.ap_id do
- FollowingRelationship.unfollow(follower, followed)
+ case get_follow_state(follower, followed) do
+ state when state in ["accept", "pending"] ->
+ FollowingRelationship.unfollow(follower, followed)
+ {:ok, followed} = update_follower_count(followed)
- {:ok, followed} = update_follower_count(followed)
+ {:ok, follower} =
+ follower
+ |> update_following_count()
+ |> set_cache()
- {:ok, follower} =
- follower
- |> update_following_count()
- |> set_cache()
+ {:ok, follower, Utils.fetch_latest_follow(follower, followed)}
- {:ok, follower, Utils.fetch_latest_follow(follower, followed)}
- else
- {:error, "Not subscribed!"}
+ nil ->
+ {:error, "Not subscribed!"}
end
end
defdelegate following?(follower, followed), to: FollowingRelationship
+ def get_follow_state(%User{} = follower, %User{} = following) do
+ following_relationship = FollowingRelationship.get(follower, following)
+ get_follow_state(follower, following, following_relationship)
+ end
+
+ def get_follow_state(
+ %User{} = follower,
+ %User{} = following,
+ following_relationship
+ ) do
+ case {following_relationship, following.local} do
+ {nil, false} ->
+ case Utils.fetch_latest_follow(follower, following) do
+ %{data: %{"state" => state}} when state in ["pending", "accept"] -> state
+ _ -> nil
+ end
+
+ {%{state: state}, _} ->
+ state
+
+ {nil, _} ->
+ nil
+ end
+ end
+
def locked?(%User{} = user) do
user.locked || false
end
Cachex.del(:user_cache, "nickname:#{user.nickname}")
end
+ @spec get_cached_by_ap_id(String.t()) :: User.t() | nil
def get_cached_by_ap_id(ap_id) do
key = "ap_id:#{ap_id}"
- Cachex.fetch!(:user_cache, key, fn _ -> get_by_ap_id(ap_id) end)
+
+ with {:ok, nil} <- Cachex.get(:user_cache, key),
+ user when not is_nil(user) <- get_by_ap_id(ap_id),
+ {:ok, true} <- Cachex.put(:user_cache, key, user) do
+ user
+ else
+ {:ok, user} -> user
+ nil -> nil
+ end
end
def get_cached_by_id(id) do
_e ->
with [_nick, _domain] <- String.split(nickname, "@"),
{:ok, user} <- fetch_by_nickname(nickname) do
- if Pleroma.Config.get([:fetch_initial_posts, :enabled]) do
- fetch_initial_posts(user)
- end
-
{:ok, user}
else
_e -> {:error, "not found " <> nickname}
end
end
- @doc "Fetch some posts when the user has just been federated with"
- def fetch_initial_posts(user) do
- BackgroundWorker.enqueue("fetch_initial_posts", %{"user_id" => user.id})
- end
-
@spec get_followers_query(User.t(), pos_integer() | nil) :: Ecto.Query.t()
def get_followers_query(%User{} = user, nil) do
User.Query.build(%{followers: user, deactivated: false})
@spec get_followers_query(User.t()) :: Ecto.Query.t()
def get_followers_query(user), do: get_followers_query(user, nil)
- @spec get_followers(User.t(), pos_integer()) :: {:ok, list(User.t())}
+ @spec get_followers(User.t(), pos_integer() | nil) :: {:ok, list(User.t())}
def get_followers(user, page \\ nil) do
user
|> get_followers_query(page)
|> Repo.all()
end
- @spec get_external_followers(User.t(), pos_integer()) :: {:ok, list(User.t())}
+ @spec get_external_followers(User.t(), pos_integer() | nil) :: {:ok, list(User.t())}
def get_external_followers(user, page \\ nil) do
user
|> get_followers_query(page)
end
@doc """
- Returns map of outgoing (blocked, muted etc.) relations' user AP IDs by relation type.
- E.g. `outgoing_relations_ap_ids(user, [:block])` -> `%{block: ["https://some.site/users/userapid"]}`
+ Returns map of outgoing (blocked, muted etc.) relationships' user AP IDs by relation type.
+ E.g. `outgoing_relationships_ap_ids(user, [:block])` -> `%{block: ["https://some.site/users/userapid"]}`
"""
- @spec outgoing_relations_ap_ids(User.t(), list(atom())) :: %{atom() => list(String.t())}
- def outgoing_relations_ap_ids(_, []), do: %{}
+ @spec outgoing_relationships_ap_ids(User.t(), list(atom())) :: %{atom() => list(String.t())}
+ def outgoing_relationships_ap_ids(_user, []), do: %{}
+
+ def outgoing_relationships_ap_ids(nil, _relationship_types), do: %{}
- def outgoing_relations_ap_ids(%User{} = user, relationship_types)
+ def outgoing_relationships_ap_ids(%User{} = user, relationship_types)
when is_list(relationship_types) do
db_result =
user
)
end
+ def incoming_relationships_ungrouped_ap_ids(user, relationship_types, ap_ids \\ nil)
+
+ def incoming_relationships_ungrouped_ap_ids(_user, [], _ap_ids), do: []
+
+ def incoming_relationships_ungrouped_ap_ids(nil, _relationship_types, _ap_ids), do: []
+
+ def incoming_relationships_ungrouped_ap_ids(%User{} = user, relationship_types, ap_ids)
+ when is_list(relationship_types) do
+ user
+ |> assoc(:incoming_relationships)
+ |> join(:inner, [user_rel], u in assoc(user_rel, :source))
+ |> where([user_rel, u], user_rel.relationship_type in ^relationship_types)
+ |> maybe_filter_on_ap_id(ap_ids)
+ |> select([user_rel, u], u.ap_id)
+ |> distinct(true)
+ |> Repo.all()
+ end
+
+ defp maybe_filter_on_ap_id(query, ap_ids) when is_list(ap_ids) do
+ where(query, [user_rel, u], u.ap_id in ^ap_ids)
+ end
+
+ defp maybe_filter_on_ap_id(query, _ap_ids), do: query
+
def deactivate_async(user, status \\ true) do
BackgroundWorker.enqueue("deactivate_user", %{"user_id" => user.id, "status" => status})
end
Repo.delete(user)
end
- @spec perform(atom(), User.t()) :: {:ok, User.t()}
- def perform(:fetch_initial_posts, %User{} = user) do
- pages = Pleroma.Config.get!([:fetch_initial_posts, :pages])
-
- # Insert all the posts in reverse order, so they're in the right order on the timeline
- user.source_data["outbox"]
- |> Utils.fetch_ordered_collection(pages)
- |> Enum.reverse()
- |> Enum.each(&Pleroma.Web.Federator.incoming_ap_doc/1)
- end
-
def perform(:deactivate_async, user, status), do: deactivate(user, status)
@spec perform(atom(), User.t(), list()) :: list() | {:error, any()}
)
end
- @spec perform(atom(), User.t(), list()) :: list() | {:error, any()}
def perform(:follow_import, %User{} = follower, followed_identifiers)
when is_list(followed_identifiers) do
Enum.map(
if !is_nil(user) and !needs_update?(user) do
{:ok, user}
else
- # Whether to fetch initial posts for the user (if it's a new user & the fetching is enabled)
- should_fetch_initial = is_nil(user) and Pleroma.Config.get([:fetch_initial_posts, :enabled])
-
- resp = fetch_by_ap_id(ap_id)
-
- if should_fetch_initial do
- with {:ok, %User{} = user} <- resp do
- fetch_initial_posts(user)
- end
- end
-
- resp
+ fetch_by_ap_id(ap_id)
end
end
Creates an internal service actor by URI if missing.
Optionally takes nickname for addressing.
"""
- def get_or_create_service_actor_by_ap_id(uri, nickname \\ nil) do
- with user when is_nil(user) <- get_cached_by_ap_id(uri) do
- {:ok, user} =
- %User{
- invisible: true,
- local: true,
- ap_id: uri,
- nickname: nickname,
- follower_address: uri <> "/followers"
- }
- |> Repo.insert()
+ @spec get_or_create_service_actor_by_ap_id(String.t(), String.t()) :: User.t() | nil
+ def get_or_create_service_actor_by_ap_id(uri, nickname) do
+ {_, user} =
+ case get_cached_by_ap_id(uri) do
+ nil ->
+ with {:error, %{errors: errors}} <- create_service_actor(uri, nickname) do
+ Logger.error("Cannot create service actor: #{uri}/.\n#{inspect(errors)}")
+ {:error, nil}
+ end
- user
- end
+ %User{invisible: false} = user ->
+ set_invisible(user)
+
+ user ->
+ {:ok, user}
+ end
+
+ user
+ end
+
+ @spec set_invisible(User.t()) :: {:ok, User.t()}
+ defp set_invisible(user) do
+ user
+ |> change(%{invisible: true})
+ |> update_and_set_cache()
+ end
+
+ @spec create_service_actor(String.t(), String.t()) ::
+ {:ok, User.t()} | {:error, Ecto.Changeset.t()}
+ defp create_service_actor(uri, nickname) do
+ %User{
+ invisible: true,
+ local: true,
+ ap_id: uri,
+ nickname: nickname,
+ follower_address: uri <> "/followers"
+ }
+ |> change
+ |> unique_constraint(:nickname)
+ |> Repo.insert()
+ |> set_cache()
end
# AP style
data
|> Map.put(:name, blank?(data[:name]) || data[:nickname])
|> remote_user_creation()
- |> Repo.insert(on_conflict: :replace_all_except_primary_key, conflict_target: :nickname)
+ |> Repo.insert(on_conflict: {:replace_all_except, [:id]}, conflict_target: :nickname)
|> set_cache()
end
|> Repo.all()
end
+ def muting_reblogs?(%User{} = user, %User{} = target) do
+ UserRelationship.reblog_mute_exists?(user, target)
+ end
+
def showing_reblogs?(%User{} = user, %User{} = target) do
- not UserRelationship.reblog_mute_exists?(user, target)
+ not muting_reblogs?(user, target)
end
@doc """
end
def admin_api_update(user, params) do
- changeset =
- cast(user, params, [
- :is_moderator,
- :is_admin,
- :show_role
- ])
-
- with {:ok, updated_user} <- update_and_set_cache(changeset) do
- if user.is_admin != updated_user.is_admin do
- # Admin status change results in change of accessible OAuth scopes, and instead of changing
- # already issued tokens we revoke them, requiring user to sign in again
- global_sign_out(user)
- end
-
- {:ok, updated_user}
- end
+ user
+ |> cast(params, [
+ :is_moderator,
+ :is_admin,
+ :show_role
+ ])
+ |> update_and_set_cache()
end
@doc "Signs user out of all applications"
|> validate_required([:invisible])
|> update_and_set_cache()
end
+
+ def sanitize_html(%User{} = user) do
+ sanitize_html(user, nil)
+ end
+
+ # User data that mastodon isn't filtering (treated as plaintext):
+ # - field name
+ # - display name
+ def sanitize_html(%User{} = user, filter) do
+ fields =
+ user
+ |> User.fields()
+ |> Enum.map(fn %{"name" => name, "value" => value} ->
+ %{
+ "name" => name,
+ "value" => HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+ }
+ end)
+
+ user
+ |> Map.put(:bio, HTML.filter_tags(user.bio, filter))
+ |> Map.put(:fields, fields)
+ end
end