Email-like field in /api/v1/accounts/verify_credentials (for PeerTube OAuth plugin and alike)
See merge request pleroma/pleroma!3286
- Admin API: Reports now ordered by newest
- Deprecated `Pleroma.Uploaders.S3, :public_endpoint`. Now `Pleroma.Upload, :base_url` is the standard configuration key for all uploaders.
- Improved Apache webserver support: updated sample configuration, MediaProxy cache invalidation verified with the included sample script
+- Improve OAuth 2.0 provider support. A missing `fqn` field was added to the response, but does not expose the user's email address.
### Added
--- /dev/null
+See `Authentication` section of [the configuration cheatsheet](../configuration/cheatsheet.md#authentication).
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
OpenLDAP server the value may be `uid: "uid"`.
+### :oauth2 (Pleroma as OAuth 2.0 provider settings)
+
+OAuth 2.0 provider settings:
+
+* `token_expires_in` - The lifetime in seconds of the access token.
+* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
+* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
+
+OAuth 2.0 provider and related endpoints:
+
+* `POST /api/v1/apps` creates client app basing on provided params.
+* `GET/POST /oauth/authorize` renders/submits authorization form.
+* `POST /oauth/token` creates/renews OAuth token.
+* `POST /oauth/revoke` revokes provided OAuth token.
+* `GET /api/v1/accounts/verify_credentials` (with proper `Authorization` header or `access_token` URI param) returns user info on requester (with `acct` field containing local nickname and `fqn` field containing fully-qualified nickname which could generally be used as email stub for OAuth software that demands email field in identity endpoint response, like Peertube).
+
### OAuth consumer mode
OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
]
```
-### OAuth 2.0 provider - :oauth2
-
-Configure OAuth 2 provider capabilities:
-
-* `token_expires_in` - The lifetime in seconds of the access token.
-* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
-* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
-
## Link parsing
### :uri_schemes
|> hd()
end
+ def full_nickname(%User{} = user) do
+ if String.contains?(user.nickname, "@") do
+ user.nickname
+ else
+ %{host: host} = URI.parse(user.ap_id)
+ user.nickname <> "@" <> host
+ end
+ end
+
def full_nickname(nickname_or_mention),
do: String.trim_leading(nickname_or_mention, "@")
}
},
- # Pleroma extension
+ # Pleroma extensions
+ # Note: it's insecure to output :email but fully-qualified nickname may serve as safe stub
+ fqn: User.full_nickname(user),
pleroma: %{
ap_id: user.ap_id,
also_known_as: user.also_known_as,
end
scope "/oauth", Pleroma.Web.OAuth do
+ # Note: use /api/v1/accounts/verify_credentials for userinfo of signed-in user
+
get("/registration_details", OAuthController, :registration_details)
post("/mfa/verify", MFAController, :verify, as: :mfa_verify)
</div>
<span class="display-name" style="padding-left: 0.5em;">
<bdi><%= raw (@author.name |> Formatter.emojify(@author.emoji)) %></bdi>
- <span class="nickname"><%= full_nickname(@author) %></span>
+ <span class="nickname">@<%= full_nickname(@author) %></span>
</span>
</a>
</div>
use Phoenix.HTML
+ defdelegate full_nickname(user), to: User
+
@media_types ["image", "audio", "video"]
defp fetch_media_type(%{"mediaType" => mediaType}) do
)
end
- defp full_nickname(user) do
- %{host: host} = URI.parse(user.ap_id)
- "@" <> user.nickname <> "@" <> host
- end
-
defp status_title(%Activity{object: %Object{data: %{"name" => name}}}) when is_binary(name),
do: name
end
end
+ describe "local_nickname/1" do
+ test "returns nickname without host" do
+ assert User.local_nickname("@mentioned") == "mentioned"
+ assert User.local_nickname("a_local_nickname") == "a_local_nickname"
+ assert User.local_nickname("nickname@host.com") == "nickname"
+ end
+ end
+
+ describe "full_nickname/1" do
+ test "returns fully qualified nickname for local and remote users" do
+ local_user =
+ insert(:user, nickname: "local_user", ap_id: "https://somehost.com/users/local_user")
+
+ remote_user = insert(:user, nickname: "remote@host.com", local: false)
+
+ assert User.full_nickname(local_user) == "local_user@somehost.com"
+ assert User.full_nickname(remote_user) == "remote@host.com"
+ end
+
+ test "strips leading @ from mentions" do
+ assert User.full_nickname("@mentioned") == "mentioned"
+ assert User.full_nickname("@nickname@host.com") == "nickname@host.com"
+ end
+
+ test "does not modify nicknames" do
+ assert User.full_nickname("nickname") == "nickname"
+ assert User.full_nickname("nickname@host.com") == "nickname@host.com"
+ end
+ end
+
test "avatar fallback" do
user = insert(:user)
assert User.avatar_url(user) =~ "/images/avi.png"
},
fields: []
},
+ fqn: "shp@shitposter.club",
pleroma: %{
ap_id: user.ap_id,
also_known_as: ["https://shitposter.zone/users/shp"],
},
fields: []
},
+ fqn: "shp@shitposter.club",
pleroma: %{
ap_id: user.ap_id,
also_known_as: [],
projects / akkoma / commitdiff