From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Sun, 15 Sep 2019 15:52:27 +0000 (+0300)
Subject: [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon... 
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=efbc2edba17a7ee2d3e15bca5fa4f6cf8b4b5116;p=akkoma

[#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes

# Conflicts:
#	lib/pleroma/web/activity_pub/activity_pub_controller.ex
#	lib/pleroma/web/router.ex
---

efbc2edba17a7ee2d3e15bca5fa4f6cf8b4b5116
diff --cc lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 7047b8254,705dbc1c2..4dc01a85b
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@@ -23,11 -23,7 +23,13 @@@ defmodule Pleroma.Web.ActivityPub.Activ
  
    action_fallback(:errors)
  
+   plug(Pleroma.Plugs.Cache, [query_params: false] when action in [:activity, :object])
++
 +  plug(
 +    Pleroma.Plugs.OAuthScopesPlug,
 +    %{scopes: ["read:accounts"]} when action in [:followers, :following]
 +  )
 +
    plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
    plug(:set_requester_reachable when action in [:inbox])
    plug(:relay_active? when action in [:relay])
diff --cc lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
index 704664f5f,060137b80..c5632bb5e
--- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
@@@ -53,166 -52,6 +53,173 @@@ defmodule Pleroma.Web.MastodonAPI.Masto
    require Logger
    require Pleroma.Constants
  
 +  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
 +
 +  @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["read"], skip_instance_privacy_check: true} when action == :index
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:accounts"]}
 +    # Note: the following actions are not permission-secured in Mastodon:
 +    when action in [
 +           :put_settings,
 +           :update_avatar,
 +           :update_banner,
 +           :update_background,
 +           :set_mascot
 +         ]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:accounts"]}
 +    when action in [:pin_status, :unpin_status, :update_credentials]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["read:statuses"]}
 +    when action in [
 +           :conversations,
 +           :scheduled_statuses,
 +           :show_scheduled_status,
 +           :home_timeline,
 +           :dm_timeline
 +         ]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{@unauthenticated_access | scopes: ["read:statuses"]}
-     when action in [:user_statuses, :get_status, :get_context, :status_card, :get_poll]
++    when action in [
++           :user_statuses,
++           :get_statuses,
++           :get_status,
++           :get_context,
++           :status_card,
++           :get_poll
++         ]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:statuses"]}
 +    when action in [
 +           :update_scheduled_status,
 +           :delete_scheduled_status,
 +           :post_status,
 +           :delete_status,
 +           :reblog_status,
 +           :unreblog_status,
 +           :poll_vote
 +         ]
 +  )
 +
 +  plug(OAuthScopesPlug, %{scopes: ["write:conversations"]} when action == :conversation_read)
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["read:accounts"]}
 +    when action in [:endorsements, :verify_credentials, :followers, :following, :get_mascot]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{@unauthenticated_access | scopes: ["read:accounts"]}
 +    when action in [:user, :favourited_by, :reblogged_by]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["read:favourites"]} when action in [:favourites, :user_favourites]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:favourites"]} when action in [:fav_status, :unfav_status]
 +  )
 +
 +  plug(OAuthScopesPlug, %{scopes: ["read:filters"]} when action in [:get_filters, :get_filter])
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:filters"]} when action in [:create_filter, :update_filter, :delete_filter]
 +  )
 +
 +  plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action in [:account_lists, :list_timeline])
 +
 +  plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["read:notifications"]} when action in [:notifications, :get_notification]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:notifications"]}
 +    when action in [:clear_notifications, :dismiss_notification, :destroy_multiple_notifications]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:reports"]}
 +    when action in [:create_report, :report_update_state, :report_respond]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["follow", "read:blocks"]} when action in [:blocks, :domain_blocks]
 +  )
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["follow", "write:blocks"]}
 +    when action in [:block, :unblock, :block_domain, :unblock_domain]
 +  )
 +
 +  plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
 +  plug(OAuthScopesPlug, %{scopes: ["follow", "read:follows"]} when action == :follow_requests)
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["follow", "write:follows"]}
 +    when action in [
 +           :follow,
 +           :unfollow,
 +           :subscribe,
 +           :unsubscribe,
 +           :authorize_follow_request,
 +           :reject_follow_request
 +         ]
 +  )
 +
 +  plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
 +  plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:mutes"]} when action in [:mute_conversation, :unmute_conversation]
 +  )
 +
 +  # Note: scopes not present in Mastodon: read:bookmarks, write:bookmarks
 +  plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:bookmarks"]} when action in [:bookmark_status, :unbookmark_status]
 +  )
 +
    @rate_limited_relations_actions ~w(follow unfollow)a
  
    @rate_limited_status_actions ~w(reblog_status unreblog_status fav_status unfav_status
diff --cc lib/pleroma/web/router.ex
index 593da01fd,b0464037e..0b41eb2e0
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@@ -192,13 -221,22 +192,14 @@@ defmodule Pleroma.Web.Router d
    scope "/api/pleroma", Pleroma.Web.TwitterAPI do
      pipe_through(:authenticated_api)
  
 -    scope [] do
 -      pipe_through(:oauth_write)
 -
 -      post("/change_email", UtilController, :change_email)
 -      post("/change_password", UtilController, :change_password)
 -      post("/delete_account", UtilController, :delete_account)
 -      put("/notification_settings", UtilController, :update_notificaton_settings)
 -      post("/disable_account", UtilController, :disable_account)
 -    end
++    post("/change_email", UtilController, :change_email)
 +    post("/change_password", UtilController, :change_password)
 +    post("/delete_account", UtilController, :delete_account)
 +    put("/notification_settings", UtilController, :update_notificaton_settings)
 +    post("/disable_account", UtilController, :disable_account)
  
 -    scope [] do
 -      pipe_through(:oauth_follow)
 -
 -      post("/blocks_import", UtilController, :blocks_import)
 -      post("/follow_import", UtilController, :follow_import)
 -    end
 +    post("/blocks_import", UtilController, :blocks_import)
 +    post("/follow_import", UtilController, :follow_import)
    end
  
    scope "/oauth", Pleroma.Web.OAuth do
@@@ -360,48 -414,51 +361,46 @@@
    scope "/api/v1", Pleroma.Web.MastodonAPI do
      pipe_through(:api)
  
--    post("/accounts", MastodonAPIController, :account_register)
--
      get("/instance", MastodonAPIController, :masto_instance)
      get("/instance/peers", MastodonAPIController, :peers)
++
      post("/apps", MastodonAPIController, :create_app)
      get("/apps/verify_credentials", MastodonAPIController, :verify_app_credentials)
--    get("/custom_emojis", MastodonAPIController, :custom_emojis)
- 
-     get("/statuses/:id/card", MastodonAPIController, :status_card)
  
 -    get("/statuses/:id/card", MastodonAPIController, :status_card)
 -
--    get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by)
--    get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by)
++    get("/custom_emojis", MastodonAPIController, :custom_emojis)
  
      get("/trends", MastodonAPIController, :empty_array)
  
      get("/accounts/search", SearchController, :account_search)
  
--    post(
--      "/pleroma/accounts/confirmation_resend",
--      MastodonAPIController,
--      :account_confirmation_resend
--    )
--
 -    scope [] do
 -      pipe_through(:oauth_read_or_public)
 +    get("/timelines/public", MastodonAPIController, :public_timeline)
 +    get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
- 
-     get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
- 
-     get("/search", SearchController, :search)
++    get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)
  
 -      get("/timelines/public", MastodonAPIController, :public_timeline)
 -      get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
 -      get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)
 +    get("/polls/:id", MastodonAPIController, :get_poll)
  
 -      get("/statuses", MastodonAPIController, :get_statuses)
 -      get("/statuses/:id", MastodonAPIController, :get_status)
 -      get("/statuses/:id/context", MastodonAPIController, :get_context)
++    post("/accounts", MastodonAPIController, :account_register)
++    get("/accounts/:id", MastodonAPIController, :user)
 +    get("/accounts/:id/followers", MastodonAPIController, :followers)
 +    get("/accounts/:id/following", MastodonAPIController, :following)
++    get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
  
-     get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)
- 
-     get("/accounts/:id", MastodonAPIController, :user)
 -      get("/polls/:id", MastodonAPIController, :get_poll)
++    get("/search", SearchController, :search)
  
-     get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
 -      get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
 -      get("/accounts/:id/followers", MastodonAPIController, :followers)
 -      get("/accounts/:id/following", MastodonAPIController, :following)
 -      get("/accounts/:id", MastodonAPIController, :user)
++    get("/statuses", MastodonAPIController, :get_statuses)
 +    get("/statuses/:id", MastodonAPIController, :get_status)
 +    get("/statuses/:id/context", MastodonAPIController, :get_context)
++    get("/statuses/:id/card", MastodonAPIController, :status_card)
++    get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by)
++    get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by)
+ 
 -      get("/search", SearchController, :search)
++    get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
+ 
 -      get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
 -    end
++    post(
++      "/pleroma/accounts/confirmation_resend",
++      MastodonAPIController,
++      :account_confirmation_resend
++    )
    end
  
    scope "/api/v2", Pleroma.Web.MastodonAPI do
diff --cc lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 82ed0c287,867787c57..644a0ae6b
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@@ -19,25 -18,6 +19,26 @@@ defmodule Pleroma.Web.TwitterAPI.UtilCo
    alias Pleroma.Web.CommonAPI
    alias Pleroma.Web.WebFinger
  
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["follow", "write:follows"]}
 +    when action in [:do_remote_follow, :follow_import]
 +  )
 +
 +  plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)
 +
 +  plug(
 +    OAuthScopesPlug,
 +    %{scopes: ["write:accounts"]}
 +    when action in [
++           :change_email,
 +           :change_password,
 +           :delete_account,
 +           :update_notificaton_settings,
 +           :disable_account
 +         ]
 +  )
 +
    plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version])
  
    def help_test(conn, _params) do