Pleroma/lib/pleroma/web/twitter_api/twitter_api.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
  import Pleroma.Web.Gettext

  alias Pleroma.Emails.Mailer
  alias Pleroma.Emails.UserEmail
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.UserInviteToken

  def register_user(params, opts \\ []) do
    params =
      params
      |> Map.take([:email, :token, :password])
      |> Map.put(:bio, params |> Map.get(:bio, "") |> User.parse_bio())
      |> Map.put(:nickname, params[:username])
      |> Map.put(:name, Map.get(params, :fullname, params[:username]))
      |> Map.put(:password_confirmation, params[:password])
      |> Map.put(:registration_reason, params[:reason])

    if Pleroma.Config.get([:instance, :registrations_open]) do
      create_user(params, opts)
    else
      create_user_with_invite(params, opts)
    end
  end

  defp create_user_with_invite(params, opts) do
    with %{token: token} when is_binary(token) <- params,
         %UserInviteToken{} = invite <- Repo.get_by(UserInviteToken, %{token: token}),
         true <- UserInviteToken.valid_invite?(invite) do
      UserInviteToken.update_usage!(invite)
      create_user(params, opts)
    else
      nil -> {:error, "Invalid token"}
      _ -> {:error, "Expired token"}
    end
  end

  defp create_user(params, opts) do
    changeset = User.register_changeset(%User{}, params, opts)

    case User.register(changeset) do
      {:ok, user} ->
        {:ok, user}

      {:error, changeset} ->
        errors =
          changeset
          |> Ecto.Changeset.traverse_errors(fn {msg, _opts} -> msg end)
          |> Jason.encode!()

        {:error, errors}
    end
  end

  def password_reset(nickname_or_email) do
    with true <- is_binary(nickname_or_email),
         %User{local: true, email: email, deactivated: false} = user when is_binary(email) <-
           User.get_by_nickname_or_email(nickname_or_email),
         {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
      user
      |> UserEmail.password_reset_email(token_record.token)
      |> Mailer.deliver_async()

      {:ok, :enqueued}
    else
      _ ->
        {:ok, :noop}
    end
  end

  def validate_captcha(app, params) do
    if app.trusted || not Pleroma.Captcha.enabled?() do
      :ok
    else
      do_validate_captcha(params)
    end
  end

  defp do_validate_captcha(params) do
    with :ok <- validate_captcha_presence(params),
         :ok <-
           Pleroma.Captcha.validate(
             params[:captcha_token],
             params[:captcha_solution],
             params[:captcha_answer_data]
           ) do
      :ok
    else
      {:error, :captcha_error} ->
        captcha_error(dgettext("errors", "CAPTCHA Error"))

      {:error, :invalid} ->
        captcha_error(dgettext("errors", "Invalid CAPTCHA"))

      {:error, :kocaptcha_service_unavailable} ->
        captcha_error(dgettext("errors", "Kocaptcha service unavailable"))

      {:error, :expired} ->
        captcha_error(dgettext("errors", "CAPTCHA expired"))

      {:error, :already_used} ->
        captcha_error(dgettext("errors", "CAPTCHA already used"))

      {:error, :invalid_answer_data} ->
        captcha_error(dgettext("errors", "Invalid answer data"))

      {:error, error} ->
        captcha_error(error)
    end
  end

  defp validate_captcha_presence(params) do
    [:captcha_solution, :captcha_token, :captcha_answer_data]
    |> Enum.find_value(:ok, fn key ->
      unless is_binary(params[key]) do
        error = dgettext("errors", "Invalid CAPTCHA (Missing parameter: %{name})", name: key)
        {:error, error}
      end
    end)
  end

  # For some reason FE expects error message to be a serialized JSON
  defp captcha_error(error), do: {:error, Jason.encode!(%{captcha: [error]})}
end
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# Pleroma: A lightweight social networking server`
Do not fail when user has no email 2020-02-27 14:27:49 +01:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Basic status creation and retrieval. 2017-03-21 17:53:20 +01:00			`defmodule Pleroma.Web.TwitterAPI.TwitterAPI do`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`import Pleroma.Web.Gettext`

s/Pleroma.Mailer/Pleroma.Emails.Mailer/ 2019-04-10 06:05:05 +02:00			`alias Pleroma.Emails.Mailer`
s/Pleroma.UserEmail/Pleroma.Emails.UserEmail/ 2019-04-10 06:14:37 +02:00			`alias Pleroma.Emails.UserEmail`
de-group alias/es 2019-02-09 16:16:26 +01:00			`alias Pleroma.Repo`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-05 03:52:23 +01:00			`alias Pleroma.User`
			`alias Pleroma.UserInviteToken`
Basic status creation and retrieval. 2017-03-21 17:53:20 +01:00
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`def register_user(params, opts \\ []) do`
Add spec for AccountController.create 2020-04-03 20:45:08 +02:00			`params =`
			`params`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`\|> Map.take([:email, :token, :password])`
			`\|> Map.put(:bio, params \|> Map.get(:bio, "") \|> User.parse_bio())`
			`\|> Map.put(:nickname, params[:username])`
			`\|> Map.put(:name, Map.get(params, :fullname, params[:username]))`
			`\|> Map.put(:password_confirmation, params[:password])`
Fix User.registration_reason HTML sanitizing issues 2020-07-28 03:36:31 +02:00			`\|> Map.put(:registration_reason, params[:reason])`
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`if Pleroma.Config.get([:instance, :registrations_open]) do`
			`create_user(params, opts)`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00			`else`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`create_user_with_invite(params, opts)`
Add spec for AccountController.create 2020-04-03 20:45:08 +02:00			`end`
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`end`

Add spec for AccountController.create 2020-04-03 20:45:08 +02:00			`defp create_user_with_invite(params, opts) do`
			`with %{token: token} when is_binary(token) <- params,`
			`%UserInviteToken{} = invite <- Repo.get_by(UserInviteToken, %{token: token}),`
			`true <- UserInviteToken.valid_invite?(invite) do`
			`UserInviteToken.update_usage!(invite)`
			`create_user(params, opts)`
			`else`
			`nil -> {:error, "Invalid token"}`
			`_ -> {:error, "Expired token"}`
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`end`
			`end`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`defp create_user(params, opts) do`
			`changeset = User.register_changeset(%User{}, params, opts)`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`case User.register(changeset) do`
			`{:ok, user} ->`
			`{:ok, user}`
Format the code. 2018-03-30 15:01:53 +02:00
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`{:error, changeset} ->`
			`errors =`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`changeset`
			`\|> Ecto.Changeset.traverse_errors(fn {msg, _opts} -> msg end)`
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`\|> Jason.encode!()`

Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`{:error, errors}`
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00			`end`
			`end`

[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`def password_reset(nickname_or_email) do`
			`with true <- is_binary(nickname_or_email),`
Disallow password resets for deactivated accounts. Ensure all responses to password reset events are identical. 2020-09-02 16:09:13 +02:00			`%User{local: true, email: email, deactivated: false} = user when is_binary(email) <-`
Do not fail when user has no email 2020-02-27 14:27:49 +01:00			`User.get_by_nickname_or_email(nickname_or_email),`
[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`{:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do`
			`user`
[#114] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed. 2018-12-17 15:28:58 +01:00			`\|> UserEmail.password_reset_email(token_record.token)`
Reports 2019-02-20 17:51:25 +01:00			`\|> Mailer.deliver_async()`
Fix password reset for non-test env Fixes `Plug.Conn.NotSentError` that causes a 5xx error in response instead of 404 and 400. Fixes pattern matching error caused by different response format in test and non-test env: `Pleroma.Emails.Mailer.deliver_async` returns :ok when PleromaJobQueue is enabled and `{:ok, _}` when it's disabled. In tests, it's disabled. 2019-07-17 20:09:31 +02:00
			`{:ok, :enqueued}`
[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`else`
Disallow password resets for deactivated accounts. Ensure all responses to password reset events are identical. 2020-09-02 16:09:13 +02:00			`_ ->`
Do not fail when user has no email 2020-02-27 14:27:49 +01:00			`{:ok, :noop}`
[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`end`
			`end`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00
			`def validate_captcha(app, params) do`
			`if app.trusted \|\| not Pleroma.Captcha.enabled?() do`
			`:ok`
			`else`
			`do_validate_captcha(params)`
			`end`
			`end`

			`defp do_validate_captcha(params) do`
			`with :ok <- validate_captcha_presence(params),`
			`:ok <-`
			`Pleroma.Captcha.validate(`
			`params[:captcha_token],`
			`params[:captcha_solution],`
			`params[:captcha_answer_data]`
			`) do`
			`:ok`
			`else`
			`{:error, :captcha_error} ->`
			`captcha_error(dgettext("errors", "CAPTCHA Error"))`

			`{:error, :invalid} ->`
			`captcha_error(dgettext("errors", "Invalid CAPTCHA"))`

			`{:error, :kocaptcha_service_unavailable} ->`
			`captcha_error(dgettext("errors", "Kocaptcha service unavailable"))`

			`{:error, :expired} ->`
			`captcha_error(dgettext("errors", "CAPTCHA expired"))`

			`{:error, :already_used} ->`
			`captcha_error(dgettext("errors", "CAPTCHA already used"))`

			`{:error, :invalid_answer_data} ->`
			`captcha_error(dgettext("errors", "Invalid answer data"))`

			`{:error, error} ->`
			`captcha_error(error)`
			`end`
			`end`

			`defp validate_captcha_presence(params) do`
			`[:captcha_solution, :captcha_token, :captcha_answer_data]`
			`\|> Enum.find_value(:ok, fn key ->`
			`unless is_binary(params[key]) do`
			`error = dgettext("errors", "Invalid CAPTCHA (Missing parameter: %{name})", name: key)`
			`{:error, error}`
			`end`
			`end)`
			`end`

			`# For some reason FE expects error message to be a serialized JSON`
			`defp captcha_error(error), do: {:error, Jason.encode!(%{captcha: [error]})}`
Basic status creation and retrieval. 2017-03-21 17:53:20 +01:00			`end`