Pleroma/lib/pleroma/web/twitter_api/twitter_api.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
  alias Pleroma.Emails.Mailer
  alias Pleroma.Emails.UserEmail
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.UserInviteToken

  require Pleroma.Constants

  def register_user(params, opts \\ []) do
    token = params["token"]

    params = %{
      nickname: params["nickname"],
      name: params["fullname"],
      bio: User.parse_bio(params["bio"]),
      email: params["email"],
      password: params["password"],
      password_confirmation: params["confirm"],
      captcha_solution: params["captcha_solution"],
      captcha_token: params["captcha_token"],
      captcha_answer_data: params["captcha_answer_data"]
    }

    captcha_enabled = Pleroma.Config.get([Pleroma.Captcha, :enabled])
    # true if captcha is disabled or enabled and valid, false otherwise
    captcha_ok =
      if not captcha_enabled do
        :ok
      else
        Pleroma.Captcha.validate(
          params[:captcha_token],
          params[:captcha_solution],
          params[:captcha_answer_data]
        )
      end

    # Captcha invalid
    if captcha_ok != :ok do
      {:error, error} = captcha_ok
      # I have no idea how this error handling works
      {:error, %{error: Jason.encode!(%{captcha: [error]})}}
    else
      registration_process(
        params,
        %{
          registrations_open: Pleroma.Config.get([:instance, :registrations_open]),
          token: token
        },
        opts
      )
    end
  end

  defp registration_process(params, %{registrations_open: true}, opts) do
    create_user(params, opts)
  end

  defp registration_process(params, %{token: token}, opts) do
    invite =
      unless is_nil(token) do
        Repo.get_by(UserInviteToken, %{token: token})
      end

    valid_invite? = invite && UserInviteToken.valid_invite?(invite)

    case invite do
      nil ->
        {:error, "Invalid token"}

      invite when valid_invite? ->
        UserInviteToken.update_usage!(invite)
        create_user(params, opts)

      _ ->
        {:error, "Expired token"}
    end
  end

  defp create_user(params, opts) do
    changeset = User.register_changeset(%User{}, params, opts)

    case User.register(changeset) do
      {:ok, user} ->
        {:ok, user}

      {:error, changeset} ->
        errors =
          Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
          |> Jason.encode!()

        {:error, %{error: errors}}
    end
  end

  def password_reset(nickname_or_email) do
    with true <- is_binary(nickname_or_email),
         %User{local: true, email: email} = user when not is_nil(email) <-
           User.get_by_nickname_or_email(nickname_or_email),
         {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
      user
      |> UserEmail.password_reset_email(token_record.token)
      |> Mailer.deliver_async()

      {:ok, :enqueued}
    else
      false ->
        {:error, "bad user identifier"}

      %User{local: true, email: nil} ->
        {:ok, :noop}

      %User{local: false} ->
        {:error, "remote user"}

      nil ->
        {:error, "unknown user"}
    end
  end
end
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# Pleroma: A lightweight social networking server`
Do not fail when user has no email 2020-02-27 14:27:49 +01:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Basic status creation and retrieval. 2017-03-21 17:53:20 +01:00			`defmodule Pleroma.Web.TwitterAPI.TwitterAPI do`
s/Pleroma.Mailer/Pleroma.Emails.Mailer/ 2019-04-10 06:05:05 +02:00			`alias Pleroma.Emails.Mailer`
s/Pleroma.UserEmail/Pleroma.Emails.UserEmail/ 2019-04-10 06:14:37 +02:00			`alias Pleroma.Emails.UserEmail`
de-group alias/es 2019-02-09 16:16:26 +01:00			`alias Pleroma.Repo`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-05 03:52:23 +01:00			`alias Pleroma.User`
			`alias Pleroma.UserInviteToken`
Basic status creation and retrieval. 2017-03-21 17:53:20 +01:00
constants: add as_public constant and use it everywhere 2019-07-29 04:43:19 +02:00			`require Pleroma.Constants`

differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`def register_user(params, opts \\ []) do`
token -> invite renaming 2019-04-06 15:24:22 +02:00			`token = params["token"]`
Initial invites support + tests. 2018-06-12 13:52:54 +02:00
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00			`params = %{`
			`nickname: params["nickname"],`
			`name: params["fullname"],`
Parse user's bio on register 2018-12-02 20:03:53 +01:00			`bio: User.parse_bio(params["bio"]),`
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00			`email: params["email"],`
			`password: params["password"],`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00			`password_confirmation: params["confirm"],`
			`captcha_solution: params["captcha_solution"],`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`captcha_token: params["captcha_token"],`
			`captcha_answer_data: params["captcha_answer_data"]`
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00			`}`

Add an ability to disabled captcha 2018-12-15 00:00:00 +01:00			`captcha_enabled = Pleroma.Config.get([Pleroma.Captcha, :enabled])`
			`# true if captcha is disabled or enabled and valid, false otherwise`
Formatting fixes 2018-12-15 20:08:26 +01:00			`captcha_ok =`
tests for mastodon_api_controller.ex 2019-09-06 20:50:00 +02:00			`if not captcha_enabled do`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`:ok`
Formatting fixes 2018-12-15 20:08:26 +01:00			`else`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`Pleroma.Captcha.validate(`
			`params[:captcha_token],`
			`params[:captcha_solution],`
			`params[:captcha_answer_data]`
			`)`
Formatting fixes 2018-12-15 20:08:26 +01:00			`end`
Add an ability to disabled captcha 2018-12-15 00:00:00 +01:00
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00			`# Captcha invalid`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`if captcha_ok != :ok do`
			`{:error, error} = captcha_ok`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00			`# I have no idea how this error handling works`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`{:error, %{error: Jason.encode!(%{captcha: [error]})}}`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00			`else`
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`registration_process(`
			`params,`
			`%{`
			`registrations_open: Pleroma.Config.get([:instance, :registrations_open]),`
			`token: token`
			`},`
			`opts`
			`)`
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`end`
			`end`
Runtime configuration Related to #85 Everything should now be configured at runtime, with the exception of the `Pleroma.HTML` scrubbers (the scrubbers used can be changed at runtime, but their configuration is compile-time) because it's building a module with a macro. 2018-11-06 19:34:57 +01:00
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`defp registration_process(params, %{registrations_open: true}, opts) do`
			`create_user(params, opts)`
			`end`

			`defp registration_process(params, %{token: token}, opts) do`
token -> invite renaming 2019-04-06 15:24:22 +02:00			`invite =`
			`unless is_nil(token) do`
			`Repo.get_by(UserInviteToken, %{token: token})`
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`end`
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00
token -> invite renaming 2019-04-06 15:24:22 +02:00			`valid_invite? = invite && UserInviteToken.valid_invite?(invite)`
[#114] Formatting fix. 2018-12-18 15:30:30 +01:00
token -> invite renaming 2019-04-06 15:24:22 +02:00			`case invite do`
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`nil ->`
			`{:error, "Invalid token"}`
[#114] Formatting fix. 2018-12-18 15:30:30 +01:00
token -> invite renaming 2019-04-06 15:24:22 +02:00			`invite when valid_invite? ->`
			`UserInviteToken.update_usage!(invite)`
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`create_user(params, opts)`
Initial invites support + tests. 2018-06-12 13:52:54 +02:00
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`_ ->`
			`{:error, "Expired token"}`
			`end`
			`end`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00
differences_in_mastoapi_responses.md: fullname & bio are optionnal [ci skip] 2019-05-13 20:35:45 +02:00			`defp create_user(params, opts) do`
			`changeset = User.register_changeset(%User{}, params, opts)`
Add base CAPTCHA support (currently only kocaptcha) 2018-12-14 23:31:19 +01:00
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`case User.register(changeset) do`
			`{:ok, user} ->`
			`{:ok, user}`
Format the code. 2018-03-30 15:01:53 +02:00
twitter api registration fix for twitter api tests 2019-04-06 12:18:59 +02:00			`{:error, changeset} ->`
			`errors =`
			`Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)`
			`\|> Jason.encode!()`

			`{:error, %{error: errors}}`
Add user registration to TwAPI. 2017-04-16 10:25:27 +02:00			`end`
			`end`

[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`def password_reset(nickname_or_email) do`
			`with true <- is_binary(nickname_or_email),`
Do not fail when user has no email 2020-02-27 14:27:49 +01:00			`%User{local: true, email: email} = user when not is_nil(email) <-`
			`User.get_by_nickname_or_email(nickname_or_email),`
[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`{:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do`
			`user`
[#114] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed. 2018-12-17 15:28:58 +01:00			`\|> UserEmail.password_reset_email(token_record.token)`
Reports 2019-02-20 17:51:25 +01:00			`\|> Mailer.deliver_async()`
Fix password reset for non-test env Fixes `Plug.Conn.NotSentError` that causes a 5xx error in response instead of 404 and 400. Fixes pattern matching error caused by different response format in test and non-test env: `Pleroma.Emails.Mailer.deliver_async` returns :ok when PleromaJobQueue is enabled and `{:ok, _}` when it's disabled. In tests, it's disabled. 2019-07-17 20:09:31 +02:00
			`{:ok, :enqueued}`
[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`else`
			`false ->`
			`{:error, "bad user identifier"}`

Do not fail when user has no email 2020-02-27 14:27:49 +01:00			`%User{local: true, email: nil} ->`
			`{:ok, :noop}`

[#114] Refactored `password_reset` (moved to TwitterAPI). Added homepage links to password reset result pages. 2018-12-13 11:17:49 +01:00			`%User{local: false} ->`
			`{:error, "remote user"}`

			`nil ->`
			`{:error, "unknown user"}`
			`end`
			`end`
Basic status creation and retrieval. 2017-03-21 17:53:20 +01:00			`end`