From 60b46540380e1467dcc0a93f7bfded84c5e98c64 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 28 Jan 2021 19:49:43 +0300 Subject: [PATCH 1/3] Email-like field in /api/v1/accounts/verify_credentials response (for OAuth plugins like Peertube). Addresses https://git.pleroma.social/pleroma/pleroma-support/-/issues/56. --- lib/pleroma/user.ex | 9 ++++++ .../web/mastodon_api/views/account_view.ex | 4 ++- lib/pleroma/web/router.ex | 2 ++ lib/pleroma/web/templates/embed/show.html.eex | 2 +- lib/pleroma/web/views/embed_view.ex | 7 ++--- test/pleroma/user_test.exs | 30 +++++++++++++++++++ .../mastodon_api/views/account_view_test.exs | 2 ++ 7 files changed, 49 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index e422b59f1..7cb36454a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -2030,6 +2030,15 @@ def local_nickname(nickname_or_mention) do |> hd() end + def full_nickname(%User{} = user) do + if String.contains?(user.nickname, "@") do + user.nickname + else + %{host: host} = URI.parse(user.ap_id) + user.nickname <> "@" <> host + end + end + def full_nickname(nickname_or_mention), do: String.trim_leading(nickname_or_mention, "@") diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 63417142f..ac25aefdd 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -262,7 +262,9 @@ defp do_render("show.json", %{user: user} = opts) do } }, - # Pleroma extension + # Pleroma extensions + # Note: it's insecure to output :email but fully-qualified nickname may serve as safe stub + fqn: User.full_nickname(user), pleroma: %{ ap_id: user.ap_id, also_known_as: user.also_known_as, diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index a9e332fa1..f70d327d2 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -319,6 +319,8 @@ defmodule Pleroma.Web.Router do end scope "/oauth", Pleroma.Web.OAuth do + # Note: use /api/v1/accounts/verify_credentials for userinfo of signed-in user + get("/registration_details", OAuthController, :registration_details) post("/mfa/verify", MFAController, :verify, as: :mfa_verify) diff --git a/lib/pleroma/web/templates/embed/show.html.eex b/lib/pleroma/web/templates/embed/show.html.eex index 05a3f0ee3..092b52b70 100644 --- a/lib/pleroma/web/templates/embed/show.html.eex +++ b/lib/pleroma/web/templates/embed/show.html.eex @@ -6,7 +6,7 @@ <%= raw (@author.name |> Formatter.emojify(@author.emoji)) %> - <%= full_nickname(@author) %> + @<%= full_nickname(@author) %> diff --git a/lib/pleroma/web/views/embed_view.ex b/lib/pleroma/web/views/embed_view.ex index cb7600adb..81e196730 100644 --- a/lib/pleroma/web/views/embed_view.ex +++ b/lib/pleroma/web/views/embed_view.ex @@ -17,6 +17,8 @@ defmodule Pleroma.Web.EmbedView do use Phoenix.HTML + defdelegate full_nickname(user), to: User + @media_types ["image", "audio", "video"] defp fetch_media_type(%{"mediaType" => mediaType}) do @@ -30,11 +32,6 @@ defp open_content? do ) end - defp full_nickname(user) do - %{host: host} = URI.parse(user.ap_id) - "@" <> user.nickname <> "@" <> host - end - defp status_title(%Activity{object: %Object{data: %{"name" => name}}}) when is_binary(name), do: name diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index b4df22c2c..baa71ca66 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -2232,6 +2232,36 @@ test "Notifications are updated", %{user: user} do end end + describe "local_nickname/1" do + test "returns nickname without host" do + assert User.local_nickname("@mentioned") == "mentioned" + assert User.local_nickname("a_local_nickname") == "a_local_nickname" + assert User.local_nickname("nickname@host.com") == "nickname" + end + end + + describe "full_nickname/1" do + test "returns fully qualified nickname for local and remote users" do + local_user = + insert(:user, nickname: "local_user", ap_id: "https://somehost.com/users/local_user") + + remote_user = insert(:user, nickname: "remote@host.com", local: false) + + assert User.full_nickname(local_user) == "local_user@somehost.com" + assert User.full_nickname(remote_user) == "remote@host.com" + end + + test "strips leading @ from mentions" do + assert User.full_nickname("@mentioned") == "mentioned" + assert User.full_nickname("@nickname@host.com") == "nickname@host.com" + end + + test "does not modify nicknames" do + assert User.full_nickname("nickname") == "nickname" + assert User.full_nickname("nickname@host.com") == "nickname@host.com" + end + end + test "avatar fallback" do user = insert(:user) assert User.avatar_url(user) =~ "/images/avi.png" diff --git a/test/pleroma/web/mastodon_api/views/account_view_test.exs b/test/pleroma/web/mastodon_api/views/account_view_test.exs index 999bde474..5373a17c3 100644 --- a/test/pleroma/web/mastodon_api/views/account_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs @@ -73,6 +73,7 @@ test "Represent a user account" do }, fields: [] }, + fqn: "shp@shitposter.club", pleroma: %{ ap_id: user.ap_id, also_known_as: ["https://shitposter.zone/users/shp"], @@ -172,6 +173,7 @@ test "Represent a Service(bot) account" do }, fields: [] }, + fqn: "shp@shitposter.club", pleroma: %{ ap_id: user.ap_id, also_known_as: [], From 239057155ff52441227684accd23f81fade005c0 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 29 Jan 2021 16:36:25 +0300 Subject: [PATCH 2/3] [#3286] Documentation on configuring Pleroma as OAuth 2.0 provider. --- docs/configuration/auth.md | 1 + docs/configuration/cheatsheet.md | 24 ++++++++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 docs/configuration/auth.md diff --git a/docs/configuration/auth.md b/docs/configuration/auth.md new file mode 100644 index 000000000..c80f094e7 --- /dev/null +++ b/docs/configuration/auth.md @@ -0,0 +1 @@ +See `Authentication` section of [the configuration cheatsheet](../configuration/cheatsheet.md#authentication). diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 9d4b07bf4..ad5768465 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -893,6 +893,22 @@ Pleroma account will be created with the same name as the LDAP user name. Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an OpenLDAP server the value may be `uid: "uid"`. +### :oauth2 (Pleroma as OAuth 2.0 provider settings) + +OAuth 2.0 provider settings: + +* `token_expires_in` - The lifetime in seconds of the access token. +* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token. +* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. + +OAuth 2.0 provider and related endpoints: + +* `POST /api/v1/apps` creates client app basing on provided params. +* `GET/POST /oauth/authorize` renders/submits authorization form. +* `POST /oauth/token` creates/renews OAuth token. +* `POST /oauth/revoke` revokes provided OAuth token. +* `GET /api/v1/accounts/verify_credentials` (with proper `Authorization` header or `access_token` URI param) returns user info on requester (with `acct` field containing local nickname and `fqn` field containing fully-qualified nickname which could generally be used as email stub for OAuth software that demands email field in identity endpoint response, like Peertube). + ### OAuth consumer mode OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.). @@ -965,14 +981,6 @@ config :ueberauth, Ueberauth, ] ``` -### OAuth 2.0 provider - :oauth2 - -Configure OAuth 2 provider capabilities: - -* `token_expires_in` - The lifetime in seconds of the access token. -* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token. -* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. - ## Link parsing ### :uri_schemes From 92efdf9adc5d061e0bb008d75dae67b1ae80b834 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 2 Feb 2021 12:12:37 -0600 Subject: [PATCH 3/3] Document OAuth 2.0 provider fqn field addition --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4f3867a2..0598bdb6f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Admin API: Reports now ordered by newest - Deprecated `Pleroma.Uploaders.S3, :public_endpoint`. Now `Pleroma.Upload, :base_url` is the standard configuration key for all uploaders. - Improved Apache webserver support: updated sample configuration, MediaProxy cache invalidation verified with the included sample script +- Improve OAuth 2.0 provider support. A missing `fqn` field was added to the response, but does not expose the user's email address. ### Added