From de8b8e9cf15e5d0d084fbcdf73f5d637617c7744 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 14:41:58 -0600 Subject: Add a function to lookup client app details by the app_id --- lib/pleroma/web/o_auth/app.ex | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex index 382750010..083b5ce09 100644 --- a/lib/pleroma/web/o_auth/app.ex +++ b/lib/pleroma/web/o_auth/app.ex @@ -146,4 +146,14 @@ def errors(changeset) do Map.put(acc, key, error) end) end + + @spec get_app_by_id(pos_integer()) :: {:ok, map()} + def get_app_by_id(app_id) do + query = + __MODULE__ + |> where([a], a.id == ^app_id) + |> select([a], %{name: a.client_name, website: a.website}) + + Repo.one!(query) + end end -- cgit v1.2.3 From 3dc7e89c54ea3d2bf7e81d99ac4efac37cd00e6c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 18:07:15 -0600 Subject: Ensure we capture the application details into the object --- lib/pleroma/web/common_api/activity_draft.ex | 1 + .../mastodon_api/controllers/status_controller.ex | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/common_api/activity_draft.ex b/lib/pleroma/web/common_api/activity_draft.ex index fb059c27c..d7dcdad90 100644 --- a/lib/pleroma/web/common_api/activity_draft.ex +++ b/lib/pleroma/web/common_api/activity_draft.ex @@ -190,6 +190,7 @@ defp object(draft) do Utils.make_note_data(draft) |> Map.put("emoji", emoji) |> Map.put("source", draft.status) + |> Map.put("application", draft.params[:application]) %__MODULE__{draft | object: object} end diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 4cf2ee35c..47a5bbd60 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -132,13 +132,15 @@ def index(%{assigns: %{user: user}} = conn, %{ids: ids} = params) do # Creates a scheduled status when `scheduled_at` param is present and it's far enough def create( %{ - assigns: %{user: user}, + assigns: %{user: user, token: %{app_id: app_id}}, body_params: %{status: _, scheduled_at: scheduled_at} = params } = conn, _ ) when not is_nil(scheduled_at) do - params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + params = + Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + |> add_application(app_id) attrs = %{ params: Map.new(params, fn {key, value} -> {to_string(key), value} end), @@ -161,8 +163,14 @@ def create( end # Creates a regular status - def create(%{assigns: %{user: user}, body_params: %{status: _} = params} = conn, _) do - params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + def create( + %{assigns: %{user: user, token: %{app_id: app_id}}, body_params: %{status: _} = params} = + conn, + _ + ) do + params = + Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + |> add_application(app_id) with {:ok, activity} <- CommonAPI.post(user, params) do try_render(conn, "show.json", @@ -414,4 +422,8 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do as: :activity ) end + + defp add_application(params, app_id) do + params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) + end end -- cgit v1.2.3 From 981349f21d401da55168fdb00b245e3dccea1afd Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 18:19:20 -0600 Subject: Enable rendering of the client application data details --- lib/pleroma/web/mastodon_api/views/status_view.ex | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 2cd6732fe..e4f623b97 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,10 +180,7 @@ def render( media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: %{ - name: "Web", - website: nil - }, + application: activity_object.data["application"], language: nil, emojis: [], pleroma: %{ @@ -348,10 +345,7 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: %{ - name: "Web", - website: nil - }, + application: object.data["application"], language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ -- cgit v1.2.3 From 4540e08a6a19cea753e1271ebc9f79bf2e4c47ce Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 18:51:59 -0600 Subject: Rendering fallback for when we don't have valid data available --- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index e4f623b97..38960c256 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,7 +180,7 @@ def render( media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: activity_object.data["application"], + application: activity_object.data["application"] || %{name: "Web", website: nil}, language: nil, emojis: [], pleroma: %{ @@ -345,7 +345,7 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: object.data["application"], + application: object.data["application"] || %{name: "Web", website: nil}, language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ -- cgit v1.2.3 From 09b8378646122053e418e08d2cb35d154c01e52c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:15:25 -0600 Subject: %Token{} may not be in the conn, so avoid breaking the ability to post statuses in that scenario. --- .../web/mastodon_api/controllers/status_controller.ex | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 47a5bbd60..6eb518684 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -132,7 +132,7 @@ def index(%{assigns: %{user: user}} = conn, %{ids: ids} = params) do # Creates a scheduled status when `scheduled_at` param is present and it's far enough def create( %{ - assigns: %{user: user, token: %{app_id: app_id}}, + assigns: %{user: user}, body_params: %{status: _, scheduled_at: scheduled_at} = params } = conn, _ @@ -140,7 +140,7 @@ def create( when not is_nil(scheduled_at) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(app_id) + |> add_application(conn) attrs = %{ params: Map.new(params, fn {key, value} -> {to_string(key), value} end), @@ -164,13 +164,12 @@ def create( # Creates a regular status def create( - %{assigns: %{user: user, token: %{app_id: app_id}}, body_params: %{status: _} = params} = - conn, + %{assigns: %{user: user}, body_params: %{status: _} = params} = conn, _ ) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(app_id) + |> add_application(conn) with {:ok, activity} <- CommonAPI.post(user, params) do try_render(conn, "show.json", @@ -423,7 +422,9 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do ) end - defp add_application(params, app_id) do + defp add_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) end + + defp add_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) end -- cgit v1.2.3 From 7c508319a57f3ba50ddae03dc72aa83d1cd044cf Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:19:53 -0600 Subject: Prefer naming this put_application because we're putting it into the params map --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 6eb518684..a54357f93 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -140,7 +140,7 @@ def create( when not is_nil(scheduled_at) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(conn) + |> put_application(conn) attrs = %{ params: Map.new(params, fn {key, value} -> {to_string(key), value} end), @@ -169,7 +169,7 @@ def create( ) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(conn) + |> put_application(conn) with {:ok, activity} <- CommonAPI.post(user, params) do try_render(conn, "show.json", @@ -422,9 +422,9 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do ) end - defp add_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do + defp put_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) end - defp add_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) + defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) end -- cgit v1.2.3 From 6dc0b13cf850c4aee7c9f84df0f97467434e6d2b Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:22:58 -0600 Subject: Revert to original formatting for these function defs --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index a54357f93..c8f6a2994 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -163,10 +163,7 @@ def create( end # Creates a regular status - def create( - %{assigns: %{user: user}, body_params: %{status: _} = params} = conn, - _ - ) do + def create(%{assigns: %{user: user}, body_params: %{status: _} = params} = conn, _) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) |> put_application(conn) -- cgit v1.2.3 From c1d78328ee38fb2bc6c6f56c26588557f27365a9 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:27:52 -0600 Subject: Consistency --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index c8f6a2994..ec3e79ea7 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -420,7 +420,7 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do end defp put_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do - params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) + Map.put(params, :application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) end defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) -- cgit v1.2.3 From 333ff527fd44bce06b7c7e7450494ea929017b56 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:07:21 -0600 Subject: Validate client application metadata is retained in the object --- .../mastodon_api/controllers/status_controller_test.exs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index dcd1e6d5b..fada7c25c 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -357,6 +357,23 @@ test "posting a direct status", %{conn: conn} do assert activity.data["to"] == [user2.ap_id] assert activity.data["cc"] == [] end + + test "preserves client application metadata", %{conn: conn} do + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "cofe is my copilot" + }) + + assert %{ + "content" => "cofe is my copilot", + "application" => %{ + "name" => "Some client 0", + "website" => "https://example.com" + } + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do -- cgit v1.2.3 From 4b979538bcc0861ed81b6af72bbe48af07425c18 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:10:53 -0600 Subject: Document the application metadata is now retained as part of the post. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bbd898bdf..69b9e2c52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -53,6 +53,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Ability to define custom HTTP headers per each frontend - MRF (`NoEmptyPolicy`): New MRF Policy which will deny empty statuses or statuses of only mentions from being created by local users - New users will receive a simple email confirming their registration if no other emails will be dispatched. (e.g., Welcome, Confirmation, or Approval Required) +- The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
API Changes -- cgit v1.2.3 From bd3d0e8b57f6a27b8c833d11f4b98d4dbfd846ad Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:53:10 -0600 Subject: Use a custom oauth token so we can predict and validate the client_name and website --- .../mastodon_api/controllers/status_controller_test.exs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index fada7c25c..1ca829544 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,7 +358,16 @@ test "posting a direct status", %{conn: conn} do assert activity.data["cc"] == [] end - test "preserves client application metadata", %{conn: conn} do + test "preserves client application metadata" do + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + + %Pleroma.Web.OAuth.Token{ + app: %Pleroma.Web.OAuth.App{ + client_name: _app_name, + website: _app_website + } + } = token + result = conn |> put_req_header("content-type", "application/json") @@ -369,8 +378,8 @@ test "preserves client application metadata", %{conn: conn} do assert %{ "content" => "cofe is my copilot", "application" => %{ - "name" => "Some client 0", - "website" => "https://example.com" + "name" => app_name, + "website" => app_website } } = json_response_and_validate_schema(result, 200) end -- cgit v1.2.3 From 9b61df1fb64c49a4ad6277862d1405a27ad1c0da Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 12:44:45 -0600 Subject: App is already preloaded into the token, so avoid an extra query --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 6 ++++-- lib/pleroma/web/o_auth/app.ex | 10 ---------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index ec3e79ea7..db3f248e5 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -21,6 +21,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do alias Pleroma.Web.CommonAPI alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI.ScheduledActivityView + alias Pleroma.Web.OAuth.Token alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.RateLimiter @@ -419,8 +420,9 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do ) end - defp put_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do - Map.put(params, :application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) + defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do + %{client_name: client_name, website: website} = Repo.preload(token, :app).app + Map.put(params, :application, %{name: client_name, website: website}) end defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex index 083b5ce09..382750010 100644 --- a/lib/pleroma/web/o_auth/app.ex +++ b/lib/pleroma/web/o_auth/app.ex @@ -146,14 +146,4 @@ def errors(changeset) do Map.put(acc, key, error) end) end - - @spec get_app_by_id(pos_integer()) :: {:ok, map()} - def get_app_by_id(app_id) do - query = - __MODULE__ - |> where([a], a.id == ^app_id) - |> select([a], %{name: a.client_name, website: a.website}) - - Repo.one!(query) - end end -- cgit v1.2.3 From 3554a65f45d0e513e5e23e987f6f8fb1da5e8525 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 13:05:12 -0600 Subject: Inject fake application metadata and validate it is stripped by transmogrifier --- lib/pleroma/constants.ex | 3 ++- test/pleroma/web/activity_pub/transmogrifier_test.exs | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex index a40741ba6..9ee836d5d 100644 --- a/lib/pleroma/constants.ex +++ b/lib/pleroma/constants.ex @@ -18,7 +18,8 @@ defmodule Pleroma.Constants do "emoji", "context_id", "deleted_activity_id", - "pleroma_internal" + "pleroma_internal", + "application" ] ) diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 7c97fa8f8..2c99875ff 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -202,7 +202,11 @@ test "it strips internal hashtag data" do test "it strips internal fields" do user = insert(:user) - {:ok, activity} = CommonAPI.post(user, %{status: "#2hu :firefox:"}) + {:ok, activity} = + CommonAPI.post(user, %{ + status: "#2hu :firefox:", + application: %{name: "TestClient", website: "https://pleroma.social"} + }) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) @@ -213,6 +217,7 @@ test "it strips internal fields" do assert is_nil(modified["object"]["announcements"]) assert is_nil(modified["object"]["announcement_count"]) assert is_nil(modified["object"]["context_id"]) + assert is_nil(modified["object"]["application"]) end test "it strips internal fields of article" do -- cgit v1.2.3 From fb2a8e7ccd6cfbfb9bc226998a083405fcebcbe0 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 13:15:33 -0600 Subject: Additional validation so we don't get caught off guard with a nil response if CommonAPI ever prevents us from injecting this data --- test/pleroma/web/activity_pub/transmogrifier_test.exs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 2c99875ff..33ccbe2a7 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -208,6 +208,12 @@ test "it strips internal fields" do application: %{name: "TestClient", website: "https://pleroma.social"} }) + # Ensure injected application data made it into the activity + # as we don't have a Token to derive it from, otherwise it will + # be nil and the test will pass + assert %{"application" => %{name: "TestClient", website: "https://pleroma.social"}} = + activity.object.data + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert length(modified["object"]["tag"]) == 2 -- cgit v1.2.3 From d5ef02c7a7905dc2053298045873b365d2411cde Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 16:35:03 -0600 Subject: Mastodon makes this field null when posting with MastoFE or if you choose to not disclose it, so it's safe to be null by default --- lib/pleroma/web/api_spec/schemas/status.ex | 5 +++-- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 ++-- test/pleroma/web/mastodon_api/views/status_view_test.exs | 5 +---- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/api_spec/schemas/status.ex b/lib/pleroma/web/api_spec/schemas/status.ex index 61ebd8089..42fa98718 100644 --- a/lib/pleroma/web/api_spec/schemas/status.ex +++ b/lib/pleroma/web/api_spec/schemas/status.ex @@ -23,9 +23,10 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Status do application: %Schema{ description: "The application used to post this status", type: :object, + nullable: true, properties: %{ name: %Schema{type: :string}, - website: %Schema{type: :string, nullable: true, format: :uri} + website: %Schema{type: :string, format: :uri} } }, bookmarked: %Schema{type: :boolean, description: "Have you bookmarked this status?"}, @@ -291,7 +292,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Status do "url" => "http://localhost:4001/users/nick6", "username" => "nick6" }, - "application" => %{"name" => "Web", "website" => nil}, + "application" => nil, "bookmarked" => false, "card" => nil, "content" => "foobar", diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index db3f248e5..2e63c8869 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -425,5 +425,5 @@ defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do Map.put(params, :application, %{name: client_name, website: website}) end - defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) + defp put_application(params, _), do: Map.put(params, :application, nil) end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 38960c256..a45650988 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,7 +180,7 @@ def render( media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: activity_object.data["application"] || %{name: "Web", website: nil}, + application: activity_object.data["application"] || nil, language: nil, emojis: [], pleroma: %{ @@ -345,7 +345,7 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: object.data["application"] || %{name: "Web", website: nil}, + application: object.data["application"] || nil, language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ diff --git a/test/pleroma/web/mastodon_api/views/status_view_test.exs b/test/pleroma/web/mastodon_api/views/status_view_test.exs index ed59cf285..2de3afc4f 100644 --- a/test/pleroma/web/mastodon_api/views/status_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/status_view_test.exs @@ -266,10 +266,7 @@ test "a note activity" do url: "http://localhost:4001/tag/#{object_data["tag"]}" } ], - application: %{ - name: "Web", - website: nil - }, + application: nil, language: nil, emojis: [ %{ -- cgit v1.2.3 From 83301fe61aa3d453b7c12ee1f5465d9802d07370 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 16:43:41 -0600 Subject: Add field to user schema for controlling disclosure of client details --- lib/pleroma/user.ex | 1 + .../20210218223811_add_disclose_client_to_users.exs | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 51f5bc8ea..a52089d7b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -147,6 +147,7 @@ defmodule Pleroma.User do field(:shared_inbox, :string) field(:accepts_chat_messages, :boolean, default: nil) field(:last_active_at, :naive_datetime) + field(:disclose_client, :boolean, default: true) embeds_one( :notification_settings, diff --git a/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs new file mode 100644 index 000000000..c6b6fe7b2 --- /dev/null +++ b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs @@ -0,0 +1,15 @@ +defmodule Pleroma.Repo.Migrations.AddDiscloseClientToUsers do + use Ecto.Migration + + def up do + alter table(:users) do + add(:disclose_client, :boolean, default: true) + end + end + + def down do + alter table(:users) do + remove(:disclose_client) + end + end +end -- cgit v1.2.3 From 63739c5a58ccb65dd4a63019b270429d5a462e71 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 17:23:17 -0600 Subject: Tests to validate client disclosure obeys user setting --- .../mastodon_api/controllers/status_controller.ex | 10 +++++++--- .../controllers/status_controller_test.exs | 22 ++++++++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2e63c8869..2655d6b6e 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -420,9 +420,13 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do ) end - defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do - %{client_name: client_name, website: website} = Repo.preload(token, :app).app - Map.put(params, :application, %{name: client_name, website: website}) + defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do + if user.disclose_client do + %{client_name: client_name, website: website} = Repo.preload(token, :app).app + Map.put(params, :application, %{name: client_name, website: website}) + else + Map.put(params, :application, nil) + end end defp put_application(params, _), do: Map.put(params, :application, nil) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 1ca829544..bae2ad4bf 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,8 +358,9 @@ test "posting a direct status", %{conn: conn} do assert activity.data["cc"] == [] end - test "preserves client application metadata" do - %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + test "discloses application metadata when enabled" do + user = insert(:user, disclose_client: true) + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user) %Pleroma.Web.OAuth.Token{ app: %Pleroma.Web.OAuth.App{ @@ -383,6 +384,23 @@ test "preserves client application metadata" do } } = json_response_and_validate_schema(result, 200) end + + test "hides application metadata when disabled" do + user = insert(:user, disclose_client: false) + %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user) + + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "club mate is my wingman" + }) + + assert %{ + "content" => "club mate is my wingman", + "application" => nil + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do -- cgit v1.2.3 From 26b620d67652b3b7733354c4492465978f53fafb Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 17:50:46 -0600 Subject: Permit :disclose_client in changesets --- lib/pleroma/user.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a52089d7b..9942617d8 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -514,7 +514,8 @@ def update_changeset(struct, params \\ %{}) do :pleroma_settings_store, :is_discoverable, :actor_type, - :accepts_chat_messages + :accepts_chat_messages, + :disclose_client ] ) |> unique_constraint(:nickname) -- cgit v1.2.3 From d35b6254b4540394a134e026289a2c09bfe42ddd Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 26 Feb 2021 18:14:57 -0600 Subject: Store the client application data in ActivityStreams format --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 8 ++++++-- test/pleroma/web/activity_pub/transmogrifier_test.exs | 9 ++++++--- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2655d6b6e..b8a7b2a0a 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -423,7 +423,7 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do if user.disclose_client do %{client_name: client_name, website: website} = Repo.preload(token, :app).app - Map.put(params, :application, %{name: client_name, website: website}) + Map.put(params, :application, %{type: "Application", name: client_name, url: website}) else Map.put(params, :application, nil) end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index a45650988..792197a4a 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,7 +180,7 @@ def render( media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: activity_object.data["application"] || nil, + application: build_application(activity_object.data["application"]), language: nil, emojis: [], pleroma: %{ @@ -345,7 +345,7 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: object.data["application"] || nil, + application: build_application(object.data["application"]), language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ @@ -534,4 +534,8 @@ defp build_emoji_map(emoji, users, current_user) do me: !!(current_user && current_user.ap_id in users) } end + + @spec build_application(map() | nil) :: map() | nil + defp build_application(%{type: _type, name: name, url: url}), do: %{name: name, website: url} + defp build_application(_), do: nil end diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 33ccbe2a7..f6a8cbb6f 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -205,14 +205,17 @@ test "it strips internal fields" do {:ok, activity} = CommonAPI.post(user, %{ status: "#2hu :firefox:", - application: %{name: "TestClient", website: "https://pleroma.social"} + application: %{type: "Application", name: "TestClient", url: "https://pleroma.social"} }) # Ensure injected application data made it into the activity # as we don't have a Token to derive it from, otherwise it will # be nil and the test will pass - assert %{"application" => %{name: "TestClient", website: "https://pleroma.social"}} = - activity.object.data + assert %{ + type: "Application", + name: "TestClient", + url: "https://pleroma.social" + } == activity.object.data["application"] {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) -- cgit v1.2.3 From 0faf8dbef8f0d77fdd42b36ade4d55c42f0ccc8c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sun, 28 Feb 2021 09:04:29 -0600 Subject: Simplify migration --- .../migrations/20210218223811_add_disclose_client_to_users.exs | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs index c6b6fe7b2..37c5776ff 100644 --- a/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs +++ b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs @@ -1,15 +1,9 @@ defmodule Pleroma.Repo.Migrations.AddDiscloseClientToUsers do use Ecto.Migration - def up do + def change do alter table(:users) do add(:disclose_client, :boolean, default: true) end end - - def down do - alter table(:users) do - remove(:disclose_client) - end - end end -- cgit v1.2.3