Add configurable length limits for `User.bio` and `User.name` See merge request pleroma/pleroma!1515tags/v1.1.4
@@ -69,6 +69,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). | |||||
- Added synchronization of following/followers counters for external users | - Added synchronization of following/followers counters for external users | ||||
- Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`. | - Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`. | ||||
- Configuration: Pleroma.Plugs.RateLimiter `bucket_name`, `params` options. | - Configuration: Pleroma.Plugs.RateLimiter `bucket_name`, `params` options. | ||||
- Configuration: `user_bio_length` and `user_name_length` options. | |||||
- Addressable lists | - Addressable lists | ||||
- Twitter API: added rate limit for `/api/account/password_reset` endpoint. | - Twitter API: added rate limit for `/api/account/password_reset` endpoint. | ||||
- ActivityPub: Add an internal service actor for fetching ActivityPub objects. | - ActivityPub: Add an internal service actor for fetching ActivityPub objects. | ||||
@@ -253,6 +253,8 @@ config :pleroma, :instance, | |||||
skip_thread_containment: true, | skip_thread_containment: true, | ||||
limit_to_local_content: :unauthenticated, | limit_to_local_content: :unauthenticated, | ||||
dynamic_configuration: false, | dynamic_configuration: false, | ||||
user_bio_length: 5000, | |||||
user_name_length: 100, | |||||
external_user_synchronization: true | external_user_synchronization: true | ||||
config :pleroma, :markup, | config :pleroma, :markup, | ||||
@@ -126,6 +126,8 @@ config :pleroma, Pleroma.Emails.Mailer, | |||||
* `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). Default: `false`. | * `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). Default: `false`. | ||||
* `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``. | * `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``. | ||||
* `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database. | * `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database. | ||||
* `user_bio_length`: A user bio maximum length (default: `5000`) | |||||
* `user_name_length`: A user name maximum length (default: `100`) | |||||
* `skip_thread_containment`: Skip filter out broken threads. The default is `false`. | * `skip_thread_containment`: Skip filter out broken threads. The default is `false`. | ||||
* `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`. | * `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`. | ||||
* `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api. | * `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api. | ||||
@@ -152,10 +152,10 @@ defmodule Pleroma.User do | |||||
end | end | ||||
def remote_user_creation(params) do | def remote_user_creation(params) do | ||||
params = | |||||
params | |||||
|> Map.put(:info, params[:info] || %{}) | |||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) | |||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) | |||||
params = Map.put(params, :info, params[:info] || %{}) | |||||
info_cng = User.Info.remote_user_creation(%User.Info{}, params[:info]) | info_cng = User.Info.remote_user_creation(%User.Info{}, params[:info]) | ||||
changes = | changes = | ||||
@@ -164,8 +164,8 @@ defmodule Pleroma.User do | |||||
|> validate_required([:name, :ap_id]) | |> validate_required([:name, :ap_id]) | ||||
|> unique_constraint(:nickname) | |> unique_constraint(:nickname) | ||||
|> validate_format(:nickname, @email_regex) | |> validate_format(:nickname, @email_regex) | ||||
|> validate_length(:bio, max: 5000) | |||||
|> validate_length(:name, max: 100) | |||||
|> validate_length(:bio, max: bio_limit) | |||||
|> validate_length(:name, max: name_limit) | |||||
|> put_change(:local, false) | |> put_change(:local, false) | ||||
|> put_embed(:info, info_cng) | |> put_embed(:info, info_cng) | ||||
@@ -188,22 +188,23 @@ defmodule Pleroma.User do | |||||
end | end | ||||
def update_changeset(struct, params \\ %{}) do | def update_changeset(struct, params \\ %{}) do | ||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) | |||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) | |||||
struct | struct | ||||
|> cast(params, [:bio, :name, :avatar, :following]) | |> cast(params, [:bio, :name, :avatar, :following]) | ||||
|> unique_constraint(:nickname) | |> unique_constraint(:nickname) | ||||
|> validate_format(:nickname, local_nickname_regex()) | |> validate_format(:nickname, local_nickname_regex()) | ||||
|> validate_length(:bio, max: 5000) | |||||
|> validate_length(:name, min: 1, max: 100) | |||||
|> validate_length(:bio, max: bio_limit) | |||||
|> validate_length(:name, min: 1, max: name_limit) | |||||
end | end | ||||
def upgrade_changeset(struct, params \\ %{}) do | def upgrade_changeset(struct, params \\ %{}) do | ||||
params = | |||||
params | |||||
|> Map.put(:last_refreshed_at, NaiveDateTime.utc_now()) | |||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) | |||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) | |||||
info_cng = | |||||
struct.info | |||||
|> User.Info.user_upgrade(params[:info]) | |||||
params = Map.put(params, :last_refreshed_at, NaiveDateTime.utc_now()) | |||||
info_cng = User.Info.user_upgrade(struct.info, params[:info]) | |||||
struct | struct | ||||
|> cast(params, [ | |> cast(params, [ | ||||
@@ -216,8 +217,8 @@ defmodule Pleroma.User do | |||||
]) | ]) | ||||
|> unique_constraint(:nickname) | |> unique_constraint(:nickname) | ||||
|> validate_format(:nickname, local_nickname_regex()) | |> validate_format(:nickname, local_nickname_regex()) | ||||
|> validate_length(:bio, max: 5000) | |||||
|> validate_length(:name, max: 100) | |||||
|> validate_length(:bio, max: bio_limit) | |||||
|> validate_length(:name, max: name_limit) | |||||
|> put_embed(:info, info_cng) | |> put_embed(:info, info_cng) | ||||
end | end | ||||
@@ -244,6 +245,9 @@ defmodule Pleroma.User do | |||||
end | end | ||||
def register_changeset(struct, params \\ %{}, opts \\ []) do | def register_changeset(struct, params \\ %{}, opts \\ []) do | ||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) | |||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) | |||||
need_confirmation? = | need_confirmation? = | ||||
if is_nil(opts[:need_confirmation]) do | if is_nil(opts[:need_confirmation]) do | ||||
Pleroma.Config.get([:instance, :account_activation_required]) | Pleroma.Config.get([:instance, :account_activation_required]) | ||||
@@ -264,8 +268,8 @@ defmodule Pleroma.User do | |||||
|> validate_exclusion(:nickname, Pleroma.Config.get([User, :restricted_nicknames])) | |> validate_exclusion(:nickname, Pleroma.Config.get([User, :restricted_nicknames])) | ||||
|> validate_format(:nickname, local_nickname_regex()) | |> validate_format(:nickname, local_nickname_regex()) | ||||
|> validate_format(:email, @email_regex) | |> validate_format(:email, @email_regex) | ||||
|> validate_length(:bio, max: 1000) | |||||
|> validate_length(:name, min: 1, max: 100) | |||||
|> validate_length(:bio, max: bio_limit) | |||||
|> validate_length(:name, min: 1, max: name_limit) | |||||
|> put_change(:info, info_change) | |> put_change(:info, info_change) | ||||
changeset = | changeset = | ||||
@@ -525,7 +525,10 @@ defmodule Pleroma.UserTest do | |||||
end | end | ||||
test "it restricts some sizes" do | test "it restricts some sizes" do | ||||
[bio: 5000, name: 100] | |||||
bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) | |||||
name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) | |||||
[bio: bio_limit, name: name_limit] | |||||
|> Enum.each(fn {field, size} -> | |> Enum.each(fn {field, size} -> | ||||
string = String.pad_leading(".", size) | string = String.pad_leading(".", size) | ||||
cs = User.remote_user_creation(Map.put(@valid_remote, field, string)) | cs = User.remote_user_creation(Map.put(@valid_remote, field, string)) | ||||