From de8b8e9cf15e5d0d084fbcdf73f5d637617c7744 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 14:41:58 -0600 Subject: [PATCH 01/20] Add a function to lookup client app details by the app_id --- lib/pleroma/web/o_auth/app.ex | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex index 382750010..083b5ce09 100644 --- a/lib/pleroma/web/o_auth/app.ex +++ b/lib/pleroma/web/o_auth/app.ex @@ -146,4 +146,14 @@ defmodule Pleroma.Web.OAuth.App do Map.put(acc, key, error) end) end + + @spec get_app_by_id(pos_integer()) :: {:ok, map()} + def get_app_by_id(app_id) do + query = + __MODULE__ + |> where([a], a.id == ^app_id) + |> select([a], %{name: a.client_name, website: a.website}) + + Repo.one!(query) + end end From 3dc7e89c54ea3d2bf7e81d99ac4efac37cd00e6c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 18:07:15 -0600 Subject: [PATCH 02/20] Ensure we capture the application details into the object --- lib/pleroma/web/common_api/activity_draft.ex | 1 + .../mastodon_api/controllers/status_controller.ex | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/common_api/activity_draft.ex b/lib/pleroma/web/common_api/activity_draft.ex index fb059c27c..d7dcdad90 100644 --- a/lib/pleroma/web/common_api/activity_draft.ex +++ b/lib/pleroma/web/common_api/activity_draft.ex @@ -190,6 +190,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do Utils.make_note_data(draft) |> Map.put("emoji", emoji) |> Map.put("source", draft.status) + |> Map.put("application", draft.params[:application]) %__MODULE__{draft | object: object} end diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 4cf2ee35c..47a5bbd60 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -132,13 +132,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do # Creates a scheduled status when `scheduled_at` param is present and it's far enough def create( %{ - assigns: %{user: user}, + assigns: %{user: user, token: %{app_id: app_id}}, body_params: %{status: _, scheduled_at: scheduled_at} = params } = conn, _ ) when not is_nil(scheduled_at) do - params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + params = + Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + |> add_application(app_id) attrs = %{ params: Map.new(params, fn {key, value} -> {to_string(key), value} end), @@ -161,8 +163,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do end # Creates a regular status - def create(%{assigns: %{user: user}, body_params: %{status: _} = params} = conn, _) do - params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + def create( + %{assigns: %{user: user, token: %{app_id: app_id}}, body_params: %{status: _} = params} = + conn, + _ + ) do + params = + Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) + |> add_application(app_id) with {:ok, activity} <- CommonAPI.post(user, params) do try_render(conn, "show.json", @@ -414,4 +422,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do as: :activity ) end + + defp add_application(params, app_id) do + params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) + end end From 981349f21d401da55168fdb00b245e3dccea1afd Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 18:19:20 -0600 Subject: [PATCH 03/20] Enable rendering of the client application data details --- lib/pleroma/web/mastodon_api/views/status_view.ex | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 2cd6732fe..e4f623b97 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,10 +180,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: %{ - name: "Web", - website: nil - }, + application: activity_object.data["application"], language: nil, emojis: [], pleroma: %{ @@ -348,10 +345,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: %{ - name: "Web", - website: nil - }, + application: object.data["application"], language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ From 4540e08a6a19cea753e1271ebc9f79bf2e4c47ce Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 9 Feb 2021 18:51:59 -0600 Subject: [PATCH 04/20] Rendering fallback for when we don't have valid data available --- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index e4f623b97..38960c256 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,7 +180,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: activity_object.data["application"], + application: activity_object.data["application"] || %{name: "Web", website: nil}, language: nil, emojis: [], pleroma: %{ @@ -345,7 +345,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: object.data["application"], + application: object.data["application"] || %{name: "Web", website: nil}, language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ From 09b8378646122053e418e08d2cb35d154c01e52c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:15:25 -0600 Subject: [PATCH 05/20] %Token{} may not be in the conn, so avoid breaking the ability to post statuses in that scenario. --- .../web/mastodon_api/controllers/status_controller.ex | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 47a5bbd60..6eb518684 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -132,7 +132,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do # Creates a scheduled status when `scheduled_at` param is present and it's far enough def create( %{ - assigns: %{user: user, token: %{app_id: app_id}}, + assigns: %{user: user}, body_params: %{status: _, scheduled_at: scheduled_at} = params } = conn, _ @@ -140,7 +140,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do when not is_nil(scheduled_at) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(app_id) + |> add_application(conn) attrs = %{ params: Map.new(params, fn {key, value} -> {to_string(key), value} end), @@ -164,13 +164,12 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do # Creates a regular status def create( - %{assigns: %{user: user, token: %{app_id: app_id}}, body_params: %{status: _} = params} = - conn, + %{assigns: %{user: user}, body_params: %{status: _} = params} = conn, _ ) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(app_id) + |> add_application(conn) with {:ok, activity} <- CommonAPI.post(user, params) do try_render(conn, "show.json", @@ -423,7 +422,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do ) end - defp add_application(params, app_id) do + defp add_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) end + + defp add_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) end From 7c508319a57f3ba50ddae03dc72aa83d1cd044cf Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:19:53 -0600 Subject: [PATCH 06/20] Prefer naming this put_application because we're putting it into the params map --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 6eb518684..a54357f93 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -140,7 +140,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do when not is_nil(scheduled_at) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(conn) + |> put_application(conn) attrs = %{ params: Map.new(params, fn {key, value} -> {to_string(key), value} end), @@ -169,7 +169,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do ) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) - |> add_application(conn) + |> put_application(conn) with {:ok, activity} <- CommonAPI.post(user, params) do try_render(conn, "show.json", @@ -422,9 +422,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do ) end - defp add_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do + defp put_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) end - defp add_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) + defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) end From 6dc0b13cf850c4aee7c9f84df0f97467434e6d2b Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:22:58 -0600 Subject: [PATCH 07/20] Revert to original formatting for these function defs --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index a54357f93..c8f6a2994 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -163,10 +163,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do end # Creates a regular status - def create( - %{assigns: %{user: user}, body_params: %{status: _} = params} = conn, - _ - ) do + def create(%{assigns: %{user: user}, body_params: %{status: _} = params} = conn, _) do params = Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id]) |> put_application(conn) From c1d78328ee38fb2bc6c6f56c26588557f27365a9 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 14:27:52 -0600 Subject: [PATCH 08/20] Consistency --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index c8f6a2994..ec3e79ea7 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -420,7 +420,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do end defp put_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do - params |> Map.put(:application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) + Map.put(params, :application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) end defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) From 333ff527fd44bce06b7c7e7450494ea929017b56 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:07:21 -0600 Subject: [PATCH 09/20] Validate client application metadata is retained in the object --- .../mastodon_api/controllers/status_controller_test.exs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index dcd1e6d5b..fada7c25c 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -357,6 +357,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert activity.data["to"] == [user2.ap_id] assert activity.data["cc"] == [] end + + test "preserves client application metadata", %{conn: conn} do + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "cofe is my copilot" + }) + + assert %{ + "content" => "cofe is my copilot", + "application" => %{ + "name" => "Some client 0", + "website" => "https://example.com" + } + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do From 4b979538bcc0861ed81b6af72bbe48af07425c18 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:10:53 -0600 Subject: [PATCH 10/20] Document the application metadata is now retained as part of the post. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bbd898bdf..69b9e2c52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -53,6 +53,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Ability to define custom HTTP headers per each frontend - MRF (`NoEmptyPolicy`): New MRF Policy which will deny empty statuses or statuses of only mentions from being created by local users - New users will receive a simple email confirming their registration if no other emails will be dispatched. (e.g., Welcome, Confirmation, or Approval Required) +- The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
API Changes From bd3d0e8b57f6a27b8c833d11f4b98d4dbfd846ad Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:53:10 -0600 Subject: [PATCH 11/20] Use a custom oauth token so we can predict and validate the client_name and website --- .../mastodon_api/controllers/status_controller_test.exs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index fada7c25c..1ca829544 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,7 +358,16 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert activity.data["cc"] == [] end - test "preserves client application metadata", %{conn: conn} do + test "preserves client application metadata" do + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + + %Pleroma.Web.OAuth.Token{ + app: %Pleroma.Web.OAuth.App{ + client_name: _app_name, + website: _app_website + } + } = token + result = conn |> put_req_header("content-type", "application/json") @@ -369,8 +378,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert %{ "content" => "cofe is my copilot", "application" => %{ - "name" => "Some client 0", - "website" => "https://example.com" + "name" => app_name, + "website" => app_website } } = json_response_and_validate_schema(result, 200) end From 9b61df1fb64c49a4ad6277862d1405a27ad1c0da Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 12:44:45 -0600 Subject: [PATCH 12/20] App is already preloaded into the token, so avoid an extra query --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 6 ++++-- lib/pleroma/web/o_auth/app.ex | 10 ---------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index ec3e79ea7..db3f248e5 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -21,6 +21,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do alias Pleroma.Web.CommonAPI alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.MastodonAPI.ScheduledActivityView + alias Pleroma.Web.OAuth.Token alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.RateLimiter @@ -419,8 +420,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do ) end - defp put_application(params, %{assigns: %{token: %{app_id: app_id}}} = _conn) do - Map.put(params, :application, Pleroma.Web.OAuth.App.get_app_by_id(app_id)) + defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do + %{client_name: client_name, website: website} = Repo.preload(token, :app).app + Map.put(params, :application, %{name: client_name, website: website}) end defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex index 083b5ce09..382750010 100644 --- a/lib/pleroma/web/o_auth/app.ex +++ b/lib/pleroma/web/o_auth/app.ex @@ -146,14 +146,4 @@ defmodule Pleroma.Web.OAuth.App do Map.put(acc, key, error) end) end - - @spec get_app_by_id(pos_integer()) :: {:ok, map()} - def get_app_by_id(app_id) do - query = - __MODULE__ - |> where([a], a.id == ^app_id) - |> select([a], %{name: a.client_name, website: a.website}) - - Repo.one!(query) - end end From 3554a65f45d0e513e5e23e987f6f8fb1da5e8525 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 13:05:12 -0600 Subject: [PATCH 13/20] Inject fake application metadata and validate it is stripped by transmogrifier --- lib/pleroma/constants.ex | 3 ++- test/pleroma/web/activity_pub/transmogrifier_test.exs | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/constants.ex b/lib/pleroma/constants.ex index a40741ba6..9ee836d5d 100644 --- a/lib/pleroma/constants.ex +++ b/lib/pleroma/constants.ex @@ -18,7 +18,8 @@ defmodule Pleroma.Constants do "emoji", "context_id", "deleted_activity_id", - "pleroma_internal" + "pleroma_internal", + "application" ] ) diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 7c97fa8f8..2c99875ff 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -202,7 +202,11 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do test "it strips internal fields" do user = insert(:user) - {:ok, activity} = CommonAPI.post(user, %{status: "#2hu :firefox:"}) + {:ok, activity} = + CommonAPI.post(user, %{ + status: "#2hu :firefox:", + application: %{name: "TestClient", website: "https://pleroma.social"} + }) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) @@ -213,6 +217,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert is_nil(modified["object"]["announcements"]) assert is_nil(modified["object"]["announcement_count"]) assert is_nil(modified["object"]["context_id"]) + assert is_nil(modified["object"]["application"]) end test "it strips internal fields of article" do From fb2a8e7ccd6cfbfb9bc226998a083405fcebcbe0 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 13:15:33 -0600 Subject: [PATCH 14/20] Additional validation so we don't get caught off guard with a nil response if CommonAPI ever prevents us from injecting this data --- test/pleroma/web/activity_pub/transmogrifier_test.exs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 2c99875ff..33ccbe2a7 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -208,6 +208,12 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do application: %{name: "TestClient", website: "https://pleroma.social"} }) + # Ensure injected application data made it into the activity + # as we don't have a Token to derive it from, otherwise it will + # be nil and the test will pass + assert %{"application" => %{name: "TestClient", website: "https://pleroma.social"}} = + activity.object.data + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert length(modified["object"]["tag"]) == 2 From d5ef02c7a7905dc2053298045873b365d2411cde Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 16:35:03 -0600 Subject: [PATCH 15/20] Mastodon makes this field null when posting with MastoFE or if you choose to not disclose it, so it's safe to be null by default --- lib/pleroma/web/api_spec/schemas/status.ex | 5 +++-- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 ++-- test/pleroma/web/mastodon_api/views/status_view_test.exs | 5 +---- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/api_spec/schemas/status.ex b/lib/pleroma/web/api_spec/schemas/status.ex index 61ebd8089..42fa98718 100644 --- a/lib/pleroma/web/api_spec/schemas/status.ex +++ b/lib/pleroma/web/api_spec/schemas/status.ex @@ -23,9 +23,10 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Status do application: %Schema{ description: "The application used to post this status", type: :object, + nullable: true, properties: %{ name: %Schema{type: :string}, - website: %Schema{type: :string, nullable: true, format: :uri} + website: %Schema{type: :string, format: :uri} } }, bookmarked: %Schema{type: :boolean, description: "Have you bookmarked this status?"}, @@ -291,7 +292,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Status do "url" => "http://localhost:4001/users/nick6", "username" => "nick6" }, - "application" => %{"name" => "Web", "website" => nil}, + "application" => nil, "bookmarked" => false, "card" => nil, "content" => "foobar", diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index db3f248e5..2e63c8869 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -425,5 +425,5 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do Map.put(params, :application, %{name: client_name, website: website}) end - defp put_application(params, _), do: Map.put(params, :application, %{name: "Web", website: nil}) + defp put_application(params, _), do: Map.put(params, :application, nil) end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 38960c256..a45650988 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,7 +180,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: activity_object.data["application"] || %{name: "Web", website: nil}, + application: activity_object.data["application"] || nil, language: nil, emojis: [], pleroma: %{ @@ -345,7 +345,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: object.data["application"] || %{name: "Web", website: nil}, + application: object.data["application"] || nil, language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ diff --git a/test/pleroma/web/mastodon_api/views/status_view_test.exs b/test/pleroma/web/mastodon_api/views/status_view_test.exs index ed59cf285..2de3afc4f 100644 --- a/test/pleroma/web/mastodon_api/views/status_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/status_view_test.exs @@ -266,10 +266,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do url: "http://localhost:4001/tag/#{object_data["tag"]}" } ], - application: %{ - name: "Web", - website: nil - }, + application: nil, language: nil, emojis: [ %{ From 83301fe61aa3d453b7c12ee1f5465d9802d07370 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 16:43:41 -0600 Subject: [PATCH 16/20] Add field to user schema for controlling disclosure of client details --- lib/pleroma/user.ex | 1 + .../20210218223811_add_disclose_client_to_users.exs | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 51f5bc8ea..a52089d7b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -147,6 +147,7 @@ defmodule Pleroma.User do field(:shared_inbox, :string) field(:accepts_chat_messages, :boolean, default: nil) field(:last_active_at, :naive_datetime) + field(:disclose_client, :boolean, default: true) embeds_one( :notification_settings, diff --git a/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs new file mode 100644 index 000000000..c6b6fe7b2 --- /dev/null +++ b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs @@ -0,0 +1,15 @@ +defmodule Pleroma.Repo.Migrations.AddDiscloseClientToUsers do + use Ecto.Migration + + def up do + alter table(:users) do + add(:disclose_client, :boolean, default: true) + end + end + + def down do + alter table(:users) do + remove(:disclose_client) + end + end +end From 63739c5a58ccb65dd4a63019b270429d5a462e71 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 17:23:17 -0600 Subject: [PATCH 17/20] Tests to validate client disclosure obeys user setting --- .../mastodon_api/controllers/status_controller.ex | 10 +++++++--- .../controllers/status_controller_test.exs | 22 ++++++++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2e63c8869..2655d6b6e 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -420,9 +420,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do ) end - defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do - %{client_name: client_name, website: website} = Repo.preload(token, :app).app - Map.put(params, :application, %{name: client_name, website: website}) + defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do + if user.disclose_client do + %{client_name: client_name, website: website} = Repo.preload(token, :app).app + Map.put(params, :application, %{name: client_name, website: website}) + else + Map.put(params, :application, nil) + end end defp put_application(params, _), do: Map.put(params, :application, nil) diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 1ca829544..bae2ad4bf 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,8 +358,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert activity.data["cc"] == [] end - test "preserves client application metadata" do - %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + test "discloses application metadata when enabled" do + user = insert(:user, disclose_client: true) + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user) %Pleroma.Web.OAuth.Token{ app: %Pleroma.Web.OAuth.App{ @@ -383,6 +384,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do } } = json_response_and_validate_schema(result, 200) end + + test "hides application metadata when disabled" do + user = insert(:user, disclose_client: false) + %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user) + + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "club mate is my wingman" + }) + + assert %{ + "content" => "club mate is my wingman", + "application" => nil + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do From 26b620d67652b3b7733354c4492465978f53fafb Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 17:50:46 -0600 Subject: [PATCH 18/20] Permit :disclose_client in changesets --- lib/pleroma/user.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index a52089d7b..9942617d8 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -514,7 +514,8 @@ defmodule Pleroma.User do :pleroma_settings_store, :is_discoverable, :actor_type, - :accepts_chat_messages + :accepts_chat_messages, + :disclose_client ] ) |> unique_constraint(:nickname) From d35b6254b4540394a134e026289a2c09bfe42ddd Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 26 Feb 2021 18:14:57 -0600 Subject: [PATCH 19/20] Store the client application data in ActivityStreams format --- lib/pleroma/web/mastodon_api/controllers/status_controller.ex | 2 +- lib/pleroma/web/mastodon_api/views/status_view.ex | 8 ++++++-- test/pleroma/web/activity_pub/transmogrifier_test.exs | 9 ++++++--- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex index 2655d6b6e..b8a7b2a0a 100644 --- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex @@ -423,7 +423,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do if user.disclose_client do %{client_name: client_name, website: website} = Repo.preload(token, :app).app - Map.put(params, :application, %{name: client_name, website: website}) + Map.put(params, :application, %{type: "Application", name: client_name, url: website}) else Map.put(params, :application, nil) end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index a45650988..792197a4a 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -180,7 +180,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do media_attachments: reblogged[:media_attachments] || [], mentions: mentions, tags: reblogged[:tags] || [], - application: activity_object.data["application"] || nil, + application: build_application(activity_object.data["application"]), language: nil, emojis: [], pleroma: %{ @@ -345,7 +345,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do poll: render(PollView, "show.json", object: object, for: opts[:for]), mentions: mentions, tags: build_tags(tags), - application: object.data["application"] || nil, + application: build_application(object.data["application"]), language: nil, emojis: build_emojis(object.data["emoji"]), pleroma: %{ @@ -534,4 +534,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do me: !!(current_user && current_user.ap_id in users) } end + + @spec build_application(map() | nil) :: map() | nil + defp build_application(%{type: _type, name: name, url: url}), do: %{name: name, website: url} + defp build_application(_), do: nil end diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 33ccbe2a7..f6a8cbb6f 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -205,14 +205,17 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do {:ok, activity} = CommonAPI.post(user, %{ status: "#2hu :firefox:", - application: %{name: "TestClient", website: "https://pleroma.social"} + application: %{type: "Application", name: "TestClient", url: "https://pleroma.social"} }) # Ensure injected application data made it into the activity # as we don't have a Token to derive it from, otherwise it will # be nil and the test will pass - assert %{"application" => %{name: "TestClient", website: "https://pleroma.social"}} = - activity.object.data + assert %{ + type: "Application", + name: "TestClient", + url: "https://pleroma.social" + } == activity.object.data["application"] {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) From 0faf8dbef8f0d77fdd42b36ade4d55c42f0ccc8c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sun, 28 Feb 2021 09:04:29 -0600 Subject: [PATCH 20/20] Simplify migration --- .../migrations/20210218223811_add_disclose_client_to_users.exs | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs index c6b6fe7b2..37c5776ff 100644 --- a/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs +++ b/priv/repo/migrations/20210218223811_add_disclose_client_to_users.exs @@ -1,15 +1,9 @@ defmodule Pleroma.Repo.Migrations.AddDiscloseClientToUsers do use Ecto.Migration - def up do + def change do alter table(:users) do add(:disclose_client, :boolean, default: true) end end - - def down do - alter table(:users) do - remove(:disclose_client) - end - end end