akkoma/lib/pleroma/web/twitter_api/controller.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.TwitterAPI.Controller do
  use Pleroma.Web, :controller

  alias Pleroma.User
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.TwitterAPI.TokenView

  require Logger

  plug(:skip_auth when action == :confirm_email)
  plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])

  action_fallback(:errors)

  def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
    with %User{} = user <- User.get_cached_by_id(uid),
         true <- user.local and !user.is_confirmed and user.confirmation_token == token,
         {:ok, _} <- User.confirm(user) do
      redirect(conn, to: "/")
    end
  end

  def oauth_tokens(%{assigns: %{user: user}} = conn, _params) do
    with oauth_tokens <- Token.get_user_tokens(user) do
      conn
      |> put_view(TokenView)
      |> render("index.json", %{tokens: oauth_tokens})
    end
  end

  def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
    Token.delete_user_token(user, id)

    json_reply(conn, 201, "")
  end

  defp errors(conn, {:param_cast, _}) do
    conn
    |> put_status(400)
    |> json("Invalid parameters")
  end

  defp errors(conn, _) do
    conn
    |> put_status(500)
    |> json("Something went wrong")
  end

  defp json_reply(conn, status, json) do
    conn
    |> put_resp_content_type("application/json")
    |> send_resp(status, json)
  end
end
add license boilerplate to pleroma core 2018-12-23 13:04:54 -07:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-12 23:49:20 -07:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 13:04:54 -07:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Add Twitter API verify_credentials endpoint. 2017-03-20 14:30:44 -06:00			`defmodule Pleroma.Web.TwitterAPI.Controller do`
			`use Pleroma.Web, :controller`
[#114] Initial implementation of user password reset emails (user-initiated). 2018-12-11 10:17:49 -07:00
credo fixes 2019-08-31 04:08:43 -06:00			`alias Pleroma.User`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-04 19:52:23 -07:00			`alias Pleroma.Web.OAuth.Token`
alias alphabetically order 2020-06-24 04:07:47 -06:00			`alias Pleroma.Web.Plugs.OAuthScopesPlug`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-04 19:52:23 -07:00			`alias Pleroma.Web.TwitterAPI.TokenView`
Add Twitter API verify_credentials endpoint. 2017-03-20 14:30:44 -06:00
Add profile update. 2017-08-29 07:14:00 -06:00			`require Logger`

Refactor skipped plugs into Pleroma.Web functions Speeds up recompilation by reducing compile cycles 2021-06-08 18:14:12 -06:00			`plug(:skip_auth when action == :confirm_email)`
[#2409] Tested all auth setup configs in AuthTestControllerTest. Adjusted :skip_plug definitions for some endpoints. 2020-04-24 07:52:38 -06:00			`plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])`
Enforcement of OAuth scopes check for authenticated API endpoints, :skip_plug plug to mark a plug explicitly skipped (disabled). 2020-04-06 01:20:44 -06:00
Better error handling in TwitterApiController. 2018-06-03 11:11:22 -06:00			`action_fallback(:errors)`

[#114] Added :user_id component to email confirmation path to improve the security. Added tests for `confirm_email` action. 2018-12-20 03:41:30 -07:00			`def confirm_email(conn, %{"user_id" => uid, "token" => token}) do`
[#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. 2019-10-16 12:59:21 -06:00			`with %User{} = user <- User.get_cached_by_id(uid),`
Change user.confirmation_pending field to user.is_confirmed 2020-10-13 13:29:34 -06:00			`true <- user.local and !user.is_confirmed and user.confirmation_token == token,`
Refactor User.confirm/1, add more tests 2020-10-12 15:32:34 -06:00			`{:ok, _} <- User.confirm(user) do`
Cleanup Pleroma.User 2019-09-24 01:14:34 -06:00			`redirect(conn, to: "/")`
[#114] Email confirmation route, action, node setting, User.Info fields. 2018-12-14 06:38:56 -07:00			`end`
			`end`

Add OAuth tokens endpoint 2019-02-10 12:41:06 -07:00			`def oauth_tokens(%{assigns: %{user: user}} = conn, _params) do`
			`with oauth_tokens <- Token.get_user_tokens(user) do`
			`conn`
			`\|> put_view(TokenView)`
			`\|> render("index.json", %{tokens: oauth_tokens})`
			`end`
			`end`

Add revoke token 2019-02-10 14:49:56 -07:00			`def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do`
			`Token.delete_user_token(user, id)`

			`json_reply(conn, 201, "")`
			`end`

Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes if OAuth check was neither performed nor explicitly skipped. 2020-04-22 09:50:25 -06:00			`defp errors(conn, {:param_cast, _}) do`
Better error handling in TwitterApiController. 2018-06-03 11:11:22 -06:00			`conn`
			`\|> put_status(400)`
			`\|> json("Invalid parameters")`
			`end`

Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes if OAuth check was neither performed nor explicitly skipped. 2020-04-22 09:50:25 -06:00			`defp errors(conn, _) do`
Better error handling in TwitterApiController. 2018-06-03 11:11:22 -06:00			`conn`
			`\|> put_status(500)`
			`\|> json("Something went wrong")`
			`end`
Remove most of TwitterAPIController 2019-08-27 03:29:19 -06:00
			`defp json_reply(conn, status, json) do`
			`conn`
			`\|> put_resp_content_type("application/json")`
			`\|> send_resp(status, json)`
			`end`
Add Twitter API verify_credentials endpoint. 2017-03-20 14:30:44 -06:00			`end`