From f88dc1937e5aa4208143fa68400a5c38a1b9eddf Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 31 Aug 2020 16:48:24 -0500 Subject: [PATCH 01/14] MastodonAPI.StatusView.get_user/1 --> CommonAPI.get_user/1 --- .../web/admin_api/views/status_view.ex | 3 ++- lib/pleroma/web/common_api/common_api.ex | 17 +++++++++++++ .../web/mastodon_api/views/status_view.ex | 25 +++---------------- .../web/pleroma_api/views/scrobble_view.ex | 4 +-- test/web/common_api/common_api_test.exs | 20 +++++++++++++++ 5 files changed, 45 insertions(+), 24 deletions(-) diff --git a/lib/pleroma/web/admin_api/views/status_view.ex b/lib/pleroma/web/admin_api/views/status_view.ex index 500800be2b..6042a22b6f 100644 --- a/lib/pleroma/web/admin_api/views/status_view.ex +++ b/lib/pleroma/web/admin_api/views/status_view.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.AdminAPI.StatusView do require Pleroma.Constants alias Pleroma.Web.AdminAPI + alias Pleroma.Web.CommonAPI alias Pleroma.Web.MastodonAPI defdelegate merge_account_views(user), to: AdminAPI.AccountView @@ -17,7 +18,7 @@ def render("index.json", opts) do end def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do - user = MastodonAPI.StatusView.get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) MastodonAPI.StatusView.render("show.json", opts) |> Map.merge(%{account: merge_account_views(user)}) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 5ad2b91c26..d6e9d3d679 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -550,4 +550,21 @@ def hide_reblogs(%User{} = user, %User{} = target) do def show_reblogs(%User{} = user, %User{} = target) do UserRelationship.delete_reblog_mute(user, target) end + + def get_user(ap_id, fake_record_fallback \\ true) do + cond do + user = User.get_cached_by_ap_id(ap_id) -> + user + + user = User.get_by_guessed_nickname(ap_id) -> + user + + fake_record_fallback -> + # TODO: refactor (fake records is never a good idea) + User.error_user(ap_id) + + true -> + nil + end + end end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 3fe1967be9..66732d09e7 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -56,23 +56,6 @@ defp get_replied_to_activities(activities) do end) end - def get_user(ap_id, fake_record_fallback \\ true) do - cond do - user = User.get_cached_by_ap_id(ap_id) -> - user - - user = User.get_by_guessed_nickname(ap_id) -> - user - - fake_record_fallback -> - # TODO: refactor (fake records is never a good idea) - User.error_user(ap_id) - - true -> - nil - end - end - defp get_context_id(%{data: %{"context_id" => context_id}}) when not is_nil(context_id), do: context_id @@ -120,7 +103,7 @@ def render("index.json", opts) do # Note: unresolved users are filtered out actors = (activities ++ parent_activities) - |> Enum.map(&get_user(&1.data["actor"], false)) + |> Enum.map(&CommonAPI.get_user(&1.data["actor"], false)) |> Enum.filter(& &1) UserRelationship.view_relationships_option(reading_user, actors, subset: :source_mutes) @@ -139,7 +122,7 @@ def render( "show.json", %{activity: %{data: %{"type" => "Announce", "object" => _object}} = activity} = opts ) do - user = get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) created_at = Utils.to_masto_date(activity.data["published"]) activity_object = Object.normalize(activity) @@ -212,7 +195,7 @@ def render( def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do object = Object.normalize(activity) - user = get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) user_follower_address = user.follower_address like_count = object.data["like_count"] || 0 @@ -266,7 +249,7 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} reply_to = get_reply_to(activity, opts) - reply_to_user = reply_to && get_user(reply_to.data["actor"]) + reply_to_user = reply_to && CommonAPI.get_user(reply_to.data["actor"]) content = object diff --git a/lib/pleroma/web/pleroma_api/views/scrobble_view.ex b/lib/pleroma/web/pleroma_api/views/scrobble_view.ex index bbff93abeb..95bd4c3689 100644 --- a/lib/pleroma/web/pleroma_api/views/scrobble_view.ex +++ b/lib/pleroma/web/pleroma_api/views/scrobble_view.ex @@ -10,14 +10,14 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleView do alias Pleroma.Activity alias Pleroma.HTML alias Pleroma.Object + alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MastodonAPI.AccountView - alias Pleroma.Web.MastodonAPI.StatusView def render("show.json", %{activity: %Activity{data: %{"type" => "Listen"}} = activity} = opts) do object = Object.normalize(activity) - user = StatusView.get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) created_at = Utils.to_masto_date(activity.data["published"]) %{ diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 4ba6232dc7..d171b344aa 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -1126,4 +1126,24 @@ test "respects visibility=private" do assert Visibility.get_visibility(activity) == "private" end end + + describe "get_user/1" do + test "gets user by ap_id" do + user = insert(:user) + assert CommonAPI.get_user(user.ap_id) == user + end + + test "gets user by guessed nickname" do + user = insert(:user, ap_id: "", nickname: "mario@mushroom.kingdom") + assert CommonAPI.get_user("https://mushroom.kingdom/users/mario") == user + end + + test "fallback" do + assert %User{ + name: "", + ap_id: "", + nickname: "erroruser@example.com" + } = CommonAPI.get_user("") + end + end end From b40a627ab02f9f63eac42ce6fc65282fc6cb6b92 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 31 Aug 2020 19:56:05 -0500 Subject: [PATCH 02/14] AdminAPI: delete a chat message --- lib/pleroma/moderation_log.ex | 24 +++++++++ .../admin_api/controllers/chat_controller.ex | 37 +++++++++++++ .../operations/admin/chat_operation.ex | 44 +++++++++++++++ lib/pleroma/web/router.ex | 2 + test/support/factory.ex | 54 +++++++++++++++++++ .../controllers/chat_controller_test.exs | 53 ++++++++++++++++++ 6 files changed, 214 insertions(+) create mode 100644 lib/pleroma/web/admin_api/controllers/chat_controller.ex create mode 100644 lib/pleroma/web/api_spec/operations/admin/chat_operation.ex create mode 100644 test/web/admin_api/controllers/chat_controller_test.exs diff --git a/lib/pleroma/moderation_log.ex b/lib/pleroma/moderation_log.ex index 31c9afe2a2..47036a6f62 100644 --- a/lib/pleroma/moderation_log.ex +++ b/lib/pleroma/moderation_log.ex @@ -320,6 +320,19 @@ def insert_log(%{ |> insert_log_entry_with_message() end + @spec insert_log(%{actor: User, action: String.t(), subject_id: String.t()}) :: + {:ok, ModerationLog} | {:error, any} + def insert_log(%{actor: %User{} = actor, action: "chat_message_delete", subject_id: subject_id}) do + %ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor.nickname}, + "action" => "chat_message_delete", + "subject_id" => subject_id + } + } + |> insert_log_entry_with_message() + end + @spec insert_log_entry_with_message(ModerationLog) :: {:ok, ModerationLog} | {:error, any} defp insert_log_entry_with_message(entry) do entry.data["message"] @@ -627,6 +640,17 @@ def get_log_entry_message(%ModerationLog{ "@#{actor_nickname} updated users: #{users_to_nicknames_string(subjects)}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "chat_message_delete", + "subject_id" => subject_id + } + }) do + "@#{actor_nickname} deleted chat message ##{subject_id}" + end + defp nicknames_to_string(nicknames) do nicknames |> Enum.map(&"@#{&1}") diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex new file mode 100644 index 0000000000..bcce824d26 --- /dev/null +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -0,0 +1,37 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ChatController do + use Pleroma.Web, :controller + + alias Pleroma.Activity + alias Pleroma.ModerationLog + alias Pleroma.Plugs.OAuthScopesPlug + alias Pleroma.Web.CommonAPI + + require Logger + + plug(Pleroma.Web.ApiSpec.CastAndValidate) + + plug( + OAuthScopesPlug, + %{scopes: ["write:chats"], admin: true} when action in [:delete_message] + ) + + action_fallback(Pleroma.Web.AdminAPI.FallbackController) + + defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ChatOperation + + def delete_message(%{assigns: %{user: user}} = conn, %{message_id: id}) do + with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do + ModerationLog.insert_log(%{ + action: "chat_message_delete", + actor: user, + subject_id: id + }) + + json(conn, %{}) + end + end +end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex new file mode 100644 index 0000000000..7045fd7cec --- /dev/null +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -0,0 +1,44 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.Admin.ChatOperation do + alias OpenApiSpex.Operation + alias Pleroma.Web.ApiSpec.Schemas.ApiError + alias Pleroma.Web.ApiSpec.Schemas.FlakeID + + import Pleroma.Web.ApiSpec.Helpers + + def open_api_operation(action) do + operation = String.to_existing_atom("#{action}_operation") + apply(__MODULE__, operation, []) + end + + def delete_message_operation do + %Operation{ + tags: ["Admin", "Chats"], + summary: "Delete an individual chat message", + operationId: "AdminAPI.ChatController.delete", + parameters: [id_param(), message_id_param()] ++ admin_api_params(), + security: [%{"oAuth" => ["write:chats"]}], + responses: %{ + 200 => empty_object_response(), + 404 => Operation.response("Not Found", "application/json", ApiError) + } + } + end + + def id_param do + Operation.parameter(:id, :path, FlakeID, "Chat ID", + example: "9umDrYheeY451cQnEe", + required: true + ) + end + + def message_id_param do + Operation.parameter(:message_id, :path, FlakeID, "Chat message ID", + example: "9umDrYheeY451cQnEe", + required: true + ) + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index c6433cc532..e438768ed1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -214,6 +214,8 @@ defmodule Pleroma.Web.Router do get("/media_proxy_caches", MediaProxyCacheController, :index) post("/media_proxy_caches/delete", MediaProxyCacheController, :delete) post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) + + delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end scope "/api/pleroma/emoji", Pleroma.Web.PleromaAPI do diff --git a/test/support/factory.ex b/test/support/factory.ex index 486eda8da5..61ca4587ca 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -460,4 +460,58 @@ def filter_factory do phrase: "cofe" } end + + def chat_factory(attrs \\ %{}) do + user = attrs[:user] || insert(:user) + recipient = attrs[:recipient] || insert(:user) + + %Pleroma.Chat{ + user_id: user.id, + recipient: recipient.ap_id + } + end + + def chat_message_factory(attrs \\ %{}) do + text = sequence(:text, &"This is :moominmamma: chat message #{&1}") + chat = attrs[:chat] || insert(:chat) + + data = %{ + "type" => "ChatMessage", + "content" => text, + "id" => Pleroma.Web.ActivityPub.Utils.generate_object_id(), + "actor" => User.get_by_id(chat.user_id).ap_id, + "to" => [chat.recipient], + "published" => DateTime.utc_now() |> DateTime.to_iso8601() + } + + %Pleroma.Object{ + data: merge_attributes(data, Map.get(attrs, :data, %{})) + } + end + + def chat_message_activity_factory(attrs \\ %{}) do + chat = attrs[:chat] || insert(:chat) + chat_message = attrs[:chat_message] || insert(:chat_message, chat: chat) + + data_attrs = attrs[:data_attrs] || %{} + attrs = Map.drop(attrs, [:chat, :chat_message, :data_attrs]) + + data = + %{ + "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(), + "type" => "Create", + "actor" => chat_message.data["actor"], + "to" => chat_message.data["to"], + "object" => chat_message.data["id"], + "published" => DateTime.utc_now() |> DateTime.to_iso8601() + } + |> Map.merge(data_attrs) + + %Pleroma.Activity{ + data: data, + actor: data["actor"], + recipients: data["to"] + } + |> Map.merge(attrs) + end end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs new file mode 100644 index 0000000000..4527437afd --- /dev/null +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -0,0 +1,53 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ChatControllerTest do + use Pleroma.Web.ConnCase + + import Pleroma.Factory + + alias Pleroma.Activity + alias Pleroma.Config + alias Pleroma.ModerationLog + alias Pleroma.Repo + + setup do + admin = insert(:user, is_admin: true) + token = insert(:oauth_admin_token, user: admin) + + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, token) + + {:ok, %{admin: admin, token: token, conn: conn}} + end + + describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do + setup do + chat = insert(:chat) + message = insert(:chat_message_activity, chat: chat) + %{chat: chat, message: message} + end + + test "deletes chat message", %{conn: conn, chat: chat, message: message, admin: admin} do + conn + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{message.id}") + |> json_response_and_validate_schema(:ok) + + refute Activity.get_by_id(message.id) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deleted chat message ##{message.id}" + end + + test "returns 404 when the chat message does not exist", %{conn: conn} do + conn = delete(conn, "/api/pleroma/admin/chats/test/messages/test") + + assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} + end + end +end From fb0de073439b5e3be823e736b44608e80f1027f1 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 31 Aug 2020 20:23:33 -0500 Subject: [PATCH 03/14] AdminAPI: list chats for a user --- .../controllers/admin_api_controller.ex | 27 +++++++++++++++++++ lib/pleroma/web/router.ex | 3 +++ .../controllers/admin_api_controller_test.exs | 18 +++++++++++++ 3 files changed, 48 insertions(+) diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index f5e4d49f9a..9b66c2f10f 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller + import Ecto.Query import Pleroma.Web.ControllerHelper, only: [json_response: 3] alias Pleroma.Config @@ -21,6 +22,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.ModerationLogView alias Pleroma.Web.AdminAPI.Search alias Pleroma.Web.Endpoint + alias Pleroma.Web.PleromaAPI alias Pleroma.Web.Router require Logger @@ -68,6 +70,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do when action in [:list_user_statuses, :list_instance_statuses] ) + plug( + OAuthScopesPlug, + %{scopes: ["read:chats"], admin: true} + when action in [:list_user_chats] + ) + plug( OAuthScopesPlug, %{scopes: ["read"], admin: true} @@ -256,6 +264,25 @@ def list_user_statuses(%{assigns: %{user: admin}} = conn, %{"nickname" => nickna end end + def list_user_chats(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname} = _params) do + with %User{id: user_id} <- User.get_cached_by_nickname_or_id(nickname, for: admin) do + chats = + from(c in Pleroma.Chat, + where: c.user_id == ^user_id, + order_by: [desc: c.updated_at], + inner_join: u in User, + on: u.ap_id == c.recipient + ) + |> Pleroma.Repo.all() + + conn + |> put_view(PleromaAPI.ChatView) + |> render("index.json", chats: chats) + else + _ -> {:error, :not_found} + end + end + def user_toggle_activation(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname}) do user = User.get_cached_by_nickname(nickname) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index e438768ed1..ad3282df45 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -178,6 +178,7 @@ defmodule Pleroma.Web.Router do get("/users", AdminAPIController, :list_users) get("/users/:nickname", AdminAPIController, :user_show) get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses) + get("/users/:nickname/chats", AdminAPIController, :list_user_chats) get("/instances/:instance/statuses", AdminAPIController, :list_instance_statuses) @@ -215,6 +216,8 @@ defmodule Pleroma.Web.Router do post("/media_proxy_caches/delete", MediaProxyCacheController, :delete) post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) + # get("/chats/:id", ChatController, :show) + # get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index dbf478edf0..cf5637246d 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1510,6 +1510,24 @@ test "excludes reblogs by default", %{conn: conn, user: user} do end end + describe "GET /api/pleroma/admin/users/:nickname/chats" do + setup do + user = insert(:user) + + insert(:chat, user: user) + insert(:chat, user: user) + insert(:chat, user: user) + + %{user: user} + end + + test "renders user's statuses", %{conn: conn, user: user} do + conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") + + assert json_response(conn, 200) |> length() == 3 + end + end + describe "GET /api/pleroma/admin/moderation_log" do setup do moderator = insert(:user, is_moderator: true) From c41430b23eaf3fd15b227e66215aa2a4ff31dfdb Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 19:05:24 -0500 Subject: [PATCH 04/14] Refactor with Chat.for_user_query/1 --- lib/pleroma/chat.ex | 12 ++++++++++++ .../admin_api/controllers/admin_api_controller.ex | 8 +------- .../web/pleroma_api/controllers/chat_controller.ex | 9 ++------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/lib/pleroma/chat.ex b/lib/pleroma/chat.ex index 24a86371e7..b38c5c3ddf 100644 --- a/lib/pleroma/chat.ex +++ b/lib/pleroma/chat.ex @@ -6,7 +6,9 @@ defmodule Pleroma.Chat do use Ecto.Schema import Ecto.Changeset + import Ecto.Query + alias Pleroma.Chat alias Pleroma.Repo alias Pleroma.User @@ -69,4 +71,14 @@ def bump_or_create(user_id, recipient) do conflict_target: [:user_id, :recipient] ) end + + @spec for_user_query(FlakeId.Ecto.CompatType.t()) :: Ecto.Query.t() + def for_user_query(user_id) do + from(c in Chat, + where: c.user_id == ^user_id, + order_by: [desc: c.updated_at], + inner_join: u in User, + on: u.ap_id == c.recipient + ) + end end diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index 9b66c2f10f..fccdbabb4c 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -5,7 +5,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller - import Ecto.Query import Pleroma.Web.ControllerHelper, only: [json_response: 3] alias Pleroma.Config @@ -267,12 +266,7 @@ def list_user_statuses(%{assigns: %{user: admin}} = conn, %{"nickname" => nickna def list_user_chats(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname} = _params) do with %User{id: user_id} <- User.get_cached_by_nickname_or_id(nickname, for: admin) do chats = - from(c in Pleroma.Chat, - where: c.user_id == ^user_id, - order_by: [desc: c.updated_at], - inner_join: u in User, - on: u.ap_id == c.recipient - ) + Pleroma.Chat.for_user_query(user_id) |> Pleroma.Repo.all() conn diff --git a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex index 1f2e953f76..27c9a2e0f7 100644 --- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex @@ -146,13 +146,8 @@ def index(%{assigns: %{user: %{id: user_id} = user}} = conn, _params) do blocked_ap_ids = User.blocked_users_ap_ids(user) chats = - from(c in Chat, - where: c.user_id == ^user_id, - where: c.recipient not in ^blocked_ap_ids, - order_by: [desc: c.updated_at], - inner_join: u in User, - on: u.ap_id == c.recipient - ) + Chat.for_user_query(user_id) + |> where([c], c.recipient not in ^blocked_ap_ids) |> Repo.all() conn From f13b52a703d5c60cf12b2fff69f458e5c467c783 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 19:39:34 -0500 Subject: [PATCH 05/14] AdminAPI: list messages in a chat --- .../admin_api/controllers/chat_controller.ex | 27 ++++++++++ .../operations/admin/chat_operation.ex | 26 ++++++++- lib/pleroma/web/router.ex | 2 +- .../controllers/chat_controller_test.exs | 54 +++++++++++++++++++ 4 files changed, 107 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index bcce824d26..b423188d75 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -6,14 +6,23 @@ defmodule Pleroma.Web.AdminAPI.ChatController do use Pleroma.Web, :controller alias Pleroma.Activity + alias Pleroma.Chat + alias Pleroma.Chat.MessageReference alias Pleroma.ModerationLog + alias Pleroma.Pagination alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Web.CommonAPI + alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView require Logger plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug( + OAuthScopesPlug, + %{scopes: ["read:chats"], admin: true} when action in [:messages] + ) + plug( OAuthScopesPlug, %{scopes: ["write:chats"], admin: true} when action in [:delete_message] @@ -34,4 +43,22 @@ def delete_message(%{assigns: %{user: user}} = conn, %{message_id: id}) do json(conn, %{}) end end + + def messages(conn, %{id: id} = params) do + with %Chat{} = chat <- Chat.get_by_id(id) do + cm_refs = + chat + |> MessageReference.for_chat_query() + |> Pagination.fetch_paginated(params) + + conn + |> put_view(MessageReferenceView) + |> render("index.json", chat_message_references: cm_refs) + else + _ -> + conn + |> put_status(:not_found) + |> json(%{error: "not found"}) + end + end end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex index 7045fd7cec..a382bd35ab 100644 --- a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -16,7 +16,7 @@ def open_api_operation(action) do def delete_message_operation do %Operation{ - tags: ["Admin", "Chats"], + tags: ["admin", "chat"], summary: "Delete an individual chat message", operationId: "AdminAPI.ChatController.delete", parameters: [id_param(), message_id_param()] ++ admin_api_params(), @@ -28,6 +28,30 @@ def delete_message_operation do } end + def messages_operation do + %Operation{ + tags: ["admin", "chat"], + summary: "Get the most recent messages of the chat", + operationId: "AdminAPI.ChatController.messages", + parameters: + [Operation.parameter(:id, :path, :string, "The ID of the Chat")] ++ + pagination_params(), + responses: %{ + 200 => + Operation.response( + "The messages in the chat", + "application/json", + Pleroma.Web.ApiSpec.ChatOperation.chat_messages_response() + ) + }, + security: [ + %{ + "oAuth" => ["read:chats"] + } + ] + } + end + def id_param do Operation.parameter(:id, :path, FlakeID, "Chat ID", example: "9umDrYheeY451cQnEe", diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index ad3282df45..02836114a0 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -217,7 +217,7 @@ defmodule Pleroma.Web.Router do post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) # get("/chats/:id", ChatController, :show) - # get("/chats/:id/messages", ChatController, :messages) + get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 4527437afd..f61e2a1fa0 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -8,9 +8,11 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do import Pleroma.Factory alias Pleroma.Activity + alias Pleroma.Chat alias Pleroma.Config alias Pleroma.ModerationLog alias Pleroma.Repo + alias Pleroma.Web.CommonAPI setup do admin = insert(:user, is_admin: true) @@ -50,4 +52,56 @@ test "returns 404 when the chat message does not exist", %{conn: conn} do assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} end end + + describe "GET /api/pleroma/admin/chats/:id/messages" do + test "it paginates", %{conn: conn} do + user = insert(:user) + recipient = insert(:user) + + Enum.each(1..30, fn _ -> + {:ok, _} = CommonAPI.post_chat_message(user, recipient, "hey") + end) + + chat = Chat.get(user.id, recipient.ap_id) + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response_and_validate_schema(200) + + assert length(result) == 20 + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages?max_id=#{List.last(result)["id"]}") + |> json_response_and_validate_schema(200) + + assert length(result) == 10 + end + + test "it returns the messages for a given chat", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + third_user = insert(:user) + + {:ok, _} = CommonAPI.post_chat_message(user, other_user, "hey") + {:ok, _} = CommonAPI.post_chat_message(user, third_user, "hey") + {:ok, _} = CommonAPI.post_chat_message(user, other_user, "how are you?") + {:ok, _} = CommonAPI.post_chat_message(other_user, user, "fine, how about you?") + + chat = Chat.get(user.id, other_user.ap_id) + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response_and_validate_schema(200) + + result + |> Enum.each(fn message -> + assert message["chat_id"] == chat.id |> to_string() + end) + + assert length(result) == 3 + end + end end From 9dd0b23da424c380a37897d8bf69ab241efa6f91 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 19:49:46 -0500 Subject: [PATCH 06/14] AdminAPI: show chat --- .../admin_api/controllers/chat_controller.ex | 11 ++++++- .../operations/admin/chat_operation.ex | 32 +++++++++++++++++++ lib/pleroma/web/router.ex | 2 +- .../controllers/chat_controller_test.exs | 16 ++++++++++ 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index b423188d75..ac362c430f 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.AdminAPI.ChatController do alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Web.CommonAPI alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView + alias Pleroma.Web.PleromaAPI.ChatView require Logger @@ -20,7 +21,7 @@ defmodule Pleroma.Web.AdminAPI.ChatController do plug( OAuthScopesPlug, - %{scopes: ["read:chats"], admin: true} when action in [:messages] + %{scopes: ["read:chats"], admin: true} when action in [:show, :messages] ) plug( @@ -61,4 +62,12 @@ def messages(conn, %{id: id} = params) do |> json(%{error: "not found"}) end end + + def show(conn, %{id: id}) do + with %Chat{} = chat <- Chat.get_by_id(id) do + conn + |> put_view(ChatView) + |> render("show.json", chat: chat) + end + end end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex index a382bd35ab..3550d531e9 100644 --- a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.ApiSpec.Admin.ChatOperation do alias OpenApiSpex.Operation alias Pleroma.Web.ApiSpec.Schemas.ApiError + alias Pleroma.Web.ApiSpec.Schemas.Chat alias Pleroma.Web.ApiSpec.Schemas.FlakeID import Pleroma.Web.ApiSpec.Helpers @@ -52,6 +53,37 @@ def messages_operation do } end + def show_operation do + %Operation{ + tags: ["chat"], + summary: "Create a chat", + operationId: "AdminAPI.ChatController.show", + parameters: [ + Operation.parameter( + :id, + :path, + :string, + "The id of the chat", + required: true, + example: "1234" + ) + ], + responses: %{ + 200 => + Operation.response( + "The existing chat", + "application/json", + Chat + ) + }, + security: [ + %{ + "oAuth" => ["read"] + } + ] + } + end + def id_param do Operation.parameter(:id, :path, FlakeID, "Chat ID", example: "9umDrYheeY451cQnEe", diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 02836114a0..e4440d4424 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -216,7 +216,7 @@ defmodule Pleroma.Web.Router do post("/media_proxy_caches/delete", MediaProxyCacheController, :delete) post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) - # get("/chats/:id", ChatController, :show) + get("/chats/:id", ChatController, :show) get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index f61e2a1fa0..63c195b99a 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -104,4 +104,20 @@ test "it returns the messages for a given chat", %{conn: conn} do assert length(result) == 3 end end + + describe "GET /api/pleroma/admin/chats/:id" do + test "it returns a chat", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id) + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}") + |> json_response_and_validate_schema(200) + + assert result["id"] == to_string(chat.id) + end + end end From 02d70228b566d5de2cbdd6d1f9958caf2db173f1 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 20:40:36 -0500 Subject: [PATCH 07/14] AdminAPI: fix delete chat message --- .../admin_api/controllers/chat_controller.ex | 20 ++++++++-- .../operations/admin/chat_operation.ex | 40 +++++++++---------- .../controllers/chat_controller_test.exs | 39 ++++++++++-------- 3 files changed, 56 insertions(+), 43 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index ac362c430f..61d45b970c 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -33,15 +33,27 @@ defmodule Pleroma.Web.AdminAPI.ChatController do defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ChatOperation - def delete_message(%{assigns: %{user: user}} = conn, %{message_id: id}) do - with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do + def delete_message(%{assigns: %{user: user}} = conn, %{ + message_id: message_id, + id: chat_id + }) do + with %MessageReference{object: %{data: %{"id" => object_ap_id}}} = cm_ref <- + MessageReference.get_by_id(message_id), + ^chat_id <- to_string(cm_ref.chat_id), + %Activity{id: activity_id} <- Activity.get_create_by_object_ap_id(object_ap_id), + {:ok, _} <- CommonAPI.delete(activity_id, user) do ModerationLog.insert_log(%{ action: "chat_message_delete", actor: user, - subject_id: id + subject_id: message_id }) - json(conn, %{}) + conn + |> put_view(MessageReferenceView) + |> render("show.json", chat_message_reference: cm_ref) + else + _e -> + {:error, :could_not_delete} end end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex index 3550d531e9..d3e5dfc1ca 100644 --- a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -4,9 +4,8 @@ defmodule Pleroma.Web.ApiSpec.Admin.ChatOperation do alias OpenApiSpex.Operation - alias Pleroma.Web.ApiSpec.Schemas.ApiError alias Pleroma.Web.ApiSpec.Schemas.Chat - alias Pleroma.Web.ApiSpec.Schemas.FlakeID + alias Pleroma.Web.ApiSpec.Schemas.ChatMessage import Pleroma.Web.ApiSpec.Helpers @@ -19,13 +18,24 @@ def delete_message_operation do %Operation{ tags: ["admin", "chat"], summary: "Delete an individual chat message", - operationId: "AdminAPI.ChatController.delete", - parameters: [id_param(), message_id_param()] ++ admin_api_params(), - security: [%{"oAuth" => ["write:chats"]}], + operationId: "AdminAPI.ChatController.delete_message", + parameters: [ + Operation.parameter(:id, :path, :string, "The ID of the Chat"), + Operation.parameter(:message_id, :path, :string, "The ID of the message") + ], responses: %{ - 200 => empty_object_response(), - 404 => Operation.response("Not Found", "application/json", ApiError) - } + 200 => + Operation.response( + "The deleted ChatMessage", + "application/json", + ChatMessage + ) + }, + security: [ + %{ + "oAuth" => ["write:chats"] + } + ] } end @@ -83,18 +93,4 @@ def show_operation do ] } end - - def id_param do - Operation.parameter(:id, :path, FlakeID, "Chat ID", - example: "9umDrYheeY451cQnEe", - required: true - ) - end - - def message_id_param do - Operation.parameter(:message_id, :path, FlakeID, "Chat message ID", - example: "9umDrYheeY451cQnEe", - required: true - ) - end end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 63c195b99a..9393dd49bb 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -7,9 +7,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do import Pleroma.Factory - alias Pleroma.Activity alias Pleroma.Chat + alias Pleroma.Chat.MessageReference alias Pleroma.Config + alias Pleroma.Object alias Pleroma.ModerationLog alias Pleroma.Repo alias Pleroma.Web.CommonAPI @@ -27,29 +28,33 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do end describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do - setup do - chat = insert(:chat) - message = insert(:chat_message_activity, chat: chat) - %{chat: chat, message: message} - end + test "it deletes a message from the chat", %{conn: conn, admin: admin} do + user = insert(:user) + recipient = insert(:user) - test "deletes chat message", %{conn: conn, chat: chat, message: message, admin: admin} do - conn - |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{message.id}") - |> json_response_and_validate_schema(:ok) + {:ok, message} = + CommonAPI.post_chat_message(user, recipient, "Hello darkness my old friend") - refute Activity.get_by_id(message.id) + object = Object.normalize(message, false) + + chat = Chat.get(user.id, recipient.ap_id) + + cm_ref = MessageReference.for_chat_and_object(chat, object) + + result = + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") + |> json_response_and_validate_schema(200) log_entry = Repo.one(ModerationLog) assert ModerationLog.get_log_entry_message(log_entry) == - "@#{admin.nickname} deleted chat message ##{message.id}" - end + "@#{admin.nickname} deleted chat message ##{cm_ref.id}" - test "returns 404 when the chat message does not exist", %{conn: conn} do - conn = delete(conn, "/api/pleroma/admin/chats/test/messages/test") - - assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} + assert result["id"] == cm_ref.id + refute MessageReference.get_by_id(cm_ref.id) + assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end end From c361df11b4e31bc6b369a4feebdbaa82987c2eec Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 20:56:42 -0500 Subject: [PATCH 08/14] Docs: AdminAPI chat moderation --- docs/API/admin_api.md | 111 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index c0ea074f08..7bdbd17aa4 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1334,3 +1334,114 @@ Loads json generated from `config/descriptions.exs`. { } ``` + +## GET /api/pleroma/admin/users/:nickname/chats + +### List a user's chats + +- Params: None + +- Response: + +```json +[ + { + "account": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "id" : "1", + "unread" : 2, + "last_message" : {...}, // The last message in that chat + "updated_at": "2020-04-21T15:11:46.000Z" + } +] +``` + +## GET /api/pleroma/admin/chats/:chat_id + +### View a single chat + +- Params: None + +- Response: + +```json +{ + "account": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "id" : "1", + "unread" : 2, + "last_message" : {...}, // The last message in that chat + "updated_at": "2020-04-21T15:11:46.000Z" +} +``` + +## GET /api/pleroma/admin/chats/:chat_id/messages + +### List the messages in a chat + +- Params: None + +- Response: + +```json +[ + { + "account_id": "someflakeid", + "chat_id": "1", + "content": "Check this out :firefox:", + "created_at": "2020-04-21T15:11:46.000Z", + "emojis": [ + { + "shortcode": "firefox", + "static_url": "https://dontbulling.me/emoji/Firefox.gif", + "url": "https://dontbulling.me/emoji/Firefox.gif", + "visible_in_picker": false + } + ], + "id": "13", + "unread": true + }, + { + "account_id": "someflakeid", + "chat_id": "1", + "content": "Whats' up?", + "created_at": "2020-04-21T15:06:45.000Z", + "emojis": [], + "id": "12", + "unread": false + } +] +``` + +## DELETE /api/pleroma/admin/chats/:chat_id/messages/:message_id + +### Delete a single message + +- Params: None + +- Response: + +```json +{ + "account_id": "someflakeid", + "chat_id": "1", + "content": "Check this out :firefox:", + "created_at": "2020-04-21T15:11:46.000Z", + "emojis": [ + { + "shortcode": "firefox", + "static_url": "https://dontbulling.me/emoji/Firefox.gif", + "url": "https://dontbulling.me/emoji/Firefox.gif", + "visible_in_picker": false + } + ], + "id": "13", + "unread": false +} +``` From 67726453f85eb5bb51bf82e7decf23a4f1d184af Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 21:12:21 -0500 Subject: [PATCH 09/14] Credo fix --- test/web/admin_api/controllers/chat_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 9393dd49bb..bca9d440d7 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -10,8 +10,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do alias Pleroma.Chat alias Pleroma.Chat.MessageReference alias Pleroma.Config - alias Pleroma.Object alias Pleroma.ModerationLog + alias Pleroma.Object alias Pleroma.Repo alias Pleroma.Web.CommonAPI From e229536e5cca65d811f85d25c86bf3c92b3d8c45 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Thu, 10 Sep 2020 01:44:32 -0500 Subject: [PATCH 10/14] Chat Moderation: use explicit `sender` and `recipient` fields --- docs/API/admin_api.md | 14 +++++++-- .../controllers/admin_api_controller.ex | 5 +--- .../admin_api/controllers/chat_controller.ex | 4 +-- lib/pleroma/web/admin_api/views/chat_view.ex | 30 +++++++++++++++++++ .../controllers/chat_controller_test.exs | 3 ++ 5 files changed, 48 insertions(+), 8 deletions(-) create mode 100644 lib/pleroma/web/admin_api/views/chat_view.ex diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index 7bdbd17aa4..eadb455ee2 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1346,7 +1346,12 @@ Loads json generated from `config/descriptions.exs`. ```json [ { - "account": { + "sender": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "receiver": { "id": "someflakeid", "username": "somenick", ... @@ -1369,7 +1374,12 @@ Loads json generated from `config/descriptions.exs`. ```json { - "account": { + "sender": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "receiver": { "id": "someflakeid", "username": "somenick", ... diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index fccdbabb4c..d5713c3dd9 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -21,11 +21,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.ModerationLogView alias Pleroma.Web.AdminAPI.Search alias Pleroma.Web.Endpoint - alias Pleroma.Web.PleromaAPI alias Pleroma.Web.Router - require Logger - @users_page_size 50 plug( @@ -270,7 +267,7 @@ def list_user_chats(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname} |> Pleroma.Repo.all() conn - |> put_view(PleromaAPI.ChatView) + |> put_view(AdminAPI.ChatView) |> render("index.json", chats: chats) else _ -> {:error, :not_found} diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index 61d45b970c..967600d69a 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -11,9 +11,9 @@ defmodule Pleroma.Web.AdminAPI.ChatController do alias Pleroma.ModerationLog alias Pleroma.Pagination alias Pleroma.Plugs.OAuthScopesPlug + alias Pleroma.Web.AdminAPI alias Pleroma.Web.CommonAPI alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView - alias Pleroma.Web.PleromaAPI.ChatView require Logger @@ -78,7 +78,7 @@ def messages(conn, %{id: id} = params) do def show(conn, %{id: id}) do with %Chat{} = chat <- Chat.get_by_id(id) do conn - |> put_view(ChatView) + |> put_view(AdminAPI.ChatView) |> render("show.json", chat: chat) end end diff --git a/lib/pleroma/web/admin_api/views/chat_view.ex b/lib/pleroma/web/admin_api/views/chat_view.ex new file mode 100644 index 0000000000..847df14235 --- /dev/null +++ b/lib/pleroma/web/admin_api/views/chat_view.ex @@ -0,0 +1,30 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ChatView do + use Pleroma.Web, :view + + alias Pleroma.Chat + alias Pleroma.User + alias Pleroma.Web.MastodonAPI + alias Pleroma.Web.PleromaAPI + + def render("index.json", %{chats: chats} = opts) do + render_many(chats, __MODULE__, "show.json", Map.delete(opts, :chats)) + end + + def render("show.json", %{chat: %Chat{user_id: user_id}} = opts) do + user = User.get_by_id(user_id) + sender = MastodonAPI.AccountView.render("show.json", user: user, skip_visibility_check: true) + + serialized_chat = PleromaAPI.ChatView.render("show.json", opts) + + serialized_chat + |> Map.put(:sender, sender) + |> Map.put(:receiver, serialized_chat[:account]) + |> Map.delete(:account) + end + + def render(view, opts), do: PleromaAPI.ChatView.render(view, opts) +end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index bca9d440d7..840f18aa2a 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -123,6 +123,9 @@ test "it returns a chat", %{conn: conn} do |> json_response_and_validate_schema(200) assert result["id"] == to_string(chat.id) + assert %{} = result["sender"] + assert %{} = result["receiver"] + refute result["account"] end end end From dfb831ca39db3098d6d585448a6ff8e938e51e8c Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Fri, 11 Sep 2020 14:00:34 -0500 Subject: [PATCH 11/14] Chat moderation: add tests for unauthorized access --- docs/API/admin_api.md | 2 +- .../controllers/admin_api_controller_test.exs | 29 +++++++ .../controllers/chat_controller_test.exs | 80 ++++++++++++++++++- 3 files changed, 109 insertions(+), 2 deletions(-) diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index eadb455ee2..bc96abbf02 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1395,7 +1395,7 @@ Loads json generated from `config/descriptions.exs`. ### List the messages in a chat -- Params: None +- Params: `max_id`, `min_id` - Response: diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index cf5637246d..dbeeb7f3d3 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1528,6 +1528,35 @@ test "renders user's statuses", %{conn: conn, user: user} do end end + describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do + setup do + user = insert(:user) + insert(:chat, user: user) + %{conn: conn} = oauth_access(["read:chats"]) + %{conn: conn, user: user} + end + + test "returns 403", %{conn: conn, user: user} do + conn + |> get("/api/pleroma/admin/users/#{user.nickname}/chats") + |> json_response(403) + end + end + + describe "GET /api/pleroma/admin/users/:nickname/chats unauthenticated" do + setup do + user = insert(:user) + insert(:chat, user: user) + %{conn: build_conn(), user: user} + end + + test "returns 403", %{conn: conn, user: user} do + conn + |> get("/api/pleroma/admin/users/#{user.nickname}/chats") + |> json_response(403) + end + end + describe "GET /api/pleroma/admin/moderation_log" do setup do moderator = insert(:user, is_moderator: true) diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 840f18aa2a..ccca3521ad 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -15,7 +15,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do alias Pleroma.Repo alias Pleroma.Web.CommonAPI - setup do + defp admin_setup do admin = insert(:user, is_admin: true) token = insert(:oauth_admin_token, user: admin) @@ -28,6 +28,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do end describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do + setup do: admin_setup() + test "it deletes a message from the chat", %{conn: conn, admin: admin} do user = insert(:user) recipient = insert(:user) @@ -59,6 +61,8 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do end describe "GET /api/pleroma/admin/chats/:id/messages" do + setup do: admin_setup() + test "it paginates", %{conn: conn} do user = insert(:user) recipient = insert(:user) @@ -111,6 +115,8 @@ test "it returns the messages for a given chat", %{conn: conn} do end describe "GET /api/pleroma/admin/chats/:id" do + setup do: admin_setup() + test "it returns a chat", %{conn: conn} do user = insert(:user) other_user = insert(:user) @@ -128,4 +134,76 @@ test "it returns a chat", %{conn: conn} do refute result["account"] end end + + describe "unauthorized chat moderation" do + setup do + user = insert(:user) + recipient = insert(:user) + + {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo") + object = Object.normalize(message, false) + chat = Chat.get(user.id, recipient.ap_id) + cm_ref = MessageReference.for_chat_and_object(chat, object) + + %{conn: conn} = oauth_access(["read:chats", "write:chats"]) + %{conn: conn, chat: chat, cm_ref: cm_ref} + end + + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") + |> json_response(403) + + assert MessageReference.get_by_id(cm_ref.id) == cm_ref + end + + test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response(403) + end + + test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}") + |> json_response(403) + end + end + + describe "unauthenticated chat moderation" do + setup do + user = insert(:user) + recipient = insert(:user) + + {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo") + object = Object.normalize(message, false) + chat = Chat.get(user.id, recipient.ap_id) + cm_ref = MessageReference.for_chat_and_object(chat, object) + + %{conn: build_conn(), chat: chat, cm_ref: cm_ref} + end + + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") + |> json_response(403) + + assert MessageReference.get_by_id(cm_ref.id) == cm_ref + end + + test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response(403) + end + + test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}") + |> json_response(403) + end + end + end From bc86d0a906e58becb94c5a73552f90abbe494c28 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Fri, 11 Sep 2020 14:29:56 -0500 Subject: [PATCH 12/14] Chat moderation: fix formatting --- .../admin_api/controllers/chat_controller_test.exs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index ccca3521ad..e81484ce62 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -149,7 +149,11 @@ test "it returns a chat", %{conn: conn} do %{conn: conn, chat: chat, cm_ref: cm_ref} end - test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{ + conn: conn, + chat: chat, + cm_ref: cm_ref + } do conn |> put_req_header("content-type", "application/json") |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") @@ -184,7 +188,11 @@ test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do %{conn: build_conn(), chat: chat, cm_ref: cm_ref} end - test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{ + conn: conn, + chat: chat, + cm_ref: cm_ref + } do conn |> put_req_header("content-type", "application/json") |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") @@ -205,5 +213,4 @@ test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do |> json_response(403) end end - end From e39ff2616b6694f97ab793bc60b5caa7b509f0b1 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 17 Sep 2020 13:29:26 +0200 Subject: [PATCH 13/14] Admin chat api tests: Small additions. --- test/web/admin_api/controllers/admin_api_controller_test.exs | 2 +- test/web/admin_api/controllers/chat_controller_test.exs | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index 3476fd0b41..e6ad210a20 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1521,7 +1521,7 @@ test "excludes reblogs by default", %{conn: conn, user: user} do %{user: user} end - test "renders user's statuses", %{conn: conn, user: user} do + test "renders user's chats", %{conn: conn, user: user} do conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") assert json_response(conn, 200) |> length() == 3 diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index e81484ce62..bd4c9c9d15 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -40,8 +40,10 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do object = Object.normalize(message, false) chat = Chat.get(user.id, recipient.ap_id) + recipient_chat = Chat.get(recipient.id, user.ap_id) cm_ref = MessageReference.for_chat_and_object(chat, object) + recipient_cm_ref = MessageReference.for_chat_and_object(recipient_chat, object) result = conn @@ -56,6 +58,7 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do assert result["id"] == cm_ref.id refute MessageReference.get_by_id(cm_ref.id) + refute MessageReference.get_by_id(recipient_cm_ref.id) assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end end From 5e3c70afa5c02926a5578628431487e92b2175e9 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 17 Sep 2020 13:37:25 +0200 Subject: [PATCH 14/14] AdminAPI Chat tests: Remove factory. The factory system doesn't work too well with how the chats are done. Instead of tempting people to use it, let's rather use the CommonAPI system for now. --- test/support/factory.ex | 54 ------------------- .../controllers/admin_api_controller_test.exs | 13 +++-- 2 files changed, 8 insertions(+), 59 deletions(-) diff --git a/test/support/factory.ex b/test/support/factory.ex index e59d832428..2fdfabbc5a 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -441,58 +441,4 @@ def filter_factory do phrase: "cofe" } end - - def chat_factory(attrs \\ %{}) do - user = attrs[:user] || insert(:user) - recipient = attrs[:recipient] || insert(:user) - - %Pleroma.Chat{ - user_id: user.id, - recipient: recipient.ap_id - } - end - - def chat_message_factory(attrs \\ %{}) do - text = sequence(:text, &"This is :moominmamma: chat message #{&1}") - chat = attrs[:chat] || insert(:chat) - - data = %{ - "type" => "ChatMessage", - "content" => text, - "id" => Pleroma.Web.ActivityPub.Utils.generate_object_id(), - "actor" => User.get_by_id(chat.user_id).ap_id, - "to" => [chat.recipient], - "published" => DateTime.utc_now() |> DateTime.to_iso8601() - } - - %Pleroma.Object{ - data: merge_attributes(data, Map.get(attrs, :data, %{})) - } - end - - def chat_message_activity_factory(attrs \\ %{}) do - chat = attrs[:chat] || insert(:chat) - chat_message = attrs[:chat_message] || insert(:chat_message, chat: chat) - - data_attrs = attrs[:data_attrs] || %{} - attrs = Map.drop(attrs, [:chat, :chat_message, :data_attrs]) - - data = - %{ - "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(), - "type" => "Create", - "actor" => chat_message.data["actor"], - "to" => chat_message.data["to"], - "object" => chat_message.data["id"], - "published" => DateTime.utc_now() |> DateTime.to_iso8601() - } - |> Map.merge(data_attrs) - - %Pleroma.Activity{ - data: data, - actor: data["actor"], - recipients: data["to"] - } - |> Map.merge(attrs) - end end diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index e6ad210a20..e4d3512deb 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1513,10 +1513,11 @@ test "excludes reblogs by default", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats" do setup do user = insert(:user) + recipients = insert_list(3, :user) - insert(:chat, user: user) - insert(:chat, user: user) - insert(:chat, user: user) + Enum.each(recipients, fn recipient -> + CommonAPI.post_chat_message(user, recipient, "yo") + end) %{user: user} end @@ -1531,7 +1532,8 @@ test "renders user's chats", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do setup do user = insert(:user) - insert(:chat, user: user) + recipient = insert(:user) + CommonAPI.post_chat_message(user, recipient, "yo") %{conn: conn} = oauth_access(["read:chats"]) %{conn: conn, user: user} end @@ -1546,7 +1548,8 @@ test "returns 403", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats unauthenticated" do setup do user = insert(:user) - insert(:chat, user: user) + recipient = insert(:user) + CommonAPI.post_chat_message(user, recipient, "yo") %{conn: build_conn(), user: user} end