diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 160acbdb92..9b7912c5be 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -65,6 +65,7 @@ def register_changeset(struct, params \\ %{}) do |> validate_confirmation(:password) |> unique_constraint(:email) |> unique_constraint(:nickname) + |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/) if changeset.valid? do hashed = Comeonin.Pbkdf2.hashpwsalt(changeset.changes[:password]) diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index e4e26df158..1c3396d27a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -124,9 +124,9 @@ def fetch_status(user, id) do end end - def follow(%User{} = follower, followed_id) do - with %User{} = followed <- Repo.get(User, followed_id), - { :ok, follower } <- User.follow(follower, followed), + def follow(%User{} = follower, params) do + with { :ok, %User{} = followed } <- get_user(params), + { :ok, follower } <- User.follow(follower, followed), { :ok, activity } <- ActivityPub.insert(%{ "type" => "Follow", "actor" => follower.ap_id, @@ -140,11 +140,11 @@ def follow(%User{} = follower, followed_id) do end end - def unfollow(%User{} = follower, followed_id) do - with %User{} = followed <- Repo.get(User, followed_id), - { :ok, follower } <- User.unfollow(follower, followed) + def unfollow(%User{} = follower, params) do + with { :ok, %User{} = unfollowed } <- get_user(params), + { :ok, follower } <- User.unfollow(follower, unfollowed) do - { :ok, follower, followed } + { :ok, follower, unfollowed} else err -> err end @@ -257,7 +257,7 @@ def register_user(params) do end end - def get_user(user, params) do + def get_user(user \\ nil, params) do case params do %{ "user_id" => user_id } -> case target = Repo.get(User, user_id) do diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 8ea54852dd..b5b829ca05 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -12,11 +12,23 @@ def verify_credentials(%{assigns: %{user: user}} = conn, _params) do |> json_reply(200, response) end - def status_update(%{assigns: %{user: user}} = conn, status_data) do - media_ids = extract_media_ids(status_data) - {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) - conn - |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) + def status_update(%{assigns: %{user: user}} = conn, %{"status" => status_text} = status_data) do + if status_text |> String.trim |> String.length != 0 do + media_ids = extract_media_ids(status_data) + {:ok, activity} = TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids )) + conn + |> json_reply(200, ActivityRepresenter.to_json(activity, %{user: user})) + else + empty_status_reply(conn) + end + end + + def status_update(conn, _status_data) do + empty_status_reply(conn) + end + + defp empty_status_reply(conn) do + bad_request_reply(conn, "Client must provide a 'status' parameter with a value.") end defp extract_media_ids(status_data) do @@ -65,8 +77,8 @@ def mentions_timeline(%{assigns: %{user: user}} = conn, params) do |> json_reply(200, json) end - def follow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do - case TwitterAPI.follow(user, followed_id) do + def follow(%{assigns: %{user: user}} = conn, params) do + case TwitterAPI.follow(user, params) do { :ok, user, followed, _activity } -> response = followed |> UserRepresenter.to_json(%{for: user}) conn @@ -75,11 +87,10 @@ def follow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do end end - def unfollow(%{assigns: %{user: user}} = conn, %{ "user_id" => followed_id }) do - case TwitterAPI.unfollow(user, followed_id) do - { :ok, user, followed } -> - response = followed |> UserRepresenter.to_json(%{for: user}) - + def unfollow(%{assigns: %{user: user}} = conn, params) do + case TwitterAPI.unfollow(user, params) do + { :ok, user, unfollowed, } -> + response = unfollowed |> UserRepresenter.to_json(%{for: user}) conn |> json_reply(200, response) { :error, msg } -> forbidden_json_reply(conn, msg) @@ -152,11 +163,16 @@ def unfavorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do activity = Repo.get(Activity, id) - {:ok, status} = TwitterAPI.retweet(user, activity) - response = Poison.encode!(status) + if activity.data["actor"] == user.ap_id do + bad_request_reply(conn, "You cannot repeat your own notice.") + else + {:ok, status} = TwitterAPI.retweet(user, activity) + response = Poison.encode!(status) - conn - |> json_reply(200, response) + conn + + |> json_reply(200, response) + end end def register(conn, params) do @@ -183,7 +199,7 @@ def update_avatar(%{assigns: %{user: user}} = conn, params) do end defp bad_request_reply(conn, error_message) do - json = Poison.encode!(%{"error" => error_message}) + json = error_json(conn, error_message) json_reply(conn, 400, json) end @@ -194,9 +210,11 @@ defp json_reply(conn, status, json) do end defp forbidden_json_reply(conn, error_message) do - json = %{"error" => error_message, "request" => conn.request_path} - |> Poison.encode! - + json = error_json(conn, error_message) json_reply(conn, 403, json) end + + defp error_json(conn, error_message) do + %{"error" => error_message, "request" => conn.request_path} |> Poison.encode! + end end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 0761d05669..6c249be7d6 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -31,10 +31,21 @@ test "without valid credentials", %{conn: conn} do end test "with credentials", %{conn: conn, user: user} do - conn = conn - |> with_credentials(user.nickname, "test") - |> post("/api/statuses/update.json", %{ status: "Nice meme." }) + conn_with_creds = conn |> with_credentials(user.nickname, "test") + request_path = "/api/statuses/update.json" + error_response = %{"request" => request_path, + "error" => "Client must provide a 'status' parameter with a value."} + conn = conn_with_creds |> post(request_path) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: "" }) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: " " }) + assert json_response(conn, 400) == error_response + + conn = conn_with_creds |> post(request_path, %{ status: "Nice meme." }) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) end end @@ -139,7 +150,7 @@ test "with credentials", %{conn: conn, user: current_user} do setup [:valid_user] test "without any params", %{conn: conn} do conn = get(conn, "/api/statuses/user_timeline.json") - assert json_response(conn, 400) == %{"error" => "You need to specify screen_name or user_id"} + assert json_response(conn, 400) == %{"error" => "You need to specify screen_name or user_id", "request" => "/api/statuses/user_timeline.json"} end test "with user_id", %{conn: conn} do @@ -320,11 +331,21 @@ test "without valid credentials", %{conn: conn} do test "with credentials", %{conn: conn, user: current_user} do note_activity = insert(:note_activity) - conn = conn - |> with_credentials(current_user.nickname, "test") - |> post("/api/statuses/retweet/#{note_activity.id}.json") + request_path = "/api/statuses/retweet/#{note_activity.id}.json" - assert json_response(conn, 200) + user = Repo.get_by(User, ap_id: note_activity.data["actor"]) + response = conn + |> with_credentials(user.nickname, "test") + |> post(request_path) + assert json_response(response, 400) == %{"error" => "You cannot repeat your own notice.", + "request" => request_path} + + response = conn + |> with_credentials(current_user.nickname, "test") + |> post(request_path) + activity = Repo.get(Activity, note_activity.id) + activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"]) + assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user}) end end diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 273093ebad..590428423b 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -155,32 +155,47 @@ test "fetch a single status" do assert status == ActivityRepresenter.to_map(activity, %{for: user, user: actor}) end - test "Follow another user" do + test "Follow another user using user_id" do user = insert(:user) followed = insert(:user) - { :ok, user, followed, activity } = TwitterAPI.follow(user, followed.id) - - user = Repo.get(User, user.id) - follow = Repo.get(Activity, activity.id) - + {:ok, user, followed, _activity } = TwitterAPI.follow(user, %{"user_id" => followed.id}) assert user.following == [User.ap_followers(followed)] - assert follow == activity - { :error, msg } = TwitterAPI.follow(user, followed.id) + { :error, msg } = TwitterAPI.follow(user, %{"user_id" => followed.id}) assert msg == "Could not follow user: #{followed.nickname} is already on your list." end - test "Unfollow another user" do + test "Follow another user using screen_name" do + user = insert(:user) followed = insert(:user) - user = insert(:user, %{following: [User.ap_followers(followed)]}) - { :ok, user, _followed } = TwitterAPI.unfollow(user, followed.id) + {:ok, user, followed, _activity } = TwitterAPI.follow(user, %{"screen_name" => followed.nickname}) + assert user.following == [User.ap_followers(followed)] - user = Repo.get(User, user.id) + { :error, msg } = TwitterAPI.follow(user, %{"screen_name" => followed.nickname}) + assert msg == "Could not follow user: #{followed.nickname} is already on your list." + end + test "Unfollow another user using user_id" do + unfollowed = insert(:user) + user = insert(:user, %{following: [User.ap_followers(unfollowed)]}) + + {:ok, user, unfollowed } = TwitterAPI.unfollow(user, %{"user_id" => unfollowed.id}) assert user.following == [] - { :error, msg } = TwitterAPI.unfollow(user, followed.id) + + { :error, msg } = TwitterAPI.unfollow(user, %{"user_id" => unfollowed.id}) + assert msg == "Not subscribed!" + end + + test "Unfollow another user using screen_name" do + unfollowed = insert(:user) + user = insert(:user, %{following: [User.ap_followers(unfollowed)]}) + + {:ok, user, unfollowed } = TwitterAPI.unfollow(user, %{"screen_name" => unfollowed.nickname}) + assert user.following == [] + + { :error, msg } = TwitterAPI.unfollow(user, %{"screen_name" => unfollowed.nickname}) assert msg == "Not subscribed!" end