akkoma/lib/pleroma/web/twitter_api/controller.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.TwitterAPI.Controller do
  use Pleroma.Web, :controller

  alias Pleroma.User
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.TwitterAPI.TokenView

  require Logger

  plug(:skip_auth when action == :confirm_email)
  plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])

  action_fallback(:errors)

  def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
    case User.get_cached_by_id(uid) do
      %User{local: true, is_confirmed: false, confirmation_token: ^token} = user ->
        case User.confirm(user) do
          {:ok, _} ->
            redirect(conn, to: "/")

          {:error, _} ->
            json_reply(conn, 400, "Unable to confirm")
        end

      %User{is_confirmed: true} ->
        json_reply(conn, 400, "Already verified email")

      _ ->
        json_reply(conn, 400, "Couldn't verify email")
    end
  end

  def oauth_tokens(%{assigns: %{user: user}} = conn, _params) do
    with oauth_tokens <- Token.get_user_tokens(user) do
      conn
      |> put_view(TokenView)
      |> render("index.json", %{tokens: oauth_tokens})
    end
  end

  def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
    Token.delete_user_token(user, id)

    json_reply(conn, 201, "")
  end

  defp errors(conn, {:param_cast, _}) do
    conn
    |> put_status(400)
    |> json("Invalid parameters")
  end

  defp errors(conn, _) do
    conn
    |> put_status(500)
    |> json("Something went wrong")
  end

  defp json_reply(conn, status, json) do
    conn
    |> put_resp_content_type("application/json")
    |> send_resp(status, json)
  end
end
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 07:49:20 +01:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Add Twitter API verify_credentials endpoint. 2017-03-20 21:30:44 +01:00			`defmodule Pleroma.Web.TwitterAPI.Controller do`
			`use Pleroma.Web, :controller`
[#114] Initial implementation of user password reset emails (user-initiated). 2018-12-11 20:17:49 +03:00
credo fixes 2019-08-31 13:08:43 +03:00			`alias Pleroma.User`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-05 03:52:23 +01:00			`alias Pleroma.Web.OAuth.Token`
alias alphabetically order 2020-06-24 13:07:47 +03:00			`alias Pleroma.Web.Plugs.OAuthScopesPlug`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-05 03:52:23 +01:00			`alias Pleroma.Web.TwitterAPI.TokenView`
Add Twitter API verify_credentials endpoint. 2017-03-20 21:30:44 +01:00
Add profile update. 2017-08-29 15:14:00 +02:00			`require Logger`

Refactor skipped plugs into Pleroma.Web functions Speeds up recompilation by reducing compile cycles 2021-06-08 19:14:12 -05:00			`plug(:skip_auth when action == :confirm_email)`
[#2409] Tested all auth setup configs in AuthTestControllerTest. Adjusted :skip_plug definitions for some endpoints. 2020-04-24 16:52:38 +03:00			`plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])`
Enforcement of OAuth scopes check for authenticated API endpoints, :skip_plug plug to mark a plug explicitly skipped (disabled). 2020-04-06 10:20:44 +03:00
Better error handling in TwitterApiController. 2018-06-03 19:11:22 +02:00			`action_fallback(:errors)`

[#114] Added :user_id component to email confirmation path to improve the security. Added tests for `confirm_email` action. 2018-12-20 13:41:30 +03:00			`def confirm_email(conn, %{"user_id" => uid, "token" => token}) do`
fix: Give error message to users when address has already been validated Plus other errors. 2023-01-12 21:14:42 +01:00			`case User.get_cached_by_id(uid) do`
			`%User{local: true, is_confirmed: false, confirmation_token: ^token} = user ->`
			`case User.confirm(user) do`
			`{:ok, _} ->`
			`redirect(conn, to: "/")`

			`{:error, _} ->`
			`json_reply(conn, 400, "Unable to confirm")`
			`end`

			`%User{is_confirmed: true} ->`
			`json_reply(conn, 400, "Already verified email")`

			`_ ->`
			`json_reply(conn, 400, "Couldn't verify email")`
[#114] Email confirmation route, action, node setting, User.Info fields. 2018-12-14 16:38:56 +03:00			`end`
			`end`

Add OAuth tokens endpoint 2019-02-10 22:41:06 +03:00			`def oauth_tokens(%{assigns: %{user: user}} = conn, _params) do`
			`with oauth_tokens <- Token.get_user_tokens(user) do`
			`conn`
			`\|> put_view(TokenView)`
			`\|> render("index.json", %{tokens: oauth_tokens})`
			`end`
			`end`

Add revoke token 2019-02-11 00:49:56 +03:00			`def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do`
			`Token.delete_user_token(user, id)`

			`json_reply(conn, 201, "")`
			`end`

Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes if OAuth check was neither performed nor explicitly skipped. 2020-04-22 18:50:25 +03:00			`defp errors(conn, {:param_cast, _}) do`
Better error handling in TwitterApiController. 2018-06-03 19:11:22 +02:00			`conn`
			`\|> put_status(400)`
			`\|> json("Invalid parameters")`
			`end`

Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes if OAuth check was neither performed nor explicitly skipped. 2020-04-22 18:50:25 +03:00			`defp errors(conn, _) do`
Better error handling in TwitterApiController. 2018-06-03 19:11:22 +02:00			`conn`
			`\|> put_status(500)`
			`\|> json("Something went wrong")`
			`end`
Remove most of TwitterAPIController 2019-08-27 12:29:19 +03:00
			`defp json_reply(conn, status, json) do`
			`conn`
			`\|> put_resp_content_type("application/json")`
			`\|> send_resp(status, json)`
			`end`
Add Twitter API verify_credentials endpoint. 2017-03-20 21:30:44 +01:00			`end`