From 595a970493a9bae0dcc4b84de338766c2cc61a75 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 04:46:03 +0000 Subject: [PATCH 1/8] user: use pattern matching to determine if user is local or remote instead of the previous hairy logic --- lib/pleroma/user.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 85d0f9fce..ce909601d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -49,7 +49,8 @@ defmodule Pleroma.User do !Pleroma.Config.get([:instance, :account_activation_required]) end - def remote_or_auth_active?(%User{} = user), do: !user.local || auth_active?(user) + def remote_or_auth_active?(%User{local: false}), do: true + def remote_or_auth_active?(%User{local: true} = user), do: auth_active?(user) def visible_for?(%User{} = user, for_user \\ nil) do User.remote_or_auth_active?(user) || (for_user && for_user.id == user.id) || From 4124c9aa4aae4622f7a939caa84f01ca0760057c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 05:02:00 +0000 Subject: [PATCH 2/8] tests: user: add regression test for remote_or_auth_active?/1 --- test/user_test.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/user_test.exs b/test/user_test.exs index 74accb7c8..419a576dc 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -767,4 +767,18 @@ defmodule Pleroma.UserTest do |> Map.put(:search_distance, nil) end end + + test "remote_or_auth_active?/1 works correctly" do + Pleroma.Config.put([:instance, :account_activation_required], true) + + local_user = insert(:user, local: true, info: %{confirmation_pending: true}) + confirmed_user = insert(:user, local: true, info: %{confirmation_pending: false}) + remote_user = insert(:user, local: false) + + refute User.remote_or_auth_active?(local_user) + assert User.remote_or_auth_active?(confirmed_user) + assert User.remote_or_auth_active?(remote_user) + + Pleroma.Config.put([:instance, :account_activation_required], false) + end end From 2af67353c5014edcc24bf2ec27b2bc871bd80eb7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 06:21:21 +0000 Subject: [PATCH 3/8] user: harden auth_active?/1, superuser?/1, visible_for?/1 --- lib/pleroma/user.ex | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index ce909601d..5491e8b9a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -44,21 +44,28 @@ defmodule Pleroma.User do timestamps() end - def auth_active?(%User{} = user) do - (user.info && !user.info.confirmation_pending) || - !Pleroma.Config.get([:instance, :account_activation_required]) - end + def auth_active?(%User{info: %User.Info{confirmation_pending: false}}), do: true + + def auth_active?(%User{info: %User.Info{confirmation_pending: true}}), + do: !Pleroma.Config.get([:instance, :account_activation_required]) + + def auth_active?(_), do: false def remote_or_auth_active?(%User{local: false}), do: true def remote_or_auth_active?(%User{local: true} = user), do: auth_active?(user) - def visible_for?(%User{} = user, for_user \\ nil) do - User.remote_or_auth_active?(user) || (for_user && for_user.id == user.id) || - User.superuser?(for_user) + def visible_for?(user, for_user \\ nil) + + def visible_for?(%User{id: user_id}, %User{id: for_id}) when user_id == for_id, do: true + + def visible_for?(%User{} = user, for_user) do + remote_or_auth_active?(user) || superuser?(for_user) end - def superuser?(nil), do: false - def superuser?(%User{} = user), do: user.info && User.Info.superuser?(user.info) + def visible_for?(_, _), do: false + + def superuser?(%User{info: %User.Info{} = info}), do: User.Info.superuser?(info) + def superuser?(_), do: false def avatar_url(user) do case user.avatar do From 74f48beec3bf78cd94cb6db5cbdb937505891eab Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 06:36:50 +0000 Subject: [PATCH 4/8] user: remove entirely redundant remote_or_auth_active?/1. auth_active?/1 can check remote users and return true directly. --- lib/pleroma/user.ex | 7 +++---- test/user_test.exs | 8 ++++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 5491e8b9a..636c56312 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -44,6 +44,8 @@ defmodule Pleroma.User do timestamps() end + def auth_active?(%User{local: false}), do: false + def auth_active?(%User{info: %User.Info{confirmation_pending: false}}), do: true def auth_active?(%User{info: %User.Info{confirmation_pending: true}}), @@ -51,15 +53,12 @@ defmodule Pleroma.User do def auth_active?(_), do: false - def remote_or_auth_active?(%User{local: false}), do: true - def remote_or_auth_active?(%User{local: true} = user), do: auth_active?(user) - def visible_for?(user, for_user \\ nil) def visible_for?(%User{id: user_id}, %User{id: for_id}) when user_id == for_id, do: true def visible_for?(%User{} = user, for_user) do - remote_or_auth_active?(user) || superuser?(for_user) + auth_active?(user) || superuser?(for_user) end def visible_for?(_, _), do: false diff --git a/test/user_test.exs b/test/user_test.exs index 419a576dc..1c4e84914 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -768,16 +768,16 @@ defmodule Pleroma.UserTest do end end - test "remote_or_auth_active?/1 works correctly" do + test "auth_active?/1 works correctly" do Pleroma.Config.put([:instance, :account_activation_required], true) local_user = insert(:user, local: true, info: %{confirmation_pending: true}) confirmed_user = insert(:user, local: true, info: %{confirmation_pending: false}) remote_user = insert(:user, local: false) - refute User.remote_or_auth_active?(local_user) - assert User.remote_or_auth_active?(confirmed_user) - assert User.remote_or_auth_active?(remote_user) + refute User.auth_active?(local_user) + assert User.auth_active?(confirmed_user) + assert User.auth_active?(remote_user) Pleroma.Config.put([:instance, :account_activation_required], false) end From 0015d43e13508155462a9e5d18f19725fadd8931 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 06:41:25 +0000 Subject: [PATCH 5/8] user: factor out illogical User.Info.superuser?/1. any actual callee will be dealing with a User struct to begin with, so just check the child struct inside User.superuser?/1 with pattern matching. --- lib/pleroma/user.ex | 3 ++- lib/pleroma/user/info.ex | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 636c56312..4d0f68cd6 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -63,7 +63,8 @@ defmodule Pleroma.User do def visible_for?(_, _), do: false - def superuser?(%User{info: %User.Info{} = info}), do: User.Info.superuser?(info) + def superuser?(%User{local: true, info: %User.Info{is_admin: true}}), do: true + def superuser?(%User{local: true, info: %User.Info{is_moderator: true}}), do: true def superuser?(_), do: false def avatar_url(user) do diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 2f419a5a2..7c79dfcff 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -41,8 +41,6 @@ defmodule Pleroma.User.Info do # subject _> Where is this used? end - def superuser?(info), do: info.is_admin || info.is_moderator - def set_activation_status(info, deactivated) do params = %{deactivated: deactivated} From f15183178c15bb01f6cd49f28f2177bfd26bdac8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 06:45:17 +0000 Subject: [PATCH 6/8] user: fix auth_active?/1 for remote users --- lib/pleroma/user.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 4d0f68cd6..06049dc62 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -44,7 +44,7 @@ defmodule Pleroma.User do timestamps() end - def auth_active?(%User{local: false}), do: false + def auth_active?(%User{local: false}), do: true def auth_active?(%User{info: %User.Info{confirmation_pending: false}}), do: true From f2a4f89abef810f1106afa3a9ef82fa748bc783e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 06:50:31 +0000 Subject: [PATCH 7/8] tests: user: add tests for superuser?/1 --- test/user_test.exs | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/user_test.exs b/test/user_test.exs index 1c4e84914..582374fb9 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -781,4 +781,32 @@ defmodule Pleroma.UserTest do Pleroma.Config.put([:instance, :account_activation_required], false) end + + describe "superuser?/1" do + test "returns false for unprivileged users" do + user = insert(:user, local: true) + + refute User.superuser?(user) + end + + test "returns false for remote users" do + user = insert(:user, local: false) + remote_admin_user = insert(:user, local: false, info: %{is_admin: true}) + + refute User.superuser?(user) + refute User.superuser?(remote_admin_user) + end + + test "returns true for local moderators" do + user = insert(:user, local: true, info: %{is_moderator: true}) + + assert User.superuser?(user) + end + + test "returns true for local admins" do + user = insert(:user, local: true, info: %{is_admin: true}) + + assert User.superuser?(user) + end + end end From 567651fb3fcacbe5bb2f9c19deb9655edaaad076 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 9 Jan 2019 07:03:32 +0000 Subject: [PATCH 8/8] test: user: add tests for visible_for?/2 --- test/user_test.exs | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/test/user_test.exs b/test/user_test.exs index 582374fb9..542eaaaeb 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -809,4 +809,41 @@ defmodule Pleroma.UserTest do assert User.superuser?(user) end end + + describe "visible_for?/2" do + test "returns true when the account is itself" do + user = insert(:user, local: true) + + assert User.visible_for?(user, user) + end + + test "returns false when the account is unauthenticated and auth is required" do + Pleroma.Config.put([:instance, :account_activation_required], true) + + user = insert(:user, local: true, info: %{confirmation_pending: true}) + other_user = insert(:user, local: true) + + refute User.visible_for?(user, other_user) + + Pleroma.Config.put([:instance, :account_activation_required], false) + end + + test "returns true when the account is unauthenticated and auth is not required" do + user = insert(:user, local: true, info: %{confirmation_pending: true}) + other_user = insert(:user, local: true) + + assert User.visible_for?(user, other_user) + end + + test "returns true when the account is unauthenticated and being viewed by a privileged account (auth required)" do + Pleroma.Config.put([:instance, :account_activation_required], true) + + user = insert(:user, local: true, info: %{confirmation_pending: true}) + other_user = insert(:user, local: true, info: %{is_admin: true}) + + assert User.visible_for?(user, other_user) + + Pleroma.Config.put([:instance, :account_activation_required], false) + end + end end