a1batross
/
pleroma
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

validate actor type

This commit is contained in:
Alexander Strizhakov 2020-05-27 09:42:28 +03:00
parent cf139b06a3
commit 3249141588
No known key found for this signature in database
GPG Key ID: 022896A53AEF1381
4 changed files with 60 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/API/admin_api.md
View File

@ -511,7 +511,23 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
- `discoverable` - `discoverable`
- `actor_type` - `actor_type`
- Response: none (code `200`) - Response:
```json
{"status": "success"}
```
```json
{"errors":
{"actor_type": "is invalid"},
{"email": "has invalid format"},
...
}
```
```json
{"error": "Unable to update user."}
```
## `GET /api/pleroma/admin/reports` ## `GET /api/pleroma/admin/reports`

5
lib/pleroma/user.ex
View File

@ -538,9 +538,10 @@ defmodule Pleroma.User do
|> delete_change(:also_known_as) |> delete_change(:also_known_as)
|> unique_constraint(:email) |> unique_constraint(:email)
|> validate_format(:email, @email_regex) |> validate_format(:email, @email_regex)
|> validate_inclusion(:actor_type, ["Person", "Service"])
end end
@spec update_as_admin(%User{}, map) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()} @spec update_as_admin(User.t(), map()) :: {:ok, User.t()} | {:error, Changeset.t()}
def update_as_admin(user, params) do def update_as_admin(user, params) do
params = Map.put(params, "password_confirmation", params["password"]) params = Map.put(params, "password_confirmation", params["password"])
changeset = update_as_admin_changeset(user, params) changeset = update_as_admin_changeset(user, params)
@ -561,7 +562,7 @@ defmodule Pleroma.User do
|> put_change(:password_reset_pending, false) |> put_change(:password_reset_pending, false)
end end
@spec reset_password(User.t(), map) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()} @spec reset_password(User.t(), map()) :: {:ok, User.t()} | {:error, Changeset.t()}
def reset_password(%User{} = user, params) do def reset_password(%User{} = user, params) do
reset_password(user, user, params) reset_password(user, user, params)
end end

13
lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
View File

@ -693,7 +693,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
%{assigns: %{user: admin}} = conn, %{assigns: %{user: admin}} = conn,
%{"nickname" => nickname} = params %{"nickname" => nickname} = params
) do ) do
with {_, user} <- {:user, User.get_cached_by_nickname(nickname)}, with {_, %User{} = user} <- {:user, User.get_cached_by_nickname(nickname)},
{:ok, _user} <- {:ok, _user} <-
User.update_as_admin(user, params) do User.update_as_admin(user, params) do
ModerationLog.insert_log(%{ ModerationLog.insert_log(%{
@ -715,11 +715,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
json(conn, %{status: "success"}) json(conn, %{status: "success"})
else else
{:error, changeset} -> {:error, changeset} ->
{_, {error, _}} = Enum.at(changeset.errors, 0) errors =
json(conn, %{error: "New password #{error}."}) Enum.reduce(changeset.errors, %{}, fn
{key, {error, _}}, acc ->
Map.put(acc, key, error)
end)
json(conn, %{errors: errors})
_ -> _ ->
json(conn, %{error: "Unable to change password."}) json(conn, %{error: "Unable to update user."})
end end
end end

35
test/web/admin_api/controllers/admin_api_controller_test.exs
View File

@ -3191,8 +3191,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end end
describe "PATCH /users/:nickname/credentials" do describe "PATCH /users/:nickname/credentials" do
test "changes password and email", %{conn: conn, admin: admin} do setup do
user = insert(:user) user = insert(:user)
[user: user]
end
test "changes password and email", %{conn: conn, admin: admin, user: user} do
assert user.password_reset_pending == false assert user.password_reset_pending == false
conn = conn =
@ -3222,9 +3226,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
"@#{admin.nickname} forced password reset for users: @#{user.nickname}" "@#{admin.nickname} forced password reset for users: @#{user.nickname}"
end end
test "returns 403 if requested by a non-admin" do test "returns 403 if requested by a non-admin", %{user: user} do
user = insert(:user)
conn = conn =
build_conn() build_conn()
|> assign(:user, user) |> assign(:user, user)
@ -3236,6 +3238,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
assert json_response(conn, :forbidden) assert json_response(conn, :forbidden)
end end
test "changes actor type from permitted list", %{conn: conn, user: user} do
assert user.actor_type == "Person"
assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
"actor_type" => "Service"
})
|> json_response(200) == %{"status" => "success"}
updated_user = User.get_by_id(user.id)
assert updated_user.actor_type == "Service"
assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
"actor_type" => "Application"
})
|> json_response(200) == %{"errors" => %{"actor_type" => "is invalid"}}
end
test "update non existing user", %{conn: conn} do
assert patch(conn, "/api/pleroma/admin/users/non-existing/credentials", %{
"password" => "new_password"
})
|> json_response(200) == %{"error" => "Unable to update user."}
end
end end
describe "PATCH /users/:nickname/force_password_reset" do describe "PATCH /users/:nickname/force_password_reset" do