Expose user email address to user/owner; not publicly.

2021-05-20 12:50:43 -05:00 · 2021-05-20 12:50:43 -05:00 · 05d678c070
parent 8e9f032f25
commit 05d678c070
3 changed files with 29 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 - The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
 - HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising.
+- Email address is now returned if requesting user is the owner of the user account so it can be exposed in client and FE user settings UIs.

 ### Added

--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -292,6 +292,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
    |> maybe_put_allow_following_move(user, opts[:for])
    |> maybe_put_unread_conversation_count(user, opts[:for])
    |> maybe_put_unread_notification_count(user, opts[:for])
+    |> maybe_put_email_address(user, opts[:for])
  end

  defp username_from_nickname(string) when is_binary(string) do
@ -403,6 +404,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do

  defp maybe_put_unread_notification_count(data, _, _), do: data

+  defp maybe_put_email_address(data, %User{id: user_id}, %User{id: user_id} = user) do
+    Kernel.put_in(
+      data,
+      [:pleroma, :email],
+      user.email
+    )
+  end
+
+  defp maybe_put_email_address(data, _, _), do: data
+
  defp image_url(%{"url" => [%{"href" => href} | _]}), do: href
  defp image_url(_), do: nil
 end
--- a/test/pleroma/web/mastodon_api/views/account_view_test.exs
+++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs
@ -468,6 +468,23 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               %{user: user, for: user}
             )[:pleroma][:unread_notifications_count] == 7
    end
+
+    test "shows email only to the account owner" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      user = User.get_cached_by_ap_id(user.ap_id)
+
+      assert AccountView.render(
+               "show.json",
+               %{user: user, for: other_user}
+             )[:pleroma][:email] == nil
+
+      assert AccountView.render(
+               "show.json",
+               %{user: user, for: user}
+             )[:pleroma][:email] == user.email
+    end
  end

  describe "follow requests counter" do