mastodon_api_controller.ex: Complete account_register/2

2019-04-10 06:57:03 +02:00 · 2019-04-10 06:57:03 +02:00 · dcdff1846c
parent 3aeac25959
commit dcdff1846c
3 changed files with 51 additions and 7 deletions
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -30,6 +30,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Token
+  alias Pleroma.Web.TwitterAPI.TwitterAPI

  import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
  import Ecto.Query
@ -1492,7 +1493,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  end

  def account_register(
-        conn,
+        %{assign: %{app: app}} = conn,
        %{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
      ) do
    params =
@ -1510,16 +1511,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      |> Map.put("bio", params["bio"] || "")
      |> Map.put("confirm", params["password"])

-    # TODO: Move TwitterAPI.register_user to CommonAPI ?
-    with {:ok, user} <- TwitterAPI.register_user(params) do
-      # Return Token
+    # TODO: Move TwitterAPI.register_user to CommonAPI?
+    # TODO: Fix applications to be able put only "read" scope instead for this token?
+    with {:ok, user} <- TwitterAPI.register_user(params),
+         token <- Token.create_token(app, user, app.scopes) do
+      token
    else
      {:error, errors} ->
        conn
-        |> json_reply(400, Jason.encode!(errors))
+        |> put_status(400)
+        |> json(Jason.encode!(errors))
    end
  end

+  def account_register(%{assign: %{app: _app}} = conn, _) do
+    conn
+    |> put_status(400)
+    |> json(%{error: "Missing parameters"})
+  end
+
+  def account_register(conn, _) do
+    conn
+    |> put_status(403)
+    |> json(%{error: "Invalid credentials"})
+  end
+
  def try_render(conn, target, params)
      when is_binary(target) do
    res = render(conn, target, params)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -292,8 +292,6 @@ defmodule Pleroma.Web.Router do
      post("/pleroma/flavour/:flavour", MastodonAPIController, :set_flavour)

      post("/reports", MastodonAPIController, :reports)
-
-      post("/accounts", MastodonAPIController, :account_register)
    end

    scope [] do
@ -334,6 +332,9 @@ defmodule Pleroma.Web.Router do
  scope "/api/v1", Pleroma.Web.MastodonAPI do
    pipe_through(:api)

+    # TODO: Restrain to Applications in the router?
+    post("/accounts", MastodonAPIController, :account_register)
+
    get("/instance", MastodonAPIController, :masto_instance)
    get("/instance/peers", MastodonAPIController, :peers)
    post("/apps", MastodonAPIController, :create_app)
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@ -2340,4 +2340,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
    refute acc_one == acc_two
    assert acc_two == acc_three
  end
+
+  test "Account registeration via Application", %{conn: conn} do
+    app = build(:oauth_app)
+
+    conn =
+      conn
+      |> post("/api/v1/apps", %{
+        client_name: app.client_name,
+        redirect_uris: app.redirect_uris
+      })
+
+    conn =
+      conn
+      |> assign(:app, app)
+      |> post("/api/v1/accounts", %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHeckLain",
+        aggreement: true
+      })
+
+    assert response = json_response(conn, 200)
+    assert response.access_token
+    assert response.token_type
+    assert response.scope
+    assert response.created_at
+  end
 end