diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 12b5d7d70..bd9c1f270 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -30,6 +30,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.TwitterAPI.TwitterAPI import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2] import Ecto.Query @@ -1492,7 +1493,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def account_register( - conn, + %{assign: %{app: app}} = conn, %{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params ) do params = @@ -1510,16 +1511,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("bio", params["bio"] || "") |> Map.put("confirm", params["password"]) - # TODO: Move TwitterAPI.register_user to CommonAPI ? - with {:ok, user} <- TwitterAPI.register_user(params) do - # Return Token + # TODO: Move TwitterAPI.register_user to CommonAPI? + # TODO: Fix applications to be able put only "read" scope instead for this token? + with {:ok, user} <- TwitterAPI.register_user(params), + token <- Token.create_token(app, user, app.scopes) do + token else {:error, errors} -> conn - |> json_reply(400, Jason.encode!(errors)) + |> put_status(400) + |> json(Jason.encode!(errors)) end end + def account_register(%{assign: %{app: _app}} = conn, _) do + conn + |> put_status(400) + |> json(%{error: "Missing parameters"}) + end + + def account_register(conn, _) do + conn + |> put_status(403) + |> json(%{error: "Invalid credentials"}) + end + def try_render(conn, target, params) when is_binary(target) do res = render(conn, target, params) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index d07fbc872..aa8dd5623 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -292,8 +292,6 @@ defmodule Pleroma.Web.Router do post("/pleroma/flavour/:flavour", MastodonAPIController, :set_flavour) post("/reports", MastodonAPIController, :reports) - - post("/accounts", MastodonAPIController, :account_register) end scope [] do @@ -334,6 +332,9 @@ defmodule Pleroma.Web.Router do scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:api) + # TODO: Restrain to Applications in the router? + post("/accounts", MastodonAPIController, :account_register) + get("/instance", MastodonAPIController, :masto_instance) get("/instance/peers", MastodonAPIController, :peers) post("/apps", MastodonAPIController, :create_app) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6060cc97f..bb8c86b40 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -2340,4 +2340,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do refute acc_one == acc_two assert acc_two == acc_three end + + test "Account registeration via Application", %{conn: conn} do + app = build(:oauth_app) + + conn = + conn + |> post("/api/v1/apps", %{ + client_name: app.client_name, + redirect_uris: app.redirect_uris + }) + + conn = + conn + |> assign(:app, app) + |> post("/api/v1/accounts", %{ + username: "lain", + email: "lain@example.org", + password: "PlzDontHeckLain", + aggreement: true + }) + + assert response = json_response(conn, 200) + assert response.access_token + assert response.token_type + assert response.scope + assert response.created_at + end end