closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11373 Commits
4 Branches
567 MiB
Tree: b58db8f12e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b58db8f12e'
${ noResults }
mastodon/app/controllers/api/v1/accounts_controller.rb

96 lines
3.8 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
8 years ago
Clean up for api/base controller (#3629) * Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
7 years ago
Add remove from followers api (#16864) * Add followed_by? to account_interactions * Add RemoveFromFollowersService * Fix AccountBatch to use RemoveFromFollowersService * Add remove from followers API
3 years ago
Change `follow` scope to be covered by `read` and `write` scopes in REST API (#17678) Deprecate `follow` scope
2 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
6 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
8 years ago
Add whitelist mode (#11291)
5 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Add IP-based rules (#14963)
4 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Add `details` to error response for `POST /api/v1/accounts` in REST API (#15803)
3 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Add option to be notified when a followed user posts (#13546) * Add bell button Fix #4890 * Remove duplicate type from post-deployment migration * Fix legacy class type mappings * Improve query performance with better index * Fix validation * Remove redundant index from notifications
4 years ago
Fix #4794 - Fake instant follow in API response when account is believed unlocked (#4799)
7 years ago
Add Ruby 3.0 support (#16046) * Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0 Also improve the Terrapin monkey-patch for the stderr/stdout issue. * Fix keyword argument handling throughout the codebase * Monkey-patch Paperclip to fix keyword arguments handling in validators * Change validation_extensions to please CodeClimate * Bump microformats from 4.2.1 to 4.3.1 * Allow Ruby 3.0 * Add Ruby 3.0 test target to CircleCI * Add test for admin dashboard warnings * Fix admin dashboard warnings on Ruby 3.0
3 years ago
API for blocking and unblocking
8 years ago
Make blocks create entries and unfollows instantly, but do the clean up in the background instead. Should fix delay where blocked person can interact with blocker for a short time before background job gets processed
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Mute button progress so far. WIP, doesn't entirely work correctly.
7 years ago
Fix muting users with duration via the REST api (#15516)
3 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
7 years ago
Mute button progress so far. WIP, doesn't entirely work correctly.
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
API for blocking and unblocking
8 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
7 years ago
API for blocking and unblocking
8 years ago
Add remove from followers api (#16864) * Add followed_by? to account_interactions * Add RemoveFromFollowersService * Fix AccountBatch to use RemoveFromFollowersService * Add remove from followers API
3 years ago
API for blocking and unblocking
8 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Mute button progress so far. WIP, doesn't entirely work correctly.
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
7 years ago
Mute button progress so far. WIP, doesn't entirely work correctly.
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Change output of api/accounts/:id/follow and unfollow to return relationship Track relationship in redux state. Display follow/unfollow and following-back information on account view (unstyled)
8 years ago
Using double splat operator (#5859)
7 years ago
Add Ruby 3.0 support (#16046) * Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0 Also improve the Terrapin monkey-patch for the stderr/stdout issue. * Fix keyword argument handling throughout the codebase * Monkey-patch Paperclip to fix keyword arguments handling in validators * Change validation_extensions to please CodeClimate * Bump microformats from 4.2.1 to 4.3.1 * Allow Ruby 3.0 * Add Ruby 3.0 test target to CircleCI * Add test for admin dashboard warnings * Fix admin dashboard warnings on Ruby 3.0
3 years ago
Change output of api/accounts/:id/follow and unfollow to return relationship Track relationship in redux state. Display follow/unfollow and following-back information on account view (unstyled)
8 years ago
Return HTTP 410 for suspended accounts in GET /api/v1/accounts/:id (#7287) Fix #7243
6 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Add `reason` param to `POST /api/v1/accounts` REST API (#12064) For approval-required registrations mode
5 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288) * Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Add REST API for creating an account (#9572) * Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
5 years ago
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288) * Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Api::V1::AccountsController < Api::BaseController
  4.   before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :remove_from_followers, :block, :unblock, :mute, :unmute]
  5.   before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, only: [:follow, :unfollow, :remove_from_followers]
  6.   before_action -> { doorkeeper_authorize! :follow, :write, :'write:mutes' }, only: [:mute, :unmute]
  7.   before_action -> { doorkeeper_authorize! :follow, :write, :'write:blocks' }, only: [:block, :unblock]
  8.   before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]
  9. 

  10.   before_action :require_user!, except: [:show, :create]
  11.   before_action :set_account, except: [:create]
  12.   before_action :check_enabled_registrations, only: [:create]
  13. 

  14.   skip_before_action :require_authenticated_user!, only: :create
  15. 

  16.   override_rate_limit_headers :follow, family: :follows
  17. 

  18.   def show
  19.     render json: @account, serializer: REST::AccountSerializer
  20.   end
  21. 

  22.   def create
  23.     token    = AppSignUpService.new.call(doorkeeper_token.application, request.remote_ip, account_params)
  24.     response = Doorkeeper::OAuth::TokenResponse.new(token)
  25. 

  26.     headers.merge!(response.headers)
  27. 

  28.     self.response_body = Oj.dump(response.body)
  29.     self.status        = response.status
  30.   rescue ActiveRecord::RecordInvalid => e
  31.     render json: ValidationErrorFormatter.new(e, :'account.username' => :username, :'invite_request.text' => :reason).as_json, status: :unprocessable_entity
  32.   end
  33. 

  34.   def follow
  35.     follow  = FollowService.new.call(current_user.account, @account, reblogs: params.key?(:reblogs) ? truthy_param?(:reblogs) : nil, notify: params.key?(:notify) ? truthy_param?(:notify) : nil, with_rate_limit: true)
  36.     options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: follow.show_reblogs?, notify: follow.notify? } }, requested_map: { @account.id => false } }
  37. 

  38.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships(**options)
  39.   end
  40. 

  41.   def block
  42.     BlockService.new.call(current_user.account, @account)
  43.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
  44.   end
  45. 

  46.   def mute
  47.     MuteService.new.call(current_user.account, @account, notifications: truthy_param?(:notifications), duration: (params[:duration]&.to_i || 0))
  48.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
  49.   end
  50. 

  51.   def unfollow
  52.     UnfollowService.new.call(current_user.account, @account)
  53.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
  54.   end
  55. 

  56.   def remove_from_followers
  57.     RemoveFromFollowersService.new.call(current_user.account, @account)
  58.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
  59.   end
  60. 

  61.   def unblock
  62.     UnblockService.new.call(current_user.account, @account)
  63.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
  64.   end
  65. 

  66.   def unmute
  67.     UnmuteService.new.call(current_user.account, @account)
  68.     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
  69.   end
  70. 

  71.   private
  72. 

  73.   def set_account
  74.     @account = Account.find(params[:id])
  75.   end
  76. 

  77.   def relationships(**options)
  78.     AccountRelationshipsPresenter.new([@account.id], current_user.account_id, **options)
  79.   end
  80. 

  81.   def account_params
  82.     params.permit(:username, :email, :password, :agreement, :locale, :reason)
  83.   end
  84. 

  85.   def check_enabled_registrations
  86.     forbidden if single_user_mode? || omniauth_only? || !allowed_registrations?
  87.   end
  88. 

  89.   def allowed_registrations?
  90.     Setting.registrations_mode != 'none'
  91.   end
  92. 

  93.   def omniauth_only?
  94.     ENV['OMNIAUTH_ONLY'] == 'true'
  95.   end
  96. end