From d0eb43b58b0a191b727360cf4523329d2dc60adc Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Thu, 16 Jul 2020 22:19:17 -0500
Subject: [PATCH 1/9] Add account aliases

---
 docs/API/pleroma_api.md                       | 20 ++++++++
 lib/pleroma/user.ex                           | 24 ++++++++++
 .../operations/pleroma_account_operation.ex   | 46 +++++++++++++++++++
 lib/pleroma/web/api_spec/schemas/account.ex   |  2 +
 .../web/mastodon_api/views/account_view.ex    |  1 +
 .../controllers/account_controller.ex         | 25 ++++++++++
 lib/pleroma/web/router.ex                     |  3 ++
 lib/pleroma/web/web_finger/web_finger.ex      |  9 +++-
 .../20200717025041_add_aliases_to_users.exs   |  9 ++++
 test/user_test.exs                            | 37 +++++++++++++++
 .../mastodon_api/views/account_view_test.exs  |  5 +-
 .../controllers/account_controller_test.exs   | 29 ++++++++++++
 .../web_finger/web_finger_controller_test.exs | 14 +++++-
 13 files changed, 220 insertions(+), 4 deletions(-)
 create mode 100644 priv/repo/migrations/20200717025041_add_aliases_to_users.exs

diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md
index 5bd38ad36..8a937fdfd 100644
--- a/docs/API/pleroma_api.md
+++ b/docs/API/pleroma_api.md
@@ -570,3 +570,23 @@ Emoji reactions work a lot like favourites do. They make it possible to react to
   {"name": "😀", "count": 2, "me": true, "accounts": [{"id" => "xyz.."...}, {"id" => "zyx..."}]}
 ]
 ```
+
+# Account aliases
+
+Set and delete ActivityPub aliases for follower move.
+
+## `POST /api/v1/pleroma/accounts/ap_aliases`
+### Add account aliases
+* Method: `POST`
+* Authentication: required
+* Params:
+  * `aliases`: array of ActivityPub IDs to add
+* Response: JSON, the user's account
+
+## `DELETE /api/v1/pleroma/accounts/ap_aliases`
+### Delete account aliases
+* Method: `DELETE`
+* Authentication: required
+* Params:
+  * `aliases`: array of ActivityPub IDs to delete
+* Response: JSON, the user's account
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 9240e912d..9b756c9a0 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -89,6 +89,7 @@ defmodule Pleroma.User do
     field(:keys, :string)
     field(:public_key, :string)
     field(:ap_id, :string)
+    field(:ap_aliases, {:array, :string}, default: [])
     field(:avatar, :map, default: %{})
     field(:local, :boolean, default: true)
     field(:follower_address, :string)
@@ -2268,4 +2269,27 @@ def sanitize_html(%User{} = user, filter) do
     |> Map.put(:bio, HTML.filter_tags(user.bio, filter))
     |> Map.put(:fields, fields)
   end
+
+  def add_aliases(%User{} = user, aliases) when is_list(aliases) do
+    alias_set =
+      (user.ap_aliases ++ aliases)
+      |> MapSet.new()
+      |> MapSet.to_list()
+
+    user
+    |> change(%{ap_aliases: alias_set})
+    |> Repo.update()
+  end
+
+  def delete_aliases(%User{} = user, aliases) when is_list(aliases) do
+    alias_set =
+      user.ap_aliases
+      |> MapSet.new()
+      |> MapSet.difference(MapSet.new(aliases))
+      |> MapSet.to_list()
+
+    user
+    |> change(%{ap_aliases: alias_set})
+    |> Repo.update()
+  end
 end
diff --git a/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex b/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
index 97836b2eb..1040f6e20 100644
--- a/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
@@ -4,6 +4,8 @@
 
 defmodule Pleroma.Web.ApiSpec.PleromaAccountOperation do
   alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.Account
   alias Pleroma.Web.ApiSpec.Schemas.AccountRelationship
   alias Pleroma.Web.ApiSpec.Schemas.ApiError
   alias Pleroma.Web.ApiSpec.Schemas.FlakeID
@@ -87,10 +89,54 @@ def unsubscribe_operation do
     }
   end
 
+  def add_aliases_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Add ActivityPub aliases",
+      operationId: "PleromaAPI.AccountController.add_aliases",
+      requestBody: request_body("Parameters", alias_request(), required: true),
+      security: [%{"oAuth" => ["write:accounts"]}],
+      responses: %{
+        200 => Operation.response("Account", "application/json", Account),
+        403 => Operation.response("Forbidden", "application/json", ApiError)
+      }
+    }
+  end
+
+  def delete_aliases_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Delete ActivityPub aliases",
+      operationId: "PleromaAPI.AccountController.delete_aliases",
+      requestBody: request_body("Parameters", alias_request(), required: true),
+      security: [%{"oAuth" => ["write:accounts"]}],
+      responses: %{
+        200 => Operation.response("Account", "application/json", Account)
+      }
+    }
+  end
+
   defp id_param do
     Operation.parameter(:id, :path, FlakeID, "Account ID",
       example: "9umDrYheeY451cQnEe",
       required: true
     )
   end
+
+  defp alias_request do
+    %Schema{
+      title: "AccountAliasRequest",
+      description: "POST body for adding/deleting AP aliases",
+      type: :object,
+      properties: %{
+        aliases: %Schema{
+          type: :array,
+          items: %Schema{type: :string}
+        }
+      },
+      example: %{
+        "aliases" => ["https://beepboop.social/users/beep", "https://mushroom.kingdom/users/toad"]
+      }
+    }
+  end
 end
diff --git a/lib/pleroma/web/api_spec/schemas/account.ex b/lib/pleroma/web/api_spec/schemas/account.ex
index ca79f0747..4fd27edf5 100644
--- a/lib/pleroma/web/api_spec/schemas/account.ex
+++ b/lib/pleroma/web/api_spec/schemas/account.ex
@@ -40,6 +40,8 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
       pleroma: %Schema{
         type: :object,
         properties: %{
+          ap_id: %Schema{type: :string},
+          ap_aliases: %Schema{type: :array, items: %Schema{type: :string}},
           allow_following_move: %Schema{
             type: :boolean,
             description: "whether the user allows automatically follow moved following accounts"
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
index bc9745044..e2912031a 100644
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -248,6 +248,7 @@ defp do_render("show.json", %{user: user} = opts) do
       # Pleroma extension
       pleroma: %{
         ap_id: user.ap_id,
+        ap_aliases: user.ap_aliases,
         confirmation_pending: user.confirmation_pending,
         tags: user.tags,
         hide_followers_count: user.hide_followers_count,
diff --git a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
index 563edded7..03e5781a3 100644
--- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
@@ -39,6 +39,11 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
     %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
   )
 
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:accounts"]} when action in [:add_aliases, :delete_aliases]
+  )
+
   plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
 
   plug(:assign_account_by_id when action in [:favourites, :subscribe, :unsubscribe])
@@ -107,4 +112,24 @@ def unsubscribe(%{assigns: %{user: user, account: subscription_target}} = conn,
       {:error, message} -> json_response(conn, :forbidden, %{error: message})
     end
   end
+
+  @doc "POST /api/v1/pleroma/accounts/ap_aliases"
+  def add_aliases(%{assigns: %{user: user}, body_params: %{aliases: aliases}} = conn, _params)
+      when is_list(aliases) do
+    with {:ok, user} <- User.add_aliases(user, aliases) do
+      render(conn, "show.json", user: user)
+    else
+      {:error, message} -> json_response(conn, :forbidden, %{error: message})
+    end
+  end
+
+  @doc "DELETE /api/v1/pleroma/accounts/ap_aliases"
+  def delete_aliases(%{assigns: %{user: user}, body_params: %{aliases: aliases}} = conn, _params)
+      when is_list(aliases) do
+    with {:ok, user} <- User.delete_aliases(user, aliases) do
+      render(conn, "show.json", user: user)
+    else
+      {:error, message} -> json_response(conn, :forbidden, %{error: message})
+    end
+  end
 end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 386308362..dea95cd77 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -344,6 +344,9 @@ defmodule Pleroma.Web.Router do
 
       post("/accounts/:id/subscribe", AccountController, :subscribe)
       post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
+
+      post("/accounts/ap_aliases", AccountController, :add_aliases)
+      delete("/accounts/ap_aliases", AccountController, :delete_aliases)
     end
 
     post("/accounts/confirmation_resend", AccountController, :confirmation_resend)
diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex
index 71ccf251a..fb142ce8d 100644
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@@ -58,12 +58,19 @@ defp gather_links(%User{} = user) do
     ] ++ Publisher.gather_webfinger_links(user)
   end
 
+  defp gather_aliases(%User{} = user) do
+    user.ap_aliases
+    |> MapSet.new()
+    |> MapSet.put(user.ap_id)
+    |> MapSet.to_list()
+  end
+
   def represent_user(user, "JSON") do
     {:ok, user} = User.ensure_keys_present(user)
 
     %{
       "subject" => "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}",
-      "aliases" => [user.ap_id],
+      "aliases" => gather_aliases(user),
       "links" => gather_links(user)
     }
   end
diff --git a/priv/repo/migrations/20200717025041_add_aliases_to_users.exs b/priv/repo/migrations/20200717025041_add_aliases_to_users.exs
new file mode 100644
index 000000000..a6ace6e0f
--- /dev/null
+++ b/priv/repo/migrations/20200717025041_add_aliases_to_users.exs
@@ -0,0 +1,9 @@
+defmodule Pleroma.Repo.Migrations.AddAliasesToUsers do
+  use Ecto.Migration
+
+  def change do
+    alter table(:users) do
+      add(:ap_aliases, {:array, :string}, default: [])
+    end
+  end
+end
diff --git a/test/user_test.exs b/test/user_test.exs
index 9788e09d9..db6e4872e 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -1858,4 +1858,41 @@ test "avatar fallback" do
 
     assert User.avatar_url(user, no_default: true) == nil
   end
+
+  test "add_aliases/2" do
+    user = insert(:user)
+
+    aliases = [
+      "https://gleasonator.com/users/alex",
+      "https://gleasonator.com/users/alex",
+      "https://animalliberation.social/users/alex"
+    ]
+
+    {:ok, user} = User.add_aliases(user, aliases)
+
+    assert user.ap_aliases == [
+             "https://animalliberation.social/users/alex",
+             "https://gleasonator.com/users/alex"
+           ]
+  end
+
+  test "delete_aliases/2" do
+    user =
+      insert(:user,
+        ap_aliases: [
+          "https://animalliberation.social/users/alex",
+          "https://benis.social/users/benis",
+          "https://gleasonator.com/users/alex"
+        ]
+      )
+
+    aliases = ["https://benis.social/users/benis"]
+
+    {:ok, user} = User.delete_aliases(user, aliases)
+
+    assert user.ap_aliases == [
+             "https://animalliberation.social/users/alex",
+             "https://gleasonator.com/users/alex"
+           ]
+  end
 end
diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs
index a83bf90a3..4a0512e68 100644
--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@@ -37,7 +37,8 @@ test "Represent a user account" do
           "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
         inserted_at: ~N[2017-08-15 15:47:06.597036],
         emoji: %{"karjalanpiirakka" => "/file.png"},
-        raw_bio: "valid html. a\nb\nc\nd\nf '&<>\""
+        raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
+        ap_aliases: ["https://shitposter.zone/users/shp"]
       })
 
     expected = %{
@@ -77,6 +78,7 @@ test "Represent a user account" do
       },
       pleroma: %{
         ap_id: user.ap_id,
+        ap_aliases: ["https://shitposter.zone/users/shp"],
         background_image: "https://example.com/images/asuka_hospital.png",
         favicon:
           "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png",
@@ -171,6 +173,7 @@ test "Represent a Service(bot) account" do
       },
       pleroma: %{
         ap_id: user.ap_id,
+        ap_aliases: [],
         background_image: nil,
         favicon:
           "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png",
diff --git a/test/web/pleroma_api/controllers/account_controller_test.exs b/test/web/pleroma_api/controllers/account_controller_test.exs
index 07909d48b..da01a8218 100644
--- a/test/web/pleroma_api/controllers/account_controller_test.exs
+++ b/test/web/pleroma_api/controllers/account_controller_test.exs
@@ -281,4 +281,33 @@ test "returns 404 when subscription_target not found" do
       assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
     end
   end
+
+  describe "aliases controllers" do
+    setup do: oauth_access(["write:accounts"])
+
+    test "adds aliases", %{conn: conn} do
+      aliases = ["https://gleasonator.com/users/alex"]
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/accounts/ap_aliases", %{"aliases" => aliases})
+
+      assert %{"pleroma" => %{"ap_aliases" => res}} = json_response_and_validate_schema(conn, 200)
+      assert Enum.count(res) == 1
+    end
+
+    test "deletes aliases", %{conn: conn, user: user} do
+      aliases = ["https://gleasonator.com/users/alex"]
+      User.add_aliases(user, aliases)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> delete("/api/v1/pleroma/accounts/ap_aliases", %{"aliases" => aliases})
+
+      assert %{"pleroma" => %{"ap_aliases" => res}} = json_response_and_validate_schema(conn, 200)
+      assert Enum.count(res) == 0
+    end
+  end
 end
diff --git a/test/web/web_finger/web_finger_controller_test.exs b/test/web/web_finger/web_finger_controller_test.exs
index 0023f1e81..50b6c4b3e 100644
--- a/test/web/web_finger/web_finger_controller_test.exs
+++ b/test/web/web_finger/web_finger_controller_test.exs
@@ -30,14 +30,24 @@ test "GET host-meta" do
   end
 
   test "Webfinger JRD" do
-    user = insert(:user)
+    user =
+      insert(:user,
+        ap_id: "https://hyrule.world/users/zelda",
+        ap_aliases: ["https://mushroom.kingdom/users/toad"]
+      )
 
     response =
       build_conn()
       |> put_req_header("accept", "application/jrd+json")
       |> get("/.well-known/webfinger?resource=acct:#{user.nickname}@localhost")
+      |> json_response(200)
 
-    assert json_response(response, 200)["subject"] == "acct:#{user.nickname}@localhost"
+    assert response["subject"] == "acct:#{user.nickname}@localhost"
+
+    assert response["aliases"] == [
+             "https://hyrule.world/users/zelda",
+             "https://mushroom.kingdom/users/toad"
+           ]
   end
 
   test "it returns 404 when user isn't found (JSON)" do

From bd1e2e3a58ebd702306e7a6e2df985ac07e5f7d8 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Fri, 17 Jul 2020 19:11:28 -0500
Subject: [PATCH 2/9] Validate alias IDs

---
 CHANGELOG.md        |  1 +
 lib/pleroma/user.ex | 13 +++++++++++++
 test/user_test.exs  |  7 +++++++
 3 files changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a02f28241..ef3235804 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -63,6 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Support pagination in emoji packs API (for packs and for files in pack)
 - Support for viewing instances favicons next to posts and accounts
 - Added Pleroma.Upload.Filter.Exiftool as an alternate EXIF stripping mechanism targeting GPS/location metadata.
+- Ability to set ActivityPub aliases for follower migration.
 
 <details>
   <summary>API Changes</summary>
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 9b756c9a0..66664235b 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -47,6 +47,8 @@ defmodule Pleroma.User do
 
   # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
   @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
+  # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
+  @url_regex ~r/https?:\/\/[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&\/=]*)/
 
   @strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/
   @extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/
@@ -2278,6 +2280,7 @@ def add_aliases(%User{} = user, aliases) when is_list(aliases) do
 
     user
     |> change(%{ap_aliases: alias_set})
+    |> validate_ap_aliases()
     |> Repo.update()
   end
 
@@ -2290,6 +2293,16 @@ def delete_aliases(%User{} = user, aliases) when is_list(aliases) do
 
     user
     |> change(%{ap_aliases: alias_set})
+    |> validate_ap_aliases()
     |> Repo.update()
   end
+
+  defp validate_ap_aliases(changeset) do
+    validate_change(changeset, :ap_aliases, fn :ap_aliases, ap_aliases ->
+      case Enum.all?(ap_aliases, fn a -> Regex.match?(@url_regex, a) end) do
+        true -> []
+        false -> [ap_aliases: "Invalid ap_id format. Must be a URL."]
+      end
+    end)
+  end
 end
diff --git a/test/user_test.exs b/test/user_test.exs
index db6e4872e..29855b9cd 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -1876,6 +1876,13 @@ test "add_aliases/2" do
            ]
   end
 
+  test "add_aliases/2 with invalid alias" do
+    user = insert(:user)
+    {:error, _} = User.add_aliases(user, ["invalid_alias"])
+    {:error, _} = User.add_aliases(user, ["http://still_invalid"])
+    {:error, _} = User.add_aliases(user, ["http://validalias.com/users/dude", "invalid_alias"])
+  end
+
   test "delete_aliases/2" do
     user =
       insert(:user,

From 4af1b803811cbb59d41f0149706d6dda340b4755 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Fri, 7 Aug 2020 16:48:03 -0500
Subject: [PATCH 3/9] Clean up account aliases

---
 docs/API/differences_in_mastoapi_responses.md |  1 +
 docs/API/pleroma_api.md                       | 20 --------
 lib/pleroma/user.ex                           | 37 +++------------
 .../api_spec/operations/account_operation.ex  |  7 +++
 .../operations/pleroma_account_operation.ex   | 46 -------------------
 lib/pleroma/web/api_spec/schemas/account.ex   |  2 +-
 .../controllers/account_controller.ex         |  2 +
 .../web/mastodon_api/views/account_view.ex    |  2 +-
 .../controllers/account_controller.ex         | 25 ----------
 lib/pleroma/web/router.ex                     |  3 --
 lib/pleroma/web/web_finger/web_finger.ex      | 14 +++---
 .../20200717025041_add_aliases_to_users.exs   |  9 ----
 test/user_test.exs                            | 44 ------------------
 .../update_credentials_test.exs               | 10 ++++
 .../mastodon_api/views/account_view_test.exs  |  6 +--
 .../controllers/account_controller_test.exs   | 29 ------------
 .../web_finger/web_finger_controller_test.exs | 12 +++--
 17 files changed, 47 insertions(+), 222 deletions(-)
 delete mode 100644 priv/repo/migrations/20200717025041_add_aliases_to_users.exs

diff --git a/docs/API/differences_in_mastoapi_responses.md b/docs/API/differences_in_mastoapi_responses.md
index 38865dc68..3cb2183bd 100644
--- a/docs/API/differences_in_mastoapi_responses.md
+++ b/docs/API/differences_in_mastoapi_responses.md
@@ -184,6 +184,7 @@ Additional parameters can be added to the JSON body/Form data:
 - `pleroma_settings_store` - Opaque user settings to be saved on the backend.
 - `skip_thread_containment` - if true, skip filtering out broken threads
 - `allow_following_move` - if true, allows automatically follow moved following accounts
+- `also_known_as` - array of ActivityPub IDs, needed for following move
 - `pleroma_background_image` - sets the background image of the user. Can be set to "" (an empty string) to reset.
 - `discoverable` - if true, discovery of this account in search results and other services is allowed.
 - `actor_type` - the type of this account.
diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md
index c1aa4d204..4e97d26c0 100644
--- a/docs/API/pleroma_api.md
+++ b/docs/API/pleroma_api.md
@@ -570,23 +570,3 @@ Emoji reactions work a lot like favourites do. They make it possible to react to
   {"name": "😀", "count": 2, "me": true, "accounts": [{"id" => "xyz.."...}, {"id" => "zyx..."}]}
 ]
 ```
-
-# Account aliases
-
-Set and delete ActivityPub aliases for follower move.
-
-## `POST /api/v1/pleroma/accounts/ap_aliases`
-### Add account aliases
-* Method: `POST`
-* Authentication: required
-* Params:
-  * `aliases`: array of ActivityPub IDs to add
-* Response: JSON, the user's account
-
-## `DELETE /api/v1/pleroma/accounts/ap_aliases`
-### Delete account aliases
-* Method: `DELETE`
-* Authentication: required
-* Params:
-  * `aliases`: array of ActivityPub IDs to delete
-* Response: JSON, the user's account
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index ad7a04f62..57e06bd5a 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -96,7 +96,6 @@ defmodule Pleroma.User do
     field(:keys, :string)
     field(:public_key, :string)
     field(:ap_id, :string)
-    field(:ap_aliases, {:array, :string}, default: [])
     field(:avatar, :map, default: %{})
     field(:local, :boolean, default: true)
     field(:follower_address, :string)
@@ -486,6 +485,7 @@ def update_changeset(struct, params \\ %{}) do
         :hide_follows_count,
         :hide_favorites,
         :allow_following_move,
+        :also_known_as,
         :background,
         :show_role,
         :skip_thread_containment,
@@ -494,12 +494,12 @@ def update_changeset(struct, params \\ %{}) do
         :pleroma_settings_store,
         :discoverable,
         :actor_type,
-        :also_known_as,
         :accepts_chat_messages
       ]
     )
     |> unique_constraint(:nickname)
     |> validate_format(:nickname, local_nickname_regex())
+    |> validate_also_known_as()
     |> validate_length(:bio, max: bio_limit)
     |> validate_length(:name, min: 1, max: name_limit)
     |> validate_inclusion(:actor_type, ["Person", "Service"])
@@ -2387,36 +2387,11 @@ def sanitize_html(%User{} = user, filter) do
     |> Map.put(:fields, fields)
   end
 
-  def add_aliases(%User{} = user, aliases) when is_list(aliases) do
-    alias_set =
-      (user.ap_aliases ++ aliases)
-      |> MapSet.new()
-      |> MapSet.to_list()
-
-    user
-    |> change(%{ap_aliases: alias_set})
-    |> validate_ap_aliases()
-    |> Repo.update()
-  end
-
-  def delete_aliases(%User{} = user, aliases) when is_list(aliases) do
-    alias_set =
-      user.ap_aliases
-      |> MapSet.new()
-      |> MapSet.difference(MapSet.new(aliases))
-      |> MapSet.to_list()
-
-    user
-    |> change(%{ap_aliases: alias_set})
-    |> validate_ap_aliases()
-    |> Repo.update()
-  end
-
-  defp validate_ap_aliases(changeset) do
-    validate_change(changeset, :ap_aliases, fn :ap_aliases, ap_aliases ->
-      case Enum.all?(ap_aliases, fn a -> Regex.match?(@url_regex, a) end) do
+  defp validate_also_known_as(changeset) do
+    validate_change(changeset, :also_known_as, fn :also_known_as, also_known_as ->
+      case Enum.all?(also_known_as, fn a -> Regex.match?(@url_regex, a) end) do
         true -> []
-        false -> [ap_aliases: "Invalid ap_id format. Must be a URL."]
+        false -> [also_known_as: "Invalid ap_id format. Must be a URL."]
       end
     end)
   end
diff --git a/lib/pleroma/web/api_spec/operations/account_operation.ex b/lib/pleroma/web/api_spec/operations/account_operation.ex
index aaebc9b5c..91b4d0c80 100644
--- a/lib/pleroma/web/api_spec/operations/account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/account_operation.ex
@@ -597,6 +597,12 @@ defp update_credentials_request do
           nullable: true,
           description: "Allows automatically follow moved following accounts"
         },
+        also_known_as: %Schema{
+          type: :array,
+          items: %Schema{type: :string},
+          nullable: true,
+          description: "List of alternate ActivityPub IDs"
+        },
         pleroma_background_image: %Schema{
           type: :string,
           nullable: true,
@@ -627,6 +633,7 @@ defp update_credentials_request do
         pleroma_settings_store: %{"pleroma-fe" => %{"key" => "val"}},
         skip_thread_containment: false,
         allow_following_move: false,
+        also_known_as: ["https://foo.bar/users/foo"],
         discoverable: false,
         actor_type: "Person"
       }
diff --git a/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex b/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
index 1040f6e20..97836b2eb 100644
--- a/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/pleroma_account_operation.ex
@@ -4,8 +4,6 @@
 
 defmodule Pleroma.Web.ApiSpec.PleromaAccountOperation do
   alias OpenApiSpex.Operation
-  alias OpenApiSpex.Schema
-  alias Pleroma.Web.ApiSpec.Schemas.Account
   alias Pleroma.Web.ApiSpec.Schemas.AccountRelationship
   alias Pleroma.Web.ApiSpec.Schemas.ApiError
   alias Pleroma.Web.ApiSpec.Schemas.FlakeID
@@ -89,54 +87,10 @@ def unsubscribe_operation do
     }
   end
 
-  def add_aliases_operation do
-    %Operation{
-      tags: ["Accounts"],
-      summary: "Add ActivityPub aliases",
-      operationId: "PleromaAPI.AccountController.add_aliases",
-      requestBody: request_body("Parameters", alias_request(), required: true),
-      security: [%{"oAuth" => ["write:accounts"]}],
-      responses: %{
-        200 => Operation.response("Account", "application/json", Account),
-        403 => Operation.response("Forbidden", "application/json", ApiError)
-      }
-    }
-  end
-
-  def delete_aliases_operation do
-    %Operation{
-      tags: ["Accounts"],
-      summary: "Delete ActivityPub aliases",
-      operationId: "PleromaAPI.AccountController.delete_aliases",
-      requestBody: request_body("Parameters", alias_request(), required: true),
-      security: [%{"oAuth" => ["write:accounts"]}],
-      responses: %{
-        200 => Operation.response("Account", "application/json", Account)
-      }
-    }
-  end
-
   defp id_param do
     Operation.parameter(:id, :path, FlakeID, "Account ID",
       example: "9umDrYheeY451cQnEe",
       required: true
     )
   end
-
-  defp alias_request do
-    %Schema{
-      title: "AccountAliasRequest",
-      description: "POST body for adding/deleting AP aliases",
-      type: :object,
-      properties: %{
-        aliases: %Schema{
-          type: :array,
-          items: %Schema{type: :string}
-        }
-      },
-      example: %{
-        "aliases" => ["https://beepboop.social/users/beep", "https://mushroom.kingdom/users/toad"]
-      }
-    }
-  end
 end
diff --git a/lib/pleroma/web/api_spec/schemas/account.ex b/lib/pleroma/web/api_spec/schemas/account.ex
index 4fd27edf5..cf743932c 100644
--- a/lib/pleroma/web/api_spec/schemas/account.ex
+++ b/lib/pleroma/web/api_spec/schemas/account.ex
@@ -41,7 +41,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
         type: :object,
         properties: %{
           ap_id: %Schema{type: :string},
-          ap_aliases: %Schema{type: :array, items: %Schema{type: :string}},
+          also_known_as: %Schema{type: :array, items: %Schema{type: :string}},
           allow_following_move: %Schema{
             type: :boolean,
             description: "whether the user allows automatically follow moved following accounts"
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index f45678184..b0ec97d87 100644
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -186,6 +186,7 @@ def update_credentials(%{assigns: %{user: user}, body_params: params} = conn, _p
         :show_role,
         :skip_thread_containment,
         :allow_following_move,
+        :also_known_as,
         :discoverable,
         :accepts_chat_messages
       ]
@@ -210,6 +211,7 @@ def update_credentials(%{assigns: %{user: user}, body_params: params} = conn, _p
         if bot, do: {:ok, "Service"}, else: {:ok, "Person"}
       end)
       |> Maps.put_if_present(:actor_type, params[:actor_type])
+      |> Maps.put_if_present(:also_known_as, params[:also_known_as])
 
     # What happens here:
     #
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
index 4f29a80fb..f78b04565 100644
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -267,7 +267,7 @@ defp do_render("show.json", %{user: user} = opts) do
       # Pleroma extension
       pleroma: %{
         ap_id: user.ap_id,
-        ap_aliases: user.ap_aliases,
+        also_known_as: user.also_known_as,
         confirmation_pending: user.confirmation_pending,
         tags: user.tags,
         hide_followers_count: user.hide_followers_count,
diff --git a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
index 03e5781a3..563edded7 100644
--- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
@@ -39,11 +39,6 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
     %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
   )
 
-  plug(
-    OAuthScopesPlug,
-    %{scopes: ["write:accounts"]} when action in [:add_aliases, :delete_aliases]
-  )
-
   plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
 
   plug(:assign_account_by_id when action in [:favourites, :subscribe, :unsubscribe])
@@ -112,24 +107,4 @@ def unsubscribe(%{assigns: %{user: user, account: subscription_target}} = conn,
       {:error, message} -> json_response(conn, :forbidden, %{error: message})
     end
   end
-
-  @doc "POST /api/v1/pleroma/accounts/ap_aliases"
-  def add_aliases(%{assigns: %{user: user}, body_params: %{aliases: aliases}} = conn, _params)
-      when is_list(aliases) do
-    with {:ok, user} <- User.add_aliases(user, aliases) do
-      render(conn, "show.json", user: user)
-    else
-      {:error, message} -> json_response(conn, :forbidden, %{error: message})
-    end
-  end
-
-  @doc "DELETE /api/v1/pleroma/accounts/ap_aliases"
-  def delete_aliases(%{assigns: %{user: user}, body_params: %{aliases: aliases}} = conn, _params)
-      when is_list(aliases) do
-    with {:ok, user} <- User.delete_aliases(user, aliases) do
-      render(conn, "show.json", user: user)
-    else
-      {:error, message} -> json_response(conn, :forbidden, %{error: message})
-    end
-  end
 end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index fbab0fc27..c6433cc53 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -345,9 +345,6 @@ defmodule Pleroma.Web.Router do
 
       post("/accounts/:id/subscribe", AccountController, :subscribe)
       post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
-
-      post("/accounts/ap_aliases", AccountController, :add_aliases)
-      delete("/accounts/ap_aliases", AccountController, :delete_aliases)
     end
 
     post("/accounts/confirmation_resend", AccountController, :confirmation_resend)
diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex
index fb142ce8d..b0df356a3 100644
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@@ -59,10 +59,7 @@ defp gather_links(%User{} = user) do
   end
 
   defp gather_aliases(%User{} = user) do
-    user.ap_aliases
-    |> MapSet.new()
-    |> MapSet.put(user.ap_id)
-    |> MapSet.to_list()
+    [user.ap_id] ++ user.also_known_as
   end
 
   def represent_user(user, "JSON") do
@@ -78,6 +75,10 @@ def represent_user(user, "JSON") do
   def represent_user(user, "XML") do
     {:ok, user} = User.ensure_keys_present(user)
 
+    aliases =
+      gather_aliases(user)
+      |> Enum.map(fn the_alias -> {:Alias, the_alias} end)
+
     links =
       gather_links(user)
       |> Enum.map(fn link -> {:Link, link} end)
@@ -86,9 +87,8 @@ def represent_user(user, "XML") do
       :XRD,
       %{xmlns: "http://docs.oasis-open.org/ns/xri/xrd-1.0"},
       [
-        {:Subject, "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}"},
-        {:Alias, user.ap_id}
-      ] ++ links
+        {:Subject, "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}"}
+      ] ++ aliases ++ links
     }
     |> XmlBuilder.to_doc()
   end
diff --git a/priv/repo/migrations/20200717025041_add_aliases_to_users.exs b/priv/repo/migrations/20200717025041_add_aliases_to_users.exs
deleted file mode 100644
index a6ace6e0f..000000000
--- a/priv/repo/migrations/20200717025041_add_aliases_to_users.exs
+++ /dev/null
@@ -1,9 +0,0 @@
-defmodule Pleroma.Repo.Migrations.AddAliasesToUsers do
-  use Ecto.Migration
-
-  def change do
-    alter table(:users) do
-      add(:ap_aliases, {:array, :string}, default: [])
-    end
-  end
-end
diff --git a/test/user_test.exs b/test/user_test.exs
index 941e48408..b47405895 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -2024,48 +2024,4 @@ test "avatar fallback" do
 
     assert User.avatar_url(user, no_default: true) == nil
   end
-
-  test "add_aliases/2" do
-    user = insert(:user)
-
-    aliases = [
-      "https://gleasonator.com/users/alex",
-      "https://gleasonator.com/users/alex",
-      "https://animalliberation.social/users/alex"
-    ]
-
-    {:ok, user} = User.add_aliases(user, aliases)
-
-    assert user.ap_aliases == [
-             "https://animalliberation.social/users/alex",
-             "https://gleasonator.com/users/alex"
-           ]
-  end
-
-  test "add_aliases/2 with invalid alias" do
-    user = insert(:user)
-    {:error, _} = User.add_aliases(user, ["invalid_alias"])
-    {:error, _} = User.add_aliases(user, ["http://still_invalid"])
-    {:error, _} = User.add_aliases(user, ["http://validalias.com/users/dude", "invalid_alias"])
-  end
-
-  test "delete_aliases/2" do
-    user =
-      insert(:user,
-        ap_aliases: [
-          "https://animalliberation.social/users/alex",
-          "https://benis.social/users/benis",
-          "https://gleasonator.com/users/alex"
-        ]
-      )
-
-    aliases = ["https://benis.social/users/benis"]
-
-    {:ok, user} = User.delete_aliases(user, aliases)
-
-    assert user.ap_aliases == [
-             "https://animalliberation.social/users/alex",
-             "https://gleasonator.com/users/alex"
-           ]
-  end
 end
diff --git a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
index b888e4c71..467110f3b 100644
--- a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
@@ -216,6 +216,16 @@ test "updates the user's name", %{conn: conn} do
       assert user_data["display_name"] == "markorepairs"
     end
 
+    test "updates the user's AKAs", %{conn: conn} do
+      conn =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "also_known_as" => ["https://mushroom.kingdom/users/mario"]
+        })
+
+      assert user_data = json_response_and_validate_schema(conn, 200)
+      assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
+    end
+
     test "updates the user's avatar", %{user: user, conn: conn} do
       new_avatar = %Plug.Upload{
         content_type: "image/jpg",
diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs
index a55b5a06e..bbf7b33a8 100644
--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@@ -38,7 +38,7 @@ test "Represent a user account" do
         inserted_at: ~N[2017-08-15 15:47:06.597036],
         emoji: %{"karjalanpiirakka" => "/file.png"},
         raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
-        ap_aliases: ["https://shitposter.zone/users/shp"]
+        also_known_as: ["https://shitposter.zone/users/shp"]
       })
 
     expected = %{
@@ -78,7 +78,7 @@ test "Represent a user account" do
       },
       pleroma: %{
         ap_id: user.ap_id,
-        ap_aliases: ["https://shitposter.zone/users/shp"],
+        also_known_as: ["https://shitposter.zone/users/shp"],
         background_image: "https://example.com/images/asuka_hospital.png",
         favicon:
           "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png",
@@ -174,7 +174,7 @@ test "Represent a Service(bot) account" do
       },
       pleroma: %{
         ap_id: user.ap_id,
-        ap_aliases: [],
+        also_known_as: [],
         background_image: nil,
         favicon:
           "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png",
diff --git a/test/web/pleroma_api/controllers/account_controller_test.exs b/test/web/pleroma_api/controllers/account_controller_test.exs
index da01a8218..07909d48b 100644
--- a/test/web/pleroma_api/controllers/account_controller_test.exs
+++ b/test/web/pleroma_api/controllers/account_controller_test.exs
@@ -281,33 +281,4 @@ test "returns 404 when subscription_target not found" do
       assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
     end
   end
-
-  describe "aliases controllers" do
-    setup do: oauth_access(["write:accounts"])
-
-    test "adds aliases", %{conn: conn} do
-      aliases = ["https://gleasonator.com/users/alex"]
-
-      conn =
-        conn
-        |> put_req_header("content-type", "application/json")
-        |> post("/api/v1/pleroma/accounts/ap_aliases", %{"aliases" => aliases})
-
-      assert %{"pleroma" => %{"ap_aliases" => res}} = json_response_and_validate_schema(conn, 200)
-      assert Enum.count(res) == 1
-    end
-
-    test "deletes aliases", %{conn: conn, user: user} do
-      aliases = ["https://gleasonator.com/users/alex"]
-      User.add_aliases(user, aliases)
-
-      conn =
-        conn
-        |> put_req_header("content-type", "application/json")
-        |> delete("/api/v1/pleroma/accounts/ap_aliases", %{"aliases" => aliases})
-
-      assert %{"pleroma" => %{"ap_aliases" => res}} = json_response_and_validate_schema(conn, 200)
-      assert Enum.count(res) == 0
-    end
-  end
 end
diff --git a/test/web/web_finger/web_finger_controller_test.exs b/test/web/web_finger/web_finger_controller_test.exs
index 50b6c4b3e..ce9eb0650 100644
--- a/test/web/web_finger/web_finger_controller_test.exs
+++ b/test/web/web_finger/web_finger_controller_test.exs
@@ -33,7 +33,7 @@ test "Webfinger JRD" do
     user =
       insert(:user,
         ap_id: "https://hyrule.world/users/zelda",
-        ap_aliases: ["https://mushroom.kingdom/users/toad"]
+        also_known_as: ["https://mushroom.kingdom/users/toad"]
       )
 
     response =
@@ -61,14 +61,20 @@ test "it returns 404 when user isn't found (JSON)" do
   end
 
   test "Webfinger XML" do
-    user = insert(:user)
+    user =
+      insert(:user,
+        ap_id: "https://hyrule.world/users/zelda",
+        also_known_as: ["https://mushroom.kingdom/users/toad"]
+      )
 
     response =
       build_conn()
       |> put_req_header("accept", "application/xrd+xml")
       |> get("/.well-known/webfinger?resource=acct:#{user.nickname}@localhost")
+      |> response(200)
 
-    assert response(response, 200)
+    assert response =~ "<Alias>https://hyrule.world/users/zelda</Alias>"
+    assert response =~ "<Alias>https://mushroom.kingdom/users/toad</Alias>"
   end
 
   test "it returns 404 when user isn't found (XML)" do

From a3964b373e696301dae0e432983f55d22f055c5f Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Thu, 8 Oct 2020 15:46:03 -0500
Subject: [PATCH 4/9] Aliases: move changelog entry

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97908caf7..6107ac07e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mix tasks for controlling user account confirmation status in bulk (`mix pleroma.user confirm_all` and `mix pleroma.user unconfirm_all`)
 - Mix task for sending confirmation emails to all unconfirmed users (`mix pleroma.email send_confirmation_mails`)
 - Mix task option for force-unfollowing relays
+- Ability to set ActivityPub aliases for follower migration.
 
 ### Changed
 
@@ -182,7 +183,6 @@ switched to a new configuration mechanism, however it was not officially removed
 - Support pagination in emoji packs API (for packs and for files in pack)
 - Support for viewing instances favicons next to posts and accounts
 - Added Pleroma.Upload.Filter.Exiftool as an alternate EXIF stripping mechanism targeting GPS/location metadata.
-- Ability to set ActivityPub aliases for follower migration.
 - "By approval" registrations mode.
 - Configuration: Added `:welcome` settings for the welcome message to newly registered users. You can send a welcome message as a direct message, chat or email.
 - Ability to hide favourites and emoji reactions in the API with `[:instance, :show_reactions]` config.

From 5ec7d88b77360ed78f75be6b1f94895c3f602972 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Thu, 8 Oct 2020 16:33:47 -0500
Subject: [PATCH 5/9] Aliases: fix URL regex

---
 lib/pleroma/user.ex | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index e0252c8ee..d66c92b14 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -51,8 +51,7 @@ defmodule Pleroma.User do
 
   # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
   @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
-  # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
-  @url_regex ~r/https?:\/\/[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&\/=]*)/
+  @url_regex ~r/^https?:\/\/[^\s]{1,256}$/
 
   @strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/
   @extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/

From 11d40e92b7ee4d855c02d24a485035fb622a138a Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Wed, 30 Dec 2020 18:53:27 -0600
Subject: [PATCH 6/9] Render AKAs in Actor endpoints

---
 lib/pleroma/web/activity_pub/views/user_view.ex        | 3 ++-
 test/pleroma/web/activity_pub/views/user_view_test.exs | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex
index 93c9f436c..241224b57 100644
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@@ -112,7 +112,8 @@ def render("user.json", %{user: user}) do
       "tag" => emoji_tags,
       # Note: key name is indeed "discoverable" (not an error)
       "discoverable" => user.is_discoverable,
-      "capabilities" => capabilities
+      "capabilities" => capabilities,
+      "alsoKnownAs" => user.also_known_as
     }
     |> Map.merge(maybe_make_image(&User.avatar_url/2, "icon", user))
     |> Map.merge(maybe_make_image(&User.banner_url/2, "image", user))
diff --git a/test/pleroma/web/activity_pub/views/user_view_test.exs b/test/pleroma/web/activity_pub/views/user_view_test.exs
index fe6ddf0d6..5702c1b6f 100644
--- a/test/pleroma/web/activity_pub/views/user_view_test.exs
+++ b/test/pleroma/web/activity_pub/views/user_view_test.exs
@@ -80,6 +80,12 @@ test "renders an invisible user with the invisible property set to true" do
     assert %{"invisible" => true} = UserView.render("service.json", %{user: user})
   end
 
+  test "renders AKAs" do
+    akas = ["https://i.tusooa.xyz/users/test-pleroma"]
+    user = insert(:user, also_known_as: akas)
+    assert %{"alsoKnownAs" => ^akas} = UserView.render("user.json", %{user: user})
+  end
+
   describe "endpoints" do
     test "local users have a usable endpoints structure" do
       user = insert(:user)

From 0d6b9ce8ca5afd1ddaa0af4061fd956b29d17826 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Thu, 31 Dec 2020 18:51:57 +0000
Subject: [PATCH 7/9] Apply 2 suggestion(s) to 1 file(s)

---
 lib/pleroma/web/web_finger.ex | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/pleroma/web/web_finger.ex b/lib/pleroma/web/web_finger.ex
index 7c009388a..a109e1acc 100644
--- a/lib/pleroma/web/web_finger.ex
+++ b/lib/pleroma/web/web_finger.ex
@@ -59,7 +59,7 @@ defp gather_links(%User{} = user) do
   end
 
   defp gather_aliases(%User{} = user) do
-    [user.ap_id] ++ user.also_known_as
+    [user.ap_id | user.also_known_as]
   end
 
   def represent_user(user, "JSON") do
@@ -76,8 +76,9 @@ def represent_user(user, "XML") do
     {:ok, user} = User.ensure_keys_present(user)
 
     aliases =
-      gather_aliases(user)
-      |> Enum.map(fn the_alias -> {:Alias, the_alias} end)
+      user
+      |> gather_aliases()
+      |> Enum.map(&{:Alias, &1})
 
     links =
       gather_links(user)

From 4200a063408966b1e14e79b18c96ce59af23ec35 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Thu, 31 Dec 2020 12:53:28 -0600
Subject: [PATCH 8/9] Aliases: refactor validate_also_known_as/1

---
 lib/pleroma/user.ex | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 7b26ac7a3..230845662 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -2458,9 +2458,10 @@ def sanitize_html(%User{} = user, filter) do
 
   defp validate_also_known_as(changeset) do
     validate_change(changeset, :also_known_as, fn :also_known_as, also_known_as ->
-      case Enum.all?(also_known_as, fn a -> Regex.match?(@url_regex, a) end) do
-        true -> []
-        false -> [also_known_as: "Invalid ap_id format. Must be a URL."]
+      if Enum.all?(also_known_as, fn a -> Regex.match?(@url_regex, a) end) do
+        []
+      else
+        [also_known_as: "Invalid ap_id format. Must be a URL."]
       end
     end)
   end

From e802b48d558ccd4a65a6da2bcc6dacb057b7fd09 Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Tue, 5 Jan 2021 13:10:14 +0100
Subject: [PATCH 9/9] User: Use ObjectID type to validate also-known-as field

---
 lib/pleroma/user.ex                                | 14 +-------------
 .../web/mastodon_api/update_credentials_test.exs   |  9 +++++++++
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 230845662..52730fd8d 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -51,7 +51,6 @@ defmodule Pleroma.User do
 
   # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
   @email_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
-  @url_regex ~r/^https?:\/\/[^\s]{1,256}$/
 
   @strict_local_nickname_regex ~r/^[a-zA-Z\d]+$/
   @extended_local_nickname_regex ~r/^[a-zA-Z\d_-]+$/
@@ -143,7 +142,7 @@ defmodule Pleroma.User do
     field(:allow_following_move, :boolean, default: true)
     field(:skip_thread_containment, :boolean, default: false)
     field(:actor_type, :string, default: "Person")
-    field(:also_known_as, {:array, :string}, default: [])
+    field(:also_known_as, {:array, ObjectValidators.ObjectID}, default: [])
     field(:inbox, :string)
     field(:shared_inbox, :string)
     field(:accepts_chat_messages, :boolean, default: nil)
@@ -530,7 +529,6 @@ def update_changeset(struct, params \\ %{}) do
     )
     |> unique_constraint(:nickname)
     |> validate_format(:nickname, local_nickname_regex())
-    |> validate_also_known_as()
     |> validate_length(:bio, max: bio_limit)
     |> validate_length(:name, min: 1, max: name_limit)
     |> validate_inclusion(:actor_type, ["Person", "Service"])
@@ -2456,16 +2454,6 @@ def sanitize_html(%User{} = user, filter) do
     |> Map.put(:fields, fields)
   end
 
-  defp validate_also_known_as(changeset) do
-    validate_change(changeset, :also_known_as, fn :also_known_as, also_known_as ->
-      if Enum.all?(also_known_as, fn a -> Regex.match?(@url_regex, a) end) do
-        []
-      else
-        [also_known_as: "Invalid ap_id format. Must be a URL."]
-      end
-    end)
-  end
-
   def get_host(%User{ap_id: ap_id} = _user) do
     URI.parse(ap_id).host
   end
diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs
index ff0147244..e3e437a19 100644
--- a/test/pleroma/web/mastodon_api/update_credentials_test.exs
+++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs
@@ -228,6 +228,15 @@ test "updates the user's AKAs", %{conn: conn} do
       assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
     end
 
+    test "doesn't update non-url akas", %{conn: conn} do
+      conn =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "also_known_as" => ["aReallyCoolGuy"]
+        })
+
+      assert json_response_and_validate_schema(conn, 403)
+    end
+
     test "updates the user's avatar", %{user: user, conn: conn} do
       new_avatar = %Plug.Upload{
         content_type: "image/jpeg",