From 8d21859717a75e01128f50b0b51efdd0a4748670 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Mon, 18 Mar 2019 18:09:53 +0300 Subject: [PATCH] [#923] External User registration refactoring, password randomization. --- lib/pleroma/user.ex | 38 ++++--------------- lib/pleroma/web/auth/pleroma_authenticator.ex | 14 +++++-- 2 files changed, 18 insertions(+), 34 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index bd742b2fd..558216894 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -209,35 +209,6 @@ def reset_password(user, data) do update_and_set_cache(password_update_changeset(user, data)) end - # TODO: FIXME (WIP): - def external_registration_changeset(struct, params \\ %{}) do - info_change = User.Info.confirmation_changeset(%User.Info{}, :confirmed) - - changeset = - struct - |> cast(params, [:email, :nickname, :name, :bio]) - |> unique_constraint(:email) - |> unique_constraint(:nickname) - |> validate_exclusion(:nickname, Pleroma.Config.get([Pleroma.User, :restricted_nicknames])) - |> validate_format(:email, @email_regex) - |> validate_length(:bio, max: 1000) - |> put_change(:info, info_change) - - if changeset.valid? do - nickname = changeset.changes[:nickname] - ap_id = (nickname && User.ap_id(%User{nickname: nickname})) || nil - followers = User.ap_followers(%User{nickname: ap_id}) - - changeset - |> put_change(:ap_id, ap_id) - |> unique_constraint(:ap_id) - |> put_change(:following, [followers]) - |> put_change(:follower_address, followers) - else - changeset - end - end - def register_changeset(struct, params \\ %{}, opts \\ []) do confirmation_status = if opts[:confirmed] || !Pleroma.Config.get([:instance, :account_activation_required]) do @@ -251,7 +222,7 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do changeset = struct |> cast(params, [:bio, :email, :name, :nickname, :password, :password_confirmation]) - |> validate_required([:email, :name, :nickname, :password, :password_confirmation]) + |> validate_required([:name, :nickname, :password, :password_confirmation]) |> validate_confirmation(:password) |> unique_constraint(:email) |> unique_constraint(:nickname) @@ -262,6 +233,13 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do |> validate_length(:name, min: 1, max: 100) |> put_change(:info, info_change) + changeset = + if opts[:external] do + changeset + else + validate_required(changeset, [:email]) + end + if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) ap_id = User.ap_id(%User{nickname: changeset.changes[:nickname]}) diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index 2d4399490..36ecd0560 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -54,20 +54,26 @@ def get_by_external_registration( # Note: generating a random numeric suffix to nickname in case this nickname is already taken nickname = if nickname && User.get_by_nickname(nickname) do - "#{nickname}_#{:os.system_time()}" + "#{nickname}#{:os.system_time()}" else nickname end + random_password = :crypto.strong_rand_bytes(64) |> Base.encode64() + with {:ok, new_user} <- - User.external_registration_changeset( + User.register_changeset( %User{}, %{ name: info.name, bio: info.description, email: email, - nickname: nickname - } + nickname: nickname, + password: random_password, + password_confirmation: random_password + }, + external: true, + confirmed: true ) |> Repo.insert(), {:ok, _} <-