From dcc54f8cfab2c3d278ea3f3eb54d866c8436703a Mon Sep 17 00:00:00 2001 From: Alex S Date: Sat, 6 Apr 2019 20:25:19 +0700 Subject: [PATCH] admin api endpoints for invites --- .../web/admin_api/admin_api_controller.ex | 28 ++- .../web/admin_api/views/account_view.ex | 18 ++ lib/pleroma/web/router.ex | 2 + .../admin_api/admin_api_controller_test.exs | 163 ++++++++++++++++-- 4 files changed, 191 insertions(+), 20 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 78bf31893..8b74efdd3 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -9,6 +9,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.AccountView alias Pleroma.Web.AdminAPI.Search + alias Pleroma.UserInviteToken + import Pleroma.Web.ControllerHelper, only: [json_response: 3] require Logger @@ -235,7 +237,7 @@ def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) with true <- Pleroma.Config.get([:instance, :invites_enabled]) && !Pleroma.Config.get([:instance, :registrations_open]), - {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(), + {:ok, invite_token} <- UserInviteToken.create_invite(), email <- Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]), {:ok, _} <- Pleroma.Mailer.deliver(email) do @@ -244,11 +246,29 @@ def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) end @doc "Get a account registeration invite token (base64 string)" - def get_invite_token(conn, _params) do - {:ok, token} = Pleroma.UserInviteToken.create_token() + def get_invite_token(conn, params) do + options = params["invite"] || %{} + {:ok, invite} = UserInviteToken.create_invite(options) conn - |> json(token.token) + |> json(invite.token) + end + + @doc "Get list of created invites" + def invites_list(conn, _params) do + invites = UserInviteToken.list_invites() + + conn + |> json(AccountView.render("invites.json", %{invites: invites})) + end + + @doc "Revokes invite by token" + def invite_revoke(conn, %{"token" => token}) do + invite = UserInviteToken.find_by_token!(token) + {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true}) + + conn + |> json(AccountView.render("invite.json", %{invite: updated_invite})) end @doc "Get a password reset token (base64 string) for given nickname" diff --git a/lib/pleroma/web/admin_api/views/account_view.ex b/lib/pleroma/web/admin_api/views/account_view.ex index 4d6f921ef..fd7917500 100644 --- a/lib/pleroma/web/admin_api/views/account_view.ex +++ b/lib/pleroma/web/admin_api/views/account_view.ex @@ -26,4 +26,22 @@ def render("show.json", %{user: user}) do "tags" => user.tags || [] } end + + def render("invite.json", %{invite: invite}) do + %{ + "id" => invite.id, + "token" => invite.token, + "used" => invite.used, + "expire_at" => invite.expire_at, + "uses" => invite.uses, + "max_use" => invite.max_use, + "invite_type" => invite.invite_type + } + end + + def render("invites.json", %{invites: invites}) do + %{ + invites: render_many(invites, AccountView, "invite.json", as: :invite) + } + end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1c752e44c..f628baa44 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -163,6 +163,8 @@ defmodule Pleroma.Web.Router do delete("/relay", AdminAPIController, :relay_unfollow) get("/invite_token", AdminAPIController, :get_invite_token) + get("/invites_list", AdminAPIController, :invites_list) + post("/invite_revoke", AdminAPIController, :invite_revoke) post("/email_invite", AdminAPIController, :email_invite) get("/password_reset", AdminAPIController, :get_password_reset) diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index dd2fbfb15..ae287a953 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -6,6 +6,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do use Pleroma.Web.ConnCase alias Pleroma.User + alias Pleroma.UserInviteToken import Pleroma.Factory describe "/api/pleroma/admin/user" do @@ -80,14 +81,13 @@ test "allows to force-follow another user" do user = insert(:user) follower = insert(:user) - conn = - build_conn() - |> assign(:user, admin) - |> put_req_header("accept", "application/json") - |> post("/api/pleroma/admin/user/follow", %{ - "follower" => follower.nickname, - "followed" => user.nickname - }) + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user/follow", %{ + "follower" => follower.nickname, + "followed" => user.nickname + }) user = User.get_by_id(user.id) follower = User.get_by_id(follower.id) @@ -104,14 +104,13 @@ test "allows to force-unfollow another user" do User.follow(follower, user) - conn = - build_conn() - |> assign(:user, admin) - |> put_req_header("accept", "application/json") - |> post("/api/pleroma/admin/user/unfollow", %{ - "follower" => follower.nickname, - "followed" => user.nickname - }) + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user/unfollow", %{ + "follower" => follower.nickname, + "followed" => user.nickname + }) user = User.get_by_id(user.id) follower = User.get_by_id(follower.id) @@ -642,4 +641,136 @@ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do "tags" => [] } end + + describe "GET /api/pleroma/admin/invite_token" do + test "without options" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token") + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + refute invite.used + refute invite.expire_at + refute invite.max_use + assert invite.invite_type == "one_time" + end + + test "with expire_at" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token", %{ + "invite" => %{"expire_at" => Date.to_string(Date.utc_today())} + }) + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + + refute invite.used + assert invite.expire_at == Date.utc_today() + refute invite.max_use + assert invite.invite_type == "date_limited" + end + + test "with max_use" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token", %{ + "invite" => %{"max_use" => 150} + }) + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + refute invite.used + refute invite.expire_at + assert invite.max_use == 150 + assert invite.invite_type == "reusable" + end + + test "with max use and expire_at" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invite_token", %{ + "invite" => %{"max_use" => 150, "expire_at" => Date.to_string(Date.utc_today())} + }) + + token = json_response(conn, 200) + invite = UserInviteToken.find_by_token!(token) + refute invite.used + assert invite.expire_at == Date.utc_today() + assert invite.max_use == 150 + assert invite.invite_type == "reusable_date_limited" + end + end + + describe "GET /api/pleroma/admin/invites_list" do + test "no invites" do + admin = insert(:user, info: %{is_admin: true}) + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invites_list") + + assert json_response(conn, 200) == %{"invites" => []} + end + + test "with invite" do + admin = insert(:user, info: %{is_admin: true}) + {:ok, invite} = UserInviteToken.create_invite() + + conn = + build_conn() + |> assign(:user, admin) + |> get("/api/pleroma/admin/invites_list") + + assert json_response(conn, 200) == %{ + "invites" => [ + %{ + "expire_at" => nil, + "id" => invite.id, + "invite_type" => "one_time", + "max_use" => nil, + "token" => invite.token, + "used" => false, + "uses" => 0 + } + ] + } + end + end + + describe "POST /api/pleroma/admin/invite_revoke" do + test "with token" do + admin = insert(:user, info: %{is_admin: true}) + {:ok, invite} = UserInviteToken.create_invite() + + conn = + build_conn() + |> assign(:user, admin) + |> post("/api/pleroma/admin/invite_revoke", %{"token" => invite.token}) + + assert json_response(conn, 200) == %{ + "expire_at" => nil, + "id" => invite.id, + "invite_type" => "one_time", + "max_use" => nil, + "token" => invite.token, + "used" => true, + "uses" => 0 + } + end + end end