From ee2e1328addb2b3a9f67eb47c983c63e496bc040 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Oct 2018 18:38:16 +0200 Subject: [PATCH 01/25] admin_api_controller.ex: Create --- .../web/admin_api/admin_api_controller.ex | 25 ++++++++++++++ lib/pleroma/web/router.ex | 33 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 lib/pleroma/web/admin_api/admin_api_controller.ex diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex new file mode 100644 index 000000000..1618a8372 --- /dev/null +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -0,0 +1,25 @@ +defmodule Pleroma.Web.AdminAPI.Controller do + use Pleroma.Web, :controller + + require Logger + + action_fallback(:errors) + + def user_delete(%{assigns: %{user: user}} = conn, _params) do + end + + def user_create(%{assigns: %{user: user}} = conn, _params) do + end + + def relay_follow(%{assigns: %{user: user}} = conn, _params) do + end + + def relay_unfollow(%{assigns: %{user: user}} = conn, _params) do + end + + def user_delete(%{assigns: %{user: user}} = conn, _params) do + end + + def user_delete(%{assigns: %{user: user}} = conn, _params) do + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 462369806..1fa2625d0 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -31,6 +31,21 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end + pipeline :admin_api do + plug(:accepts, ["json"]) + plug(:fetch_session) + plug(Pleroma.Plugs.OAuthPlug) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) + plug(Pleroma.Plugs.EnsureAuthenticatedPlug) + plug(Pleroma.Plugs.UserIsAdminPlug) + end + pipeline :mastodon_html do plug(:accepts, ["html"]) plug(:fetch_session) @@ -79,6 +94,24 @@ defmodule Pleroma.Web.Router do get("/emoji", UtilController, :emoji) end + scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through(:admin_api) + delete("/user", AdminAPIController, :user_delete) + post("/user", AdminAPIController, :user_create) + + # Maybe put a "rights" endpoint instead? + post("/moderator", AdminAPIController, :moderator_make) + delete("/moderator", AdminAPIController, :moderator_unmake) + post("/admin", AdminAPIController, :admin_make) + delete("/admin", AdminAPIController, :admin_unmake) + + post("/relay", AdminAPIController, :relay_follow) + delete("/relay", AdminAPIController, :relay_unfollow) + + get("/invite_token", AdminAPIController, :get_invite_token) + get("/password_reset", AdminAPIController, :get_password_reset) + end + scope "/", Pleroma.Web.TwitterAPI do pipe_through(:pleroma_html) get("/ostatus_subscribe", UtilController, :remote_follow) From 77d2fd54dd2770ba24099302a0fee052439e7a37 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Oct 2018 19:03:05 +0200 Subject: [PATCH 02/25] admin_api_controller: Have some basic code --- .../web/admin_api/admin_api_controller.ex | 59 +++++++++++++++++-- 1 file changed, 53 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 1618a8372..b6348c3c1 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -1,25 +1,72 @@ defmodule Pleroma.Web.AdminAPI.Controller do use Pleroma.Web, :controller + alias Pleroma.{User, Repo} + alias Pleroma.Web.ActivityPub.Relay require Logger action_fallback(:errors) - def user_delete(%{assigns: %{user: user}} = conn, _params) do + def user_delete(conn, %{nickname: nickname}) do + user = User.get_by_nickname(nickname) + + if user[:local] == true do + User.delete(user) + else + User.delete(user) + end + + conn + |> send(200) end - def user_create(%{assigns: %{user: user}} = conn, _params) do + def user_create( + conn, + %{user: %{nickname: nickname, email: email, password: password} = user} + ) do + new_user = %User{ + nickname: nickname, + name: user.name || nickname, + email: email, + password: password, + password_confirmation: password, + bio: user.bio || "." + } + + User.register_changeset(%User{}, new_user) + + Repo.insert!(user) + + conn + |> send(200) end - def relay_follow(%{assigns: %{user: user}} = conn, _params) do + def relay_follow(conn, %{relay_url: target}) do + :ok = Relay.follow(target) + + conn + |> send(200) end - def relay_unfollow(%{assigns: %{user: user}} = conn, _params) do + def relay_unfollow(conn, %{relay_url: target}) do + :ok = Relay.unfollow(target) + + conn + |> send(200) end - def user_delete(%{assigns: %{user: user}} = conn, _params) do + def get_invite_token(conn, _params) do + {:ok, token} <- Pleroma.UserInviteToken.create_token() + + conn + |> puts(token) end - def user_delete(%{assigns: %{user: user}} = conn, _params) do + def get_password_reset(conn, %{nickname: nickname}) do + (%User{local: true} = user) = User.get_by_nickname(nickname) + {:ok, token} = Pleroma.PasswordResetToken.create_token(user) + + conn + |> puts(token) end end From 7076d45cb6661731201a0224628b748a0f6782e8 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Oct 2018 19:13:21 +0200 Subject: [PATCH 03/25] lib/pleroma/plugs/user_is_admin_plug.ex: Create --- lib/pleroma/plugs/user_is_admin_plug.ex | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lib/pleroma/plugs/user_is_admin_plug.ex diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex new file mode 100644 index 000000000..2f812bf47 --- /dev/null +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -0,0 +1,17 @@ +defmodule Pleroma.Plugs.UserIsAdminPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{info: %{"is_admin" => false}}}} = conn, _) do + conn + |> assign(:user, nil) + end + + def call(conn, _) do + conn + end +end From 011a2e36b1bec75afab96b7ed529dd5c4f18af7a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 05:12:09 +0200 Subject: [PATCH 04/25] lib/mix/tasks/make_admin.ex: New task --- lib/mix/tasks/set_admin.ex | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 lib/mix/tasks/set_admin.ex diff --git a/lib/mix/tasks/set_admin.ex b/lib/mix/tasks/set_admin.ex new file mode 100644 index 000000000..d5ccf261b --- /dev/null +++ b/lib/mix/tasks/set_admin.ex @@ -0,0 +1,32 @@ +defmodule Mix.Tasks.SetAdmin do + use Mix.Task + alias Pleroma.User + + @doc """ + Sets admin status + Usage: set_admin nickname [true|false] + """ + def run([nickname | rest]) do + Application.ensure_all_started(:pleroma) + + status = + case rest do + [status] -> status == "true" + _ -> true + end + + with %User{local: true} = user <- User.get_by_nickname(nickname) do + info = + user.info + |> Map.put("is_admin", !!status) + + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) + + IO.puts("Admin status of #{nickname}: #{user.info["is_admin"]}") + else + _ -> + IO.puts("No local user #{nickname}") + end + end +end From c8b8f1d32c28e2a0ccf30f999c417b7739b9c445 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:25:50 +0200 Subject: [PATCH 05/25] [Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting --- lib/pleroma/plugs/user_is_admin_plug.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex index 2f812bf47..bdd057c44 100644 --- a/lib/pleroma/plugs/user_is_admin_plug.ex +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -6,12 +6,14 @@ def init(options) do options end - def call(%{assigns: %{user: %User{info: %{"is_admin" => false}}}} = conn, _) do + def call(%{assigns: %{user: %User{info: %{"is_admin" => true}}}} = conn, _) do conn - |> assign(:user, nil) end def call(conn, _) do conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{error: "Not admin."})) + |> halt end end From 5732eef16b74e5f5c56415c4bc8fb6e21d21a329 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:26:58 +0200 Subject: [PATCH 06/25] =?UTF-8?q?lib/pleroma/web/admin=5Fapi/admin=5Fapi?= =?UTF-8?q?=5Fcontroller.ex:=20Pleroma.Web.AdminAPI.Controller=20=E2=86=92?= =?UTF-8?q?=20Pleroma.Web.AdminAPI.AdminAPIController?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/admin_api/admin_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index b6348c3c1..a6f8cd4d3 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -1,4 +1,4 @@ -defmodule Pleroma.Web.AdminAPI.Controller do +defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller alias Pleroma.{User, Repo} alias Pleroma.Web.ActivityPub.Relay From 578a9117370c3756c56448ad663664f73155a50b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:28:20 +0200 Subject: [PATCH 07/25] admin_api_controller.ex: get_password_reset: fix params and response --- .../web/admin_api/admin_api_controller.ex | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index a6f8cd4d3..0cc84430d 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -62,11 +62,23 @@ def get_invite_token(conn, _params) do |> puts(token) end - def get_password_reset(conn, %{nickname: nickname}) do + def get_password_reset(conn, %{"nickname" => nickname}) do (%User{local: true} = user) = User.get_by_nickname(nickname) {:ok, token} = Pleroma.PasswordResetToken.create_token(user) conn - |> puts(token) + |> json(token.token) + end + + def errors(conn, {:param_cast, _}) do + conn + |> put_status(400) + |> json("Invalid parameters") + end + + def errors(conn, _) do + conn + |> put_status(500) + |> json("Something went wrong") end end From 95b107b6ccdca0413ec205525ac308dc4ee9e173 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:37:37 +0200 Subject: [PATCH 08/25] admin_api_controller.ex: Add documentation, fix get_invite_token --- lib/pleroma/web/admin_api/admin_api_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 0cc84430d..7ef60b1f4 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -55,13 +55,15 @@ def relay_unfollow(conn, %{relay_url: target}) do |> send(200) end + @shortdoc "Get a account registeration invite token (base64 string)" def get_invite_token(conn, _params) do {:ok, token} <- Pleroma.UserInviteToken.create_token() conn - |> puts(token) + |> json(token.token) end + @shortdoc "Get a password reset token (base64 string) for given nickname" def get_password_reset(conn, %{"nickname" => nickname}) do (%User{local: true} = user) = User.get_by_nickname(nickname) {:ok, token} = Pleroma.PasswordResetToken.create_token(user) From c5a2bd6a65686ab17878e0439c8b6c804abe6fbb Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:43:08 +0200 Subject: [PATCH 09/25] admin_api_controller.ex: fix remaining params at once --- lib/pleroma/web/admin_api/admin_api_controller.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 7ef60b1f4..70c1caaec 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -7,7 +7,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do action_fallback(:errors) - def user_delete(conn, %{nickname: nickname}) do + def user_delete(conn, %{"nickname" => nickname}) do user = User.get_by_nickname(nickname) if user[:local] == true do @@ -22,7 +22,7 @@ def user_delete(conn, %{nickname: nickname}) do def user_create( conn, - %{user: %{nickname: nickname, email: email, password: password} = user} + %{user: %{"nickname" => nickname, "email" => email, "password" => password} = user} ) do new_user = %User{ nickname: nickname, @@ -41,14 +41,14 @@ def user_create( |> send(200) end - def relay_follow(conn, %{relay_url: target}) do + def relay_follow(conn, %{"relay_url" => target}) do :ok = Relay.follow(target) conn |> send(200) end - def relay_unfollow(conn, %{relay_url: target}) do + def relay_unfollow(conn, %{"relay_url" => target}) do :ok = Relay.unfollow(target) conn From 59ce7fedce51cff39165ff1bb4ce1fbd8b53f530 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 08:15:09 +0100 Subject: [PATCH 10/25] Fix connection returns make generic right endpoint [AdminAPI] --- .../web/admin_api/admin_api_controller.ex | 54 ++++++++++++++++--- lib/pleroma/web/router.ex | 7 +-- 2 files changed, 50 insertions(+), 11 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 70c1caaec..a7be3611f 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -17,7 +17,7 @@ def user_delete(conn, %{"nickname" => nickname}) do end conn - |> send(200) + |> json(nickname) end def user_create( @@ -35,29 +35,71 @@ def user_create( User.register_changeset(%User{}, new_user) - Repo.insert!(user) + Repo.insert!(new_user) conn - |> send(200) + |> json(new_user.nickname) + end + + def right_add(conn, %{"right" => right, "nickname" => nickname}) + when right in ["moderator", "admin"] do + user = User.get_by_nickname(nickname) + + info = + user.info + |> Map.put("is_" <> right, true) + + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) + + conn + |> json(user.info) + end + + def right_add(conn, _) do + conn + |> put_status(404) + |> json(%{error: "No such right"}) + end + + def right_delete(conn, %{"right" => right, "nickname" => nickname}) + when right in ["moderator", "admin"] do + user = User.get_by_nickname(nickname) + + info = + user.info + |> Map.put("is_" <> right, false) + + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) + + conn + |> json(user.info) + end + + def right_delete(conn, _) do + conn + |> put_status(404) + |> json(%{error: "No such right"}) end def relay_follow(conn, %{"relay_url" => target}) do :ok = Relay.follow(target) conn - |> send(200) + |> json(target) end def relay_unfollow(conn, %{"relay_url" => target}) do :ok = Relay.unfollow(target) conn - |> send(200) + |> json(target) end @shortdoc "Get a account registeration invite token (base64 string)" def get_invite_token(conn, _params) do - {:ok, token} <- Pleroma.UserInviteToken.create_token() + {:ok, token} = Pleroma.UserInviteToken.create_token() conn |> json(token.token) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1fa2625d0..4d9422970 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,11 +99,8 @@ defmodule Pleroma.Web.Router do delete("/user", AdminAPIController, :user_delete) post("/user", AdminAPIController, :user_create) - # Maybe put a "rights" endpoint instead? - post("/moderator", AdminAPIController, :moderator_make) - delete("/moderator", AdminAPIController, :moderator_unmake) - post("/admin", AdminAPIController, :admin_make) - delete("/admin", AdminAPIController, :admin_unmake) + post("/rights/:right/:nickname", AdminAPIController, :right_add) + delete("/rights/:right/:nickname", AdminAPIController, :right_delete) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) From f48062488e2af9fdf40875d4fde7bd2d12d5cad6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 08:19:56 +0100 Subject: [PATCH 11/25] Add get endpoints for rights [AdminAPI] --- lib/pleroma/web/admin_api/admin_api_controller.ex | 7 +++++++ lib/pleroma/web/router.ex | 6 ++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index a7be3611f..17f5f320d 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -56,6 +56,13 @@ def right_add(conn, %{"right" => right, "nickname" => nickname}) |> json(user.info) end + def right_get(conn, %{"nickname" => nickname}) do + user = User.get_by_nickname(nickname) + + conn + |> json(user.info) + end + def right_add(conn, _) do conn |> put_status(404) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 4d9422970..281e816c1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,8 +99,10 @@ defmodule Pleroma.Web.Router do delete("/user", AdminAPIController, :user_delete) post("/user", AdminAPIController, :user_create) - post("/rights/:right/:nickname", AdminAPIController, :right_add) - delete("/rights/:right/:nickname", AdminAPIController, :right_delete) + get("/rights/:nickname", AdminAPIController, :right_get) + get("/rights/:nickname/:right", AdminAPIController, :right_get) + post("/rights/:nickname/:right", AdminAPIController, :right_add) + delete("/rights/:nickname/:right", AdminAPIController, :right_delete) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) From a87ed2fad6cdf91d19601471d593d21ce618f0c2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 08:30:52 +0100 Subject: [PATCH 12/25] Pleroma.Web.AdminAPI.AdminAPIController: user_create statement format --- lib/pleroma/web/admin_api/admin_api_controller.ex | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 17f5f320d..cb9839324 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -20,10 +20,9 @@ def user_delete(conn, %{"nickname" => nickname}) do |> json(nickname) end - def user_create( - conn, - %{user: %{"nickname" => nickname, "email" => email, "password" => password} = user} - ) do + def user_create(conn, %{ + user: %{"nickname" => nickname, "email" => email, "password" => password} = user + }) do new_user = %User{ nickname: nickname, name: user.name || nickname, From f9d05902fea122a995cb66cadaeb420df0d504b6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:42:34 +0100 Subject: [PATCH 13/25] lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves --- .../web/admin_api/admin_api_controller.ex | 30 +++++++++++++------ 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index cb9839324..c1df2d570 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -68,19 +68,31 @@ def right_add(conn, _) do |> json(%{error: "No such right"}) end - def right_delete(conn, %{"right" => right, "nickname" => nickname}) + def right_delete( + %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn, + %{ + "right" => right, + "nickname" => nickname + } + ) when right in ["moderator", "admin"] do - user = User.get_by_nickname(nickname) + if admin_nickname == nickname do + conn + |> post_status(403) + |> json(%{error: "You can't revoke your own admin status."}) + else + user = User.get_by_nickname(nickname) - info = - user.info - |> Map.put("is_" <> right, false) + info = + user.info + |> Map.put("is_" <> right, false) - cng = User.info_changeset(user, %{info: info}) - {:ok, user} = User.update_and_set_cache(cng) + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) - conn - |> json(user.info) + conn + |> json(user.info) + end end def right_delete(conn, _) do From 4a79b89dba9e7d835dddfdf093e644ad2ef60b54 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:43:22 +0100 Subject: [PATCH 14/25] =?UTF-8?q?lib/pleroma/plugs/user=5Fis=5Fadmin=5Fplu?= =?UTF-8?q?g.ex:=20change=20403=20string=20to=20=E2=80=9CUser=20is=20not?= =?UTF-8?q?=20admin.=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/plugs/user_is_admin_plug.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex index bdd057c44..5312f1499 100644 --- a/lib/pleroma/plugs/user_is_admin_plug.ex +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -13,7 +13,7 @@ def call(%{assigns: %{user: %User{info: %{"is_admin" => true}}}} = conn, _) do def call(conn, _) do conn |> put_resp_content_type("application/json") - |> send_resp(403, Jason.encode!(%{error: "Not admin."})) + |> send_resp(403, Jason.encode!(%{error: "User is not admin."})) |> halt end end From 265c8c520974aa502606506a2722bb6bce04c38c Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:49:02 +0100 Subject: [PATCH 15/25] =?UTF-8?q?Pleroma.Web.ActivityPub.Relay:=20make=20{?= =?UTF-8?q?un,}follow=20return=20:ok=20only=20if=20it=20worked,=20:error?= =?UTF-8?q?=20if=20it=20didn=E2=80=99t?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/activity_pub/relay.ex | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index d30853d62..107c57866 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -12,11 +12,12 @@ def follow(target_instance) do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.follow(local_user, target_user) do Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") + :ok else - e -> Logger.error("error: #{inspect(e)}") + e -> + Logger.error("error: #{inspect(e)}") + :error end - - :ok end def unfollow(target_instance) do @@ -24,11 +25,12 @@ def unfollow(target_instance) do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") + :ok else - e -> Logger.error("error: #{inspect(e)}") + e -> + Logger.error("error: #{inspect(e)}") + :error end - - :ok end def publish(%Activity{data: %{"type" => "Create"}} = activity) do From 7fbfd2db964ba9d6eac0d6ccd9b5fd94ee38df6f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:55:32 +0100 Subject: [PATCH 16/25] lib/mix/tasks/relay_{un,}follow.ex: Support status reply of Relay.{un,}follow --- lib/mix/tasks/relay_follow.ex | 2 +- lib/mix/tasks/relay_unfollow.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 4d57c6bca..61280d084 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,7 +14,7 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - :ok = Relay.follow(target) + _status = Relay.follow(target) # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index bd69fd8a0..6aa67590b 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,7 +13,7 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - :ok = Relay.unfollow(target) + _status = Relay.unfollow(target) # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) From ccd6b1956d11a2a7a738dd87770ac109114d4366 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:55:49 +0100 Subject: [PATCH 17/25] lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow --- .../web/admin_api/admin_api_controller.ex | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index c1df2d570..360ce0732 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -78,7 +78,7 @@ def right_delete( when right in ["moderator", "admin"] do if admin_nickname == nickname do conn - |> post_status(403) + |> put_status(403) |> json(%{error: "You can't revoke your own admin status."}) else user = User.get_by_nickname(nickname) @@ -102,17 +102,29 @@ def right_delete(conn, _) do end def relay_follow(conn, %{"relay_url" => target}) do - :ok = Relay.follow(target) + status = Relay.follow(target) - conn - |> json(target) + if status == :ok do + conn + |> json(target) + else + conn + |> put_status(500) + |> json(target) + end end def relay_unfollow(conn, %{"relay_url" => target}) do - :ok = Relay.unfollow(target) + status = Relay.unfollow(target) - conn - |> json(target) + if status == :ok do + conn + |> json(target) + else + conn + |> put_status(500) + |> json(target) + end end @shortdoc "Get a account registeration invite token (base64 string)" From 1a31d7118793644050f3c045ff3e58db1543bdd4 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:08:03 +0100 Subject: [PATCH 18/25] lib/mix/tasks/relay_{un,}follow.ex: Use a with block --- lib/mix/tasks/relay_follow.ex | 10 ++++++---- lib/mix/tasks/relay_unfollow.ex | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 61280d084..39cecb71b 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,9 +14,11 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - _status = Relay.follow(target) - - # put this task to sleep to allow the genserver to push out the messages - :timer.sleep(500) + with :ok <- Relay.follow(target) do + # put this task to sleep to allow the genserver to push out the messages + :timer.sleep(500) + else + e -> Mix.puts("Error: #{inspect(e)}") + end end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index 6aa67590b..5f12bd9ea 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,9 +13,11 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - _status = Relay.unfollow(target) - - # put this task to sleep to allow the genserver to push out the messages - :timer.sleep(500) + with :ok <- Relay.unfollow(target) do + # put this task to sleep to allow the genserver to push out the messages + :timer.sleep(500) + else + e -> Mix.puts("Error: #{inspect(e)}") + end end end From e0b0fde713e70e9d64d8e294776bd060b88a9cad Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:16:19 +0100 Subject: [PATCH 19/25] Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) --- .../web/admin_api/admin_api_controller.ex | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 360ce0732..5f6c565ae 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -40,13 +40,13 @@ def user_create(conn, %{ |> json(new_user.nickname) end - def right_add(conn, %{"right" => right, "nickname" => nickname}) - when right in ["moderator", "admin"] do + def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname}) + when permission_group in ["moderator", "admin"] do user = User.get_by_nickname(nickname) info = user.info - |> Map.put("is_" <> right, true) + |> Map.put("is_" <> permission_group, true) cng = User.info_changeset(user, %{info: info}) {:ok, user} = User.update_and_set_cache(cng) @@ -65,17 +65,17 @@ def right_get(conn, %{"nickname" => nickname}) do def right_add(conn, _) do conn |> put_status(404) - |> json(%{error: "No such right"}) + |> json(%{error: "No such permission_group"}) end def right_delete( %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn, %{ - "right" => right, + "permission_group" => permission_group, "nickname" => nickname } ) - when right in ["moderator", "admin"] do + when permission_group in ["moderator", "admin"] do if admin_nickname == nickname do conn |> put_status(403) @@ -85,7 +85,7 @@ def right_delete( info = user.info - |> Map.put("is_" <> right, false) + |> Map.put("is_" <> permission_group, false) cng = User.info_changeset(user, %{info: info}) {:ok, user} = User.update_and_set_cache(cng) @@ -98,7 +98,7 @@ def right_delete( def right_delete(conn, _) do conn |> put_status(404) - |> json(%{error: "No such right"}) + |> json(%{error: "No such permission_group"}) end def relay_follow(conn, %{"relay_url" => target}) do From 4634d99d0d43c0a13fdca6ebc722c400facafa3d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:20:49 +0100 Subject: [PATCH 20/25] Web.Router: Change right to permission group (except for function names) --- lib/pleroma/web/router.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 281e816c1..74ceb1304 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,10 +99,10 @@ defmodule Pleroma.Web.Router do delete("/user", AdminAPIController, :user_delete) post("/user", AdminAPIController, :user_create) - get("/rights/:nickname", AdminAPIController, :right_get) - get("/rights/:nickname/:right", AdminAPIController, :right_get) - post("/rights/:nickname/:right", AdminAPIController, :right_add) - delete("/rights/:nickname/:right", AdminAPIController, :right_delete) + get("/permission_group/:nickname", AdminAPIController, :right_get) + get("/permission_group/:nickname/:permission_group", AdminAPIController, :right_get) + post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add) + delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) From 12ccf0c4f835cee1e942e13482322b0d9a5e7c2d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:31:37 +0100 Subject: [PATCH 21/25] Change Relay from `status` to `{status, message}` --- lib/mix/tasks/relay_follow.ex | 6 ++++-- lib/mix/tasks/relay_unfollow.ex | 6 ++++-- lib/pleroma/web/activity_pub/relay.ex | 8 ++++---- lib/pleroma/web/admin_api/admin_api_controller.ex | 4 ++-- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 39cecb71b..bec63af7c 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,11 +14,13 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - with :ok <- Relay.follow(target) do + {status, message} = Relay.follow(target) + + if :ok == status do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - e -> Mix.puts("Error: #{inspect(e)}") + Mix.puts("Error: #{inspect(message)}") end end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index 5f12bd9ea..df719af2b 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,11 +13,13 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - with :ok <- Relay.unfollow(target) do + {status, message} = Relay.unfollow(target) + + if :ok == status do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - e -> Mix.puts("Error: #{inspect(e)}") + Mix.puts("Error: #{inspect(message)}") end end end diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 107c57866..fcdc6b1c0 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -12,11 +12,11 @@ def follow(target_instance) do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.follow(local_user, target_user) do Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") - :ok + {:ok, activity} else e -> Logger.error("error: #{inspect(e)}") - :error + {:error, e} end end @@ -25,11 +25,11 @@ def unfollow(target_instance) do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") - :ok + {:ok, activity} else e -> Logger.error("error: #{inspect(e)}") - :error + {:error, e} end end diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 5f6c565ae..39e85036e 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -102,7 +102,7 @@ def right_delete(conn, _) do end def relay_follow(conn, %{"relay_url" => target}) do - status = Relay.follow(target) + {status, message} = Relay.follow(target) if status == :ok do conn @@ -115,7 +115,7 @@ def relay_follow(conn, %{"relay_url" => target}) do end def relay_unfollow(conn, %{"relay_url" => target}) do - status = Relay.unfollow(target) + {status, message} = Relay.unfollow(target) if status == :ok do conn From 44b6200103d52ab86b46f8b4b9e0768036184d05 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:53:37 +0100 Subject: [PATCH 22/25] lib/mix/tasks/relay*: Use a with block --- lib/mix/tasks/relay_follow.ex | 6 ++---- lib/mix/tasks/relay_unfollow.ex | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index bec63af7c..85b1c024d 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,13 +14,11 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - {status, message} = Relay.follow(target) - - if :ok == status do + with {:ok, activity} <- Relay.follow(target) do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - Mix.puts("Error: #{inspect(message)}") + {:error, e} -> Mix.shell().error("Error while following #{target}: #{inspect(e)}") end end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index df719af2b..237fb771c 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,13 +13,11 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - {status, message} = Relay.unfollow(target) - - if :ok == status do + with {:ok, activity} <- Relay.follow(target) do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - Mix.puts("Error: #{inspect(message)}") + {:error, e} -> Mix.shell().error("Error while following #{target}: #{inspect(e)}") end end end From 76bd80d462be88db6edf730d81269704480f87fe Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 17 Nov 2018 20:04:54 +0100 Subject: [PATCH 23/25] test/plugs/user_is_admin_plug_test: New test --- test/plugs/user_is_admin_plug_test.exs | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 test/plugs/user_is_admin_plug_test.exs diff --git a/test/plugs/user_is_admin_plug_test.exs b/test/plugs/user_is_admin_plug_test.exs new file mode 100644 index 000000000..ddf9eb139 --- /dev/null +++ b/test/plugs/user_is_admin_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.UserIsAdminPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.UserIsAdminPlug + import Pleroma.Factory + + test "accepts a user that is admin", %{conn: conn} do + user = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, user) + + ret_conn = + conn + |> UserIsAdminPlug.call(%{}) + + assert conn == ret_conn + end + + test "denies a user that isn't admin", %{conn: conn} do + user = insert(:user) + + conn = + build_conn() + |> assign(:user, user) + |> UserIsAdminPlug.call(%{}) + + assert conn.status == 403 + end + + test "denies when a user isn't set", %{conn: conn} do + conn = + build_conn() + |> UserIsAdminPlug.call(%{}) + + assert conn.status == 403 + end +end From 0ca00b3a0719232ede8971327732fc02fce14da9 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 17 Nov 2018 22:10:23 +0100 Subject: [PATCH 24/25] Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit --- .../web/admin_api/admin_api_controller.ex | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 39e85036e..bcdb4ba37 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do def user_delete(conn, %{"nickname" => nickname}) do user = User.get_by_nickname(nickname) - if user[:local] == true do + if user.local == true do User.delete(user) else User.delete(user) @@ -20,21 +20,21 @@ def user_delete(conn, %{"nickname" => nickname}) do |> json(nickname) end - def user_create(conn, %{ - user: %{"nickname" => nickname, "email" => email, "password" => password} = user - }) do - new_user = %User{ + def user_create( + conn, + %{"nickname" => nickname, "email" => email, "password" => password} + ) do + new_user = %{ nickname: nickname, - name: user.name || nickname, + name: nickname, email: email, password: password, password_confirmation: password, - bio: user.bio || "." + bio: "." } User.register_changeset(%User{}, new_user) - - Repo.insert!(new_user) + |> Repo.insert!() conn |> json(new_user.nickname) From 52681f7fd01c17876b03176cd82b299e6a342d56 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 17 Nov 2018 22:11:18 +0100 Subject: [PATCH 25/25] Web.AdminAPI.AdminAPIControllerTest: New Test --- .../admin_api/admin_api_controller_test.exs | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 test/web/admin_api/admin_api_controller_test.exs diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs new file mode 100644 index 000000000..fa0cb71bf --- /dev/null +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -0,0 +1,112 @@ +defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do + use Pleroma.Web.ConnCase + + alias Pleroma.{Repo, User} + + import Pleroma.Factory + import ExUnit.CaptureLog + + describe "/api/pleroma/admin/user" do + test "Delete" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}") + + assert json_response(conn, 200) == user.nickname + end + + test "Create" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user", %{ + "nickname" => "lain", + "email" => "lain@example.org", + "password" => "test" + }) + + assert json_response(conn, 200) == "lain" + end + end + + describe "/api/pleroma/admin/permission_group" do + test "GET is giving user_info" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/permission_group/#{admin.nickname}") + + assert json_response(conn, 200) == admin.info + end + + test "/:right POST, can add to a permission group" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user) + + user_info = + user.info + |> Map.put("is_admin", true) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + + assert json_response(conn, 200) == user_info + end + + test "/:right DELETE, can remove from a permission group" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user, info: %{"is_admin" => true}) + + user_info = + user.info + |> Map.put("is_admin", false) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + + assert json_response(conn, 200) == user_info + end + end + + test "/api/pleroma/admin/invite_token" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/invite_token") + + assert conn.status == 200 + end + + test "/api/pleroma/admin/password_reset" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}") + + assert conn.status == 200 + end +end