Merge branch 'master' into feature/nostr_login

2024-04-15 12:03:12 +00:00 · 2024-04-15 12:03:12 +00:00 · d9dff3e872
parent 945eaba5e1 6ddeacb779
commit d9dff3e872
9 changed files with 181 additions and 27 deletions
--- a/.env.test
+++ b/.env.test
@ -12,6 +12,8 @@ DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'

 EJABBERD_API_URL='http://xmpp.example.com/api'

+MASTODON_PUBLIC_URL='http://example.social'
+
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
--- a/app/controllers/services/chat_controller.rb
+++ b/app/controllers/services/chat_controller.rb
@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
  before_action :require_service_available

  def show
-    @service_enabled = current_user.services_enabled.include?(:xmpp)
+    @service_enabled = current_user.service_enabled?(:xmpp)
  end

  private
--- a/app/controllers/services/mastodon_controller.rb
+++ b/app/controllers/services/mastodon_controller.rb
@ -3,7 +3,7 @@ class Services::MastodonController < Services::BaseController
  before_action :require_service_available

  def show
-    @service_enabled = current_user.services_enabled.include?(:mastodon)
+    @service_enabled = current_user.service_enabled?(:mastodon)
  end

  private
--- a/app/controllers/services/remotestorage_controller.rb
+++ b/app/controllers/services/remotestorage_controller.rb
@ -5,7 +5,7 @@ class Services::RemotestorageController < Services::BaseController

  # Dashboard
  def show
-    # unless current_user.services_enabled.include?(:remotestorage)
+    # unless current_user.service_enabled?(:remotestorage)
    #   redirect_to service_remotestorage_info_path
    # end
    @rs_auths = current_user.remote_storage_authorizations
--- a/app/controllers/webfinger_controller.rb
+++ b/app/controllers/webfinger_controller.rb
@ -7,14 +7,15 @@ class WebfingerController < ApplicationController
    resource = params[:resource]

    if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
-      @username, @org = @useraddress.split("@")
+      @username, @domain = @useraddress.split("@")

      unless Rails.env.development?
        # Allow different domains (e.g. localhost:3000) in development only
-        head 404 and return unless @org == Setting.primary_domain
+        head 404 and return unless @domain == Setting.primary_domain
      end

-      unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
+      unless @user = User.where(ou: Setting.primary_domain)
+                         .find_by(cn: @username.downcase)
        head 404 and return
      end

@ -28,12 +29,50 @@ class WebfingerController < ApplicationController
  private

  def webfinger
-    links = [];
+    jrd = {
+      subject: "acct:#{@user.address}",
+      aliases: [],
+      links: []
+    }

-    # TODO check if storage service is enabled for user, not just globally
-    links << remotestorage_link if Setting.remotestorage_enabled
+    if Setting.mastodon_enabled && @user.service_enabled?(:mastodon)
+      # https://docs.joinmastodon.org/spec/webfinger/
+      jrd[:aliases] += mastodon_aliases
+      jrd[:links] += mastodon_links
+    end

-    { "links" => links }
+    if Setting.remotestorage_enabled && @user.service_enabled?(:remotestorage)
+      # https://datatracker.ietf.org/doc/draft-dejong-remotestorage/
+      jrd[:links] << remotestorage_link
+    end
+
+    jrd
+  end
+
+  def mastodon_aliases
+    [
+      "#{Setting.mastodon_public_url}/@#{@user.cn}",
+      "#{Setting.mastodon_public_url}/users/#{@user.cn}"
+    ]
+  end
+
+  def mastodon_links
+    [
+      {
+        rel: "http://webfinger.net/rel/profile-page",
+        type: "text/html",
+        href: "#{Setting.mastodon_public_url}/@#{@user.cn}"
+      },
+      {
+        rel: "self",
+        type: "application/activity+json",
+        href: "#{Setting.mastodon_public_url}/users/#{@user.cn}"
+      },
+      {
+        rel: "http://ostatus.org/schema/1.0/subscribe",
+        template: "#{Setting.mastodon_public_url}/authorize_interaction?uri={uri}"
+      }
+    ]
  end

  def remotestorage_link
@ -41,9 +80,9 @@ class WebfingerController < ApplicationController
    storage_url = "#{Setting.rs_storage_url}/#{@username}"

    {
-      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
-      "href" => storage_url,
-      "properties" => {
+      rel: "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      href: storage_url,
+      properties: {
        "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
        "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
        "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
--- a/app/jobs/xmpp_exchange_contacts_job.rb
+++ b/app/jobs/xmpp_exchange_contacts_job.rb
@ -2,8 +2,8 @@ class XmppExchangeContactsJob < ApplicationJob
  queue_as :default

  def perform(inviter, invitee)
-    return unless inviter.services_enabled.include?("xmpp") &&
-                  invitee.services_enabled.include?("xmpp") &&
+    return unless inviter.service_enabled?(:xmpp) &&
+                  invitee.service_enabled?(:xmpp) &&
                  inviter.preferences[:xmpp_exchange_contacts_with_invitees]

    ejabberd = EjabberdApiClient.new
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -180,6 +180,10 @@ class User < ApplicationRecord
    ldap_entry[:services_enabled] || []
  end

+  def service_enabled?(name)
+    services_enabled.map(&:to_sym).include?(name.to_sym)
+  end
+
  def enable_service(service)
    current_services = services_enabled
    new_services = Array(service).map(&:to_s)
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -16,6 +16,10 @@ RSpec.describe User, type: :model do
    let(:user) { build :user, cn: "jimmy", ou: "kosmos.org" }

    context "Mastodon service not configured" do
+      before do
+        Setting.mastodon_enabled = false
+      end
+
      it "returns nil" do
        expect(user.mastodon_address).to be_nil
      end
@ -80,6 +84,25 @@ RSpec.describe User, type: :model do
    end
  end

+  describe "#service_enabled?" do
+    before do
+      allow(user).to receive(:ldap_entry).and_return({
+        uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+        services_enabled: ["gitea", "xmpp"]
+      })
+    end
+
+    it "returns true or false" do
+      expect(user.service_enabled?("gitea")).to be(true)
+      expect(user.service_enabled?("email")).to be(false)
+    end
+
+    it "returns false when service is not enabled" do
+      expect(user.service_enabled?(:gitea)).to be(true)
+      expect(user.service_enabled?(:email)).to be(false)
+    end
+  end
+
  describe "#enable_service" do
    before do
      allow(user).to receive(:ldap_entry).and_return({
--- a/spec/requests/webfinger_spec.rb
+++ b/spec/requests/webfinger_spec.rb
@ -1,13 +1,87 @@
 require 'rails_helper'

 RSpec.describe "WebFinger", type: :request do
-  describe "remoteStorage link relation" do
-    context "user exists" do
-      before do
-        create :user, cn: 'tony', ou: 'kosmos.org'
+  describe "User does not exist" do
+    it "returns a 404 status" do
+      get "/.well-known/webfinger?resource=acct%3Ajane.doe%40kosmos.org"
+      expect(response).to have_http_status(:not_found)
+    end
+  end
+
+  context "User exists" do
+    let(:user) { create :user, cn: 'tony', ou: 'kosmos.org' }
+
+    before do
+      allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+        uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+        services_enabled: ["mastodon", "remotestorage"]
+      })
+    end
+
+    describe "Mastodon entries" do
+      context "Mastodon available" do
+        it "includes the Mastodon aliases and links for the user" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+
+          expect(res["aliases"]).to include("http://example.social/@tony")
+          expect(res["aliases"]).to include("http://example.social/users/tony")
+
+          profile_link = res["links"].find{|l| l["rel"] == "http://webfinger.net/rel/profile-page"}
+          self_link    = res["links"].find{|l| l["rel"] == "self"}
+          ostatus_link = res["links"].find{|l| l["rel"] == "http://ostatus.org/schema/1.0/subscribe"}
+          expect(profile_link["type"]).to eql("text/html")
+          expect(profile_link["href"]).to eql("http://example.social/@tony")
+          expect(self_link["type"]).to eql("application/activity+json")
+          expect(self_link["href"]).to eql("http://example.social/users/tony")
+          expect(ostatus_link["template"]).to eql("http://example.social/authorize_interaction?uri={uri}")
+        end
      end

-      context "remoteStorage enabled globally" do
+      context "Mastodon not enabled for user" do
+        before do
+          allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+            uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+            services_enabled: ["xmpp"]
+          })
+        end
+
+        it "does not include Mastodon aliases or links" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          expect(res["aliases"]).not_to include("http://example.social/@tony")
+          expect(res["aliases"]).not_to include("http://example.social/users/tony")
+          expect(res["links"].find{|l| l["rel"] == "http://webfinger.net/rel/profile-page"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "self"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "http://ostatus.org/schema/1.0/subscribe"}).to be(nil)
+        end
+      end
+
+      context "Mastodon not available" do
+        before do
+          Setting.mastodon_enabled = false
+        end
+
+        it "does not include Mastodon aliases or links" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          expect(res["aliases"]).not_to include("http://example.social/@tony")
+          expect(res["aliases"]).not_to include("http://example.social/users/tony")
+          expect(res["links"].find{|l| l["rel"] == "http://webfinger.net/rel/profile-page"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "self"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "http://ostatus.org/schema/1.0/subscribe"}).to be(nil)
+        end
+      end
+    end
+
+    describe "remoteStorage entries" do
+      context "remoteStorage available" do
        it "includes the remoteStorage link for the user" do
          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
          expect(response).to have_http_status(:ok)
@ -22,6 +96,25 @@ RSpec.describe "WebFinger", type: :request do
        end
      end

+      context "remoteStorage not enabled for user" do
+        before do
+          allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+            uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+            services_enabled: ["xmpp"]
+          })
+        end
+
+        it "does not include the remoteStorage link" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          rs_link = res["links"].find {|l| l["rel"] == "http://tools.ietf.org/id/draft-dejong-remotestorage"}
+
+          expect(rs_link).to be_nil
+        end
+      end
+
      context "remoteStorage not available" do
        before do
          Setting.remotestorage_enabled = false
@ -38,12 +131,5 @@ RSpec.describe "WebFinger", type: :request do
        end
      end
    end
-
-    context "user does not exist" do
-      it "does return a 404 status" do
-        get "/.well-known/webfinger?resource=acct%3Ajane.doe%40kosmos.org"
-        expect(response).to have_http_status(:not_found)
-      end
-    end
  end
 end