summaryrefslogtreecommitdiff
path: root/internal/processing/user
diff options
context:
space:
mode:
Diffstat (limited to 'internal/processing/user')
-rw-r--r--internal/processing/user/create.go167
-rw-r--r--internal/processing/user/delete.go48
-rw-r--r--internal/processing/user/email.go81
-rw-r--r--internal/processing/user/get.go32
-rw-r--r--internal/processing/user/user.go14
-rw-r--r--internal/processing/user/user_test.go3
6 files changed, 342 insertions, 3 deletions
diff --git a/internal/processing/user/create.go b/internal/processing/user/create.go
new file mode 100644
index 000000000..0d848583e
--- /dev/null
+++ b/internal/processing/user/create.go
@@ -0,0 +1,167 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package user
+
+import (
+ "context"
+ "fmt"
+ "time"
+
+ "github.com/superseriousbusiness/gotosocial/internal/ap"
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ "github.com/superseriousbusiness/gotosocial/internal/config"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/messages"
+ "github.com/superseriousbusiness/gotosocial/internal/text"
+ "github.com/superseriousbusiness/oauth2/v4"
+)
+
+// Create processes the given form for creating a new user+account.
+//
+// App should be the app used to create the user+account.
+// If nil, the instance app will be used.
+//
+// Precondition: the form's fields should have already been
+// validated and normalized by the caller.
+func (p *Processor) Create(
+ ctx context.Context,
+ app *gtsmodel.Application,
+ form *apimodel.AccountCreateRequest,
+) (*gtsmodel.User, gtserror.WithCode) {
+ const (
+ usersPerDay = 10
+ regBacklog = 20
+ )
+
+ // Ensure no more than usersPerDay
+ // have registered in the last 24h.
+ newUsersCount, err := p.state.DB.CountApprovedSignupsSince(ctx, time.Now().Add(-24*time.Hour))
+ if err != nil {
+ err := fmt.Errorf("db error counting new users: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if newUsersCount >= usersPerDay {
+ err := fmt.Errorf("this instance has hit its limit of new sign-ups for today; you can try again tomorrow")
+ return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+ }
+
+ // Ensure the new users backlog isn't full.
+ backlogLen, err := p.state.DB.CountUnhandledSignups(ctx)
+ if err != nil {
+ err := fmt.Errorf("db error counting registration backlog length: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if backlogLen >= regBacklog {
+ err := fmt.Errorf("this instance's sign-up backlog is currently full; you must wait until pending sign-ups are handled by the admin(s)")
+ return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+ }
+
+ emailAvailable, err := p.state.DB.IsEmailAvailable(ctx, form.Email)
+ if err != nil {
+ err := fmt.Errorf("db error checking email availability: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ if !emailAvailable {
+ err := fmt.Errorf("email address %s is not available", form.Email)
+ return nil, gtserror.NewErrorConflict(err, err.Error())
+ }
+
+ usernameAvailable, err := p.state.DB.IsUsernameAvailable(ctx, form.Username)
+ if err != nil {
+ err := fmt.Errorf("db error checking username availability: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ if !usernameAvailable {
+ err := fmt.Errorf("username %s is not available", form.Username)
+ return nil, gtserror.NewErrorConflict(err, err.Error())
+ }
+
+ // Only store reason if one is required.
+ var reason string
+ if config.GetAccountsReasonRequired() {
+ reason = form.Reason
+ }
+
+ // Use instance app if no app provided.
+ if app == nil {
+ app, err = p.state.DB.GetInstanceApplication(ctx)
+ if err != nil {
+ err := fmt.Errorf("db error getting instance app: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+ }
+
+ user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{
+ Username: form.Username,
+ Email: form.Email,
+ Password: form.Password,
+ Reason: text.SanitizeToPlaintext(reason),
+ SignUpIP: form.IP,
+ Locale: form.Locale,
+ AppID: app.ID,
+ })
+ if err != nil {
+ err := fmt.Errorf("db error creating new signup: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ // There are side effects for creating a new user+account
+ // (confirmation emails etc), perform these async.
+ p.state.Workers.Client.Queue.Push(&messages.FromClientAPI{
+ // Use ap.ObjectProfile here to
+ // distinguish this message (user model)
+ // from ap.ActorPerson (account model).
+ APObjectType: ap.ObjectProfile,
+ APActivityType: ap.ActivityCreate,
+ GTSModel: user,
+ Origin: user.Account,
+ })
+
+ return user, nil
+}
+
+// TokenForNewUser generates an OAuth Bearer token
+// for a new user (with account) created by Create().
+func (p *Processor) TokenForNewUser(
+ ctx context.Context,
+ appToken oauth2.TokenInfo,
+ app *gtsmodel.Application,
+ user *gtsmodel.User,
+) (*apimodel.Token, gtserror.WithCode) {
+ // Generate access token.
+ accessToken, err := p.oauthServer.GenerateUserAccessToken(
+ ctx,
+ appToken,
+ app.ClientSecret,
+ user.ID,
+ )
+ if err != nil {
+ err := fmt.Errorf("error creating new access token for user %s: %w", user.ID, err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ return &apimodel.Token{
+ AccessToken: accessToken.GetAccess(),
+ TokenType: "Bearer",
+ Scope: accessToken.GetScope(),
+ CreatedAt: accessToken.GetAccessCreateAt().Unix(),
+ }, nil
+}
diff --git a/internal/processing/user/delete.go b/internal/processing/user/delete.go
new file mode 100644
index 000000000..9783010ef
--- /dev/null
+++ b/internal/processing/user/delete.go
@@ -0,0 +1,48 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package user
+
+import (
+ "context"
+
+ "github.com/superseriousbusiness/gotosocial/internal/ap"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/messages"
+)
+
+// DeleteSelf is like Account.Delete, but specifically
+// for local user+accounts deleting themselves.
+//
+// Calling DeleteSelf results in a delete message being enqueued in the processor,
+// which causes side effects to occur: delete will be federated out to other instances,
+// and the above Delete function will be called afterwards from the processor, to clear
+// out the account's bits and bobs, and stubbify it.
+func (p *Processor) DeleteSelf(ctx context.Context, account *gtsmodel.Account) gtserror.WithCode {
+ // Process the delete side effects asynchronously.
+ p.state.Workers.Client.Queue.Push(&messages.FromClientAPI{
+ // Use ap.ObjectProfile here to
+ // distinguish this message (user model)
+ // from ap.ActorPerson (account model).
+ APObjectType: ap.ObjectProfile,
+ APActivityType: ap.ActivityDelete,
+ Origin: account,
+ Target: account,
+ })
+ return nil
+}
diff --git a/internal/processing/user/email.go b/internal/processing/user/email.go
index 2b27c6c92..ea9dbb64c 100644
--- a/internal/processing/user/email.go
+++ b/internal/processing/user/email.go
@@ -23,11 +23,92 @@ import (
"fmt"
"time"
+ "github.com/superseriousbusiness/gotosocial/internal/ap"
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/messages"
+ "github.com/superseriousbusiness/gotosocial/internal/validate"
+ "golang.org/x/crypto/bcrypt"
)
+// EmailChange processes an email address change request for the given user.
+func (p *Processor) EmailChange(
+ ctx context.Context,
+ user *gtsmodel.User,
+ password string,
+ newEmail string,
+) (*apimodel.User, gtserror.WithCode) {
+ // Ensure provided password is correct.
+ if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(password)); err != nil {
+ err := gtserror.Newf("%w", err)
+ return nil, gtserror.NewErrorUnauthorized(err, "password was incorrect")
+ }
+
+ // Ensure new email address is valid.
+ if err := validate.Email(newEmail); err != nil {
+ return nil, gtserror.NewErrorBadRequest(err, err.Error())
+ }
+
+ // Ensure new email address is different
+ // from current email address.
+ if newEmail == user.Email {
+ const help = "new email address cannot be the same as current email address"
+ err := gtserror.New(help)
+ return nil, gtserror.NewErrorBadRequest(err, help)
+ }
+
+ if newEmail == user.UnconfirmedEmail {
+ const help = "you already have an email change request pending for given email address"
+ err := gtserror.New(help)
+ return nil, gtserror.NewErrorBadRequest(err, help)
+ }
+
+ // Ensure this address isn't already used by another account.
+ emailAvailable, err := p.state.DB.IsEmailAvailable(ctx, newEmail)
+ if err != nil {
+ err := gtserror.Newf("db error checking email availability: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ if !emailAvailable {
+ const help = "new email address is already in use on this instance"
+ err := gtserror.New(help)
+ return nil, gtserror.NewErrorConflict(err, help)
+ }
+
+ // Set new email address on user.
+ user.UnconfirmedEmail = newEmail
+ if err := p.state.DB.UpdateUser(
+ ctx, user,
+ "unconfirmed_email",
+ ); err != nil {
+ err := gtserror.Newf("db error updating user: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ // Ensure user populated (we need account).
+ if err := p.state.DB.PopulateUser(ctx, user); err != nil {
+ err := gtserror.Newf("db error populating user: %w", err)
+ return nil, gtserror.NewErrorInternalError(err)
+ }
+
+ // Add email sending job to the queue.
+ p.state.Workers.Client.Queue.Push(&messages.FromClientAPI{
+ // Use ap.ObjectProfile here to
+ // distinguish this message (user model)
+ // from ap.ActorPerson (account model).
+ APObjectType: ap.ObjectProfile,
+ APActivityType: ap.ActivityUpdate,
+ GTSModel: user,
+ Origin: user.Account,
+ Target: user.Account,
+ })
+
+ return p.converter.UserToAPIUser(ctx, user), nil
+}
+
// EmailGetUserForConfirmToken retrieves the user (with account) from
// the database for the given "confirm your email" token string.
func (p *Processor) EmailGetUserForConfirmToken(ctx context.Context, token string) (*gtsmodel.User, gtserror.WithCode) {
diff --git a/internal/processing/user/get.go b/internal/processing/user/get.go
new file mode 100644
index 000000000..9b19189a8
--- /dev/null
+++ b/internal/processing/user/get.go
@@ -0,0 +1,32 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package user
+
+import (
+ "context"
+
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+// Get returns the API model of the given user.
+// Should only be served if user == the user doing the request.
+func (p *Processor) Get(ctx context.Context, user *gtsmodel.User) (*apimodel.User, gtserror.WithCode) {
+ return p.converter.UserToAPIUser(ctx, user), nil
+}
diff --git a/internal/processing/user/user.go b/internal/processing/user/user.go
index 2fbb9c888..cd8ab9900 100644
--- a/internal/processing/user/user.go
+++ b/internal/processing/user/user.go
@@ -19,18 +19,28 @@ package user
import (
"github.com/superseriousbusiness/gotosocial/internal/email"
+ "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/state"
+ "github.com/superseriousbusiness/gotosocial/internal/typeutils"
)
type Processor struct {
state *state.State
+ converter *typeutils.Converter
+ oauthServer oauth.Server
emailSender email.Sender
}
-// New returns a new user processor
-func New(state *state.State, emailSender email.Sender) Processor {
+// New returns a new user processor.
+func New(
+ state *state.State,
+ converter *typeutils.Converter,
+ oauthServer oauth.Server,
+ emailSender email.Sender,
+) Processor {
return Processor{
state: state,
+ converter: converter,
emailSender: emailSender,
}
}
diff --git a/internal/processing/user/user_test.go b/internal/processing/user/user_test.go
index 61e8f8b05..e473c5bb0 100644
--- a/internal/processing/user/user_test.go
+++ b/internal/processing/user/user_test.go
@@ -24,6 +24,7 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/processing/user"
"github.com/superseriousbusiness/gotosocial/internal/state"
+ "github.com/superseriousbusiness/gotosocial/internal/typeutils"
"github.com/superseriousbusiness/gotosocial/testrig"
)
@@ -53,7 +54,7 @@ func (suite *UserStandardTestSuite) SetupTest() {
suite.emailSender = testrig.NewEmailSender("../../../web/template/", suite.sentEmails)
suite.testUsers = testrig.NewTestUsers()
- suite.user = user.New(&suite.state, suite.emailSender)
+ suite.user = user.New(&suite.state, typeutils.NewConverter(&suite.state), testrig.NewTestOauthServer(suite.db), suite.emailSender)
testrig.StandardDBSetup(suite.db, nil)
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 13:23:57 +0000