Merge branch 'master' into glitch-soc/merge-upstream

Conflicts manually resolved: - app/services/post_status_service.rb - config/locales/simple_form.pl.yml - config/routes.rb - config/webpack/loaders/sass.js - config/webpack/shared.js - package.json - yarn.lock
2019-01-02 13:45:18 +01:00
parent b300948526 66436d0895
commit 571d219bb9
180 changed files with 3933 additions and 3622 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -68,12 +68,14 @@ class Api::BaseController < ApplicationController
  end

  def require_user!
-    if current_user && !current_user.disabled?
-      set_user_activity
-    elsif current_user
-      render json: { error: 'Your login is currently disabled' }, status: 403
-    else
+    if !current_user
      render json: { error: 'This method requires an authenticated user' }, status: 422
+    elsif current_user.disabled?
+      render json: { error: 'Your login is currently disabled' }, status: 403
+    elsif !current_user.confirmed?
+      render json: { error: 'Email confirmation is not completed' }, status: 403
+    else
+      set_user_activity
    end
  end

--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -28,13 +28,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController

  def account_statuses
    statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
-    statuses = statuses.paginate_by_id(
-      limit_param(DEFAULT_STATUSES_LIMIT),
-      params_slice(:max_id, :since_id, :min_id)
-    )
+    statuses = statuses.paginate_by_id(limit_param(DEFAULT_STATUSES_LIMIT), params_slice(:max_id, :since_id, :min_id))

    statuses.merge!(only_media_scope) if truthy_param?(:only_media)
    statuses.merge!(no_replies_scope) if truthy_param?(:exclude_replies)
+    statuses.merge!(no_reblogs_scope) if truthy_param?(:exclude_reblogs)

    statuses
  end
@@ -65,6 +63,10 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
    Status.without_replies
  end

+  def no_reblogs_scope
+    Status.without_reblogs
+  end
+
  def pagination_params(core_params)
    params.slice(:limit, :only_media, :exclude_replies).permit(:limit, :only_media, :exclude_replies).merge(core_params)
  end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,14 +1,16 @@
 # frozen_string_literal: true

 class Api::V1::AccountsController < Api::BaseController
-  before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
+  before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :block, :unblock, :mute, :unmute]
  before_action -> { doorkeeper_authorize! :follow, :'write:follows' }, only: [:follow, :unfollow]
  before_action -> { doorkeeper_authorize! :follow, :'write:mutes' }, only: [:mute, :unmute]
  before_action -> { doorkeeper_authorize! :follow, :'write:blocks' }, only: [:block, :unblock]
+  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]

-  before_action :require_user!, except: [:show]
-  before_action :set_account
+  before_action :require_user!, except: [:show, :create]
+  before_action :set_account, except: [:create]
  before_action :check_account_suspension, only: [:show]
+  before_action :check_enabled_registrations, only: [:create]

  respond_to :json

@@ -16,6 +18,16 @@ class Api::V1::AccountsController < Api::BaseController
    render json: @account, serializer: REST::AccountSerializer
  end

+  def create
+    token    = AppSignUpService.new.call(doorkeeper_token.application, account_params)
+    response = Doorkeeper::OAuth::TokenResponse.new(token)
+
+    headers.merge!(response.headers)
+
+    self.response_body = Oj.dump(response.body)
+    self.status        = response.status
+  end
+
  def follow
    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))

@@ -62,4 +74,12 @@ class Api::V1::AccountsController < Api::BaseController
  def check_account_suspension
    gone if @account.suspended?
  end
+
+  def account_params
+    params.permit(:username, :email, :password, :agreement)
+  end
+
+  def check_enabled_registrations
+    forbidden if single_user_mode? || !Setting.open_registrations
+  end
 end