X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fuser%2Fcreate.rs;h=f2af6940e05867d6c92f846876401fc58c5c06b5;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=63a6474d62484b4a312ed8287992a8cd36211b3d;hpb=4c8f2e976effe381d4ea1914462c43242a8c64fd;p=lemmy.git diff --git a/crates/api_crud/src/user/create.rs b/crates/api_crud/src/user/create.rs index 63a6474d..f2af6940 100644 --- a/crates/api_crud/src/user/create.rs +++ b/crates/api_crud/src/user/create.rs @@ -1,226 +1,214 @@ use crate::PerformCrud; +use activitypub_federation::http_signatures::generate_actor_keypair; use actix_web::web::Data; -use lemmy_api_common::{blocking, password_length_check, person::*}; -use lemmy_apub::{ - generate_apub_endpoint, - generate_followers_url, - generate_inbox_url, - generate_shared_inbox_url, - EndpointType, -}; -use lemmy_db_queries::{ - source::{local_user::LocalUser_, site::Site_}, - Crud, - Followable, - Joinable, - ListingType, - SortType, +use lemmy_api_common::{ + context::LemmyContext, + person::{LoginResponse, Register}, + utils::{ + generate_inbox_url, + generate_local_apub_endpoint, + generate_shared_inbox_url, + honeypot_check, + local_site_to_slur_regex, + password_length_check, + sanitize_html, + send_new_applicant_email_to_admins, + send_verification_email, + EndpointType, + }, }; use lemmy_db_schema::{ + aggregates::structs::PersonAggregates, source::{ - community::*, - local_user::{LocalUser, LocalUserForm}, - person::*, - site::*, + captcha_answer::{CaptchaAnswer, CheckCaptchaAnswer}, + local_user::{LocalUser, LocalUserInsertForm}, + person::{Person, PersonInsertForm}, + registration_application::{RegistrationApplication, RegistrationApplicationInsertForm}, }, - CommunityId, + traits::Crud, + RegistrationMode, }; -use lemmy_db_views_actor::person_view::PersonViewSafe; +use lemmy_db_views::structs::{LocalUserView, SiteView}; use lemmy_utils::{ - apub::generate_actor_keypair, claims::Claims, - settings::structs::Settings, - utils::{check_slurs, is_valid_username}, - ApiError, - ConnectionId, - LemmyError, + error::{LemmyError, LemmyErrorExt, LemmyErrorType}, + utils::{ + slurs::{check_slurs, check_slurs_opt}, + validation::is_valid_actor_name, + }, }; -use lemmy_websocket::{messages::CheckCaptcha, LemmyContext}; #[async_trait::async_trait(?Send)] impl PerformCrud for Register { type Response = LoginResponse; - async fn perform( - &self, - context: &Data, - _websocket_id: Option, - ) -> Result { - let data: &Register = &self; - - // Make sure site has open registration - if let Ok(site) = blocking(context.pool(), move |conn| Site::read_simple(conn)).await? { - if !site.open_registration { - return Err(ApiError::err("registration_closed").into()); - } + #[tracing::instrument(skip(self, context))] + async fn perform(&self, context: &Data) -> Result { + let data: &Register = self; + + let site_view = SiteView::read_local(&mut context.pool()).await?; + let local_site = site_view.local_site; + let require_registration_application = + local_site.registration_mode == RegistrationMode::RequireApplication; + + if local_site.registration_mode == RegistrationMode::Closed { + return Err(LemmyErrorType::RegistrationClosed)?; } password_length_check(&data.password)?; + honeypot_check(&data.honeypot)?; + + if local_site.require_email_verification && data.email.is_none() { + return Err(LemmyErrorType::EmailRequired)?; + } + + if local_site.site_setup && require_registration_application && data.answer.is_none() { + return Err(LemmyErrorType::RegistrationApplicationAnswerRequired)?; + } // Make sure passwords match if data.password != data.password_verify { - return Err(ApiError::err("passwords_dont_match").into()); + return Err(LemmyErrorType::PasswordsDoNotMatch)?; } - // Check if there are admins. False if admins exist - let no_admins = blocking(context.pool(), move |conn| { - PersonViewSafe::admins(conn).map(|a| a.is_empty()) - }) - .await??; - - // If its not the admin, check the captcha - if !no_admins && Settings::get().captcha().enabled { - let check = context - .chat_server() - .send(CheckCaptcha { - uuid: data - .captcha_uuid - .to_owned() - .unwrap_or_else(|| "".to_string()), - answer: data - .captcha_answer - .to_owned() - .unwrap_or_else(|| "".to_string()), - }) + if local_site.site_setup && local_site.captcha_enabled { + if let Some(captcha_uuid) = &data.captcha_uuid { + let uuid = uuid::Uuid::parse_str(captcha_uuid)?; + let check = CaptchaAnswer::check_captcha( + &mut context.pool(), + CheckCaptchaAnswer { + uuid, + answer: data.captcha_answer.clone().unwrap_or_default(), + }, + ) .await?; - if !check { - return Err(ApiError::err("captcha_incorrect").into()); + if !check { + return Err(LemmyErrorType::CaptchaIncorrect)?; + } + } else { + return Err(LemmyErrorType::CaptchaIncorrect)?; } } - check_slurs(&data.username)?; + let slur_regex = local_site_to_slur_regex(&local_site); + check_slurs(&data.username, &slur_regex)?; + check_slurs_opt(&data.answer, &slur_regex)?; + let username = sanitize_html(&data.username); let actor_keypair = generate_actor_keypair()?; - if !is_valid_username(&data.username) { - return Err(ApiError::err("invalid_username").into()); + is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?; + let actor_id = generate_local_apub_endpoint( + EndpointType::Person, + &data.username, + &context.settings().get_protocol_and_hostname(), + )?; + + if let Some(email) = &data.email { + if LocalUser::is_email_taken(&mut context.pool(), email).await? { + return Err(LemmyErrorType::EmailAlreadyExists)?; + } } - let actor_id = generate_apub_endpoint(EndpointType::Person, &data.username)?; // We have to create both a person, and local_user // Register the new person - let person_form = PersonForm { - name: data.username.to_owned(), - actor_id: Some(actor_id.clone()), - private_key: Some(Some(actor_keypair.private_key)), - public_key: Some(Some(actor_keypair.public_key)), - inbox_url: Some(generate_inbox_url(&actor_id)?), - shared_inbox_url: Some(Some(generate_shared_inbox_url(&actor_id)?)), - admin: Some(no_admins), - ..PersonForm::default() - }; + let person_form = PersonInsertForm::builder() + .name(username) + .actor_id(Some(actor_id.clone())) + .private_key(Some(actor_keypair.private_key)) + .public_key(actor_keypair.public_key) + .inbox_url(Some(generate_inbox_url(&actor_id)?)) + .shared_inbox_url(Some(generate_shared_inbox_url(&actor_id)?)) + // If its the initial site setup, they are an admin + .admin(Some(!local_site.site_setup)) + .instance_id(site_view.site.instance_id) + .build(); // insert the person - let inserted_person = match blocking(context.pool(), move |conn| { - Person::create(conn, &person_form) - }) - .await? - { - Ok(u) => u, - Err(_) => { - return Err(ApiError::err("user_already_exists").into()); - } - }; + let inserted_person = Person::create(&mut context.pool(), &person_form) + .await + .with_lemmy_type(LemmyErrorType::UserAlreadyExists)?; + + // Automatically set their application as accepted, if they created this with open registration. + // Also fixes a bug which allows users to log in when registrations are changed to closed. + let accepted_application = Some(!require_registration_application); // Create the local user - let local_user_form = LocalUserForm { - person_id: inserted_person.id, - email: Some(data.email.to_owned()), - password_encrypted: data.password.to_owned(), - show_nsfw: Some(data.show_nsfw), - theme: Some("browser".into()), - default_sort_type: Some(SortType::Active as i16), - default_listing_type: Some(ListingType::Subscribed as i16), - lang: Some("browser".into()), - show_avatars: Some(true), - send_notifications_to_email: Some(false), - }; + let local_user_form = LocalUserInsertForm::builder() + .person_id(inserted_person.id) + .email(data.email.as_deref().map(str::to_lowercase)) + .password_encrypted(data.password.to_string()) + .show_nsfw(Some(data.show_nsfw)) + .accepted_application(accepted_application) + .default_listing_type(Some(local_site.default_post_listing_type)) + .build(); + + let inserted_local_user = LocalUser::create(&mut context.pool(), &local_user_form).await?; + + if local_site.site_setup && require_registration_application { + // Create the registration application + let form = RegistrationApplicationInsertForm { + local_user_id: inserted_local_user.id, + // We already made sure answer was not null above + answer: data.answer.clone().expect("must have an answer"), + }; - let inserted_local_user = match blocking(context.pool(), move |conn| { - LocalUser::register(conn, &local_user_form) - }) - .await? - { - Ok(lu) => lu, - Err(e) => { - let err_type = if e.to_string() - == "duplicate key value violates unique constraint \"local_user_email_key\"" - { - "email_already_exists" - } else { - "user_already_exists" - }; + RegistrationApplication::create(&mut context.pool(), &form).await?; + } - // If the local user creation errored, then delete that person - blocking(context.pool(), move |conn| { - Person::delete(&conn, inserted_person.id) - }) - .await??; + // Email the admins + if local_site.application_email_admins { + send_new_applicant_email_to_admins(&data.username, &mut context.pool(), context.settings()) + .await?; + } - return Err(ApiError::err(err_type).into()); - } + let mut login_response = LoginResponse { + jwt: None, + registration_created: false, + verify_email_sent: false, }; - let main_community_keypair = generate_actor_keypair()?; - - // Create the main community if it doesn't exist - let main_community = match blocking(context.pool(), move |conn| { - Community::read(conn, CommunityId(2)) - }) - .await? + // Log the user in directly if the site is not setup, or email verification and application aren't required + if !local_site.site_setup + || (!require_registration_application && !local_site.require_email_verification) { - Ok(c) => c, - Err(_e) => { - let default_community_name = "main"; - let actor_id = generate_apub_endpoint(EndpointType::Community, default_community_name)?; - let community_form = CommunityForm { - name: default_community_name.to_string(), - title: "The Default Community".to_string(), - description: Some("The Default Community".to_string()), - creator_id: inserted_person.id, - actor_id: Some(actor_id.to_owned()), - private_key: Some(main_community_keypair.private_key), - public_key: Some(main_community_keypair.public_key), - followers_url: Some(generate_followers_url(&actor_id)?), - inbox_url: Some(generate_inbox_url(&actor_id)?), - shared_inbox_url: Some(Some(generate_shared_inbox_url(&actor_id)?)), - ..CommunityForm::default() + login_response.jwt = Some( + Claims::jwt( + inserted_local_user.id.0, + &context.secret().jwt_secret, + &context.settings().hostname, + )? + .into(), + ); + } else { + if local_site.require_email_verification { + let local_user_view = LocalUserView { + local_user: inserted_local_user, + person: inserted_person, + counts: PersonAggregates::default(), }; - blocking(context.pool(), move |conn| { - Community::create(conn, &community_form) - }) - .await?? + // we check at the beginning of this method that email is set + let email = local_user_view + .local_user + .email + .clone() + .expect("email was provided"); + + send_verification_email( + &local_user_view, + &email, + &mut context.pool(), + context.settings(), + ) + .await?; + login_response.verify_email_sent = true; } - }; - - // Sign them up for main community no matter what - let community_follower_form = CommunityFollowerForm { - community_id: main_community.id, - person_id: inserted_person.id, - pending: false, - }; - - let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form); - if blocking(context.pool(), follow).await?.is_err() { - return Err(ApiError::err("community_follower_already_exists").into()); - }; - - // If its an admin, add them as a mod and follower to main - if no_admins { - let community_moderator_form = CommunityModeratorForm { - community_id: main_community.id, - person_id: inserted_person.id, - }; - let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form); - if blocking(context.pool(), join).await?.is_err() { - return Err(ApiError::err("community_moderator_already_exists").into()); + if require_registration_application { + login_response.registration_created = true; } } - // Return the jwt - Ok(LoginResponse { - jwt: Claims::jwt(inserted_local_user.id.0)?, - }) + Ok(login_response) } }