From ec3a7a4c4d6b5976665e4ffea15b47420471f32d Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 21 Oct 2020 10:10:44 +0200 Subject: [PATCH 1/3] Add a comment in docs and config for recommended email port values Signed-off-by: Thomas Citharel --- config/config.exs | 2 +- docs/administration/configure/email.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/config.exs b/config/config.exs index 16de4ecce..d609a9194 100644 --- a/config/config.exs +++ b/config/config.exs @@ -92,6 +92,7 @@ config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.SMTPAdapter, server: "localhost", hostname: "localhost", + # usually 25, 465 or 587 port: 25, # or {:system, "SMTP_USERNAME"} username: nil, @@ -102,7 +103,6 @@ config :mobilizon, Mobilizon.Web.Email.Mailer, # or {":system", ALLOWED_TLS_VERSIONS"} w/ comma seprated values (e.g. "tlsv1.1,tlsv1.2") allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"], # can be `true` - ssl: false, retries: 1, # can be `true` no_mx_lookups: false diff --git a/docs/administration/configure/email.md b/docs/administration/configure/email.md index 8cdf17b9a..bc45e57ef 100644 --- a/docs/administration/configure/email.md +++ b/docs/administration/configure/email.md @@ -5,19 +5,19 @@ Mobilizon requires a SMTP server to deliver emails. Using 3rd-party mail provide ## SMTP configuration Mobilizon default settings assumes a SMTP server listens on `localhost`, port `25`. To specify a specific server and credentials, you can add the following section in your `prod.secret.exs` file and modify credentials to your needs. + ```elixir config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.SMTPAdapter, server: "localhost", hostname: "localhost", + # usually 25, 465 or 587 port: 25, username: nil, password: nil, # can be `:always` or `:never` tls: :if_available, allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"], - # can be `true` - ssl: false, retries: 1, # can be `true` no_mx_lookups: false, From 41d7d3262d097d4c0cd52568c3a18d40eff06c83 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 21 Oct 2020 10:30:52 +0200 Subject: [PATCH 2/3] Add more suggested tasks at the end of install Signed-off-by: Thomas Citharel --- docs/administration/index.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/administration/index.md b/docs/administration/index.md index f30ce63c9..ab23aa8bf 100644 --- a/docs/administration/index.md +++ b/docs/administration/index.md @@ -245,7 +245,23 @@ See the [full documentation](./CLI tasks/manage_users.md#create-a-new-user) for You may now login with your credentials and discover Mobilizon. Feel free to explore [configuration documentation](./configure) as well. -## Optional tasks +## Suggested tasks + +### Configure emails + +The default Mobilizon configuration assumes a local SMTP server is available on the same server. To tweak this for your own setup, [see this page](configure/email.md). + +### Configure 3rd-party auth + +Mobilizon can use LDAP or OAuth-based login providers (Facebook, Google, etc.) to help register or login users. Configuration [can be found here](configure/auth.md). + +### Configure geocoders + +This will allow the address autocomplete field to provide addresses when editing an event. The default value uses OpenStreetMap's Nominatim provider but you can [change it to the provider of your choice](configure/geocoders.md). + +!!! note + When using the default OpenStreetMap's Nominatim provider, autocomplete is disabled and using the service implies that you accept [their Usage Policy](https://operations.osmfoundation.org/policies/nominatim/). + ### Geolocation databases From 81cabbd0541100a1b1a8f410e97114f2dbaf25eb Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 21 Oct 2020 10:42:04 +0200 Subject: [PATCH 3/3] Fix webfinger not following redirections by using a custom dedicated Tesla client Signed-off-by: Thomas Citharel --- lib/federation/web_finger/web_finger.ex | 22 ++------- lib/service/http/rich_media_preview_client.ex | 3 +- lib/service/http/webfinger_client.ex | 34 ++++++++++++++ .../vcr_cassettes/webfinger/mastodon.json | 45 ++++++++++++++++--- 4 files changed, 78 insertions(+), 26 deletions(-) create mode 100644 lib/service/http/webfinger_client.ex diff --git a/lib/federation/web_finger/web_finger.ex b/lib/federation/web_finger/web_finger.ex index 60163ec43..c0b44e6c9 100644 --- a/lib/federation/web_finger/web_finger.ex +++ b/lib/federation/web_finger/web_finger.ex @@ -12,18 +12,12 @@ defmodule Mobilizon.Federation.WebFinger do alias Mobilizon.Actors.Actor alias Mobilizon.Federation.ActivityPub alias Mobilizon.Federation.WebFinger.XmlBuilder + alias Mobilizon.Service.HTTP.WebfingerClient alias Mobilizon.Web.Endpoint alias Mobilizon.Web.Router.Helpers, as: Routes require Jason require Logger - @http_options [ - adapter: [ - follow_redirect: true, - ssl: [{:versions, [:"tlsv1.2"]}] - ] - ] - def host_meta do base_url = Endpoint.url() @@ -120,17 +114,9 @@ defmodule Mobilizon.Federation.WebFinger do Logger.debug(inspect(address)) with false <- is_nil(domain), - {:ok, %{} = response} <- - Tesla.get( - address, - headers: [ - {"accept", "application/json, application/activity+json, application/jrd+json"} - ], - opts: @http_options - ), - %{status: status, body: body} when status in 200..299 <- response, - {:ok, doc} <- Jason.decode(body) do - webfinger_from_json(doc) + {:ok, %{body: body, status: code}} when code in 200..299 <- + WebfingerClient.get(address) do + webfinger_from_json(body) else e -> Logger.debug(fn -> "Couldn't finger #{actor}" end) diff --git a/lib/service/http/rich_media_preview_client.ex b/lib/service/http/rich_media_preview_client.ex index edd190818..8f3983548 100644 --- a/lib/service/http/rich_media_preview_client.ex +++ b/lib/service/http/rich_media_preview_client.ex @@ -1,7 +1,6 @@ defmodule Mobilizon.Service.HTTP.RichMediaPreviewClient do @moduledoc """ - Tesla HTTP Basic Client - with JSON middleware + Tesla HTTP Basic Client that fetches HTML to extract metadata preview """ use Tesla diff --git a/lib/service/http/webfinger_client.ex b/lib/service/http/webfinger_client.ex new file mode 100644 index 000000000..13b578a0d --- /dev/null +++ b/lib/service/http/webfinger_client.ex @@ -0,0 +1,34 @@ +defmodule Mobilizon.Service.HTTP.WebfingerClient do + @moduledoc """ + Tesla HTTP Basic Client + with JSON middleware + """ + + use Tesla + alias Mobilizon.Config + + @default_opts [ + recv_timeout: 20_000 + ] + + adapter(Tesla.Adapter.Hackney, @default_opts) + + @user_agent Config.instance_user_agent() + + plug(Tesla.Middleware.FollowRedirects) + + plug(Tesla.Middleware.Timeout, timeout: 10_000) + + plug(Tesla.Middleware.Headers, [ + {"User-Agent", @user_agent}, + {"Accept", "application/json, application/activity+json, application/jrd+json"} + ]) + + plug(Tesla.Middleware.JSON, + decode_content_types: [ + "application/jrd+json", + "application/json", + "application/activity+json" + ] + ) +end diff --git a/test/fixtures/vcr_cassettes/webfinger/mastodon.json b/test/fixtures/vcr_cassettes/webfinger/mastodon.json index 8f15f85d8..a9d77ba2c 100644 --- a/test/fixtures/vcr_cassettes/webfinger/mastodon.json +++ b/test/fixtures/vcr_cassettes/webfinger/mastodon.json @@ -3,20 +3,50 @@ "request": { "body": "", "headers": { + "User-Agent": "localhost - Mobilizon 1.0.0-rc.2-5-g6701e6a4", "Accept": "application/json, application/activity+json, application/jrd+json" }, "method": "get", "options": { - "follow_redirect": "true" + "recv_timeout": 20000 }, "request_body": "", "url": "http://social.tcit.fr/.well-known/webfinger?resource=acct:tcit@social.tcit.fr" }, "response": { "binary": false, - "body": "{\"subject\":\"acct:tcit@social.tcit.fr\",\"aliases\":[\"https://social.tcit.fr/@tcit\",\"https://social.tcit.fr/users/tcit\"],\"links\":[{\"rel\":\"http://webfinger.net/rel/profile-page\",\"type\":\"text/html\",\"href\":\"https://social.tcit.fr/@tcit\"},{\"rel\":\"http://schemas.google.com/g/2010#updates-from\",\"type\":\"application/atom+xml\",\"href\":\"https://social.tcit.fr/users/tcit.atom\"},{\"rel\":\"self\",\"type\":\"application/activity+json\",\"href\":\"https://social.tcit.fr/users/tcit\"},{\"rel\":\"salmon\",\"href\":\"https://social.tcit.fr/api/salmon/1\"},{\"rel\":\"magic-public-key\",\"href\":\"data:application/magic-public-key,RSA.pXwYMUdFg3XUd-bGsh8CyiMRGpRGAWuCdM5pDWx5uM4pW2pM3xbHbcI21j9h8BmlAiPg6hbZD73KGly2N8Rt5iIS0I-l6i8kA1JCCdlAaDTRd41RKMggZDoQvjVZQtsyE1VzMeU2kbqqTFN6ew7Hvbd6O0NhixoKoZ5f3jwuBDZoT0p1TAcaMdmG8oqHD97isizkDnRn8cOBA6wtI-xb5xP2zxZMsLpTDZLiKU8XcPKZCw4OfQfmDmKkHtrFb77jCAQj_s_FxjVnvxRwmfhNnWy0D-LUV_g63nHh_b5zXIeV92QZLvDYbgbezmzUzv9UeA1s70GGbaDqCIy85gw9-w==.AQAB\"},{\"rel\":\"http://ostatus.org/schema/1.0/subscribe\",\"template\":\"https://social.tcit.fr/authorize_interaction?uri={uri}\"}]}", + "body": "\r\n301 Moved Permanently\r\n\r\n

301 Moved Permanently

\r\n
nginx/1.19.3
\r\n\r\n\r\n", "headers": { - "Date": "Tue, 13 Nov 2018 11:11:10 GMT", + "Server": "nginx/1.19.3", + "Date": "Wed, 21 Oct 2020 09:07:41 GMT", + "Content-Type": "text/html", + "Content-Length": "169", + "Connection": "keep-alive", + "Location": "https://social.tcit.fr/.well-known/webfinger?resource=acct:tcit@social.tcit.fr" + }, + "status_code": 301, + "type": "ok" + } + }, + { + "request": { + "body": "", + "headers": { + "User-Agent": "localhost - Mobilizon 1.0.0-rc.2-5-g6701e6a4", + "Accept": "application/json, application/activity+json, application/jrd+json" + }, + "method": "get", + "options": { + "recv_timeout": 20000 + }, + "request_body": "", + "url": "https://social.tcit.fr/.well-known/webfinger?resource=acct:tcit@social.tcit.fr" + }, + "response": { + "binary": false, + "body": "{\"subject\":\"acct:tcit@social.tcit.fr\",\"aliases\":[\"https://social.tcit.fr/@tcit\",\"https://social.tcit.fr/users/tcit\"],\"links\":[{\"rel\":\"http://webfinger.net/rel/profile-page\",\"type\":\"text/html\",\"href\":\"https://social.tcit.fr/@tcit\"},{\"rel\":\"self\",\"type\":\"application/activity+json\",\"href\":\"https://social.tcit.fr/users/tcit\"},{\"rel\":\"http://ostatus.org/schema/1.0/subscribe\",\"template\":\"https://social.tcit.fr/authorize_interaction?uri={uri}\"}]}", + "headers": { + "Date": "Wed, 21 Oct 2020 09:07:41 GMT", "Content-Type": "application/jrd+json; charset=utf-8", "Transfer-Encoding": "chunked", "Connection": "keep-alive", @@ -24,11 +54,14 @@ "X-Frame-Options": "DENY", "X-Content-Type-Options": "nosniff", "X-XSS-Protection": "1; mode=block", + "Referrer-Policy": "same-origin", + "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload", + "X-Clacks-Overhead": "GNU Natalie Nguyen", "Vary": "Accept, Accept-Encoding, Origin", "Cache-Control": "max-age=259200, public", - "ETag": "W/\"33f6cc86f8f97d0ca930761c04e0db58\"", - "X-Request-Id": "b7f5ad84-5120-4275-aacf-dbb9654be181", - "X-Runtime": "0.015609", + "ETag": "W/\"37760e35c1537b8e02b6d4b4f9ebfe82\"", + "X-Request-Id": "429bb891-1033-498b-91bb-12835984223f", + "X-Runtime": "0.072046", "X-Cached": "MISS" }, "status_code": 200,