Date: Wed, 20 Feb 2019 16:51:25 +0000
Subject: [PATCH] Reports

 config/config.exs                             |  6 +-
 docs/                                |  1 +
 lib/pleroma/activity.ex                       | 10 +++
 lib/pleroma/emails/admin_email.ex             | 63 ++++++++++++++++++
 lib/pleroma/emails/mailer.ex                  |  6 ++
 lib/pleroma/user.ex                           | 11 +++-
 lib/pleroma/web/activity_pub/activity_pub.ex  | 25 +++++++
 lib/pleroma/web/activity_pub/utils.ex         | 16 +++++
 lib/pleroma/web/common_api/common_api.ex      | 27 ++++++++
 lib/pleroma/web/common_api/utils.ex           | 18 +++++
 .../mastodon_api/mastodon_api_controller.ex   | 15 +++++
 .../web/mastodon_api/views/report_view.ex     | 14 ++++
 lib/pleroma/web/router.ex                     |  2 +
 lib/pleroma/web/twitter_api/twitter_api.ex    |  2 +-
 ...0190123092341_users_add_is_admin_index.exs |  7 ++
 test/web/activity_pub/activity_pub_test.exs   | 33 +++++++++-
 test/web/common_api/common_api_test.exs       | 31 +++++++++
 .../mastodon_api_controller_test.exs          | 65 +++++++++++++++++++
 18 files changed, 347 insertions(+), 5 deletions(-)
 create mode 100644 lib/pleroma/emails/admin_email.ex
 create mode 100644 lib/pleroma/web/mastodon_api/views/report_view.ex
 create mode 100644 priv/repo/migrations/20190123092341_users_add_is_admin_index.exs

@@ -164,7 +164,8 @@ config :pleroma, :instance,
   max_pinned_statuses: 1,
   no_attachment_links: false,
   welcome_user_nickname: nil,
-  welcome_message: nil
+  welcome_message: nil,
+  max_report_comment_size: 1000
 config :pleroma, :markup,
   # XXX - unfortunately, inline images must be enabled by default right now, because
@@ -340,7 +341,8 @@ config :pleroma, Pleroma.Web.Federator.RetryQueue,
 config :pleroma, Pleroma.Jobs,
   federator_incoming: [max_jobs: 50],
-  federator_outgoing: [max_jobs: 50]
+  federator_outgoing: [max_jobs: 50],
+  mailer: [max_jobs: 10]
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
@@ -100,6 +100,7 @@ config :pleroma, Pleroma.Mailer,
 * `no_attachment_links`: Set to true to disable automatically adding attachment link text to statuses
 * `welcome_message`: A message that will be send to a newly registered users as a direct message.
 * `welcome_user_nickname`: The nickname of the local user that sends the welcome message.
+* `max_report_size`: The maximum size of the report comment (Default: `1000`)
 ## :logger
 * `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog
@@ -113,4 +113,14 @@ defmodule Pleroma.Activity do
   def mastodon_notification_type(%Activity{}), do: nil
+  def all_by_actor_and_id(actor, status_ids \\ [])
+  def all_by_actor_and_id(_actor, []), do: []
+  def all_by_actor_and_id(actor, status_ids) do
+    Activity
+    |> where([s], in ^status_ids)
+    |> where([s], == ^actor)
+    |> Repo.all()
+  end
@@ -0,0 +1,63 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <>
+# SPDX-License-Identifier: AGPL-3.0-only
+defmodule Pleroma.AdminEmail do
+  @moduledoc "Admin emails"
+  import Swoosh.Email
+  alias Pleroma.Web.Router.Helpers
+  defp instance_config, do: Pleroma.Config.get(:instance)
+  defp instance_name, do: instance_config()[:name]
+  defp instance_email, do: instance_config()[:email]
+  defp user_url(user) do
+    Helpers.o_status_url(Pleroma.Web.Endpoint, :feed_redirect, user.nickname)
+  end
+  def report(to, reporter, account, statuses, comment) do
+    comment_html =
+      if comment do
+        "<p>Comment: #{comment}"
+      else
+        ""
+      end
+    statuses_html =
+      if length(statuses) > 0 do
+        statuses_list_html =
+          statuses
+          |> %{id: id} ->
+            status_url = Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, id)
+            "<li><a href=\"#{status_url}\">#{status_url}</li>"
+          end)
+          |> Enum.join("\n")
+        """
+        <p> Statuses:
+          <ul>
+            #{statuses_list_html}
+          </ul>
+        </p>
+        """
+      else
+        ""
+      end
+    html_body = """
+    <p>Reported by: <a href="#{user_url(reporter)}">#{reporter.nickname}</a></p>
+    <p>Reported Account: <a href="#{user_url(account)}">#{account.nickname}</a></p>
+    #{comment_html}
+    #{statuses_html}
+    """
+    new()
+    |> to({,})
+    |> from({instance_name(), instance_email()})
+    |> reply_to({,})
+    |> subject("#{instance_name()} Report")
+    |> html_body(html_body)
+  end
@@ -4,4 +4,10 @@
 defmodule Pleroma.Mailer do
   use Swoosh.Mailer, otp_app: :pleroma
+  def deliver_async(email, config \\ []) do
+    Pleroma.Jobs.enqueue(:mailer, __MODULE__, [:deliver_async, email, config])
+  end
+  def perform(:deliver_async, email, config), do: deliver(email, config)
@@ -273,7 +273,7 @@ defmodule Pleroma.User do
          Pleroma.Config.get([:instance, :account_activation_required]) do
       |> Pleroma.UserEmail.account_confirmation_email()
-      |> Pleroma.Mailer.deliver()
+      |> Pleroma.Mailer.deliver_async()
       {:ok, :noop}
@@ -1284,4 +1284,13 @@ defmodule Pleroma.User do
       inserted_at: NaiveDateTime.utc_now()
+  def all_superusers do
+    from(
+      u in User,
+      where: u.local == true,
+      where: fragment("?->'is_admin' @> 'true' OR ?->'is_moderator' @> 'true'",,
+    )
+    |> Repo.all()
+  end
@@ -353,6 +353,31 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
+  def flag(
+        %{
+          actor: actor,
+          context: context,
+          account: account,
+          statuses: statuses,
+          content: content
+        } = params
+      ) do
+    additional = params[:additional] || %{}
+    # only accept false as false value
+    local = !(params[:local] == false)
+    %{
+      actor: actor,
+      context: context,
+      account: account,
+      statuses: statuses,
+      content: content
+    }
+    |> make_flag_data(additional)
+    |> insert(local)
+  end
   def fetch_activities_for_context(context, opts \\ %{}) do
     public = [""]
@@ -598,4 +598,20 @@ defmodule Pleroma.Web.ActivityPub.Utils do
     |> Map.merge(additional)
+  #### Flag-related helpers
+  def make_flag_data(params, additional) do
+    status_ap_ids = || [], & &["id"])
+    object = [params.account.ap_id] ++ status_ap_ids
+    %{
+      "type" => "Flag",
+      "actor" =>,
+      "content" => params.content,
+      "object" => object,
+      "context" => params.context
+    }
+    |> Map.merge(additional)
+  end
@@ -243,4 +243,31 @@ defmodule Pleroma.Web.CommonAPI do
       _ -> true
+  def report(user, data) do
+    with {:account_id, %{"account_id" => account_id}} <- {:account_id, data},
+         {:account, %User{} = account} <- {:account, User.get_by_id(account_id)},
+         {:ok, content_html} <- make_report_content_html(data["comment"]),
+         {:ok, statuses} <- get_report_statuses(account, data),
+         {:ok, activity} <-
+           ActivityPub.flag(%{
+             context: Utils.generate_context_id(),
+             actor: user,
+             account: account,
+             statuses: statuses,
+             content: content_html
+           }) do
+      Enum.each(User.all_superusers(), fn superuser ->
+        superuser
+        |>, account, statuses, content_html)
+        |> Pleroma.Mailer.deliver_async()
+      end)
+      {:ok, activity}
+    else
+      {:error, err} -> {:error, err}
+      {:account_id, %{}} -> {:error, "Valid `account_id` required"}
+      {:account, nil} -> {:error, "Account not found"}
+    end
+  end
@@ -322,4 +322,22 @@ defmodule Pleroma.Web.CommonAPI.Utils do
   def maybe_extract_mentions(_), do: []
+  def make_report_content_html(nil), do: {:ok, nil}
+  def make_report_content_html(comment) do
+    max_size = Pleroma.Config.get([:instance, :max_report_comment_size], 1000)
+    if String.length(comment) <= max_size do
+      {:ok, format_input(comment, [], [], "text/plain")}
+    else
+      {:error, "Comment must be up to #{max_size} characters"}
+    end
+  end
+  def get_report_statuses(%User{ap_id: actor}, %{"status_ids" => status_ids}) do
+    {:ok, Activity.all_by_actor_and_id(actor, status_ids)}
+  end
+  def get_report_statuses(_, _), do: {:ok, nil}
@@ -24,6 +24,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
   alias Pleroma.Web.MastodonAPI.MastodonView
   alias Pleroma.Web.MastodonAPI.PushSubscriptionView
   alias Pleroma.Web.MastodonAPI.StatusView
+  alias Pleroma.Web.MastodonAPI.ReportView
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.OAuth.App
@@ -1533,6 +1534,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
+  def reports(%{assigns: %{user: user}} = conn, params) do
+    case, params) do
+      {:ok, activity} ->
+        conn
+        |> put_view(ReportView)
+        |> try_render("report.json", %{activity: activity})
+      {:error, err} ->
+        conn
+        |> put_status(:bad_request)
+        |> json(%{error: err})
+    end
+  end
   def try_render(conn, target, params)
       when is_binary(target) do
     res = render(conn, target, params)
@@ -0,0 +1,14 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <>
+# SPDX-License-Identifier: AGPL-3.0-only
+defmodule Pleroma.Web.MastodonAPI.ReportView do
+  use Pleroma.Web, :view
+  def render("report.json", %{activity: activity}) do
+    %{
+      id: to_string(,
+      action_taken: false
+    }
+  end
@@ -275,6 +275,8 @@ defmodule Pleroma.Web.Router do
       delete("/filters/:id", MastodonAPIController, :delete_filter)
       post("/pleroma/flavour/:flavour", MastodonAPIController, :set_flavour)
+      post("/reports", MastodonAPIController, :reports)
     scope [] do
@@ -216,7 +216,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
          {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
       |> UserEmail.password_reset_email(token_record.token)
-      |> Mailer.deliver()
+      |> Mailer.deliver_async()
       false ->
         {:error, "bad user identifier"}
@@ -0,0 +1,7 @@
+defmodule Pleroma.Repo.Migrations.UsersAddIsAdminIndex do
+  use Ecto.Migration
+  def change do
+    create(index(:users, ["(info->'is_admin')"], name: :users_is_admin_index, using: :gin))
+  end
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors <>
+# Copyright © 2017-2019 Pleroma Authors <>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
@@ -742,6 +742,37 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
     assert 3 = length(activities)
+  test "it can create a Flag activity" do
+    reporter = insert(:user)
+    target_account = insert(:user)
+    {:ok, activity} =, %{"status" => "foobar"})
+    context = Utils.generate_context_id()
+    content = "foobar"
+    reporter_ap_id = reporter.ap_id
+    target_ap_id = target_account.ap_id
+    activity_ap_id =["id"]
+    assert {:ok, activity} =
+             ActivityPub.flag(%{
+               actor: reporter,
+               context: context,
+               account: target_account,
+               statuses: [activity],
+               content: content
+             })
+    assert %Activity{
+             actor: ^reporter_ap_id,
+             data: %{
+               "type" => "Flag",
+               "content" => ^content,
+               "context" => ^context,
+               "object" => [^target_ap_id, ^activity_ap_id]
+             }
+           } = activity
+  end
   describe "publish_one/1" do
     test_with_mock "calls `Instances.set_reachable` on successful federation if `unreachable_since` is not specified",
@@ -190,4 +190,35 @@ defmodule Pleroma.Web.CommonAPITest do
       {:error, _} = CommonAPI.add_mute(user, activity)
+  describe "reports" do
+    test "creates a report" do
+      reporter = insert(:user)
+      target_user = insert(:user)
+      {:ok, activity} =, %{"status" => "foobar"})
+      reporter_ap_id = reporter.ap_id
+      target_ap_id = target_user.ap_id
+      activity_ap_id =["id"]
+      comment = "foobar"
+      report_data = %{
+        "account_id" =>,
+        "comment" => comment,
+        "status_ids" => []
+      }
+      assert {:ok, flag_activity} =, report_data)
+      assert %Activity{
+               actor: ^reporter_ap_id,
+               data: %{
+                 "type" => "Flag",
+                 "content" => ^comment,
+                 "object" => [^target_ap_id, ^activity_ap_id]
+               }
+             } = flag_activity
+    end
+  end
@@ -1855,4 +1855,69 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     assert json_response(set_flavour, 200) == json_response(get_new_flavour, 200)
+  describe "reports" do
+    setup do
+      reporter = insert(:user)
+      target_user = insert(:user)
+      {:ok, activity} =, %{"status" => "foobar"})
+      [reporter: reporter, target_user: target_user, activity: activity]
+    end
+    test "submit a basic report", %{conn: conn, reporter: reporter, target_user: target_user} do
+      assert %{"action_taken" => false, "id" => _} =
+               conn
+               |> assign(:user, reporter)
+               |> post("/api/v1/reports", %{"account_id" =>})
+               |> json_response(200)
+    end
+    test "submit a report with statuses and comment", %{
+      conn: conn,
+      reporter: reporter,
+      target_user: target_user,
+      activity: activity
+    } do
+      assert %{"action_taken" => false, "id" => _} =
+               conn
+               |> assign(:user, reporter)
+               |> post("/api/v1/reports", %{
+                 "account_id" =>,
+                 "status_ids" => [],
+                 "comment" => "bad status!"
+               })
+               |> json_response(200)
+    end
+    test "accound_id is required", %{
+      conn: conn,
+      reporter: reporter,
+      activity: activity
+    } do
+      assert %{"error" => "Valid `account_id` required"} =
+               conn
+               |> assign(:user, reporter)
+               |> post("/api/v1/reports", %{"status_ids" => []})
+               |> json_response(400)
+    end
+    test "comment must be up to the size specified in the config", %{
+      conn: conn,
+      reporter: reporter,
+      target_user: target_user
+    } do
+      max_size = Pleroma.Config.get([:instance, :max_report_comment_size], 1000)
+      comment = String.pad_trailing("a", max_size + 1, "a")
+      error = %{"error" => "Comment must be up to #{max_size} characters"}
+      assert ^error =
+               conn
+               |> assign(:user, reporter)
+               |> post("/api/v1/reports", %{"account_id" =>, "comment" => comment})
+               |> json_response(400)
+    end
+  end