diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2022-11-09 08:24:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-09 08:24:21 +0100 |
commit | e98833748e80275a88560155a0b912667dd2d70b (patch) | |
tree | ec0d8f68e810e95784efb98e1f603bc86cc247cf /app/models/account.rb | |
parent | 53817294fc95eabfed6129138f9aaa920e13c4b9 (diff) |
Fix being able to spoof link verification (#20217)
- Change verification to happen in `default` queue - Change verification worker to only be queued if there's something to do - Add `link` tags from metadata fields to page header of profiles
Diffstat (limited to 'app/models/account.rb')
-rw-r--r-- | app/models/account.rb | 44 |
1 files changed, 1 insertions, 43 deletions
diff --git a/app/models/account.rb b/app/models/account.rb index 3647b8225..be1968fa6 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -295,7 +295,7 @@ class Account < ApplicationRecord def fields (self[:fields] || []).map do |f| - Field.new(self, f) + Account::Field.new(self, f) rescue nil end.compact @@ -401,48 +401,6 @@ class Account < ApplicationRecord requires_review? && !requested_review? end - class Field < ActiveModelSerializers::Model - attributes :name, :value, :verified_at, :account - - def initialize(account, attributes) - @original_field = attributes - string_limit = account.local? ? 255 : 2047 - super( - account: account, - name: attributes['name'].strip[0, string_limit], - value: attributes['value'].strip[0, string_limit], - verified_at: attributes['verified_at']&.to_datetime, - ) - end - - def verified? - verified_at.present? - end - - def value_for_verification - @value_for_verification ||= begin - if account.local? - value - else - ActionController::Base.helpers.strip_tags(value) - end - end - end - - def verifiable? - value_for_verification.present? && value_for_verification.start_with?('http://', 'https://') - end - - def mark_verified! - self.verified_at = Time.now.utc - @original_field['verified_at'] = verified_at - end - - def to_h - { name: name, value: value, verified_at: verified_at } - end - end - class << self DISALLOWED_TSQUERY_CHARACTERS = /['?\\:‘’]/.freeze TEXTSEARCH = "(setweight(to_tsvector('simple', accounts.display_name), 'A') || setweight(to_tsvector('simple', accounts.username), 'B') || setweight(to_tsvector('simple', coalesce(accounts.domain, '')), 'C'))" |