diff options
-rw-r--r-- | app/models/user.rb | 39 | ||||
-rw-r--r-- | app/workers/registration_janitor_worker.rb | 33 |
2 files changed, 37 insertions, 35 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 11289a0a5..f72acd452 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -44,6 +44,7 @@ class User < ApplicationRecord include Settings::Extend include UserRoles + include LogHelper # The home and list feeds will be stored in Redis for this amount # of time, and status fan-out to followers will include only people @@ -54,6 +55,12 @@ class User < ApplicationRecord # to check their feed ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze + spam_triggers = ENV.fetch('REGISTRATION_SPAM_TRIGGERS', '').split('|').map { |phrase| Regexp.escape(phrase.strip) } + spam_triggers = spam_triggers.empty? ? /(?!)/ : /\b#{Regexp.union(spam_triggers)}\b/i + + SPAM_TRIGGERS = spam_triggers.freeze + + devise :two_factor_authenticatable, otp_secret_encryption_key: Rails.configuration.x.otp_secret @@ -198,7 +205,7 @@ class User < ApplicationRecord if new_user && approved? prepare_new_user! elsif new_user - RegistrationJanitorWorker.perform_async(id) + notify_staff_about_pending_account! end end @@ -243,13 +250,36 @@ class User < ApplicationRecord end def notify_staff_about_pending_account! - LogWorker.perform_async("\xf0\x9f\x86\x95 New account <#{Account.find(account_id).username}> is awaiting admin approval.\n\nReview (moderators only): https://#{Rails.configuration.x.web_domain || Rails.configuration.x.local_domain}/admin/pending_accounts") + LogWorker.perform_async("\xf0\x9f\x86\x95 New account <#{self.account.username}> is awaiting admin approval.\n\nReview (moderators only): https://#{Rails.configuration.x.web_domain || Rails.configuration.x.local_domain}/admin/pending_accounts") User.staff.includes(:account).each do |u| next unless u.allows_pending_account_emails? AdminMailer.new_pending_account(u.account, self).deliver_later end end + def detect_spam! + janitor = janitor_account || Account.representative + + intro = self.invite_request&.text + # normalize it + intro = intro.gsub(/[\u200b-\u200d\ufeff\u200e\u200f]/, '').strip.downcase unless intro.nil? + + return false unless intro.blank? || intro.split.count < 5 || SPAM_TRIGGERS.match?(intro) + + user_friendly_action_log(janitor, :reject_registration, self.account.username, "Registration was spam filtered.") + Form::AccountBatch.new(current_account: janitor, account_ids: account_id, action: 'reject').save + + true + rescue ActiveRecord::RecordNotFound, ActiveRecord::RecordInvalid + false + end + + def janitor_account + account_id = ENV.fetch('JANITOR_USER', '').to_i + return if account_id == 0 + Account.find_by(id: account_id) + end + def wants_larger_menus? @wants_larger_menus ||= (settings.larger_menus || false) end @@ -459,6 +489,11 @@ class User < ApplicationRecord super end + def send_confirmation_instructions + return false if detect_spam! + super + end + def show_all_media? setting_display_media == 'show_all' end diff --git a/app/workers/registration_janitor_worker.rb b/app/workers/registration_janitor_worker.rb deleted file mode 100644 index c3250f993..000000000 --- a/app/workers/registration_janitor_worker.rb +++ /dev/null @@ -1,33 +0,0 @@ -# frozen_string_literal: true - -class RegistrationJanitorWorker - include Sidekiq::Worker - include LogHelper - - def perform(user_id) - user = User.find(user_id) - janitor = janitor_account || Account.representative - - spam_triggers = ENV.fetch('REGISTRATION_SPAM_TRIGGERS', '').split('|').map { |phrase| Regexp.escape(phrase.strip) } - spam_triggers = spam_triggers.empty? ? /(?!)/ : /\b#{Regexp.union(spam_triggers)}\b/i - - intro = user.invite_request&.text - # normalize it - intro = intro.gsub(/[\u200b-\u200d\ufeff\u200e\u200f]/, '').strip.downcase unless intro.nil? - - return user.notify_staff_about_pending_account! unless intro.blank? || intro.split.count < 5 || spam_triggers.match?(intro) - - user_friendly_action_log(janitor, :reject_registration, user.account.username, "Registration was spam filtered.") - Form::AccountBatch.new(current_account: janitor, account_ids: user.account.id, action: 'reject').save - rescue ActiveRecord::RecordNotFound, ActiveRecord::RecordInvalid - true - end - - private - - def janitor_account - account_id = ENV.fetch('JANITOR_USER', '').to_i - return if account_id == 0 - Account.find_by(id: account_id) - end -end |