From d1a887b57a6243dcdbf33f00d4692f25b8f2b270 Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Fri, 14 Feb 2020 04:56:13 -0600
Subject: add admin option to toggle auto-marking instance actors known & make
 enabling greylist federation also enable secure mode

---
 app/controllers/application_controller.rb           | 2 +-
 app/models/form/admin_settings.rb                   | 2 ++
 app/services/activitypub/process_account_service.rb | 2 +-
 app/services/concerns/payloadable.rb                | 2 +-
 app/views/admin/settings/edit.html.haml             | 2 ++
 config/locales/en.yml                               | 5 ++++-
 config/settings.yml                                 | 1 +
 7 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 23e7c1f97..3169151a8 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -44,7 +44,7 @@ class ApplicationController < ActionController::Base
   end
 
   def authorized_fetch_mode?
-    ENV['AUTHORIZED_FETCH'] == 'true'
+    ENV['AUTHORIZED_FETCH'] == 'true' || Setting.auto_reject_unknown
   end
 
   def public_fetch_mode?
diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb
index f4631f901..03f6059dc 100644
--- a/app/models/form/admin_settings.rb
+++ b/app/models/form/admin_settings.rb
@@ -36,6 +36,7 @@ class Form::AdminSettings
     show_replies_in_public_timelines
     auto_reject_unknown
     auto_mark_known
+    auto_mark_instance_actors_known
     werewolf_status
     spam_check_enabled
   ).freeze
@@ -55,6 +56,7 @@ class Form::AdminSettings
     show_replies_in_public_timelines
     auto_reject_unknown
     auto_mark_known
+    auto_mark_instance_actors_known
     werewolf_status
     spam_check_enabled
   ).freeze
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index f2831fca2..6dd73b112 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -62,7 +62,7 @@ class ActivityPub::ProcessAccountService < BaseService
     @account.silenced_at      = domain_block.created_at if auto_silence?
     @account.force_unlisted   = true if auto_force_unlisted?
     @account.force_sensitive  = true if auto_force_sensitive?
-    @account.known            = !Setting.auto_reject_unknown && Setting.auto_mark_known
+    @account.known            = @username == @domain ? Setting.auto_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known)
   end
 
   def update_account
diff --git a/app/services/concerns/payloadable.rb b/app/services/concerns/payloadable.rb
index 953740faa..07d6209dc 100644
--- a/app/services/concerns/payloadable.rb
+++ b/app/services/concerns/payloadable.rb
@@ -14,6 +14,6 @@ module Payloadable
   end
 
   def signing_enabled?
-    ENV['AUTHORIZED_FETCH'] != 'true'
+    ENV['AUTHORIZED_FETCH'] != 'true' && !Setting.auto_reject_unknown
   end
 end
diff --git a/app/views/admin/settings/edit.html.haml b/app/views/admin/settings/edit.html.haml
index d3705a48f..fe1ba447a 100644
--- a/app/views/admin/settings/edit.html.haml
+++ b/app/views/admin/settings/edit.html.haml
@@ -46,6 +46,8 @@
 
   = f.input :auto_mark_known, as: :boolean, wrapper: :with_label, label: t('admin.settings.auto_mark_known.title'), hint: t('admin.settings.auto_mark_known.desc_html')
 
+  = f.input :auto_mark_instance_actors_known, as: :boolean, wrapper: :with_label, label: t('admin.settings.auto_mark_instance_actors_known.title'), hint: t('admin.settings.auto_mark_instance_actors_known.desc_html')
+
   %hr.spacer/
 
   .fields-group
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 451bc3335..22c5ba87b 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -515,11 +515,14 @@ en:
         desc_html: Display public timeline on landing page
         title: Timeline preview
       auto_reject_unknown:
-        desc_html: Automatically reject unknown accounts from newly-federated servers.
+        desc_html: Automatically reject unknown accounts from newly-federated servers.  <strong>Enables secure mode.</strong>
         title: Graylist federation mode
       auto_mark_known:
         desc_html: Learn known accounts from outgoing interactions and incoming repeats from packmates.
         title: Auto-learn known accounts
+      auto_mark_instance_actors_known:
+        desc_html: <strong>Disabling this will put the server in must-consent federation mode and require staff to manually approve server actors.</strong>
+        title: Always mark server actor accounts as known
       werewolf_status:
         desc_html: Enable werewolf status Easter egg (requires an announcer account)
         title: Werewolf status
diff --git a/config/settings.yml b/config/settings.yml
index 5585af0f9..de990fdbe 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -70,6 +70,7 @@ defaults: &defaults
   auto_mark_known: true
   werewolf_status: true
   spam_check_enabled: true
+  auto_mark_instance_actors_known: true
 
 development:
   <<: *defaults
-- 
cgit