From 50ea54b3ed125477656893a67d9f552bb53e8ba5 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 1 Mar 2022 16:48:58 +0100 Subject: Change authorized applications page (#17656) * Change authorized applications page * Hide revoke button for superapps and suspended accounts * Clean up db/schema.rb --- app/controllers/api/base_controller.rb | 1 + .../concerns/access_token_tracking_concern.rb | 21 +++++++++++++++++++++ .../concerns/session_tracking_concern.rb | 4 ++-- app/controllers/concerns/user_tracking_concern.rb | 4 ++-- 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 app/controllers/concerns/access_token_tracking_concern.rb (limited to 'app/controllers') diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index b863d8643..72c30dec7 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -5,6 +5,7 @@ class Api::BaseController < ApplicationController DEFAULT_ACCOUNTS_LIMIT = 40 include RateLimitHeaders + include AccessTokenTrackingConcern skip_before_action :store_current_location skip_before_action :require_functional!, unless: :whitelist_mode? diff --git a/app/controllers/concerns/access_token_tracking_concern.rb b/app/controllers/concerns/access_token_tracking_concern.rb new file mode 100644 index 000000000..cf60cfb99 --- /dev/null +++ b/app/controllers/concerns/access_token_tracking_concern.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module AccessTokenTrackingConcern + extend ActiveSupport::Concern + + ACCESS_TOKEN_UPDATE_FREQUENCY = 24.hours.freeze + + included do + before_action :update_access_token_last_used + end + + private + + def update_access_token_last_used + doorkeeper_token.update_last_used(request) if access_token_needs_update? + end + + def access_token_needs_update? + doorkeeper_token.present? && (doorkeeper_token.last_used_at.nil? || doorkeeper_token.last_used_at < ACCESS_TOKEN_UPDATE_FREQUENCY.ago) + end +end diff --git a/app/controllers/concerns/session_tracking_concern.rb b/app/controllers/concerns/session_tracking_concern.rb index 45361b019..eaaa4ac59 100644 --- a/app/controllers/concerns/session_tracking_concern.rb +++ b/app/controllers/concerns/session_tracking_concern.rb @@ -3,7 +3,7 @@ module SessionTrackingConcern extend ActiveSupport::Concern - UPDATE_SIGN_IN_HOURS = 24 + SESSION_UPDATE_FREQUENCY = 24.hours.freeze included do before_action :set_session_activity @@ -17,6 +17,6 @@ module SessionTrackingConcern end def session_needs_update? - !current_session.nil? && current_session.updated_at < UPDATE_SIGN_IN_HOURS.hours.ago + !current_session.nil? && current_session.updated_at < SESSION_UPDATE_FREQUENCY.ago end end diff --git a/app/controllers/concerns/user_tracking_concern.rb b/app/controllers/concerns/user_tracking_concern.rb index 45f3aab0d..e960cce53 100644 --- a/app/controllers/concerns/user_tracking_concern.rb +++ b/app/controllers/concerns/user_tracking_concern.rb @@ -3,7 +3,7 @@ module UserTrackingConcern extend ActiveSupport::Concern - UPDATE_SIGN_IN_FREQUENCY = 24.hours.freeze + SIGN_IN_UPDATE_FREQUENCY = 24.hours.freeze included do before_action :update_user_sign_in @@ -16,6 +16,6 @@ module UserTrackingConcern end def user_needs_sign_in_update? - user_signed_in? && (current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < UPDATE_SIGN_IN_FREQUENCY.ago) + user_signed_in? && (current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < SIGN_IN_UPDATE_FREQUENCY.ago) end end -- cgit From 14919fe11e9a1dd5cbf12969a2957d0d05bb0534 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 1 Mar 2022 19:37:47 +0100 Subject: Change old moderation strikes to be displayed in a separate page (#17566) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Change old moderation strikes to be displayed in a separate page Fixes #17552 This changes the moderation strikes displayed on `/auth/edit` to be those from the past 3 months, and make all moderation strikes targeting the current user available in `/disputes`. * Add short description of what the strikes page is for * Move link to list of strikes to “Account status” instead of navigation item * Normalize i18n file * Fix layout and styling of strikes link * Revert highlights_on regexp * Reintroduce account status summary - this way, “Account status” is never empty - account status is not necessarily bound to strikes, or recent strikes --- app/controllers/auth/registrations_controller.rb | 2 +- app/controllers/disputes/strikes_controller.rb | 6 +++++- app/models/account_warning.rb | 2 +- app/views/auth/registrations/_status.html.haml | 16 ++++++++++++++++ app/views/disputes/strikes/index.html.haml | 6 ++++++ config/locales/en.yml | 4 ++++ config/routes.rb | 2 +- 7 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 app/views/disputes/strikes/index.html.haml (limited to 'app/controllers') diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index 3b025838b..1c3adbd78 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -127,7 +127,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController end def set_strikes - @strikes = current_account.strikes.active.latest + @strikes = current_account.strikes.recent.latest end def require_not_suspended! diff --git a/app/controllers/disputes/strikes_controller.rb b/app/controllers/disputes/strikes_controller.rb index d41c5c727..d85dcb4d5 100644 --- a/app/controllers/disputes/strikes_controller.rb +++ b/app/controllers/disputes/strikes_controller.rb @@ -1,7 +1,11 @@ # frozen_string_literal: true class Disputes::StrikesController < Disputes::BaseController - before_action :set_strike + before_action :set_strike, only: [:show] + + def index + @strikes = current_account.strikes.latest + end def show authorize @strike, :show? diff --git a/app/models/account_warning.rb b/app/models/account_warning.rb index 05d01942d..14d5ac388 100644 --- a/app/models/account_warning.rb +++ b/app/models/account_warning.rb @@ -33,7 +33,7 @@ class AccountWarning < ApplicationRecord scope :latest, -> { order(id: :desc) } scope :custom, -> { where.not(text: '') } - scope :active, -> { where(overruled_at: nil).or(where('account_warnings.overruled_at >= ?', 30.days.ago)) } + scope :recent, -> { where('account_warnings.created_at >= ?', 3.months.ago) } def statuses Status.with_discarded.where(id: status_ids || []) diff --git a/app/views/auth/registrations/_status.html.haml b/app/views/auth/registrations/_status.html.haml index 3546510b2..68954a5da 100644 --- a/app/views/auth/registrations/_status.html.haml +++ b/app/views/auth/registrations/_status.html.haml @@ -12,6 +12,22 @@ %h3= t('auth.status.account_status') +%p.hint + - if @user.account.suspended? + %span.negative-hint= t('user_mailer.warning.explanation.suspend') + - elsif @user.disabled? + %span.negative-hint= t('user_mailer.warning.explanation.disable') + - elsif @user.account.silenced? + %span.warning-hint= t('user_mailer.warning.explanation.silence') + - else + %span.positive-hint= t('auth.status.functional') + = render partial: 'account_warning', collection: @strikes +- if @user.account.strikes.exists? + %hr.spacer/ + + %p.muted-hint + = link_to t('auth.status.view_strikes'), disputes_strikes_path + %hr.spacer/ diff --git a/app/views/disputes/strikes/index.html.haml b/app/views/disputes/strikes/index.html.haml new file mode 100644 index 000000000..6789fa405 --- /dev/null +++ b/app/views/disputes/strikes/index.html.haml @@ -0,0 +1,6 @@ +- content_for :page_title do + = t('settings.strikes') + +%p= t('disputes.strikes.description_html', instance: Rails.configuration.x.local_domain) + += render partial: 'auth/registrations/account_warning', collection: @strikes diff --git a/config/locales/en.yml b/config/locales/en.yml index 536d1dbf6..a68d87d10 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -933,8 +933,10 @@ en: status: account_status: Account status confirming: Waiting for e-mail confirmation to be completed. + functional: Your account is fully operational. pending: Your application is pending review by our staff. This may take some time. You will receive an e-mail if your application is approved. redirecting_to: Your account is inactive because it is currently redirecting to %{acct}. + view_strikes: View past strikes against your account too_fast: Form submitted too fast, try again. trouble_logging_in: Trouble logging in? use_security_key: Use security key @@ -1010,6 +1012,7 @@ en: submit: Submit appeal associated_report: Associated report created_at: Dated + description_html: These are actions taken against your account and warnings that have been sent to you by the staff of %{instance}. recipient: Addressed to status: 'Post #%{id}' status_removed: Post already removed from system @@ -1391,6 +1394,7 @@ en: profile: Profile relationships: Follows and followers statuses_cleanup: Automated post deletion + strikes: Moderation strikes two_factor_authentication: Two-factor Auth webauthn_authentication: Security keys statuses: diff --git a/config/routes.rb b/config/routes.rb index a820f32ad..25eb1558f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -165,7 +165,7 @@ Rails.application.routes.draw do end namespace :disputes do - resources :strikes, only: [:show] do + resources :strikes, only: [:show, :index] do resource :appeal, only: [:create] end end -- cgit From 25d3dc4373531071f444d8e44e44cd21970cb373 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 1 Mar 2022 22:20:29 +0100 Subject: Add ability to mark statuses as sensitive from reports in admin UI (#17668) * Add ability to mark statuses as sensitive from reports in admin UI * Allow mark as sensitive action on statuses with preview cards --- .../admin/reports/actions_controller.rb | 4 ++- app/javascript/styles/mastodon/admin.scss | 2 ++ app/models/account_warning.rb | 13 +++++---- app/models/admin/status_batch_action.rb | 34 ++++++++++++++++++++++ app/models/status.rb | 4 +++ app/services/approve_appeal_service.rb | 8 +++++ app/services/update_status_service.rb | 10 +++---- app/views/admin/reports/_actions.html.haml | 6 ++++ config/locales/en.yml | 16 +++++++--- 9 files changed, 81 insertions(+), 16 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/admin/reports/actions_controller.rb b/app/controllers/admin/reports/actions_controller.rb index 05a4fb63d..5cb5c744f 100644 --- a/app/controllers/admin/reports/actions_controller.rb +++ b/app/controllers/admin/reports/actions_controller.rb @@ -7,7 +7,7 @@ class Admin::Reports::ActionsController < Admin::BaseController authorize @report, :show? case action_from_button - when 'delete' + when 'delete', 'mark_as_sensitive' status_batch_action = Admin::StatusBatchAction.new( type: action_from_button, status_ids: @report.status_ids, @@ -41,6 +41,8 @@ class Admin::Reports::ActionsController < Admin::BaseController def action_from_button if params[:delete] 'delete' + elsif params[:mark_as_sensitive] + 'mark_as_sensitive' elsif params[:silence] 'silence' elsif params[:suspend] diff --git a/app/javascript/styles/mastodon/admin.scss b/app/javascript/styles/mastodon/admin.scss index f49a354dc..52bc2086a 100644 --- a/app/javascript/styles/mastodon/admin.scss +++ b/app/javascript/styles/mastodon/admin.scss @@ -1504,6 +1504,8 @@ a.sparkline { word-wrap: break-word; font-weight: 400; color: $primary-text-color; + box-sizing: border-box; + min-height: 100%; p { margin-bottom: 20px; diff --git a/app/models/account_warning.rb b/app/models/account_warning.rb index 14d5ac388..6067b54b7 100644 --- a/app/models/account_warning.rb +++ b/app/models/account_warning.rb @@ -17,12 +17,13 @@ class AccountWarning < ApplicationRecord enum action: { - none: 0, - disable: 1_000, - delete_statuses: 1_500, - sensitive: 2_000, - silence: 3_000, - suspend: 4_000, + none: 0, + disable: 1_000, + mark_statuses_as_sensitive: 1_250, + delete_statuses: 1_500, + sensitive: 2_000, + silence: 3_000, + suspend: 4_000, }, _suffix: :action belongs_to :account, inverse_of: :account_warnings diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb index 40f60f379..4d91b9805 100644 --- a/app/models/admin/status_batch_action.rb +++ b/app/models/admin/status_batch_action.rb @@ -30,6 +30,8 @@ class Admin::StatusBatchAction case type when 'delete' handle_delete! + when 'mark_as_sensitive' + handle_mark_as_sensitive! when 'report' handle_report! when 'remove_from_report' @@ -65,6 +67,38 @@ class Admin::StatusBatchAction RemovalWorker.push_bulk(status_ids) { |status_id| [status_id, { 'preserve' => target_account.local?, 'immediate' => !target_account.local? }] } end + def handle_mark_as_sensitive! + # Can't use a transaction here because UpdateStatusService queues + # Sidekiq jobs + statuses.includes(:media_attachments, :preview_cards).find_each do |status| + next unless status.with_media? || status.with_preview_card? + + authorize(status, :update?) + + if target_account.local? + UpdateStatusService.new.call(status, current_account.id, sensitive: true) + else + status.update(sensitive: true) + end + + log_action(:update, status) + + if with_report? + report.resolve!(current_account) + log_action(:resolve, report) + end + + @warning = target_account.strikes.create!( + action: :mark_statuses_as_sensitive, + account: current_account, + report: report, + status_ids: status_ids + ) + end + + UserMailer.warning(target_account.user, @warning).deliver_later! if warnable? + end + def handle_report! @report = Report.new(report_params) unless with_report? @report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq diff --git a/app/models/status.rb b/app/models/status.rb index adb92ef91..60dde5045 100644 --- a/app/models/status.rb +++ b/app/models/status.rb @@ -231,6 +231,10 @@ class Status < ApplicationRecord media_attachments.any? end + def with_preview_card? + preview_cards.any? + end + def non_sensitive_with_media? !sensitive? && with_media? end diff --git a/app/services/approve_appeal_service.rb b/app/services/approve_appeal_service.rb index f76bf8943..37a08b46e 100644 --- a/app/services/approve_appeal_service.rb +++ b/app/services/approve_appeal_service.rb @@ -27,6 +27,8 @@ class ApproveAppealService < BaseService undo_disable! when 'delete_statuses' undo_delete_statuses! + when 'mark_statuses_as_sensitive' + undo_mark_statuses_as_sensitive! when 'sensitive' undo_sensitive! when 'silence' @@ -49,6 +51,12 @@ class ApproveAppealService < BaseService # Cannot be undone end + def undo_mark_statuses_as_sensitive! + @strike.statuses.includes(:media_attachments).each do |status| + UpdateStatusService.new.call(status, @current_account.id, sensitive: false) if status.with_media? + end + end + def undo_sensitive! target_account.unsensitize! end diff --git a/app/services/update_status_service.rb b/app/services/update_status_service.rb index 238ef0755..93203bc49 100644 --- a/app/services/update_status_service.rb +++ b/app/services/update_status_service.rb @@ -22,8 +22,8 @@ class UpdateStatusService < BaseService Status.transaction do create_previous_edit! - update_media_attachments! - update_poll! + update_media_attachments! if @options.key?(:media_ids) + update_poll! if @options.key?(:poll) update_immediate_attributes! create_edit! end @@ -91,9 +91,9 @@ class UpdateStatusService < BaseService end def update_immediate_attributes! - @status.text = @options[:text].presence || @options.delete(:spoiler_text) || '' - @status.spoiler_text = @options[:spoiler_text] || '' - @status.sensitive = @options[:sensitive] || @options[:spoiler_text].present? + @status.text = @options[:text].presence || @options.delete(:spoiler_text) || '' if @options.key?(:text) + @status.spoiler_text = @options[:spoiler_text] || '' if @options.key?(:spoiler_text) + @status.sensitive = @options[:sensitive] || @options[:spoiler_text].present? if @options.key?(:sensitive) || @options.key?(:spoiler_text) @status.language = valid_locale_or_nil(@options[:language] || @status.language || @status.account.user&.preferred_posting_language || I18n.default_locale) @status.edited_at = Time.now.utc diff --git a/app/views/admin/reports/_actions.html.haml b/app/views/admin/reports/_actions.html.haml index f3162b325..404d53a77 100644 --- a/app/views/admin/reports/_actions.html.haml +++ b/app/views/admin/reports/_actions.html.haml @@ -5,6 +5,12 @@ = link_to t('admin.reports.mark_as_resolved'), resolve_admin_report_path(@report), method: :post, class: 'button' .report-actions__item__description = t('admin.reports.actions.resolve_description_html') + - if @statuses.any? { |status| status.with_media? || status.with_preview_card? } + .report-actions__item + .report-actions__item__button + = button_tag t('admin.reports.mark_as_sensitive'), name: :mark_as_sensitive, class: 'button' + .report-actions__item__description + = t('admin.reports.actions.mark_as_sensitive_description_html') .report-actions__item .report-actions__item__button = button_tag t('admin.reports.delete_and_resolve'), name: :delete, class: 'button button--destructive' diff --git a/config/locales/en.yml b/config/locales/en.yml index a68d87d10..35c2aa4bb 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -586,6 +586,7 @@ en: action_taken_by: Action taken by actions: delete_description_html: The reported posts will be deleted and a strike will be recorded to help you escalate on future infractions by the same account. + mark_as_sensitive_description_html: The media in the reported posts will be marked as sensitive and a strike will be recorded to help you escalate on future refractions by the same account. other_description_html: See more options for controlling the account's behaviour and customize communication to the reported account. resolve_description_html: No action will be taken against the reported account, no strike recorded, and the report will be closed. silence_description_html: The profile will be visible only to those who already follow it or manually look it up, severely limiting its reach. Can always be reverted. @@ -606,6 +607,7 @@ en: forwarded: Forwarded forwarded_to: Forwarded to %{domain} mark_as_resolved: Mark as resolved + mark_as_sensitive: Mark as sensitive mark_as_unresolved: Mark as unresolved no_one_assigned: No one notes: @@ -749,6 +751,7 @@ en: actions: delete_statuses: "%{name} deleted %{target}'s posts" disable: "%{name} froze %{target}'s account" + mark_statuses_as_sensitive: "%{name} marked %{target}'s posts as sensitive" none: "%{name} sent a warning to %{target}" sensitive: "%{name} marked %{target}'s account as sensitive" silence: "%{name} limited %{target}'s account" @@ -831,6 +834,7 @@ en: actions: delete_statuses: to delete their posts disable: to freeze their account + mark_statuses_as_sensitive: to mark their posts as sensitive none: a warning sensitive: to mark their account as sensitive silence: to limit their account @@ -1020,8 +1024,9 @@ en: title_actions: delete_statuses: Post removal disable: Freezing of account + mark_statuses_as_sensitive: Marking of posts as sensitive none: Warning - sensitive: Marking as sensitive of account + sensitive: Marking of account as sensitive silence: Limitation of account suspend: Suspension of account your_appeal_approved: Your appeal has been approved @@ -1623,24 +1628,27 @@ en: explanation: delete_statuses: Some of your posts have been found to violate one or more community guidelines and have been subsequently removed by the moderators of %{instance}. Future violations may result in harsher punitive actions against your account. disable: You can no longer use your account, but your profile and other data remains intact. You can request a backup of your data, change account settings or delete your account. + mark_statuses_as_sensitive: Some of your posts have been marked as sensitive by the moderators of %{instance}. This means that people will need to tap the media in the posts before a preview is displayed. You can mark media as sensitive yourself when posting in the future. sensitive: From now on, all your uploaded media files will be marked as sensitive and hidden behind a click-through warning. silence: You can still use your account but only people who are already following you will see your posts on this server, and you may be excluded from various discovery features. However, others may still manually follow you. suspend: You can no longer use your account, and your profile and other data are no longer accessible. You can still login to request a backup of your data until the data is fully removed in about 30 days, but we will retain some basic data to prevent you from evading the suspension. get_in_touch: If you believe this is an error, you can reply to this e-mail to get in touch with the staff of %{instance}. reason: 'Reason:' - statuses: 'Posts that have been found in violation:' + statuses: 'Posts cited:' subject: delete_statuses: Your posts on %{acct} have been removed disable: Your account %{acct} has been frozen + mark_statuses_as_sensitive: Your posts on %{acct} have been marked as sensitive none: Warning for %{acct} - sensitive: Your media files on %{acct} will be marked as sensitive from now on + sensitive: Your posts on %{acct} will be marked as sensitive from now on silence: Your account %{acct} has been limited suspend: Your account %{acct} has been suspended title: delete_statuses: Posts removed disable: Account frozen + mark_statuses_as_sensitive: Posts marked as sensitive none: Warning - sensitive: Media hidden + sensitive: Account marked as sensitive silence: Account limited suspend: Account suspended welcome: -- cgit