From 2427cced78580da729a0ac6a1dc52b2d206aa11c Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Mon, 17 Feb 2020 02:26:52 -0600
Subject: add a `manual_only` (manual trust only) moderation option + handle
 more `reject_unknown`/graylist mode caveats

---
 app/services/activitypub/process_account_service.rb | 21 ++++++++++++++++++---
 app/services/block_domain_service.rb                | 14 +++++++++++++-
 app/services/favourite_service.rb                   |  3 +++
 app/services/follow_service.rb                      |  2 ++
 app/services/post_status_service.rb                 |  1 +
 app/services/reblog_service.rb                      |  8 ++++++--
 6 files changed, 43 insertions(+), 6 deletions(-)

(limited to 'app/services')

diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index 4067e474f..08005f042 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -62,7 +62,8 @@ class ActivityPub::ProcessAccountService < BaseService
     @account.silenced_at      = domain_block.created_at if auto_silence?
     @account.force_unlisted   = true if auto_force_unlisted?
     @account.force_sensitive  = true if auto_force_sensitive?
-    @account.known            = @username == @domain ? Setting.always_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known)
+    @account.manual_only      = true if auto_manual_only?
+    @account.known            = auto_mark_known?
   end
 
   def update_account
@@ -121,7 +122,7 @@ class ActivityPub::ProcessAccountService < BaseService
   end
 
   def set_reject_unknown_policy
-    policy = DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true)
+    DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true)
     user_friendly_action_log(nil, :mark_unknown, @domain)
   end
 
@@ -183,6 +184,7 @@ class ActivityPub::ProcessAccountService < BaseService
 
   def property_values
     return unless @json['attachment'].is_a?(Array)
+
     as_array(@json['attachment']).select { |attachment| attachment['type'] == 'PropertyValue' }.map { |attachment| attachment.slice('name', 'value') }
   end
 
@@ -223,7 +225,7 @@ class ActivityPub::ProcessAccountService < BaseService
   end
 
   def skip_download?
-    @account.suspended? || domain_block&.reject_media?
+    @account.suspended? || !@account.known? || domain_block&.reject_media?
   end
 
   def auto_suspend?
@@ -242,8 +244,19 @@ class ActivityPub::ProcessAccountService < BaseService
     domain_block&.force_sensitive?
   end
 
+  def auto_manual_only?
+    domain_block&.manual_only?
+  end
+
+  def auto_mark_known?
+    return false if @account.manual_only
+
+    @username == @domain ? Setting.always_mark_instance_actors_known : (!Setting.auto_reject_unknown && Setting.auto_mark_known)
+  end
+
   def domain_block
     return @domain_block if defined?(@domain_block)
+
     @domain_block = DomainBlock.find_by(domain: @domain)
   end
 
@@ -275,11 +288,13 @@ class ActivityPub::ProcessAccountService < BaseService
 
     as_array(@json['attachment']).each do |attachment|
       next unless equals_or_includes?(attachment['type'], 'IdentityProof')
+
       current_proofs << process_identity_proof(attachment)
     end
 
     previous_proofs.each do |previous_proof|
       next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id }
+
       previous_proof.delete
     end
   end
diff --git a/app/services/block_domain_service.rb b/app/services/block_domain_service.rb
index 1fae42c50..36634fdd5 100644
--- a/app/services/block_domain_service.rb
+++ b/app/services/block_domain_service.rb
@@ -24,6 +24,7 @@ class BlockDomainService < BaseService
     clear_media! if domain_block.reject_media? || domain_block.suspend?
     force_accounts_sensitive! if domain_block.force_sensitive?
     mark_unknown_accounts! if domain_block.reject_unknown?
+    mark_accounts_manual_only! if domain_block.manual_only?
 
     if domain_block.force_unlisted?
       force_accounts_unlisted!
@@ -52,8 +53,19 @@ class BlockDomainService < BaseService
     end
   end
 
+  def mark_accounts_manual_only!
+    blocked_domain_accounts.in_batches.update_all(manual_only: true)
+  end
+
   def mark_unknown_accounts!
-    unknown_accounts.in_batches.update_all(known: false)
+    ApplicationRecord.transaction do
+      unknown_accounts.in_batches.update_all(known: false)
+      unknown_accounts.find_each do |account|
+        account.avatar = nil
+        account.header = nil
+        account.save!
+      end
+    end
   end
 
   def force_accounts_unlisted!
diff --git a/app/services/favourite_service.rb b/app/services/favourite_service.rb
index 29838ed5f..ddf52ab0c 100644
--- a/app/services/favourite_service.rb
+++ b/app/services/favourite_service.rb
@@ -16,6 +16,9 @@ class FavouriteService < BaseService
     return favourite unless favourite.nil?
 
     account.mark_known! if account.can_be_marked_known? && Setting.mark_known_from_favourites
+
+    raise Mastodon::NotPermittedError("Account @#{account.acct} is restricted by an admin policy.") unless account.known?
+
     favourite = Favourite.create!(account: account, status: status)
 
     curate_status(status)
diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb
index 68dcbda23..395b4c483 100644
--- a/app/services/follow_service.rb
+++ b/app/services/follow_service.rb
@@ -17,6 +17,8 @@ class FollowService < BaseService
 
     target_account.mark_known! if target_account.can_be_marked_known? && Setting.mark_known_from_follows
 
+    raise Mastodon::NotPermittedError("Account @#{target_account.acct} is restricted by an admin policy.") unless target_account.known?
+
     SyncRemoteAccountWorker.perform_async(target_account.id) unless target_account.local? || target_account.passive_relationships.exists?
 
     if source_account.following?(target_account)
diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
index 2d4ee4562..3e0dde72c 100644
--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@@ -104,6 +104,7 @@ class PostStatusService < BaseService
 
   def mark_recipient_known
     @in_reply_to.account.mark_known! if @in_reply_to.account.can_be_marked_known? && Setting.mark_known_from_mentions
+    raise Mastodon::NotPermittedError("Account @#{@in_reply_to.account.acct} is restricted by an admin policy.") unless @in_reply_to.account.known?
   end
 
   def set_footer_from_i_am
diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index 1488a6361..bfc3766d3 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -11,6 +11,7 @@ class ReblogService < BaseService
   # @return [Status]
   def call(account, reblogged_status, options = {})
     reblogged_status = reblogged_status.reblog if reblogged_status.reblog?
+    reblogged_account = reblogged_status&.account
 
     authorize_with account, reblogged_status, :reblog?
 
@@ -18,8 +19,11 @@ class ReblogService < BaseService
     new_reblog = reblog.nil?
 
     if new_reblog
-      reblogged_status.account.mark_known! if reblogged_status.account.can_be_marked_known? && Setting.mark_known_from_boosts
-      reblogged_status.touch if reblogged_status.account.id == account.id
+      reblogged_account.mark_known! if reblogged_account.can_be_marked_known? && Setting.mark_known_from_boosts
+
+      raise Mastodon::NotPermittedError("Account @#{reblogged_account.acct} is restricted by an admin policy.") unless reblogged_account.known?
+
+      reblogged_status.touch if reblogged_account.id == account.id
 
       visibility = options[:visibility] || account.user&.setting_default_privacy
       visibility = reblogged_status.visibility if reblogged_status.hidden?
-- 
cgit