From 336c23336addeaf5dba42007dd2a5b3c06795d71 Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Thu, 5 May 2022 17:41:42 -0500 Subject: Allow VerifyLinkService to accept backlinks with differing case (#18320) --- app/services/verify_link_service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/verify_link_service.rb b/app/services/verify_link_service.rb index 878a2188d..0a39d7f26 100644 --- a/app/services/verify_link_service.rb +++ b/app/services/verify_link_service.rb @@ -28,7 +28,7 @@ class VerifyLinkService < BaseService links = Nokogiri::HTML(@body).xpath('//a[contains(concat(" ", normalize-space(@rel), " "), " me ")]|//link[contains(concat(" ", normalize-space(@rel), " "), " me ")]') - if links.any? { |link| link['href'] == @link_back } + if links.any? { |link| link['href'].downcase == @link_back.downcase } true elsif links.empty? false -- cgit From 6cf57c676550068a59149ca82d63fcb5b5431158 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 13 May 2022 00:02:35 +0200 Subject: Refactor how Redis locks are created (#18400) * Refactor how Redis locks are created * Fix autorelease duration on account deletion lock --- app/controllers/media_proxy_controller.rb | 17 ++---- app/controllers/settings/exports_controller.rb | 15 ++---- app/lib/activitypub/activity.rb | 17 +----- app/lib/activitypub/activity/announce.rb | 2 +- app/lib/activitypub/activity/create.rb | 4 +- app/lib/activitypub/activity/delete.rb | 6 +-- app/models/account_migration.rb | 13 ++--- app/models/concerns/lockable.rb | 19 +++++++ app/models/concerns/redisable.rb | 8 +-- .../activitypub/process_account_service.rb | 33 +++++------- .../activitypub/process_status_update_service.rb | 46 ++++++---------- app/services/fetch_link_card_service.rb | 15 ++---- app/services/remove_status_service.rb | 61 ++++++++++------------ app/services/resolve_account_service.rb | 13 ++--- app/services/vote_service.rb | 19 +++---- app/workers/distribution_worker.rb | 9 ++-- 16 files changed, 115 insertions(+), 182 deletions(-) create mode 100644 app/models/concerns/lockable.rb (limited to 'app/services') diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb index d2a4cb207..3b228722f 100644 --- a/app/controllers/media_proxy_controller.rb +++ b/app/controllers/media_proxy_controller.rb @@ -4,6 +4,7 @@ class MediaProxyController < ApplicationController include RoutingHelper include Authorization include Redisable + include Lockable skip_before_action :store_current_location skip_before_action :require_functional! @@ -16,14 +17,10 @@ class MediaProxyController < ApplicationController rescue_from HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError, with: :internal_server_error def show - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - @media_attachment = MediaAttachment.remote.attached.find(params[:id]) - authorize @media_attachment.status, :show? - redownload! if @media_attachment.needs_redownload? && !reject_media? - else - raise Mastodon::RaceConditionError - end + with_lock("media_download:#{params[:id]}") do + @media_attachment = MediaAttachment.remote.attached.find(params[:id]) + authorize @media_attachment.status, :show? + redownload! if @media_attachment.needs_redownload? && !reject_media? end redirect_to full_asset_url(@media_attachment.file.url(version)) @@ -45,10 +42,6 @@ class MediaProxyController < ApplicationController end end - def lock_options - { redis: redis, key: "media_download:#{params[:id]}", autorelease: 15.minutes.seconds } - end - def reject_media? DomainBlock.reject_media?(@media_attachment.account.domain) end diff --git a/app/controllers/settings/exports_controller.rb b/app/controllers/settings/exports_controller.rb index 1638d3412..deaa7940e 100644 --- a/app/controllers/settings/exports_controller.rb +++ b/app/controllers/settings/exports_controller.rb @@ -3,6 +3,7 @@ class Settings::ExportsController < Settings::BaseController include Authorization include Redisable + include Lockable skip_before_action :require_functional! @@ -14,21 +15,13 @@ class Settings::ExportsController < Settings::BaseController def create backup = nil - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - authorize :backup, :create? - backup = current_user.backups.create! - else - raise Mastodon::RaceConditionError - end + with_lock("backup:#{current_user.id}") do + authorize :backup, :create? + backup = current_user.backups.create! end BackupWorker.perform_async(backup.id) redirect_to settings_export_path end - - def lock_options - { redis: redis, key: "backup:#{current_user.id}" } - end end diff --git a/app/lib/activitypub/activity.rb b/app/lib/activitypub/activity.rb index 3c51a7a51..7ff06ea39 100644 --- a/app/lib/activitypub/activity.rb +++ b/app/lib/activitypub/activity.rb @@ -3,6 +3,7 @@ class ActivityPub::Activity include JsonLdHelper include Redisable + include Lockable SUPPORTED_TYPES = %w(Note Question).freeze CONVERTED_TYPES = %w(Image Audio Video Article Page Event).freeze @@ -157,22 +158,6 @@ class ActivityPub::Activity end end - def lock_or_return(key, expire_after = 2.hours.seconds) - yield if redis.set(key, true, nx: true, ex: expire_after) - ensure - redis.del(key) - end - - def lock_or_fail(key, expire_after = 15.minutes.seconds) - RedisLock.acquire({ redis: redis, key: key, autorelease: expire_after }) do |lock| - if lock.acquired? - yield - else - raise Mastodon::RaceConditionError - end - end - end - def fetch? !@options[:delivery] end diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb index 0674b1083..0032f13e6 100644 --- a/app/lib/activitypub/activity/announce.rb +++ b/app/lib/activitypub/activity/announce.rb @@ -4,7 +4,7 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity def perform return reject_payload! if delete_arrived_first?(@json['id']) || !related_to_local_activity? - lock_or_fail("announce:#{@object['id']}") do + with_lock("announce:#{@object['id']}") do original_status = status_from_object return reject_payload! if original_status.nil? || !announceable?(original_status) diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 1f32d8cce..73882e134 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -47,7 +47,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity def create_status return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity? - lock_or_fail("create:#{object_uri}") do + with_lock("create:#{object_uri}") do return if delete_arrived_first?(object_uri) || poll_vote? @status = find_existing_status @@ -315,7 +315,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity poll = replied_to_status.preloadable_poll already_voted = true - lock_or_fail("vote:#{replied_to_status.poll_id}:#{@account.id}") do + with_lock("vote:#{replied_to_status.poll_id}:#{@account.id}") do already_voted = poll.votes.where(account: @account).exists? poll.votes.create!(account: @account, choice: poll.options.index(@object['name']), uri: object_uri) end diff --git a/app/lib/activitypub/activity/delete.rb b/app/lib/activitypub/activity/delete.rb index f5ef863f3..871eb3966 100644 --- a/app/lib/activitypub/activity/delete.rb +++ b/app/lib/activitypub/activity/delete.rb @@ -12,7 +12,7 @@ class ActivityPub::Activity::Delete < ActivityPub::Activity private def delete_person - lock_or_return("delete_in_progress:#{@account.id}") do + with_lock("delete_in_progress:#{@account.id}", autorelease: 2.hours, raise_on_failure: false) do DeleteAccountService.new.call(@account, reserve_username: false, skip_activitypub: true) end end @@ -20,14 +20,14 @@ class ActivityPub::Activity::Delete < ActivityPub::Activity def delete_note return if object_uri.nil? - lock_or_return("delete_status_in_progress:#{object_uri}", 5.minutes.seconds) do + with_lock("delete_status_in_progress:#{object_uri}", raise_on_failure: false) do unless invalid_origin?(object_uri) # This lock ensures a concurrent `ActivityPub::Activity::Create` either # does not create a status at all, or has finished saving it to the # database before we try to load it. # Without the lock, `delete_later!` could be called after `delete_arrived_first?` # and `Status.find` before `Status.create!` - lock_or_fail("create:#{object_uri}") { delete_later!(object_uri) } + with_lock("create:#{object_uri}") { delete_later!(object_uri) } Tombstone.find_or_create_by(uri: object_uri, account: @account) end diff --git a/app/models/account_migration.rb b/app/models/account_migration.rb index ded32c9c6..06291c9f3 100644 --- a/app/models/account_migration.rb +++ b/app/models/account_migration.rb @@ -15,6 +15,7 @@ class AccountMigration < ApplicationRecord include Redisable + include Lockable COOLDOWN_PERIOD = 30.days.freeze @@ -41,12 +42,8 @@ class AccountMigration < ApplicationRecord return false unless errors.empty? - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - save - else - raise Mastodon::RaceConditionError - end + with_lock("account_migration:#{account.id}") do + save end end @@ -83,8 +80,4 @@ class AccountMigration < ApplicationRecord def validate_migration_cooldown errors.add(:base, I18n.t('migrations.errors.on_cooldown')) if account.migrations.within_cooldown.exists? end - - def lock_options - { redis: redis, key: "account_migration:#{account.id}" } - end end diff --git a/app/models/concerns/lockable.rb b/app/models/concerns/lockable.rb new file mode 100644 index 000000000..55a9714ca --- /dev/null +++ b/app/models/concerns/lockable.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module Lockable + # @param [String] lock_name + # @param [ActiveSupport::Duration] autorelease Automatically release the lock after this time + # @param [Boolean] raise_on_failure Raise an error if a lock cannot be acquired, or fail silently + # @raise [Mastodon::RaceConditionError] + def with_lock(lock_name, autorelease: 15.minutes, raise_on_failure: true) + with_redis do |redis| + RedisLock.acquire(redis: redis, key: "lock:#{lock_name}", autorelease: autorelease.seconds) do |lock| + if lock.acquired? + yield + elsif raise_on_failure + raise Mastodon::RaceConditionError, "Could not acquire lock for #{lock_name}, try again later" + end + end + end + end +end diff --git a/app/models/concerns/redisable.rb b/app/models/concerns/redisable.rb index 8d76b6b82..0dad3abb2 100644 --- a/app/models/concerns/redisable.rb +++ b/app/models/concerns/redisable.rb @@ -1,11 +1,11 @@ # frozen_string_literal: true module Redisable - extend ActiveSupport::Concern - - private - def redis Thread.current[:redis] ||= RedisConfiguration.pool.checkout end + + def with_redis(&block) + RedisConfiguration.with(&block) + end end diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index 5649153ee..4449a5427 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -4,6 +4,7 @@ class ActivityPub::ProcessAccountService < BaseService include JsonLdHelper include DomainControlHelper include Redisable + include Lockable # Should be called with confirmed valid JSON # and WebFinger-resolved username and domain @@ -17,22 +18,18 @@ class ActivityPub::ProcessAccountService < BaseService @domain = domain @collections = {} - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - @account = Account.remote.find_by(uri: @uri) if @options[:only_key] - @account ||= Account.find_remote(@username, @domain) - @old_public_key = @account&.public_key - @old_protocol = @account&.protocol - @suspension_changed = false - - create_account if @account.nil? - update_account - process_tags - - process_duplicate_accounts! if @options[:verified_webfinger] - else - raise Mastodon::RaceConditionError - end + with_lock("process_account:#{@uri}") do + @account = Account.remote.find_by(uri: @uri) if @options[:only_key] + @account ||= Account.find_remote(@username, @domain) + @old_public_key = @account&.public_key + @old_protocol = @account&.protocol + @suspension_changed = false + + create_account if @account.nil? + update_account + process_tags + + process_duplicate_accounts! if @options[:verified_webfinger] end return if @account.nil? @@ -289,10 +286,6 @@ class ActivityPub::ProcessAccountService < BaseService !@old_protocol.nil? && @old_protocol != @account.protocol end - def lock_options - { redis: redis, key: "process_account:#{@uri}", autorelease: 15.minutes.seconds } - end - def process_tags return if @json['tag'].blank? diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb index fb6e44c6d..addd5fc27 100644 --- a/app/services/activitypub/process_status_update_service.rb +++ b/app/services/activitypub/process_status_update_service.rb @@ -3,6 +3,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService include JsonLdHelper include Redisable + include Lockable def call(status, json) raise ArgumentError, 'Status has unsaved changes' if status.changed? @@ -33,41 +34,32 @@ class ActivityPub::ProcessStatusUpdateService < BaseService last_edit_date = @status.edited_at.presence || @status.created_at # Only allow processing one create/update per status at a time - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - Status.transaction do - record_previous_edit! - update_media_attachments! - update_poll! - update_immediate_attributes! - update_metadata! - create_edits! - end + with_lock("create:#{@uri}") do + Status.transaction do + record_previous_edit! + update_media_attachments! + update_poll! + update_immediate_attributes! + update_metadata! + create_edits! + end - queue_poll_notifications! + queue_poll_notifications! - next unless significant_changes? + next unless significant_changes? - reset_preview_card! - broadcast_updates! - else - raise Mastodon::RaceConditionError - end + reset_preview_card! + broadcast_updates! end forward_activity! if significant_changes? && @status_parser.edited_at > last_edit_date end def handle_implicit_update! - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - update_poll!(allow_significant_changes: false) - else - raise Mastodon::RaceConditionError - end + with_lock("create:#{@uri}") do + update_poll!(allow_significant_changes: false) + queue_poll_notifications! end - - queue_poll_notifications! end def update_media_attachments! @@ -241,10 +233,6 @@ class ActivityPub::ProcessStatusUpdateService < BaseService equals_or_includes_any?(@json['type'], %w(Note Question)) end - def lock_options - { redis: redis, key: "create:#{@uri}", autorelease: 15.minutes.seconds } - end - def record_previous_edit! @previous_edit = @status.build_snapshot(at_time: @status.created_at, rate_limit: false) if @status.edits.empty? end diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index 868796a6b..e5b5b730e 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -2,6 +2,7 @@ class FetchLinkCardService < BaseService include Redisable + include Lockable URL_PATTERN = %r{ (#{Twitter::TwitterText::Regex[:valid_url_preceding_chars]}) # $1 preceding chars @@ -22,13 +23,9 @@ class FetchLinkCardService < BaseService @url = @original_url.to_s - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - @card = PreviewCard.find_by(url: @url) - process_url if @card.nil? || @card.updated_at <= 2.weeks.ago || @card.missing_image? - else - raise Mastodon::RaceConditionError - end + with_lock("fetch:#{@original_url}") do + @card = PreviewCard.find_by(url: @url) + process_url if @card.nil? || @card.updated_at <= 2.weeks.ago || @card.missing_image? end attach_card if @card&.persisted? @@ -155,8 +152,4 @@ class FetchLinkCardService < BaseService @card.assign_attributes(link_details_extractor.to_preview_card_attributes) @card.save_with_optional_image! unless @card.title.blank? && @card.html.blank? end - - def lock_options - { redis: redis, key: "fetch:#{@original_url}", autorelease: 15.minutes.seconds } - end end diff --git a/app/services/remove_status_service.rb b/app/services/remove_status_service.rb index dbd1f6430..8dc521eed 100644 --- a/app/services/remove_status_service.rb +++ b/app/services/remove_status_service.rb @@ -3,6 +3,7 @@ class RemoveStatusService < BaseService include Redisable include Payloadable + include Lockable # Delete a status # @param [Status] status @@ -17,37 +18,33 @@ class RemoveStatusService < BaseService @account = status.account @options = options - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - @status.discard - - remove_from_self if @account.local? - remove_from_followers - remove_from_lists - - # There is no reason to send out Undo activities when the - # cause is that the original object has been removed, since - # original object being removed implicitly removes reblogs - # of it. The Delete activity of the original is forwarded - # separately. - remove_from_remote_reach if @account.local? && !@options[:original_removed] - - # Since reblogs don't mention anyone, don't get reblogged, - # favourited and don't contain their own media attachments - # or hashtags, this can be skipped - unless @status.reblog? - remove_from_mentions - remove_reblogs - remove_from_hashtags - remove_from_public - remove_from_media if @status.with_media? - remove_media - end - - @status.destroy! if permanently? - else - raise Mastodon::RaceConditionError + with_lock("distribute:#{@status.id}") do + @status.discard + + remove_from_self if @account.local? + remove_from_followers + remove_from_lists + + # There is no reason to send out Undo activities when the + # cause is that the original object has been removed, since + # original object being removed implicitly removes reblogs + # of it. The Delete activity of the original is forwarded + # separately. + remove_from_remote_reach if @account.local? && !@options[:original_removed] + + # Since reblogs don't mention anyone, don't get reblogged, + # favourited and don't contain their own media attachments + # or hashtags, this can be skipped + unless @status.reblog? + remove_from_mentions + remove_reblogs + remove_from_hashtags + remove_from_public + remove_from_media if @status.with_media? + remove_media end + + @status.destroy! if permanently? end end @@ -144,8 +141,4 @@ class RemoveStatusService < BaseService def permanently? @options[:immediate] || !(@options[:preserve] || @status.reported?) end - - def lock_options - { redis: redis, key: "distribute:#{@status.id}", autorelease: 5.minutes.seconds } - end end diff --git a/app/services/resolve_account_service.rb b/app/services/resolve_account_service.rb index 387e2e09b..b55e45409 100644 --- a/app/services/resolve_account_service.rb +++ b/app/services/resolve_account_service.rb @@ -5,6 +5,7 @@ class ResolveAccountService < BaseService include DomainControlHelper include WebfingerHelper include Redisable + include Lockable # Find or create an account record for a remote user. When creating, # look up the user's webfinger and fetch ActivityPub data @@ -108,12 +109,8 @@ class ResolveAccountService < BaseService def fetch_account! return unless activitypub_ready? - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url) - else - raise Mastodon::RaceConditionError - end + with_lock("resolve:#{@username}@#{@domain}") do + @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url) end @account @@ -146,8 +143,4 @@ class ResolveAccountService < BaseService @account.suspend!(origin: :remote) AccountDeletionWorker.perform_async(@account.id, { 'reserve_username' => false, 'skip_activitypub' => true }) end - - def lock_options - { redis: redis, key: "resolve:#{@username}@#{@domain}", autorelease: 15.minutes.seconds } - end end diff --git a/app/services/vote_service.rb b/app/services/vote_service.rb index b77812970..ccd04dbfc 100644 --- a/app/services/vote_service.rb +++ b/app/services/vote_service.rb @@ -4,6 +4,7 @@ class VoteService < BaseService include Authorization include Payloadable include Redisable + include Lockable def call(account, poll, choices) authorize_with account, poll, :vote? @@ -15,17 +16,13 @@ class VoteService < BaseService already_voted = true - RedisLock.acquire(lock_options) do |lock| - if lock.acquired? - already_voted = @poll.votes.where(account: @account).exists? + with_lock("vote:#{@poll.id}:#{@account.id}") do + already_voted = @poll.votes.where(account: @account).exists? - ApplicationRecord.transaction do - @choices.each do |choice| - @votes << @poll.votes.create!(account: @account, choice: Integer(choice)) - end + ApplicationRecord.transaction do + @choices.each do |choice| + @votes << @poll.votes.create!(account: @account, choice: Integer(choice)) end - else - raise Mastodon::RaceConditionError end end @@ -76,8 +73,4 @@ class VoteService < BaseService @poll.reload retry end - - def lock_options - { redis: redis, key: "vote:#{@poll.id}:#{@account.id}" } - end end diff --git a/app/workers/distribution_worker.rb b/app/workers/distribution_worker.rb index 474b4daaf..59cdbc7b2 100644 --- a/app/workers/distribution_worker.rb +++ b/app/workers/distribution_worker.rb @@ -3,14 +3,11 @@ class DistributionWorker include Sidekiq::Worker include Redisable + include Lockable def perform(status_id, options = {}) - RedisLock.acquire(redis: redis, key: "distribute:#{status_id}", autorelease: 5.minutes.seconds) do |lock| - if lock.acquired? - FanOutOnWriteService.new.call(Status.find(status_id), **options.symbolize_keys) - else - raise Mastodon::RaceConditionError - end + with_lock("distribute:#{status_id}") do + FanOutOnWriteService.new.call(Status.find(status_id), **options.symbolize_keys) end rescue ActiveRecord::RecordNotFound true -- cgit From e0bdaeab657d9a320aaf506d98ca82d41e7bfdd5 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 17 May 2022 14:52:26 +0200 Subject: Fix NoMethodError when resolving a link that redirects to a local post (#18314) * Fix NoMethodError when resolving a link that redirects to a local post * Fix tests --- .../activitypub/fetch_remote_status_service.rb | 1 + .../fetch_remote_status_service_spec.rb | 40 +++++++++++----------- spec/services/fetch_remote_status_service_spec.rb | 6 ++-- spec/services/resolve_url_service_spec.rb | 19 ++++++++++ 4 files changed, 42 insertions(+), 24 deletions(-) (limited to 'app/services') diff --git a/app/services/activitypub/fetch_remote_status_service.rb b/app/services/activitypub/fetch_remote_status_service.rb index 9672b3d2b..803098245 100644 --- a/app/services/activitypub/fetch_remote_status_service.rb +++ b/app/services/activitypub/fetch_remote_status_service.rb @@ -30,6 +30,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService end return if activity_json.nil? || object_uri.nil? || !trustworthy_attribution?(@json['id'], actor_uri) + return ActivityPub::TagManager.instance.uri_to_resource(object_uri, Status) if ActivityPub::TagManager.instance.local_uri?(object_uri) actor = account_from_uri(actor_uri) diff --git a/spec/services/activitypub/fetch_remote_status_service_spec.rb b/spec/services/activitypub/fetch_remote_status_service_spec.rb index 943cb161d..7359ca0b4 100644 --- a/spec/services/activitypub/fetch_remote_status_service_spec.rb +++ b/spec/services/activitypub/fetch_remote_status_service_spec.rb @@ -3,16 +3,15 @@ require 'rails_helper' RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do include ActionView::Helpers::TextHelper - let!(:sender) { Fabricate(:account).tap { |account| account.update(uri: ActivityPub::TagManager.instance.uri_for(account)) } } + let!(:sender) { Fabricate(:account, domain: 'foo.bar', uri: 'https://foo.bar') } let!(:recipient) { Fabricate(:account) } - let!(:valid_domain) { Rails.configuration.x.local_domain } let(:existing_status) { nil } let(:note) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234", + id: "https://foo.bar/@foo/1234", type: 'Note', content: 'Lorem ipsum', attributedTo: ActivityPub::TagManager.instance.uri_for(sender), @@ -22,7 +21,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do subject { described_class.new } before do - stub_request(:head, 'https://example.com/watch?v=12345').to_return(status: 404, body: '') + stub_request(:get, 'https://foo.bar/watch?v=12345').to_return(status: 404, body: '') + stub_request(:get, object[:id]).to_return(body: Oj.dump(object)) end describe '#call' do @@ -46,7 +46,7 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do let(:object) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234", + id: "https://foo.bar/@foo/1234", type: 'Video', name: 'Nyan Cat 10 hours remix', attributedTo: ActivityPub::TagManager.instance.uri_for(sender), @@ -54,13 +54,13 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do { type: 'Link', mimeType: 'application/x-bittorrent', - href: "https://#{valid_domain}/12345.torrent", + href: "https://foo.bar/12345.torrent", }, { type: 'Link', mimeType: 'text/html', - href: "https://#{valid_domain}/watch?v=12345", + href: "https://foo.bar/watch?v=12345", }, ], } @@ -70,8 +70,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do status = sender.statuses.first expect(status).to_not be_nil - expect(status.url).to eq "https://#{valid_domain}/watch?v=12345" - expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remixhttps://#{valid_domain}/watch?v=12345" + expect(status.url).to eq "https://foo.bar/watch?v=12345" + expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remixhttps://foo.bar/watch?v=12345" end end @@ -79,7 +79,7 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do let(:object) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234", + id: "https://foo.bar/@foo/1234", type: 'Audio', name: 'Nyan Cat 10 hours remix', attributedTo: ActivityPub::TagManager.instance.uri_for(sender), @@ -87,13 +87,13 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do { type: 'Link', mimeType: 'application/x-bittorrent', - href: "https://#{valid_domain}/12345.torrent", + href: "https://foo.bar/12345.torrent", }, { type: 'Link', mimeType: 'text/html', - href: "https://#{valid_domain}/watch?v=12345", + href: "https://foo.bar/watch?v=12345", }, ], } @@ -103,8 +103,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do status = sender.statuses.first expect(status).to_not be_nil - expect(status.url).to eq "https://#{valid_domain}/watch?v=12345" - expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remixhttps://#{valid_domain}/watch?v=12345" + expect(status.url).to eq "https://foo.bar/watch?v=12345" + expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remixhttps://foo.bar/watch?v=12345" end end @@ -112,7 +112,7 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do let(:object) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234", + id: "https://foo.bar/@foo/1234", type: 'Event', name: "Let's change the world", attributedTo: ActivityPub::TagManager.instance.uri_for(sender) @@ -123,8 +123,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do status = sender.statuses.first expect(status).to_not be_nil - expect(status.url).to eq "https://#{valid_domain}/@foo/1234" - expect(strip_tags(status.text)).to eq "Let's change the worldhttps://#{valid_domain}/@foo/1234" + expect(status.url).to eq "https://foo.bar/@foo/1234" + expect(strip_tags(status.text)).to eq "Let's change the worldhttps://foo.bar/@foo/1234" end end @@ -154,7 +154,7 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do let(:object) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234/create", + id: "https://foo.bar/@foo/1234/create", type: 'Create', actor: ActivityPub::TagManager.instance.uri_for(sender), object: note, @@ -174,7 +174,7 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do let(:object) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234/create", + id: "https://foo.bar/@foo/1234/create", type: 'Create', actor: ActivityPub::TagManager.instance.uri_for(sender), object: { @@ -208,7 +208,7 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do let(:object) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234/create", + id: "https://foo.bar/@foo/1234/create", type: 'Create', actor: ActivityPub::TagManager.instance.uri_for(sender), object: note.merge(updated: '2021-09-08T22:39:25Z'), diff --git a/spec/services/fetch_remote_status_service_spec.rb b/spec/services/fetch_remote_status_service_spec.rb index 0e63cc9eb..fe5f1aed1 100644 --- a/spec/services/fetch_remote_status_service_spec.rb +++ b/spec/services/fetch_remote_status_service_spec.rb @@ -1,14 +1,13 @@ require 'rails_helper' RSpec.describe FetchRemoteStatusService, type: :service do - let(:account) { Fabricate(:account) } + let(:account) { Fabricate(:account, domain: 'example.org', uri: 'https://example.org/foo') } let(:prefetched_body) { nil } - let(:valid_domain) { Rails.configuration.x.local_domain } let(:note) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: "https://#{valid_domain}/@foo/1234", + id: "https://example.org/@foo/1234", type: 'Note', content: 'Lorem ipsum', attributedTo: ActivityPub::TagManager.instance.uri_for(account), @@ -20,7 +19,6 @@ RSpec.describe FetchRemoteStatusService, type: :service do let(:prefetched_body) { Oj.dump(note) } before do - account.update(uri: ActivityPub::TagManager.instance.uri_for(account)) subject end diff --git a/spec/services/resolve_url_service_spec.rb b/spec/services/resolve_url_service_spec.rb index 1b639dea9..b3e3defbf 100644 --- a/spec/services/resolve_url_service_spec.rb +++ b/spec/services/resolve_url_service_spec.rb @@ -126,5 +126,24 @@ describe ResolveURLService, type: :service do end end end + + context 'searching for a link that redirects to a local public status' do + let(:account) { Fabricate(:account) } + let(:poster) { Fabricate(:account) } + let!(:status) { Fabricate(:status, account: poster, visibility: :public) } + let(:url) { 'https://link.to/foobar' } + let(:status_url) { ActivityPub::TagManager.instance.url_for(status) } + let(:uri) { ActivityPub::TagManager.instance.uri_for(status) } + + before do + stub_request(:get, url).to_return(status: 302, headers: { 'Location' => status_url }) + body = ActiveModelSerializers::SerializableResource.new(status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter).to_json + stub_request(:get, status_url).to_return(body: body, headers: { 'Content-Type' => 'application/activity+json' }) + end + + it 'returns status by url' do + expect(subject.call(url, on_behalf_of: account)).to eq(status) + end + end end end -- cgit From 440eb71310e41d668f00980b73358edd5f8df043 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 26 May 2022 15:50:33 +0200 Subject: Change unapproved and unconfirmed account to not be accessible in the REST API (#17530) * Change unapproved and unconfirmed account to not be accessible in the REST API * Change Account#searchable? to reject unconfirmed and unapproved users * Disable search for unapproved and unconfirmed users in Account.search_for * Disable search for unapproved and unconfirmed users in Account.advanced_search_for * Remove unconfirmed and unapproved accounts from Account.searchable scope * Prevent mentions to unapproved/unconfirmed accounts * Fix some old tests for Account.advanced_search_for * Add some Account.advanced_search_for tests for existing behaviors * Add some tests for Account.search_for * Add Account.advanced_search_for tests unconfirmed and unapproved accounts * Add Account.searchable tests * Fix Account.without_unapproved scope potentially messing with previously-applied scopes * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup This is so that the API can still be used to check whether an username is free to use. --- app/controllers/api/v1/accounts_controller.rb | 10 ++ app/models/account.rb | 9 +- app/services/process_mentions_service.rb | 3 + spec/models/account_spec.rb | 178 +++++++++++++++++++++++++- 4 files changed, 194 insertions(+), 6 deletions(-) (limited to 'app/services') diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 5134bfb94..5537cc9b0 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -9,6 +9,8 @@ class Api::V1::AccountsController < Api::BaseController before_action :require_user!, except: [:show, :create] before_action :set_account, except: [:create] + before_action :check_account_approval, except: [:create] + before_action :check_account_confirmation, except: [:create] before_action :check_enabled_registrations, only: [:create] skip_before_action :require_authenticated_user!, only: :create @@ -74,6 +76,14 @@ class Api::V1::AccountsController < Api::BaseController @account = Account.find(params[:id]) end + def check_account_approval + raise(ActiveRecord::RecordNotFound) if @account.local? && @account.user_pending? + end + + def check_account_confirmation + raise(ActiveRecord::RecordNotFound) if @account.local? && !@account.user_confirmed? + end + def relationships(**options) AccountRelationshipsPresenter.new([@account.id], current_user.account_id, **options) end diff --git a/app/models/account.rb b/app/models/account.rb index 7b460b054..bd94142c4 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -109,7 +109,8 @@ class Account < ApplicationRecord scope :matches_username, ->(value) { where(arel_table[:username].matches("#{value}%")) } scope :matches_display_name, ->(value) { where(arel_table[:display_name].matches("#{value}%")) } scope :matches_domain, ->(value) { where(arel_table[:domain].matches("%#{value}%")) } - scope :searchable, -> { without_suspended.where(moved_to_account_id: nil) } + scope :without_unapproved, -> { left_outer_joins(:user).remote.or(left_outer_joins(:user).merge(User.approved.confirmed)) } + scope :searchable, -> { without_unapproved.without_suspended.where(moved_to_account_id: nil) } scope :discoverable, -> { searchable.without_silenced.where(discoverable: true).left_outer_joins(:account_stat) } scope :followable_by, ->(account) { joins(arel_table.join(Follow.arel_table, Arel::Nodes::OuterJoin).on(arel_table[:id].eq(Follow.arel_table[:target_account_id]).and(Follow.arel_table[:account_id].eq(account.id))).join_sources).where(Follow.arel_table[:id].eq(nil)).joins(arel_table.join(FollowRequest.arel_table, Arel::Nodes::OuterJoin).on(arel_table[:id].eq(FollowRequest.arel_table[:target_account_id]).and(FollowRequest.arel_table[:account_id].eq(account.id))).join_sources).where(FollowRequest.arel_table[:id].eq(nil)) } scope :by_recent_status, -> { order(Arel.sql('(case when account_stats.last_status_at is null then 1 else 0 end) asc, account_stats.last_status_at desc, accounts.id desc')) } @@ -193,7 +194,7 @@ class Account < ApplicationRecord end def searchable? - !(suspended? || moved?) + !(suspended? || moved?) && (!local? || (approved? && confirmed?)) end def possibly_stale? @@ -461,9 +462,11 @@ class Account < ApplicationRecord accounts.*, ts_rank_cd(#{TEXTSEARCH}, to_tsquery('simple', :tsquery), 32) AS rank FROM accounts + LEFT JOIN users ON accounts.id = users.account_id WHERE to_tsquery('simple', :tsquery) @@ #{TEXTSEARCH} AND accounts.suspended_at IS NULL AND accounts.moved_to_account_id IS NULL + AND (accounts.domain IS NOT NULL OR (users.approved = TRUE AND users.confirmed_at IS NOT NULL)) ORDER BY rank DESC LIMIT :limit OFFSET :offset SQL @@ -539,9 +542,11 @@ class Account < ApplicationRecord (count(f.id) + 1) * ts_rank_cd(#{TEXTSEARCH}, to_tsquery('simple', :tsquery), 32) AS rank FROM accounts LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = :id) OR (accounts.id = f.target_account_id AND f.account_id = :id) + LEFT JOIN users ON accounts.id = users.account_id WHERE to_tsquery('simple', :tsquery) @@ #{TEXTSEARCH} AND accounts.suspended_at IS NULL AND accounts.moved_to_account_id IS NULL + AND (accounts.domain IS NOT NULL OR (users.approved = TRUE AND users.confirmed_at IS NOT NULL)) GROUP BY accounts.id ORDER BY rank DESC LIMIT :limit OFFSET :offset diff --git a/app/services/process_mentions_service.rb b/app/services/process_mentions_service.rb index 9d239fc65..8c63b611d 100644 --- a/app/services/process_mentions_service.rb +++ b/app/services/process_mentions_service.rb @@ -37,6 +37,9 @@ class ProcessMentionsService < BaseService mentioned_account = Account.find_remote(username, domain) + # Unapproved and unconfirmed accounts should not be mentionable + next if mentioned_account&.local? && !(mentioned_account.user_confirmed? && mentioned_account.user_approved?) + # If the account cannot be found or isn't the right protocol, # first try to resolve it if mention_undeliverable?(mentioned_account) diff --git a/spec/models/account_spec.rb b/spec/models/account_spec.rb index 681134d49..dc0ca3da3 100644 --- a/spec/models/account_spec.rb +++ b/spec/models/account_spec.rb @@ -350,6 +350,45 @@ RSpec.describe Account, type: :model do ) end + it 'does not return suspended users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username', + domain: 'example.com', + suspended: true + ) + + results = Account.search_for('username') + expect(results).to eq [] + end + + it 'does not return unapproved users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username' + ) + + match.user.update(approved: false) + + results = Account.search_for('username') + expect(results).to eq [] + end + + it 'does not return unconfirmed users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username' + ) + + match.user.update(confirmed_at: nil) + + results = Account.search_for('username') + expect(results).to eq [] + end + it 'accepts ?, \, : and space as delimiter' do match = Fabricate( :account, @@ -422,8 +461,114 @@ RSpec.describe Account, type: :model do end describe '.advanced_search_for' do + let(:account) { Fabricate(:account) } + + context 'when limiting search to followed accounts' do + it 'accepts ?, \, : and space as delimiter' do + match = Fabricate( + :account, + display_name: 'A & l & i & c & e', + username: 'username', + domain: 'example.com' + ) + account.follow!(match) + + results = Account.advanced_search_for('A?l\i:c e', account, 10, true) + expect(results).to eq [match] + end + + it 'does not return non-followed accounts' do + match = Fabricate( + :account, + display_name: 'A & l & i & c & e', + username: 'username', + domain: 'example.com' + ) + + results = Account.advanced_search_for('A?l\i:c e', account, 10, true) + expect(results).to eq [] + end + + it 'does not return suspended users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username', + domain: 'example.com', + suspended: true + ) + + results = Account.advanced_search_for('username', account, 10, true) + expect(results).to eq [] + end + + it 'does not return unapproved users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username' + ) + + match.user.update(approved: false) + + results = Account.advanced_search_for('username', account, 10, true) + expect(results).to eq [] + end + + it 'does not return unconfirmed users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username' + ) + + match.user.update(confirmed_at: nil) + + results = Account.advanced_search_for('username', account, 10, true) + expect(results).to eq [] + end + end + + it 'does not return suspended users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username', + domain: 'example.com', + suspended: true + ) + + results = Account.advanced_search_for('username', account) + expect(results).to eq [] + end + + it 'does not return unapproved users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username' + ) + + match.user.update(approved: false) + + results = Account.advanced_search_for('username', account) + expect(results).to eq [] + end + + it 'does not return unconfirmed users' do + match = Fabricate( + :account, + display_name: 'Display Name', + username: 'username' + ) + + match.user.update(confirmed_at: nil) + + results = Account.advanced_search_for('username', account) + expect(results).to eq [] + end + it 'accepts ?, \, : and space as delimiter' do - account = Fabricate(:account) match = Fabricate( :account, display_name: 'A & l & i & c & e', @@ -437,18 +582,17 @@ RSpec.describe Account, type: :model do it 'limits by 10 by default' do 11.times { Fabricate(:account, display_name: "Display Name") } - results = Account.search_for("display") + results = Account.advanced_search_for("display", account) expect(results.size).to eq 10 end it 'accepts arbitrary limits' do 2.times { Fabricate(:account, display_name: "Display Name") } - results = Account.search_for("display", 1) + results = Account.advanced_search_for("display", account, 1) expect(results.size).to eq 1 end it 'ranks followed accounts higher' do - account = Fabricate(:account) match = Fabricate(:account, username: "Matching") followed_match = Fabricate(:account, username: "Matcher") Fabricate(:follow, account: account, target_account: followed_match) @@ -775,6 +919,32 @@ RSpec.describe Account, type: :model do expect(Account.suspended).to match_array([account_1]) end end + + describe 'searchable' do + let!(:suspended_local) { Fabricate(:account, suspended: true, username: 'suspended_local') } + let!(:suspended_remote) { Fabricate(:account, suspended: true, domain: 'example.org', username: 'suspended_remote') } + let!(:silenced_local) { Fabricate(:account, silenced: true, username: 'silenced_local') } + let!(:silenced_remote) { Fabricate(:account, silenced: true, domain: 'example.org', username: 'silenced_remote') } + let!(:unconfirmed) { Fabricate(:user, confirmed_at: nil).account } + let!(:unapproved) { Fabricate(:user, approved: false).account } + let!(:unconfirmed_unapproved) { Fabricate(:user, confirmed_at: nil, approved: false).account } + let!(:local_account) { Fabricate(:account, username: 'local_account') } + let!(:remote_account) { Fabricate(:account, domain: 'example.org', username: 'remote_account') } + + before do + # Accounts get automatically-approved depending on settings, so ensure they aren't approved + unapproved.user.update(approved: false) + unconfirmed_unapproved.user.update(approved: false) + end + + it 'returns every usable non-suspended account' do + expect(Account.searchable).to match_array([silenced_local, silenced_remote, local_account, remote_account]) + end + + it 'does not mess with previously-applied scopes' do + expect(Account.where.not(id: remote_account.id).searchable).to match_array([silenced_local, silenced_remote, local_account]) + end + end end context 'when is local' do -- cgit From 976cd6413e9b2a1531a2ad17945342deaeec538c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:04:16 +0200 Subject: Fix moderator leak in undo_mark_statuses_as_sensitive (#18525) Signed-off-by: Eugen Rochko Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com> --- app/services/approve_appeal_service.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/approve_appeal_service.rb b/app/services/approve_appeal_service.rb index 37a08b46e..96aaaa7d0 100644 --- a/app/services/approve_appeal_service.rb +++ b/app/services/approve_appeal_service.rb @@ -52,8 +52,9 @@ class ApproveAppealService < BaseService end def undo_mark_statuses_as_sensitive! + representative_account = Account.representative @strike.statuses.includes(:media_attachments).each do |status| - UpdateStatusService.new.call(status, @current_account.id, sensitive: false) if status.with_media? + UpdateStatusService.new.call(status, representative_account.id, sensitive: false) if status.with_media? end end -- cgit From 1ff4877945e18820f3e518a1cfbac243da65e1a5 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:06:10 +0200 Subject: Fix empty votes arbitrarily increasing voters count in polls (#18526) --- app/services/vote_service.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/services') diff --git a/app/services/vote_service.rb b/app/services/vote_service.rb index ccd04dbfc..114ec285c 100644 --- a/app/services/vote_service.rb +++ b/app/services/vote_service.rb @@ -7,6 +7,8 @@ class VoteService < BaseService include Lockable def call(account, poll, choices) + return if choices.empty? + authorize_with account, poll, :vote? @account = account -- cgit From c4d2c39a75eccdbc60c3540c259e1e7ea5881ac6 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:08:02 +0200 Subject: Fix being able to report otherwise inaccessible statuses (#18528) --- app/models/admin/status_batch_action.rb | 6 +++++- app/services/report_service.rb | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'app/services') diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb index 631af183c..7bf6fa6da 100644 --- a/app/models/admin/status_batch_action.rb +++ b/app/models/admin/status_batch_action.rb @@ -103,7 +103,7 @@ class Admin::StatusBatchAction def handle_report! @report = Report.new(report_params) unless with_report? - @report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq + @report.status_ids = (@report.status_ids + allowed_status_ids).uniq @report.save! @report_id = @report.id @@ -135,4 +135,8 @@ class Admin::StatusBatchAction def report_params { account: current_account, target_account: target_account } end + + def allowed_status_ids + AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id) + end end diff --git a/app/services/report_service.rb b/app/services/report_service.rb index 9d784c341..d251bb33f 100644 --- a/app/services/report_service.rb +++ b/app/services/report_service.rb @@ -57,7 +57,7 @@ class ReportService < BaseService end def reported_status_ids - @target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id) + AccountStatusesFilter.new(@target_account, @source_account).results.with_discarded.find(Array(@status_ids)).pluck(:id) end def payload -- cgit From 8a9acbe604667215c9589154d72b3f313755c210 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:08:12 +0200 Subject: Fix being able to appeal a strike unlimited times (#18529) Peculiarity of the `has_one` association is that the convenience creation method deletes the previous association even if the new one is invalid --- app/services/appeal_service.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/appeal_service.rb b/app/services/appeal_service.rb index 1397c50f5..cef9be05f 100644 --- a/app/services/appeal_service.rb +++ b/app/services/appeal_service.rb @@ -14,7 +14,8 @@ class AppealService < BaseService private def create_appeal! - @appeal = @strike.create_appeal!( + @appeal = Appeal.create!( + strike: @strike, text: @text, account: @strike.target_account ) -- cgit From 52f4e834f293c9fdbf5805639d022ac4e3856b75 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 26 May 2022 22:14:47 +0200 Subject: Fix concurrent unfollowing decrementing follower count more than once (#18527) --- app/services/unfollow_service.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/unfollow_service.rb b/app/services/unfollow_service.rb index 151f3674f..d83a60e4e 100644 --- a/app/services/unfollow_service.rb +++ b/app/services/unfollow_service.rb @@ -2,6 +2,8 @@ class UnfollowService < BaseService include Payloadable + include Redisable + include Lockable # Unfollow and notify the remote user # @param [Account] source_account Where to unfollow from @@ -13,7 +15,9 @@ class UnfollowService < BaseService @target_account = target_account @options = options - unfollow! || undo_follow_request! + with_lock("relationship:#{[source_account.id, target_account.id].sort.join(':')}") do + unfollow! || undo_follow_request! + end end private -- cgit