From 440eb71310e41d668f00980b73358edd5f8df043 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 26 May 2022 15:50:33 +0200 Subject: Change unapproved and unconfirmed account to not be accessible in the REST API (#17530) * Change unapproved and unconfirmed account to not be accessible in the REST API * Change Account#searchable? to reject unconfirmed and unapproved users * Disable search for unapproved and unconfirmed users in Account.search_for * Disable search for unapproved and unconfirmed users in Account.advanced_search_for * Remove unconfirmed and unapproved accounts from Account.searchable scope * Prevent mentions to unapproved/unconfirmed accounts * Fix some old tests for Account.advanced_search_for * Add some Account.advanced_search_for tests for existing behaviors * Add some tests for Account.search_for * Add Account.advanced_search_for tests unconfirmed and unapproved accounts * Add Account.searchable tests * Fix Account.without_unapproved scope potentially messing with previously-applied scopes * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup This is so that the API can still be used to check whether an username is free to use. --- app/services/process_mentions_service.rb | 3 +++ 1 file changed, 3 insertions(+) (limited to 'app/services') diff --git a/app/services/process_mentions_service.rb b/app/services/process_mentions_service.rb index 9d239fc65..8c63b611d 100644 --- a/app/services/process_mentions_service.rb +++ b/app/services/process_mentions_service.rb @@ -37,6 +37,9 @@ class ProcessMentionsService < BaseService mentioned_account = Account.find_remote(username, domain) + # Unapproved and unconfirmed accounts should not be mentionable + next if mentioned_account&.local? && !(mentioned_account.user_confirmed? && mentioned_account.user_approved?) + # If the account cannot be found or isn't the right protocol, # first try to resolve it if mention_undeliverable?(mentioned_account) -- cgit