From 763ab0c7eb5430235ca8a354d11e00de1d8ba6dd Mon Sep 17 00:00:00 2001 From: Claire Date: Sun, 8 Aug 2021 15:29:57 +0200 Subject: Fix owned account notes not being deleted when an account is deleted (#16579) * Add account_notes relationship * Add tests * Fix owned account notes not being deleted when an account is deleted * Add post-migration to clean up orphaned account notes --- .../20210808071221_clear_orphaned_account_notes.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 db/post_migrate/20210808071221_clear_orphaned_account_notes.rb (limited to 'db/post_migrate') diff --git a/db/post_migrate/20210808071221_clear_orphaned_account_notes.rb b/db/post_migrate/20210808071221_clear_orphaned_account_notes.rb new file mode 100644 index 000000000..71171658a --- /dev/null +++ b/db/post_migrate/20210808071221_clear_orphaned_account_notes.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +class ClearOrphanedAccountNotes < ActiveRecord::Migration[5.2] + class Account < ApplicationRecord + # Dummy class, to make migration possible across version changes + end + + class AccountNote < ApplicationRecord + # Dummy class, to make migration possible across version changes + belongs_to :account + belongs_to :target_account, class_name: 'Account' + end + + def up + AccountNote.where('NOT EXISTS (SELECT * FROM users u WHERE u.account_id = account_notes.account_id)').in_batches.delete_all + end + + def down + # nothing to do + end +end -- cgit From 7de0ee7aba86cffeaeffded7e0699214fb64364e Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 26 Nov 2021 05:58:18 +0100 Subject: Remove Keybase integration (#17045) --- app/controllers/api/proofs_controller.rb | 23 --- .../api/v1/accounts/identity_proofs_controller.rb | 3 +- .../settings/identity_proofs_controller.rb | 60 ------- .../well_known/keybase_proof_config_controller.rb | 9 - app/javascript/mastodon/actions/identity_proofs.js | 31 ---- .../mastodon/features/account/components/header.js | 16 +- .../features/account_timeline/components/header.js | 4 +- .../containers/header_container.js | 2 - .../mastodon/features/account_timeline/index.js | 2 - .../mastodon/reducers/identity_proofs.js | 25 --- app/javascript/mastodon/reducers/index.js | 2 - app/javascript/styles/mastodon/forms.scss | 62 ------- app/lib/activitypub/adapter.rb | 1 - app/lib/proof_provider.rb | 12 -- app/lib/proof_provider/keybase.rb | 69 -------- app/lib/proof_provider/keybase/badge.rb | 45 ----- .../proof_provider/keybase/config_serializer.rb | 76 --------- app/lib/proof_provider/keybase/serializer.rb | 25 --- app/lib/proof_provider/keybase/verifier.rb | 59 ------- app/lib/proof_provider/keybase/worker.rb | 32 ---- app/models/account_identity_proof.rb | 46 ----- app/models/concerns/account_associations.rb | 3 +- app/models/concerns/account_merging.rb | 2 +- app/serializers/activitypub/actor_serializer.rb | 5 +- app/serializers/rest/identity_proof_serializer.rb | 17 -- .../activitypub/process_account_service.rb | 26 --- app/services/delete_account_service.rb | 2 - app/views/accounts/_bio.html.haml | 10 +- app/views/admin/accounts/show.html.haml | 12 +- .../settings/identity_proofs/_proof.html.haml | 21 --- app/views/settings/identity_proofs/index.html.haml | 17 -- app/views/settings/identity_proofs/new.html.haml | 36 ---- config/locales/en.yml | 21 --- config/navigation.rb | 1 - config/routes.rb | 6 - .../20211126000907_drop_account_identity_proofs.rb | 13 ++ db/schema.rb | 15 +- spec/controllers/api/proofs_controller_spec.rb | 93 ----------- .../settings/identity_proofs_controller_spec.rb | 186 --------------------- .../keybase_proof_config_controller_spec.rb | 15 -- .../account_identity_proof_fabricator.rb | 8 - spec/lib/proof_provider/keybase/verifier_spec.rb | 82 --------- .../activitypub/process_account_service_spec.rb | 45 ----- 43 files changed, 25 insertions(+), 1215 deletions(-) delete mode 100644 app/controllers/api/proofs_controller.rb delete mode 100644 app/controllers/settings/identity_proofs_controller.rb delete mode 100644 app/controllers/well_known/keybase_proof_config_controller.rb delete mode 100644 app/javascript/mastodon/actions/identity_proofs.js delete mode 100644 app/javascript/mastodon/reducers/identity_proofs.js delete mode 100644 app/lib/proof_provider.rb delete mode 100644 app/lib/proof_provider/keybase.rb delete mode 100644 app/lib/proof_provider/keybase/badge.rb delete mode 100644 app/lib/proof_provider/keybase/config_serializer.rb delete mode 100644 app/lib/proof_provider/keybase/serializer.rb delete mode 100644 app/lib/proof_provider/keybase/verifier.rb delete mode 100644 app/lib/proof_provider/keybase/worker.rb delete mode 100644 app/models/account_identity_proof.rb delete mode 100644 app/serializers/rest/identity_proof_serializer.rb delete mode 100644 app/views/settings/identity_proofs/_proof.html.haml delete mode 100644 app/views/settings/identity_proofs/index.html.haml delete mode 100644 app/views/settings/identity_proofs/new.html.haml create mode 100644 db/post_migrate/20211126000907_drop_account_identity_proofs.rb delete mode 100644 spec/controllers/api/proofs_controller_spec.rb delete mode 100644 spec/controllers/settings/identity_proofs_controller_spec.rb delete mode 100644 spec/controllers/well_known/keybase_proof_config_controller_spec.rb delete mode 100644 spec/fabricators/account_identity_proof_fabricator.rb delete mode 100644 spec/lib/proof_provider/keybase/verifier_spec.rb (limited to 'db/post_migrate') diff --git a/app/controllers/api/proofs_controller.rb b/app/controllers/api/proofs_controller.rb deleted file mode 100644 index dd32cd577..000000000 --- a/app/controllers/api/proofs_controller.rb +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -class Api::ProofsController < Api::BaseController - include AccountOwnedConcern - - skip_before_action :require_authenticated_user! - - before_action :set_provider - - def index - render json: @account, serializer: @provider.serializer_class - end - - private - - def set_provider - @provider = ProofProvider.find(params[:provider]) || raise(ActiveRecord::RecordNotFound) - end - - def username_param - params[:username] - end -end diff --git a/app/controllers/api/v1/accounts/identity_proofs_controller.rb b/app/controllers/api/v1/accounts/identity_proofs_controller.rb index 4b5f6902c..48f293f47 100644 --- a/app/controllers/api/v1/accounts/identity_proofs_controller.rb +++ b/app/controllers/api/v1/accounts/identity_proofs_controller.rb @@ -5,8 +5,7 @@ class Api::V1::Accounts::IdentityProofsController < Api::BaseController before_action :set_account def index - @proofs = @account.suspended? ? [] : @account.identity_proofs.active - render json: @proofs, each_serializer: REST::IdentityProofSerializer + render json: [] end private diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb deleted file mode 100644 index bf2899da6..000000000 --- a/app/controllers/settings/identity_proofs_controller.rb +++ /dev/null @@ -1,60 +0,0 @@ -# frozen_string_literal: true - -class Settings::IdentityProofsController < Settings::BaseController - before_action :check_required_params, only: :new - - def index - @proofs = AccountIdentityProof.where(account: current_account).order(provider: :asc, provider_username: :asc) - @proofs.each(&:refresh!) - end - - def new - @proof = current_account.identity_proofs.new( - token: params[:token], - provider: params[:provider], - provider_username: params[:provider_username] - ) - - if current_account.username.casecmp(params[:username]).zero? - render layout: 'auth' - else - redirect_to settings_identity_proofs_path, alert: I18n.t('identity_proofs.errors.wrong_user', proving: params[:username], current: current_account.username) - end - end - - def create - @proof = current_account.identity_proofs.where(provider: resource_params[:provider], provider_username: resource_params[:provider_username]).first_or_initialize(resource_params) - @proof.token = resource_params[:token] - - if @proof.save - PostStatusService.new.call(current_user.account, text: post_params[:status_text]) if publish_proof? - redirect_to @proof.on_success_path(params[:user_agent]) - else - redirect_to settings_identity_proofs_path, alert: I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize) - end - end - - def destroy - @proof = current_account.identity_proofs.find(params[:id]) - @proof.destroy! - redirect_to settings_identity_proofs_path, success: I18n.t('identity_proofs.removed') - end - - private - - def check_required_params - redirect_to settings_identity_proofs_path unless [:provider, :provider_username, :username, :token].all? { |k| params[k].present? } - end - - def resource_params - params.require(:account_identity_proof).permit(:provider, :provider_username, :token) - end - - def publish_proof? - ActiveModel::Type::Boolean.new.cast(post_params[:post_status]) - end - - def post_params - params.require(:account_identity_proof).permit(:post_status, :status_text) - end -end diff --git a/app/controllers/well_known/keybase_proof_config_controller.rb b/app/controllers/well_known/keybase_proof_config_controller.rb deleted file mode 100644 index e1d43ecbe..000000000 --- a/app/controllers/well_known/keybase_proof_config_controller.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -module WellKnown - class KeybaseProofConfigController < ActionController::Base - def show - render json: {}, serializer: ProofProvider::Keybase::ConfigSerializer, root: 'keybase_config' - end - end -end diff --git a/app/javascript/mastodon/actions/identity_proofs.js b/app/javascript/mastodon/actions/identity_proofs.js deleted file mode 100644 index 103983956..000000000 --- a/app/javascript/mastodon/actions/identity_proofs.js +++ /dev/null @@ -1,31 +0,0 @@ -import api from '../api'; - -export const IDENTITY_PROOFS_ACCOUNT_FETCH_REQUEST = 'IDENTITY_PROOFS_ACCOUNT_FETCH_REQUEST'; -export const IDENTITY_PROOFS_ACCOUNT_FETCH_SUCCESS = 'IDENTITY_PROOFS_ACCOUNT_FETCH_SUCCESS'; -export const IDENTITY_PROOFS_ACCOUNT_FETCH_FAIL = 'IDENTITY_PROOFS_ACCOUNT_FETCH_FAIL'; - -export const fetchAccountIdentityProofs = accountId => (dispatch, getState) => { - dispatch(fetchAccountIdentityProofsRequest(accountId)); - - api(getState).get(`/api/v1/accounts/${accountId}/identity_proofs`) - .then(({ data }) => dispatch(fetchAccountIdentityProofsSuccess(accountId, data))) - .catch(err => dispatch(fetchAccountIdentityProofsFail(accountId, err))); -}; - -export const fetchAccountIdentityProofsRequest = id => ({ - type: IDENTITY_PROOFS_ACCOUNT_FETCH_REQUEST, - id, -}); - -export const fetchAccountIdentityProofsSuccess = (accountId, identity_proofs) => ({ - type: IDENTITY_PROOFS_ACCOUNT_FETCH_SUCCESS, - accountId, - identity_proofs, -}); - -export const fetchAccountIdentityProofsFail = (accountId, err) => ({ - type: IDENTITY_PROOFS_ACCOUNT_FETCH_FAIL, - accountId, - err, - skipNotFound: true, -}); diff --git a/app/javascript/mastodon/features/account/components/header.js b/app/javascript/mastodon/features/account/components/header.js index 4d0a828c7..48ec49d81 100644 --- a/app/javascript/mastodon/features/account/components/header.js +++ b/app/javascript/mastodon/features/account/components/header.js @@ -123,7 +123,7 @@ class Header extends ImmutablePureComponent { } render () { - const { account, intl, domain, identity_proofs } = this.props; + const { account, intl, domain } = this.props; if (!account) { return null; @@ -297,20 +297,8 @@ class Header extends ImmutablePureComponent {
- {(fields.size > 0 || identity_proofs.size > 0) && ( + {fields.size > 0 && (
- {identity_proofs.map((proof, i) => ( -
-
- -
- - - - -
-
- ))} {fields.map((pair, i) => (
diff --git a/app/javascript/mastodon/features/account_timeline/components/header.js b/app/javascript/mastodon/features/account_timeline/components/header.js index 17b693600..33bea4c17 100644 --- a/app/javascript/mastodon/features/account_timeline/components/header.js +++ b/app/javascript/mastodon/features/account_timeline/components/header.js @@ -11,7 +11,6 @@ export default class Header extends ImmutablePureComponent { static propTypes = { account: ImmutablePropTypes.map, - identity_proofs: ImmutablePropTypes.list, onFollow: PropTypes.func.isRequired, onBlock: PropTypes.func.isRequired, onMention: PropTypes.func.isRequired, @@ -92,7 +91,7 @@ export default class Header extends ImmutablePureComponent { } render () { - const { account, hideTabs, identity_proofs } = this.props; + const { account, hideTabs } = this.props; if (account === null) { return null; @@ -104,7 +103,6 @@ export default class Header extends ImmutablePureComponent { { const mapStateToProps = (state, { accountId }) => ({ account: getAccount(state, accountId), domain: state.getIn(['meta', 'domain']), - identity_proofs: state.getIn(['identity_proofs', accountId], ImmutableList()), }); return mapStateToProps; diff --git a/app/javascript/mastodon/features/account_timeline/index.js b/app/javascript/mastodon/features/account_timeline/index.js index 20f1dba9f..37df2818b 100644 --- a/app/javascript/mastodon/features/account_timeline/index.js +++ b/app/javascript/mastodon/features/account_timeline/index.js @@ -12,7 +12,6 @@ import ColumnBackButton from '../../components/column_back_button'; import { List as ImmutableList } from 'immutable'; import ImmutablePureComponent from 'react-immutable-pure-component'; import { FormattedMessage } from 'react-intl'; -import { fetchAccountIdentityProofs } from '../../actions/identity_proofs'; import MissingIndicator from 'mastodon/components/missing_indicator'; import TimelineHint from 'mastodon/components/timeline_hint'; import { me } from 'mastodon/initial_state'; @@ -80,7 +79,6 @@ class AccountTimeline extends ImmutablePureComponent { const { accountId, withReplies, dispatch } = this.props; dispatch(fetchAccount(accountId)); - dispatch(fetchAccountIdentityProofs(accountId)); if (!withReplies) { dispatch(expandAccountFeaturedTimeline(accountId)); diff --git a/app/javascript/mastodon/reducers/identity_proofs.js b/app/javascript/mastodon/reducers/identity_proofs.js deleted file mode 100644 index 58af0a5fa..000000000 --- a/app/javascript/mastodon/reducers/identity_proofs.js +++ /dev/null @@ -1,25 +0,0 @@ -import { Map as ImmutableMap, fromJS } from 'immutable'; -import { - IDENTITY_PROOFS_ACCOUNT_FETCH_REQUEST, - IDENTITY_PROOFS_ACCOUNT_FETCH_SUCCESS, - IDENTITY_PROOFS_ACCOUNT_FETCH_FAIL, -} from '../actions/identity_proofs'; - -const initialState = ImmutableMap(); - -export default function identityProofsReducer(state = initialState, action) { - switch(action.type) { - case IDENTITY_PROOFS_ACCOUNT_FETCH_REQUEST: - return state.set('isLoading', true); - case IDENTITY_PROOFS_ACCOUNT_FETCH_FAIL: - return state.set('isLoading', false); - case IDENTITY_PROOFS_ACCOUNT_FETCH_SUCCESS: - return state.update(identity_proofs => identity_proofs.withMutations(map => { - map.set('isLoading', false); - map.set('loaded', true); - map.set(action.accountId, fromJS(action.identity_proofs)); - })); - default: - return state; - } -}; diff --git a/app/javascript/mastodon/reducers/index.js b/app/javascript/mastodon/reducers/index.js index e518c8228..53e2dd681 100644 --- a/app/javascript/mastodon/reducers/index.js +++ b/app/javascript/mastodon/reducers/index.js @@ -32,7 +32,6 @@ import filters from './filters'; import conversations from './conversations'; import suggestions from './suggestions'; import polls from './polls'; -import identity_proofs from './identity_proofs'; import trends from './trends'; import missed_updates from './missed_updates'; import announcements from './announcements'; @@ -69,7 +68,6 @@ const reducers = { notifications, height_cache, custom_emojis, - identity_proofs, lists, listEditor, listAdder, diff --git a/app/javascript/styles/mastodon/forms.scss b/app/javascript/styles/mastodon/forms.scss index 5b71b6334..65f53471d 100644 --- a/app/javascript/styles/mastodon/forms.scss +++ b/app/javascript/styles/mastodon/forms.scss @@ -999,68 +999,6 @@ code { } } -.connection-prompt { - margin-bottom: 25px; - - .fa-link { - background-color: darken($ui-base-color, 4%); - border-radius: 100%; - font-size: 24px; - padding: 10px; - } - - &__column { - align-items: center; - display: flex; - flex: 1; - flex-direction: column; - flex-shrink: 1; - max-width: 50%; - - &-sep { - align-self: center; - flex-grow: 0; - overflow: visible; - position: relative; - z-index: 1; - } - - p { - word-break: break-word; - } - } - - .account__avatar { - margin-bottom: 20px; - } - - &__connection { - background-color: lighten($ui-base-color, 8%); - box-shadow: 0 0 15px rgba($base-shadow-color, 0.2); - border-radius: 4px; - padding: 25px 10px; - position: relative; - text-align: center; - - &::after { - background-color: darken($ui-base-color, 4%); - content: ''; - display: block; - height: 100%; - left: 50%; - position: absolute; - top: 0; - width: 1px; - } - } - - &__row { - align-items: flex-start; - display: flex; - flex-direction: row; - } -} - .input.user_confirm_password, .input.user_website { &:not(.field_with_errors) { diff --git a/app/lib/activitypub/adapter.rb b/app/lib/activitypub/adapter.rb index 2d6b87659..776e1d3da 100644 --- a/app/lib/activitypub/adapter.rb +++ b/app/lib/activitypub/adapter.rb @@ -18,7 +18,6 @@ class ActivityPub::Adapter < ActiveModelSerializers::Adapter::Base atom_uri: { 'ostatus' => 'http://ostatus.org#', 'atomUri' => 'ostatus:atomUri' }, conversation: { 'ostatus' => 'http://ostatus.org#', 'inReplyToAtomUri' => 'ostatus:inReplyToAtomUri', 'conversation' => 'ostatus:conversation' }, focal_point: { 'toot' => 'http://joinmastodon.org/ns#', 'focalPoint' => { '@container' => '@list', '@id' => 'toot:focalPoint' } }, - identity_proof: { 'toot' => 'http://joinmastodon.org/ns#', 'IdentityProof' => 'toot:IdentityProof' }, blurhash: { 'toot' => 'http://joinmastodon.org/ns#', 'blurhash' => 'toot:blurhash' }, discoverable: { 'toot' => 'http://joinmastodon.org/ns#', 'discoverable' => 'toot:discoverable' }, voters_count: { 'toot' => 'http://joinmastodon.org/ns#', 'votersCount' => 'toot:votersCount' }, diff --git a/app/lib/proof_provider.rb b/app/lib/proof_provider.rb deleted file mode 100644 index 102c50f4f..000000000 --- a/app/lib/proof_provider.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true - -module ProofProvider - SUPPORTED_PROVIDERS = %w(keybase).freeze - - def self.find(identifier, proof = nil) - case identifier - when 'keybase' - ProofProvider::Keybase.new(proof) - end - end -end diff --git a/app/lib/proof_provider/keybase.rb b/app/lib/proof_provider/keybase.rb deleted file mode 100644 index 8e51d7146..000000000 --- a/app/lib/proof_provider/keybase.rb +++ /dev/null @@ -1,69 +0,0 @@ -# frozen_string_literal: true - -class ProofProvider::Keybase - BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io') - DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.web_domain) - - class Error < StandardError; end - - class ExpectedProofLiveError < Error; end - - class UnexpectedResponseError < Error; end - - def initialize(proof = nil) - @proof = proof - end - - def serializer_class - ProofProvider::Keybase::Serializer - end - - def worker_class - ProofProvider::Keybase::Worker - end - - def validate! - unless @proof.token&.size == 66 - @proof.errors.add(:base, I18n.t('identity_proofs.errors.keybase.invalid_token')) - return - end - - # Do not perform synchronous validation for remote accounts - return if @proof.provider_username.blank? || !@proof.account.local? - - if verifier.valid? - @proof.verified = true - @proof.live = false - else - @proof.errors.add(:base, I18n.t('identity_proofs.errors.keybase.verification_failed', kb_username: @proof.provider_username)) - end - end - - def refresh! - worker_class.new.perform(@proof) - rescue ProofProvider::Keybase::Error - nil - end - - def on_success_path(user_agent = nil) - verifier.on_success_path(user_agent) - end - - def badge - @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain) - end - - def verifier - @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain) - end - - private - - def domain - if @proof.account.local? - DOMAIN - else - @proof.account.domain - end - end -end diff --git a/app/lib/proof_provider/keybase/badge.rb b/app/lib/proof_provider/keybase/badge.rb deleted file mode 100644 index f587b1cc7..000000000 --- a/app/lib/proof_provider/keybase/badge.rb +++ /dev/null @@ -1,45 +0,0 @@ -# frozen_string_literal: true - -class ProofProvider::Keybase::Badge - include RoutingHelper - - def initialize(local_username, provider_username, token, domain) - @local_username = local_username - @provider_username = provider_username - @token = token - @domain = domain - end - - def proof_url - "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/sigchain\##{@token}" - end - - def profile_url - "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}" - end - - def icon_url - "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}" - end - - def avatar_url - Rails.cache.fetch("proof_providers/keybase/#{@provider_username}/avatar_url", expires_in: 5.minutes) { remote_avatar_url } || default_avatar_url - end - - private - - def remote_avatar_url - request = Request.new(:get, "#{ProofProvider::Keybase::BASE_URL}/_/api/1.0/user/pic_url.json", params: { username: @provider_username }) - - request.perform do |res| - json = Oj.load(res.body_with_limit, mode: :strict) - json['pic_url'] if json.is_a?(Hash) - end - rescue Oj::ParseError, HTTP::Error, OpenSSL::SSL::SSLError - nil - end - - def default_avatar_url - asset_pack_path('media/images/proof_providers/keybase.png') - end -end diff --git a/app/lib/proof_provider/keybase/config_serializer.rb b/app/lib/proof_provider/keybase/config_serializer.rb deleted file mode 100644 index c6c364d31..000000000 --- a/app/lib/proof_provider/keybase/config_serializer.rb +++ /dev/null @@ -1,76 +0,0 @@ -# frozen_string_literal: true - -class ProofProvider::Keybase::ConfigSerializer < ActiveModel::Serializer - include RoutingHelper - include ActionView::Helpers::TextHelper - - attributes :version, :domain, :display_name, :username, - :brand_color, :logo, :description, :prefill_url, - :profile_url, :check_url, :check_path, :avatar_path, - :contact - - def version - 1 - end - - def domain - ProofProvider::Keybase::DOMAIN - end - - def display_name - Setting.site_title - end - - def logo - { - svg_black: full_asset_url(asset_pack_path('media/images/logo_transparent_black.svg')), - svg_white: full_asset_url(asset_pack_path('media/images/logo_transparent_white.svg')), - svg_full: full_asset_url(asset_pack_path('media/images/logo.svg')), - svg_full_darkmode: full_asset_url(asset_pack_path('media/images/logo.svg')), - } - end - - def brand_color - '#282c37' - end - - def description - strip_tags(Setting.site_short_description.presence || I18n.t('about.about_mastodon_html')) - end - - def username - { min: 1, max: 30, re: '[a-z0-9_]+([a-z0-9_.-]+[a-z0-9_]+)?' } - end - - def prefill_url - params = { - provider: 'keybase', - token: '%{sig_hash}', - provider_username: '%{kb_username}', - username: '%{username}', - user_agent: '%{kb_ua}', - } - - CGI.unescape(new_settings_identity_proof_url(params)) - end - - def profile_url - CGI.unescape(short_account_url('%{username}')) - end - - def check_url - CGI.unescape(api_proofs_url(username: '%{username}', provider: 'keybase')) - end - - def check_path - ['signatures'] - end - - def avatar_path - ['avatar'] - end - - def contact - [Setting.site_contact_email.presence || 'unknown'].compact - end -end diff --git a/app/lib/proof_provider/keybase/serializer.rb b/app/lib/proof_provider/keybase/serializer.rb deleted file mode 100644 index d29283600..000000000 --- a/app/lib/proof_provider/keybase/serializer.rb +++ /dev/null @@ -1,25 +0,0 @@ -# frozen_string_literal: true - -class ProofProvider::Keybase::Serializer < ActiveModel::Serializer - include RoutingHelper - - attribute :avatar - - has_many :identity_proofs, key: :signatures - - def avatar - full_asset_url(object.avatar_original_url) - end - - class AccountIdentityProofSerializer < ActiveModel::Serializer - attributes :sig_hash, :kb_username - - def sig_hash - object.token - end - - def kb_username - object.provider_username - end - end -end diff --git a/app/lib/proof_provider/keybase/verifier.rb b/app/lib/proof_provider/keybase/verifier.rb deleted file mode 100644 index af69b1bfc..000000000 --- a/app/lib/proof_provider/keybase/verifier.rb +++ /dev/null @@ -1,59 +0,0 @@ -# frozen_string_literal: true - -class ProofProvider::Keybase::Verifier - def initialize(local_username, provider_username, token, domain) - @local_username = local_username - @provider_username = provider_username - @token = token - @domain = domain - end - - def valid? - request = Request.new(:get, "#{ProofProvider::Keybase::BASE_URL}/_/api/1.0/sig/proof_valid.json", params: query_params) - - request.perform do |res| - json = Oj.load(res.body_with_limit, mode: :strict) - - if json.is_a?(Hash) - json.fetch('proof_valid', false) - else - false - end - end - rescue Oj::ParseError, HTTP::Error, OpenSSL::SSL::SSLError - false - end - - def on_success_path(user_agent = nil) - url = Addressable::URI.parse("#{ProofProvider::Keybase::BASE_URL}/_/proof_creation_success") - url.query_values = query_params.merge(kb_ua: user_agent || 'unknown') - url.to_s - end - - def status - request = Request.new(:get, "#{ProofProvider::Keybase::BASE_URL}/_/api/1.0/sig/proof_live.json", params: query_params) - - request.perform do |res| - raise ProofProvider::Keybase::UnexpectedResponseError unless res.code == 200 - - json = Oj.load(res.body_with_limit, mode: :strict) - - raise ProofProvider::Keybase::UnexpectedResponseError unless json.is_a?(Hash) && json.key?('proof_valid') && json.key?('proof_live') - - json - end - rescue Oj::ParseError, HTTP::Error, OpenSSL::SSL::SSLError - raise ProofProvider::Keybase::UnexpectedResponseError - end - - private - - def query_params - { - domain: @domain, - kb_username: @provider_username, - username: @local_username, - sig_hash: @token, - } - end -end diff --git a/app/lib/proof_provider/keybase/worker.rb b/app/lib/proof_provider/keybase/worker.rb deleted file mode 100644 index bcdd18cc5..000000000 --- a/app/lib/proof_provider/keybase/worker.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -class ProofProvider::Keybase::Worker - include Sidekiq::Worker - - sidekiq_options queue: 'pull', retry: 20, unique: :until_executed - - sidekiq_retry_in do |count, exception| - # Retry aggressively when the proof is valid but not live in Keybase. - # This is likely because Keybase just hasn't noticed the proof being - # served from here yet. - - if exception.class == ProofProvider::Keybase::ExpectedProofLiveError - case count - when 0..2 then 0.seconds - when 2..6 then 1.second - end - end - end - - def perform(proof_id) - proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id) - status = proof.provider_instance.verifier.status - - # If Keybase thinks the proof is valid, and it exists here in Mastodon, - # then it should be live. Keybase just has to notice that it's here - # and then update its state. That might take a couple seconds. - raise ProofProvider::Keybase::ExpectedProofLiveError if status['proof_valid'] && !status['proof_live'] - - proof.update!(verified: status['proof_valid'], live: status['proof_live']) - end -end diff --git a/app/models/account_identity_proof.rb b/app/models/account_identity_proof.rb deleted file mode 100644 index 10b66cccf..000000000 --- a/app/models/account_identity_proof.rb +++ /dev/null @@ -1,46 +0,0 @@ -# frozen_string_literal: true -# == Schema Information -# -# Table name: account_identity_proofs -# -# id :bigint(8) not null, primary key -# account_id :bigint(8) -# provider :string default(""), not null -# provider_username :string default(""), not null -# token :text default(""), not null -# verified :boolean default(FALSE), not null -# live :boolean default(FALSE), not null -# created_at :datetime not null -# updated_at :datetime not null -# - -class AccountIdentityProof < ApplicationRecord - belongs_to :account - - validates :provider, inclusion: { in: ProofProvider::SUPPORTED_PROVIDERS } - validates :provider_username, format: { with: /\A[a-z0-9_]+\z/i }, length: { minimum: 2, maximum: 30 } - validates :provider_username, uniqueness: { scope: [:account_id, :provider] } - validates :token, format: { with: /\A[a-f0-9]+\z/ }, length: { maximum: 66 } - - validate :validate_with_provider, if: :token_changed? - - scope :active, -> { where(verified: true, live: true) } - - after_commit :queue_worker, if: :saved_change_to_token? - - delegate :refresh!, :on_success_path, :badge, to: :provider_instance - - def provider_instance - @provider_instance ||= ProofProvider.find(provider, self) - end - - private - - def queue_worker - provider_instance.worker_class.perform_async(id) - end - - def validate_with_provider - provider_instance.validate! - end -end diff --git a/app/models/concerns/account_associations.rb b/app/models/concerns/account_associations.rb index f2a4eae77..f9e7a3bea 100644 --- a/app/models/concerns/account_associations.rb +++ b/app/models/concerns/account_associations.rb @@ -7,8 +7,7 @@ module AccountAssociations # Local users has_one :user, inverse_of: :account, dependent: :destroy - # Identity proofs - has_many :identity_proofs, class_name: 'AccountIdentityProof', dependent: :destroy, inverse_of: :account + # E2EE has_many :devices, dependent: :destroy, inverse_of: :account # Timelines diff --git a/app/models/concerns/account_merging.rb b/app/models/concerns/account_merging.rb index 8d37c6e56..119773e6b 100644 --- a/app/models/concerns/account_merging.rb +++ b/app/models/concerns/account_merging.rb @@ -13,7 +13,7 @@ module AccountMerging owned_classes = [ Status, StatusPin, MediaAttachment, Poll, Report, Tombstone, Favourite, - Follow, FollowRequest, Block, Mute, AccountIdentityProof, + Follow, FollowRequest, Block, Mute, AccountModerationNote, AccountPin, AccountStat, ListAccount, PollVote, Mention, AccountDeletionRequest, AccountNote, FollowRecommendationSuppression ] diff --git a/app/serializers/activitypub/actor_serializer.rb b/app/serializers/activitypub/actor_serializer.rb index a7d948976..48707aa16 100644 --- a/app/serializers/activitypub/actor_serializer.rb +++ b/app/serializers/activitypub/actor_serializer.rb @@ -6,8 +6,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer context :security context_extensions :manually_approves_followers, :featured, :also_known_as, - :moved_to, :property_value, :identity_proof, - :discoverable, :olm, :suspended + :moved_to, :property_value, :discoverable, :olm, :suspended attributes :id, :type, :following, :followers, :inbox, :outbox, :featured, :featured_tags, @@ -143,7 +142,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer end def virtual_attachments - object.suspended? ? [] : (object.fields + object.identity_proofs.active) + object.suspended? ? [] : object.fields end def moved_to diff --git a/app/serializers/rest/identity_proof_serializer.rb b/app/serializers/rest/identity_proof_serializer.rb deleted file mode 100644 index 0e7415935..000000000 --- a/app/serializers/rest/identity_proof_serializer.rb +++ /dev/null @@ -1,17 +0,0 @@ -# frozen_string_literal: true - -class REST::IdentityProofSerializer < ActiveModel::Serializer - attributes :provider, :provider_username, :updated_at, :proof_url, :profile_url - - def proof_url - object.badge.proof_url - end - - def profile_url - object.badge.profile_url - end - - def provider - object.provider.capitalize - end -end diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index 4ab6912e5..ec5140720 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -27,7 +27,6 @@ class ActivityPub::ProcessAccountService < BaseService create_account if @account.nil? update_account process_tags - process_attachments process_duplicate_accounts! if @options[:verified_webfinger] else @@ -301,23 +300,6 @@ class ActivityPub::ProcessAccountService < BaseService end end - def process_attachments - return if @json['attachment'].blank? - - previous_proofs = @account.identity_proofs.to_a - current_proofs = [] - - as_array(@json['attachment']).each do |attachment| - next unless equals_or_includes?(attachment['type'], 'IdentityProof') - current_proofs << process_identity_proof(attachment) - end - - previous_proofs.each do |previous_proof| - next if current_proofs.any? { |current_proof| current_proof.id == previous_proof.id } - previous_proof.delete - end - end - def process_emoji(tag) return if skip_download? return if tag['name'].blank? || tag['icon'].blank? || tag['icon']['url'].blank? @@ -334,12 +316,4 @@ class ActivityPub::ProcessAccountService < BaseService emoji.image_remote_url = image_url emoji.save end - - def process_identity_proof(attachment) - provider = attachment['signatureAlgorithm'] - provider_username = attachment['name'] - token = attachment['signatureValue'] - - @account.identity_proofs.where(provider: provider, provider_username: provider_username).find_or_create_by(provider: provider, provider_username: provider_username, token: token) - end end diff --git a/app/services/delete_account_service.rb b/app/services/delete_account_service.rb index ac571d7e2..0e3fedfe7 100644 --- a/app/services/delete_account_service.rb +++ b/app/services/delete_account_service.rb @@ -17,7 +17,6 @@ class DeleteAccountService < BaseService domain_blocks featured_tags follow_requests - identity_proofs list_accounts migrations mute_relationships @@ -45,7 +44,6 @@ class DeleteAccountService < BaseService domain_blocks featured_tags follow_requests - identity_proofs list_accounts migrations mute_relationships diff --git a/app/views/accounts/_bio.html.haml b/app/views/accounts/_bio.html.haml index efc26d136..e8a49a1aa 100644 --- a/app/views/accounts/_bio.html.haml +++ b/app/views/accounts/_bio.html.haml @@ -1,16 +1,8 @@ -- proofs = account.identity_proofs.active - fields = account.fields .public-account-bio - - unless fields.empty? && proofs.empty? + - unless fields.empty? .account__header__fields - - proofs.each do |proof| - %dl - %dt= proof.provider.capitalize - %dd.verified - = link_to fa_icon('check'), proof.badge.proof_url, class: 'verified__mark', title: t('accounts.link_verified_on', date: l(proof.updated_at)) - = link_to proof.provider_username, proof.badge.profile_url - - fields.each do |field| %dl %dt.emojify{ title: field.name }= Formatter.instance.format_field(account, field.name, custom_emojify: true) diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml index 66eb49342..2b6e28e8d 100644 --- a/app/views/admin/accounts/show.html.haml +++ b/app/views/admin/accounts/show.html.haml @@ -8,20 +8,12 @@ = render 'application/card', account: @account - account = @account -- proofs = account.identity_proofs.active - fields = account.fields -- unless fields.empty? && proofs.empty? && account.note.blank? +- unless fields.empty? && account.note.blank? .admin-account-bio - - unless fields.empty? && proofs.empty? + - unless fields.empty? %div .account__header__fields - - proofs.each do |proof| - %dl - %dt= proof.provider.capitalize - %dd.verified - = link_to fa_icon('check'), proof.badge.proof_url, class: 'verified__mark', title: t('accounts.link_verified_on', date: l(proof.updated_at)) - = link_to proof.provider_username, proof.badge.profile_url - - fields.each do |field| %dl %dt.emojify{ title: field.name }= Formatter.instance.format_field(account, field.name, custom_emojify: true) diff --git a/app/views/settings/identity_proofs/_proof.html.haml b/app/views/settings/identity_proofs/_proof.html.haml deleted file mode 100644 index 14e8e91be..000000000 --- a/app/views/settings/identity_proofs/_proof.html.haml +++ /dev/null @@ -1,21 +0,0 @@ -%tr - %td - = link_to proof.badge.profile_url, class: 'name-tag' do - = image_tag proof.badge.avatar_url, width: 15, height: 15, alt: '', class: 'avatar' - %span.username - = proof.provider_username - %span= "(#{proof.provider.capitalize})" - - %td - - if proof.live? - %span.positive-hint - = fa_icon 'check-circle fw' - = t('identity_proofs.active') - - else - %span.negative-hint - = fa_icon 'times-circle fw' - = t('identity_proofs.inactive') - - %td - = table_link_to 'external-link', t('identity_proofs.view_proof'), proof.badge.proof_url if proof.badge.proof_url - = table_link_to 'trash', t('identity_proofs.remove'), settings_identity_proof_path(proof), method: :delete, data: { confirm: t('admin.accounts.are_you_sure') } diff --git a/app/views/settings/identity_proofs/index.html.haml b/app/views/settings/identity_proofs/index.html.haml deleted file mode 100644 index d0ea03ecd..000000000 --- a/app/views/settings/identity_proofs/index.html.haml +++ /dev/null @@ -1,17 +0,0 @@ -- content_for :page_title do - = t('settings.identity_proofs') - -%p= t('identity_proofs.explanation_html') - -- unless @proofs.empty? - %hr.spacer/ - - .table-wrapper - %table.table - %thead - %tr - %th= t('identity_proofs.identity') - %th= t('identity_proofs.status') - %th - %tbody - = render partial: 'settings/identity_proofs/proof', collection: @proofs, as: :proof diff --git a/app/views/settings/identity_proofs/new.html.haml b/app/views/settings/identity_proofs/new.html.haml deleted file mode 100644 index 5e4e9895d..000000000 --- a/app/views/settings/identity_proofs/new.html.haml +++ /dev/null @@ -1,36 +0,0 @@ -- content_for :page_title do - = t('identity_proofs.authorize_connection_prompt') - -.form-container - .oauth-prompt - %h2= t('identity_proofs.authorize_connection_prompt') - - = simple_form_for @proof, url: settings_identity_proofs_url, html: { method: :post } do |f| - = f.input :provider, as: :hidden - = f.input :provider_username, as: :hidden - = f.input :token, as: :hidden - - = hidden_field_tag :user_agent, params[:user_agent] - - .connection-prompt - .connection-prompt__row.connection-prompt__connection - .connection-prompt__column - = image_tag current_account.avatar.url(:original), size: 96, class: 'account__avatar' - - %p= t('identity_proofs.i_am_html', username: content_tag(:strong,current_account.username), service: site_hostname) - - .connection-prompt__column.connection-prompt__column-sep - = fa_icon 'link' - - .connection-prompt__column - = image_tag @proof.badge.avatar_url, size: 96, class: 'account__avatar' - - %p= t('identity_proofs.i_am_html', username: content_tag(:strong, @proof.provider_username), service: @proof.provider.capitalize) - - .connection-prompt__post - = f.input :post_status, label: t('identity_proofs.publicize_checkbox'), as: :boolean, wrapper: :with_label, :input_html => { checked: true } - - = f.input :status_text, as: :text, input_html: { value: t('identity_proofs.publicize_toot', username: @proof.provider_username, service: @proof.provider.capitalize, url: @proof.badge.proof_url), rows: 4 } - - = f.button :button, t('identity_proofs.authorize'), type: :submit - = link_to t('simple_form.no'), settings_identity_proofs_url, class: 'button negative' diff --git a/config/locales/en.yml b/config/locales/en.yml index c98b82801..1aa96ba0f 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -985,26 +985,6 @@ en: other: Something isn't quite right yet! Please review %{count} errors below html_validator: invalid_markup: 'contains invalid HTML markup: %{error}' - identity_proofs: - active: Active - authorize: Yes, authorize - authorize_connection_prompt: Authorize this cryptographic connection? - errors: - failed: The cryptographic connection failed. Please try again from %{provider}. - keybase: - invalid_token: Keybase tokens are hashes of signatures and must be 66 hex characters - verification_failed: Keybase does not recognize this token as a signature of Keybase user %{kb_username}. Please retry from Keybase. - wrong_user: Cannot create a proof for %{proving} while logged in as %{current}. Log in as %{proving} and try again. - explanation_html: Here you can cryptographically connect your other identities from other platforms, such as Keybase. This lets other people send you encrypted messages on those platforms and allows them to trust that the content you send them comes from you. - i_am_html: I am %{username} on %{service}. - identity: Identity - inactive: Inactive - publicize_checkbox: 'And toot this:' - publicize_toot: 'It is proven! I am %{username} on %{service}: %{url}' - remove: Remove proof from account - removed: Successfully removed proof from account - status: Verification status - view_proof: View proof imports: errors: over_rows_processing_limit: contains more than %{count} rows @@ -1279,7 +1259,6 @@ en: edit_profile: Edit profile export: Data export featured_tags: Featured hashtags - identity_proofs: Identity proofs import: Import import_and_export: Import and export migrate: Account migration diff --git a/config/navigation.rb b/config/navigation.rb index 477d1c9ff..99743c222 100644 --- a/config/navigation.rb +++ b/config/navigation.rb @@ -7,7 +7,6 @@ SimpleNavigation::Configuration.run do |navigation| n.item :profile, safe_join([fa_icon('user fw'), t('settings.profile')]), settings_profile_url, if: -> { current_user.functional? } do |s| s.item :profile, safe_join([fa_icon('pencil fw'), t('settings.appearance')]), settings_profile_url s.item :featured_tags, safe_join([fa_icon('hashtag fw'), t('settings.featured_tags')]), settings_featured_tags_url - s.item :identity_proofs, safe_join([fa_icon('key fw'), t('settings.identity_proofs')]), settings_identity_proofs_path, highlights_on: %r{/settings/identity_proofs*}, if: proc { current_account.identity_proofs.exists? } end n.item :preferences, safe_join([fa_icon('cog fw'), t('settings.preferences')]), settings_preferences_url, if: -> { current_user.functional? } do |s| diff --git a/config/routes.rb b/config/routes.rb index c7317d173..5f73129ea 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -25,7 +25,6 @@ Rails.application.routes.draw do get '.well-known/nodeinfo', to: 'well_known/nodeinfo#index', as: :nodeinfo, defaults: { format: 'json' } get '.well-known/webfinger', to: 'well_known/webfinger#show', as: :webfinger get '.well-known/change-password', to: redirect('/auth/edit') - get '.well-known/keybase-proof-config', to: 'well_known/keybase_proof_config#show' get '/nodeinfo/2.0', to: 'well_known/nodeinfo#show', as: :nodeinfo_schema @@ -146,8 +145,6 @@ Rails.application.routes.draw do resource :confirmation, only: [:new, :create] end - resources :identity_proofs, only: [:index, :new, :create, :destroy] - resources :applications, except: [:edit] do member do post :regenerate @@ -332,9 +329,6 @@ Rails.application.routes.draw do # OEmbed get '/oembed', to: 'oembed#show', as: :oembed - # Identity proofs - get :proofs, to: 'proofs#index' - # JSON / REST API namespace :v1 do resources :statuses, only: [:create, :show, :destroy] do diff --git a/db/post_migrate/20211126000907_drop_account_identity_proofs.rb b/db/post_migrate/20211126000907_drop_account_identity_proofs.rb new file mode 100644 index 000000000..44a6f1f08 --- /dev/null +++ b/db/post_migrate/20211126000907_drop_account_identity_proofs.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class DropAccountIdentityProofs < ActiveRecord::Migration[5.2] + disable_ddl_transaction! + + def up + drop_table :account_identity_proofs + end + + def down + raise ActiveRecord::IrreversibleMigration + end +end diff --git a/db/schema.rb b/db/schema.rb index 00969daf1..54a46730c 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2021_11_23_212714) do +ActiveRecord::Schema.define(version: 2021_11_26_000907) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -51,18 +51,6 @@ ActiveRecord::Schema.define(version: 2021_11_23_212714) do t.index ["account_id", "domain"], name: "index_account_domain_blocks_on_account_id_and_domain", unique: true end - create_table "account_identity_proofs", force: :cascade do |t| - t.bigint "account_id" - t.string "provider", default: "", null: false - t.string "provider_username", default: "", null: false - t.text "token", default: "", null: false - t.boolean "verified", default: false, null: false - t.boolean "live", default: false, null: false - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.index ["account_id", "provider", "provider_username"], name: "index_account_proofs_on_account_and_provider_and_username", unique: true - end - create_table "account_migrations", force: :cascade do |t| t.bigint "account_id" t.string "acct", default: "", null: false @@ -1010,7 +998,6 @@ ActiveRecord::Schema.define(version: 2021_11_23_212714) do add_foreign_key "account_conversations", "conversations", on_delete: :cascade add_foreign_key "account_deletion_requests", "accounts", on_delete: :cascade add_foreign_key "account_domain_blocks", "accounts", name: "fk_206c6029bd", on_delete: :cascade - add_foreign_key "account_identity_proofs", "accounts", on_delete: :cascade add_foreign_key "account_migrations", "accounts", column: "target_account_id", on_delete: :nullify add_foreign_key "account_migrations", "accounts", on_delete: :cascade add_foreign_key "account_moderation_notes", "accounts" diff --git a/spec/controllers/api/proofs_controller_spec.rb b/spec/controllers/api/proofs_controller_spec.rb deleted file mode 100644 index 2fe615005..000000000 --- a/spec/controllers/api/proofs_controller_spec.rb +++ /dev/null @@ -1,93 +0,0 @@ -require 'rails_helper' - -describe Api::ProofsController do - let(:alice) { Fabricate(:account, username: 'alice') } - - before do - stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_valid.json?domain=cb6e6126.ngrok.io&kb_username=crypto_alice&sig_hash=111111111111111111111111111111111111111111111111111111111111111111&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":false}') - stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_live.json?domain=cb6e6126.ngrok.io&kb_username=crypto_alice&sig_hash=111111111111111111111111111111111111111111111111111111111111111111&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":true}') - stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_valid.json?domain=cb6e6126.ngrok.io&kb_username=hidden_alice&sig_hash=222222222222222222222222222222222222222222222222222222222222222222&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":true}') - stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_live.json?domain=cb6e6126.ngrok.io&kb_username=hidden_alice&sig_hash=222222222222222222222222222222222222222222222222222222222222222222&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":true}') - end - - describe 'GET #index' do - describe 'with a non-existent username' do - it '404s' do - get :index, params: { username: 'nonexistent', provider: 'keybase' } - - expect(response).to have_http_status(:not_found) - end - end - - describe 'with a user that has no proofs' do - it 'is an empty list of signatures' do - get :index, params: { username: alice.username, provider: 'keybase' } - - expect(body_as_json[:signatures]).to eq [] - end - end - - describe 'with a user that has a live, valid proof' do - let(:token1) { '111111111111111111111111111111111111111111111111111111111111111111' } - let(:kb_name1) { 'crypto_alice' } - - before do - Fabricate(:account_identity_proof, account: alice, verified: true, live: true, token: token1, provider_username: kb_name1) - end - - it 'is a list with that proof in it' do - get :index, params: { username: alice.username, provider: 'keybase' } - - expect(body_as_json[:signatures]).to eq [ - { kb_username: kb_name1, sig_hash: token1 }, - ] - end - - describe 'add one that is neither live nor valid' do - let(:token2) { '222222222222222222222222222222222222222222222222222222222222222222' } - let(:kb_name2) { 'hidden_alice' } - - before do - Fabricate(:account_identity_proof, account: alice, verified: false, live: false, token: token2, provider_username: kb_name2) - end - - it 'is a list with both proofs' do - get :index, params: { username: alice.username, provider: 'keybase' } - - expect(body_as_json[:signatures]).to eq [ - { kb_username: kb_name1, sig_hash: token1 }, - { kb_username: kb_name2, sig_hash: token2 }, - ] - end - end - end - - describe 'a user that has an avatar' do - let(:alice) { Fabricate(:account, username: 'alice', avatar: attachment_fixture('avatar.gif')) } - - context 'and a proof' do - let(:token1) { '111111111111111111111111111111111111111111111111111111111111111111' } - let(:kb_name1) { 'crypto_alice' } - - before do - Fabricate(:account_identity_proof, account: alice, verified: true, live: true, token: token1, provider_username: kb_name1) - get :index, params: { username: alice.username, provider: 'keybase' } - end - - it 'has two keys: signatures and avatar' do - expect(body_as_json.keys).to match_array [:signatures, :avatar] - end - - it 'has the correct signatures' do - expect(body_as_json[:signatures]).to eq [ - { kb_username: kb_name1, sig_hash: token1 }, - ] - end - - it 'has the correct avatar url' do - expect(body_as_json[:avatar]).to match "https://cb6e6126.ngrok.io#{alice.avatar.url}" - end - end - end - end -end diff --git a/spec/controllers/settings/identity_proofs_controller_spec.rb b/spec/controllers/settings/identity_proofs_controller_spec.rb deleted file mode 100644 index 16f236227..000000000 --- a/spec/controllers/settings/identity_proofs_controller_spec.rb +++ /dev/null @@ -1,186 +0,0 @@ -require 'rails_helper' - -describe Settings::IdentityProofsController do - include RoutingHelper - render_views - - let(:user) { Fabricate(:user) } - let(:valid_token) { '1'*66 } - let(:kbname) { 'kbuser' } - let(:provider) { 'keybase' } - let(:findable_id) { Faker::Number.number(digits: 5) } - let(:unfindable_id) { Faker::Number.number(digits: 5) } - let(:new_proof_params) do - { provider: provider, provider_username: kbname, token: valid_token, username: user.account.username } - end - let(:status_text) { "i just proved that i am also #{kbname} on #{provider}." } - let(:status_posting_params) do - { post_status: '0', status_text: status_text } - end - let(:postable_params) do - { account_identity_proof: new_proof_params.merge(status_posting_params) } - end - - before do - allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:status) { { 'proof_valid' => true, 'proof_live' => true } } - sign_in user, scope: :user - end - - describe 'new proof creation' do - context 'GET #new' do - before do - allow_any_instance_of(ProofProvider::Keybase::Badge).to receive(:avatar_url) { full_pack_url('media/images/void.png') } - end - - context 'with all of the correct params' do - it 'renders the template' do - get :new, params: new_proof_params - expect(response).to render_template(:new) - end - end - - context 'without any params' do - it 'redirects to :index' do - get :new, params: {} - expect(response).to redirect_to settings_identity_proofs_path - end - end - - context 'with params to prove a different, not logged-in user' do - let(:wrong_user_params) { new_proof_params.merge(username: 'someone_else') } - - it 'shows a helpful alert' do - get :new, params: wrong_user_params - expect(flash[:alert]).to eq I18n.t('identity_proofs.errors.wrong_user', proving: 'someone_else', current: user.account.username) - end - end - - context 'with params to prove the same username cased differently' do - let(:capitalized_username) { new_proof_params.merge(username: user.account.username.upcase) } - - it 'renders the new template' do - get :new, params: capitalized_username - expect(response).to render_template(:new) - end - end - end - - context 'POST #create' do - context 'when saving works' do - before do - allow(ProofProvider::Keybase::Worker).to receive(:perform_async) - allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true } - allow_any_instance_of(AccountIdentityProof).to receive(:on_success_path) { root_url } - end - - it 'serializes a ProofProvider::Keybase::Worker' do - expect(ProofProvider::Keybase::Worker).to receive(:perform_async) - post :create, params: postable_params - end - - it 'delegates redirection to the proof provider' do - expect_any_instance_of(AccountIdentityProof).to receive(:on_success_path) - post :create, params: postable_params - expect(response).to redirect_to root_url - end - - it 'does not post a status' do - expect(PostStatusService).not_to receive(:new) - post :create, params: postable_params - end - - context 'and the user has requested to post a status' do - let(:postable_params_with_status) do - postable_params.tap { |p| p[:account_identity_proof][:post_status] = '1' } - end - - it 'posts a status' do - expect_any_instance_of(PostStatusService).to receive(:call).with(user.account, text: status_text) - - post :create, params: postable_params_with_status - end - end - end - - context 'when saving fails' do - before do - allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { false } - end - - it 'redirects to :index' do - post :create, params: postable_params - expect(response).to redirect_to settings_identity_proofs_path - end - - it 'flashes a helpful message' do - post :create, params: postable_params - expect(flash[:alert]).to eq I18n.t('identity_proofs.errors.failed', provider: 'Keybase') - end - end - - context 'it can also do an update if the provider and username match an existing proof' do - before do - allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true } - allow(ProofProvider::Keybase::Worker).to receive(:perform_async) - Fabricate(:account_identity_proof, account: user.account, provider: provider, provider_username: kbname) - allow_any_instance_of(AccountIdentityProof).to receive(:on_success_path) { root_url } - end - - it 'calls update with the new token' do - expect_any_instance_of(AccountIdentityProof).to receive(:save) do |proof| - expect(proof.token).to eq valid_token - end - - post :create, params: postable_params - end - end - end - end - - describe 'GET #index' do - context 'with no existing proofs' do - it 'shows the helpful explanation' do - get :index - expect(response.body).to match I18n.t('identity_proofs.explanation_html') - end - end - - context 'with two proofs' do - before do - allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true } - @proof1 = Fabricate(:account_identity_proof, account: user.account) - @proof2 = Fabricate(:account_identity_proof, account: user.account) - allow_any_instance_of(AccountIdentityProof).to receive(:badge) { double(avatar_url: '', profile_url: '', proof_url: '') } - allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) {} - end - - it 'has the first proof username on the page' do - get :index - expect(response.body).to match /#{Regexp.quote(@proof1.provider_username)}/ - end - - it 'has the second proof username on the page' do - get :index - expect(response.body).to match /#{Regexp.quote(@proof2.provider_username)}/ - end - end - end - - describe 'DELETE #destroy' do - before do - allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true } - @proof1 = Fabricate(:account_identity_proof, account: user.account) - allow_any_instance_of(AccountIdentityProof).to receive(:badge) { double(avatar_url: '', profile_url: '', proof_url: '') } - allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) {} - delete :destroy, params: { id: @proof1.id } - end - - it 'redirects to :index' do - expect(response).to redirect_to settings_identity_proofs_path - end - - it 'removes the proof' do - expect(AccountIdentityProof.where(id: @proof1.id).count).to eq 0 - end - end -end diff --git a/spec/controllers/well_known/keybase_proof_config_controller_spec.rb b/spec/controllers/well_known/keybase_proof_config_controller_spec.rb deleted file mode 100644 index 00f251c3c..000000000 --- a/spec/controllers/well_known/keybase_proof_config_controller_spec.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'rails_helper' - -describe WellKnown::KeybaseProofConfigController, type: :controller do - render_views - - describe 'GET #show' do - it 'renders json' do - get :show - - expect(response).to have_http_status(200) - expect(response.media_type).to eq 'application/json' - expect { JSON.parse(response.body) }.not_to raise_exception - end - end -end diff --git a/spec/fabricators/account_identity_proof_fabricator.rb b/spec/fabricators/account_identity_proof_fabricator.rb deleted file mode 100644 index 7b932fa96..000000000 --- a/spec/fabricators/account_identity_proof_fabricator.rb +++ /dev/null @@ -1,8 +0,0 @@ -Fabricator(:account_identity_proof) do - account - provider 'keybase' - provider_username { sequence(:provider_username) { |i| "#{Faker::Lorem.characters(number: 15)}" } } - token { sequence(:token) { |i| "#{i}#{Faker::Crypto.sha1()*2}"[0..65] } } - verified false - live false -end diff --git a/spec/lib/proof_provider/keybase/verifier_spec.rb b/spec/lib/proof_provider/keybase/verifier_spec.rb deleted file mode 100644 index 0081a735d..000000000 --- a/spec/lib/proof_provider/keybase/verifier_spec.rb +++ /dev/null @@ -1,82 +0,0 @@ -require 'rails_helper' - -describe ProofProvider::Keybase::Verifier do - let(:my_domain) { Rails.configuration.x.local_domain } - - let(:keybase_proof) do - local_proof = AccountIdentityProof.new( - provider: 'Keybase', - provider_username: 'cryptoalice', - token: '11111111111111111111111111' - ) - - described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain) - end - - let(:query_params) do - "domain=#{my_domain}&kb_username=cryptoalice&sig_hash=11111111111111111111111111&username=alice" - end - - describe '#valid?' do - let(:base_url) { 'https://keybase.io/_/api/1.0/sig/proof_valid.json' } - - context 'when valid' do - before do - json_response_body = '{"status":{"code":0,"name":"OK"},"proof_valid":true}' - stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body) - end - - it 'calls out to keybase and returns true' do - expect(keybase_proof.valid?).to eq true - end - end - - context 'when invalid' do - before do - json_response_body = '{"status":{"code":0,"name":"OK"},"proof_valid":false}' - stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body) - end - - it 'calls out to keybase and returns false' do - expect(keybase_proof.valid?).to eq false - end - end - - context 'with an unexpected api response' do - before do - json_response_body = '{"status":{"code":100,"desc":"wrong size hex_id","fields":{"sig_hash":"wrong size hex_id"},"name":"INPUT_ERROR"}}' - stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body) - end - - it 'swallows the error and returns false' do - expect(keybase_proof.valid?).to eq false - end - end - end - - describe '#status' do - let(:base_url) { 'https://keybase.io/_/api/1.0/sig/proof_live.json' } - - context 'with a normal response' do - before do - json_response_body = '{"status":{"code":0,"name":"OK"},"proof_live":false,"proof_valid":true}' - stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body) - end - - it 'calls out to keybase and returns the status fields as proof_valid and proof_live' do - expect(keybase_proof.status).to include({ 'proof_valid' => true, 'proof_live' => false }) - end - end - - context 'with an unexpected keybase response' do - before do - json_response_body = '{"status":{"code":100,"desc":"missing non-optional field sig_hash","fields":{"sig_hash":"missing non-optional field sig_hash"},"name":"INPUT_ERROR"}}' - stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body) - end - - it 'raises a ProofProvider::Keybase::UnexpectedResponseError' do - expect { keybase_proof.status }.to raise_error ProofProvider::Keybase::UnexpectedResponseError - end - end - end -end diff --git a/spec/services/activitypub/process_account_service_spec.rb b/spec/services/activitypub/process_account_service_spec.rb index 1b1d878a7..7728b9ba8 100644 --- a/spec/services/activitypub/process_account_service_spec.rb +++ b/spec/services/activitypub/process_account_service_spec.rb @@ -30,51 +30,6 @@ RSpec.describe ActivityPub::ProcessAccountService, type: :service do end end - context 'identity proofs' do - let(:payload) do - { - id: 'https://foo.test', - type: 'Actor', - inbox: 'https://foo.test/inbox', - attachment: [ - { type: 'IdentityProof', name: 'Alice', signatureAlgorithm: 'keybase', signatureValue: 'a' * 66 }, - ], - }.with_indifferent_access - end - - it 'parses out of attachment' do - allow(ProofProvider::Keybase::Worker).to receive(:perform_async) - - account = subject.call('alice', 'example.com', payload) - - expect(account.identity_proofs.count).to eq 1 - - proof = account.identity_proofs.first - - expect(proof.provider).to eq 'keybase' - expect(proof.provider_username).to eq 'Alice' - expect(proof.token).to eq 'a' * 66 - end - - it 'removes no longer present proofs' do - allow(ProofProvider::Keybase::Worker).to receive(:perform_async) - - account = Fabricate(:account, username: 'alice', domain: 'example.com') - old_proof = Fabricate(:account_identity_proof, account: account, provider: 'keybase', provider_username: 'Bob', token: 'b' * 66) - - subject.call('alice', 'example.com', payload) - - expect(account.identity_proofs.count).to eq 1 - expect(account.identity_proofs.find_by(id: old_proof.id)).to be_nil - end - - it 'queues a validity check on the proof' do - allow(ProofProvider::Keybase::Worker).to receive(:perform_async) - account = subject.call('alice', 'example.com', payload) - expect(ProofProvider::Keybase::Worker).to have_received(:perform_async) - end - end - context 'when account is not suspended' do let!(:account) { Fabricate(:account, username: 'alice', domain: 'example.com') } -- cgit From 8e84ebf0cb211c1d94145399b05c9f2ad0e4d4b0 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 16 Jan 2022 13:23:50 +0100 Subject: Remove IP tracking columns from users table (#16409) --- .../api/v1/admin/accounts_controller.rb | 2 +- app/controllers/auth/sessions_controller.rb | 2 +- app/controllers/concerns/user_tracking_concern.rb | 6 +-- app/helpers/admin/dashboard_helper.rb | 10 ++-- app/models/account.rb | 1 - app/models/account_filter.rb | 2 +- app/models/user.rb | 58 ++++++---------------- app/models/user_ip.rb | 19 +++++++ app/serializers/rest/admin/account_serializer.rb | 13 +++-- app/serializers/rest/admin/ip_serializer.rb | 5 ++ app/views/admin/accounts/show.html.haml | 10 ++-- .../admin_mailer/new_pending_account.text.erb | 2 +- app/workers/scheduler/ip_cleanup_scheduler.rb | 2 +- config/initializers/devise.rb | 15 +++--- db/migrate/20210616214526_create_user_ips.rb | 5 ++ ...6214135_remove_current_sign_in_ip_from_users.rb | 12 +++++ db/schema.rb | 24 ++++++++- db/views/user_ips_v01.sql | 26 ++++++++++ spec/controllers/auth/sessions_controller_spec.rb | 2 +- 19 files changed, 141 insertions(+), 75 deletions(-) create mode 100644 app/models/user_ip.rb create mode 100644 app/serializers/rest/admin/ip_serializer.rb create mode 100644 db/migrate/20210616214526_create_user_ips.rb create mode 100644 db/post_migrate/20210616214135_remove_current_sign_in_ip_from_users.rb create mode 100644 db/views/user_ips_v01.sql (limited to 'db/post_migrate') diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index 63cc521ed..9b8f2fb05 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -94,7 +94,7 @@ class Api::V1::Admin::AccountsController < Api::BaseController private def set_accounts - @accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite]).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id)) + @accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite, :ips]).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id)) end def set_account diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 0184bfb52..3337a43c4 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -147,7 +147,7 @@ class Auth::SessionsController < Devise::SessionsController clear_attempt_from_session - user.update_sign_in!(request, new_sign_in: true) + user.update_sign_in!(new_sign_in: true) sign_in(user) flash.delete(:notice) diff --git a/app/controllers/concerns/user_tracking_concern.rb b/app/controllers/concerns/user_tracking_concern.rb index efda37fae..45f3aab0d 100644 --- a/app/controllers/concerns/user_tracking_concern.rb +++ b/app/controllers/concerns/user_tracking_concern.rb @@ -3,7 +3,7 @@ module UserTrackingConcern extend ActiveSupport::Concern - UPDATE_SIGN_IN_HOURS = 24 + UPDATE_SIGN_IN_FREQUENCY = 24.hours.freeze included do before_action :update_user_sign_in @@ -12,10 +12,10 @@ module UserTrackingConcern private def update_user_sign_in - current_user.update_sign_in!(request) if user_needs_sign_in_update? + current_user.update_sign_in! if user_needs_sign_in_update? end def user_needs_sign_in_update? - user_signed_in? && (current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < UPDATE_SIGN_IN_HOURS.hours.ago) + user_signed_in? && (current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < UPDATE_SIGN_IN_FREQUENCY.ago) end end diff --git a/app/helpers/admin/dashboard_helper.rb b/app/helpers/admin/dashboard_helper.rb index 32aaf9f5e..d4a30b97e 100644 --- a/app/helpers/admin/dashboard_helper.rb +++ b/app/helpers/admin/dashboard_helper.rb @@ -2,17 +2,17 @@ module Admin::DashboardHelper def relevant_account_ip(account, ip_query) - default_ip = [account.user_current_sign_in_ip || account.user_sign_up_ip] + ips = account.user.ips.to_a matched_ip = begin ip_query_addr = IPAddr.new(ip_query) - account.user.recent_ips.find { |(_, ip)| ip_query_addr.include?(ip) } || default_ip + ips.find { |ip| ip_query_addr.include?(ip.ip) } || ips.first rescue IPAddr::Error - default_ip - end.last + ips.first + end if matched_ip - link_to matched_ip, admin_accounts_path(ip: matched_ip) + link_to matched_ip.ip, admin_accounts_path(ip: matched_ip.ip) else '-' end diff --git a/app/models/account.rb b/app/models/account.rb index 238ea1d65..c459125c7 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -123,7 +123,6 @@ class Account < ApplicationRecord delegate :email, :unconfirmed_email, - :current_sign_in_ip, :current_sign_in_at, :created_at, :sign_up_ip, diff --git a/app/models/account_filter.rb b/app/models/account_filter.rb index defd531ac..dcb174122 100644 --- a/app/models/account_filter.rb +++ b/app/models/account_filter.rb @@ -21,7 +21,7 @@ class AccountFilter end def results - scope = Account.includes(:account_stat, user: [:session_activations, :invite_request]).without_instance_actor.reorder(nil) + scope = Account.includes(:account_stat, user: [:ips, :invite_request]).without_instance_actor.reorder(nil) params.each do |key, value| scope.merge!(scope_for(key, value.to_s.strip)) if value.present? diff --git a/app/models/user.rb b/app/models/user.rb index 374b82d05..49dcb8156 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -14,8 +14,6 @@ # sign_in_count :integer default(0), not null # current_sign_in_at :datetime # last_sign_in_at :datetime -# current_sign_in_ip :inet -# last_sign_in_ip :inet # admin :boolean default(FALSE), not null # confirmation_token :string # confirmed_at :datetime @@ -81,6 +79,7 @@ class User < ApplicationRecord has_many :invites, inverse_of: :user has_many :markers, inverse_of: :user, dependent: :destroy has_many :webauthn_credentials, dependent: :destroy + has_many :ips, class_name: 'UserIp', inverse_of: :user has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? && !Setting.require_invite_text } @@ -107,7 +106,7 @@ class User < ApplicationRecord scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) } scope :active, -> { confirmed.where(arel_table[:current_sign_in_at].gteq(ACTIVE_DURATION.ago)).joins(:account).where(accounts: { suspended_at: nil }) } scope :matches_email, ->(value) { where(arel_table[:email].matches("#{value}%")) } - scope :matches_ip, ->(value) { where('current_sign_in_ip <<= ?', value).or(where('users.sign_up_ip <<= ?', value)).or(where('users.last_sign_in_ip <<= ?', value)).or(where(id: SessionActivation.select(:user_id).where('ip <<= ?', value))) } + scope :matches_ip, ->(value) { left_joins(:ips).where('user_ips.ip <<= ?', value) } scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) } before_validation :sanitize_languages @@ -174,15 +173,11 @@ class User < ApplicationRecord prepare_new_user! if new_user && approved? end - def update_sign_in!(request, new_sign_in: false) + def update_sign_in!(new_sign_in: false) old_current, new_current = current_sign_in_at, Time.now.utc self.last_sign_in_at = old_current || new_current self.current_sign_in_at = new_current - old_current, new_current = current_sign_in_ip, request.remote_ip - self.last_sign_in_ip = old_current || new_current - self.current_sign_in_ip = new_current - if new_sign_in self.sign_in_count ||= 0 self.sign_in_count += 1 @@ -201,7 +196,7 @@ class User < ApplicationRecord end def suspicious_sign_in?(ip) - !otp_required_for_login? && !skip_sign_in_token? && current_sign_in_at.present? && !recent_ip?(ip) + !otp_required_for_login? && !skip_sign_in_token? && current_sign_in_at.present? && !ips.where(ip: ip).exists? end def functional? @@ -277,31 +272,28 @@ class User < ApplicationRecord @shows_application ||= settings.show_application end - # rubocop:disable Naming/MethodParameterName - def token_for_app(a) - return nil if a.nil? || a.owner != self - Doorkeeper::AccessToken.find_or_create_by(application_id: a.id, resource_owner_id: id) do |t| - t.scopes = a.scopes - t.expires_in = Doorkeeper.configuration.access_token_expires_in + def token_for_app(app) + return nil if app.nil? || app.owner != self + + Doorkeeper::AccessToken.find_or_create_by(application_id: app.id, resource_owner_id: id) do |t| + t.scopes = app.scopes + t.expires_in = Doorkeeper.configuration.access_token_expires_in t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled? end end - # rubocop:enable Naming/MethodParameterName def activate_session(request) - session_activations.activate(session_id: SecureRandom.hex, - user_agent: request.user_agent, - ip: request.remote_ip).session_id + session_activations.activate( + session_id: SecureRandom.hex, + user_agent: request.user_agent, + ip: request.remote_ip + ).session_id end def clear_other_sessions(id) session_activations.exclusive(id) end - def session_active?(id) - session_activations.active? id - end - def web_push_subscription(session) session.web_push_subscription.nil? ? nil : session.web_push_subscription end @@ -364,22 +356,6 @@ class User < ApplicationRecord setting_display_media == 'hide_all' end - def recent_ips - @recent_ips ||= begin - arr = [] - - session_activations.each do |session_activation| - arr << [session_activation.updated_at, session_activation.ip] - end - - arr << [current_sign_in_at, current_sign_in_ip] if current_sign_in_ip.present? - arr << [last_sign_in_at, last_sign_in_ip] if last_sign_in_ip.present? - arr << [created_at, sign_up_ip] if sign_up_ip.present? - - arr.sort_by { |pair| pair.first || Time.now.utc }.uniq(&:last).reverse! - end - end - def sign_in_token_expired? sign_in_token_sent_at.nil? || sign_in_token_sent_at < 5.minutes.ago end @@ -410,10 +386,6 @@ class User < ApplicationRecord private - def recent_ip?(ip) - recent_ips.any? { |(_, recent_ip)| recent_ip == ip } - end - def send_pending_devise_notifications pending_devise_notifications.each do |notification, args, kwargs| render_and_send_devise_message(notification, *args, **kwargs) diff --git a/app/models/user_ip.rb b/app/models/user_ip.rb new file mode 100644 index 000000000..a8e802e13 --- /dev/null +++ b/app/models/user_ip.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true +# == Schema Information +# +# Table name: user_ips +# +# user_id :bigint(8) primary key +# ip :inet +# used_at :datetime +# + +class UserIp < ApplicationRecord + self.primary_key = :user_id + + belongs_to :user, foreign_key: :user_id + + def readonly? + true + end +end diff --git a/app/serializers/rest/admin/account_serializer.rb b/app/serializers/rest/admin/account_serializer.rb index f579d3302..3480e8c5a 100644 --- a/app/serializers/rest/admin/account_serializer.rb +++ b/app/serializers/rest/admin/account_serializer.rb @@ -9,6 +9,7 @@ class REST::Admin::AccountSerializer < ActiveModel::Serializer attribute :created_by_application_id, if: :created_by_application? attribute :invited_by_account_id, if: :invited? + has_many :ips, serializer: REST::Admin::IpSerializer has_one :account, serializer: REST::AccountSerializer def id @@ -19,10 +20,6 @@ class REST::Admin::AccountSerializer < ActiveModel::Serializer object.user_email end - def ip - object.user_current_sign_in_ip.to_s.presence - end - def role object.user_role end @@ -74,4 +71,12 @@ class REST::Admin::AccountSerializer < ActiveModel::Serializer def created_by_application? object.user&.created_by_application_id&.present? end + + def ips + object.user&.ips + end + + def ip + ips&.first + end end diff --git a/app/serializers/rest/admin/ip_serializer.rb b/app/serializers/rest/admin/ip_serializer.rb new file mode 100644 index 000000000..d11699dc4 --- /dev/null +++ b/app/serializers/rest/admin/ip_serializer.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +class REST::Admin::IpSerializer < ActiveModel::Serializer + attributes :ip, :used_at +end diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml index 64cfc9a77..3867d1b19 100644 --- a/app/views/admin/accounts/show.html.haml +++ b/app/views/admin/accounts/show.html.haml @@ -156,12 +156,14 @@ %time.formatted{ datetime: @account.created_at.iso8601, title: l(@account.created_at) }= l @account.created_at %td - - @account.user.recent_ips.each_with_index do |(_, ip), i| + - recent_ips = @account.user.ips.order(used_at: :desc).to_a + + - recent_ips.each_with_index do |recent_ip, i| %tr - if i.zero? - %th{ rowspan: @account.user.recent_ips.size }= t('admin.accounts.most_recent_ip') - %td= ip - %td= table_link_to 'search', t('admin.accounts.search_same_ip'), admin_accounts_path(ip: ip) + %th{ rowspan: recent_ips.size }= t('admin.accounts.most_recent_ip') + %td= recent_ip.ip + %td= table_link_to 'search', t('admin.accounts.search_same_ip'), admin_accounts_path(ip: recent_ip.ip) %tr %th= t('admin.accounts.most_recent_activity') diff --git a/app/views/admin_mailer/new_pending_account.text.erb b/app/views/admin_mailer/new_pending_account.text.erb index bcc251819..a8a2a35fa 100644 --- a/app/views/admin_mailer/new_pending_account.text.erb +++ b/app/views/admin_mailer/new_pending_account.text.erb @@ -3,7 +3,7 @@ <%= raw t('admin_mailer.new_pending_account.body') %> <%= @account.user_email %> (@<%= @account.username %>) -<%= @account.user_current_sign_in_ip %> +<%= @account.user_sign_up_ip %> <% if @account.user&.invite_request&.text.present? %> <%= quote_wrap(@account.user&.invite_request&.text) %> diff --git a/app/workers/scheduler/ip_cleanup_scheduler.rb b/app/workers/scheduler/ip_cleanup_scheduler.rb index 918c10ac9..adc99c605 100644 --- a/app/workers/scheduler/ip_cleanup_scheduler.rb +++ b/app/workers/scheduler/ip_cleanup_scheduler.rb @@ -16,7 +16,7 @@ class Scheduler::IpCleanupScheduler def clean_ip_columns! SessionActivation.where('updated_at < ?', IP_RETENTION_PERIOD.ago).in_batches.destroy_all - User.where('current_sign_in_at < ?', IP_RETENTION_PERIOD.ago).in_batches.update_all(last_sign_in_ip: nil, current_sign_in_ip: nil, sign_up_ip: nil) + User.where('current_sign_in_at < ?', IP_RETENTION_PERIOD.ago).in_batches.update_all(sign_up_ip: nil) LoginActivity.where('created_at < ?', IP_RETENTION_PERIOD.ago).in_batches.destroy_all end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5232e6cfd..b434c68fa 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,11 +1,8 @@ require 'devise/strategies/authenticatable' Warden::Manager.after_set_user except: :fetch do |user, warden| - if user.session_active?(warden.cookies.signed['_session_id'] || warden.raw_session['auth_id']) - session_id = warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'] - else - session_id = user.activate_session(warden.request) - end + session_id = warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'] + session_id = user.activate_session(warden.request) unless user.session_activations.active?(session_id) warden.cookies.signed['_session_id'] = { value: session_id, @@ -17,9 +14,13 @@ Warden::Manager.after_set_user except: :fetch do |user, warden| end Warden::Manager.after_fetch do |user, warden| - if user.session_active?(warden.cookies.signed['_session_id'] || warden.raw_session['auth_id']) + session_id = warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'] + + if session_id && (session = user.session_activations.find_by(session_id: session_id)) + session.update(ip: warden.request.remote_ip) if session.ip != warden.request.remote_ip + warden.cookies.signed['_session_id'] = { - value: warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'], + value: session_id, expires: 1.year.from_now, httponly: true, secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), diff --git a/db/migrate/20210616214526_create_user_ips.rb b/db/migrate/20210616214526_create_user_ips.rb new file mode 100644 index 000000000..68e81a9d8 --- /dev/null +++ b/db/migrate/20210616214526_create_user_ips.rb @@ -0,0 +1,5 @@ +class CreateUserIps < ActiveRecord::Migration[6.1] + def change + create_view :user_ips + end +end diff --git a/db/post_migrate/20210616214135_remove_current_sign_in_ip_from_users.rb b/db/post_migrate/20210616214135_remove_current_sign_in_ip_from_users.rb new file mode 100644 index 000000000..b53b247f2 --- /dev/null +++ b/db/post_migrate/20210616214135_remove_current_sign_in_ip_from_users.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +class RemoveCurrentSignInIpFromUsers < ActiveRecord::Migration[5.2] + disable_ddl_transaction! + + def change + safety_assured do + remove_column :users, :current_sign_in_ip, :inet + remove_column :users, :last_sign_in_ip, :inet + end + end +end diff --git a/db/schema.rb b/db/schema.rb index a1d169b23..d1446c652 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -923,8 +923,6 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" - t.inet "current_sign_in_ip" - t.inet "last_sign_in_ip" t.boolean "admin", default: false, null: false t.string "confirmation_token" t.datetime "confirmed_at" @@ -1120,6 +1118,28 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do SQL add_index "instances", ["domain"], name: "index_instances_on_domain", unique: true + create_view "user_ips", sql_definition: <<-SQL + SELECT t0.user_id, + t0.ip, + max(t0.used_at) AS used_at + FROM ( SELECT users.id AS user_id, + users.sign_up_ip AS ip, + users.created_at AS used_at + FROM users + WHERE (users.sign_up_ip IS NOT NULL) + UNION ALL + SELECT session_activations.user_id, + session_activations.ip, + session_activations.updated_at + FROM session_activations + UNION ALL + SELECT login_activities.user_id, + login_activities.ip, + login_activities.created_at + FROM login_activities + WHERE (login_activities.success = true)) t0 + GROUP BY t0.user_id, t0.ip; + SQL create_view "account_summaries", materialized: true, sql_definition: <<-SQL SELECT accounts.id AS account_id, mode() WITHIN GROUP (ORDER BY t0.language) AS language, diff --git a/db/views/user_ips_v01.sql b/db/views/user_ips_v01.sql new file mode 100644 index 000000000..50a8201cd --- /dev/null +++ b/db/views/user_ips_v01.sql @@ -0,0 +1,26 @@ +SELECT + user_id, + ip, + max(used_at) AS used_at +FROM ( + SELECT + id AS user_id, + sign_up_ip AS ip, + created_at AS used_at + FROM users + WHERE sign_up_ip IS NOT NULL + UNION ALL + SELECT + user_id, + ip, + updated_at + FROM session_activations + UNION ALL + SELECT + user_id, + ip, + created_at + FROM login_activities + WHERE success = 't' +) AS t0 +GROUP BY user_id, ip diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index f718f5dd9..2368cc2bf 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -400,7 +400,7 @@ RSpec.describe Auth::SessionsController, type: :controller do end context 'when 2FA is disabled and IP is unfamiliar' do - let!(:user) { Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', current_sign_in_at: 3.weeks.ago, current_sign_in_ip: '0.0.0.0') } + let!(:user) { Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', current_sign_in_at: 3.weeks.ago) } before do request.remote_ip = '10.10.10.10' -- cgit From 14f436c457560862fafabd753eb314c8b8a8e674 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 17 Jan 2022 09:41:33 +0100 Subject: Add notifications for statuses deleted by moderators (#17204) --- .../admin/account_moderation_notes_controller.rb | 2 +- app/controllers/admin/accounts_controller.rb | 2 +- app/controllers/admin/report_notes_controller.rb | 23 +- .../admin/reported_statuses_controller.rb | 44 --- app/controllers/admin/reports_controller.rb | 6 +- app/controllers/admin/statuses_controller.rb | 66 ++--- .../api/v1/admin/account_actions_controller.rb | 4 +- .../api/v1/admin/accounts_controller.rb | 6 +- .../api/v1/admin/dimensions_controller.rb | 1 + .../api/v1/admin/measures_controller.rb | 1 + app/controllers/api/v1/admin/reports_controller.rb | 16 +- .../api/v1/admin/retention_controller.rb | 1 + .../api/v1/admin/trends/tags_controller.rb | 3 + app/helpers/admin/filter_helper.rb | 1 + .../components/admin/ReportReasonSelector.js | 159 ++++++++++ .../mastodon/components/status_action_bar.js | 2 +- .../features/status/components/action_bar.js | 2 +- app/javascript/styles/mailer.scss | 4 + app/javascript/styles/mastodon/admin.scss | 328 ++++++++++++++++++++- app/javascript/styles/mastodon/polls.scss | 15 + .../metrics/measure/resolved_reports_measure.rb | 7 +- app/mailers/user_mailer.rb | 4 +- app/models/account_warning.rb | 22 +- app/models/admin/account_action.rb | 28 +- app/models/admin/status_batch_action.rb | 92 ++++++ app/models/admin/status_filter.rb | 41 +++ app/models/concerns/account_associations.rb | 2 +- app/models/form/status_batch.rb | 45 --- app/models/report.rb | 66 +++-- app/models/report_filter.rb | 2 +- app/serializers/rest/admin/report_serializer.rb | 7 +- app/services/remove_status_service.rb | 9 +- app/views/admin/action_logs/index.html.haml | 2 +- .../admin/report_notes/_report_note.html.haml | 23 +- app/views/admin/reports/_action_log.html.haml | 6 - app/views/admin/reports/_status.html.haml | 3 + app/views/admin/reports/show.html.haml | 274 +++++++++++------ app/views/admin/statuses/index.html.haml | 33 ++- app/views/admin/statuses/show.html.haml | 27 -- app/views/notification_mailer/_status.text.erb | 8 +- app/views/user_mailer/warning.html.haml | 16 +- app/views/user_mailer/warning.text.erb | 17 +- app/workers/scheduler/user_cleanup_scheduler.rb | 9 + config/locales/en.yml | 55 +++- config/routes.rb | 12 +- .../20211231080958_add_category_to_reports.rb | 21 ++ ...0115125126_add_report_id_to_account_warnings.rb | 6 + .../20220115125341_fix_account_warning_actions.rb | 21 ++ ...20116202951_add_deleted_at_index_on_statuses.rb | 7 + ...20109213908_remove_action_taken_from_reports.rb | 9 + db/schema.rb | 10 +- .../admin/report_notes_controller_spec.rb | 8 +- .../admin/reported_statuses_controller_spec.rb | 59 ---- spec/controllers/admin/reports_controller_spec.rb | 22 +- spec/controllers/admin/statuses_controller_spec.rb | 69 ++--- spec/fabricators/report_fabricator.rb | 6 +- spec/mailers/previews/user_mailer_preview.rb | 2 +- spec/models/form/status_batch_spec.rb | 52 ---- spec/models/report_spec.rb | 16 +- 59 files changed, 1213 insertions(+), 591 deletions(-) delete mode 100644 app/controllers/admin/reported_statuses_controller.rb create mode 100644 app/javascript/mastodon/components/admin/ReportReasonSelector.js create mode 100644 app/models/admin/status_batch_action.rb create mode 100644 app/models/admin/status_filter.rb delete mode 100644 app/models/form/status_batch.rb delete mode 100644 app/views/admin/reports/_action_log.html.haml delete mode 100644 app/views/admin/statuses/show.html.haml create mode 100644 db/migrate/20211231080958_add_category_to_reports.rb create mode 100644 db/migrate/20220115125126_add_report_id_to_account_warnings.rb create mode 100644 db/migrate/20220115125341_fix_account_warning_actions.rb create mode 100644 db/migrate/20220116202951_add_deleted_at_index_on_statuses.rb create mode 100644 db/post_migrate/20220109213908_remove_action_taken_from_reports.rb delete mode 100644 spec/controllers/admin/reported_statuses_controller_spec.rb delete mode 100644 spec/models/form/status_batch_spec.rb (limited to 'db/post_migrate') diff --git a/app/controllers/admin/account_moderation_notes_controller.rb b/app/controllers/admin/account_moderation_notes_controller.rb index 44f6e34f8..4f36f33f4 100644 --- a/app/controllers/admin/account_moderation_notes_controller.rb +++ b/app/controllers/admin/account_moderation_notes_controller.rb @@ -14,7 +14,7 @@ module Admin else @account = @account_moderation_note.target_account @moderation_notes = @account.targeted_moderation_notes.latest - @warnings = @account.targeted_account_warnings.latest.custom + @warnings = @account.strikes.custom.latest render template: 'admin/accounts/show' end diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index 0786985fa..e7f56e243 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -28,7 +28,7 @@ module Admin @deletion_request = @account.deletion_request @account_moderation_note = current_account.account_moderation_notes.new(target_account: @account) @moderation_notes = @account.targeted_moderation_notes.latest - @warnings = @account.targeted_account_warnings.latest.custom + @warnings = @account.strikes.custom.latest @domain_block = DomainBlock.rule_for(@account.domain) end diff --git a/app/controllers/admin/report_notes_controller.rb b/app/controllers/admin/report_notes_controller.rb index b816c5b5d..3fd815b60 100644 --- a/app/controllers/admin/report_notes_controller.rb +++ b/app/controllers/admin/report_notes_controller.rb @@ -14,20 +14,17 @@ module Admin if params[:create_and_resolve] @report.resolve!(current_account) log_action :resolve, @report - - redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg') - return - end - - if params[:create_and_unresolve] + elsif params[:create_and_unresolve] @report.unresolve! log_action :reopen, @report end - redirect_to admin_report_path(@report), notice: I18n.t('admin.report_notes.created_msg') + redirect_to after_create_redirect_path, notice: I18n.t('admin.report_notes.created_msg') else - @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at) - @form = Form::StatusBatch.new + @report_notes = @report.notes.includes(:account).order(id: :desc) + @action_logs = @report.history.includes(:target) + @form = Admin::StatusBatchAction.new + @statuses = @report.statuses.with_includes render template: 'admin/reports/show' end @@ -41,6 +38,14 @@ module Admin private + def after_create_redirect_path + if params[:create_and_resolve] + admin_reports_path + else + admin_report_path(@report) + end + end + def resource_params params.require(:report_note).permit( :content, diff --git a/app/controllers/admin/reported_statuses_controller.rb b/app/controllers/admin/reported_statuses_controller.rb deleted file mode 100644 index 3ba9f5df2..000000000 --- a/app/controllers/admin/reported_statuses_controller.rb +++ /dev/null @@ -1,44 +0,0 @@ -# frozen_string_literal: true - -module Admin - class ReportedStatusesController < BaseController - before_action :set_report - - def create - authorize :status, :update? - - @form = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account, action: action_from_button)) - flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save - - redirect_to admin_report_path(@report) - rescue ActionController::ParameterMissing - flash[:alert] = I18n.t('admin.statuses.no_status_selected') - - redirect_to admin_report_path(@report) - end - - private - - def status_params - params.require(:status).permit(:sensitive) - end - - def form_status_batch_params - params.require(:form_status_batch).permit(status_ids: []) - end - - def action_from_button - if params[:nsfw_on] - 'nsfw_on' - elsif params[:nsfw_off] - 'nsfw_off' - elsif params[:delete] - 'delete' - end - end - - def set_report - @report = Report.find(params[:report_id]) - end - end -end diff --git a/app/controllers/admin/reports_controller.rb b/app/controllers/admin/reports_controller.rb index 7c831b3d4..00d200d7c 100644 --- a/app/controllers/admin/reports_controller.rb +++ b/app/controllers/admin/reports_controller.rb @@ -13,8 +13,10 @@ module Admin authorize @report, :show? @report_note = @report.notes.new - @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at) - @form = Form::StatusBatch.new + @report_notes = @report.notes.includes(:account).order(id: :desc) + @action_logs = @report.history.includes(:target) + @form = Admin::StatusBatchAction.new + @statuses = @report.statuses.with_includes end def assign_to_self diff --git a/app/controllers/admin/statuses_controller.rb b/app/controllers/admin/statuses_controller.rb index b3fd4c424..8d039b281 100644 --- a/app/controllers/admin/statuses_controller.rb +++ b/app/controllers/admin/statuses_controller.rb @@ -2,71 +2,57 @@ module Admin class StatusesController < BaseController - helper_method :current_params - before_action :set_account + before_action :set_statuses PER_PAGE = 20 def index authorize :status, :index? - @statuses = @account.statuses.where(visibility: [:public, :unlisted]) - - if params[:media] - @statuses = @statuses.merge(Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id)).reorder('statuses.id desc') - end - - @statuses = @statuses.preload(:media_attachments, :mentions).page(params[:page]).per(PER_PAGE) - @form = Form::StatusBatch.new - end - - def show - authorize :status, :index? - - @statuses = @account.statuses.where(id: params[:id]) - authorize @statuses.first, :show? - - @form = Form::StatusBatch.new + @status_batch_action = Admin::StatusBatchAction.new end - def create - authorize :status, :update? - - @form = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account, action: action_from_button)) - flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save - - redirect_to admin_account_statuses_path(@account.id, current_params) + def batch + @status_batch_action = Admin::StatusBatchAction.new(admin_status_batch_action_params.merge(current_account: current_account, report_id: params[:report_id], type: action_from_button)) + @status_batch_action.save! rescue ActionController::ParameterMissing flash[:alert] = I18n.t('admin.statuses.no_status_selected') - - redirect_to admin_account_statuses_path(@account.id, current_params) + ensure + redirect_to after_create_redirect_path end private - def form_status_batch_params - params.require(:form_status_batch).permit(:action, status_ids: []) + def admin_status_batch_action_params + params.require(:admin_status_batch_action).permit(status_ids: []) + end + + def after_create_redirect_path + if @status_batch_action.report_id.present? + admin_report_path(@status_batch_action.report_id) + else + admin_account_statuses_path(params[:account_id], current_params) + end end def set_account @account = Account.find(params[:account_id]) end - def current_params - page = (params[:page] || 1).to_i + def set_statuses + @statuses = Admin::StatusFilter.new(@account, filter_params).results.preload(:application, :preloadable_poll, :media_attachments, active_mentions: :account, reblog: [:account, :application, :preloadable_poll, :media_attachments, active_mentions: :account]).page(params[:page]).per(PER_PAGE) + end - { - media: params[:media], - page: page > 1 && page, - }.select { |_, value| value.present? } + def filter_params + params.slice(*Admin::StatusFilter::KEYS).permit(*Admin::StatusFilter::KEYS) end def action_from_button - if params[:nsfw_on] - 'nsfw_on' - elsif params[:nsfw_off] - 'nsfw_off' + if params[:report] + 'report' + elsif params[:remove_from_report] + 'remove_from_report' elsif params[:delete] 'delete' end diff --git a/app/controllers/api/v1/admin/account_actions_controller.rb b/app/controllers/api/v1/admin/account_actions_controller.rb index 29c9b7107..15af50822 100644 --- a/app/controllers/api/v1/admin/account_actions_controller.rb +++ b/app/controllers/api/v1/admin/account_actions_controller.rb @@ -1,7 +1,9 @@ # frozen_string_literal: true class Api::V1::Admin::AccountActionsController < Api::BaseController - before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' } + protect_from_forgery with: :exception + + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' } before_action :require_staff! before_action :set_account diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index 9b8f2fb05..65330b8c8 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -1,13 +1,15 @@ # frozen_string_literal: true class Api::V1::Admin::AccountsController < Api::BaseController + protect_from_forgery with: :exception + include Authorization include AccountableConcern LIMIT = 100 - before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] - before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show] before_action :require_staff! before_action :set_accounts, only: :index before_action :set_account, except: :index diff --git a/app/controllers/api/v1/admin/dimensions_controller.rb b/app/controllers/api/v1/admin/dimensions_controller.rb index 5e8f0f89f..b1f738990 100644 --- a/app/controllers/api/v1/admin/dimensions_controller.rb +++ b/app/controllers/api/v1/admin/dimensions_controller.rb @@ -3,6 +3,7 @@ class Api::V1::Admin::DimensionsController < Api::BaseController protect_from_forgery with: :exception + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_dimensions diff --git a/app/controllers/api/v1/admin/measures_controller.rb b/app/controllers/api/v1/admin/measures_controller.rb index f28191753..d64c3cdf7 100644 --- a/app/controllers/api/v1/admin/measures_controller.rb +++ b/app/controllers/api/v1/admin/measures_controller.rb @@ -3,6 +3,7 @@ class Api::V1::Admin::MeasuresController < Api::BaseController protect_from_forgery with: :exception + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_measures diff --git a/app/controllers/api/v1/admin/reports_controller.rb b/app/controllers/api/v1/admin/reports_controller.rb index c8f4cd8d8..fbfd0ee12 100644 --- a/app/controllers/api/v1/admin/reports_controller.rb +++ b/app/controllers/api/v1/admin/reports_controller.rb @@ -1,13 +1,15 @@ # frozen_string_literal: true class Api::V1::Admin::ReportsController < Api::BaseController + protect_from_forgery with: :exception + include Authorization include AccountableConcern LIMIT = 100 - before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:reports' }, only: [:index, :show] - before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:reports' }, except: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:reports' }, only: [:index, :show] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:reports' }, except: [:index, :show] before_action :require_staff! before_action :set_reports, only: :index before_action :set_report, except: :index @@ -32,6 +34,12 @@ class Api::V1::Admin::ReportsController < Api::BaseController render json: @report, serializer: REST::Admin::ReportSerializer end + def update + authorize @report, :update? + @report.update!(report_params) + render json: @report, serializer: REST::Admin::ReportSerializer + end + def assign_to_self authorize @report, :update? @report.update!(assigned_account_id: current_account.id) @@ -74,6 +82,10 @@ class Api::V1::Admin::ReportsController < Api::BaseController ReportFilter.new(filter_params).results end + def report_params + params.permit(:category, rule_ids: []) + end + def filter_params params.permit(*FILTER_PARAMS) end diff --git a/app/controllers/api/v1/admin/retention_controller.rb b/app/controllers/api/v1/admin/retention_controller.rb index a8ff64f21..4af5a5c4d 100644 --- a/app/controllers/api/v1/admin/retention_controller.rb +++ b/app/controllers/api/v1/admin/retention_controller.rb @@ -3,6 +3,7 @@ class Api::V1::Admin::RetentionController < Api::BaseController protect_from_forgery with: :exception + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_cohorts diff --git a/app/controllers/api/v1/admin/trends/tags_controller.rb b/app/controllers/api/v1/admin/trends/tags_controller.rb index 3653d1dd1..4815af31e 100644 --- a/app/controllers/api/v1/admin/trends/tags_controller.rb +++ b/app/controllers/api/v1/admin/trends/tags_controller.rb @@ -1,6 +1,9 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::TagsController < Api::BaseController + protect_from_forgery with: :exception + + before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_tags diff --git a/app/helpers/admin/filter_helper.rb b/app/helpers/admin/filter_helper.rb index 5f69f176a..907529b37 100644 --- a/app/helpers/admin/filter_helper.rb +++ b/app/helpers/admin/filter_helper.rb @@ -13,6 +13,7 @@ module Admin::FilterHelper RelationshipFilter::KEYS, AnnouncementFilter::KEYS, Admin::ActionLogFilter::KEYS, + Admin::StatusFilter::KEYS, ].flatten.freeze def filter_link_to(text, link_to_params, link_class_params = link_to_params) diff --git a/app/javascript/mastodon/components/admin/ReportReasonSelector.js b/app/javascript/mastodon/components/admin/ReportReasonSelector.js new file mode 100644 index 000000000..1f91d2517 --- /dev/null +++ b/app/javascript/mastodon/components/admin/ReportReasonSelector.js @@ -0,0 +1,159 @@ +import React from 'react'; +import PropTypes from 'prop-types'; +import api from 'mastodon/api'; +import { injectIntl, defineMessages } from 'react-intl'; +import classNames from 'classnames'; + +const messages = defineMessages({ + other: { id: 'report.categories.other', defaultMessage: 'Other' }, + spam: { id: 'report.categories.spam', defaultMessage: 'Spam' }, + violation: { id: 'report.categories.violation', defaultMessage: 'Content violates one or more server rules' }, +}); + +class Category extends React.PureComponent { + + static propTypes = { + id: PropTypes.string.isRequired, + text: PropTypes.string.isRequired, + selected: PropTypes.bool, + disabled: PropTypes.bool, + onSelect: PropTypes.func, + children: PropTypes.node, + }; + + handleClick = () => { + const { id, disabled, onSelect } = this.props; + + if (!disabled) { + onSelect(id); + } + }; + + render () { + const { id, text, disabled, selected, children } = this.props; + + return ( +
+ {selected && } + +
+ + {text} +
+ + {(selected && children) && ( +
+ {children} +
+ )} +
+ ); + } + +} + +class Rule extends React.PureComponent { + + static propTypes = { + id: PropTypes.string.isRequired, + text: PropTypes.string.isRequired, + selected: PropTypes.bool, + disabled: PropTypes.bool, + onToggle: PropTypes.func, + }; + + handleClick = () => { + const { id, disabled, onToggle } = this.props; + + if (!disabled) { + onToggle(id); + } + }; + + render () { + const { id, text, disabled, selected } = this.props; + + return ( +
+ + {selected && } + {text} +
+ ); + } + +} + +export default @injectIntl +class ReportReasonSelector extends React.PureComponent { + + static propTypes = { + id: PropTypes.string.isRequired, + category: PropTypes.string.isRequired, + rule_ids: PropTypes.arrayOf(PropTypes.string), + disabled: PropTypes.bool, + intl: PropTypes.object.isRequired, + }; + + state = { + category: this.props.category, + rule_ids: this.props.rule_ids || [], + rules: [], + }; + + componentDidMount() { + api().get('/api/v1/instance').then(res => { + this.setState({ + rules: res.data.rules, + }); + }).catch(err => { + console.error(err); + }); + } + + _save = () => { + const { id, disabled } = this.props; + const { category, rule_ids } = this.state; + + if (disabled) { + return; + } + + api().put(`/api/v1/admin/reports/${id}`, { + category, + rule_ids, + }).catch(err => { + console.error(err); + }); + }; + + handleSelect = id => { + this.setState({ category: id }, () => this._save()); + }; + + handleToggle = id => { + const { rule_ids } = this.state; + + if (rule_ids.includes(id)) { + this.setState({ rule_ids: rule_ids.filter(x => x !== id ) }, () => this._save()); + } else { + this.setState({ rule_ids: [...rule_ids, id] }, () => this._save()); + } + }; + + render () { + const { disabled, intl } = this.props; + const { rules, category, rule_ids } = this.state; + + return ( +
+ + + + {rules.map(rule => )} + +
+ ); + } + +} diff --git a/app/javascript/mastodon/components/status_action_bar.js b/app/javascript/mastodon/components/status_action_bar.js index d125359e9..4e19cc0e4 100644 --- a/app/javascript/mastodon/components/status_action_bar.js +++ b/app/javascript/mastodon/components/status_action_bar.js @@ -291,7 +291,7 @@ class StatusActionBar extends ImmutablePureComponent { if (isStaff) { menu.push(null); menu.push({ text: intl.formatMessage(messages.admin_account, { name: account.get('username') }), href: `/admin/accounts/${status.getIn(['account', 'id'])}` }); - menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}` }); + menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses?id=${status.get('id')}` }); } } diff --git a/app/javascript/mastodon/features/status/components/action_bar.js b/app/javascript/mastodon/features/status/components/action_bar.js index e60119bc4..a15a4d567 100644 --- a/app/javascript/mastodon/features/status/components/action_bar.js +++ b/app/javascript/mastodon/features/status/components/action_bar.js @@ -245,7 +245,7 @@ class ActionBar extends React.PureComponent { if (isStaff) { menu.push(null); menu.push({ text: intl.formatMessage(messages.admin_account, { name: status.getIn(['account', 'username']) }), href: `/admin/accounts/${status.getIn(['account', 'id'])}` }); - menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}` }); + menu.push({ text: intl.formatMessage(messages.admin_status), href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses?id=${status.get('id')}` }); } } diff --git a/app/javascript/styles/mailer.scss b/app/javascript/styles/mailer.scss index 92c02e847..34852178e 100644 --- a/app/javascript/styles/mailer.scss +++ b/app/javascript/styles/mailer.scss @@ -533,6 +533,10 @@ ul { } } +ul.rules-list { + padding-top: 0; +} + @media only screen and (min-device-width: 768px) and (max-device-width: 1024px) and (orientation: landscape) { body { min-height: 1024px !important; diff --git a/app/javascript/styles/mastodon/admin.scss b/app/javascript/styles/mastodon/admin.scss index dbf8a6e7a..c20762fba 100644 --- a/app/javascript/styles/mastodon/admin.scss +++ b/app/javascript/styles/mastodon/admin.scss @@ -579,39 +579,44 @@ body, .log-entry { line-height: 20px; - padding: 15px 0; + padding: 15px; + padding-left: 15px * 2 + 40px; background: $ui-base-color; - border-bottom: 1px solid lighten($ui-base-color, 4%); + border-bottom: 1px solid darken($ui-base-color, 8%); + position: relative; + + &:first-child { + border-top-left-radius: 4px; + border-top-right-radius: 4px; + } &:last-child { + border-bottom-left-radius: 4px; + border-bottom-right-radius: 4px; border-bottom: 0; } + &:hover { + background: lighten($ui-base-color, 4%); + } + &__header { - display: flex; - justify-content: flex-start; - align-items: center; color: $darker-text-color; font-size: 14px; - padding: 0 10px; } &__avatar { - margin-right: 10px; + position: absolute; + left: 15px; + top: 15px; .avatar { - display: block; - margin: 0; - border-radius: 50%; + border-radius: 4px; width: 40px; height: 40px; } } - &__content { - max-width: calc(100% - 90px); - } - &__title { word-wrap: break-word; } @@ -627,6 +632,14 @@ body, text-decoration: none; font-weight: 500; } + + a { + &:hover, + &:focus, + &:active { + text-decoration: underline; + } + } } a.name-tag, @@ -655,8 +668,9 @@ a.inline-name-tag, a.name-tag, .name-tag { - display: flex; + display: inline-flex; align-items: center; + vertical-align: top; .avatar { display: block; @@ -1114,3 +1128,287 @@ a.sparkline { } } } + +.report-reason-selector { + border-radius: 4px; + background: $ui-base-color; + margin-bottom: 20px; + + &__category { + cursor: pointer; + border-bottom: 1px solid darken($ui-base-color, 8%); + + &:last-child { + border-bottom: 0; + } + + &__label { + padding: 15px; + } + + &__rules { + margin-left: 30px; + } + } + + &__rule { + cursor: pointer; + padding: 15px; + } +} + +.report-header { + display: grid; + grid-gap: 15px; + grid-template-columns: minmax(0, 1fr) 300px; + + &__details { + &__item { + border-bottom: 1px solid lighten($ui-base-color, 8%); + padding: 15px 0; + + &:last-child { + border-bottom: 0; + } + + &__header { + font-weight: 600; + padding: 4px 0; + } + } + + &--horizontal { + display: grid; + grid-auto-columns: minmax(0, 1fr); + grid-auto-flow: column; + + .report-header__details__item { + border-bottom: 0; + } + } + } +} + +.account-card { + background: $ui-base-color; + border-radius: 4px; + + &__header { + padding: 4px; + border-radius: 4px; + height: 128px; + + img { + display: block; + margin: 0; + width: 100%; + height: 100%; + object-fit: cover; + background: darken($ui-base-color, 8%); + } + } + + &__title { + margin-top: -25px; + display: flex; + align-items: flex-end; + + &__avatar { + padding: 15px; + + img { + display: block; + margin: 0; + width: 56px; + height: 56px; + background: darken($ui-base-color, 8%); + border-radius: 8px; + } + } + + .display-name { + color: $darker-text-color; + padding-bottom: 15px; + font-size: 15px; + + bdi { + display: block; + color: $primary-text-color; + font-weight: 500; + } + } + } + + &__bio { + padding: 0 15px; + overflow: hidden; + text-overflow: ellipsis; + word-wrap: break-word; + max-height: 18px * 2; + position: relative; + + &::after { + display: block; + content: ""; + width: 50px; + height: 18px; + position: absolute; + bottom: 0; + right: 15px; + background: linear-gradient(to left, $ui-base-color, transparent); + pointer-events: none; + } + } + + &__actions { + display: flex; + align-items: center; + padding-top: 10px; + + &__button { + flex: 0 0 auto; + padding: 0 15px; + } + } + + &__counters { + flex: 1 1 auto; + display: grid; + grid-auto-columns: minmax(0, 1fr); + grid-auto-flow: column; + + &__item { + padding: 15px; + text-align: center; + color: $primary-text-color; + font-weight: 600; + font-size: 15px; + + small { + display: block; + color: $darker-text-color; + font-weight: 400; + font-size: 13px; + } + } + } +} + +.report-notes { + margin-bottom: 20px; + + &__item { + background: $ui-base-color; + position: relative; + padding: 15px; + padding-left: 15px * 2 + 40px; + border-bottom: 1px solid darken($ui-base-color, 8%); + + &:first-child { + border-top-left-radius: 4px; + border-top-right-radius: 4px; + } + + &:last-child { + border-bottom-left-radius: 4px; + border-bottom-right-radius: 4px; + border-bottom: 0; + } + + &:hover { + background-color: lighten($ui-base-color, 4%); + } + + &__avatar { + position: absolute; + left: 15px; + top: 15px; + border-radius: 4px; + width: 40px; + height: 40px; + } + + &__header { + color: $darker-text-color; + font-size: 15px; + line-height: 20px; + margin-bottom: 4px; + + .username a { + color: $primary-text-color; + font-weight: 500; + text-decoration: none; + margin-right: 5px; + + &:hover, + &:focus, + &:active { + text-decoration: underline; + } + } + + time { + margin-left: 5px; + vertical-align: baseline; + } + } + + &__content { + font-size: 15px; + line-height: 20px; + word-wrap: break-word; + font-weight: 400; + color: $primary-text-color; + + p { + margin-bottom: 20px; + white-space: pre-wrap; + unicode-bidi: plaintext; + + &:last-child { + margin-bottom: 0; + } + } + } + + &__actions { + position: absolute; + top: 15px; + right: 15px; + text-align: right; + } + } +} + +.report-actions { + border: 1px solid darken($ui-base-color, 8%); + + &__item { + display: flex; + align-items: center; + line-height: 18px; + border-bottom: 1px solid darken($ui-base-color, 8%); + + &:last-child { + border-bottom: 0; + } + + &__button { + flex: 0 0 auto; + width: 100px; + padding: 15px; + padding-right: 0; + + .button { + display: block; + width: 100%; + } + } + + &__description { + padding: 15px; + font-size: 14px; + color: $dark-text-color; + } + } +} diff --git a/app/javascript/styles/mastodon/polls.scss b/app/javascript/styles/mastodon/polls.scss index ad7088982..e33fc7983 100644 --- a/app/javascript/styles/mastodon/polls.scss +++ b/app/javascript/styles/mastodon/polls.scss @@ -143,6 +143,21 @@ &:active { outline: 0 !important; } + + &.disabled { + border-color: $dark-text-color; + + &.active { + background: $dark-text-color; + } + + &:active, + &:focus, + &:hover { + border-color: $dark-text-color; + border-width: 1px; + } + } } &__number { diff --git a/app/lib/admin/metrics/measure/resolved_reports_measure.rb b/app/lib/admin/metrics/measure/resolved_reports_measure.rb index 0dcecbbad..00cb24f7e 100644 --- a/app/lib/admin/metrics/measure/resolved_reports_measure.rb +++ b/app/lib/admin/metrics/measure/resolved_reports_measure.rb @@ -6,11 +6,11 @@ class Admin::Metrics::Measure::ResolvedReportsMeasure < Admin::Metrics::Measure: end def total - Report.resolved.where(updated_at: time_period).count + Report.resolved.where(action_taken_at: time_period).count end def previous_total - Report.resolved.where(updated_at: previous_time_period).count + Report.resolved.where(action_taken_at: previous_time_period).count end def data @@ -19,8 +19,7 @@ class Admin::Metrics::Measure::ResolvedReportsMeasure < Admin::Metrics::Measure: WITH resolved_reports AS ( SELECT reports.id FROM reports - WHERE action_taken - AND date_trunc('day', reports.updated_at)::date = axis.period + WHERE date_trunc('day', reports.action_taken_at)::date = axis.period ) SELECT count(*) FROM resolved_reports ) AS value diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 68d1c4507..5221a4892 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -160,11 +160,11 @@ class UserMailer < Devise::Mailer end end - def warning(user, warning, status_ids = nil) + def warning(user, warning) @resource = user @warning = warning @instance = Rails.configuration.x.local_domain - @statuses = Status.where(id: status_ids).includes(:account) if status_ids.is_a?(Array) + @statuses = @warning.statuses.includes(:account, :preloadable_poll, :media_attachments, active_mentions: [:account]) I18n.with_locale(@resource.locale || I18n.default_locale) do mail to: @resource.email, diff --git a/app/models/account_warning.rb b/app/models/account_warning.rb index 5efc924d5..fc0d988fd 100644 --- a/app/models/account_warning.rb +++ b/app/models/account_warning.rb @@ -10,14 +10,30 @@ # text :text default(""), not null # created_at :datetime not null # updated_at :datetime not null +# report_id :bigint(8) +# status_ids :string is an Array # class AccountWarning < ApplicationRecord - enum action: %i(none disable sensitive silence suspend), _suffix: :action + enum action: { + none: 0, + disable: 1_000, + delete_statuses: 1_500, + sensitive: 2_000, + silence: 3_000, + suspend: 4_000, + }, _suffix: :action belongs_to :account, inverse_of: :account_warnings - belongs_to :target_account, class_name: 'Account', inverse_of: :targeted_account_warnings + belongs_to :target_account, class_name: 'Account', inverse_of: :strikes + belongs_to :report, optional: true - scope :latest, -> { order(created_at: :desc) } + has_one :appeal, dependent: :destroy + + scope :latest, -> { order(id: :desc) } scope :custom, -> { where.not(text: '') } + + def statuses + Status.with_discarded.where(id: status_ids || []) + end end diff --git a/app/models/admin/account_action.rb b/app/models/admin/account_action.rb index bf222391f..d3be4be3f 100644 --- a/app/models/admin/account_action.rb +++ b/app/models/admin/account_action.rb @@ -33,7 +33,7 @@ class Admin::AccountAction def save! ApplicationRecord.transaction do process_action! - process_warning! + process_strike! end process_email! @@ -74,20 +74,14 @@ class Admin::AccountAction end end - def process_warning! - return unless warnable? - - authorize(target_account, :warn?) - - @warning = AccountWarning.create!(target_account: target_account, - account: current_account, - action: type, - text: text_for_warning) - - # A log entry is only interesting if the warning contains - # custom text from someone. Otherwise it's just noise. - - log_action(:create, warning) if warning.text.present? + def process_strike! + @warning = target_account.strikes.create!( + account: current_account, + report: report, + action: type, + text: text_for_warning, + status_ids: status_ids + ) end def process_reports! @@ -143,7 +137,7 @@ class Admin::AccountAction end def process_email! - UserMailer.warning(target_account.user, warning, status_ids).deliver_later! if warnable? + UserMailer.warning(target_account.user, warning).deliver_later! if warnable? end def warnable? @@ -151,7 +145,7 @@ class Admin::AccountAction end def status_ids - report.status_ids if report && include_statuses + report.status_ids if with_report? && include_statuses end def reports diff --git a/app/models/admin/status_batch_action.rb b/app/models/admin/status_batch_action.rb new file mode 100644 index 000000000..319deff98 --- /dev/null +++ b/app/models/admin/status_batch_action.rb @@ -0,0 +1,92 @@ +# frozen_string_literal: true + +class Admin::StatusBatchAction + include ActiveModel::Model + include AccountableConcern + include Authorization + + attr_accessor :current_account, :type, + :status_ids, :report_id + + def save! + process_action! + end + + private + + def statuses + Status.with_discarded.where(id: status_ids) + end + + def process_action! + return if status_ids.empty? + + case type + when 'delete' + handle_delete! + when 'report' + handle_report! + when 'remove_from_report' + handle_remove_from_report! + end + end + + def handle_delete! + statuses.each { |status| authorize(status, :destroy?) } + + ApplicationRecord.transaction do + statuses.each do |status| + status.discard + log_action(:destroy, status) + end + + if with_report? + report.resolve!(current_account) + log_action(:resolve, report) + end + + @warning = target_account.strikes.create!( + action: :delete_statuses, + account: current_account, + report: report, + status_ids: status_ids + ) + + statuses.each { |status| Tombstone.find_or_create_by(uri: status.uri, account: status.account, by_moderator: true) } unless target_account.local? + end + + UserMailer.warning(target_account.user, @warning).deliver_later! if target_account.local? + RemovalWorker.push_bulk(status_ids) { |status_id| [status_id, preserve: target_account.local?, immediate: !target_account.local?] } + end + + def handle_report! + @report = Report.new(report_params) unless with_report? + @report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq + @report.save! + + @report_id = @report.id + end + + def handle_remove_from_report! + return unless with_report? + + report.status_ids -= status_ids.map(&:to_i) + report.save! + end + + def report + @report ||= Report.find(report_id) if report_id.present? + end + + def with_report? + !report.nil? + end + + def target_account + @target_account ||= statuses.first.account + end + + def report_params + { account: current_account, target_account: target_account } + end +end diff --git a/app/models/admin/status_filter.rb b/app/models/admin/status_filter.rb new file mode 100644 index 000000000..ce5bb5f46 --- /dev/null +++ b/app/models/admin/status_filter.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +class Admin::StatusFilter + KEYS = %i( + media + id + report_id + ).freeze + + attr_reader :params + + def initialize(account, params) + @account = account + @params = params + end + + def results + scope = @account.statuses.where(visibility: [:public, :unlisted]) + + params.each do |key, value| + next if %w(page report_id).include?(key.to_s) + + scope.merge!(scope_for(key, value.to_s.strip)) if value.present? + end + + scope + end + + private + + def scope_for(key, value) + case key.to_s + when 'media' + Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id) + when 'id' + Status.where(id: value) + else + raise "Unknown filter: #{key}" + end + end +end diff --git a/app/models/concerns/account_associations.rb b/app/models/concerns/account_associations.rb index f9e7a3bea..bbe269e8f 100644 --- a/app/models/concerns/account_associations.rb +++ b/app/models/concerns/account_associations.rb @@ -42,7 +42,7 @@ module AccountAssociations has_many :account_moderation_notes, dependent: :destroy, inverse_of: :account has_many :targeted_moderation_notes, class_name: 'AccountModerationNote', foreign_key: :target_account_id, dependent: :destroy, inverse_of: :target_account has_many :account_warnings, dependent: :destroy, inverse_of: :account - has_many :targeted_account_warnings, class_name: 'AccountWarning', foreign_key: :target_account_id, dependent: :destroy, inverse_of: :target_account + has_many :strikes, class_name: 'AccountWarning', foreign_key: :target_account_id, dependent: :destroy, inverse_of: :target_account # Lists (that the account is on, not owned by the account) has_many :list_accounts, inverse_of: :account, dependent: :destroy diff --git a/app/models/form/status_batch.rb b/app/models/form/status_batch.rb deleted file mode 100644 index c4943a7ea..000000000 --- a/app/models/form/status_batch.rb +++ /dev/null @@ -1,45 +0,0 @@ -# frozen_string_literal: true - -class Form::StatusBatch - include ActiveModel::Model - include AccountableConcern - - attr_accessor :status_ids, :action, :current_account - - def save - case action - when 'nsfw_on', 'nsfw_off' - change_sensitive(action == 'nsfw_on') - when 'delete' - delete_statuses - end - end - - private - - def change_sensitive(sensitive) - media_attached_status_ids = MediaAttachment.where(status_id: status_ids).pluck(:status_id) - - ApplicationRecord.transaction do - Status.where(id: media_attached_status_ids).reorder(nil).find_each do |status| - status.update!(sensitive: sensitive) - log_action :update, status - end - end - - true - rescue ActiveRecord::RecordInvalid - false - end - - def delete_statuses - Status.where(id: status_ids).reorder(nil).find_each do |status| - status.discard - RemovalWorker.perform_async(status.id, immediate: true) - Tombstone.find_or_create_by(uri: status.uri, account: status.account, by_moderator: true) - log_action :destroy, status - end - - true - end -end diff --git a/app/models/report.rb b/app/models/report.rb index ef41547d9..ceb15133b 100644 --- a/app/models/report.rb +++ b/app/models/report.rb @@ -6,7 +6,6 @@ # id :bigint(8) not null, primary key # status_ids :bigint(8) default([]), not null, is an Array # comment :text default(""), not null -# action_taken :boolean default(FALSE), not null # created_at :datetime not null # updated_at :datetime not null # account_id :bigint(8) not null @@ -15,9 +14,14 @@ # assigned_account_id :bigint(8) # uri :string # forwarded :boolean +# category :integer default("other"), not null +# action_taken_at :datetime +# rule_ids :bigint(8) is an Array # class Report < ApplicationRecord + self.ignored_columns = %w(action_taken) + include Paginable include RateLimitable @@ -30,11 +34,17 @@ class Report < ApplicationRecord has_many :notes, class_name: 'ReportNote', foreign_key: :report_id, inverse_of: :report, dependent: :destroy - scope :unresolved, -> { where(action_taken: false) } - scope :resolved, -> { where(action_taken: true) } + scope :unresolved, -> { where(action_taken_at: nil) } + scope :resolved, -> { where.not(action_taken_at: nil) } scope :with_accounts, -> { includes([:account, :target_account, :action_taken_by_account, :assigned_account].index_with({ user: [:invite_request, :invite] })) } - validates :comment, length: { maximum: 1000 } + validates :comment, length: { maximum: 1_000 } + + enum category: { + other: 0, + spam: 1_000, + violation: 2_000, + } def local? false # Force uri_for to use uri attribute @@ -47,13 +57,17 @@ class Report < ApplicationRecord end def statuses - Status.with_discarded.where(id: status_ids).includes(:account, :media_attachments, :mentions) + Status.with_discarded.where(id: status_ids) end def media_attachments MediaAttachment.where(status_id: status_ids) end + def rules + Rule.with_discarded.where(id: rule_ids) + end + def assign_to_self!(current_account) update!(assigned_account_id: current_account.id) end @@ -63,22 +77,19 @@ class Report < ApplicationRecord end def resolve!(acting_account) - if account_id == -99 && target_account.trust_level == Account::TRUST_LEVELS[:untrusted] - # This is an automated report and it is being dismissed, so it's - # a false positive, in which case update the account's trust level - # to prevent further spam checks - - target_account.update(trust_level: Account::TRUST_LEVELS[:trusted]) - end - - RemovalWorker.push_bulk(Status.with_discarded.discarded.where(id: status_ids).pluck(:id)) { |status_id| [status_id, { immediate: true }] } - update!(action_taken: true, action_taken_by_account_id: acting_account.id) + update!(action_taken_at: Time.now.utc, action_taken_by_account_id: acting_account.id) end def unresolve! - update!(action_taken: false, action_taken_by_account_id: nil) + update!(action_taken_at: nil, action_taken_by_account_id: nil) + end + + def action_taken? + action_taken_at.present? end + alias action_taken action_taken? + def unresolved? !action_taken? end @@ -88,29 +99,24 @@ class Report < ApplicationRecord end def history - time_range = created_at..updated_at - - sql = [ + subquery = [ Admin::ActionLog.where( target_type: 'Report', - target_id: id, - created_at: time_range - ).unscope(:order), + target_id: id + ).unscope(:order).arel, Admin::ActionLog.where( target_type: 'Account', - target_id: target_account_id, - created_at: time_range - ).unscope(:order), + target_id: target_account_id + ).unscope(:order).arel, Admin::ActionLog.where( target_type: 'Status', - target_id: status_ids, - created_at: time_range - ).unscope(:order), - ].map { |query| "(#{query.to_sql})" }.join(' UNION ALL ') + target_id: status_ids + ).unscope(:order).arel, + ].reduce { |union, query| Arel::Nodes::UnionAll.new(union, query) } - Admin::ActionLog.from("(#{sql}) AS admin_action_logs") + Admin::ActionLog.from(Arel::Nodes::As.new(subquery, Admin::ActionLog.arel_table)) end def set_uri diff --git a/app/models/report_filter.rb b/app/models/report_filter.rb index a91a6baeb..dc444a552 100644 --- a/app/models/report_filter.rb +++ b/app/models/report_filter.rb @@ -19,7 +19,7 @@ class ReportFilter scope = Report.unresolved params.each do |key, value| - scope = scope.merge scope_for(key, value) + scope = scope.merge scope_for(key, value), rewhere: true end scope diff --git a/app/serializers/rest/admin/report_serializer.rb b/app/serializers/rest/admin/report_serializer.rb index 7a77132c0..74bc0c520 100644 --- a/app/serializers/rest/admin/report_serializer.rb +++ b/app/serializers/rest/admin/report_serializer.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class REST::Admin::ReportSerializer < ActiveModel::Serializer - attributes :id, :action_taken, :comment, :created_at, :updated_at + attributes :id, :action_taken, :category, :comment, :created_at, :updated_at has_one :account, serializer: REST::Admin::AccountSerializer has_one :target_account, serializer: REST::Admin::AccountSerializer @@ -9,8 +9,13 @@ class REST::Admin::ReportSerializer < ActiveModel::Serializer has_one :action_taken_by_account, serializer: REST::Admin::AccountSerializer has_many :statuses, serializer: REST::StatusSerializer + has_many :rules, serializer: REST::RuleSerializer def id object.id.to_s end + + def statuses + object.statuses.with_includes + end end diff --git a/app/services/remove_status_service.rb b/app/services/remove_status_service.rb index f9c3dcf78..3535b503b 100644 --- a/app/services/remove_status_service.rb +++ b/app/services/remove_status_service.rb @@ -9,6 +9,7 @@ class RemoveStatusService < BaseService # @param [Hash] options # @option [Boolean] :redraft # @option [Boolean] :immediate + # @option [Boolean] :preserve # @option [Boolean] :original_removed def call(status, **options) @payload = Oj.dump(event: :delete, payload: status.id.to_s) @@ -43,7 +44,7 @@ class RemoveStatusService < BaseService remove_media end - @status.destroy! if @options[:immediate] || !@status.reported? + @status.destroy! if permanently? else raise Mastodon::RaceConditionError end @@ -135,11 +136,15 @@ class RemoveStatusService < BaseService end def remove_media - return if @options[:redraft] || (!@options[:immediate] && @status.reported?) + return if @options[:redraft] || !permanently? @status.media_attachments.destroy_all end + def permanently? + @options[:immediate] || !(@options[:preserve] || @status.reported?) + end + def lock_options { redis: Redis.current, key: "distribute:#{@status.id}", autorelease: 5.minutes.seconds } end diff --git a/app/views/admin/action_logs/index.html.haml b/app/views/admin/action_logs/index.html.haml index f7f73150b..f611bfe9d 100644 --- a/app/views/admin/action_logs/index.html.haml +++ b/app/views/admin/action_logs/index.html.haml @@ -22,7 +22,7 @@ %div.muted-hint.center-text = t 'admin.action_logs.empty' - else - .announcements-list + .report-notes = render partial: 'action_log', collection: @action_logs = paginate @action_logs diff --git a/app/views/admin/report_notes/_report_note.html.haml b/app/views/admin/report_notes/_report_note.html.haml index d34dc3d15..428b6cf59 100644 --- a/app/views/admin/report_notes/_report_note.html.haml +++ b/app/views/admin/report_notes/_report_note.html.haml @@ -1,7 +1,18 @@ -.speech-bubble - .speech-bubble__bubble +.report-notes__item + = image_tag report_note.account.avatar.url, class: 'report-notes__item__avatar' + + .report-notes__item__header + %span.username + = link_to display_name(report_note.account), admin_account_path(report_note.account_id) + %time{ datetime: report_note.created_at.iso8601, title: l(report_note.created_at) } + - if report_note.created_at.today? + = t('admin.report_notes.today_at', time: l(report_note.created_at, format: :time)) + - else + = l report_note.created_at.to_date + + .report-notes__item__content = simple_format(h(report_note.content)) - .speech-bubble__owner - = admin_account_link_to report_note.account - %time.formatted{ datetime: report_note.created_at.iso8601 }= l report_note.created_at - = table_link_to 'trash', t('admin.reports.notes.delete'), admin_report_note_path(report_note), method: :delete if can?(:destroy, report_note) + + - if can?(:destroy, report_note) + .report-notes__item__actions + = table_link_to 'trash', t('admin.reports.notes.delete'), admin_report_note_path(report_note), method: :delete diff --git a/app/views/admin/reports/_action_log.html.haml b/app/views/admin/reports/_action_log.html.haml deleted file mode 100644 index 0f7d05867..000000000 --- a/app/views/admin/reports/_action_log.html.haml +++ /dev/null @@ -1,6 +0,0 @@ -.speech-bubble.positive - .speech-bubble__bubble - = t("admin.action_logs.actions.#{action_log.action}_#{action_log.target_type.underscore}_html", name: content_tag(:span, action_log.account.username, class: 'username'), target: content_tag(:span, log_target(action_log), class: 'target')) - .speech-bubble__owner - = admin_account_link_to(action_log.account) - %time.formatted{ datetime: action_log.created_at.iso8601 }= l action_log.created_at diff --git a/app/views/admin/reports/_status.html.haml b/app/views/admin/reports/_status.html.haml index ada6dd2bc..924b0e9c2 100644 --- a/app/views/admin/reports/_status.html.haml +++ b/app/views/admin/reports/_status.html.haml @@ -22,6 +22,9 @@ = react_component :media_gallery, height: 343, sensitive: status.proper.sensitive?, visible: false, media: status.proper.media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } .detailed-status__meta + - if status.application + = status.application.name + · = link_to ActivityPub::TagManager.instance.url_for(status), class: 'detailed-status__datetime', target: stream_link_target, rel: 'noopener noreferrer' do %time.formatted{ datetime: status.created_at.iso8601, title: l(status.created_at) }= l(status.created_at) - if status.discarded? diff --git a/app/views/admin/reports/show.html.haml b/app/views/admin/reports/show.html.haml index b060c553f..4f513dd39 100644 --- a/app/views/admin/reports/show.html.haml +++ b/app/views/admin/reports/show.html.haml @@ -1,5 +1,6 @@ - content_for :header_tags do = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('admin.reports.report', id: @report.id) @@ -10,122 +11,199 @@ - else = link_to t('admin.reports.mark_as_unresolved'), reopen_admin_report_path(@report), method: :post, class: 'button' -.table-wrapper - %table.table.inline-table - %tbody - %tr - %th= t('admin.reports.reported_account') - %td= admin_account_link_to @report.target_account - %td= table_link_to 'flag', t('admin.reports.account.reports', count: @report.target_account.targeted_reports.count), admin_reports_path(target_account_id: @report.target_account.id) - %td= table_link_to 'file', t('admin.reports.account.notes', count: @report.target_account.targeted_moderation_notes.count), admin_reports_path(target_account_id: @report.target_account.id) - %tr - %th= t('admin.reports.reported_by') +.report-header + .report-header__card + .account-card + .account-card__header + = image_tag @report.target_account.header.url, alt: '' + .account-card__title + .account-card__title__avatar + = image_tag @report.target_account.avatar.url, alt: '' + .display-name + %bdi + %strong.emojify.p-name= display_name(@report.target_account, custom_emojify: true) + %span + = acct(@report.target_account) + = fa_icon('lock') if @report.target_account.locked? + - if @report.target_account.note.present? + .account-card__bio.emojify + = Formatter.instance.simplified_format(@report.target_account, custom_emojify: true) + .account-card__actions + .account-card__counters + .account-card__counters__item + = friendly_number_to_human @report.target_account.statuses_count + %small= t('accounts.posts', count: @report.target_account.statuses_count).downcase + .account-card__counters__item + = friendly_number_to_human @report.target_account.followers_count + %small= t('accounts.followers', count: @report.target_account.followers_count).downcase + .account-card__counters__item + = friendly_number_to_human @report.target_account.following_count + %small= t('accounts.following', count: @report.target_account.following_count).downcase + .account-card__actions__button + = link_to t('admin.reports.view_profile'), admin_account_path(@report.target_account_id), class: 'button' + .report-header__details.report-header__details--horizontal + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.accounts.joined') + .report-header__details__item__content + %time.time-ago{ datetime: @report.target_account.created_at.iso8601, title: l(@report.target_account.created_at) }= l @report.target_account.created_at + .report-header__details__item + .report-header__details__item__header + %strong= t('accounts.last_active') + .report-header__details__item__content + - if @report.target_account.last_status_at.present? + %time.time-ago{ datetime: @report.target_account.last_status_at.to_date.iso8601, title: l(@report.target_account.last_status_at.to_date) }= l @report.target_account.last_status_at + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.accounts.strikes') + .report-header__details__item__content + = @report.target_account.strikes.count + + .report-header__details + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.reports.created_at') + .report-header__details__item__content + %time.formatted{ datetime: @report.created_at.iso8601 } + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.reports.reported_by') + .report-header__details__item__content - if @report.account.instance_actor? - %td{ colspan: 3 }= site_hostname + = site_hostname - elsif @report.account.local? - %td= admin_account_link_to @report.account - %td= table_link_to 'flag', t('admin.reports.account.reports', count: @report.account.targeted_reports.count), admin_reports_path(target_account_id: @report.account.id) - %td= table_link_to 'file', t('admin.reports.account.notes', count: @report.account.targeted_moderation_notes.count), admin_reports_path(target_account_id: @report.account.id) + = admin_account_link_to @report.account + - else + = @report.account.domain + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.reports.status') + .report-header__details__item__content + - if @report.action_taken? + = t('admin.reports.resolved') - else - %td{ colspan: 3 }= @report.account.domain - %tr - %th= t('admin.reports.created_at') - %td{ colspan: 3 } - %time.formatted{ datetime: @report.created_at.iso8601 } - %tr - %th= t('admin.reports.updated_at') - %td{ colspan: 3 } - %time.formatted{ datetime: @report.updated_at.iso8601 } - %tr - %th= t('admin.reports.status') - %td - - if @report.action_taken? - = t('admin.reports.resolved') + = t('admin.reports.unresolved') + - unless @report.target_account.local? + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.reports.forwarded') + .report-header__details__item__content + - if @report.forwarded? + = t('simple_form.yes') - else - = t('admin.reports.unresolved') - %td{ colspan: 2 } - - if @report.action_taken? - = table_link_to 'envelope-open', t('admin.reports.reopen'), admin_report_path(@report, outcome: 'reopen'), method: :put - - unless @report.target_account.local? - %tr - %th= t('admin.reports.forwarded') - %td{ colspan: 3 } - - if @report.forwarded.nil? - \- - - elsif @report.forwarded? - = t('simple_form.yes') - - else - = t('simple_form.no') - - if !@report.action_taken_by_account.nil? - %tr - %th= t('admin.reports.action_taken_by') - %td{ colspan: 3 } - = admin_account_link_to @report.action_taken_by_account - - else - %tr - %th= t('admin.reports.assigned') - %td - - if @report.assigned_account.nil? - \- - - else - = admin_account_link_to @report.assigned_account - %td - - if @report.assigned_account != current_user.account - = table_link_to 'user', t('admin.reports.assign_to_self'), assign_to_self_admin_report_path(@report), method: :post - %td - - if !@report.assigned_account.nil? - = table_link_to 'trash', t('admin.reports.unassign'), unassign_admin_report_path(@report), method: :post + = t('simple_form.no') + - if !@report.action_taken_by_account.nil? + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.reports.action_taken_by') + .report-header__details__item__content + = admin_account_link_to @report.action_taken_by_account + - else + .report-header__details__item + .report-header__details__item__header + %strong= t('admin.reports.assigned') + .report-header__details__item__content + - if @report.assigned_account.nil? + = t 'admin.reports.no_one_assigned' + - else + = admin_account_link_to @report.assigned_account + — + - if @report.assigned_account != current_user.account + = table_link_to 'user', t('admin.reports.assign_to_self'), assign_to_self_admin_report_path(@report), method: :post + - elsif !@report.assigned_account.nil? + = table_link_to 'trash', t('admin.reports.unassign'), unassign_admin_report_path(@report), method: :post %hr.spacer -%div.action-buttons - %div +%h3= t 'admin.reports.category' - - if @report.unresolved? - %div - - if @report.target_account.local? - = link_to t('admin.accounts.warn'), new_admin_account_action_path(@report.target_account_id, type: 'none', report_id: @report.id), class: 'button' - = link_to t('admin.accounts.disable'), new_admin_account_action_path(@report.target_account_id, type: 'disable', report_id: @report.id), class: 'button button--destructive' - = link_to t('admin.accounts.silence'), new_admin_account_action_path(@report.target_account_id, type: 'silence', report_id: @report.id), class: 'button button--destructive' - = link_to t('admin.accounts.perform_full_suspension'), new_admin_account_action_path(@report.target_account_id, type: 'suspend', report_id: @report.id), class: 'button button--destructive' +%p= t 'admin.reports.category_description_html' -%hr.spacer += react_admin_component :report_reason_selector, id: @report.id, category: @report.category, rule_ids: @report.rule_ids&.map(&:to_s), disabled: @report.action_taken? -.speech-bubble - .speech-bubble__bubble= simple_format(@report.comment.presence || t('admin.reports.comment.none')) - .speech-bubble__owner - - if @report.account.local? - = admin_account_link_to @report.account - - else - = @report.account.domain - %br/ - %time.formatted{ datetime: @report.created_at.iso8601 } +- if @report.comment.present? + %p= t('admin.reports.comment_description_html', name: content_tag(:strong, @report.account.username, class: 'username')) + + .report-notes__item + = image_tag @report.account.avatar.url, class: 'report-notes__item__avatar' + + .report-notes__item__header + %span.username + = link_to display_name(@report.account), admin_account_path(@report.account_id) + %time{ datetime: @report.created_at.iso8601, title: l(@report.created_at) } + - if @report.created_at.today? + = t('admin.report_notes.today_at', time: l(@report.created_at, format: :time)) + - else + = l @report.created_at.to_date + + .report-notes__item__content + = simple_format(h(@report.comment)) + +%hr.spacer/ -- unless @report.statuses.empty? +%h3= t 'admin.reports.statuses' + +%p + = t 'admin.reports.statuses_description_html' + — + = link_to safe_join([fa_icon('plus'), t('admin.reports.add_to_report')]), admin_account_statuses_path(@report.target_account_id, report_id: @report.id), class: 'table-action-link' + += form_for(@form, url: batch_admin_account_statuses_path(@report.target_account_id, report_id: @report.id)) do |f| + .batch-table + .batch-table__toolbar + %label.batch-table__toolbar__select.batch-checkbox-all + = check_box_tag :batch_checkbox_all, nil, false + .batch-table__toolbar__actions + - if !@statuses.empty? && @report.unresolved? + = f.button safe_join([fa_icon('times'), t('admin.statuses.batch.remove_from_report')]), name: :remove_from_report, class: 'table-action-link', type: :submit + = f.button safe_join([fa_icon('trash'), t('admin.reports.delete_and_resolve')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } + - else + .batch-table__body + - if @statuses.empty? + = nothing_here 'nothing-here--under-tabs' + - else + = render partial: 'admin/reports/status', collection: @statuses, locals: { f: f } + +- if @report.unresolved? %hr.spacer/ - = form_for(@form, url: admin_report_reported_statuses_path(@report.id)) do |f| - .batch-table - .batch-table__toolbar - %label.batch-table__toolbar__select.batch-checkbox-all - = check_box_tag :batch_checkbox_all, nil, false - .batch-table__toolbar__actions - = f.button safe_join([fa_icon('eye-slash'), t('admin.statuses.batch.nsfw_on')]), name: :nsfw_on, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('eye'), t('admin.statuses.batch.nsfw_off')]), name: :nsfw_off, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('trash'), t('admin.statuses.batch.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - .batch-table__body - = render partial: 'admin/reports/status', collection: @report.statuses, locals: { f: f } + %p= t 'admin.reports.actions_description_html' + + .report-actions + .report-actions__item + .report-actions__item__button + = link_to t('admin.accounts.silence'), new_admin_account_action_path(@report.target_account_id, type: 'silence', report_id: @report.id), class: 'button button--destructive' + .report-actions__item__description + = t('admin.reports.actions.silence_description_html') + .report-actions__item + .report-actions__item__button + = link_to t('admin.accounts.perform_full_suspension'), new_admin_account_action_path(@report.target_account_id, report_id: @report.id, type: 'suspend'), class: 'button button--destructive' + .report-actions__item__description + = t('admin.reports.actions.suspend_description_html') + .report-actions__item + .report-actions__item__button + = link_to t('admin.accounts.custom'), new_admin_account_action_path(@report.target_account_id, report_id: @report.id), class: 'button' + .report-actions__item__description + = t('admin.reports.actions.other_description_html') + +- unless @action_logs.empty? + %hr.spacer/ + + %h3= t 'admin.reports.action_log' + + .report-notes + = render @action_logs %hr.spacer/ -- @report_notes.each do |item| - - if item.is_a?(Admin::ActionLog) - = render partial: 'action_log', locals: { action_log: item } - - else - = render item +%h3= t 'admin.reports.notes.title' + +%p= t 'admin.reports.notes_description_html' + +.report-notes + = render @report_notes = simple_form_for @report_note, url: admin_report_notes_path do |f| - = render 'shared/error_messages', object: @report_note = f.input :report_id, as: :hidden .field-group diff --git a/app/views/admin/statuses/index.html.haml b/app/views/admin/statuses/index.html.haml index c39ba9071..7e2114cc2 100644 --- a/app/views/admin/statuses/index.html.haml +++ b/app/views/admin/statuses/index.html.haml @@ -10,28 +10,37 @@ .filter-subset %strong= t('admin.statuses.media.title') %ul - %li= link_to t('admin.statuses.no_media'), admin_account_statuses_path(@account.id, current_params.merge(media: nil)), class: !params[:media] && 'selected' - %li= link_to t('admin.statuses.with_media'), admin_account_statuses_path(@account.id, current_params.merge(media: true)), class: params[:media] && 'selected' + %li= filter_link_to t('generic.all'), media: nil, id: nil + %li= filter_link_to t('admin.statuses.with_media'), media: '1' .back-link - = link_to admin_account_path(@account.id) do - = fa_icon 'chevron-left fw' - = t('admin.statuses.back_to_account') + - if params[:report_id] + = link_to admin_report_path(params[:report_id].to_i) do + = fa_icon 'chevron-left fw' + = t('admin.statuses.back_to_report') + - else + = link_to admin_account_path(@account.id) do + = fa_icon 'chevron-left fw' + = t('admin.statuses.back_to_account') %hr.spacer/ -= form_for(@form, url: admin_account_statuses_path(@account.id)) do |f| - = hidden_field_tag :page, params[:page] - = hidden_field_tag :media, params[:media] += form_for(@status_batch_action, url: batch_admin_account_statuses_path(@account.id)) do |f| + = hidden_field_tag :page, params[:page] || 1 + + - Admin::StatusFilter::KEYS.each do |key| + = hidden_field_tag key, params[key] if params[key].present? .batch-table .batch-table__toolbar %label.batch-table__toolbar__select.batch-checkbox-all = check_box_tag :batch_checkbox_all, nil, false .batch-table__toolbar__actions - = f.button safe_join([fa_icon('eye-slash'), t('admin.statuses.batch.nsfw_on')]), name: :nsfw_on, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('eye'), t('admin.statuses.batch.nsfw_off')]), name: :nsfw_off, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('trash'), t('admin.statuses.batch.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } + - unless @statuses.empty? + = f.button safe_join([fa_icon('flag'), t('admin.statuses.batch.report')]), name: :report, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } .batch-table__body - = render partial: 'admin/reports/status', collection: @statuses, locals: { f: f } + - if @statuses.empty? + = nothing_here 'nothing-here--under-tabs' + - else + = render partial: 'admin/reports/status', collection: @statuses, locals: { f: f } = paginate @statuses diff --git a/app/views/admin/statuses/show.html.haml b/app/views/admin/statuses/show.html.haml deleted file mode 100644 index e2470198d..000000000 --- a/app/views/admin/statuses/show.html.haml +++ /dev/null @@ -1,27 +0,0 @@ -- content_for :page_title do - = t('admin.statuses.title') - \- - = "@#{@account.acct}" - -.filters - .back-link - = link_to admin_account_path(@account.id) do - %i.fa.fa-chevron-left.fa-fw - = t('admin.statuses.back_to_account') - -%hr.spacer/ - -= form_for(@form, url: admin_account_statuses_path(@account.id)) do |f| - = hidden_field_tag :page, params[:page] - = hidden_field_tag :media, params[:media] - - .batch-table - .batch-table__toolbar - %label.batch-table__toolbar__select.batch-checkbox-all - = check_box_tag :batch_checkbox_all, nil, false - .batch-table__toolbar__actions - = f.button safe_join([fa_icon('eye-slash'), t('admin.statuses.batch.nsfw_on')]), name: :nsfw_on, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('eye'), t('admin.statuses.batch.nsfw_off')]), name: :nsfw_off, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - = f.button safe_join([fa_icon('trash'), t('admin.statuses.batch.delete')]), name: :delete, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') } - .batch-table__body - = render partial: 'admin/reports/status', collection: @statuses, locals: { f: f } diff --git a/app/views/notification_mailer/_status.text.erb b/app/views/notification_mailer/_status.text.erb index 8999a1f8e..c43f32d9f 100644 --- a/app/views/notification_mailer/_status.text.erb +++ b/app/views/notification_mailer/_status.text.erb @@ -1,8 +1,8 @@ <% if status.spoiler_text? %> -<%= raw status.spoiler_text %> ----- - +> <%= raw word_wrap(status.spoiler_text, break_sequence: "\n> ") %> +> ---- +> <% end %> -<%= raw Formatter.instance.plaintext(status) %> +> <%= raw word_wrap(Formatter.instance.plaintext(status), break_sequence: "\n> ") %> <%= raw t('application_mailer.view')%> <%= web_url("statuses/#{status.id}") %> diff --git a/app/views/user_mailer/warning.html.haml b/app/views/user_mailer/warning.html.haml index 5a2911ecb..bda1fef6c 100644 --- a/app/views/user_mailer/warning.html.haml +++ b/app/views/user_mailer/warning.html.haml @@ -37,16 +37,26 @@ %tr %td.column-cell.text-center - unless @warning.none_action? - %p= t "user_mailer.warning.explanation.#{@warning.action}" + %p= t "user_mailer.warning.explanation.#{@warning.action}", instance: @instance - unless @warning.text.blank? = Formatter.instance.linkify(@warning.text) - - if !@statuses.nil? && !@statuses.empty? + - if @warning.report && !@warning.report.other? + %p + %strong= t('user_mailer.warning.reason') + = t("user_mailer.warning.categories.#{@warning.report.category}") + + - if @warning.report.violation? && @warning.report.rule_ids.present? + %ul.rules-list + - @warning.report.rules.each do |rule| + %li= rule.text + + - unless @statuses.empty? %p %strong= t('user_mailer.warning.statuses') -- if !@statuses.nil? && !@statuses.empty? +- unless @statuses.empty? - @statuses.each_with_index do |status, i| = render 'notification_mailer/status', status: status, i: i + 1, highlighted: true diff --git a/app/views/user_mailer/warning.text.erb b/app/views/user_mailer/warning.text.erb index bb6610c79..31d7308ae 100644 --- a/app/views/user_mailer/warning.text.erb +++ b/app/views/user_mailer/warning.text.erb @@ -3,11 +3,24 @@ === <% unless @warning.none_action? %> -<%= t "user_mailer.warning.explanation.#{@warning.action}" %> +<%= t "user_mailer.warning.explanation.#{@warning.action}", instance: @instance %> <% end %> +<% if @warning.text.present? %> <%= @warning.text %> -<% if !@statuses.nil? && !@statuses.empty? %> + +<% end %> +<% if @warning.report && !@warning.report.other? %> +**<%= t('user_mailer.warning.reason') %>** <%= t("user_mailer.warning.categories.#{@warning.report.category}") %> + +<% if @warning.report.violation? && @warning.report.rule_ids.present? %> +<% @warning.report.rules.each do |rule| %> +- <%= rule.text %> +<% end %> + +<% end %> +<% end %> +<% if !@statuses.empty? %> <%= t('user_mailer.warning.statuses') %> <% @statuses.each do |status| %> diff --git a/app/workers/scheduler/user_cleanup_scheduler.rb b/app/workers/scheduler/user_cleanup_scheduler.rb index be0c4277d..d06b637f9 100644 --- a/app/workers/scheduler/user_cleanup_scheduler.rb +++ b/app/workers/scheduler/user_cleanup_scheduler.rb @@ -8,6 +8,7 @@ class Scheduler::UserCleanupScheduler def perform clean_unconfirmed_accounts! clean_suspended_accounts! + clean_discarded_statuses! end private @@ -24,4 +25,12 @@ class Scheduler::UserCleanupScheduler Admin::AccountDeletionWorker.perform_async(deletion_request.account_id) end end + + def clean_discarded_statuses! + Status.discarded.where('deleted_at <= ?', 30.days.ago).find_in_batches do |statuses| + RemovalWorker.push_bulk(statuses) do |status| + [status.id, { immediate: true }] + end + end + end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 693a7b400..36ac89664 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -113,6 +113,7 @@ en: confirm: Confirm confirmed: Confirmed confirming: Confirming + custom: Custom delete: Delete data deleted: Deleted demote: Demote @@ -203,6 +204,7 @@ en: silence: Limit silenced: Limited statuses: Posts + strikes: Previous strikes subscribe: Subscribe suspended: Suspended suspension_irreversible: The data of this account has been irreversibly deleted. You can unsuspend the account to make it usable but it will not recover any data it previously had. @@ -549,32 +551,44 @@ en: report_notes: created_msg: Report note successfully created! destroyed_msg: Report note successfully deleted! + today_at: Today at %{time} reports: account: notes: one: "%{count} note" other: "%{count} notes" - reports: - one: "%{count} report" - other: "%{count} reports" + action_log: Audit log action_taken_by: Action taken by + actions: + other_description_html: See more options for controlling the account's behaviour and customize communication to the reported account. + silence_description_html: The profile will be visible only to those who already follow it or manually look it up, severely limiting its reach. Can always be reverted. + suspend_description_html: The profile and all its contents will become inaccessible until it is eventually deleted. Interacting with the account will be impossible. Reversible within 30 days. + actions_description_html: 'If removing the offending content above is insufficient:' + add_to_report: Add more to report are_you_sure: Are you sure? assign_to_self: Assign to me assigned: Assigned moderator by_target_domain: Domain of reported account + category: Category + category_description_html: The reason this account and/or content was reported will be cited in communication with the reported account comment: none: None + comment_description_html: 'To provide more information, %{name} wrote:' created_at: Reported + delete_and_resolve: Delete and resolve forwarded: Forwarded forwarded_to: Forwarded to %{domain} mark_as_resolved: Mark as resolved mark_as_unresolved: Mark as unresolved + no_one_assigned: No one notes: create: Add note create_and_resolve: Resolve with note create_and_unresolve: Reopen with note delete: Delete placeholder: Describe what actions have been taken, or any other related updates... + title: Notes + notes_description_html: View and leave notes to other moderators and your future self reopen: Reopen report report: 'Report #%{id}' reported_account: Reported account @@ -582,11 +596,14 @@ en: resolved: Resolved resolved_msg: Report successfully resolved! status: Status + statuses: Reported content + statuses_description_html: Offending content will be cited in communication with the reported account target_origin: Origin of reported account title: Reports unassign: Unassign unresolved: Unresolved updated_at: Updated + view_profile: View profile rules: add_new: Add rule delete: Delete @@ -688,15 +705,13 @@ en: destroyed_msg: Site upload successfully deleted! statuses: back_to_account: Back to account page + back_to_report: Back to report page batch: - delete: Delete - nsfw_off: Mark as not sensitive - nsfw_on: Mark as sensitive + remove_from_report: Remove from report + report: Report deleted: Deleted - failed_to_execute: Failed to execute media: title: Media - no_media: No media no_status_selected: No posts were changed as none were selected title: Account posts with_media: With media @@ -1457,6 +1472,7 @@ en: formats: default: "%b %d, %Y, %H:%M" month: "%b %Y" + time: "%H:%M" two_factor_authentication: add: Add disable: Disable 2FA @@ -1484,24 +1500,31 @@ en: subject: Please confirm attempted sign in title: Sign in attempt warning: + categories: + spam: Spam + violation: Content violates the following community guidelines explanation: - disable: You can no longer login to your account or use it in any other way, but your profile and other data remains intact. - sensitive: Your uploaded media files and linked media will be treated as sensitive. - silence: You can still use your account but only people who are already following you will see your posts on this server, and you may be excluded from various public listings. However, others may still manually follow you. - suspend: You can no longer use your account, and your profile and other data are no longer accessible. You can still login to request a backup of your data until the data is fully removed, but we will retain some data to prevent you from evading the suspension. - get_in_touch: You can reply to this e-mail to get in touch with the staff of %{instance}. + delete_statuses: Some of your posts have been found to violate one or more community guidelines and have been subsequently removed by the moderators of %{instance}. Future violations may result in harsher punitive actions against your account. + disable: You can no longer use your account, but your profile and other data remains intact. You can request a backup of your data, change account settings or delete your account. + sensitive: From now on, all your uploaded media files will be marked as sensitive and hidden behind a click-through warning. + silence: You can still use your account but only people who are already following you will see your posts on this server, and you may be excluded from various discovery features. However, others may still manually follow you. + suspend: You can no longer use your account, and your profile and other data are no longer accessible. You can still login to request a backup of your data until the data is fully removed in about 30 days, but we will retain some basic data to prevent you from evading the suspension. + get_in_touch: If you believe this is an error, you can reply to this e-mail to get in touch with the staff of %{instance}. + reason: 'Reason:' review_server_policies: Review server policies - statuses: 'Specifically, for:' + statuses: 'Posts that have been found in violation:' subject: + delete_statuses: Your posts on %{acct} have been removed disable: Your account %{acct} has been frozen none: Warning for %{acct} - sensitive: Your account %{acct} posting media has been marked as sensitive + sensitive: Your media files on %{acct} will be marked as sensitive from now on silence: Your account %{acct} has been limited suspend: Your account %{acct} has been suspended title: + delete_statuses: Posts removed disable: Account frozen none: Warning - sensitive: Your media has been marked as sensitive + sensitive: Media hidden silence: Account limited suspend: Account suspended welcome: diff --git a/config/routes.rb b/config/routes.rb index 2357ab6c7..41ba45379 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -231,8 +231,6 @@ Rails.application.routes.draw do post :reopen post :resolve end - - resources :reported_statuses, only: [:create] end resources :report_notes, only: [:create, :destroy] @@ -259,7 +257,13 @@ Rails.application.routes.draw do resource :change_email, only: [:show, :update] resource :reset, only: [:create] resource :action, only: [:new, :create], controller: 'account_actions' - resources :statuses, only: [:index, :show, :create, :update, :destroy] + + resources :statuses, only: [:index] do + collection do + post :batch + end + end + resources :relationships, only: [:index] resource :confirmation, only: [:create] do @@ -514,7 +518,7 @@ Rails.application.routes.draw do resource :action, only: [:create], controller: 'account_actions' end - resources :reports, only: [:index, :show] do + resources :reports, only: [:index, :update, :show] do member do post :assign_to_self post :unassign diff --git a/db/migrate/20211231080958_add_category_to_reports.rb b/db/migrate/20211231080958_add_category_to_reports.rb new file mode 100644 index 000000000..c2b495c63 --- /dev/null +++ b/db/migrate/20211231080958_add_category_to_reports.rb @@ -0,0 +1,21 @@ +require Rails.root.join('lib', 'mastodon', 'migration_helpers') + +class AddCategoryToReports < ActiveRecord::Migration[6.1] + include Mastodon::MigrationHelpers + + disable_ddl_transaction! + + def up + safety_assured { add_column_with_default :reports, :category, :int, default: 0, allow_null: false } + add_column :reports, :action_taken_at, :datetime + add_column :reports, :rule_ids, :bigint, array: true + safety_assured { execute 'UPDATE reports SET action_taken_at = updated_at WHERE action_taken = TRUE' } + end + + def down + safety_assured { execute 'UPDATE reports SET action_taken = TRUE WHERE action_taken_at IS NOT NULL' } + remove_column :reports, :category + remove_column :reports, :action_taken_at + remove_column :reports, :rule_ids + end +end diff --git a/db/migrate/20220115125126_add_report_id_to_account_warnings.rb b/db/migrate/20220115125126_add_report_id_to_account_warnings.rb new file mode 100644 index 000000000..a1c20c99e --- /dev/null +++ b/db/migrate/20220115125126_add_report_id_to_account_warnings.rb @@ -0,0 +1,6 @@ +class AddReportIdToAccountWarnings < ActiveRecord::Migration[6.1] + def change + safety_assured { add_reference :account_warnings, :report, foreign_key: { on_delete: :cascade }, index: false } + add_column :account_warnings, :status_ids, :string, array: true + end +end diff --git a/db/migrate/20220115125341_fix_account_warning_actions.rb b/db/migrate/20220115125341_fix_account_warning_actions.rb new file mode 100644 index 000000000..25cc17fd3 --- /dev/null +++ b/db/migrate/20220115125341_fix_account_warning_actions.rb @@ -0,0 +1,21 @@ +class FixAccountWarningActions < ActiveRecord::Migration[6.1] + disable_ddl_transaction! + + def up + safety_assured do + execute 'UPDATE account_warnings SET action = 1000 WHERE action = 1' + execute 'UPDATE account_warnings SET action = 2000 WHERE action = 2' + execute 'UPDATE account_warnings SET action = 3000 WHERE action = 3' + execute 'UPDATE account_warnings SET action = 4000 WHERE action = 4' + end + end + + def down + safety_assured do + execute 'UPDATE account_warnings SET action = 1 WHERE action = 1000' + execute 'UPDATE account_warnings SET action = 2 WHERE action = 2000' + execute 'UPDATE account_warnings SET action = 3 WHERE action = 3000' + execute 'UPDATE account_warnings SET action = 4 WHERE action = 4000' + end + end +end diff --git a/db/migrate/20220116202951_add_deleted_at_index_on_statuses.rb b/db/migrate/20220116202951_add_deleted_at_index_on_statuses.rb new file mode 100644 index 000000000..dc3362552 --- /dev/null +++ b/db/migrate/20220116202951_add_deleted_at_index_on_statuses.rb @@ -0,0 +1,7 @@ +class AddDeletedAtIndexOnStatuses < ActiveRecord::Migration[6.1] + disable_ddl_transaction! + + def change + add_index :statuses, :deleted_at, where: 'deleted_at IS NOT NULL', algorithm: :concurrently + end +end diff --git a/db/post_migrate/20220109213908_remove_action_taken_from_reports.rb b/db/post_migrate/20220109213908_remove_action_taken_from_reports.rb new file mode 100644 index 000000000..73e6ad6f4 --- /dev/null +++ b/db/post_migrate/20220109213908_remove_action_taken_from_reports.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class RemoveActionTakenFromReports < ActiveRecord::Migration[5.2] + disable_ddl_transaction! + + def change + safety_assured { remove_column :reports, :action_taken, :boolean, default: false, null: false } + end +end diff --git a/db/schema.rb b/db/schema.rb index d1446c652..ed615a1ee 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2021_12_13_040746) do +ActiveRecord::Schema.define(version: 2022_01_16_202951) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -133,6 +133,8 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do t.text "text", default: "", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.bigint "report_id" + t.string "status_ids", array: true t.index ["account_id"], name: "index_account_warnings_on_account_id" t.index ["target_account_id"], name: "index_account_warnings_on_target_account_id" end @@ -747,7 +749,6 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do create_table "reports", force: :cascade do |t| t.bigint "status_ids", default: [], null: false, array: true t.text "comment", default: "", null: false - t.boolean "action_taken", default: false, null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false t.bigint "account_id", null: false @@ -756,6 +757,9 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do t.bigint "assigned_account_id" t.string "uri" t.boolean "forwarded" + t.integer "category", default: 0, null: false + t.datetime "action_taken_at" + t.bigint "rule_ids", array: true t.index ["account_id"], name: "index_reports_on_account_id" t.index ["target_account_id"], name: "index_reports_on_target_account_id" end @@ -851,6 +855,7 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do t.bigint "poll_id" t.datetime "deleted_at" t.index ["account_id", "id", "visibility", "updated_at"], name: "index_statuses_20190820", order: { id: :desc }, where: "(deleted_at IS NULL)" + t.index ["deleted_at"], name: "index_statuses_on_deleted_at", where: "(deleted_at IS NOT NULL)" t.index ["id", "account_id"], name: "index_statuses_local_20190824", order: { id: :desc }, where: "((local OR (uri IS NULL)) AND (deleted_at IS NULL) AND (visibility = 0) AND (reblog_of_id IS NULL) AND ((NOT reply) OR (in_reply_to_account_id = account_id)))" t.index ["id", "account_id"], name: "index_statuses_public_20200119", order: { id: :desc }, where: "((deleted_at IS NULL) AND (visibility = 0) AND (reblog_of_id IS NULL) AND ((NOT reply) OR (in_reply_to_account_id = account_id)))" t.index ["in_reply_to_account_id"], name: "index_statuses_on_in_reply_to_account_id" @@ -1008,6 +1013,7 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do add_foreign_key "account_statuses_cleanup_policies", "accounts", on_delete: :cascade add_foreign_key "account_warnings", "accounts", column: "target_account_id", on_delete: :cascade add_foreign_key "account_warnings", "accounts", on_delete: :nullify + add_foreign_key "account_warnings", "reports", on_delete: :cascade add_foreign_key "accounts", "accounts", column: "moved_to_account_id", on_delete: :nullify add_foreign_key "admin_action_logs", "accounts", on_delete: :cascade add_foreign_key "announcement_mutes", "accounts", on_delete: :cascade diff --git a/spec/controllers/admin/report_notes_controller_spec.rb b/spec/controllers/admin/report_notes_controller_spec.rb index ec5872c7d..c0013f41a 100644 --- a/spec/controllers/admin/report_notes_controller_spec.rb +++ b/spec/controllers/admin/report_notes_controller_spec.rb @@ -12,11 +12,11 @@ describe Admin::ReportNotesController do describe 'POST #create' do subject { post :create, params: params } - let(:report) { Fabricate(:report, action_taken: action_taken, action_taken_by_account_id: account_id) } + let(:report) { Fabricate(:report, action_taken_at: action_taken, action_taken_by_account_id: account_id) } context 'when parameter is valid' do context 'when report is unsolved' do - let(:action_taken) { false } + let(:action_taken) { nil } let(:account_id) { nil } context 'when create_and_resolve flag is on' do @@ -41,7 +41,7 @@ describe Admin::ReportNotesController do end context 'when report is resolved' do - let(:action_taken) { true } + let(:action_taken) { Time.now.utc } let(:account_id) { user.account.id } context 'when create_and_unresolve flag is on' do @@ -68,7 +68,7 @@ describe Admin::ReportNotesController do context 'when parameter is invalid' do let(:params) { { report_note: { content: '', report_id: report.id } } } - let(:action_taken) { false } + let(:action_taken) { nil } let(:account_id) { nil } it 'renders admin/reports/show' do diff --git a/spec/controllers/admin/reported_statuses_controller_spec.rb b/spec/controllers/admin/reported_statuses_controller_spec.rb deleted file mode 100644 index 2a1598123..000000000 --- a/spec/controllers/admin/reported_statuses_controller_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -require 'rails_helper' - -describe Admin::ReportedStatusesController do - render_views - - let(:user) { Fabricate(:user, admin: true) } - let(:report) { Fabricate(:report, status_ids: [status.id]) } - let(:status) { Fabricate(:status) } - - before do - sign_in user, scope: :user - end - - describe 'POST #create' do - subject do - -> { post :create, params: { :report_id => report, action => '', :form_status_batch => { status_ids: status_ids } } } - end - - let(:action) { 'nsfw_on' } - let(:status_ids) { [status.id] } - let(:status) { Fabricate(:status, sensitive: !sensitive) } - let(:sensitive) { true } - let!(:media_attachment) { Fabricate(:media_attachment, status: status) } - - context 'when action is nsfw_on' do - it 'updates sensitive column' do - is_expected.to change { - status.reload.sensitive - }.from(false).to(true) - end - end - - context 'when action is nsfw_off' do - let(:action) { 'nsfw_off' } - let(:sensitive) { false } - - it 'updates sensitive column' do - is_expected.to change { - status.reload.sensitive - }.from(true).to(false) - end - end - - context 'when action is delete' do - let(:action) { 'delete' } - - it 'removes a status' do - allow(RemovalWorker).to receive(:perform_async) - subject.call - expect(RemovalWorker).to have_received(:perform_async).with(status_ids.first, immediate: true) - end - end - - it 'redirects to report page' do - subject.call - expect(response).to redirect_to(admin_report_path(report)) - end - end -end diff --git a/spec/controllers/admin/reports_controller_spec.rb b/spec/controllers/admin/reports_controller_spec.rb index 49d3e9707..d421f0739 100644 --- a/spec/controllers/admin/reports_controller_spec.rb +++ b/spec/controllers/admin/reports_controller_spec.rb @@ -10,8 +10,8 @@ describe Admin::ReportsController do describe 'GET #index' do it 'returns http success with no filters' do - specified = Fabricate(:report, action_taken: false) - Fabricate(:report, action_taken: true) + specified = Fabricate(:report, action_taken_at: nil) + Fabricate(:report, action_taken_at: Time.now.utc) get :index @@ -22,10 +22,10 @@ describe Admin::ReportsController do end it 'returns http success with resolved filter' do - specified = Fabricate(:report, action_taken: true) - Fabricate(:report, action_taken: false) + specified = Fabricate(:report, action_taken_at: Time.now.utc) + Fabricate(:report, action_taken_at: nil) - get :index, params: { resolved: 1 } + get :index, params: { resolved: '1' } reports = assigns(:reports).to_a expect(reports.size).to eq 1 @@ -54,15 +54,7 @@ describe Admin::ReportsController do expect(response).to redirect_to(admin_reports_path) report.reload expect(report.action_taken_by_account).to eq user.account - expect(report.action_taken).to eq true - end - - it 'sets trust level when the report is an antispam one' do - report = Fabricate(:report, account: Account.representative) - - put :resolve, params: { id: report } - report.reload - expect(report.target_account.trust_level).to eq Account::TRUST_LEVELS[:trusted] + expect(report.action_taken?).to eq true end end @@ -74,7 +66,7 @@ describe Admin::ReportsController do expect(response).to redirect_to(admin_report_path(report)) report.reload expect(report.action_taken_by_account).to eq nil - expect(report.action_taken).to eq false + expect(report.action_taken?).to eq false end end diff --git a/spec/controllers/admin/statuses_controller_spec.rb b/spec/controllers/admin/statuses_controller_spec.rb index e388caae2..de32fd18e 100644 --- a/spec/controllers/admin/statuses_controller_spec.rb +++ b/spec/controllers/admin/statuses_controller_spec.rb @@ -18,65 +18,46 @@ describe Admin::StatusesController do end describe 'GET #index' do - it 'returns http success with no media' do - get :index, params: { account_id: account.id } + context do + before do + get :index, params: { account_id: account.id } + end - statuses = assigns(:statuses).to_a - expect(statuses.size).to eq 4 - expect(statuses.first.id).to eq last_status.id - expect(response).to have_http_status(200) + it 'returns http success' do + expect(response).to have_http_status(200) + end end - it 'returns http success with media' do - get :index, params: { account_id: account.id, media: true } + context 'filtering by media' do + before do + get :index, params: { account_id: account.id, media: '1' } + end - statuses = assigns(:statuses).to_a - expect(statuses.size).to eq 2 - expect(statuses.first.id).to eq last_media_attached_status.id - expect(response).to have_http_status(200) + it 'returns http success' do + expect(response).to have_http_status(200) + end end end - describe 'POST #create' do - subject do - -> { post :create, params: { :account_id => account.id, action => '', :form_status_batch => { status_ids: status_ids } } } + describe 'POST #batch' do + before do + post :batch, params: { :account_id => account.id, action => '', :admin_status_batch_action => { status_ids: status_ids } } end - let(:action) { 'nsfw_on' } let(:status_ids) { [media_attached_status.id] } - context 'when action is nsfw_on' do - it 'updates sensitive column' do - is_expected.to change { - media_attached_status.reload.sensitive - }.from(false).to(true) - end - end + context 'when action is report' do + let(:action) { 'report' } - context 'when action is nsfw_off' do - let(:action) { 'nsfw_off' } - let(:sensitive) { false } - - it 'updates sensitive column' do - is_expected.to change { - media_attached_status.reload.sensitive - }.from(true).to(false) + it 'creates a report' do + report = Report.last + expect(report.target_account_id).to eq account.id + expect(report.status_ids).to eq status_ids end - end - - context 'when action is delete' do - let(:action) { 'delete' } - it 'removes a status' do - allow(RemovalWorker).to receive(:perform_async) - subject.call - expect(RemovalWorker).to have_received(:perform_async).with(status_ids.first, immediate: true) + it 'redirects to report page' do + expect(response).to redirect_to(admin_report_path(Report.last.id)) end end - - it 'redirects to account statuses page' do - subject.call - expect(response).to redirect_to(admin_account_statuses_path(account.id)) - end end end diff --git a/spec/fabricators/report_fabricator.rb b/spec/fabricators/report_fabricator.rb index 5bd4a63f0..2c7101e09 100644 --- a/spec/fabricators/report_fabricator.rb +++ b/spec/fabricators/report_fabricator.rb @@ -1,6 +1,6 @@ Fabricator(:report) do account - target_account { Fabricate(:account) } - comment "You nasty" - action_taken false + target_account { Fabricate(:account) } + comment "You nasty" + action_taken_at nil end diff --git a/spec/mailers/previews/user_mailer_preview.rb b/spec/mailers/previews/user_mailer_preview.rb index 6d87fd706..69b9b971e 100644 --- a/spec/mailers/previews/user_mailer_preview.rb +++ b/spec/mailers/previews/user_mailer_preview.rb @@ -79,7 +79,7 @@ class UserMailerPreview < ActionMailer::Preview # Preview this email at http://localhost:3000/rails/mailers/user_mailer/warning def warning - UserMailer.warning(User.first, AccountWarning.new(text: '', action: :silence), [Status.first.id]) + UserMailer.warning(User.first, AccountWarning.last) end # Preview this email at http://localhost:3000/rails/mailers/user_mailer/sign_in_token diff --git a/spec/models/form/status_batch_spec.rb b/spec/models/form/status_batch_spec.rb deleted file mode 100644 index 68d84a737..000000000 --- a/spec/models/form/status_batch_spec.rb +++ /dev/null @@ -1,52 +0,0 @@ -require 'rails_helper' - -describe Form::StatusBatch do - let(:form) { Form::StatusBatch.new(action: action, status_ids: status_ids) } - let(:status) { Fabricate(:status) } - - describe 'with nsfw action' do - let(:status_ids) { [status.id, nonsensitive_status.id, sensitive_status.id] } - let(:nonsensitive_status) { Fabricate(:status, sensitive: false) } - let(:sensitive_status) { Fabricate(:status, sensitive: true) } - let!(:shown_media_attachment) { Fabricate(:media_attachment, status: nonsensitive_status) } - let!(:hidden_media_attachment) { Fabricate(:media_attachment, status: sensitive_status) } - - context 'nsfw_on' do - let(:action) { 'nsfw_on' } - - it { expect(form.save).to be true } - it { expect { form.save }.to change { nonsensitive_status.reload.sensitive }.from(false).to(true) } - it { expect { form.save }.not_to change { sensitive_status.reload.sensitive } } - it { expect { form.save }.not_to change { status.reload.sensitive } } - end - - context 'nsfw_off' do - let(:action) { 'nsfw_off' } - - it { expect(form.save).to be true } - it { expect { form.save }.to change { sensitive_status.reload.sensitive }.from(true).to(false) } - it { expect { form.save }.not_to change { nonsensitive_status.reload.sensitive } } - it { expect { form.save }.not_to change { status.reload.sensitive } } - end - end - - describe 'with delete action' do - let(:status_ids) { [status.id] } - let(:action) { 'delete' } - let!(:another_status) { Fabricate(:status) } - - before do - allow(RemovalWorker).to receive(:perform_async) - end - - it 'call RemovalWorker' do - form.save - expect(RemovalWorker).to have_received(:perform_async).with(status.id, immediate: true) - end - - it 'do not call RemovalWorker' do - form.save - expect(RemovalWorker).not_to have_received(:perform_async).with(another_status.id, immediate: true) - end - end -end diff --git a/spec/models/report_spec.rb b/spec/models/report_spec.rb index 312954c9d..3d29c0219 100644 --- a/spec/models/report_spec.rb +++ b/spec/models/report_spec.rb @@ -54,7 +54,7 @@ describe Report do end describe 'resolve!' do - subject(:report) { Fabricate(:report, action_taken: false, action_taken_by_account_id: nil) } + subject(:report) { Fabricate(:report, action_taken_at: nil, action_taken_by_account_id: nil) } let(:acting_account) { Fabricate(:account) } @@ -63,12 +63,13 @@ describe Report do end it 'records action taken' do - expect(report).to have_attributes(action_taken: true, action_taken_by_account_id: acting_account.id) + expect(report.action_taken?).to be true + expect(report.action_taken_by_account_id).to eq acting_account.id end end describe 'unresolve!' do - subject(:report) { Fabricate(:report, action_taken: true, action_taken_by_account_id: acting_account.id) } + subject(:report) { Fabricate(:report, action_taken_at: Time.now.utc, action_taken_by_account_id: acting_account.id) } let(:acting_account) { Fabricate(:account) } @@ -77,23 +78,24 @@ describe Report do end it 'unresolves' do - expect(report).to have_attributes(action_taken: false, action_taken_by_account_id: nil) + expect(report.action_taken?).to be false + expect(report.action_taken_by_account_id).to be_nil end end describe 'unresolved?' do subject { report.unresolved? } - let(:report) { Fabricate(:report, action_taken: action_taken) } + let(:report) { Fabricate(:report, action_taken_at: action_taken) } context 'if action is taken' do - let(:action_taken) { true } + let(:action_taken) { Time.now.utc } it { is_expected.to be false } end context 'if action not is taken' do - let(:action_taken) { false } + let(:action_taken) { nil } it { is_expected.to be true } end -- cgit From 8a07ecd3773b1beae607bfe1edde62104654d64f Mon Sep 17 00:00:00 2001 From: Claire Date: Sun, 23 Jan 2022 15:46:30 +0100 Subject: Remove leftover database columns from Devise::Models::Rememberable (#17191) * Remove leftover database columns from Devise::Models::Rememberable * Update fix-duplication maintenance script * Improve errors/warnings in the fix-duplicates maintenance script --- app/models/user.rb | 12 ++++---- ...8183010_remove_index_users_on_remember_token.rb | 13 +++++++++ ...0220118183123_remove_rememberable_from_users.rb | 8 +++++ db/schema.rb | 5 +--- lib/mastodon/maintenance_cli.rb | 34 ++++++++++++++-------- 5 files changed, 51 insertions(+), 21 deletions(-) create mode 100644 db/post_migrate/20220118183010_remove_index_users_on_remember_token.rb create mode 100644 db/post_migrate/20220118183123_remove_rememberable_from_users.rb (limited to 'db/post_migrate') diff --git a/app/models/user.rb b/app/models/user.rb index 49dcb8156..c2bc5b590 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -10,7 +10,6 @@ # encrypted_password :string default(""), not null # reset_password_token :string # reset_password_sent_at :datetime -# remember_created_at :datetime # sign_in_count :integer default(0), not null # current_sign_in_at :datetime # last_sign_in_at :datetime @@ -32,7 +31,6 @@ # disabled :boolean default(FALSE), not null # moderator :boolean default(FALSE), not null # invite_id :bigint(8) -# remember_token :string # chosen_languages :string is an Array # created_by_application_id :bigint(8) # approved :boolean default(TRUE), not null @@ -44,6 +42,11 @@ # class User < ApplicationRecord + self.ignored_columns = %w( + remember_created_at + remember_token + ) + include Settings::Extend include UserRoles @@ -329,10 +332,9 @@ class User < ApplicationRecord end def reset_password! - # First, change password to something random, invalidate the remember-me token, - # and deactivate all sessions + # First, change password to something random and deactivate all sessions transaction do - update(remember_token: nil, remember_created_at: nil, password: SecureRandom.hex) + update(password: SecureRandom.hex) session_activations.destroy_all end diff --git a/db/post_migrate/20220118183010_remove_index_users_on_remember_token.rb b/db/post_migrate/20220118183010_remove_index_users_on_remember_token.rb new file mode 100644 index 000000000..367d489de --- /dev/null +++ b/db/post_migrate/20220118183010_remove_index_users_on_remember_token.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class RemoveIndexUsersOnRememberToken < ActiveRecord::Migration[6.1] + disable_ddl_transaction! + + def up + remove_index :users, name: :index_users_on_remember_token + end + + def down + add_index :users, :remember_token, algorithm: :concurrently, unique: true, name: :index_users_on_remember_token + end +end diff --git a/db/post_migrate/20220118183123_remove_rememberable_from_users.rb b/db/post_migrate/20220118183123_remove_rememberable_from_users.rb new file mode 100644 index 000000000..1e274c6e0 --- /dev/null +++ b/db/post_migrate/20220118183123_remove_rememberable_from_users.rb @@ -0,0 +1,8 @@ +class RemoveRememberableFromUsers < ActiveRecord::Migration[6.1] + def change + safety_assured do + remove_column :users, :remember_token, :string, null: true, default: nil + remove_column :users, :remember_created_at, :datetime, null: true, default: nil + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 4e0f76dcd..fd4633d69 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2022_01_16_202951) do +ActiveRecord::Schema.define(version: 2022_01_18_183123) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -937,7 +937,6 @@ ActiveRecord::Schema.define(version: 2022_01_16_202951) do t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" - t.datetime "remember_created_at" t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" @@ -959,7 +958,6 @@ ActiveRecord::Schema.define(version: 2022_01_16_202951) do t.boolean "disabled", default: false, null: false t.boolean "moderator", default: false, null: false t.bigint "invite_id" - t.string "remember_token" t.string "chosen_languages", array: true t.bigint "created_by_application_id" t.boolean "approved", default: true, null: false @@ -972,7 +970,6 @@ ActiveRecord::Schema.define(version: 2022_01_16_202951) do t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["created_by_application_id"], name: "index_users_on_created_by_application_id" t.index ["email"], name: "index_users_on_email", unique: true - t.index ["remember_token"], name: "index_users_on_remember_token", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end diff --git a/lib/mastodon/maintenance_cli.rb b/lib/mastodon/maintenance_cli.rb index 47e2d78bb..00861df77 100644 --- a/lib/mastodon/maintenance_cli.rb +++ b/lib/mastodon/maintenance_cli.rb @@ -14,7 +14,7 @@ module Mastodon end MIN_SUPPORTED_VERSION = 2019_10_01_213028 - MAX_SUPPORTED_VERSION = 2021_05_26_193025 + MAX_SUPPORTED_VERSION = 2022_01_18_183123 # Stubs to enjoy ActiveRecord queries while not depending on a particular # version of the code/database @@ -84,13 +84,14 @@ module Mastodon owned_classes = [ Status, StatusPin, MediaAttachment, Poll, Report, Tombstone, Favourite, - Follow, FollowRequest, Block, Mute, AccountIdentityProof, + Follow, FollowRequest, Block, Mute, AccountModerationNote, AccountPin, AccountStat, ListAccount, PollVote, Mention ] owned_classes << AccountDeletionRequest if ActiveRecord::Base.connection.table_exists?(:account_deletion_requests) owned_classes << AccountNote if ActiveRecord::Base.connection.table_exists?(:account_notes) owned_classes << FollowRecommendationSuppression if ActiveRecord::Base.connection.table_exists?(:follow_recommendation_suppressions) + owned_classes << AccountIdentityProof if ActiveRecord::Base.connection.table_exists?(:account_identity_proofs) owned_classes.each do |klass| klass.where(account_id: other_account.id).find_each do |record| @@ -139,17 +140,22 @@ module Mastodon @prompt = TTY::Prompt.new if ActiveRecord::Migrator.current_version < MIN_SUPPORTED_VERSION - @prompt.warn 'Your version of the database schema is too old and is not supported by this script.' - @prompt.warn 'Please update to at least Mastodon 3.0.0 before running this script.' + @prompt.error 'Your version of the database schema is too old and is not supported by this script.' + @prompt.error 'Please update to at least Mastodon 3.0.0 before running this script.' exit(1) elsif ActiveRecord::Migrator.current_version > MAX_SUPPORTED_VERSION @prompt.warn 'Your version of the database schema is more recent than this script, this may cause unexpected errors.' - exit(1) unless @prompt.yes?('Continue anyway?') + exit(1) unless @prompt.yes?('Continue anyway? (Yes/No)') + end + + if Sidekiq::ProcessSet.new.any? + @prompt.error 'It seems Sidekiq is running. All Mastodon processes need to be stopped when using this script.' + exit(1) end @prompt.warn 'This task will take a long time to run and is potentially destructive.' @prompt.warn 'Please make sure to stop Mastodon and have a backup.' - exit(1) unless @prompt.yes?('Continue?') + exit(1) unless @prompt.yes?('Continue? (Yes/No)') deduplicate_users! deduplicate_account_domain_blocks! @@ -236,12 +242,14 @@ module Mastodon end end - ActiveRecord::Base.connection.select_all("SELECT string_agg(id::text, ',') AS ids FROM users WHERE remember_token IS NOT NULL GROUP BY remember_token HAVING count(*) > 1").each do |row| - users = User.where(id: row['ids'].split(',')).sort_by(&:updated_at).reverse.drop(1) - @prompt.warn "Unsetting remember token for those accounts: #{users.map(&:account).map(&:acct).join(', ')}" + if ActiveRecord::Migrator.current_version < 20220118183010 + ActiveRecord::Base.connection.select_all("SELECT string_agg(id::text, ',') AS ids FROM users WHERE remember_token IS NOT NULL GROUP BY remember_token HAVING count(*) > 1").each do |row| + users = User.where(id: row['ids'].split(',')).sort_by(&:updated_at).reverse.drop(1) + @prompt.warn "Unsetting remember token for those accounts: #{users.map(&:account).map(&:acct).join(', ')}" - users.each do |user| - user.update!(remember_token: nil) + users.each do |user| + user.update!(remember_token: nil) + end end end @@ -257,7 +265,7 @@ module Mastodon @prompt.say 'Restoring users indexes…' ActiveRecord::Base.connection.add_index :users, ['confirmation_token'], name: 'index_users_on_confirmation_token', unique: true ActiveRecord::Base.connection.add_index :users, ['email'], name: 'index_users_on_email', unique: true - ActiveRecord::Base.connection.add_index :users, ['remember_token'], name: 'index_users_on_remember_token', unique: true + ActiveRecord::Base.connection.add_index :users, ['remember_token'], name: 'index_users_on_remember_token', unique: true if ActiveRecord::Migrator.current_version < 20220118183010 ActiveRecord::Base.connection.add_index :users, ['reset_password_token'], name: 'index_users_on_reset_password_token', unique: true end @@ -274,6 +282,8 @@ module Mastodon end def deduplicate_account_identity_proofs! + return unless ActiveRecord::Base.connection.table_exists?(:account_identity_proofs) + remove_index_if_exists!(:account_identity_proofs, 'index_account_proofs_on_account_and_provider_and_username') @prompt.say 'Removing duplicate account identity proofs…' -- cgit