From f5639e1cbe0eb9de88a8f4b1c82833fdcffe62b8 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 28 Jan 2022 14:24:37 +0100 Subject: [PATCH 1/2] Change public profile pages to be disabled for unconfirmed users (#17385) Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API. --- .../concerns/account_owned_concern.rb | 5 ++++ .../account_controller_concern_spec.rb | 23 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/app/controllers/concerns/account_owned_concern.rb b/app/controllers/concerns/account_owned_concern.rb index 62e379846..25149d03f 100644 --- a/app/controllers/concerns/account_owned_concern.rb +++ b/app/controllers/concerns/account_owned_concern.rb @@ -8,6 +8,7 @@ module AccountOwnedConcern before_action :set_account, if: :account_required? before_action :check_account_approval, if: :account_required? before_action :check_account_suspension, if: :account_required? + before_action :check_account_confirmation, if: :account_required? end private @@ -28,6 +29,10 @@ module AccountOwnedConcern not_found if @account.local? && @account.user_pending? end + def check_account_confirmation + not_found if @account.local? && !@account.user_confirmed? + end + def check_account_suspension if @account.suspended_permanently? permanent_suspension_response diff --git a/spec/controllers/concerns/account_controller_concern_spec.rb b/spec/controllers/concerns/account_controller_concern_spec.rb index 835645414..99975f4c4 100644 --- a/spec/controllers/concerns/account_controller_concern_spec.rb +++ b/spec/controllers/concerns/account_controller_concern_spec.rb @@ -11,10 +11,33 @@ describe ApplicationController, type: :controller do end end + around do |example| + registrations_mode = Setting.registrations_mode + example.run + Setting.registrations_mode = registrations_mode + end + before do routes.draw { get 'success' => 'anonymous#success' } end + context 'when account is unconfirmed' do + it 'returns http not found' do + account = Fabricate(:user, confirmed_at: nil).account + get 'success', params: { account_username: account.username } + expect(response).to have_http_status(404) + end + end + + context 'when account is not approved' do + it 'returns http not found' do + Setting.registrations_mode = 'approved' + account = Fabricate(:user, approved: false).account + get 'success', params: { account_username: account.username } + expect(response).to have_http_status(404) + end + end + context 'when account is suspended' do it 'returns http gone' do account = Fabricate(:account, suspended: true) From ac583fce215ff5951b06d3a3da6df397c300df40 Mon Sep 17 00:00:00 2001 From: Claire Date: Sun, 30 Jan 2022 21:38:54 +0100 Subject: [PATCH 2/2] Fix some old migration scripts (#17394) * Fix some old migration scripts * Fix edge case in two-step migration from older releases --- ...3_remove_faux_remote_account_duplicates.rb | 40 +++++++++++++++++++ .../20190715164535_add_instance_actor.rb | 5 +++ .../20191007013357_update_pt_locales.rb | 4 ++ db/views/follow_recommendations_v01.sql | 4 +- db/views/follow_recommendations_v02.sql | 4 +- 5 files changed, 53 insertions(+), 4 deletions(-) diff --git a/db/migrate/20181026034033_remove_faux_remote_account_duplicates.rb b/db/migrate/20181026034033_remove_faux_remote_account_duplicates.rb index bd4f4c2a3..40537e9c9 100644 --- a/db/migrate/20181026034033_remove_faux_remote_account_duplicates.rb +++ b/db/migrate/20181026034033_remove_faux_remote_account_duplicates.rb @@ -1,6 +1,46 @@ class RemoveFauxRemoteAccountDuplicates < ActiveRecord::Migration[5.2] disable_ddl_transaction! + class StreamEntry < ApplicationRecord + # Dummy class, to make migration possible across version changes + belongs_to :account, inverse_of: :stream_entries + end + + class Status < ApplicationRecord + # Dummy class, to make migration possible across version changes + belongs_to :account, inverse_of: :statuses + has_many :favourites, inverse_of: :status, dependent: :destroy + has_many :mentions, dependent: :destroy, inverse_of: :status + end + + class Favourite < ApplicationRecord + # Dummy class, to make migration possible across version changes + belongs_to :account, inverse_of: :favourites + belongs_to :status, inverse_of: :favourites + end + + class Mention < ApplicationRecord + # Dummy class, to make migration possible across version changes + belongs_to :account, inverse_of: :mentions + belongs_to :status + end + + class Notification < ApplicationRecord + # Dummy class, to make migration possible across version changes + belongs_to :account, optional: true + belongs_to :from_account, class_name: 'Account', optional: true + belongs_to :activity, polymorphic: true, optional: true + end + + class Account < ApplicationRecord + # Dummy class, to make migration possible across version changes + has_many :stream_entries, inverse_of: :account, dependent: :destroy + has_many :statuses, inverse_of: :account, dependent: :destroy + has_many :favourites, inverse_of: :account, dependent: :destroy + has_many :mentions, inverse_of: :account, dependent: :destroy + has_many :notifications, inverse_of: :account, dependent: :destroy + end + def up local_domain = Rails.configuration.x.local_domain diff --git a/db/migrate/20190715164535_add_instance_actor.rb b/db/migrate/20190715164535_add_instance_actor.rb index a26d54949..8c0301d69 100644 --- a/db/migrate/20190715164535_add_instance_actor.rb +++ b/db/migrate/20190715164535_add_instance_actor.rb @@ -1,4 +1,9 @@ class AddInstanceActor < ActiveRecord::Migration[5.2] + class Account < ApplicationRecord + # Dummy class, to make migration possible across version changes + validates :username, uniqueness: { scope: :domain, case_sensitive: false } + end + def up Account.create!(id: -99, actor_type: 'Application', locked: true, username: Rails.configuration.x.local_domain) end diff --git a/db/migrate/20191007013357_update_pt_locales.rb b/db/migrate/20191007013357_update_pt_locales.rb index b7288d38a..9e8f8b424 100644 --- a/db/migrate/20191007013357_update_pt_locales.rb +++ b/db/migrate/20191007013357_update_pt_locales.rb @@ -1,4 +1,8 @@ class UpdatePtLocales < ActiveRecord::Migration[5.2] + class User < ApplicationRecord + # Dummy class, to make migration possible across version changes + end + disable_ddl_transaction! def up diff --git a/db/views/follow_recommendations_v01.sql b/db/views/follow_recommendations_v01.sql index 799abeaee..8295bbc0f 100644 --- a/db/views/follow_recommendations_v01.sql +++ b/db/views/follow_recommendations_v01.sql @@ -20,7 +20,7 @@ FROM ( HAVING count(follows.id) >= 5 UNION ALL SELECT accounts.id AS account_id, - sum(reblogs_count + favourites_count) / (1.0 + sum(reblogs_count + favourites_count)) AS rank, + sum(status_stats.reblogs_count + status_stats.favourites_count) / (1.0 + sum(status_stats.reblogs_count + status_stats.favourites_count)) AS rank, 'most_interactions' AS reason FROM status_stats INNER JOIN statuses ON statuses.id = status_stats.status_id @@ -32,7 +32,7 @@ FROM ( AND accounts.locked = 'f' AND accounts.discoverable = 't' GROUP BY accounts.id - HAVING sum(reblogs_count + favourites_count) >= 5 + HAVING sum(status_stats.reblogs_count + status_stats.favourites_count) >= 5 ) t0 GROUP BY account_id ORDER BY rank DESC diff --git a/db/views/follow_recommendations_v02.sql b/db/views/follow_recommendations_v02.sql index 673c5cc85..f67c6eecf 100644 --- a/db/views/follow_recommendations_v02.sql +++ b/db/views/follow_recommendations_v02.sql @@ -18,7 +18,7 @@ FROM ( HAVING count(follows.id) >= 5 UNION ALL SELECT account_summaries.account_id AS account_id, - sum(reblogs_count + favourites_count) / (1.0 + sum(reblogs_count + favourites_count)) AS rank, + sum(status_stats.reblogs_count + status_stats.favourites_count) / (1.0 + sum(status_stats.reblogs_count + status_stats.favourites_count)) AS rank, 'most_interactions' AS reason FROM status_stats INNER JOIN statuses ON statuses.id = status_stats.status_id @@ -28,7 +28,7 @@ FROM ( AND account_summaries.sensitive = 'f' AND follow_recommendation_suppressions.id IS NULL GROUP BY account_summaries.account_id - HAVING sum(reblogs_count + favourites_count) >= 5 + HAVING sum(status_stats.reblogs_count + status_stats.favourites_count) >= 5 ) t0 GROUP BY account_id ORDER BY rank DESC