From c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 28 Aug 2022 03:31:54 +0200 Subject: [PATCH] Add admin API for managing canonical e-mail blocks (#19067) --- .../canonical_email_blocks_controller.rb | 99 +++++++++++++++++++ app/helpers/admin/action_logs_helper.rb | 8 +- app/models/admin/action_log_filter.rb | 5 + app/models/canonical_email_block.rb | 17 ++-- app/policies/canonical_email_block_policy.rb | 23 +++++ .../admin/canonical_email_block_serializer.rb | 9 ++ config/locales/en.yml | 6 ++ config/routes.rb | 6 ++ ..._change_canonical_email_blocks_nullable.rb | 5 + db/schema.rb | 4 +- lib/mastodon/canonical_email_blocks_cli.rb | 31 ++---- 11 files changed, 177 insertions(+), 36 deletions(-) create mode 100644 app/controllers/api/v1/admin/canonical_email_blocks_controller.rb create mode 100644 app/policies/canonical_email_block_policy.rb create mode 100644 app/serializers/rest/admin/canonical_email_block_serializer.rb create mode 100644 db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb diff --git a/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb new file mode 100644 index 00000000000..bf8a6a1311e --- /dev/null +++ b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb @@ -0,0 +1,99 @@ +# frozen_string_literal: true + +class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController + include Authorization + include AccountableConcern + + LIMIT = 100 + + before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:canonical_email_blocks' }, only: [:index, :show, :test] + before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:canonical_email_blocks' }, except: [:index, :show, :test] + + before_action :set_canonical_email_blocks, only: :index + before_action :set_canonical_email_blocks_from_test, only: [:test] + before_action :set_canonical_email_block, only: [:show, :destroy] + + after_action :verify_authorized + after_action :insert_pagination_headers, only: :index + + PAGINATION_PARAMS = %i(limit).freeze + + def index + authorize :canonical_email_block, :index? + render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def show + authorize @canonical_email_block, :show? + render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def test + authorize :canonical_email_block, :test? + render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def create + authorize :canonical_email_block, :create? + + @canonical_email_block = CanonicalEmailBlock.create!(resource_params) + log_action :create, @canonical_email_block + + render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + def destroy + authorize @canonical_email_block, :destroy? + + @canonical_email_block.destroy! + log_action :destroy, @canonical_email_block + + render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer + end + + private + + def resource_params + params.permit(:canonical_email_hash, :email) + end + + def set_canonical_email_blocks + @canonical_email_blocks = CanonicalEmailBlock.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id)) + end + + def set_canonical_email_blocks_from_test + @canonical_email_blocks = CanonicalEmailBlock.matching_email(params[:email]) + end + + def set_canonical_email_block + @canonical_email_block = CanonicalEmailBlock.find(params[:id]) + end + + def insert_pagination_headers + set_pagination_headers(next_path, prev_path) + end + + def next_path + api_v1_admin_canonical_email_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue? + end + + def prev_path + api_v1_admin_canonical_email_blocks_url(pagination_params(min_id: pagination_since_id)) unless @canonical_email_blocks.empty? + end + + def pagination_max_id + @canonical_email_blocks.last.id + end + + def pagination_since_id + @canonical_email_blocks.first.id + end + + def records_continue? + @canonical_email_blocks.size == limit_param(LIMIT) + end + + def pagination_params(core_params) + params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params) + end +end diff --git a/app/helpers/admin/action_logs_helper.rb b/app/helpers/admin/action_logs_helper.rb index 3e9fe17f460..fd1977ac53f 100644 --- a/app/helpers/admin/action_logs_helper.rb +++ b/app/helpers/admin/action_logs_helper.rb @@ -9,8 +9,6 @@ module Admin::ActionLogsHelper link_to log.human_identifier, admin_account_path(log.route_param) when 'UserRole' link_to log.human_identifier, admin_roles_path(log.target_id) - when 'CustomEmoji' - log.human_identifier when 'Report' link_to "##{log.human_identifier}", admin_report_path(log.target_id) when 'DomainBlock', 'DomainAllow', 'EmailDomainBlock', 'UnavailableDomain' @@ -21,10 +19,10 @@ module Admin::ActionLogsHelper link_to log.human_identifier, admin_account_path(log.target_id) when 'Announcement' link_to truncate(log.human_identifier), edit_admin_announcement_path(log.target_id) - when 'IpBlock' - log.human_identifier - when 'Instance' + when 'IpBlock', 'Instance', 'CustomEmoji' log.human_identifier + when 'CanonicalEmailBlock' + content_tag(:samp, log.human_identifier[0...7], title: log.human_identifier) when 'Appeal' link_to log.human_identifier, disputes_strike_path(log.route_param) end diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index 6382cd782b6..c7a7e1a4c34 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -22,18 +22,22 @@ class Admin::ActionLogFilter create_domain_allow: { target_type: 'DomainAllow', action: 'create' }.freeze, create_domain_block: { target_type: 'DomainBlock', action: 'create' }.freeze, create_email_domain_block: { target_type: 'EmailDomainBlock', action: 'create' }.freeze, + create_ip_block: { target_type: 'IpBlock', action: 'create' }.freeze, create_unavailable_domain: { target_type: 'UnavailableDomain', action: 'create' }.freeze, create_user_role: { target_type: 'UserRole', action: 'create' }.freeze, + create_canonical_email_block: { target_type: 'CanonicalEmailBlock', action: 'create' }.freeze, demote_user: { target_type: 'User', action: 'demote' }.freeze, destroy_announcement: { target_type: 'Announcement', action: 'destroy' }.freeze, destroy_custom_emoji: { target_type: 'CustomEmoji', action: 'destroy' }.freeze, destroy_domain_allow: { target_type: 'DomainAllow', action: 'destroy' }.freeze, destroy_domain_block: { target_type: 'DomainBlock', action: 'destroy' }.freeze, + destroy_ip_block: { target_type: 'IpBlock', action: 'destroy' }.freeze, destroy_email_domain_block: { target_type: 'EmailDomainBlock', action: 'destroy' }.freeze, destroy_instance: { target_type: 'Instance', action: 'destroy' }.freeze, destroy_unavailable_domain: { target_type: 'UnavailableDomain', action: 'destroy' }.freeze, destroy_status: { target_type: 'Status', action: 'destroy' }.freeze, destroy_user_role: { target_type: 'UserRole', action: 'destroy' }.freeze, + destroy_canonical_email_block: { target_type: 'CanonicalEmailBlock', action: 'destroy' }.freeze, disable_2fa_user: { target_type: 'User', action: 'disable' }.freeze, disable_custom_emoji: { target_type: 'CustomEmoji', action: 'disable' }.freeze, disable_user: { target_type: 'User', action: 'disable' }.freeze, @@ -56,6 +60,7 @@ class Admin::ActionLogFilter update_custom_emoji: { target_type: 'CustomEmoji', action: 'update' }.freeze, update_status: { target_type: 'Status', action: 'update' }.freeze, update_user_role: { target_type: 'UserRole', action: 'update' }.freeze, + update_ip_block: { target_type: 'IpBlock', action: 'update' }.freeze, unblock_email_account: { target_type: 'Account', action: 'unblock_email' }.freeze, }.freeze diff --git a/app/models/canonical_email_block.rb b/app/models/canonical_email_block.rb index 94781386c96..1eb69ac67a5 100644 --- a/app/models/canonical_email_block.rb +++ b/app/models/canonical_email_block.rb @@ -5,27 +5,30 @@ # # id :bigint(8) not null, primary key # canonical_email_hash :string default(""), not null -# reference_account_id :bigint(8) not null +# reference_account_id :bigint(8) # created_at :datetime not null # updated_at :datetime not null # class CanonicalEmailBlock < ApplicationRecord include EmailHelper + include Paginable - belongs_to :reference_account, class_name: 'Account' + belongs_to :reference_account, class_name: 'Account', optional: true validates :canonical_email_hash, presence: true, uniqueness: true + scope :matching_email, ->(email) { where(canonical_email_hash: email_to_canonical_email_hash(email)) } + + def to_log_human_identifier + canonical_email_hash + end + def email=(email) self.canonical_email_hash = email_to_canonical_email_hash(email) end def self.block?(email) - where(canonical_email_hash: email_to_canonical_email_hash(email)).exists? - end - - def self.find_blocks(email) - where(canonical_email_hash: email_to_canonical_email_hash(email)) + matching_email(email).exists? end end diff --git a/app/policies/canonical_email_block_policy.rb b/app/policies/canonical_email_block_policy.rb new file mode 100644 index 00000000000..8d76075c936 --- /dev/null +++ b/app/policies/canonical_email_block_policy.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +class CanonicalEmailBlockPolicy < ApplicationPolicy + def index? + role.can?(:manage_blocks) + end + + def show? + role.can?(:manage_blocks) + end + + def test? + role.can?(:manage_blocks) + end + + def create? + role.can?(:manage_blocks) + end + + def destroy? + role.can?(:manage_blocks) + end +end diff --git a/app/serializers/rest/admin/canonical_email_block_serializer.rb b/app/serializers/rest/admin/canonical_email_block_serializer.rb new file mode 100644 index 00000000000..fe385940a73 --- /dev/null +++ b/app/serializers/rest/admin/canonical_email_block_serializer.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class REST::Admin::CanonicalEmailBlockSerializer < ActiveModel::Serializer + attributes :id, :canonical_email_hash + + def id + object.id.to_s + end +end diff --git a/config/locales/en.yml b/config/locales/en.yml index 72ebfafba2a..0b721c163d1 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -239,6 +239,7 @@ en: confirm_user: Confirm User create_account_warning: Create Warning create_announcement: Create Announcement + create_canonical_email_block: Create E-mail Block create_custom_emoji: Create Custom Emoji create_domain_allow: Create Domain Allow create_domain_block: Create Domain Block @@ -248,6 +249,7 @@ en: create_user_role: Create Role demote_user: Demote User destroy_announcement: Delete Announcement + destroy_canonical_email_block: Delete E-mail Block destroy_custom_emoji: Delete Custom Emoji destroy_domain_allow: Delete Domain Allow destroy_domain_block: Delete Domain Block @@ -283,6 +285,7 @@ en: update_announcement: Update Announcement update_custom_emoji: Update Custom Emoji update_domain_block: Update Domain Block + update_ip_block: Update IP rule update_status: Update Post update_user_role: Update Role actions: @@ -294,6 +297,7 @@ en: confirm_user_html: "%{name} confirmed e-mail address of user %{target}" create_account_warning_html: "%{name} sent a warning to %{target}" create_announcement_html: "%{name} created new announcement %{target}" + create_canonical_email_block_html: "%{name} blocked e-mail with the hash %{target}" create_custom_emoji_html: "%{name} uploaded new emoji %{target}" create_domain_allow_html: "%{name} allowed federation with domain %{target}" create_domain_block_html: "%{name} blocked domain %{target}" @@ -303,6 +307,7 @@ en: create_user_role_html: "%{name} created %{target} role" demote_user_html: "%{name} demoted user %{target}" destroy_announcement_html: "%{name} deleted announcement %{target}" + destroy_canonical_email_block_html: "%{name} unblocked e-mail with the hash %{target}" destroy_custom_emoji_html: "%{name} deleted emoji %{target}" destroy_domain_allow_html: "%{name} disallowed federation with domain %{target}" destroy_domain_block_html: "%{name} unblocked domain %{target}" @@ -338,6 +343,7 @@ en: update_announcement_html: "%{name} updated announcement %{target}" update_custom_emoji_html: "%{name} updated emoji %{target}" update_domain_block_html: "%{name} updated domain block for %{target}" + update_ip_block_html: "%{name} changed rule for IP %{target}" update_status_html: "%{name} updated post by %{target}" update_user_role_html: "%{name} changed %{target} role" empty: No logs found. diff --git a/config/routes.rb b/config/routes.rb index 1168c9aee49..8694a643642 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -602,6 +602,12 @@ Rails.application.routes.draw do post :measures, to: 'measures#create' post :dimensions, to: 'dimensions#create' post :retention, to: 'retention#create' + + resources :canonical_email_blocks, only: [:index, :create, :show, :destroy] do + collection do + post :test + end + end end end diff --git a/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb b/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb new file mode 100644 index 00000000000..5b3ec472751 --- /dev/null +++ b/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb @@ -0,0 +1,5 @@ +class ChangeCanonicalEmailBlocksNullable < ActiveRecord::Migration[6.1] + def change + safety_assured { change_column :canonical_email_blocks, :reference_account_id, :bigint, null: true, default: nil } + end +end diff --git a/db/schema.rb b/db/schema.rb index 83fd9549c4b..db22f538a76 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2022_08_24_164532) do +ActiveRecord::Schema.define(version: 2022_08_27_195229) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -296,7 +296,7 @@ ActiveRecord::Schema.define(version: 2022_08_24_164532) do create_table "canonical_email_blocks", force: :cascade do |t| t.string "canonical_email_hash", default: "", null: false - t.bigint "reference_account_id", null: false + t.bigint "reference_account_id" t.datetime "created_at", precision: 6, null: false t.datetime "updated_at", precision: 6, null: false t.index ["canonical_email_hash"], name: "index_canonical_email_blocks_on_canonical_email_hash", unique: true diff --git a/lib/mastodon/canonical_email_blocks_cli.rb b/lib/mastodon/canonical_email_blocks_cli.rb index 64b72e60310..ec228d466a1 100644 --- a/lib/mastodon/canonical_email_blocks_cli.rb +++ b/lib/mastodon/canonical_email_blocks_cli.rb @@ -18,17 +18,15 @@ module Mastodon When suspending a local user, a hash of a "canonical" version of their e-mail address is stored to prevent them from signing up again. - This command can be used to find whether a known email address is blocked, - and if so, which account it was attached to. + This command can be used to find whether a known email address is blocked. LONG_DESC def find(email) - accts = CanonicalEmailBlock.find_blocks(email).map(&:reference_account).map(&:acct).to_a + accts = CanonicalEmailBlock.matching_email(email) + if accts.empty? - say("#{email} is not blocked", :yellow) + say("#{email} is not blocked", :green) else - accts.each do |acct| - say(acct, :white) - end + say("#{email} is blocked", :red) end end @@ -40,24 +38,13 @@ module Mastodon This command allows removing a canonical email block. LONG_DESC def remove(email) - blocks = CanonicalEmailBlock.find_blocks(email) + blocks = CanonicalEmailBlock.matching_email(email) + if blocks.empty? - say("#{email} is not blocked", :yellow) + say("#{email} is not blocked", :green) else blocks.destroy_all - say("Removed canonical email block for #{email}", :green) - end - end - - private - - def color(processed, failed) - if !processed.zero? && failed.zero? - :green - elsif failed.zero? - :yellow - else - :red + say("Unblocked #{email}", :green) end end end