Merge branch '1364-no-pushes-from-blocked-domains-users' into 'develop'

[#1364] [FIX] Disabled notifications on activities from blocked domains (unless actors are followed)

See merge request pleroma/pleroma!2367
This commit is contained in:
lain 2020-04-30 10:29:46 +00:00
commit 4c4344b7b1
4 changed files with 149 additions and 18 deletions

View File

@ -27,6 +27,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Support pagination in conversations API - Support pagination in conversations API
- **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again - **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again
- Fix follower/blocks import when nicknames starts with @ - Fix follower/blocks import when nicknames starts with @
- Filtering of push notifications on activities from blocked domains
## [unreleased-patch] ## [unreleased-patch]
### Fixed ### Fixed

View File

@ -10,11 +10,12 @@ defmodule Pleroma.FollowingRelationship do
alias Ecto.Changeset alias Ecto.Changeset
alias FlakeId.Ecto.CompatType alias FlakeId.Ecto.CompatType
alias Pleroma.FollowingRelationship.State
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.User alias Pleroma.User
schema "following_relationships" do schema "following_relationships" do
field(:state, Pleroma.FollowingRelationship.State, default: :follow_pending) field(:state, State, default: :follow_pending)
belongs_to(:follower, User, type: CompatType) belongs_to(:follower, User, type: CompatType)
belongs_to(:following, User, type: CompatType) belongs_to(:following, User, type: CompatType)
@ -22,6 +23,11 @@ defmodule Pleroma.FollowingRelationship do
timestamps() timestamps()
end end
@doc "Returns underlying integer code for state atom"
def state_int_code(state_atom), do: State.__enum_map__() |> Keyword.fetch!(state_atom)
def accept_state_code, do: state_int_code(:follow_accept)
def changeset(%__MODULE__{} = following_relationship, attrs) do def changeset(%__MODULE__{} = following_relationship, attrs) do
following_relationship following_relationship
|> cast(attrs, [:state]) |> cast(attrs, [:state])
@ -82,6 +88,29 @@ def follower_count(%User{} = user) do
|> Repo.aggregate(:count, :id) |> Repo.aggregate(:count, :id)
end end
def followers_query(%User{} = user) do
__MODULE__
|> join(:inner, [r], u in User, on: r.follower_id == u.id)
|> where([r], r.following_id == ^user.id)
|> where([r], r.state == ^:follow_accept)
end
def followers_ap_ids(%User{} = user, from_ap_ids \\ nil) do
query =
user
|> followers_query()
|> select([r, u], u.ap_id)
query =
if from_ap_ids do
where(query, [r, u], u.ap_id in ^from_ap_ids)
else
query
end
Repo.all(query)
end
def following_count(%User{id: nil}), do: 0 def following_count(%User{id: nil}), do: 0
def following_count(%User{} = user) do def following_count(%User{} = user) do
@ -105,12 +134,16 @@ def following?(%User{id: follower_id}, %User{id: followed_id}) do
|> Repo.exists?() |> Repo.exists?()
end end
def following_query(%User{} = user) do
__MODULE__
|> join(:inner, [r], u in User, on: r.following_id == u.id)
|> where([r], r.follower_id == ^user.id)
|> where([r], r.state == ^:follow_accept)
end
def following(%User{} = user) do def following(%User{} = user) do
following = following =
__MODULE__ following_query(user)
|> join(:inner, [r], u in User, on: r.following_id == u.id)
|> where([r], r.follower_id == ^user.id)
|> where([r], r.state == ^:follow_accept)
|> select([r, u], u.follower_address) |> select([r, u], u.follower_address)
|> Repo.all() |> Repo.all()
@ -171,6 +204,30 @@ def find(following_relationships, follower, following) do
end) end)
end end
@doc """
For a query with joined activity,
keeps rows where activity's actor is followed by user -or- is NOT domain-blocked by user.
"""
def keep_following_or_not_domain_blocked(query, user) do
where(
query,
[_, activity],
fragment(
# "(actor's domain NOT in domain_blocks) OR (actor IS in followed AP IDs)"
"""
NOT (substring(? from '.*://([^/]*)') = ANY(?)) OR
? = ANY(SELECT ap_id FROM users AS u INNER JOIN following_relationships AS fr
ON u.id = fr.following_id WHERE fr.follower_id = ? AND fr.state = ?)
""",
activity.actor,
^user.domain_blocks,
activity.actor,
^User.binary_id(user.id),
^accept_state_code()
)
)
end
defp validate_not_self_relationship(%Changeset{} = changeset) do defp validate_not_self_relationship(%Changeset{} = changeset) do
changeset changeset
|> validate_follower_id_following_id_inequality() |> validate_follower_id_following_id_inequality()

View File

@ -6,6 +6,7 @@ defmodule Pleroma.Notification do
use Ecto.Schema use Ecto.Schema
alias Pleroma.Activity alias Pleroma.Activity
alias Pleroma.FollowingRelationship
alias Pleroma.Notification alias Pleroma.Notification
alias Pleroma.Object alias Pleroma.Object
alias Pleroma.Pagination alias Pleroma.Pagination
@ -81,15 +82,13 @@ def for_user_query(user, opts \\ %{}) do
|> exclude_visibility(opts) |> exclude_visibility(opts)
end end
# Excludes blocked users and non-followed domain-blocked users
defp exclude_blocked(query, user, opts) do defp exclude_blocked(query, user, opts) do
blocked_ap_ids = opts[:blocked_users_ap_ids] || User.blocked_users_ap_ids(user) blocked_ap_ids = opts[:blocked_users_ap_ids] || User.blocked_users_ap_ids(user)
query query
|> where([n, a], a.actor not in ^blocked_ap_ids) |> where([n, a], a.actor not in ^blocked_ap_ids)
|> where( |> FollowingRelationship.keep_following_or_not_domain_blocked(user)
[n, a],
fragment("substring(? from '.*://([^/]*)')", a.actor) not in ^user.domain_blocks
)
end end
defp exclude_notification_muted(query, _, %{@include_muted_option => true}) do defp exclude_notification_muted(query, _, %{@include_muted_option => true}) do
@ -330,10 +329,11 @@ def create_notification(%Activity{} = activity, %User{} = user, do_send \\ true)
@doc """ @doc """
Returns a tuple with 2 elements: Returns a tuple with 2 elements:
{enabled notification receivers, currently disabled receivers (blocking / [thread] muting)} {notification-enabled receivers, currently disabled receivers (blocking / [thread] muting)}
NOTE: might be called for FAKE Activities, see ActivityPub.Utils.get_notified_from_object/1 NOTE: might be called for FAKE Activities, see ActivityPub.Utils.get_notified_from_object/1
""" """
@spec get_notified_from_activity(Activity.t(), boolean()) :: {list(User.t()), list(User.t())}
def get_notified_from_activity(activity, local_only \\ true) def get_notified_from_activity(activity, local_only \\ true)
def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, local_only) def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, local_only)
@ -346,17 +346,14 @@ def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, lo
|> Utils.maybe_notify_followers(activity) |> Utils.maybe_notify_followers(activity)
|> Enum.uniq() |> Enum.uniq()
# Since even subscribers and followers can mute / thread-mute, filtering all above AP IDs potential_receivers = User.get_users_from_set(potential_receiver_ap_ids, local_only)
notification_enabled_ap_ids = notification_enabled_ap_ids =
potential_receiver_ap_ids potential_receiver_ap_ids
|> exclude_domain_blocker_ap_ids(activity, potential_receivers)
|> exclude_relationship_restricted_ap_ids(activity) |> exclude_relationship_restricted_ap_ids(activity)
|> exclude_thread_muter_ap_ids(activity) |> exclude_thread_muter_ap_ids(activity)
potential_receivers =
potential_receiver_ap_ids
|> Enum.uniq()
|> User.get_users_from_set(local_only)
notification_enabled_users = notification_enabled_users =
Enum.filter(potential_receivers, fn u -> u.ap_id in notification_enabled_ap_ids end) Enum.filter(potential_receivers, fn u -> u.ap_id in notification_enabled_ap_ids end)
@ -365,6 +362,38 @@ def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, lo
def get_notified_from_activity(_, _local_only), do: {[], []} def get_notified_from_activity(_, _local_only), do: {[], []}
@doc "Filters out AP IDs domain-blocking and not following the activity's actor"
def exclude_domain_blocker_ap_ids(ap_ids, activity, preloaded_users \\ [])
def exclude_domain_blocker_ap_ids([], _activity, _preloaded_users), do: []
def exclude_domain_blocker_ap_ids(ap_ids, %Activity{} = activity, preloaded_users) do
activity_actor_domain = activity.actor && URI.parse(activity.actor).host
users =
ap_ids
|> Enum.map(fn ap_id ->
Enum.find(preloaded_users, &(&1.ap_id == ap_id)) ||
User.get_cached_by_ap_id(ap_id)
end)
|> Enum.filter(& &1)
domain_blocker_ap_ids = for u <- users, activity_actor_domain in u.domain_blocks, do: u.ap_id
domain_blocker_follower_ap_ids =
if Enum.any?(domain_blocker_ap_ids) do
activity
|> Activity.user_actor()
|> FollowingRelationship.followers_ap_ids(domain_blocker_ap_ids)
else
[]
end
ap_ids
|> Kernel.--(domain_blocker_ap_ids)
|> Kernel.++(domain_blocker_follower_ap_ids)
end
@doc "Filters out AP IDs of users basing on their relationships with activity actor user" @doc "Filters out AP IDs of users basing on their relationships with activity actor user"
def exclude_relationship_restricted_ap_ids([], _activity), do: [] def exclude_relationship_restricted_ap_ids([], _activity), do: []

View File

@ -669,6 +669,37 @@ test "it returns thread-muting recipient in disabled recipients list" do
assert [other_user] == disabled_receivers assert [other_user] == disabled_receivers
refute other_user in enabled_receivers refute other_user in enabled_receivers
end end
test "it returns non-following domain-blocking recipient in disabled recipients list" do
blocked_domain = "blocked.domain"
user = insert(:user, %{ap_id: "https://#{blocked_domain}/@actor"})
other_user = insert(:user)
{:ok, other_user} = User.block_domain(other_user, blocked_domain)
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey @#{other_user.nickname}!"})
{enabled_receivers, disabled_receivers} = Notification.get_notified_from_activity(activity)
assert [] == enabled_receivers
assert [other_user] == disabled_receivers
end
test "it returns following domain-blocking recipient in enabled recipients list" do
blocked_domain = "blocked.domain"
user = insert(:user, %{ap_id: "https://#{blocked_domain}/@actor"})
other_user = insert(:user)
{:ok, other_user} = User.block_domain(other_user, blocked_domain)
{:ok, other_user} = User.follow(other_user, user)
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey @#{other_user.nickname}!"})
{enabled_receivers, disabled_receivers} = Notification.get_notified_from_activity(activity)
assert [other_user] == enabled_receivers
assert [] == disabled_receivers
end
end end
describe "notification lifecycle" do describe "notification lifecycle" do
@ -931,7 +962,7 @@ test "it doesn't return notifications for blocked user" do
assert Notification.for_user(user) == [] assert Notification.for_user(user) == []
end end
test "it doesn't return notifications for blocked domain" do test "it doesn't return notifications for domain-blocked non-followed user" do
user = insert(:user) user = insert(:user)
blocked = insert(:user, ap_id: "http://some-domain.com") blocked = insert(:user, ap_id: "http://some-domain.com")
{:ok, user} = User.block_domain(user, "some-domain.com") {:ok, user} = User.block_domain(user, "some-domain.com")
@ -941,6 +972,18 @@ test "it doesn't return notifications for blocked domain" do
assert Notification.for_user(user) == [] assert Notification.for_user(user) == []
end end
test "it returns notifications for domain-blocked but followed user" do
user = insert(:user)
blocked = insert(:user, ap_id: "http://some-domain.com")
{:ok, user} = User.block_domain(user, "some-domain.com")
{:ok, _} = User.follow(user, blocked)
{:ok, _activity} = CommonAPI.post(blocked, %{"status" => "hey @#{user.nickname}"})
assert length(Notification.for_user(user)) == 1
end
test "it doesn't return notifications for muted thread" do test "it doesn't return notifications for muted thread" do
user = insert(:user) user = insert(:user)
another_user = insert(:user) another_user = insert(:user)
@ -971,7 +1014,8 @@ test "it doesn't return notifications from a blocked user when with_muted is set
assert Enum.empty?(Notification.for_user(user, %{with_muted: true})) assert Enum.empty?(Notification.for_user(user, %{with_muted: true}))
end end
test "it doesn't return notifications from a domain-blocked user when with_muted is set" do test "when with_muted is set, " <>
"it doesn't return notifications from a domain-blocked non-followed user" do
user = insert(:user) user = insert(:user)
blocked = insert(:user, ap_id: "http://some-domain.com") blocked = insert(:user, ap_id: "http://some-domain.com")
{:ok, user} = User.block_domain(user, "some-domain.com") {:ok, user} = User.block_domain(user, "some-domain.com")