Merge branch '1364-no-pushes-from-blocked-domains-users' into 'develop'
[#1364] [FIX] Disabled notifications on activities from blocked domains (unless actors are followed) See merge request pleroma/pleroma!2367
This commit is contained in:
commit
4c4344b7b1
|
@ -27,6 +27,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Support pagination in conversations API
|
- Support pagination in conversations API
|
||||||
- **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again
|
- **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again
|
||||||
- Fix follower/blocks import when nicknames starts with @
|
- Fix follower/blocks import when nicknames starts with @
|
||||||
|
- Filtering of push notifications on activities from blocked domains
|
||||||
|
|
||||||
## [unreleased-patch]
|
## [unreleased-patch]
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -10,11 +10,12 @@ defmodule Pleroma.FollowingRelationship do
|
||||||
|
|
||||||
alias Ecto.Changeset
|
alias Ecto.Changeset
|
||||||
alias FlakeId.Ecto.CompatType
|
alias FlakeId.Ecto.CompatType
|
||||||
|
alias Pleroma.FollowingRelationship.State
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
schema "following_relationships" do
|
schema "following_relationships" do
|
||||||
field(:state, Pleroma.FollowingRelationship.State, default: :follow_pending)
|
field(:state, State, default: :follow_pending)
|
||||||
|
|
||||||
belongs_to(:follower, User, type: CompatType)
|
belongs_to(:follower, User, type: CompatType)
|
||||||
belongs_to(:following, User, type: CompatType)
|
belongs_to(:following, User, type: CompatType)
|
||||||
|
@ -22,6 +23,11 @@ defmodule Pleroma.FollowingRelationship do
|
||||||
timestamps()
|
timestamps()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@doc "Returns underlying integer code for state atom"
|
||||||
|
def state_int_code(state_atom), do: State.__enum_map__() |> Keyword.fetch!(state_atom)
|
||||||
|
|
||||||
|
def accept_state_code, do: state_int_code(:follow_accept)
|
||||||
|
|
||||||
def changeset(%__MODULE__{} = following_relationship, attrs) do
|
def changeset(%__MODULE__{} = following_relationship, attrs) do
|
||||||
following_relationship
|
following_relationship
|
||||||
|> cast(attrs, [:state])
|
|> cast(attrs, [:state])
|
||||||
|
@ -82,6 +88,29 @@ def follower_count(%User{} = user) do
|
||||||
|> Repo.aggregate(:count, :id)
|
|> Repo.aggregate(:count, :id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def followers_query(%User{} = user) do
|
||||||
|
__MODULE__
|
||||||
|
|> join(:inner, [r], u in User, on: r.follower_id == u.id)
|
||||||
|
|> where([r], r.following_id == ^user.id)
|
||||||
|
|> where([r], r.state == ^:follow_accept)
|
||||||
|
end
|
||||||
|
|
||||||
|
def followers_ap_ids(%User{} = user, from_ap_ids \\ nil) do
|
||||||
|
query =
|
||||||
|
user
|
||||||
|
|> followers_query()
|
||||||
|
|> select([r, u], u.ap_id)
|
||||||
|
|
||||||
|
query =
|
||||||
|
if from_ap_ids do
|
||||||
|
where(query, [r, u], u.ap_id in ^from_ap_ids)
|
||||||
|
else
|
||||||
|
query
|
||||||
|
end
|
||||||
|
|
||||||
|
Repo.all(query)
|
||||||
|
end
|
||||||
|
|
||||||
def following_count(%User{id: nil}), do: 0
|
def following_count(%User{id: nil}), do: 0
|
||||||
|
|
||||||
def following_count(%User{} = user) do
|
def following_count(%User{} = user) do
|
||||||
|
@ -105,12 +134,16 @@ def following?(%User{id: follower_id}, %User{id: followed_id}) do
|
||||||
|> Repo.exists?()
|
|> Repo.exists?()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def following_query(%User{} = user) do
|
||||||
|
__MODULE__
|
||||||
|
|> join(:inner, [r], u in User, on: r.following_id == u.id)
|
||||||
|
|> where([r], r.follower_id == ^user.id)
|
||||||
|
|> where([r], r.state == ^:follow_accept)
|
||||||
|
end
|
||||||
|
|
||||||
def following(%User{} = user) do
|
def following(%User{} = user) do
|
||||||
following =
|
following =
|
||||||
__MODULE__
|
following_query(user)
|
||||||
|> join(:inner, [r], u in User, on: r.following_id == u.id)
|
|
||||||
|> where([r], r.follower_id == ^user.id)
|
|
||||||
|> where([r], r.state == ^:follow_accept)
|
|
||||||
|> select([r, u], u.follower_address)
|
|> select([r, u], u.follower_address)
|
||||||
|> Repo.all()
|
|> Repo.all()
|
||||||
|
|
||||||
|
@ -171,6 +204,30 @@ def find(following_relationships, follower, following) do
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
For a query with joined activity,
|
||||||
|
keeps rows where activity's actor is followed by user -or- is NOT domain-blocked by user.
|
||||||
|
"""
|
||||||
|
def keep_following_or_not_domain_blocked(query, user) do
|
||||||
|
where(
|
||||||
|
query,
|
||||||
|
[_, activity],
|
||||||
|
fragment(
|
||||||
|
# "(actor's domain NOT in domain_blocks) OR (actor IS in followed AP IDs)"
|
||||||
|
"""
|
||||||
|
NOT (substring(? from '.*://([^/]*)') = ANY(?)) OR
|
||||||
|
? = ANY(SELECT ap_id FROM users AS u INNER JOIN following_relationships AS fr
|
||||||
|
ON u.id = fr.following_id WHERE fr.follower_id = ? AND fr.state = ?)
|
||||||
|
""",
|
||||||
|
activity.actor,
|
||||||
|
^user.domain_blocks,
|
||||||
|
activity.actor,
|
||||||
|
^User.binary_id(user.id),
|
||||||
|
^accept_state_code()
|
||||||
|
)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
defp validate_not_self_relationship(%Changeset{} = changeset) do
|
defp validate_not_self_relationship(%Changeset{} = changeset) do
|
||||||
changeset
|
changeset
|
||||||
|> validate_follower_id_following_id_inequality()
|
|> validate_follower_id_following_id_inequality()
|
||||||
|
|
|
@ -6,6 +6,7 @@ defmodule Pleroma.Notification do
|
||||||
use Ecto.Schema
|
use Ecto.Schema
|
||||||
|
|
||||||
alias Pleroma.Activity
|
alias Pleroma.Activity
|
||||||
|
alias Pleroma.FollowingRelationship
|
||||||
alias Pleroma.Notification
|
alias Pleroma.Notification
|
||||||
alias Pleroma.Object
|
alias Pleroma.Object
|
||||||
alias Pleroma.Pagination
|
alias Pleroma.Pagination
|
||||||
|
@ -81,15 +82,13 @@ def for_user_query(user, opts \\ %{}) do
|
||||||
|> exclude_visibility(opts)
|
|> exclude_visibility(opts)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Excludes blocked users and non-followed domain-blocked users
|
||||||
defp exclude_blocked(query, user, opts) do
|
defp exclude_blocked(query, user, opts) do
|
||||||
blocked_ap_ids = opts[:blocked_users_ap_ids] || User.blocked_users_ap_ids(user)
|
blocked_ap_ids = opts[:blocked_users_ap_ids] || User.blocked_users_ap_ids(user)
|
||||||
|
|
||||||
query
|
query
|
||||||
|> where([n, a], a.actor not in ^blocked_ap_ids)
|
|> where([n, a], a.actor not in ^blocked_ap_ids)
|
||||||
|> where(
|
|> FollowingRelationship.keep_following_or_not_domain_blocked(user)
|
||||||
[n, a],
|
|
||||||
fragment("substring(? from '.*://([^/]*)')", a.actor) not in ^user.domain_blocks
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
defp exclude_notification_muted(query, _, %{@include_muted_option => true}) do
|
defp exclude_notification_muted(query, _, %{@include_muted_option => true}) do
|
||||||
|
@ -330,10 +329,11 @@ def create_notification(%Activity{} = activity, %User{} = user, do_send \\ true)
|
||||||
|
|
||||||
@doc """
|
@doc """
|
||||||
Returns a tuple with 2 elements:
|
Returns a tuple with 2 elements:
|
||||||
{enabled notification receivers, currently disabled receivers (blocking / [thread] muting)}
|
{notification-enabled receivers, currently disabled receivers (blocking / [thread] muting)}
|
||||||
|
|
||||||
NOTE: might be called for FAKE Activities, see ActivityPub.Utils.get_notified_from_object/1
|
NOTE: might be called for FAKE Activities, see ActivityPub.Utils.get_notified_from_object/1
|
||||||
"""
|
"""
|
||||||
|
@spec get_notified_from_activity(Activity.t(), boolean()) :: {list(User.t()), list(User.t())}
|
||||||
def get_notified_from_activity(activity, local_only \\ true)
|
def get_notified_from_activity(activity, local_only \\ true)
|
||||||
|
|
||||||
def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, local_only)
|
def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, local_only)
|
||||||
|
@ -346,17 +346,14 @@ def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, lo
|
||||||
|> Utils.maybe_notify_followers(activity)
|
|> Utils.maybe_notify_followers(activity)
|
||||||
|> Enum.uniq()
|
|> Enum.uniq()
|
||||||
|
|
||||||
# Since even subscribers and followers can mute / thread-mute, filtering all above AP IDs
|
potential_receivers = User.get_users_from_set(potential_receiver_ap_ids, local_only)
|
||||||
|
|
||||||
notification_enabled_ap_ids =
|
notification_enabled_ap_ids =
|
||||||
potential_receiver_ap_ids
|
potential_receiver_ap_ids
|
||||||
|
|> exclude_domain_blocker_ap_ids(activity, potential_receivers)
|
||||||
|> exclude_relationship_restricted_ap_ids(activity)
|
|> exclude_relationship_restricted_ap_ids(activity)
|
||||||
|> exclude_thread_muter_ap_ids(activity)
|
|> exclude_thread_muter_ap_ids(activity)
|
||||||
|
|
||||||
potential_receivers =
|
|
||||||
potential_receiver_ap_ids
|
|
||||||
|> Enum.uniq()
|
|
||||||
|> User.get_users_from_set(local_only)
|
|
||||||
|
|
||||||
notification_enabled_users =
|
notification_enabled_users =
|
||||||
Enum.filter(potential_receivers, fn u -> u.ap_id in notification_enabled_ap_ids end)
|
Enum.filter(potential_receivers, fn u -> u.ap_id in notification_enabled_ap_ids end)
|
||||||
|
|
||||||
|
@ -365,6 +362,38 @@ def get_notified_from_activity(%Activity{data: %{"type" => type}} = activity, lo
|
||||||
|
|
||||||
def get_notified_from_activity(_, _local_only), do: {[], []}
|
def get_notified_from_activity(_, _local_only), do: {[], []}
|
||||||
|
|
||||||
|
@doc "Filters out AP IDs domain-blocking and not following the activity's actor"
|
||||||
|
def exclude_domain_blocker_ap_ids(ap_ids, activity, preloaded_users \\ [])
|
||||||
|
|
||||||
|
def exclude_domain_blocker_ap_ids([], _activity, _preloaded_users), do: []
|
||||||
|
|
||||||
|
def exclude_domain_blocker_ap_ids(ap_ids, %Activity{} = activity, preloaded_users) do
|
||||||
|
activity_actor_domain = activity.actor && URI.parse(activity.actor).host
|
||||||
|
|
||||||
|
users =
|
||||||
|
ap_ids
|
||||||
|
|> Enum.map(fn ap_id ->
|
||||||
|
Enum.find(preloaded_users, &(&1.ap_id == ap_id)) ||
|
||||||
|
User.get_cached_by_ap_id(ap_id)
|
||||||
|
end)
|
||||||
|
|> Enum.filter(& &1)
|
||||||
|
|
||||||
|
domain_blocker_ap_ids = for u <- users, activity_actor_domain in u.domain_blocks, do: u.ap_id
|
||||||
|
|
||||||
|
domain_blocker_follower_ap_ids =
|
||||||
|
if Enum.any?(domain_blocker_ap_ids) do
|
||||||
|
activity
|
||||||
|
|> Activity.user_actor()
|
||||||
|
|> FollowingRelationship.followers_ap_ids(domain_blocker_ap_ids)
|
||||||
|
else
|
||||||
|
[]
|
||||||
|
end
|
||||||
|
|
||||||
|
ap_ids
|
||||||
|
|> Kernel.--(domain_blocker_ap_ids)
|
||||||
|
|> Kernel.++(domain_blocker_follower_ap_ids)
|
||||||
|
end
|
||||||
|
|
||||||
@doc "Filters out AP IDs of users basing on their relationships with activity actor user"
|
@doc "Filters out AP IDs of users basing on their relationships with activity actor user"
|
||||||
def exclude_relationship_restricted_ap_ids([], _activity), do: []
|
def exclude_relationship_restricted_ap_ids([], _activity), do: []
|
||||||
|
|
||||||
|
|
|
@ -669,6 +669,37 @@ test "it returns thread-muting recipient in disabled recipients list" do
|
||||||
assert [other_user] == disabled_receivers
|
assert [other_user] == disabled_receivers
|
||||||
refute other_user in enabled_receivers
|
refute other_user in enabled_receivers
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it returns non-following domain-blocking recipient in disabled recipients list" do
|
||||||
|
blocked_domain = "blocked.domain"
|
||||||
|
user = insert(:user, %{ap_id: "https://#{blocked_domain}/@actor"})
|
||||||
|
other_user = insert(:user)
|
||||||
|
|
||||||
|
{:ok, other_user} = User.block_domain(other_user, blocked_domain)
|
||||||
|
|
||||||
|
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey @#{other_user.nickname}!"})
|
||||||
|
|
||||||
|
{enabled_receivers, disabled_receivers} = Notification.get_notified_from_activity(activity)
|
||||||
|
|
||||||
|
assert [] == enabled_receivers
|
||||||
|
assert [other_user] == disabled_receivers
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it returns following domain-blocking recipient in enabled recipients list" do
|
||||||
|
blocked_domain = "blocked.domain"
|
||||||
|
user = insert(:user, %{ap_id: "https://#{blocked_domain}/@actor"})
|
||||||
|
other_user = insert(:user)
|
||||||
|
|
||||||
|
{:ok, other_user} = User.block_domain(other_user, blocked_domain)
|
||||||
|
{:ok, other_user} = User.follow(other_user, user)
|
||||||
|
|
||||||
|
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey @#{other_user.nickname}!"})
|
||||||
|
|
||||||
|
{enabled_receivers, disabled_receivers} = Notification.get_notified_from_activity(activity)
|
||||||
|
|
||||||
|
assert [other_user] == enabled_receivers
|
||||||
|
assert [] == disabled_receivers
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "notification lifecycle" do
|
describe "notification lifecycle" do
|
||||||
|
@ -931,7 +962,7 @@ test "it doesn't return notifications for blocked user" do
|
||||||
assert Notification.for_user(user) == []
|
assert Notification.for_user(user) == []
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it doesn't return notifications for blocked domain" do
|
test "it doesn't return notifications for domain-blocked non-followed user" do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
blocked = insert(:user, ap_id: "http://some-domain.com")
|
blocked = insert(:user, ap_id: "http://some-domain.com")
|
||||||
{:ok, user} = User.block_domain(user, "some-domain.com")
|
{:ok, user} = User.block_domain(user, "some-domain.com")
|
||||||
|
@ -941,6 +972,18 @@ test "it doesn't return notifications for blocked domain" do
|
||||||
assert Notification.for_user(user) == []
|
assert Notification.for_user(user) == []
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it returns notifications for domain-blocked but followed user" do
|
||||||
|
user = insert(:user)
|
||||||
|
blocked = insert(:user, ap_id: "http://some-domain.com")
|
||||||
|
|
||||||
|
{:ok, user} = User.block_domain(user, "some-domain.com")
|
||||||
|
{:ok, _} = User.follow(user, blocked)
|
||||||
|
|
||||||
|
{:ok, _activity} = CommonAPI.post(blocked, %{"status" => "hey @#{user.nickname}"})
|
||||||
|
|
||||||
|
assert length(Notification.for_user(user)) == 1
|
||||||
|
end
|
||||||
|
|
||||||
test "it doesn't return notifications for muted thread" do
|
test "it doesn't return notifications for muted thread" do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
another_user = insert(:user)
|
another_user = insert(:user)
|
||||||
|
@ -971,7 +1014,8 @@ test "it doesn't return notifications from a blocked user when with_muted is set
|
||||||
assert Enum.empty?(Notification.for_user(user, %{with_muted: true}))
|
assert Enum.empty?(Notification.for_user(user, %{with_muted: true}))
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it doesn't return notifications from a domain-blocked user when with_muted is set" do
|
test "when with_muted is set, " <>
|
||||||
|
"it doesn't return notifications from a domain-blocked non-followed user" do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
blocked = insert(:user, ap_id: "http://some-domain.com")
|
blocked = insert(:user, ap_id: "http://some-domain.com")
|
||||||
{:ok, user} = User.block_domain(user, "some-domain.com")
|
{:ok, user} = User.block_domain(user, "some-domain.com")
|
||||||
|
|
Loading…
Reference in New Issue