Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - app/views/admin/settings/edit.html.haml: Conflict due to how the theming settings change.
This commit is contained in:
Thibaut Girka
@ -37,11 +37,12 @@
|
||||
# remember_token :string
|
||||
# chosen_languages :string is an Array
|
||||
# created_by_application_id :bigint(8)
|
||||
# approved :boolean default(TRUE), not null
|
||||
#
|
||||
|
||||
class User < ApplicationRecord
|
||||
include Settings::Extend
|
||||
include Omniauthable
|
||||
include UserRoles
|
||||
|
||||
# The home and list feeds will be stored in Redis for this amount
|
||||
# of time, and status fan-out to followers will include only people
|
||||
@ -61,9 +62,9 @@ class User < ApplicationRecord
|
||||
devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
|
||||
:confirmable
|
||||
|
||||
devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
|
||||
|
||||
devise :omniauthable
|
||||
include Omniauthable
|
||||
include PamAuthenticable
|
||||
include LdapAuthenticable
|
||||
|
||||
belongs_to :account, inverse_of: :user
|
||||
belongs_to :invite, counter_cache: :uses, optional: true
|
||||
@ -79,9 +80,8 @@ class User < ApplicationRecord
|
||||
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
|
||||
|
||||
scope :recent, -> { order(id: :desc) }
|
||||
scope :admins, -> { where(admin: true) }
|
||||
scope :moderators, -> { where(moderator: true) }
|
||||
scope :staff, -> { admins.or(moderators) }
|
||||
scope :pending, -> { where(approved: false) }
|
||||
scope :approved, -> { where(approved: true) }
|
||||
scope :confirmed, -> { where.not(confirmed_at: nil) }
|
||||
scope :enabled, -> { where(disabled: false) }
|
||||
scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) }
|
||||
@ -90,6 +90,7 @@ class User < ApplicationRecord
|
||||
scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) }
|
||||
|
||||
before_validation :sanitize_languages
|
||||
before_create :set_approved
|
||||
|
||||
# This avoids a deprecation warning from Rails 5.1
|
||||
# It seems possible that a future release of devise-two-factor will
|
||||
@ -104,39 +105,6 @@ class User < ApplicationRecord
|
||||
|
||||
attr_reader :invite_code
|
||||
|
||||
def pam_conflict(_)
|
||||
# block pam login tries on traditional account
|
||||
nil
|
||||
end
|
||||
|
||||
def pam_conflict?
|
||||
return false unless Devise.pam_authentication
|
||||
encrypted_password.present? && pam_managed_user?
|
||||
end
|
||||
|
||||
def pam_get_name
|
||||
return account.username if account.present?
|
||||
super
|
||||
end
|
||||
|
||||
def pam_setup(_attributes)
|
||||
acc = Account.new(username: pam_get_name)
|
||||
acc.save!(validate: false)
|
||||
|
||||
self.email = "#{acc.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix
|
||||
self.confirmed_at = Time.now.utc
|
||||
self.admin = false
|
||||
self.account = acc
|
||||
|
||||
acc.destroy! unless save
|
||||
end
|
||||
|
||||
def ldap_setup(_attributes)
|
||||
self.confirmed_at = Time.now.utc
|
||||
self.admin = false
|
||||
save!
|
||||
end
|
||||
|
||||
def confirmed?
|
||||
confirmed_at.present?
|
||||
end
|
||||
@ -145,33 +113,6 @@ class User < ApplicationRecord
|
||||
invite_id.present?
|
||||
end
|
||||
|
||||
def staff?
|
||||
admin? || moderator?
|
||||
end
|
||||
|
||||
def role
|
||||
if admin?
|
||||
'admin'
|
||||
elsif moderator?
|
||||
'moderator'
|
||||
else
|
||||
'user'
|
||||
end
|
||||
end
|
||||
|
||||
def role?(role)
|
||||
case role
|
||||
when 'user'
|
||||
true
|
||||
when 'moderator'
|
||||
staff?
|
||||
when 'admin'
|
||||
admin?
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
def disable!
|
||||
update!(disabled: true,
|
||||
last_sign_in_at: current_sign_in_at,
|
||||
@ -186,7 +127,12 @@ class User < ApplicationRecord
|
||||
new_user = !confirmed?
|
||||
|
||||
super
|
||||
prepare_new_user! if new_user
|
||||
|
||||
if new_user && approved?
|
||||
prepare_new_user!
|
||||
elsif new_user
|
||||
notify_staff_about_pending_account!
|
||||
end
|
||||
end
|
||||
|
||||
def confirm!
|
||||
@ -194,7 +140,27 @@ class User < ApplicationRecord
|
||||
|
||||
skip_confirmation!
|
||||
save!
|
||||
prepare_new_user! if new_user
|
||||
|
||||
prepare_new_user! if new_user && approved?
|
||||
end
|
||||
|
||||
def pending?
|
||||
!approved?
|
||||
end
|
||||
|
||||
def active_for_authentication?
|
||||
super && approved?
|
||||
end
|
||||
|
||||
def inactive_message
|
||||
!approved? ? :pending : super
|
||||
end
|
||||
|
||||
def approve!
|
||||
return if approved?
|
||||
|
||||
update!(approved: true)
|
||||
prepare_new_user!
|
||||
end
|
||||
|
||||
def update_tracked_fields!(request)
|
||||
@ -202,22 +168,6 @@ class User < ApplicationRecord
|
||||
prepare_returning_user!
|
||||
end
|
||||
|
||||
def promote!
|
||||
if moderator?
|
||||
update!(moderator: false, admin: true)
|
||||
elsif !admin?
|
||||
update!(moderator: true)
|
||||
end
|
||||
end
|
||||
|
||||
def demote!
|
||||
if admin?
|
||||
update!(admin: false, moderator: true)
|
||||
elsif moderator?
|
||||
update!(moderator: false)
|
||||
end
|
||||
end
|
||||
|
||||
def disable_two_factor!
|
||||
self.otp_required_for_login = false
|
||||
otp_backup_codes&.clear
|
||||
@ -297,43 +247,6 @@ class User < ApplicationRecord
|
||||
super
|
||||
end
|
||||
|
||||
def self.pam_get_user(attributes = {})
|
||||
return nil unless attributes[:email]
|
||||
|
||||
resource =
|
||||
if Devise.check_at_sign && !attributes[:email].index('@')
|
||||
joins(:account).find_by(accounts: { username: attributes[:email] })
|
||||
else
|
||||
find_by(email: attributes[:email])
|
||||
end
|
||||
|
||||
if resource.blank?
|
||||
resource = new(email: attributes[:email], agreement: true)
|
||||
|
||||
if Devise.check_at_sign && !resource[:email].index('@')
|
||||
resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
|
||||
resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
|
||||
end
|
||||
end
|
||||
resource
|
||||
end
|
||||
|
||||
def self.ldap_get_user(attributes = {})
|
||||
resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
|
||||
|
||||
if resource.blank?
|
||||
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first })
|
||||
resource.ldap_setup(attributes)
|
||||
end
|
||||
|
||||
resource
|
||||
end
|
||||
|
||||
def self.authenticate_with_pam(attributes = {})
|
||||
return nil unless Devise.pam_authentication
|
||||
super
|
||||
end
|
||||
|
||||
def show_all_media?
|
||||
setting_display_media == 'show_all'
|
||||
end
|
||||
@ -350,6 +263,10 @@ class User < ApplicationRecord
|
||||
|
||||
private
|
||||
|
||||
def set_approved
|
||||
self.approved = Setting.registrations_mode == 'open' || invited?
|
||||
end
|
||||
|
||||
def sanitize_languages
|
||||
return if chosen_languages.nil?
|
||||
chosen_languages.reject!(&:blank?)
|
||||
@ -367,6 +284,13 @@ class User < ApplicationRecord
|
||||
regenerate_feed! if needs_feed_update?
|
||||
end
|
||||
|
||||
def notify_staff_about_pending_account!
|
||||
User.staff.includes(:account).each do |u|
|
||||
next unless u.allows_report_emails?
|
||||
AdminMailer.new_pending_account(u.account, self).deliver_later
|
||||
end
|
||||
end
|
||||
|
||||
def regenerate_feed!
|
||||
return unless Redis.current.setnx("account:#{account_id}:regeneration", true)
|
||||
Redis.current.expire("account:#{account_id}:regeneration", 1.day.seconds)
|
||||
|
||||
Reference in New Issue
Block a user