abunchtell
/
mastodon
1
0
Fork 0
Code Issues 0 Activity
The code powering m.abunchtell.com https://m.abunchtell.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4956 Commits
1 Branch
94 MiB
 
 
 
 
Tree: 61ed133fea
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '61ed133fea'
${ noResults }
mastodon/app/models/user.rb

320 lines
8.6 KiB
Raw Blame History 

  1. # frozen_string_literal: true

  2. # == Schema Information

  3. #

  4. # Table name: users

  5. #

  6. #  id                        :integer          not null, primary key

  7. #  email                     :string           default(""), not null

  8. #  created_at                :datetime         not null

  9. #  updated_at                :datetime         not null

  10. #  encrypted_password        :string           default(""), not null

  11. #  reset_password_token      :string

  12. #  reset_password_sent_at    :datetime

  13. #  remember_created_at       :datetime

  14. #  sign_in_count             :integer          default(0), not null

  15. #  current_sign_in_at        :datetime

  16. #  last_sign_in_at           :datetime

  17. #  current_sign_in_ip        :inet

  18. #  last_sign_in_ip           :inet

  19. #  admin                     :boolean          default(FALSE), not null

  20. #  confirmation_token        :string

  21. #  confirmed_at              :datetime

  22. #  confirmation_sent_at      :datetime

  23. #  unconfirmed_email         :string

  24. #  locale                    :string

  25. #  encrypted_otp_secret      :string

  26. #  encrypted_otp_secret_iv   :string

  27. #  encrypted_otp_secret_salt :string

  28. #  consumed_timestep         :integer

  29. #  otp_required_for_login    :boolean          default(FALSE), not null

  30. #  last_emailed_at           :datetime

  31. #  otp_backup_codes          :string           is an Array

  32. #  filtered_languages        :string           default([]), not null, is an Array

  33. #  account_id                :integer          not null

  34. #  disabled                  :boolean          default(FALSE), not null

  35. #  moderator                 :boolean          default(FALSE), not null

  36. #  invite_id                 :integer

  37. #  remember_token            :string

  38. #

  39. 

  40. class User < ApplicationRecord

  41.   include Settings::Extend

  42.   include Omniauthable

  43. 

  44.   ACTIVE_DURATION = 14.days

  45. 

  46.   devise :two_factor_authenticatable,

  47.          otp_secret_encryption_key: ENV['OTP_SECRET']

  48. 

  49.   devise :two_factor_backupable,

  50.          otp_number_of_backup_codes: 10

  51. 

  52.   devise :registerable, :recoverable, :rememberable, :trackable, :validatable,

  53.          :confirmable

  54. 

  55.   devise :pam_authenticatable if Devise.pam_authentication

  56.   devise :omniauthable

  57. 

  58.   belongs_to :account, inverse_of: :user

  59.   belongs_to :invite, counter_cache: :uses, optional: true

  60.   accepts_nested_attributes_for :account

  61. 

  62.   has_many :applications, class_name: 'Doorkeeper::Application', as: :owner

  63.   has_many :backups, inverse_of: :user

  64. 

  65.   validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?

  66.   validates_with BlacklistedEmailValidator, if: :email_changed?

  67. 

  68.   scope :recent, -> { order(id: :desc) }

  69.   scope :admins, -> { where(admin: true) }

  70.   scope :moderators, -> { where(moderator: true) }

  71.   scope :staff, -> { admins.or(moderators) }

  72.   scope :confirmed, -> { where.not(confirmed_at: nil) }

  73.   scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) }

  74.   scope :active, -> { confirmed.where(arel_table[:current_sign_in_at].gteq(ACTIVE_DURATION.ago)).joins(:account).where(accounts: { suspended: false }) }

  75.   scope :matches_email, ->(value) { where(arel_table[:email].matches("#{value}%")) }

  76.   scope :with_recent_ip_address, ->(value) { where(arel_table[:current_sign_in_ip].eq(value).or(arel_table[:last_sign_in_ip].eq(value))) }

  77. 

  78.   before_validation :sanitize_languages

  79. 

  80.   # This avoids a deprecation warning from Rails 5.1

  81.   # It seems possible that a future release of devise-two-factor will

  82.   # handle this itself, and this can be removed from our User class.

  83.   attribute :otp_secret

  84. 

  85.   has_many :session_activations, dependent: :destroy

  86. 

  87.   delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :delete_modal,

  88.            :reduce_motion, :system_font_ui, :noindex, :theme, :display_sensitive_media,

  89.            to: :settings, prefix: :setting, allow_nil: false

  90. 

  91.   attr_accessor :invite_code

  92. 

  93.   def pam_conflict(_)

  94.     # block pam login tries on traditional account

  95.     nil

  96.   end

  97. 

  98.   def pam_conflict?

  99.     return false unless Devise.pam_authentication

  100.     encrypted_password.present? && is_pam_account?

  101.   end

  102. 

  103.   def pam_get_name

  104.     return account.username if account.present?

  105.     super

  106.   end

  107. 

  108.   def pam_setup(_attributes)

  109.     acc = Account.new(username: pam_get_name)

  110.     acc.save!(validate: false)

  111. 

  112.     self.email = "#{acc.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix

  113.     self.confirmed_at = Time.now.utc

  114.     self.admin = false

  115.     self.account = acc

  116. 

  117.     acc.destroy! unless save

  118.   end

  119. 

  120.   def confirmed?

  121.     confirmed_at.present?

  122.   end

  123. 

  124.   def staff?

  125.     admin? || moderator?

  126.   end

  127. 

  128.   def role

  129.     if admin?

  130.       'admin'

  131.     elsif moderator?

  132.       'moderator'

  133.     else

  134.       'user'

  135.     end

  136.   end

  137. 

  138.   def role?(role)

  139.     case role

  140.     when 'user'

  141.       true

  142.     when 'moderator'

  143.       staff?

  144.     when 'admin'

  145.       admin?

  146.     else

  147.       false

  148.     end

  149.   end

  150. 

  151.   def disable!

  152.     update!(disabled: true,

  153.             last_sign_in_at: current_sign_in_at,

  154.             current_sign_in_at: nil)

  155.   end

  156. 

  157.   def enable!

  158.     update!(disabled: false)

  159.   end

  160. 

  161.   def confirm

  162.     new_user = !confirmed?

  163. 

  164.     super

  165.     prepare_new_user! if new_user

  166.   end

  167. 

  168.   def confirm!

  169.     new_user = !confirmed?

  170. 

  171.     skip_confirmation!

  172.     save!

  173.     prepare_new_user! if new_user

  174.   end

  175. 

  176.   def update_tracked_fields!(request)

  177.     super

  178.     prepare_returning_user!

  179.   end

  180. 

  181.   def promote!

  182.     if moderator?

  183.       update!(moderator: false, admin: true)

  184.     elsif !admin?

  185.       update!(moderator: true)

  186.     end

  187.   end

  188. 

  189.   def demote!

  190.     if admin?

  191.       update!(admin: false, moderator: true)

  192.     elsif moderator?

  193.       update!(moderator: false)

  194.     end

  195.   end

  196. 

  197.   def disable_two_factor!

  198.     self.otp_required_for_login = false

  199.     otp_backup_codes&.clear

  200.     save!

  201.   end

  202. 

  203.   def active_for_authentication?

  204.     super && !disabled?

  205.   end

  206. 

  207.   def setting_default_privacy

  208.     settings.default_privacy || (account.locked? ? 'private' : 'public')

  209.   end

  210. 

  211.   def allows_digest_emails?

  212.     settings.notification_emails['digest']

  213.   end

  214. 

  215.   def token_for_app(a)

  216.     return nil if a.nil? || a.owner != self

  217.     Doorkeeper::AccessToken

  218.       .find_or_create_by(application_id: a.id, resource_owner_id: id) do |t|

  219. 

  220.       t.scopes = a.scopes

  221.       t.expires_in = Doorkeeper.configuration.access_token_expires_in

  222.       t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled?

  223.     end

  224.   end

  225. 

  226.   def activate_session(request)

  227.     session_activations.activate(session_id: SecureRandom.hex,

  228.                                  user_agent: request.user_agent,

  229.                                  ip: request.remote_ip).session_id

  230.   end

  231. 

  232.   def exclusive_session(id)

  233.     session_activations.exclusive(id)

  234.   end

  235. 

  236.   def session_active?(id)

  237.     session_activations.active? id

  238.   end

  239. 

  240.   def web_push_subscription(session)

  241.     session.web_push_subscription.nil? ? nil : session.web_push_subscription.as_payload

  242.   end

  243. 

  244.   def invite_code=(code)

  245.     self.invite  = Invite.find_by(code: code) unless code.blank?

  246.     @invite_code = code

  247.   end

  248. 

  249.   def password_required?

  250.     return false if Devise.pam_authentication

  251.     super

  252.   end

  253. 

  254.   def send_reset_password_instructions

  255.     return false if encrypted_password.blank? && Devise.pam_authentication

  256.     super

  257.   end

  258. 

  259.   def reset_password!(new_password, new_password_confirmation)

  260.     return false if encrypted_password.blank? && Devise.pam_authentication

  261.     super

  262.   end

  263. 

  264.   def self.pam_get_user(attributes = {})

  265.     if attributes[:email]

  266.       resource =

  267.         if Devise.check_at_sign && !attributes[:email].index('@')

  268.           joins(:account).find_by(accounts: { username: attributes[:email] })

  269.         else

  270.           find_by(email: attributes[:email])

  271.         end

  272. 

  273.       if resource.blank?

  274.         resource = new(email: attributes[:email])

  275.         if Devise.check_at_sign && !resource[:email].index('@')

  276.           resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}"

  277.         end

  278.       end

  279.       resource

  280.     end

  281.   end

  282. 

  283.   def self.authenticate_with_pam(attributes = {})

  284.     return nil unless Devise.pam_authentication

  285.     super

  286.   end

  287. 

  288.   protected

  289. 

  290.   def send_devise_notification(notification, *args)

  291.     devise_mailer.send(notification, self, *args).deliver_later

  292.   end

  293. 

  294.   private

  295. 

  296.   def sanitize_languages

  297.     filtered_languages.reject!(&:blank?)

  298.   end

  299. 

  300.   def prepare_new_user!

  301.     BootstrapTimelineWorker.perform_async(account_id)

  302.     ActivityTracker.increment('activity:accounts:local')

  303.     UserMailer.welcome(self).deliver_later

  304.   end

  305. 

  306.   def prepare_returning_user!

  307.     ActivityTracker.record('activity:logins', id)

  308.     regenerate_feed! if needs_feed_update?

  309.   end

  310. 

  311.   def regenerate_feed!

  312.     Redis.current.setnx("account:#{account_id}:regeneration", true) && Redis.current.expire("account:#{account_id}:regeneration", 1.day.seconds)

  313.     RegenerationWorker.perform_async(account_id)

  314.   end

  315. 

  316.   def needs_feed_update?

  317.     last_sign_in_at < ACTIVE_DURATION.ago

  318.   end

  319. end