Add admin API for managing canonical e-mail blocks (#19067)

author: Eugen Rochko <eugen@zeonfederated.com> 2022-08-28 03:31:54 +0200
committer: GitHub <noreply@github.com> 2022-08-28 03:31:54 +0200
commit: c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1 (patch)
tree: 4a5b8cbce1e63c42d79c6feb8606343bdb26313b
parent: b399d79545e5e5430cb9d6a2c936efc244b69a75 (diff)
download: mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.tar
mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.tar.gz
mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.tar.bz2
mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.zip
11 files changed, 177 insertions, 36 deletions
diff --git a/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
new file mode 100644
index 000000000..bf8a6a131
--- /dev/null
+++ b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
+  include Authorization
+  include AccountableConcern
+
+  LIMIT = 100
+
+  before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:canonical_email_blocks' }, only: [:index, :show, :test]
+  before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:canonical_email_blocks' }, except: [:index, :show, :test]
+
+  before_action :set_canonical_email_blocks, only: :index
+  before_action :set_canonical_email_blocks_from_test, only: [:test]
+  before_action :set_canonical_email_block, only: [:show, :destroy]
+
+  after_action :verify_authorized
+  after_action :insert_pagination_headers, only: :index
+
+  PAGINATION_PARAMS = %i(limit).freeze
+
+  def index
+    authorize :canonical_email_block, :index?
+    render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer
+  end
+
+  def show
+    authorize @canonical_email_block, :show?
+    render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer
+  end
+
+  def test
+    authorize :canonical_email_block, :test?
+    render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer
+  end
+
+  def create
+    authorize :canonical_email_block, :create?
+
+    @canonical_email_block = CanonicalEmailBlock.create!(resource_params)
+    log_action :create, @canonical_email_block
+
+    render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer
+  end
+
+  def destroy
+    authorize @canonical_email_block, :destroy?
+
+    @canonical_email_block.destroy!
+    log_action :destroy, @canonical_email_block
+
+    render json: @canonical_email_block, serializer: REST::Admin::CanonicalEmailBlockSerializer
+  end
+
+  private
+
+  def resource_params
+    params.permit(:canonical_email_hash, :email)
+  end
+
+  def set_canonical_email_blocks
+    @canonical_email_blocks = CanonicalEmailBlock.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
+  end
+
+  def set_canonical_email_blocks_from_test
+    @canonical_email_blocks = CanonicalEmailBlock.matching_email(params[:email])
+  end
+
+  def set_canonical_email_block
+    @canonical_email_block = CanonicalEmailBlock.find(params[:id])
+  end
+
+  def insert_pagination_headers
+    set_pagination_headers(next_path, prev_path)
+  end
+
+  def next_path
+    api_v1_admin_canonical_email_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue?
+  end
+
+  def prev_path
+    api_v1_admin_canonical_email_blocks_url(pagination_params(min_id: pagination_since_id)) unless @canonical_email_blocks.empty?
+  end
+
+  def pagination_max_id
+    @canonical_email_blocks.last.id
+  end
+
+  def pagination_since_id
+    @canonical_email_blocks.first.id
+  end
+
+  def records_continue?
+    @canonical_email_blocks.size == limit_param(LIMIT)
+  end
+
+  def pagination_params(core_params)
+    params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
+  end
+end
diff --git a/app/helpers/admin/action_logs_helper.rb b/app/helpers/admin/action_logs_helper.rb
index 3e9fe17f4..fd1977ac5 100644
--- a/app/helpers/admin/action_logs_helper.rb
+++ b/app/helpers/admin/action_logs_helper.rb
@@ -9,8 +9,6 @@ module Admin::ActionLogsHelper
       link_to log.human_identifier, admin_account_path(log.route_param)
     when 'UserRole'
       link_to log.human_identifier, admin_roles_path(log.target_id)
-    when 'CustomEmoji'
-      log.human_identifier
     when 'Report'
       link_to "##{log.human_identifier}", admin_report_path(log.target_id)
     when 'DomainBlock', 'DomainAllow', 'EmailDomainBlock', 'UnavailableDomain'
@@ -21,10 +19,10 @@ module Admin::ActionLogsHelper
       link_to log.human_identifier, admin_account_path(log.target_id)
     when 'Announcement'
       link_to truncate(log.human_identifier), edit_admin_announcement_path(log.target_id)
-    when 'IpBlock'
-      log.human_identifier
-    when 'Instance'
+    when 'IpBlock', 'Instance', 'CustomEmoji'
       log.human_identifier
+    when 'CanonicalEmailBlock'
+      content_tag(:samp, log.human_identifier[0...7], title: log.human_identifier)
     when 'Appeal'
       link_to log.human_identifier, disputes_strike_path(log.route_param)
     end
diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb
index 6382cd782..c7a7e1a4c 100644
--- a/app/models/admin/action_log_filter.rb
+++ b/app/models/admin/action_log_filter.rb
@@ -22,18 +22,22 @@ class Admin::ActionLogFilter
     create_domain_allow: { target_type: 'DomainAllow', action: 'create' }.freeze,
     create_domain_block: { target_type: 'DomainBlock', action: 'create' }.freeze,
     create_email_domain_block: { target_type: 'EmailDomainBlock', action: 'create' }.freeze,
+    create_ip_block: { target_type: 'IpBlock', action: 'create' }.freeze,
     create_unavailable_domain: { target_type: 'UnavailableDomain', action: 'create' }.freeze,
     create_user_role: { target_type: 'UserRole', action: 'create' }.freeze,
+    create_canonical_email_block: { target_type: 'CanonicalEmailBlock', action: 'create' }.freeze,
     demote_user: { target_type: 'User', action: 'demote' }.freeze,
     destroy_announcement: { target_type: 'Announcement', action: 'destroy' }.freeze,
     destroy_custom_emoji: { target_type: 'CustomEmoji', action: 'destroy' }.freeze,
     destroy_domain_allow: { target_type: 'DomainAllow', action: 'destroy' }.freeze,
     destroy_domain_block: { target_type: 'DomainBlock', action: 'destroy' }.freeze,
+    destroy_ip_block: { target_type: 'IpBlock', action: 'destroy' }.freeze,
     destroy_email_domain_block: { target_type: 'EmailDomainBlock', action: 'destroy' }.freeze,
     destroy_instance: { target_type: 'Instance', action: 'destroy' }.freeze,
     destroy_unavailable_domain: { target_type: 'UnavailableDomain', action: 'destroy' }.freeze,
     destroy_status: { target_type: 'Status', action: 'destroy' }.freeze,
     destroy_user_role: { target_type: 'UserRole', action: 'destroy' }.freeze,
+    destroy_canonical_email_block: { target_type: 'CanonicalEmailBlock', action: 'destroy' }.freeze,
     disable_2fa_user: { target_type: 'User', action: 'disable' }.freeze,
     disable_custom_emoji: { target_type: 'CustomEmoji', action: 'disable' }.freeze,
     disable_user: { target_type: 'User', action: 'disable' }.freeze,
@@ -56,6 +60,7 @@ class Admin::ActionLogFilter
     update_custom_emoji: { target_type: 'CustomEmoji', action: 'update' }.freeze,
     update_status: { target_type: 'Status', action: 'update' }.freeze,
     update_user_role: { target_type: 'UserRole', action: 'update' }.freeze,
+    update_ip_block: { target_type: 'IpBlock', action: 'update' }.freeze,
     unblock_email_account: { target_type: 'Account', action: 'unblock_email' }.freeze,
   }.freeze
 
diff --git a/app/models/canonical_email_block.rb b/app/models/canonical_email_block.rb
index 94781386c..1eb69ac67 100644
--- a/app/models/canonical_email_block.rb
+++ b/app/models/canonical_email_block.rb
@@ -5,27 +5,30 @@
 #
 #  id                   :bigint(8)        not null, primary key
 #  canonical_email_hash :string           default(""), not null
-#  reference_account_id :bigint(8)        not null
+#  reference_account_id :bigint(8)
 #  created_at           :datetime         not null
 #  updated_at           :datetime         not null
 #
 
 class CanonicalEmailBlock < ApplicationRecord
   include EmailHelper
+  include Paginable
 
-  belongs_to :reference_account, class_name: 'Account'
+  belongs_to :reference_account, class_name: 'Account', optional: true
 
   validates :canonical_email_hash, presence: true, uniqueness: true
 
+  scope :matching_email, ->(email) { where(canonical_email_hash: email_to_canonical_email_hash(email)) }
+
+  def to_log_human_identifier
+    canonical_email_hash
+  end
+
   def email=(email)
     self.canonical_email_hash = email_to_canonical_email_hash(email)
   end
 
   def self.block?(email)
-    where(canonical_email_hash: email_to_canonical_email_hash(email)).exists?
-  end
-
-  def self.find_blocks(email)
-    where(canonical_email_hash: email_to_canonical_email_hash(email))
+    matching_email(email).exists?
   end
 end
diff --git a/app/policies/canonical_email_block_policy.rb b/app/policies/canonical_email_block_policy.rb
new file mode 100644
index 000000000..8d76075c9
--- /dev/null
+++ b/app/policies/canonical_email_block_policy.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class CanonicalEmailBlockPolicy < ApplicationPolicy
+  def index?
+    role.can?(:manage_blocks)
+  end
+
+  def show?
+    role.can?(:manage_blocks)
+  end
+
+  def test?
+    role.can?(:manage_blocks)
+  end
+
+  def create?
+    role.can?(:manage_blocks)
+  end
+
+  def destroy?
+    role.can?(:manage_blocks)
+  end
+end
diff --git a/app/serializers/rest/admin/canonical_email_block_serializer.rb b/app/serializers/rest/admin/canonical_email_block_serializer.rb
new file mode 100644
index 000000000..fe385940a
--- /dev/null
+++ b/app/serializers/rest/admin/canonical_email_block_serializer.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class REST::Admin::CanonicalEmailBlockSerializer < ActiveModel::Serializer
+  attributes :id, :canonical_email_hash
+
+  def id
+    object.id.to_s
+  end
+end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 72ebfafba..0b721c163 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -239,6 +239,7 @@ en:
         confirm_user: Confirm User
         create_account_warning: Create Warning
         create_announcement: Create Announcement
+        create_canonical_email_block: Create E-mail Block
         create_custom_emoji: Create Custom Emoji
         create_domain_allow: Create Domain Allow
         create_domain_block: Create Domain Block
@@ -248,6 +249,7 @@ en:
         create_user_role: Create Role
         demote_user: Demote User
         destroy_announcement: Delete Announcement
+        destroy_canonical_email_block: Delete E-mail Block
         destroy_custom_emoji: Delete Custom Emoji
         destroy_domain_allow: Delete Domain Allow
         destroy_domain_block: Delete Domain Block
@@ -283,6 +285,7 @@ en:
         update_announcement: Update Announcement
         update_custom_emoji: Update Custom Emoji
         update_domain_block: Update Domain Block
+        update_ip_block: Update IP rule
         update_status: Update Post
         update_user_role: Update Role
       actions:
@@ -294,6 +297,7 @@ en:
         confirm_user_html: "%{name} confirmed e-mail address of user %{target}"
         create_account_warning_html: "%{name} sent a warning to %{target}"
         create_announcement_html: "%{name} created new announcement %{target}"
+        create_canonical_email_block_html: "%{name} blocked e-mail with the hash %{target}"
         create_custom_emoji_html: "%{name} uploaded new emoji %{target}"
         create_domain_allow_html: "%{name} allowed federation with domain %{target}"
         create_domain_block_html: "%{name} blocked domain %{target}"
@@ -303,6 +307,7 @@ en:
         create_user_role_html: "%{name} created %{target} role"
         demote_user_html: "%{name} demoted user %{target}"
         destroy_announcement_html: "%{name} deleted announcement %{target}"
+        destroy_canonical_email_block_html: "%{name} unblocked e-mail with the hash %{target}"
         destroy_custom_emoji_html: "%{name} deleted emoji %{target}"
         destroy_domain_allow_html: "%{name} disallowed federation with domain %{target}"
         destroy_domain_block_html: "%{name} unblocked domain %{target}"
@@ -338,6 +343,7 @@ en:
         update_announcement_html: "%{name} updated announcement %{target}"
         update_custom_emoji_html: "%{name} updated emoji %{target}"
         update_domain_block_html: "%{name} updated domain block for %{target}"
+        update_ip_block_html: "%{name} changed rule for IP %{target}"
         update_status_html: "%{name} updated post by %{target}"
         update_user_role_html: "%{name} changed %{target} role"
       empty: No logs found.
diff --git a/config/routes.rb b/config/routes.rb
index 1168c9aee..8694a6436 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -602,6 +602,12 @@ Rails.application.routes.draw do
         post :measures, to: 'measures#create'
         post :dimensions, to: 'dimensions#create'
         post :retention, to: 'retention#create'
+
+        resources :canonical_email_blocks, only: [:index, :create, :show, :destroy] do
+          collection do
+            post :test
+          end
+        end
       end
     end
 
diff --git a/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb b/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb
new file mode 100644
index 000000000..5b3ec4727
--- /dev/null
+++ b/db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb
@@ -0,0 +1,5 @@
+class ChangeCanonicalEmailBlocksNullable < ActiveRecord::Migration[6.1]
+  def change
+    safety_assured { change_column :canonical_email_blocks, :reference_account_id, :bigint, null: true, default: nil }
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 83fd9549c..db22f538a 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2022_08_24_164532) do
+ActiveRecord::Schema.define(version: 2022_08_27_195229) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -296,7 +296,7 @@ ActiveRecord::Schema.define(version: 2022_08_24_164532) do
 
   create_table "canonical_email_blocks", force: :cascade do |t|
     t.string "canonical_email_hash", default: "", null: false
-    t.bigint "reference_account_id", null: false
+    t.bigint "reference_account_id"
     t.datetime "created_at", precision: 6, null: false
     t.datetime "updated_at", precision: 6, null: false
     t.index ["canonical_email_hash"], name: "index_canonical_email_blocks_on_canonical_email_hash", unique: true
diff --git a/lib/mastodon/canonical_email_blocks_cli.rb b/lib/mastodon/canonical_email_blocks_cli.rb
index 64b72e603..ec228d466 100644
--- a/lib/mastodon/canonical_email_blocks_cli.rb
+++ b/lib/mastodon/canonical_email_blocks_cli.rb
@@ -18,17 +18,15 @@ module Mastodon
       When suspending a local user, a hash of a "canonical" version of their e-mail
       address is stored to prevent them from signing up again.
 
-      This command can be used to find whether a known email address is blocked,
-      and if so, which account it was attached to.
+      This command can be used to find whether a known email address is blocked.
     LONG_DESC
     def find(email)
-      accts = CanonicalEmailBlock.find_blocks(email).map(&:reference_account).map(&:acct).to_a
+      accts = CanonicalEmailBlock.matching_email(email)
+
       if accts.empty?
-        say("#{email} is not blocked", :yellow)
+        say("#{email} is not blocked", :green)
       else
-        accts.each do |acct|
-          say(acct, :white)
-        end
+        say("#{email} is blocked", :red)
       end
     end
 
@@ -40,24 +38,13 @@ module Mastodon
       This command allows removing a canonical email block.
     LONG_DESC
     def remove(email)
-      blocks = CanonicalEmailBlock.find_blocks(email)
+      blocks = CanonicalEmailBlock.matching_email(email)
+
       if blocks.empty?
-        say("#{email} is not blocked", :yellow)
+        say("#{email} is not blocked", :green)
       else
         blocks.destroy_all
-        say("Removed canonical email block for #{email}", :green)
-      end
-    end
-
-    private
-
-    def color(processed, failed)
-      if !processed.zero? && failed.zero?
-        :green
-      elsif failed.zero?
-        :yellow
-      else
-        :red
+        say("Unblocked #{email}", :green)
       end
     end
   end
author	Eugen Rochko <eugen@zeonfederated.com>	2022-08-28 03:31:54 +0200
committer	GitHub <noreply@github.com>	2022-08-28 03:31:54 +0200
commit	c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1 (patch)
tree	4a5b8cbce1e63c42d79c6feb8606343bdb26313b
parent	b399d79545e5e5430cb9d6a2c936efc244b69a75 (diff)
download	mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.tar mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.tar.gz mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.tar.bz2 mastodon-c556c3a0d1e54a6b07bbdd8f76cbb43672a91fd1.zip