From 4fb0aae636316e79b3c13c4000fda7765fa9474f Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Fri, 4 Nov 2022 13:19:12 +0100
Subject: [PATCH] Change mentions of blocked users to not be processed (#19725)

Fixes #19698
---
 app/services/process_mentions_service.rb      |  10 ++
 .../services/process_mentions_service_spec.rb | 126 +++++++++++-------
 2 files changed, 87 insertions(+), 49 deletions(-)

diff --git a/app/services/process_mentions_service.rb b/app/services/process_mentions_service.rb
index c9c158af1..b117db8c2 100644
--- a/app/services/process_mentions_service.rb
+++ b/app/services/process_mentions_service.rb
@@ -66,6 +66,16 @@ class ProcessMentionsService < BaseService
   end
 
   def assign_mentions!
+    # Make sure we never mention blocked accounts
+    unless @current_mentions.empty?
+      mentioned_domains = @current_mentions.map { |m| m.account.domain }.compact.uniq
+      blocked_domains   = Set.new(mentioned_domains.empty? ? [] : AccountDomainBlock.where(account_id: @status.account_id, domain: mentioned_domains))
+      mentioned_account_ids = @current_mentions.map(&:account_id)
+      blocked_account_ids = Set.new(@status.account.block_relationships.where(target_account_id: mentioned_account_ids).pluck(:target_account_id))
+
+      @current_mentions.select! { |mention| !(blocked_account_ids.include?(mention.account_id) || blocked_domains.include?(mention.account.domain)) }
+    end
+
     @current_mentions.each do |mention|
       mention.save if mention.new_record?
     end
diff --git a/spec/services/process_mentions_service_spec.rb b/spec/services/process_mentions_service_spec.rb
index 89b265e9a..5b9d17a4c 100644
--- a/spec/services/process_mentions_service_spec.rb
+++ b/spec/services/process_mentions_service_spec.rb
@@ -1,63 +1,91 @@
 require 'rails_helper'
 
 RSpec.describe ProcessMentionsService, type: :service do
-  let(:account)    { Fabricate(:account, username: 'alice') }
-  let(:visibility) { :public }
-  let(:status)     { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}", visibility: visibility) }
+  let(:account) { Fabricate(:account, username: 'alice') }
 
   subject { ProcessMentionsService.new }
 
-  context 'ActivityPub' do
-    context do
-      let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') }
-
-      before do
-        subject.call(status)
-      end
-
-      it 'creates a mention' do
-        expect(remote_user.mentions.where(status: status).count).to eq 1
-      end
-    end
-
-    context 'with an IDN domain' do
-      let!(:remote_user) { Fabricate(:account, username: 'sneak', protocol: :activitypub, domain: 'xn--hresiar-mxa.ch', inbox_url: 'http://example.com/inbox') }
-      let!(:status) { Fabricate(:status, account: account, text: "Hello @sneak@hæresiar.ch") }
-
-      before do
-        subject.call(status)
-      end
-
-      it 'creates a mention' do
-        expect(remote_user.mentions.where(status: status).count).to eq 1
-      end
-    end
-
-    context 'with an IDN TLD' do
-      let!(:remote_user) { Fabricate(:account, username: 'foo', protocol: :activitypub, domain: 'xn--y9a3aq.xn--y9a3aq', inbox_url: 'http://example.com/inbox') }
-      let!(:status) { Fabricate(:status, account: account, text: "Hello @foo@հայ.հայ") }
-
-      before do
-        subject.call(status)
-      end
-
-      it 'creates a mention' do
-        expect(remote_user.mentions.where(status: status).count).to eq 1
-      end
-    end
-  end
-
-  context 'Temporarily-unreachable ActivityPub user' do
-    let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox', last_webfingered_at: nil) }
+  context 'when mentions contain blocked accounts' do
+    let(:non_blocked_account)          { Fabricate(:account) }
+    let(:individually_blocked_account) { Fabricate(:account) }
+    let(:domain_blocked_account)       { Fabricate(:account, domain: 'evil.com') }
+    let(:status) { Fabricate(:status, account: account, text: "Hello @#{non_blocked_account.acct} @#{individually_blocked_account.acct} @#{domain_blocked_account.acct}", visibility: :public) }
 
     before do
-      stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404)
-      stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:remote_user@example.com").to_return(status: 500)
+      account.block!(individually_blocked_account)
+      account.domain_blocks.create!(domain: domain_blocked_account.domain)
+
       subject.call(status)
     end
 
-    it 'creates a mention' do
-      expect(remote_user.mentions.where(status: status).count).to eq 1
+    it 'creates a mention to the non-blocked account' do
+      expect(non_blocked_account.mentions.where(status: status).count).to eq 1
+    end
+
+    it 'does not create a mention to the individually blocked account' do
+      expect(individually_blocked_account.mentions.where(status: status).count).to eq 0
+    end
+
+    it 'does not create a mention to the domain-blocked account' do
+      expect(domain_blocked_account.mentions.where(status: status).count).to eq 0
+    end
+  end
+
+  context 'resolving a mention to a remote account' do
+    let(:status) { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}", visibility: :public) }
+
+    context 'ActivityPub' do
+      context do
+        let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') }
+
+        before do
+          subject.call(status)
+        end
+
+        it 'creates a mention' do
+          expect(remote_user.mentions.where(status: status).count).to eq 1
+        end
+      end
+
+      context 'with an IDN domain' do
+        let!(:remote_user) { Fabricate(:account, username: 'sneak', protocol: :activitypub, domain: 'xn--hresiar-mxa.ch', inbox_url: 'http://example.com/inbox') }
+        let!(:status) { Fabricate(:status, account: account, text: "Hello @sneak@hæresiar.ch") }
+
+        before do
+          subject.call(status)
+        end
+
+        it 'creates a mention' do
+          expect(remote_user.mentions.where(status: status).count).to eq 1
+        end
+      end
+
+      context 'with an IDN TLD' do
+        let!(:remote_user) { Fabricate(:account, username: 'foo', protocol: :activitypub, domain: 'xn--y9a3aq.xn--y9a3aq', inbox_url: 'http://example.com/inbox') }
+        let!(:status) { Fabricate(:status, account: account, text: "Hello @foo@հայ.հայ") }
+
+        before do
+          subject.call(status)
+        end
+
+        it 'creates a mention' do
+          expect(remote_user.mentions.where(status: status).count).to eq 1
+        end
+      end
+    end
+
+    context 'Temporarily-unreachable ActivityPub user' do
+      let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox', last_webfingered_at: nil) }
+
+      before do
+        stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404)
+        stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:remote_user@example.com").to_return(status: 500)
+        subject.call(status)
+      end
+
+      it 'creates a mention' do
+        expect(remote_user.mentions.where(status: status).count).to eq 1
+      end
     end
   end
 end