406adfca27* Fix 2FA/sign-in token sessions being valid after password change (#14802) If someone tries logging in to an account and is prompted for a 2FA code or sign-in token, even if the account's password or e-mail is updated in the meantime, the session will show the prompt and allow the login process to complete with a valid 2FA code or sign-in token * Fix Move handler not being triggered when failing to fetch target (#15107) When failing to fetch the target account, the ProcessingWorker fails as expected, but since it hasn't cleared the `move_in_progress` flag, the next attempt at processing skips the `Move` activity altogether. This commit changes it to clear the flag when encountering any unexpected error on fetching the target account. This is likely to occur because, of, e.g., a timeout, when many instances query the same actor at the same time. * Fix slow distinct queries where grouped queries are faster (#15287) About 2x speed-up on inboxes query * Fix possible inconsistencies in tag search (#14906) Do not downcase the queried tag before passing it to postgres when searching: - tags are not downcased on creation - `arel_table[:name].lower.matches(pattern)` generates an ILIKE anyway - if Postgres and Rails happen to use different case-folding rules, downcasing before query but not before insertion may mean that some tags with some casings are not searchable * Fix updating account counters when account_stat is not yet created (#15108) * Fix account processing failing because of large collections (#15027) Fixes #15025 * Fix downloading remote media files when server returns empty filename (#14867) Fixes #14817 * Fix webfinger redirect handling in ResolveAccountService (#15187) * Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests * Remove dependency on unused and unmaintained http_parser.rb gem (#14574) It seems that years ago, the “http” gem dependend on the “http_parser.rb” gem (it now depends on the “http-parser” gem), and, still years ago, we pulled it from git in order to benefit from a bugfix that wasn't released yet (#7467). * Add tootctl maintenance fix-duplicates (#14860, #15201, #15264, #15349, #15359) * Fix old migration script not being able to run if it fails midway (#15361) * Fix old migration script not being able to run if it fails midway Improve the robustness of a migration script likely to fail because of database corruption so it can run again once database corruptions are fixed. * Display a specific error message in case of index corruption Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
74 lines
1.7 KiB
Ruby
74 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Form::AccountBatch
|
|
include ActiveModel::Model
|
|
include Authorization
|
|
include Payloadable
|
|
|
|
attr_accessor :account_ids, :action, :current_account
|
|
|
|
def save
|
|
case action
|
|
when 'unfollow'
|
|
unfollow!
|
|
when 'remove_from_followers'
|
|
remove_from_followers!
|
|
when 'block_domains'
|
|
block_domains!
|
|
when 'approve'
|
|
approve!
|
|
when 'reject'
|
|
reject!
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def unfollow!
|
|
accounts.find_each do |target_account|
|
|
UnfollowService.new.call(current_account, target_account)
|
|
end
|
|
end
|
|
|
|
def remove_from_followers!
|
|
current_account.passive_relationships.where(account_id: account_ids).find_each do |follow|
|
|
reject_follow!(follow)
|
|
end
|
|
end
|
|
|
|
def block_domains!
|
|
AfterAccountDomainBlockWorker.push_bulk(account_domains) do |domain|
|
|
[current_account.id, domain]
|
|
end
|
|
end
|
|
|
|
def account_domains
|
|
accounts.group(:domain).pluck(:domain).compact
|
|
end
|
|
|
|
def accounts
|
|
Account.where(id: account_ids)
|
|
end
|
|
|
|
def reject_follow!(follow)
|
|
follow.destroy
|
|
|
|
return unless follow.account.activitypub?
|
|
|
|
ActivityPub::DeliveryWorker.perform_async(Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), current_account.id, follow.account.inbox_url)
|
|
end
|
|
|
|
def approve!
|
|
users = accounts.includes(:user).map(&:user)
|
|
|
|
users.each { |user| authorize(user, :approve?) }
|
|
.each(&:approve!)
|
|
end
|
|
|
|
def reject!
|
|
records = accounts.includes(:user)
|
|
|
|
records.each { |account| authorize(account.user, :reject?) }
|
|
.each { |account| SuspendAccountService.new.call(account, reserve_email: false, reserve_username: false) }
|
|
end
|
|
end
|