1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00

Compare commits

...

4 commits

16 changed files with 53 additions and 77 deletions

View file

@ -40,7 +40,6 @@ Style/FetchEnvVar:
- 'config/environments/production.rb' - 'config/environments/production.rb'
- 'config/initializers/2_limited_federation_mode.rb' - 'config/initializers/2_limited_federation_mode.rb'
- 'config/initializers/3_omniauth.rb' - 'config/initializers/3_omniauth.rb'
- 'config/initializers/blacklists.rb'
- 'config/initializers/cache_buster.rb' - 'config/initializers/cache_buster.rb'
- 'config/initializers/devise.rb' - 'config/initializers/devise.rb'
- 'config/initializers/paperclip.rb' - 'config/initializers/paperclip.rb'

View file

@ -60,7 +60,7 @@ export interface BaseNotificationGroupJSON {
interface NotificationGroupWithStatusJSON extends BaseNotificationGroupJSON { interface NotificationGroupWithStatusJSON extends BaseNotificationGroupJSON {
type: NotificationWithStatusType; type: NotificationWithStatusType;
status: ApiStatusJSON; status_id: string;
} }
interface NotificationWithStatusJSON extends BaseNotificationJSON { interface NotificationWithStatusJSON extends BaseNotificationJSON {

View file

@ -49,22 +49,15 @@ export const FilteredNotificationsBanner: React.FC = () => {
<span> <span>
<FormattedMessage <FormattedMessage
id='filtered_notifications_banner.pending_requests' id='filtered_notifications_banner.pending_requests'
defaultMessage='Notifications from {count, plural, =0 {no one} one {one person} other {# people}} you may know' defaultMessage='From {count, plural, =0 {no one} one {one person} other {# people}} you may know'
values={{ count: policy.summary.pending_requests_count }} values={{ count: policy.summary.pending_requests_count }}
/> />
</span> </span>
</div> </div>
<div className='filtered-notifications-banner__badge'> <div className='filtered-notifications-banner__badge'>
<div className='filtered-notifications-banner__badge__badge'>
{toCappedNumber(policy.summary.pending_notifications_count)} {toCappedNumber(policy.summary.pending_notifications_count)}
</div> </div>
<FormattedMessage
id='filtered_notifications_banner.mentions'
defaultMessage='{count, plural, one {mention} other {mentions}}'
values={{ count: policy.summary.pending_notifications_count }}
/>
</div>
</Link> </Link>
); );
}; };

View file

@ -300,8 +300,7 @@
"filter_modal.select_filter.subtitle": "Use an existing category or create a new one", "filter_modal.select_filter.subtitle": "Use an existing category or create a new one",
"filter_modal.select_filter.title": "Filter this post", "filter_modal.select_filter.title": "Filter this post",
"filter_modal.title.status": "Filter a post", "filter_modal.title.status": "Filter a post",
"filtered_notifications_banner.mentions": "{count, plural, one {mention} other {mentions}}", "filtered_notifications_banner.pending_requests": "From {count, plural, =0 {no one} one {one person} other {# people}} you may know",
"filtered_notifications_banner.pending_requests": "Notifications from {count, plural, =0 {no one} one {one person} other {# people}} you may know",
"filtered_notifications_banner.title": "Filtered notifications", "filtered_notifications_banner.title": "Filtered notifications",
"firehose.all": "All", "firehose.all": "All",
"firehose.local": "This server", "firehose.local": "This server",

View file

@ -124,9 +124,9 @@ export function createNotificationGroupFromJSON(
case 'mention': case 'mention':
case 'poll': case 'poll':
case 'update': { case 'update': {
const { status, ...groupWithoutStatus } = group; const { status_id: statusId, ...groupWithoutStatus } = group;
return { return {
statusId: status.id, statusId,
sampleAccountIds, sampleAccountIds,
...groupWithoutStatus, ...groupWithoutStatus,
}; };

View file

@ -10170,20 +10170,6 @@ noscript {
} }
} }
&__badge {
display: flex;
align-items: center;
border-radius: 999px;
background: var(--background-border-color);
color: $darker-text-color;
padding: 4px;
padding-inline-end: 8px;
gap: 6px;
font-weight: 500;
font-size: 11px;
line-height: 16px;
word-break: keep-all;
&__badge { &__badge {
background: $ui-button-background-color; background: $ui-button-background-color;
color: $white; color: $white;
@ -10191,7 +10177,6 @@ noscript {
padding: 2px 8px; padding: 2px 8px;
} }
} }
}
.notification-request { .notification-request {
display: flex; display: flex;

View file

@ -100,7 +100,7 @@ class User < ApplicationRecord
validates :email, presence: true, email_address: true validates :email, presence: true, email_address: true
validates_with BlacklistedEmailValidator, if: -> { ENV['EMAIL_DOMAIN_LISTS_APPLY_AFTER_CONFIRMATION'] == 'true' || !confirmed? } validates_with UserEmailValidator, if: -> { ENV['EMAIL_DOMAIN_LISTS_APPLY_AFTER_CONFIRMATION'] == 'true' || !confirmed? }
validates_with EmailMxValidator, if: :validate_email_dns? validates_with EmailMxValidator, if: :validate_email_dns?
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create

View file

@ -15,7 +15,7 @@ class EmailMxValidator < ActiveModel::Validator
if resolved_ips.empty? if resolved_ips.empty?
user.errors.add(:email, :unreachable) user.errors.add(:email, :unreachable)
elsif on_blacklist?(resolved_domains, user.sign_up_ip) elsif email_domain_blocked?(resolved_domains, user.sign_up_ip)
user.errors.add(:email, :blocked) user.errors.add(:email, :blocked)
end end
end end
@ -34,9 +34,9 @@ class EmailMxValidator < ActiveModel::Validator
end end
def on_allowlist?(domain) def on_allowlist?(domain)
return false if Rails.configuration.x.email_domains_whitelist.blank? return false if Rails.configuration.x.email_domains_allowlist.blank?
Rails.configuration.x.email_domains_whitelist.include?(domain) Rails.configuration.x.email_domains_allowlist.include?(domain)
end end
def resolve_mx(domain) def resolve_mx(domain)
@ -58,7 +58,7 @@ class EmailMxValidator < ActiveModel::Validator
[ips, records] [ips, records]
end end
def on_blacklist?(domains, attempt_ip) def email_domain_blocked?(domains, attempt_ip)
EmailDomainBlock.block?(domains, attempt_ip: attempt_ip) EmailDomainBlock.block?(domains, attempt_ip: attempt_ip)
end end
end end

View file

@ -1,6 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
class BlacklistedEmailValidator < ActiveModel::Validator class UserEmailValidator < ActiveModel::Validator
def validate(user) def validate(user)
return if user.valid_invitation? || user.email.blank? return if user.valid_invitation? || user.email.blank?
@ -23,18 +23,18 @@ class BlacklistedEmailValidator < ActiveModel::Validator
end end
def not_allowed_through_configuration?(email) def not_allowed_through_configuration?(email)
return false if Rails.configuration.x.email_domains_whitelist.blank? return false if Rails.configuration.x.email_domains_allowlist.blank?
domains = Rails.configuration.x.email_domains_whitelist.gsub('.', '\.') domains = Rails.configuration.x.email_domains_allowlist.gsub('.', '\.')
regexp = Regexp.new("@(.+\\.)?(#{domains})$", true) regexp = Regexp.new("@(.+\\.)?(#{domains})$", true)
email !~ regexp email !~ regexp
end end
def disallowed_through_configuration?(email) def disallowed_through_configuration?(email)
return false if Rails.configuration.x.email_domains_blacklist.blank? return false if Rails.configuration.x.email_domains_denylist.blank?
domains = Rails.configuration.x.email_domains_blacklist.gsub('.', '\.') domains = Rails.configuration.x.email_domains_denylist.gsub('.', '\.')
regexp = Regexp.new("@(.+\\.)?(#{domains})", true) regexp = Regexp.new("@(.+\\.)?(#{domains})", true)
regexp.match?(email) regexp.match?(email)

View file

@ -11,7 +11,7 @@ class Scheduler::AutoCloseRegistrationsScheduler
OPEN_REGISTRATIONS_MODERATOR_THRESHOLD = 1.week + UserTrackingConcern::SIGN_IN_UPDATE_FREQUENCY OPEN_REGISTRATIONS_MODERATOR_THRESHOLD = 1.week + UserTrackingConcern::SIGN_IN_UPDATE_FREQUENCY
def perform def perform
return if Rails.configuration.x.email_domains_whitelist.present? || ENV['DISABLE_AUTOMATIC_SWITCHING_TO_APPROVED_REGISTRATIONS'] == 'true' return if Rails.configuration.x.email_domains_allowlist.present? || ENV['DISABLE_AUTOMATIC_SWITCHING_TO_APPROVED_REGISTRATIONS'] == 'true'
return unless Setting.registrations_mode == 'open' return unless Setting.registrations_mode == 'open'
switch_to_approval_mode! unless active_moderators? switch_to_approval_mode! unless active_moderators?

View file

@ -1,6 +0,0 @@
# frozen_string_literal: true
Rails.application.configure do
config.x.email_domains_blacklist = (ENV['EMAIL_DOMAIN_DENYLIST'] || ENV['EMAIL_DOMAIN_BLACKLIST']) || ''
config.x.email_domains_whitelist = (ENV['EMAIL_DOMAIN_ALLOWLIST'] || ENV['EMAIL_DOMAIN_WHITELIST']) || ''
end

View file

@ -147,7 +147,7 @@ Doorkeeper.configure do
force_ssl_in_redirect_uri false force_ssl_in_redirect_uri false
# Specify what redirect URI's you want to block during Application creation. # Specify what redirect URI's you want to block during Application creation.
# Any redirect URI is whitelisted by default. # Any redirect URI is allowed by default.
# #
# You can use this option in order to forbid URI's with 'javascript' scheme # You can use this option in order to forbid URI's with 'javascript' scheme
# for example. # for example.

View file

@ -0,0 +1,6 @@
# frozen_string_literal: true
Rails.application.configure do
config.x.email_domains_denylist = ENV.fetch('EMAIL_DOMAIN_DENYLIST', nil) || ENV.fetch('EMAIL_DOMAIN_BLACKLIST', '')
config.x.email_domains_allowlist = ENV.fetch('EMAIL_DOMAIN_ALLOWLIST', nil) || ENV.fetch('EMAIL_DOMAIN_WHITELIST', '')
end

View file

@ -182,30 +182,30 @@ RSpec.describe User do
end end
end end
describe 'blacklist' do describe 'email domains denylist integration' do
around do |example| around do |example|
old_blacklist = Rails.configuration.x.email_blacklist original = Rails.configuration.x.email_domains_denylist
Rails.configuration.x.email_domains_blacklist = 'mvrht.com' Rails.configuration.x.email_domains_denylist = 'mvrht.com'
example.run example.run
Rails.configuration.x.email_domains_blacklist = old_blacklist Rails.configuration.x.email_domains_denylist = original
end end
it 'allows a non-blacklisted user to be created' do it 'allows a user with an email domain that is not on the denylist to be created' do
user = described_class.new(email: 'foo@example.com', account: account, password: password, agreement: true) user = described_class.new(email: 'foo@example.com', account: account, password: password, agreement: true)
expect(user).to be_valid expect(user).to be_valid
end end
it 'does not allow a blacklisted user to be created' do it 'does not allow a user with an email domain on the deylist to be created' do
user = described_class.new(email: 'foo@mvrht.com', account: account, password: password, agreement: true) user = described_class.new(email: 'foo@mvrht.com', account: account, password: password, agreement: true)
expect(user).to_not be_valid expect(user).to_not be_valid
end end
it 'does not allow a subdomain blacklisted user to be created' do it 'does not allow a user with an email where the subdomain is on the denylist to be created' do
user = described_class.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password, agreement: true) user = described_class.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password, agreement: true)
expect(user).to_not be_valid expect(user).to_not be_valid
@ -374,43 +374,43 @@ RSpec.describe User do
end end
end end
describe 'whitelist' do describe 'allowlist integration' do
around do |example| around do |example|
old_whitelist = Rails.configuration.x.email_domains_whitelist original = Rails.configuration.x.email_domains_allowlist
Rails.configuration.x.email_domains_whitelist = 'mastodon.space' Rails.configuration.x.email_domains_allowlist = 'mastodon.space'
example.run example.run
Rails.configuration.x.email_domains_whitelist = old_whitelist Rails.configuration.x.email_domains_allowlist = original
end end
it 'does not allow a user to be created unless they are whitelisted' do it 'does not allow a user to be created when their email is not on the allowlist' do
user = described_class.new(email: 'foo@example.com', account: account, password: password, agreement: true) user = described_class.new(email: 'foo@example.com', account: account, password: password, agreement: true)
expect(user).to_not be_valid expect(user).to_not be_valid
end end
it 'allows a user to be created if they are whitelisted' do it 'allows a user to be created when their email is on the allowlist' do
user = described_class.new(email: 'foo@mastodon.space', account: account, password: password, agreement: true) user = described_class.new(email: 'foo@mastodon.space', account: account, password: password, agreement: true)
expect(user).to be_valid expect(user).to be_valid
end end
it 'does not allow a user with a whitelisted top domain as subdomain in their email address to be created' do it 'does not allow a user with an email subdomain included on the top level domain allowlist to be created' do
user = described_class.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password, agreement: true) user = described_class.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password, agreement: true)
expect(user).to_not be_valid expect(user).to_not be_valid
end end
context 'with a blacklisted subdomain' do context 'with a subdomain on the denylist' do
around do |example| around do |example|
old_blacklist = Rails.configuration.x.email_blacklist original = Rails.configuration.x.email_domains_denylist
example.run example.run
Rails.configuration.x.email_domains_blacklist = old_blacklist Rails.configuration.x.email_domains_denylist = original
end end
it 'does not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do it 'does not allow a user to be created with an email subdomain on the denylist even if the top domain is on the allowlist' do
Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space' Rails.configuration.x.email_domains_denylist = 'denylisted.mastodon.space'
user = described_class.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password) user = described_class.new(email: 'foo@denylisted.mastodon.space', account: account, password: password)
expect(user).to_not be_valid expect(user).to_not be_valid
end end
end end

View file

@ -9,10 +9,10 @@ describe EmailMxValidator do
context 'with an e-mail domain that is explicitly allowed' do context 'with an e-mail domain that is explicitly allowed' do
around do |block| around do |block|
tmp = Rails.configuration.x.email_domains_whitelist tmp = Rails.configuration.x.email_domains_allowlist
Rails.configuration.x.email_domains_whitelist = 'example.com' Rails.configuration.x.email_domains_allowlist = 'example.com'
block.call block.call
Rails.configuration.x.email_domains_whitelist = tmp Rails.configuration.x.email_domains_allowlist = tmp
end end
it 'does not add errors if there are no DNS records' do it 'does not add errors if there are no DNS records' do
@ -69,7 +69,7 @@ describe EmailMxValidator do
expect(user.errors).to have_received(:add) expect(user.errors).to have_received(:add)
end end
it 'adds an error if the MX record is blacklisted' do it 'adds an error if the MX record has an email domain block' do
EmailDomainBlock.create!(domain: 'mail.example.com') EmailDomainBlock.create!(domain: 'mail.example.com')
configure_resolver( configure_resolver(

View file

@ -2,7 +2,7 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe BlacklistedEmailValidator do RSpec.describe UserEmailValidator do
describe '#validate' do describe '#validate' do
subject { described_class.new.validate(user) } subject { described_class.new.validate(user) }