jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: move sockpuppet detection from model to controller.

Browse Source
This commit is contained in:
evazion
2020-03-24 18:41:27 -05:00
parent 50b0b79891
commit cbd713dea8
6 changed files with 7 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/models/user.rb
View File

@@ -78,7 +78,6 @@ class User < ApplicationRecord
validates_inclusion_of :per_page, in: (1..PostSets::Post::MAX_PER_PAGE)
validates_confirmation_of :password
validates_presence_of :comment_threshold
validate :validate_sock_puppets, :on => :create, :if => -> { Danbooru.config.enable_sock_puppet_validation? }
before_validation :normalize_blacklisted_tags
before_create :promote_to_admin_if_first_user
before_create :customize_new_user
@@ -623,14 +622,6 @@ class User < ApplicationRecord
end
end
concerning :SockPuppetMethods do
def validate_sock_puppets
if User.where(last_ip_addr: CurrentUser.ip_addr).where("created_at > ?", 1.day.ago).exists?
errors.add(:last_ip_addr, "was used recently for another account and cannot be reused for another day")
end
end
end
include BanMethods
include PasswordMethods
include AuthenticationMethods

6
app/policies/user_policy.rb
View File

@@ -1,6 +1,6 @@
class UserPolicy < ApplicationPolicy
def create?
true
!sockpuppet?
end
def update?
@@ -27,6 +27,10 @@ class UserPolicy < ApplicationPolicy
user.is_admin? || record.id == user.id || !record.enable_private_favorites?
end
def sockpuppet?
User.where(last_ip_addr: request.remote_ip).where("created_at > ?", 1.day.ago).exists?
end
def permitted_attributes_for_create
[:name, :password, :password_confirmation, { email_address_attributes: [:address] }]
end

5
config/danbooru_default_config.rb
View File

@@ -443,11 +443,6 @@ module Danbooru
false
end
# disable this for tests
def enable_sock_puppet_validation?
true
end
# Enables recording of popular searches, missed searches, and post view
# counts. Requires Reportbooru to be configured and running - see below.
def enable_post_search_counts

7
test/functional/users_controller_test.rb
View File

@@ -170,14 +170,11 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
end
context "with sockpuppet validation enabled" do
setup do
Danbooru.config.unstub(:enable_sock_puppet_validation?)
@user.update(last_ip_addr: "127.0.0.1")
end
should "not allow registering multiple accounts with the same IP" do
assert_difference("User.count", 0) do
@user.update(last_ip_addr: "127.0.0.1")
post users_path, params: {:user => {:name => "dupe", :password => "xxxxx1", :password_confirmation => "xxxxx1"}}
assert_response 403
end
end
end

2
test/test_helper.rb
View File

@@ -69,7 +69,6 @@ class ActiveSupport::TestCase
mock_popular_search_service!
mock_missed_search_service!
WebMock.allow_net_connect!
Danbooru.config.stubs(:enable_sock_puppet_validation?).returns(false)
storage_manager = StorageManager::Local.new(base_dir: "#{Rails.root}/public/data/test")
Danbooru.config.stubs(:storage_manager).returns(storage_manager)
@@ -114,7 +113,6 @@ class ActionDispatch::IntegrationTest
def setup
super
Socket.stubs(:gethostname).returns("www.example.com")
Danbooru.config.stubs(:enable_sock_puppet_validation?).returns(false)
ActionDispatch::IntegrationTest.register_encoder :xml, response_parser: ->(body) { Nokogiri.XML(body) }
end

15
test/unit/user_test.rb
View File

@@ -231,21 +231,6 @@ class UserTest < ActiveSupport::TestCase
end
end
context "that might be a sock puppet" do
setup do
@user = FactoryBot.create(:user, last_ip_addr: "127.0.0.2")
Danbooru.config.unstub(:enable_sock_puppet_validation?)
end
should "not validate" do
CurrentUser.scoped(nil, "127.0.0.2") do
@user = FactoryBot.build(:user)
@user.save
assert_equal(["Last ip addr was used recently for another account and cannot be reused for another day"], @user.errors.full_messages)
end
end
end
context "when searched by name" do
should "match wildcards" do
user1 = FactoryBot.create(:user, :name => "foo")