You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

337 lines
9.3 KiB

Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
  1. # frozen_string_literal: true
  2. # == Schema Information
  3. #
  4. # Table name: users
  5. #
  6. # id :bigint(8) not null, primary key
  7. # email :string default(""), not null
  8. # created_at :datetime not null
  9. # updated_at :datetime not null
  10. # encrypted_password :string default(""), not null
  11. # reset_password_token :string
  12. # reset_password_sent_at :datetime
  13. # remember_created_at :datetime
  14. # sign_in_count :integer default(0), not null
  15. # current_sign_in_at :datetime
  16. # last_sign_in_at :datetime
  17. # current_sign_in_ip :inet
  18. # last_sign_in_ip :inet
  19. # admin :boolean default(FALSE), not null
  20. # confirmation_token :string
  21. # confirmed_at :datetime
  22. # confirmation_sent_at :datetime
  23. # unconfirmed_email :string
  24. # locale :string
  25. # encrypted_otp_secret :string
  26. # encrypted_otp_secret_iv :string
  27. # encrypted_otp_secret_salt :string
  28. # consumed_timestep :integer
  29. # otp_required_for_login :boolean default(FALSE), not null
  30. # last_emailed_at :datetime
  31. # otp_backup_codes :string is an Array
  32. # filtered_languages :string default([]), not null, is an Array
  33. # account_id :bigint(8) not null
  34. # disabled :boolean default(FALSE), not null
  35. # moderator :boolean default(FALSE), not null
  36. # invite_id :bigint(8)
  37. # remember_token :string
  38. #
  39. class User < ApplicationRecord
  40. include Settings::Extend
  41. include Omniauthable
  42. ACTIVE_DURATION = 14.days
  43. devise :two_factor_authenticatable,
  44. otp_secret_encryption_key: Rails.configuration.x.otp_secret
  45. devise :two_factor_backupable,
  46. otp_number_of_backup_codes: 10
  47. devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
  48. :confirmable
  49. devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
  50. devise :omniauthable
  51. belongs_to :account, inverse_of: :user
  52. belongs_to :invite, counter_cache: :uses, optional: true
  53. accepts_nested_attributes_for :account
  54. has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
  55. has_many :backups, inverse_of: :user
  56. validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
  57. validates_with BlacklistedEmailValidator, if: :email_changed?
  58. scope :recent, -> { order(id: :desc) }
  59. scope :admins, -> { where(admin: true) }
  60. scope :moderators, -> { where(moderator: true) }
  61. scope :staff, -> { admins.or(moderators) }
  62. scope :confirmed, -> { where.not(confirmed_at: nil) }
  63. scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) }
  64. scope :active, -> { confirmed.where(arel_table[:current_sign_in_at].gteq(ACTIVE_DURATION.ago)).joins(:account).where(accounts: { suspended: false }) }
  65. scope :matches_email, ->(value) { where(arel_table[:email].matches("#{value}%")) }
  66. scope :with_recent_ip_address, ->(value) { where(arel_table[:current_sign_in_ip].eq(value).or(arel_table[:last_sign_in_ip].eq(value))) }
  67. before_validation :sanitize_languages
  68. # This avoids a deprecation warning from Rails 5.1
  69. # It seems possible that a future release of devise-two-factor will
  70. # handle this itself, and this can be removed from our User class.
  71. attribute :otp_secret
  72. has_many :session_activations, dependent: :destroy
  73. delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :favourite_modal, :delete_modal,
  74. :reduce_motion, :system_font_ui, :noindex, :flavour, :skin, :display_sensitive_media,
  75. to: :settings, prefix: :setting, allow_nil: false
  76. attr_accessor :invite_code
  77. def pam_conflict(_)
  78. # block pam login tries on traditional account
  79. nil
  80. end
  81. def pam_conflict?
  82. return false unless Devise.pam_authentication
  83. encrypted_password.present? && pam_managed_user?
  84. end
  85. def pam_get_name
  86. return account.username if account.present?
  87. super
  88. end
  89. def pam_setup(_attributes)
  90. acc = Account.new(username: pam_get_name)
  91. acc.save!(validate: false)
  92. self.email = "#{acc.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix
  93. self.confirmed_at = Time.now.utc
  94. self.admin = false
  95. self.account = acc
  96. acc.destroy! unless save
  97. end
  98. def ldap_setup(_attributes)
  99. self.confirmed_at = Time.now.utc
  100. self.admin = false
  101. save!
  102. end
  103. def confirmed?
  104. confirmed_at.present?
  105. end
  106. def staff?
  107. admin? || moderator?
  108. end
  109. def role
  110. if admin?
  111. 'admin'
  112. elsif moderator?
  113. 'moderator'
  114. else
  115. 'user'
  116. end
  117. end
  118. def role?(role)
  119. case role
  120. when 'user'
  121. true
  122. when 'moderator'
  123. staff?
  124. when 'admin'
  125. admin?
  126. else
  127. false
  128. end
  129. end
  130. def disable!
  131. update!(disabled: true,
  132. last_sign_in_at: current_sign_in_at,
  133. current_sign_in_at: nil)
  134. end
  135. def enable!
  136. update!(disabled: false)
  137. end
  138. def confirm
  139. new_user = !confirmed?
  140. super
  141. prepare_new_user! if new_user
  142. end
  143. def confirm!
  144. new_user = !confirmed?
  145. skip_confirmation!
  146. save!
  147. prepare_new_user! if new_user
  148. end
  149. def update_tracked_fields!(request)
  150. super
  151. prepare_returning_user!
  152. end
  153. def promote!
  154. if moderator?
  155. update!(moderator: false, admin: true)
  156. elsif !admin?
  157. update!(moderator: true)
  158. end
  159. end
  160. def demote!
  161. if admin?
  162. update!(admin: false, moderator: true)
  163. elsif moderator?
  164. update!(moderator: false)
  165. end
  166. end
  167. def disable_two_factor!
  168. self.otp_required_for_login = false
  169. otp_backup_codes&.clear
  170. save!
  171. end
  172. def active_for_authentication?
  173. super && !disabled?
  174. end
  175. def setting_default_privacy
  176. settings.default_privacy || (account.locked? ? 'private' : 'public')
  177. end
  178. def allows_digest_emails?
  179. settings.notification_emails['digest']
  180. end
  181. def token_for_app(a)
  182. return nil if a.nil? || a.owner != self
  183. Doorkeeper::AccessToken
  184. .find_or_create_by(application_id: a.id, resource_owner_id: id) do |t|
  185. t.scopes = a.scopes
  186. t.expires_in = Doorkeeper.configuration.access_token_expires_in
  187. t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled?
  188. end
  189. end
  190. def activate_session(request)
  191. session_activations.activate(session_id: SecureRandom.hex,
  192. user_agent: request.user_agent,
  193. ip: request.remote_ip).session_id
  194. end
  195. def exclusive_session(id)
  196. session_activations.exclusive(id)
  197. end
  198. def session_active?(id)
  199. session_activations.active? id
  200. end
  201. def web_push_subscription(session)
  202. session.web_push_subscription.nil? ? nil : session.web_push_subscription.as_payload
  203. end
  204. def invite_code=(code)
  205. self.invite = Invite.find_by(code: code) unless code.blank?
  206. @invite_code = code
  207. end
  208. def password_required?
  209. return false if Devise.pam_authentication || Devise.ldap_authentication
  210. super
  211. end
  212. def send_reset_password_instructions
  213. return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
  214. super
  215. end
  216. def reset_password!(new_password, new_password_confirmation)
  217. return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
  218. super
  219. end
  220. def self.pam_get_user(attributes = {})
  221. return nil unless attributes[:email]
  222. resource =
  223. if Devise.check_at_sign && !attributes[:email].index('@')
  224. joins(:account).find_by(accounts: { username: attributes[:email] })
  225. else
  226. find_by(email: attributes[:email])
  227. end
  228. if resource.blank?
  229. resource = new(email: attributes[:email])
  230. if Devise.check_at_sign && !resource[:email].index('@')
  231. resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
  232. resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
  233. end
  234. end
  235. resource
  236. end
  237. def self.ldap_get_user(attributes = {})
  238. resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
  239. if resource.blank?
  240. resource = new(email: attributes[:mail].first, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first })
  241. resource.ldap_setup(attributes)
  242. end
  243. resource
  244. end
  245. def self.authenticate_with_pam(attributes = {})
  246. return nil unless Devise.pam_authentication
  247. super
  248. end
  249. protected
  250. def send_devise_notification(notification, *args)
  251. devise_mailer.send(notification, self, *args).deliver_later
  252. end
  253. private
  254. def sanitize_languages
  255. filtered_languages.reject!(&:blank?)
  256. end
  257. def prepare_new_user!
  258. BootstrapTimelineWorker.perform_async(account_id)
  259. ActivityTracker.increment('activity:accounts:local')
  260. UserMailer.welcome(self).deliver_later
  261. end
  262. def prepare_returning_user!
  263. ActivityTracker.record('activity:logins', id)
  264. regenerate_feed! if needs_feed_update?
  265. end
  266. def regenerate_feed!
  267. Redis.current.setnx("account:#{account_id}:regeneration", true) && Redis.current.expire("account:#{account_id}:regeneration", 1.day.seconds)
  268. RegenerationWorker.perform_async(account_id)
  269. end
  270. def needs_feed_update?
  271. last_sign_in_at < ACTIVE_DURATION.ago
  272. end
  273. end