You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

417 lines
12 KiB

Fix “Email changed” notification sometimes having wrong e-mail (#13475) * Fix “Email changed” notification sometimes having wrong e-mail Fixes #6778 The root of the issue is that `send_devise_notification` was called before the changes were properly commited to the database, causing the mailer to pick previous values if running too early. Devise's documentation provides guidance on how to handle that[1][2], however, I have found it to not be working, as the following happens, in that order: - `send_devise_notification` is called for the `email_changed` notification. In that case, `changed?` is false and `saved_changes?` is true, so if we use the former, we have the same issue. - the `after_commit` hook is called - `send_devise_notification` is called for the `confirmation_instructions` notification. In that case, `changed?` is still false, and `saved_changes?` still true, so if we use the latter, that second notification email is simply not going to be sent (as we would be queuing the notification *after* executing the after_commit hook). This is because it may be called from either an `after_update` or `after_commit` hook, the difference not being a call to `save` but the transaction actually being committed to the database. This may arguably be a bug in Devise, or Devise's notification. The proposed workaround is inspired by Devise's documentation but checks whether a transaction is open to make the call whether to immediately send the notification or defer it to the `after_commit` hook. [1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification [2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194 * Fix cases when sending notifications without changing the model * Defer sending if and only if in transaction including current record
4 years ago
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
Fix “Email changed” notification sometimes having wrong e-mail (#13475) * Fix “Email changed” notification sometimes having wrong e-mail Fixes #6778 The root of the issue is that `send_devise_notification` was called before the changes were properly commited to the database, causing the mailer to pick previous values if running too early. Devise's documentation provides guidance on how to handle that[1][2], however, I have found it to not be working, as the following happens, in that order: - `send_devise_notification` is called for the `email_changed` notification. In that case, `changed?` is false and `saved_changes?` is true, so if we use the former, we have the same issue. - the `after_commit` hook is called - `send_devise_notification` is called for the `confirmation_instructions` notification. In that case, `changed?` is still false, and `saved_changes?` still true, so if we use the latter, that second notification email is simply not going to be sent (as we would be queuing the notification *after* executing the after_commit hook). This is because it may be called from either an `after_update` or `after_commit` hook, the difference not being a call to `save` but the transaction actually being committed to the database. This may arguably be a bug in Devise, or Devise's notification. The proposed workaround is inspired by Devise's documentation but checks whether a transaction is open to make the call whether to immediately send the notification or defer it to the `after_commit` hook. [1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification [2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194 * Fix cases when sending notifications without changing the model * Defer sending if and only if in transaction including current record
4 years ago
Fix “Email changed” notification sometimes having wrong e-mail (#13475) * Fix “Email changed” notification sometimes having wrong e-mail Fixes #6778 The root of the issue is that `send_devise_notification` was called before the changes were properly commited to the database, causing the mailer to pick previous values if running too early. Devise's documentation provides guidance on how to handle that[1][2], however, I have found it to not be working, as the following happens, in that order: - `send_devise_notification` is called for the `email_changed` notification. In that case, `changed?` is false and `saved_changes?` is true, so if we use the former, we have the same issue. - the `after_commit` hook is called - `send_devise_notification` is called for the `confirmation_instructions` notification. In that case, `changed?` is still false, and `saved_changes?` still true, so if we use the latter, that second notification email is simply not going to be sent (as we would be queuing the notification *after* executing the after_commit hook). This is because it may be called from either an `after_update` or `after_commit` hook, the difference not being a call to `save` but the transaction actually being committed to the database. This may arguably be a bug in Devise, or Devise's notification. The proposed workaround is inspired by Devise's documentation but checks whether a transaction is open to make the call whether to immediately send the notification or defer it to the `after_commit` hook. [1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification [2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194 * Fix cases when sending notifications without changing the model * Defer sending if and only if in transaction including current record
4 years ago
  1. # frozen_string_literal: true
  2. # == Schema Information
  3. #
  4. # Table name: users
  5. #
  6. # id :bigint(8) not null, primary key
  7. # email :string default(""), not null
  8. # created_at :datetime not null
  9. # updated_at :datetime not null
  10. # encrypted_password :string default(""), not null
  11. # reset_password_token :string
  12. # reset_password_sent_at :datetime
  13. # remember_created_at :datetime
  14. # sign_in_count :integer default(0), not null
  15. # current_sign_in_at :datetime
  16. # last_sign_in_at :datetime
  17. # current_sign_in_ip :inet
  18. # last_sign_in_ip :inet
  19. # admin :boolean default(FALSE), not null
  20. # confirmation_token :string
  21. # confirmed_at :datetime
  22. # confirmation_sent_at :datetime
  23. # unconfirmed_email :string
  24. # locale :string
  25. # encrypted_otp_secret :string
  26. # encrypted_otp_secret_iv :string
  27. # encrypted_otp_secret_salt :string
  28. # consumed_timestep :integer
  29. # otp_required_for_login :boolean default(FALSE), not null
  30. # last_emailed_at :datetime
  31. # otp_backup_codes :string is an Array
  32. # filtered_languages :string default([]), not null, is an Array
  33. # account_id :bigint(8) not null
  34. # disabled :boolean default(FALSE), not null
  35. # moderator :boolean default(FALSE), not null
  36. # invite_id :bigint(8)
  37. # remember_token :string
  38. # chosen_languages :string is an Array
  39. # created_by_application_id :bigint(8)
  40. # approved :boolean default(TRUE), not null
  41. # sign_in_token :string
  42. # sign_in_token_sent_at :datetime
  43. #
  44. class User < ApplicationRecord
  45. include Settings::Extend
  46. include UserRoles
  47. # The home and list feeds will be stored in Redis for this amount
  48. # of time, and status fan-out to followers will include only people
  49. # within this time frame. Lowering the duration may improve performance
  50. # if lots of people sign up, but not a lot of them check their feed
  51. # every day. Raising the duration reduces the amount of expensive
  52. # RegenerationWorker jobs that need to be run when those people come
  53. # to check their feed
  54. ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
  55. devise :two_factor_authenticatable,
  56. otp_secret_encryption_key: Rails.configuration.x.otp_secret
  57. devise :two_factor_backupable,
  58. otp_number_of_backup_codes: 10
  59. devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
  60. :confirmable
  61. include Omniauthable
  62. include PamAuthenticable
  63. include LdapAuthenticable
  64. belongs_to :account, inverse_of: :user
  65. belongs_to :invite, counter_cache: :uses, optional: true
  66. belongs_to :created_by_application, class_name: 'Doorkeeper::Application', optional: true
  67. accepts_nested_attributes_for :account
  68. has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
  69. has_many :backups, inverse_of: :user
  70. has_many :invites, inverse_of: :user
  71. has_many :markers, inverse_of: :user, dependent: :destroy
  72. has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy
  73. accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? }
  74. validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
  75. validates_with BlacklistedEmailValidator, on: :create
  76. validates_with EmailMxValidator, if: :validate_email_dns?
  77. validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
  78. scope :recent, -> { order(id: :desc) }
  79. scope :pending, -> { where(approved: false) }
  80. scope :approved, -> { where(approved: true) }
  81. scope :confirmed, -> { where.not(confirmed_at: nil) }
  82. scope :enabled, -> { where(disabled: false) }
  83. scope :disabled, -> { where(disabled: true) }
  84. scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) }
  85. scope :active, -> { confirmed.where(arel_table[:current_sign_in_at].gteq(ACTIVE_DURATION.ago)).joins(:account).where(accounts: { suspended_at: nil }) }
  86. scope :matches_email, ->(value) { where(arel_table[:email].matches("#{value}%")) }
  87. scope :matches_ip, ->(value) { left_joins(:session_activations).where('users.current_sign_in_ip <<= ?', value).or(left_joins(:session_activations).where('users.last_sign_in_ip <<= ?', value)).or(left_joins(:session_activations).where('session_activations.ip <<= ?', value)) }
  88. scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) }
  89. before_validation :sanitize_languages
  90. before_create :set_approved
  91. after_commit :send_pending_devise_notifications
  92. # This avoids a deprecation warning from Rails 5.1
  93. # It seems possible that a future release of devise-two-factor will
  94. # handle this itself, and this can be removed from our User class.
  95. attribute :otp_secret
  96. has_many :session_activations, dependent: :destroy
  97. delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :delete_modal,
  98. :reduce_motion, :system_font_ui, :noindex, :theme, :display_media, :hide_network,
  99. :expand_spoilers, :default_language, :aggregate_reblogs, :show_application,
  100. :advanced_layout, :use_blurhash, :use_pending_items, :trends, :crop_images,
  101. to: :settings, prefix: :setting, allow_nil: false
  102. attr_reader :invite_code, :sign_in_token_attempt
  103. attr_writer :external
  104. def confirmed?
  105. confirmed_at.present?
  106. end
  107. def invited?
  108. invite_id.present?
  109. end
  110. def valid_invitation?
  111. invite_id.present? && invite.valid_for_use?
  112. end
  113. def disable!
  114. update!(disabled: true)
  115. end
  116. def enable!
  117. update!(disabled: false)
  118. end
  119. def confirm
  120. new_user = !confirmed?
  121. self.approved = true if open_registrations?
  122. super
  123. if new_user && approved?
  124. prepare_new_user!
  125. elsif new_user
  126. notify_staff_about_pending_account!
  127. end
  128. end
  129. def confirm!
  130. new_user = !confirmed?
  131. self.approved = true if open_registrations?
  132. skip_confirmation!
  133. save!
  134. prepare_new_user! if new_user && approved?
  135. end
  136. def pending?
  137. !approved?
  138. end
  139. def active_for_authentication?
  140. true
  141. end
  142. def suspicious_sign_in?(ip)
  143. !otp_required_for_login? && current_sign_in_at.present? && current_sign_in_at < 2.weeks.ago && !recent_ip?(ip)
  144. end
  145. def functional?
  146. confirmed? && approved? && !disabled? && !account.suspended? && account.moved_to_account_id.nil?
  147. end
  148. def unconfirmed_or_pending?
  149. !(confirmed? && approved?)
  150. end
  151. def inactive_message
  152. !approved? ? :pending : super
  153. end
  154. def approve!
  155. return if approved?
  156. update!(approved: true)
  157. prepare_new_user!
  158. end
  159. def update_tracked_fields!(request)
  160. super
  161. prepare_returning_user!
  162. end
  163. def disable_two_factor!
  164. self.otp_required_for_login = false
  165. otp_backup_codes&.clear
  166. save!
  167. end
  168. def setting_default_privacy
  169. settings.default_privacy || (account.locked? ? 'private' : 'public')
  170. end
  171. def allows_digest_emails?
  172. settings.notification_emails['digest']
  173. end
  174. def allows_report_emails?
  175. settings.notification_emails['report']
  176. end
  177. def allows_pending_account_emails?
  178. settings.notification_emails['pending_account']
  179. end
  180. def allows_trending_tag_emails?
  181. settings.notification_emails['trending_tag']
  182. end
  183. def hides_network?
  184. @hides_network ||= settings.hide_network
  185. end
  186. def aggregates_reblogs?
  187. @aggregates_reblogs ||= settings.aggregate_reblogs
  188. end
  189. def shows_application?
  190. @shows_application ||= settings.show_application
  191. end
  192. def token_for_app(a)
  193. return nil if a.nil? || a.owner != self
  194. Doorkeeper::AccessToken
  195. .find_or_create_by(application_id: a.id, resource_owner_id: id) do |t|
  196. t.scopes = a.scopes
  197. t.expires_in = Doorkeeper.configuration.access_token_expires_in
  198. t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled?
  199. end
  200. end
  201. def activate_session(request)
  202. session_activations.activate(session_id: SecureRandom.hex,
  203. user_agent: request.user_agent,
  204. ip: request.remote_ip).session_id
  205. end
  206. def clear_other_sessions(id)
  207. session_activations.exclusive(id)
  208. end
  209. def session_active?(id)
  210. session_activations.active? id
  211. end
  212. def web_push_subscription(session)
  213. session.web_push_subscription.nil? ? nil : session.web_push_subscription
  214. end
  215. def invite_code=(code)
  216. self.invite = Invite.find_by(code: code) if code.present?
  217. @invite_code = code
  218. end
  219. def password_required?
  220. return false if external?
  221. super
  222. end
  223. def external_or_valid_password?(compare_password)
  224. # If encrypted_password is blank, we got the user from LDAP or PAM,
  225. # so credentials are already valid
  226. encrypted_password.blank? || valid_password?(compare_password)
  227. end
  228. def send_reset_password_instructions
  229. return false if encrypted_password.blank?
  230. super
  231. end
  232. def reset_password!(new_password, new_password_confirmation)
  233. return false if encrypted_password.blank?
  234. super
  235. end
  236. def show_all_media?
  237. setting_display_media == 'show_all'
  238. end
  239. def hide_all_media?
  240. setting_display_media == 'hide_all'
  241. end
  242. def recent_ips
  243. @recent_ips ||= begin
  244. arr = []
  245. session_activations.each do |session_activation|
  246. arr << [session_activation.updated_at, session_activation.ip]
  247. end
  248. arr << [current_sign_in_at, current_sign_in_ip] if current_sign_in_ip.present?
  249. arr << [last_sign_in_at, last_sign_in_ip] if last_sign_in_ip.present?
  250. arr.sort_by { |pair| pair.first || Time.now.utc }.uniq(&:last).reverse!
  251. end
  252. end
  253. def sign_in_token_expired?
  254. sign_in_token_sent_at.nil? || sign_in_token_sent_at < 5.minutes.ago
  255. end
  256. def generate_sign_in_token
  257. self.sign_in_token = Devise.friendly_token(6)
  258. self.sign_in_token_sent_at = Time.now.utc
  259. end
  260. protected
  261. def send_devise_notification(notification, *args)
  262. # This method can be called in `after_update` and `after_commit` hooks,
  263. # but we must make sure the mailer is actually called *after* commit,
  264. # otherwise it may work on stale data. To do this, figure out if we are
  265. # within a transaction.
  266. if ActiveRecord::Base.connection.current_transaction.try(:records)&.include?(self)
  267. pending_devise_notifications << [notification, args]
  268. else
  269. render_and_send_devise_message(notification, *args)
  270. end
  271. end
  272. private
  273. def recent_ip?(ip)
  274. recent_ips.any? { |(_, recent_ip)| recent_ip == ip }
  275. end
  276. def send_pending_devise_notifications
  277. pending_devise_notifications.each do |notification, args|
  278. render_and_send_devise_message(notification, *args)
  279. end
  280. # Empty the pending notifications array because the
  281. # after_commit hook can be called multiple times which
  282. # could cause multiple emails to be sent.
  283. pending_devise_notifications.clear
  284. end
  285. def pending_devise_notifications
  286. @pending_devise_notifications ||= []
  287. end
  288. def render_and_send_devise_message(notification, *args)
  289. devise_mailer.send(notification, self, *args).deliver_later
  290. end
  291. def set_approved
  292. self.approved = open_registrations? || valid_invitation? || external?
  293. end
  294. def open_registrations?
  295. Setting.registrations_mode == 'open'
  296. end
  297. def external?
  298. !!@external
  299. end
  300. def sanitize_languages
  301. return if chosen_languages.nil?
  302. chosen_languages.reject!(&:blank?)
  303. self.chosen_languages = nil if chosen_languages.empty?
  304. end
  305. def prepare_new_user!
  306. BootstrapTimelineWorker.perform_async(account_id)
  307. ActivityTracker.increment('activity:accounts:local')
  308. UserMailer.welcome(self).deliver_later
  309. end
  310. def prepare_returning_user!
  311. ActivityTracker.record('activity:logins', id)
  312. regenerate_feed! if needs_feed_update?
  313. end
  314. def notify_staff_about_pending_account!
  315. User.staff.includes(:account).each do |u|
  316. next unless u.allows_pending_account_emails?
  317. AdminMailer.new_pending_account(u.account, self).deliver_later
  318. end
  319. end
  320. def regenerate_feed!
  321. return unless Redis.current.setnx("account:#{account_id}:regeneration", true)
  322. Redis.current.expire("account:#{account_id}:regeneration", 1.day.seconds)
  323. RegenerationWorker.perform_async(account_id)
  324. end
  325. def needs_feed_update?
  326. last_sign_in_at < ACTIVE_DURATION.ago
  327. end
  328. def validate_email_dns?
  329. email_changed? && !(Rails.env.test? || Rails.env.development?)
  330. end
  331. end