闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

313 lines
9.2 KiB

Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
  1. # frozen_string_literal: true
  2. # == Schema Information
  3. #
  4. # Table name: users
  5. #
  6. # id :bigint(8) not null, primary key
  7. # email :string default(""), not null
  8. # created_at :datetime not null
  9. # updated_at :datetime not null
  10. # encrypted_password :string default(""), not null
  11. # reset_password_token :string
  12. # reset_password_sent_at :datetime
  13. # remember_created_at :datetime
  14. # sign_in_count :integer default(0), not null
  15. # current_sign_in_at :datetime
  16. # last_sign_in_at :datetime
  17. # current_sign_in_ip :inet
  18. # last_sign_in_ip :inet
  19. # admin :boolean default(FALSE), not null
  20. # confirmation_token :string
  21. # confirmed_at :datetime
  22. # confirmation_sent_at :datetime
  23. # unconfirmed_email :string
  24. # locale :string
  25. # encrypted_otp_secret :string
  26. # encrypted_otp_secret_iv :string
  27. # encrypted_otp_secret_salt :string
  28. # consumed_timestep :integer
  29. # otp_required_for_login :boolean default(FALSE), not null
  30. # last_emailed_at :datetime
  31. # otp_backup_codes :string is an Array
  32. # filtered_languages :string default([]), not null, is an Array
  33. # account_id :bigint(8) not null
  34. # disabled :boolean default(FALSE), not null
  35. # moderator :boolean default(FALSE), not null
  36. # invite_id :bigint(8)
  37. # remember_token :string
  38. # chosen_languages :string is an Array
  39. # created_by_application_id :bigint(8)
  40. # approved :boolean default(TRUE), not null
  41. #
  42. class User < ApplicationRecord
  43. include Settings::Extend
  44. include UserRoles
  45. # The home and list feeds will be stored in Redis for this amount
  46. # of time, and status fan-out to followers will include only people
  47. # within this time frame. Lowering the duration may improve performance
  48. # if lots of people sign up, but not a lot of them check their feed
  49. # every day. Raising the duration reduces the amount of expensive
  50. # RegenerationWorker jobs that need to be run when those people come
  51. # to check their feed
  52. ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
  53. devise :two_factor_authenticatable,
  54. otp_secret_encryption_key: Rails.configuration.x.otp_secret
  55. devise :two_factor_backupable,
  56. otp_number_of_backup_codes: 10
  57. devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
  58. :confirmable
  59. include Omniauthable
  60. include PamAuthenticable
  61. include LdapAuthenticable
  62. belongs_to :account, inverse_of: :user
  63. belongs_to :invite, counter_cache: :uses, optional: true
  64. belongs_to :created_by_application, class_name: 'Doorkeeper::Application', optional: true
  65. accepts_nested_attributes_for :account
  66. has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
  67. has_many :backups, inverse_of: :user
  68. validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
  69. validates_with BlacklistedEmailValidator, if: :email_changed?
  70. validates_with EmailMxValidator, if: :validate_email_dns?
  71. validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
  72. scope :recent, -> { order(id: :desc) }
  73. scope :pending, -> { where(approved: false) }
  74. scope :approved, -> { where(approved: true) }
  75. scope :confirmed, -> { where.not(confirmed_at: nil) }
  76. scope :enabled, -> { where(disabled: false) }
  77. scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) }
  78. scope :active, -> { confirmed.where(arel_table[:current_sign_in_at].gteq(ACTIVE_DURATION.ago)).joins(:account).where(accounts: { suspended: false }) }
  79. scope :matches_email, ->(value) { where(arel_table[:email].matches("#{value}%")) }
  80. scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) }
  81. before_validation :sanitize_languages
  82. before_create :set_approved
  83. # This avoids a deprecation warning from Rails 5.1
  84. # It seems possible that a future release of devise-two-factor will
  85. # handle this itself, and this can be removed from our User class.
  86. attribute :otp_secret
  87. has_many :session_activations, dependent: :destroy
  88. delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :delete_modal,
  89. :reduce_motion, :system_font_ui, :noindex, :theme, :display_media, :hide_network,
  90. :expand_spoilers, :default_language, :aggregate_reblogs, :show_application, to: :settings, prefix: :setting, allow_nil: false
  91. attr_reader :invite_code
  92. def confirmed?
  93. confirmed_at.present?
  94. end
  95. def invited?
  96. invite_id.present?
  97. end
  98. def disable!
  99. update!(disabled: true,
  100. last_sign_in_at: current_sign_in_at,
  101. current_sign_in_at: nil)
  102. end
  103. def enable!
  104. update!(disabled: false)
  105. end
  106. def confirm
  107. new_user = !confirmed?
  108. self.approved = true if open_registrations?
  109. super
  110. if new_user && approved?
  111. prepare_new_user!
  112. elsif new_user
  113. notify_staff_about_pending_account!
  114. end
  115. end
  116. def confirm!
  117. new_user = !confirmed?
  118. self.approved = true if open_registrations?
  119. skip_confirmation!
  120. save!
  121. prepare_new_user! if new_user && approved?
  122. end
  123. def pending?
  124. !approved?
  125. end
  126. def active_for_authentication?
  127. super && approved?
  128. end
  129. def inactive_message
  130. !approved? ? :pending : super
  131. end
  132. def approve!
  133. return if approved?
  134. update!(approved: true)
  135. prepare_new_user!
  136. end
  137. def update_tracked_fields!(request)
  138. super
  139. prepare_returning_user!
  140. end
  141. def disable_two_factor!
  142. self.otp_required_for_login = false
  143. otp_backup_codes&.clear
  144. save!
  145. end
  146. def setting_default_privacy
  147. settings.default_privacy || (account.locked? ? 'private' : 'public')
  148. end
  149. def allows_digest_emails?
  150. settings.notification_emails['digest']
  151. end
  152. def allows_report_emails?
  153. settings.notification_emails['report']
  154. end
  155. def hides_network?
  156. @hides_network ||= settings.hide_network
  157. end
  158. def aggregates_reblogs?
  159. @aggregates_reblogs ||= settings.aggregate_reblogs
  160. end
  161. def shows_application?
  162. @shows_application ||= settings.show_application
  163. end
  164. def token_for_app(a)
  165. return nil if a.nil? || a.owner != self
  166. Doorkeeper::AccessToken
  167. .find_or_create_by(application_id: a.id, resource_owner_id: id) do |t|
  168. t.scopes = a.scopes
  169. t.expires_in = Doorkeeper.configuration.access_token_expires_in
  170. t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled?
  171. end
  172. end
  173. def activate_session(request)
  174. session_activations.activate(session_id: SecureRandom.hex,
  175. user_agent: request.user_agent,
  176. ip: request.remote_ip).session_id
  177. end
  178. def exclusive_session(id)
  179. session_activations.exclusive(id)
  180. end
  181. def session_active?(id)
  182. session_activations.active? id
  183. end
  184. def web_push_subscription(session)
  185. session.web_push_subscription.nil? ? nil : session.web_push_subscription
  186. end
  187. def invite_code=(code)
  188. self.invite = Invite.find_by(code: code) if code.present?
  189. @invite_code = code
  190. end
  191. def password_required?
  192. return false if Devise.pam_authentication || Devise.ldap_authentication
  193. super
  194. end
  195. def send_reset_password_instructions
  196. return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
  197. super
  198. end
  199. def reset_password!(new_password, new_password_confirmation)
  200. return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
  201. super
  202. end
  203. def show_all_media?
  204. setting_display_media == 'show_all'
  205. end
  206. def hide_all_media?
  207. setting_display_media == 'hide_all'
  208. end
  209. protected
  210. def send_devise_notification(notification, *args)
  211. devise_mailer.send(notification, self, *args).deliver_later
  212. end
  213. private
  214. def set_approved
  215. self.approved = open_registrations? || invited?
  216. end
  217. def open_registrations?
  218. Setting.registrations_mode == 'open'
  219. end
  220. def sanitize_languages
  221. return if chosen_languages.nil?
  222. chosen_languages.reject!(&:blank?)
  223. self.chosen_languages = nil if chosen_languages.empty?
  224. end
  225. def prepare_new_user!
  226. BootstrapTimelineWorker.perform_async(account_id)
  227. ActivityTracker.increment('activity:accounts:local')
  228. UserMailer.welcome(self).deliver_later
  229. end
  230. def prepare_returning_user!
  231. ActivityTracker.record('activity:logins', id)
  232. regenerate_feed! if needs_feed_update?
  233. end
  234. def notify_staff_about_pending_account!
  235. User.staff.includes(:account).each do |u|
  236. next unless u.allows_report_emails?
  237. AdminMailer.new_pending_account(u.account, self).deliver_later
  238. end
  239. end
  240. def regenerate_feed!
  241. return unless Redis.current.setnx("account:#{account_id}:regeneration", true)
  242. Redis.current.expire("account:#{account_id}:regeneration", 1.day.seconds)
  243. RegenerationWorker.perform_async(account_id)
  244. end
  245. def needs_feed_update?
  246. last_sign_in_at < ACTIVE_DURATION.ago
  247. end
  248. def validate_email_dns?
  249. email_changed? && !(Rails.env.test? || Rails.env.development?)
  250. end
  251. end