mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-09 17:15:18 +00:00
Refactor registration authorization logic
This commit is contained in:
parent
ac62b995ef
commit
5f968ca781
|
@ -1,6 +1,8 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Api::V1::AccountsController < Api::BaseController
|
class Api::V1::AccountsController < Api::BaseController
|
||||||
|
include RegistrationHelper
|
||||||
|
|
||||||
before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :remove_from_followers, :block, :unblock, :mute, :unmute]
|
before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :remove_from_followers, :block, :unblock, :mute, :unmute]
|
||||||
before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, only: [:follow, :unfollow, :remove_from_followers]
|
before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, only: [:follow, :unfollow, :remove_from_followers]
|
||||||
before_action -> { doorkeeper_authorize! :follow, :write, :'write:mutes' }, only: [:mute, :unmute]
|
before_action -> { doorkeeper_authorize! :follow, :write, :'write:mutes' }, only: [:mute, :unmute]
|
||||||
|
@ -94,14 +96,6 @@ class Api::V1::AccountsController < Api::BaseController
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_enabled_registrations
|
def check_enabled_registrations
|
||||||
forbidden if single_user_mode? || omniauth_only? || !allowed_registrations?
|
forbidden unless allowed_registration?(request.remote_ip, nil)
|
||||||
end
|
|
||||||
|
|
||||||
def allowed_registrations?
|
|
||||||
Setting.registrations_mode != 'none'
|
|
||||||
end
|
|
||||||
|
|
||||||
def omniauth_only?
|
|
||||||
ENV['OMNIAUTH_ONLY'] == 'true'
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Auth::RegistrationsController < Devise::RegistrationsController
|
class Auth::RegistrationsController < Devise::RegistrationsController
|
||||||
|
include RegistrationHelper
|
||||||
include RegistrationSpamConcern
|
include RegistrationSpamConcern
|
||||||
|
|
||||||
layout :determine_layout
|
layout :determine_layout
|
||||||
|
@ -82,19 +83,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_enabled_registrations
|
def check_enabled_registrations
|
||||||
redirect_to root_path if single_user_mode? || omniauth_only? || !allowed_registrations? || ip_blocked?
|
redirect_to root_path unless allowed_registration?(request.remote_ip, @invite)
|
||||||
end
|
|
||||||
|
|
||||||
def allowed_registrations?
|
|
||||||
Setting.registrations_mode != 'none' || @invite&.valid_for_use?
|
|
||||||
end
|
|
||||||
|
|
||||||
def omniauth_only?
|
|
||||||
ENV['OMNIAUTH_ONLY'] == 'true'
|
|
||||||
end
|
|
||||||
|
|
||||||
def ip_blocked?
|
|
||||||
IpBlock.where(severity: :sign_up_block).where('ip >>= ?', request.remote_ip.to_s).exists?
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def invite_code
|
def invite_code
|
||||||
|
|
21
app/helpers/registration_helper.rb
Normal file
21
app/helpers/registration_helper.rb
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module RegistrationHelper
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
def allowed_registration?(remote_ip, invite)
|
||||||
|
!Rails.configuration.x.single_user_mode && !omniauth_only? && (registrations_open? || invite&.valid_for_use?) && !ip_blocked?(remote_ip)
|
||||||
|
end
|
||||||
|
|
||||||
|
def registrations_open?
|
||||||
|
Setting.registrations_mode != 'none'
|
||||||
|
end
|
||||||
|
|
||||||
|
def omniauth_only?
|
||||||
|
ENV['OMNIAUTH_ONLY'] == 'true'
|
||||||
|
end
|
||||||
|
|
||||||
|
def ip_blocked?(remote_ip)
|
||||||
|
IpBlock.where(severity: :sign_up_block).exists?(['ip >>= ?', remote_ip.to_s])
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,12 +1,14 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class AppSignUpService < BaseService
|
class AppSignUpService < BaseService
|
||||||
|
include RegistrationHelper
|
||||||
|
|
||||||
def call(app, remote_ip, params)
|
def call(app, remote_ip, params)
|
||||||
@app = app
|
@app = app
|
||||||
@remote_ip = remote_ip
|
@remote_ip = remote_ip
|
||||||
@params = params
|
@params = params
|
||||||
|
|
||||||
raise Mastodon::NotPermittedError unless allowed_registrations?
|
raise Mastodon::NotPermittedError unless allowed_registration?(remote_ip, nil)
|
||||||
|
|
||||||
ApplicationRecord.transaction do
|
ApplicationRecord.transaction do
|
||||||
create_user!
|
create_user!
|
||||||
|
@ -45,24 +47,4 @@ class AppSignUpService < BaseService
|
||||||
def invite_request_params
|
def invite_request_params
|
||||||
{ text: @params[:reason] }
|
{ text: @params[:reason] }
|
||||||
end
|
end
|
||||||
|
|
||||||
def allowed_registrations?
|
|
||||||
registrations_open? && !single_user_mode? && !omniauth_only? && !ip_blocked?
|
|
||||||
end
|
|
||||||
|
|
||||||
def registrations_open?
|
|
||||||
Setting.registrations_mode != 'none'
|
|
||||||
end
|
|
||||||
|
|
||||||
def single_user_mode?
|
|
||||||
Rails.configuration.x.single_user_mode
|
|
||||||
end
|
|
||||||
|
|
||||||
def omniauth_only?
|
|
||||||
ENV['OMNIAUTH_ONLY'] == 'true'
|
|
||||||
end
|
|
||||||
|
|
||||||
def ip_blocked?
|
|
||||||
IpBlock.where(severity: :sign_up_block).where('ip >>= ?', @remote_ip.to_s).exists?
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue