domain policies also now get applied to subdomains

2019-12-07 20:17:07 -06:00 · 2019-12-07 20:17:07 -06:00 · 5d7349f2ab
parent 2765793f7d
commit 5d7349f2ab
2 changed files with 29 additions and 6 deletions
--- a/app/helpers/log_helper.rb
+++ b/app/helpers/log_helper.rb
@ -6,7 +6,11 @@ module LogHelper
    case action
    when :create
      if target.is_a? DomainBlock
-        LogWorker.perform_async("\xf0\x9f\x9a\xab <#{source}> applied a #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''} policy on '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}\n\n#{target.reason? ? "Comment: #{target.reason}" : ''}")
+        if source.is_a? DomainBlock
+          LogWorker.perform_async("\xf0\x9f\x9a\xab Applied the existing #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''} policy set on '#{source.domain}' to '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}")
+        else
+          LogWorker.perform_async("\xf0\x9f\x9a\xab <#{source}> applied a #{target.severity}#{target.force_sensitive? ? " and force sensitive media" : ''}#{target.reject_media? ? " and reject media" : ''}#{target.reject_unknown? ? " and reject unknown accounts" : ''} policy on '#{target.domain}'\u200b.\n\nReview (moderators only): https://#{web_domain}/admin/instances/#{target.domain}\n\n#{target.reason? ? "Comment: #{target.reason}" : ''}")
+        end
      elsif target.is_a? EmailDomainBlock
        LogWorker.perform_async("\u26d4 <#{source}> added a registration block on email domain '#{target.domain}'.\n\nReview (moderators only): https://#{web_domain}/admin/email_domain_blocks")
      elsif target.is_a? CustomEmoji
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@ -23,7 +23,8 @@ class ActivityPub::ProcessAccountService < BaseService

        is_new_account = @account.nil?
        if is_new_account
-          set_reject_unknown_policy if Setting.auto_reject_unknown
+          copy_policy_of_parent_domain
+          set_reject_unknown_policy if Setting.auto_reject_unknown && new_domain?
          create_account
        end
        update_account
@ -101,11 +102,29 @@ class ActivityPub::ProcessAccountService < BaseService
    @account.moved_to_account  = @json['movedTo'].present? ? moved_account : nil
  end

+  def copy_policy_of_parent_domain
+    domain_parts = @domain.split('.')
+    domains = (1..domain_parts.count-1).map { |i| domain_parts[i..-1] }
+    return if domains.empty?
+
+    existing_policy = DomainBlock.find_by(domain: domains)
+    return if existing_policy.nil?
+
+    policy_attributes = existing_policy.template
+    policy_attributes['domain'] = @domain
+    policy = DomainBlock.create!(policy_attributes)
+    user_friendly_action_log(existing_policy, :create, policy)
+
+    @new_domain = false
+  end
+
  def set_reject_unknown_policy
-    unless Account.where(domain: @domain).exists? || DomainBlock.where(domain: @domain).exists?
-      policy = DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true)
-      user_friendly_action_log(nil, :mark_unknown, @domain)
-    end
+    policy = DomainBlock.create!(domain: @domain, severity: :noop, reject_unknown: true)
+    user_friendly_action_log(nil, :mark_unknown, @domain)
+  end
+
+  def new_domain?
+    @new_domain ||= !(Account.where(domain: @domain).exists? || DomainBlock.where(domain: @domain).exists?)
  end

  def after_key_change!