Email blocklisting (#718)

* Interface complete for the email blacklisting * Everything seems to work * Neutralize language * fix clippy warnings * Add missing spaces * Added matching test * Correct primary key datatype for postgresql * Address review comments * Add placeholder when empty. Fix missing 'i'
2024-11-22 11:31:01 +00:00 · 2020-01-12 13:41:35 -05:00 · 2020-01-12 13:41:35 -05:00 · f3c05dae62
commit f3c05dae62
parent e6bdeb7c4b
17 changed files with 341 additions and 6 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2221,6 +2221,7 @@ dependencies = [
 "diesel 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "diesel-derive-newtype 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "diesel_migrations 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "glob 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "guid-create 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "heck 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "itertools 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
--- a/migrations/postgres/2020-01-05-232816_add_blocklist/down.sql
+++ b/migrations/postgres/2020-01-05-232816_add_blocklist/down.sql
@ -0,0 +1,3 @@
 -- This file should undo anything in `up.sql`
 drop table email_blocklist;
--- a/migrations/postgres/2020-01-05-232816_add_blocklist/up.sql
+++ b/migrations/postgres/2020-01-05-232816_add_blocklist/up.sql
@ -0,0 +1,6 @@
 -- Your SQL goes here
 CREATE TABLE email_blocklist(id SERIAL PRIMARY KEY,
                             email_address TEXT UNIQUE,
                             note TEXT,
                             notify_user BOOLEAN DEFAULT FALSE,
                             notification_text TEXT);
--- a/migrations/sqlite/2020-01-05-232816_add_blocklist/down.sql
+++ b/migrations/sqlite/2020-01-05-232816_add_blocklist/down.sql
@ -0,0 +1,3 @@
 -- This file should undo anything in `up.sql`
 drop table email_blocklist;
--- a/migrations/sqlite/2020-01-05-232816_add_blocklist/up.sql
+++ b/migrations/sqlite/2020-01-05-232816_add_blocklist/up.sql
@ -0,0 +1,6 @@
 -- Your SQL goes here
 CREATE TABLE email_blocklist(id INTEGER PRIMARY KEY,
                             email_address TEXT UNIQUE,
                             note TEXT,
                             notify_user BOOLEAN DEFAULT FALSE,
                             notification_text TEXT);
--- a/plume-models/Cargo.toml
+++ b/plume-models/Cargo.toml
@ -28,6 +28,7 @@ webfinger = "0.4.1"
 whatlang = "0.7.1"
 shrinkwraprs = "0.2.1"
 diesel-derive-newtype = "0.1.2"
 glob = "0.3.0"
 [dependencies.chrono]
 features = ["serde"]
--- a/plume-models/src/blocklisted_emails.rs
+++ b/plume-models/src/blocklisted_emails.rs
@ -0,0 +1,142 @@
 use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl, TextExpressionMethods};
 use glob::Pattern;
 use schema::email_blocklist;
 use {Connection, Error, Result};
 #[derive(Clone, Queryable, Identifiable)]
 #[table_name = "email_blocklist"]
 pub struct BlocklistedEmail {
    pub id: i32,
    pub email_address: String,
    pub note: String,
    pub notify_user: bool,
    pub notification_text: String,
 }
 #[derive(Insertable, FromForm)]
 #[table_name = "email_blocklist"]
 pub struct NewBlocklistedEmail {
    pub email_address: String,
    pub note: String,
    pub notify_user: bool,
    pub notification_text: String,
 }
 impl BlocklistedEmail {
    insert!(email_blocklist, NewBlocklistedEmail);
    get!(email_blocklist);
    find_by!(email_blocklist, find_by_id, id as i32);
    pub fn delete_entries(conn: &Connection, ids: Vec<i32>) -> Result<bool> {
        use diesel::delete;
        for i in ids {
            let be: BlocklistedEmail = BlocklistedEmail::find_by_id(&conn, i)?;
            delete(&be).execute(conn)?;
        }
        Ok(true)
    }
    pub fn find_for_domain(conn: &Connection, domain: &str) -> Result<Vec<BlocklistedEmail>> {
        let effective = format!("%@{}", domain);
        email_blocklist::table
            .filter(email_blocklist::email_address.like(effective))
            .load::<BlocklistedEmail>(conn)
            .map_err(Error::from)
    }
    pub fn matches_blocklist(conn: &Connection, email: &str) -> Result<Option<BlocklistedEmail>> {
        let mut result = email_blocklist::table.load::<BlocklistedEmail>(conn)?;
        for i in result.drain(..) {
            if let Ok(x) = Pattern::new(&i.email_address) {
                if x.matches(email) {
                    return Ok(Some(i));
                }
            }
        }
        Ok(None)
    }
    pub fn page(conn: &Connection, (min, max): (i32, i32)) -> Result<Vec<BlocklistedEmail>> {
        email_blocklist::table
            .offset(min.into())
            .limit((max - min).into())
            .load::<BlocklistedEmail>(conn)
            .map_err(Error::from)
    }
    pub fn count(conn: &Connection) -> Result<i64> {
        email_blocklist::table
            .count()
            .get_result(conn)
            .map_err(Error::from)
    }
    pub fn pattern_errors(pat: &str) -> Option<glob::PatternError> {
        let c = Pattern::new(pat);
        c.err()
    }
    pub fn new(
        conn: &Connection,
        pattern: &str,
        note: &str,
        show_notification: bool,
        notification_text: &str,
    ) -> Result<BlocklistedEmail> {
        let c = NewBlocklistedEmail {
            email_address: pattern.to_owned(),
            note: note.to_owned(),
            notify_user: show_notification,
            notification_text: notification_text.to_owned(),
        };
        BlocklistedEmail::insert(conn, c)
    }
 }
 #[cfg(test)]
 pub(crate) mod tests {
    use super::*;
    use diesel::Connection;
    use instance::tests as instance_tests;
    use tests::rockets;
    use Connection as Conn;
    pub(crate) fn fill_database(conn: &Conn) -> Vec<BlocklistedEmail> {
        instance_tests::fill_database(conn);
        let domainblock =
            BlocklistedEmail::new(conn, "*@bad-actor.com", "Mean spammers", false, "").unwrap();
        let userblock = BlocklistedEmail::new(
            conn,
            "spammer@lax-administration.com",
            "Decent enough domain, but this user is a problem.",
            true,
            "Stop it please",
        )
        .unwrap();
        vec![domainblock, userblock]
    }
    #[test]
    fn test_match() {
        let r = rockets();
        let conn = &*r.conn;
        conn.test_transaction::<_, (), _>(|| {
            let various = fill_database(conn);
            let match1 = "user1@bad-actor.com";
            let match2 = "spammer@lax-administration.com";
            let no_match = "happy-user@lax-administration.com";
            assert_eq!(
                BlocklistedEmail::matches_blocklist(conn, match1)
                    .unwrap()
                    .unwrap()
                    .id,
                various[0].id
            );
            assert_eq!(
                BlocklistedEmail::matches_blocklist(conn, match2)
                    .unwrap()
                    .unwrap()
                    .id,
                various[1].id
            );
            assert_eq!(
                BlocklistedEmail::matches_blocklist(conn, no_match)
                    .unwrap()
                    .is_none(),
                true
            );
            Ok(())
        });
    }
 }
--- a/plume-models/src/lib.rs
+++ b/plume-models/src/lib.rs
@ -22,6 +22,7 @@ extern crate plume_common;
 #[macro_use]
 extern crate plume_macro;
 extern crate reqwest;
 #[macro_use]
 extern crate rocket;
 extern crate rocket_i18n;
 extern crate scheduled_thread_pool;
@ -32,6 +33,7 @@ extern crate serde_derive;
 extern crate serde_json;
 #[macro_use]
 extern crate tantivy;
 extern crate glob;
 extern crate url;
 extern crate walkdir;
 extern crate webfinger;
@ -53,6 +55,7 @@ pub type Connection = diesel::PgConnection;
 /// All the possible errors that can be encoutered in this crate
 #[derive(Debug)]
 pub enum Error {
    Blocklisted(bool, String),
    Db(diesel::result::Error),
    Inbox(Box<InboxError<Error>>),
    InvalidValue,
@ -351,6 +354,7 @@ mod tests {
 pub mod admin;
 pub mod api_tokens;
 pub mod apps;
 pub mod blocklisted_emails;
 pub mod blog_authors;
 pub mod blogs;
 pub mod comment_seers;
--- a/plume-models/src/schema.rs
+++ b/plume-models/src/schema.rs
@ -73,6 +73,15 @@ table! {
        user_id -> Int4,
    }
 }
 table! {
    email_blocklist(id){
        id -> Int4,
        email_address -> VarChar,
        note -> Text,
        notify_user -> Bool,
        notification_text -> Text,
    }
 }
 table! {
    follows (id) {
--- a/plume-models/src/users.rs
+++ b/plume-models/src/users.rs
@ -49,7 +49,10 @@ use safe_string::SafeString;
 use schema::users;
 use search::Searcher;
 use timeline::Timeline;
-use {ap_url, Connection, Error, PlumeRocket, Result, ITEMS_PER_PAGE};
+use {
    ap_url, blocklisted_emails::BlocklistedEmail, Connection, Error, PlumeRocket, Result,
    ITEMS_PER_PAGE,
 };
 pub type CustomPerson = CustomObject<ApSignature, Person>;
@ -992,6 +995,10 @@ impl NewUser {
    ) -> Result<User> {
        let (pub_key, priv_key) = gen_keypair();
        let instance = Instance::get_local()?;
        let blocklisted = BlocklistedEmail::matches_blocklist(conn, &email)?;
        if let Some(x) = blocklisted {
            return Err(Error::Blocklisted(x.notify_user, x.notification_text));
        }
        let res = User::insert(
            conn,
--- a/src/main.rs
+++ b/src/main.rs
@ -198,6 +198,9 @@ Then try to restart Plume
                routes::instance::admin_mod,
                routes::instance::admin_instances,
                routes::instance::admin_users,
                routes::instance::admin_email_blocklist,
                routes::instance::add_email_blocklist,
                routes::instance::delete_email_blocklist,
                routes::instance::edit_users,
                routes::instance::toggle_block,
                routes::instance::update_settings,
--- a/src/routes/instance.rs
+++ b/src/routes/instance.rs
@ -1,5 +1,5 @@
 use rocket::{
-    request::{FormItems, FromForm, LenientForm},
+    request::{Form, FormItems, FromForm, LenientForm},
    response::{status, Flash, Redirect},
 };
 use rocket_contrib::json::Json;
@ -13,6 +13,7 @@ use inbox;
 use plume_common::activity_pub::{broadcast, inbox::FromId};
 use plume_models::{
    admin::*,
    blocklisted_emails::*,
    comments::Comment,
    db_conn::DbConn,
    headers::Headers,
@ -174,6 +175,61 @@ pub fn admin_users(
        Page::total(User::count_local(&*rockets.conn)? as i32)
    )))
 }
 pub struct BlocklistEmailDeletion {
    ids: Vec<i32>,
 }
 impl<'f> FromForm<'f> for BlocklistEmailDeletion {
    type Error = ();
    fn from_form(items: &mut FormItems<'f>, _strict: bool) -> Result<BlocklistEmailDeletion, ()> {
        let mut c: BlocklistEmailDeletion = BlocklistEmailDeletion { ids: Vec::new() };
        for item in items {
            let key = item.key.parse::<i32>();
            if let Ok(i) = key {
                c.ids.push(i);
            }
        }
        Ok(c)
    }
 }
 #[post("/admin/emails/delete", data = "<form>")]
 pub fn delete_email_blocklist(
    _mod: Moderator,
    form: Form<BlocklistEmailDeletion>,
    rockets: PlumeRocket,
 ) -> Result<Flash<Redirect>, ErrorPage> {
    BlocklistedEmail::delete_entries(&*rockets.conn, form.0.ids)?;
    Ok(Flash::success(
        Redirect::to(uri!(admin_email_blocklist: page = None)),
        i18n!(rockets.intl.catalog, "Blocks deleted"),
    ))
 }
 #[post("/admin/emails/new", data = "<form>")]
 pub fn add_email_blocklist(
    _mod: Moderator,
    form: LenientForm<NewBlocklistedEmail>,
    rockets: PlumeRocket,
 ) -> Result<Flash<Redirect>, ErrorPage> {
    BlocklistedEmail::insert(&*rockets.conn, form.0)?;
    Ok(Flash::success(
        Redirect::to(uri!(admin_email_blocklist: page = None)),
        i18n!(rockets.intl.catalog, "Email Blocked"),
    ))
 }
 #[get("/admin/emails?<page>")]
 pub fn admin_email_blocklist(
    _mod: Moderator,
    page: Option<Page>,
    rockets: PlumeRocket,
 ) -> Result<Ructe, ErrorPage> {
    let page = page.unwrap_or_default();
    Ok(render!(instance::emailblocklist(
        &rockets.to_context(),
        BlocklistedEmail::page(&*rockets.conn, page.limits())?,
        page.0,
        Page::total(BlocklistedEmail::count(&*rockets.conn)? as i32)
    )))
 }
 /// A structure to handle forms that are a list of items on which actions are applied.
 ///
@ -307,11 +363,20 @@ fn ban(
 ) -> Result<(), ErrorPage> {
    let u = User::get(&*conn, id)?;
    u.delete(&*conn, searcher)?;
    if Instance::get_local()
        .map(|i| u.instance_id == i.id)
        .unwrap_or(false)
    {
        BlocklistedEmail::insert(
            &conn,
            NewBlocklistedEmail {
                email_address: u.email.clone().unwrap(),
                note: "Banned".to_string(),
                notify_user: false,
                notification_text: "".to_owned(),
            },
        )
        .unwrap();
        let target = User::one_by_instance(&*conn)?;
        let delete_act = u.delete_activity(&*conn)?;
        let u_clone = u.clone();
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@ -484,8 +484,20 @@ pub fn validate_username(username: &str) -> Result<(), ValidationError> {
    }
 }
-fn to_validation(_: Error) -> ValidationErrors {
+fn to_validation(x: Error) -> ValidationErrors {
    let mut errors = ValidationErrors::new();
    if let Error::Blocklisted(show, msg) = x {
        if show {
            errors.add(
                "email",
                ValidationError {
                    code: Cow::from("blocklisted"),
                    message: Some(Cow::from(msg)),
                    params: HashMap::new(),
                },
            );
        }
    }
    errors.add(
        "",
        ValidationError {
@ -529,8 +541,7 @@ pub fn create(
                "",
                form.email.to_string(),
                User::hash_pass(&form.password).map_err(to_validation)?,
-            )
+            ).map_err(to_validation)?;
            .map_err(to_validation)?;
            Ok(Flash::success(
                Redirect::to(uri!(super::session::new: m = _)),
                i18n!(
--- a/templates/instance/admin.rs.html
+++ b/templates/instance/admin.rs.html
@ -14,6 +14,7 @@
    (&uri!(instance::admin).to_string(), i18n!(ctx.1, "Configuration"), true),
    (&uri!(instance::admin_instances: page = _).to_string(), i18n!(ctx.1, "Instances"), false),
    (&uri!(instance::admin_users: page = _).to_string(), i18n!(ctx.1, "Users"), false),
    (&uri!(instance::admin_email_blocklist: page=_).to_string(), i18n!(ctx.1, "Email blocklist"), false)
  ])
  <form method="post" action="@uri!(instance::update_settings)">
--- a/templates/instance/emailblocklist.rs.html
+++ b/templates/instance/emailblocklist.rs.html
@ -0,0 +1,71 @@
@use templates::base;
@use plume_models::blocklisted_emails::BlocklistedEmail;
@use template_utils::*;
@use routes::*;
@(ctx:BaseContext, emails: Vec<BlocklistedEmail>, page:i32, n_pages:i32)
    @:base(ctx, i18n!(ctx.1, "Blocklisted Emails"), {}, {}, {
    <h1>@i18n!(ctx.1,"Blocklisted Emails")</h1>
    @tabs(&[
        (&uri!(instance::admin).to_string(), i18n!(ctx.1, "Configuration"), false),
        (&uri!(instance::admin_instances: page = _).to_string(), i18n!(ctx.1, "Instances"), false),
        (&uri!(instance::admin_users: page = _).to_string(), i18n!(ctx.1, "Users"), false),
        (&uri!(instance::admin_email_blocklist:page=_).to_string(), i18n!(ctx.1, "Email blocklist"), true),
    ])
    <form method="post" action="@uri!(instance::add_email_blocklist)">
        @(Input::new("email_address", i18n!(ctx.1, "Email address"))
        .details(i18n!(ctx.1, "The email address you wish to block. In order to block domains, you can use globbing syntax, for example '*@example.com' blocks all addresses from example.com"))
        .set_prop("minlength", 1)
        .html(ctx.1))
        @(Input::new("note", i18n!(ctx.1, "Note")).optional().html(ctx.1))
        <label for="notify_user">@i18n!(ctx.1, "Notify the user?")
            <input id="notify_user" type="checkbox" name="notify_user">
            <small>
                @i18n!(ctx.1, "Optional, shows a message to the user when they attempt to create an account with that address")
            </small>
        </label>
        @(Input::new("notification_text", i18n!(ctx.1, "Blocklisting notification"))
            .optional()
        .details(i18n!(ctx.1, "The message to be shown when the user attempts to create an account with this email address")).html(ctx.1))
        <input type="submit"  value='@i18n!(ctx.1, "Add blocklisted address")'>
    </form>
    <form method="post" action="@uri!(instance::delete_email_blocklist)">
        <header>
            @if emails.is_empty() {
               <input type="submit" class="destructive" value='@i18n!(ctx.1, "Delete selected emails")'>
            } else {
               <p class="center" >@i18n!(ctx.1, "There are no blocked emails on your instance")</p>
            }
        </header>
    <div class="list">
        @for email in emails {
        <div class="card flex compact">
            <input type="checkbox" name="@email.id">
            <p class="grow">
                <strong>
                    @i18n!(ctx.1, "Email address:")
                </strong> @email.email_address
            </p>
            <p class="grow">
                <strong>
                    @i18n!(ctx.1, "Blocklisted for:")
                </strong> @email.note
            </p>
            <p class="grow">
                @if email.notify_user {
                <strong>
                    @i18n!(ctx.1, "Will notify them on account creation with this message:")
                </strong>
                @email.notification_text
                } else {
                @i18n!(ctx.1, "The user will be silently prevented from making an account")
                }
            </p>
        </div>
        }
    </div>
    </form>
    @paginate(ctx.1, page, n_pages)
 })
--- a/templates/instance/list.rs.html
+++ b/templates/instance/list.rs.html
@ -12,6 +12,7 @@
    (&uri!(instance::admin).to_string(), i18n!(ctx.1, "Configuration"), false),
    (&uri!(instance::admin_instances: page = _).to_string(), i18n!(ctx.1, "Instances"), true),
    (&uri!(instance::admin_users: page = _).to_string(), i18n!(ctx.1, "Users"), false),
    (&uri!(instance::admin_email_blocklist:page=_).to_string(), i18n!(ctx.1, "Email blocklist"), false),
    ])
    <div class="list">
--- a/templates/instance/users.rs.html
+++ b/templates/instance/users.rs.html
@ -12,6 +12,7 @@
        (&uri!(instance::admin).to_string(), i18n!(ctx.1, "Configuration"), false),
        (&uri!(instance::admin_instances: page = _).to_string(), i18n!(ctx.1, "Instances"), false),
        (&uri!(instance::admin_users: page = _).to_string(), i18n!(ctx.1, "Users"), true),
        (&uri!(instance::admin_email_blocklist: page=_).to_string(), i18n!(ctx.1, "Email blocklist"), false)
    ])
    <form method="post" action="@uri!(instance::edit_users)">
		`@ -0,0 +1,3 @@`
							-- This file should undo anything in `up.sql`

							`drop table email_blocklist;`