user.rb 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391
  1. # frozen_string_literal: true
  2. # == Schema Information
  3. #
  4. # Table name: users
  5. #
  6. # id :bigint(8) not null, primary key
  7. # email :string default(""), not null
  8. # created_at :datetime not null
  9. # updated_at :datetime not null
  10. # encrypted_password :string default(""), not null
  11. # reset_password_token :string
  12. # reset_password_sent_at :datetime
  13. # remember_created_at :datetime
  14. # sign_in_count :integer default(0), not null
  15. # current_sign_in_at :datetime
  16. # last_sign_in_at :datetime
  17. # current_sign_in_ip :inet
  18. # last_sign_in_ip :inet
  19. # admin :boolean default(FALSE), not null
  20. # confirmation_token :string
  21. # confirmed_at :datetime
  22. # confirmation_sent_at :datetime
  23. # unconfirmed_email :string
  24. # locale :string
  25. # encrypted_otp_secret :string
  26. # encrypted_otp_secret_iv :string
  27. # encrypted_otp_secret_salt :string
  28. # consumed_timestep :integer
  29. # otp_required_for_login :boolean default(FALSE), not null
  30. # last_emailed_at :datetime
  31. # otp_backup_codes :string is an Array
  32. # filtered_languages :string default([]), not null, is an Array
  33. # account_id :bigint(8) not null
  34. # disabled :boolean default(FALSE), not null
  35. # moderator :boolean default(FALSE), not null
  36. # invite_id :bigint(8)
  37. # remember_token :string
  38. # chosen_languages :string is an Array
  39. # created_by_application_id :bigint(8)
  40. # approved :boolean default(TRUE), not null
  41. #
  42. class User < ApplicationRecord
  43. include Settings::Extend
  44. include UserRoles
  45. # The home and list feeds will be stored in Redis for this amount
  46. # of time, and status fan-out to followers will include only people
  47. # within this time frame. Lowering the duration may improve performance
  48. # if lots of people sign up, but not a lot of them check their feed
  49. # every day. Raising the duration reduces the amount of expensive
  50. # RegenerationWorker jobs that need to be run when those people come
  51. # to check their feed
  52. ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
  53. devise :two_factor_authenticatable,
  54. otp_secret_encryption_key: Rails.configuration.x.otp_secret
  55. devise :two_factor_backupable,
  56. otp_number_of_backup_codes: 10
  57. devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
  58. :confirmable
  59. include Omniauthable
  60. include PamAuthenticable
  61. include LdapAuthenticable
  62. belongs_to :account, inverse_of: :user
  63. belongs_to :invite, counter_cache: :uses, optional: true
  64. belongs_to :created_by_application, class_name: 'Doorkeeper::Application', optional: true
  65. accepts_nested_attributes_for :account
  66. has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
  67. has_many :backups, inverse_of: :user
  68. has_many :invites, inverse_of: :user
  69. has_many :markers, inverse_of: :user, dependent: :destroy
  70. has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy
  71. accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? }
  72. validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
  73. validates_with BlacklistedEmailValidator, on: :create
  74. validates_with EmailMxValidator, if: :validate_email_dns?
  75. validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
  76. scope :recent, -> { order(id: :desc) }
  77. scope :pending, -> { where(approved: false) }
  78. scope :approved, -> { where(approved: true) }
  79. scope :confirmed, -> { where.not(confirmed_at: nil) }
  80. scope :enabled, -> { where(disabled: false) }
  81. scope :disabled, -> { where(disabled: true) }
  82. scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) }
  83. scope :active, -> { confirmed.where(arel_table[:current_sign_in_at].gteq(ACTIVE_DURATION.ago)).joins(:account).where(accounts: { suspended_at: nil }) }
  84. scope :matches_email, ->(value) { where(arel_table[:email].matches("#{value}%")) }
  85. scope :matches_ip, ->(value) { left_joins(:session_activations).where('users.current_sign_in_ip <<= ?', value).or(left_joins(:session_activations).where('users.last_sign_in_ip <<= ?', value)).or(left_joins(:session_activations).where('session_activations.ip <<= ?', value)) }
  86. scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) }
  87. before_validation :sanitize_languages
  88. before_create :set_approved
  89. after_commit :send_pending_devise_notifications
  90. # This avoids a deprecation warning from Rails 5.1
  91. # It seems possible that a future release of devise-two-factor will
  92. # handle this itself, and this can be removed from our User class.
  93. attribute :otp_secret
  94. has_many :session_activations, dependent: :destroy
  95. delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :delete_modal,
  96. :reduce_motion, :system_font_ui, :noindex, :theme, :display_media, :hide_network,
  97. :expand_spoilers, :default_language, :aggregate_reblogs, :show_application,
  98. :advanced_layout, :use_blurhash, :use_pending_items, :trends, :crop_images,
  99. to: :settings, prefix: :setting, allow_nil: false
  100. attr_reader :invite_code
  101. attr_writer :external
  102. def confirmed?
  103. confirmed_at.present?
  104. end
  105. def invited?
  106. invite_id.present?
  107. end
  108. def valid_invitation?
  109. invite_id.present? && invite.valid_for_use?
  110. end
  111. def disable!
  112. update!(disabled: true)
  113. end
  114. def enable!
  115. update!(disabled: false)
  116. end
  117. def confirm
  118. new_user = !confirmed?
  119. self.approved = true if open_registrations?
  120. super
  121. if new_user && approved?
  122. prepare_new_user!
  123. elsif new_user
  124. notify_staff_about_pending_account!
  125. end
  126. end
  127. def confirm!
  128. new_user = !confirmed?
  129. self.approved = true if open_registrations?
  130. skip_confirmation!
  131. save!
  132. prepare_new_user! if new_user && approved?
  133. end
  134. def pending?
  135. !approved?
  136. end
  137. def active_for_authentication?
  138. true
  139. end
  140. def functional?
  141. confirmed? && approved? && !disabled? && !account.suspended? && account.moved_to_account_id.nil?
  142. end
  143. def unconfirmed_or_pending?
  144. !(confirmed? && approved?)
  145. end
  146. def inactive_message
  147. !approved? ? :pending : super
  148. end
  149. def approve!
  150. return if approved?
  151. update!(approved: true)
  152. prepare_new_user!
  153. end
  154. def update_tracked_fields!(request)
  155. super
  156. prepare_returning_user!
  157. end
  158. def disable_two_factor!
  159. self.otp_required_for_login = false
  160. otp_backup_codes&.clear
  161. save!
  162. end
  163. def setting_default_privacy
  164. settings.default_privacy || (account.locked? ? 'private' : 'public')
  165. end
  166. def allows_digest_emails?
  167. settings.notification_emails['digest']
  168. end
  169. def allows_report_emails?
  170. settings.notification_emails['report']
  171. end
  172. def allows_pending_account_emails?
  173. settings.notification_emails['pending_account']
  174. end
  175. def allows_trending_tag_emails?
  176. settings.notification_emails['trending_tag']
  177. end
  178. def hides_network?
  179. @hides_network ||= settings.hide_network
  180. end
  181. def aggregates_reblogs?
  182. @aggregates_reblogs ||= settings.aggregate_reblogs
  183. end
  184. def shows_application?
  185. @shows_application ||= settings.show_application
  186. end
  187. def token_for_app(a)
  188. return nil if a.nil? || a.owner != self
  189. Doorkeeper::AccessToken
  190. .find_or_create_by(application_id: a.id, resource_owner_id: id) do |t|
  191. t.scopes = a.scopes
  192. t.expires_in = Doorkeeper.configuration.access_token_expires_in
  193. t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled?
  194. end
  195. end
  196. def activate_session(request)
  197. session_activations.activate(session_id: SecureRandom.hex,
  198. user_agent: request.user_agent,
  199. ip: request.remote_ip).session_id
  200. end
  201. def clear_other_sessions(id)
  202. session_activations.exclusive(id)
  203. end
  204. def session_active?(id)
  205. session_activations.active? id
  206. end
  207. def web_push_subscription(session)
  208. session.web_push_subscription.nil? ? nil : session.web_push_subscription
  209. end
  210. def invite_code=(code)
  211. self.invite = Invite.find_by(code: code) if code.present?
  212. @invite_code = code
  213. end
  214. def password_required?
  215. return false if external?
  216. super
  217. end
  218. def send_reset_password_instructions
  219. return false if encrypted_password.blank?
  220. super
  221. end
  222. def reset_password!(new_password, new_password_confirmation)
  223. return false if encrypted_password.blank?
  224. super
  225. end
  226. def show_all_media?
  227. setting_display_media == 'show_all'
  228. end
  229. def hide_all_media?
  230. setting_display_media == 'hide_all'
  231. end
  232. def recent_ips
  233. @recent_ips ||= begin
  234. arr = []
  235. session_activations.each do |session_activation|
  236. arr << [session_activation.updated_at, session_activation.ip]
  237. end
  238. arr << [current_sign_in_at, current_sign_in_ip] if current_sign_in_ip.present?
  239. arr << [last_sign_in_at, last_sign_in_ip] if last_sign_in_ip.present?
  240. arr.sort_by { |pair| pair.first || Time.now.utc }.uniq(&:last).reverse!
  241. end
  242. end
  243. protected
  244. def send_devise_notification(notification, *args)
  245. # This method can be called in `after_update` and `after_commit` hooks,
  246. # but we must make sure the mailer is actually called *after* commit,
  247. # otherwise it may work on stale data. To do this, figure out if we are
  248. # within a transaction.
  249. if ActiveRecord::Base.connection.current_transaction.try(:records)&.include?(self)
  250. pending_devise_notifications << [notification, args]
  251. else
  252. render_and_send_devise_message(notification, *args)
  253. end
  254. end
  255. private
  256. def send_pending_devise_notifications
  257. pending_devise_notifications.each do |notification, args|
  258. render_and_send_devise_message(notification, *args)
  259. end
  260. # Empty the pending notifications array because the
  261. # after_commit hook can be called multiple times which
  262. # could cause multiple emails to be sent.
  263. pending_devise_notifications.clear
  264. end
  265. def pending_devise_notifications
  266. @pending_devise_notifications ||= []
  267. end
  268. def render_and_send_devise_message(notification, *args)
  269. devise_mailer.send(notification, self, *args).deliver_later
  270. end
  271. def set_approved
  272. self.approved = open_registrations? || valid_invitation? || external?
  273. end
  274. def open_registrations?
  275. Setting.registrations_mode == 'open'
  276. end
  277. def external?
  278. !!@external
  279. end
  280. def sanitize_languages
  281. return if chosen_languages.nil?
  282. chosen_languages.reject!(&:blank?)
  283. self.chosen_languages = nil if chosen_languages.empty?
  284. end
  285. def prepare_new_user!
  286. BootstrapTimelineWorker.perform_async(account_id)
  287. ActivityTracker.increment('activity:accounts:local')
  288. UserMailer.welcome(self).deliver_later
  289. end
  290. def prepare_returning_user!
  291. ActivityTracker.record('activity:logins', id)
  292. regenerate_feed! if needs_feed_update?
  293. end
  294. def notify_staff_about_pending_account!
  295. User.staff.includes(:account).each do |u|
  296. next unless u.allows_pending_account_emails?
  297. AdminMailer.new_pending_account(u.account, self).deliver_later
  298. end
  299. end
  300. def regenerate_feed!
  301. return unless Redis.current.setnx("account:#{account_id}:regeneration", true)
  302. Redis.current.expire("account:#{account_id}:regeneration", 1.day.seconds)
  303. RegenerationWorker.perform_async(account_id)
  304. end
  305. def needs_feed_update?
  306. last_sign_in_at < ACTIVE_DURATION.ago
  307. end
  308. def validate_email_dns?
  309. email_changed? && !(Rails.env.test? || Rails.env.development?)
  310. end
  311. end