mastodon/app/controllers/application_controller.rb

# frozen_string_literal: true

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  include Localized
  include UserTrackingConcern
  include SessionTrackingConcern
  include CacheConcern
  include DomainControlHelper
  include ThemingConcern

  helper_method :current_account
  helper_method :current_session
  helper_method :current_flavour
  helper_method :current_skin
  helper_method :single_user_mode?
  helper_method :use_seamless_external_login?
  helper_method :whitelist_mode?

  rescue_from ActionController::ParameterMissing, Paperclip::AdapterRegistry::NoHandlerError, with: :bad_request
  rescue_from Mastodon::NotPermittedError, with: :forbidden
  rescue_from ActionController::RoutingError, ActiveRecord::RecordNotFound, with: :not_found
  rescue_from ActionController::UnknownFormat, with: :not_acceptable
  rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
  rescue_from Mastodon::RateLimitExceededError, with: :too_many_requests

  rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error
  rescue_from Mastodon::RaceConditionError, Stoplight::Error::RedLight, ActiveRecord::SerializationFailure, with: :service_unavailable

  rescue_from Seahorse::Client::NetworkingError do |e|
    Rails.logger.warn "Storage server error: #{e}"
    service_unavailable
  end

  before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
  before_action :require_functional!, if: :user_signed_in?

  skip_before_action :verify_authenticity_token, only: :raise_not_found

  def raise_not_found
    raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
  end

  private

  def authorized_fetch_mode?
    ENV['AUTHORIZED_FETCH'] == 'true' || Rails.configuration.x.whitelist_mode
  end

  def public_fetch_mode?
    !authorized_fetch_mode?
  end

  def store_current_location
    store_location_for(:user, request.url) unless [:json, :rss].include?(request.format&.to_sym)
  end

  def require_functional!
    redirect_to edit_user_registration_path unless current_user.functional?
  end

  def after_sign_out_path_for(_resource_or_scope)
    new_user_session_path
  end

  protected

  def truthy_param?(key)
    ActiveModel::Type::Boolean.new.cast(params[key])
  end

  def forbidden
    respond_with_error(403)
  end

  def not_found
    respond_with_error(404)
  end

  def gone
    respond_with_error(410)
  end

  def unprocessable_entity
    respond_with_error(422)
  end

  def not_acceptable
    respond_with_error(406)
  end

  def bad_request
    respond_with_error(400)
  end

  def internal_server_error
    respond_with_error(500)
  end

  def service_unavailable
    respond_with_error(503)
  end

  def too_many_requests
    respond_with_error(429)
  end

  def single_user_mode?
    @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?
  end

  def use_seamless_external_login?
    Devise.pam_authentication || Devise.ldap_authentication
  end

  def current_account
    return @current_account if defined?(@current_account)

    @current_account = current_user&.account
  end

  def current_session
    return @current_session if defined?(@current_session)

    @current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?
  end

  def respond_with_error(code)
    respond_to do |format|
      format.any do
        use_pack 'error'
        render "errors/#{code}", layout: 'error', status: code, formats: [:html]
      end
      format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }
    end
  end
end
Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 15:56:29 +00:00			`# frozen_string_literal: true`

Initial commit 2016-02-20 21:53:20 +00:00			`class ApplicationController < ActionController::Base`
			`# Prevent CSRF attacks by raising an exception.`
			`# For APIs, you may want to use :null_session instead.`
			`protect_from_forgery with: :exception`
Fixing FanOutOnWriteService, fixing Sidekiq not having enough DB connections in the pool, adding a throttle of 60rpm per IP, adding mini profiler, adding admin status to users 2016-03-25 13:12:24 +00:00
Fix #1165 - before_action was called before protect_from_forgery 2017-04-08 00:30:50 +00:00			`include Localized`
Extract user tracking into concern (#2600) 2017-04-29 22:28:16 +00:00			`include UserTrackingConcern`
Update session activation time (fixes #5605) (#7408) 2018-05-11 11:20:58 +00:00			`include SessionTrackingConcern`
Add (back) rails-level JSON caching (#11333) 2019-07-21 20:32:16 +00:00			`include CacheConcern`
Add whitelist mode (#11291) 2019-07-30 09:10:46 +00:00			`include DomainControlHelper`
Move controller theming code to concern 2022-01-17 11:50:02 +00:00			`include ThemingConcern`
Make file attachment on MediaAttachment optional (#1865) Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true Clean up old media files when creating a new domain block with reject_media set to true Return remote_url in media attachments API if local file is not present Undo domain block action in admin UI Ability to enable reject_media from admin UI 2017-04-16 10:51:30 +00:00
			`helper_method :current_account`
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 21:51:32 +00:00			`helper_method :current_session`
Rename themes -> flavours ? ? 2017-12-04 07:26:40 +00:00			`helper_method :current_flavour`
Skins support 2017-12-01 03:29:47 +00:00			`helper_method :current_skin`
Make file attachment on MediaAttachment optional (#1865) Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true Clean up old media files when creating a new domain block with reject_media set to true Return remote_url in media attachments API if local file is not present Undo domain block action in admin UI Ability to enable reject_media from admin UI 2017-04-16 10:51:30 +00:00			`helper_method :single_user_mode?`
Fix #942: Seamless LDAP login (#6556) 2018-02-28 18:04:53 +00:00			`helper_method :use_seamless_external_login?`
Add whitelist mode (#11291) 2019-07-30 09:10:46 +00:00			`helper_method :whitelist_mode?`
Adding React.js, Redux, revamping dashboard 2016-08-24 15:56:44 +00:00
Fix database serialization failure returning HTTP 500 (#16101) Database serialization failure occurs when a read-replica is used and a query takes long enough that rows on the primary database become unavailable. It should return HTTP 503 as it is temporary. Re-order rescue definitions according to their status codes 2021-05-05 17:44:35 +00:00			`rescue_from ActionController::ParameterMissing, Paperclip::AdapterRegistry::NoHandlerError, with: :bad_request`
Add moderator role and add pundit policies for admin actions (#5635) * Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n 2017-11-11 19:23:33 +00:00			`rescue_from Mastodon::NotPermittedError, with: :forbidden`
Fix database serialization failure returning HTTP 500 (#16101) Database serialization failure occurs when a read-replica is used and a query takes long enough that rows on the primary database become unavailable. It should return HTTP 503 as it is temporary. Re-order rescue definitions according to their status codes 2021-05-05 17:44:35 +00:00			`rescue_from ActionController::RoutingError, ActiveRecord::RecordNotFound, with: :not_found`
			`rescue_from ActionController::UnknownFormat, with: :not_acceptable`
			`rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity`
Add specific rate limits for posting and following (#13172) 2020-03-08 14:17:39 +00:00			`rescue_from Mastodon::RateLimitExceededError, with: :too_many_requests`
Fix local follows, 404 in logs 2016-09-08 00:40:51 +00:00
Fix database serialization failure returning HTTP 500 (#16101) Database serialization failure occurs when a read-replica is used and a query takes long enough that rows on the primary database become unavailable. It should return HTTP 503 as it is temporary. Re-order rescue definitions according to their status codes 2021-05-05 17:44:35 +00:00			`rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error`
Add logging of S3-related errors (#16381) 2021-07-21 16:34:39 +00:00			`rescue_from Mastodon::RaceConditionError, Stoplight::Error::RedLight, ActiveRecord::SerializationFailure, with: :service_unavailable`

			`rescue_from Seahorse::Client::NetworkingError do \|e\|`
			`Rails.logger.warn "Storage server error: #{e}"`
			`service_unavailable`
			`end`
Fix database serialization failure returning HTTP 500 (#16101) Database serialization failure occurs when a read-replica is used and a query takes long enough that rows on the primary database become unavailable. It should return HTTP 503 as it is temporary. Re-order rescue definitions according to their status codes 2021-05-05 17:44:35 +00:00
Fix sign-in redirecting "back" to a missing image because missing static files hit the raise_not_found method 2016-10-06 13:42:00 +00:00			`before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?`
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. 2019-07-22 08:48:50 +00:00			`before_action :require_functional!, if: :user_signed_in?`
Redirect after sign in to previous page (unless it's a sign in/up/etc page) 2016-10-02 15:11:08 +00:00
Fix 422 being returned instead of 404 when POSTing (#11574) 2019-08-16 00:08:35 +00:00			`skip_before_action :verify_authenticity_token, only: :raise_not_found`

Fix local follows, 404 in logs 2016-09-08 00:40:51 +00:00			`def raise_not_found`
Improve code style 2016-09-29 19:28:21 +00:00			`raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"`
Fix local follows, 404 in logs 2016-09-08 00:40:51 +00:00			`end`

Redirect after sign in to previous page (unless it's a sign in/up/etc page) 2016-10-02 15:11:08 +00:00			`private`

Add ActivityPub secure mode (#11269) * Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method 2019-07-11 18:11:09 +00:00			`def authorized_fetch_mode?`
Add whitelist mode (#11291) 2019-07-30 09:10:46 +00:00			`ENV['AUTHORIZED_FETCH'] == 'true' \|\| Rails.configuration.x.whitelist_mode`
Add ActivityPub secure mode (#11269) * Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method 2019-07-11 18:11:09 +00:00			`end`

			`def public_fetch_mode?`
			`!authorized_fetch_mode?`
			`end`

Redirect after sign in to previous page (unless it's a sign in/up/etc page) 2016-10-02 15:11:08 +00:00			`def store_current_location`
Fix RSS feeds not being cachable (#14368) * Add tests for some cachable responses This only covers responses that we should have managed to make cachable so far. It's not the case of all responses that should be cachable in the end. * Fix RSS feeds not being cachable 2020-07-22 09:44:02 +00:00			`store_location_for(:user, request.url) unless [:json, :rss].include?(request.format&.to_sym)`
Redirect after sign in to previous page (unless it's a sign in/up/etc page) 2016-10-02 15:11:08 +00:00			`end`

Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. 2019-07-22 08:48:50 +00:00			`def require_functional!`
			`redirect_to edit_user_registration_path unless current_user.functional?`
Add filters for suspended accounts 2016-12-06 17:03:30 +00:00			`end`

Add "signed in as" header to some pages (#4523) 2017-08-05 02:24:58 +00:00			`def after_sign_out_path_for(_resource_or_scope)`
			`new_user_session_path`
			`end`

Fix tests 2016-08-18 15:13:41 +00:00			`protected`

Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login 2018-09-09 02:10:44 +00:00			`def truthy_param?(key)`
			`ActiveModel::Type::Boolean.new.cast(params[key])`
			`end`

Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method 2017-05-01 20:24:36 +00:00			`def forbidden`
			`respond_with_error(403)`
Fix local follows, 404 in logs 2016-09-08 00:40:51 +00:00			`end`

Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method 2017-05-01 20:24:36 +00:00			`def not_found`
			`respond_with_error(404)`
Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether 2017-01-14 23:30:23 +00:00			`end`

Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method 2017-05-01 20:24:36 +00:00			`def gone`
			`respond_with_error(410)`
ActivityPub: Add basic, read-only support for Outboxes, Notes, and Create/Announce Activities (#2197) * Clean up collapsible components * Expose user Outboxes and AS2 representations of statuses * Save work thus far. * Fix bad merge. * Save my work * Clean up pagination. * First test working. * Add tests. * Add Forbidden error template. * Revert yarn.lock changes. * Fix code style deviations and use localized instead of hardcoded English text. 2017-04-23 03:21:10 +00:00			`end`

Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether 2017-01-14 23:30:23 +00:00			`def unprocessable_entity`
Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method 2017-05-01 20:24:36 +00:00			`respond_with_error(422)`
Catching more exceptions that slipped through, removing AR logging from production as it's very verbose and not very useful 2016-10-05 11:26:44 +00:00			`end`

Catch ActionController::UnknownFormat and return HTTP 406 (#7621) An error like that should not appear in production error log. 2018-05-25 23:09:30 +00:00			`def not_acceptable`
			`respond_with_error(406)`
			`end`

Fix uncaught parameter missing exceptions and missing error templates (#11702) 2019-08-29 23:34:47 +00:00			`def bad_request`
			`respond_with_error(400)`
			`end`

Fix uncaught 422 and 500 errors (#11590) 2019-08-18 16:04:18 +00:00			`def internal_server_error`
			`respond_with_error(500)`
			`end`

Fix uncaught parameter missing exceptions and missing error templates (#11702) 2019-08-29 23:34:47 +00:00			`def service_unavailable`
			`respond_with_error(503)`
			`end`

Add specific rate limits for posting and following (#13172) 2020-03-08 14:17:39 +00:00			`def too_many_requests`
			`respond_with_error(429)`
			`end`

Give SINGLE_USER a chance to register (#1820) An attempt to open a brand new Mastodon instance configured as SINGLE_USER_MODE=true will cause an exception. Enable temporary registration if we have no users in the database Fixes #1817 2017-04-15 14:46:27 +00:00			`def single_user_mode?`
Add ActivityPub actor representing the entire server (#11321) * Add support for an instance actor * Skip username validation for local Application accounts * Add migration script to create instance actor * Make Codeclimate happy * Switch to id -99 for instance actor * Remove unused `icon` and `image` attributes from instance actor * Use if/elsif/else instead of return + ternary operator * Add instance actor to fresh installs * Use instance actor as instance representative Use instance actor for forwarding reports, relay operations, and spam auto-reporting. * Seed database in test environment * Fix single-user mode * Fix tests * Fix specs to accomodate for an extra `Account` * Auto-reject follows on instance actor Following an instance actor might make sense, but we are not handling that right now, so auto-reject. * Fix webfinger lookup and serialization for instance actor * Rename instance actor * Make it clear in the HTML view that the instance actor should not be blocked * Raise cache time for instance actor as there's no dynamic content * Re-use /about/more with a flash message for instance actor profile 2019-07-18 23:44:42 +00:00			`@single_user_mode \|\|= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?`
Give SINGLE_USER a chance to register (#1820) An attempt to open a brand new Mastodon instance configured as SINGLE_USER_MODE=true will cause an exception. Enable temporary registration if we have no users in the database Fixes #1817 2017-04-15 14:46:27 +00:00			`end`

Fix #942: Seamless LDAP login (#6556) 2018-02-28 18:04:53 +00:00			`def use_seamless_external_login?`
			`Devise.pam_authentication \|\| Devise.ldap_authentication`
pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style 2018-02-02 09:18:55 +00:00			`end`

Fix tests 2016-08-18 15:13:41 +00:00			`def current_account`
Fix unnecessary SQL query performed on unauthenticated requests (#11179) 2019-06-25 18:18:15 +00:00			`return @current_account if defined?(@current_account)`

			`@current_account = current_user&.account`
Fix tests 2016-08-18 15:13:41 +00:00			`end`
Unify collection caching code 2016-11-29 14:49:39 +00:00
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 21:51:32 +00:00			`def current_session`
Fix unnecessary SQL query performed on unauthenticated requests (#11179) 2019-06-25 18:18:15 +00:00			`return @current_session if defined?(@current_session)`

			`@current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?`
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 21:51:32 +00:00			`end`

Fix #2195 - Set locale to error pages (#2255) * Fix #2195 - Set locale to error pages * Fix #2195 - Cut duplicate process into one method 2017-04-21 16:11:20 +00:00			`def respond_with_error(code)`
Fix HTML error pages being returned when JSON is expected (#12713) Fix #12509 See also #12214 2019-12-30 03:38:18 +00:00			`respond_to do \|format\|`
Merge branch 'master' into glitch-soc/merge-upstream Conflicts: - `app/controllers/application_controller.rb`: Conflict due to theming system. - `app/controllers/oauth/authorizations_controller.rb`: Conflict due to theming system. 2020-01-04 21:54:06 +00:00			`format.any do`
			`use_pack 'error'`
			`render "errors/#{code}", layout: 'error', status: code, formats: [:html]`
			`end`
Fix HTML error pages being returned when JSON is expected (#12713) Fix #12509 See also #12214 2019-12-30 03:38:18 +00:00			`format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }`
			`end`
Fix #2195 - Set locale to error pages (#2255) * Fix #2195 - Set locale to error pages * Fix #2195 - Cut duplicate process into one method 2017-04-21 16:11:20 +00:00			`end`
Initial commit 2016-02-20 21:53:20 +00:00			`end`