From 5943543ec30fe5194b0126bd05477e7969b20036 Mon Sep 17 00:00:00 2001 From: Guo Xiang Tan Date: Tue, 14 Mar 2017 14:33:06 +0800 Subject: [PATCH] FIX: Improve checks for non-human users. --- app/controllers/session_controller.rb | 2 +- app/controllers/users_controller.rb | 2 +- app/jobs/scheduled/disable_bootstrap_mode.rb | 2 +- app/models/draft_sequence.rb | 2 +- app/models/post_action.rb | 9 ++++++--- app/models/topic_converter.rb | 2 +- app/models/user.rb | 4 ++-- app/services/post_alerter.rb | 4 ++-- 8 files changed, 15 insertions(+), 12 deletions(-) diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 45f2ab46f41..b915c1401a6 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -243,7 +243,7 @@ class SessionController < ApplicationController RateLimiter.new(nil, "forgot-password-login-min-#{params[:login].to_s[0..100]}", 3, 1.minute).performed! user = User.find_by_username_or_email(params[:login]) - user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID && !user.staged + user_presence = user.present? && user.id > 0 && !user.staged if user_presence email_token = user.email_tokens.create(email: user.email) Jobs.enqueue(:critical_user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c548d232a21..eb69ce7d3ce 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -491,7 +491,7 @@ class UsersController < ApplicationController RateLimiter.new(nil, "admin-login-hr-#{request.remote_ip}", 6, 1.hour).performed! RateLimiter.new(nil, "admin-login-min-#{request.remote_ip}", 3, 1.minute).performed! - user = User.where(email: params[:email], admin: true).where.not(id: Discourse::SYSTEM_USER_ID).first + user = User.where(email: params[:email], admin: true).human_users.first if user email_token = user.email_tokens.create(email: user.email) Jobs.enqueue(:critical_user_email, type: :admin_login, user_id: user.id, email_token: email_token.token) diff --git a/app/jobs/scheduled/disable_bootstrap_mode.rb b/app/jobs/scheduled/disable_bootstrap_mode.rb index 16028bac875..108a2930620 100644 --- a/app/jobs/scheduled/disable_bootstrap_mode.rb +++ b/app/jobs/scheduled/disable_bootstrap_mode.rb @@ -4,7 +4,7 @@ module Jobs def execute(args) return unless SiteSetting.bootstrap_mode_enabled - total_users = User.where.not(id: Discourse::SYSTEM_USER_ID).count + total_users = User.human_users.count if SiteSetting.bootstrap_mode_min_users == 0 || total_users > SiteSetting.bootstrap_mode_min_users SiteSetting.set_and_log('default_trust_level', TrustLevel[0]) if SiteSetting.send('default_trust_level') == TrustLevel[1] diff --git a/app/models/draft_sequence.rb b/app/models/draft_sequence.rb index 9a2e16cbe0a..0e1c44359ef 100644 --- a/app/models/draft_sequence.rb +++ b/app/models/draft_sequence.rb @@ -3,7 +3,7 @@ class DraftSequence < ActiveRecord::Base user_id = user user_id = user.id unless user.class == Fixnum - return 0 if user_id == Discourse::SYSTEM_USER_ID + return 0 if user_id < 0 h = { user_id: user_id, draft_key: key } c = DraftSequence.find_by(h) diff --git a/app/models/post_action.rb b/app/models/post_action.rb index 39d36c22422..7c0e7e21649 100644 --- a/app/models/post_action.rb +++ b/app/models/post_action.rb @@ -160,9 +160,12 @@ SQL def self.clear_flags!(post, moderator) # -1 is the automatic system cleary - action_type_ids = moderator.id == -1 ? - PostActionType.auto_action_flag_types.values : + action_type_ids = + if moderator.id == Discourse::SYSTEM_USER_ID + PostActionType.auto_action_flag_types.values + else PostActionType.flag_types.values + end actions = PostAction.where(post_id: post.id) .where(post_action_type_id: action_type_ids) @@ -487,7 +490,7 @@ SQL .flags .joins(:post) .where("posts.topic_id = ?", topic.id) - .where.not(user_id: Discourse::SYSTEM_USER_ID) + .where("post_actions.user_id > 0") .group("post_actions.user_id") .pluck("post_actions.user_id, COUNT(post_id)") diff --git a/app/models/topic_converter.rb b/app/models/topic_converter.rb index 4e40c283424..ddbda3a6903 100644 --- a/app/models/topic_converter.rb +++ b/app/models/topic_converter.rb @@ -61,7 +61,7 @@ class TopicConverter @topic.notifier.watch_topic!(topic.user_id) @topic.topic_allowed_users(true).each do |tau| - next if tau.user_id == -1 || tau.user_id == topic.user_id + next if tau.user_id < 0 || tau.user_id == topic.user_id topic.notifier.watch!(tau.user_id) end end diff --git a/app/models/user.rb b/app/models/user.rb index 5a0679508d0..c4cfcfc3e8e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -900,7 +900,7 @@ class User < ActiveRecord::Base end def is_singular_admin? - User.where(admin: true).where.not(id: id).where.not(id: Discourse::SYSTEM_USER_ID).blank? + User.where(admin: true).where.not(id: id).human_users.blank? end def logged_out @@ -925,7 +925,7 @@ class User < ActiveRecord::Base end def clear_global_notice_if_needed - return if id == Discourse::SYSTEM_USER_ID + return if id < 0 if admin && SiteSetting.has_login_hint SiteSetting.has_login_hint = false diff --git a/app/services/post_alerter.rb b/app/services/post_alerter.rb index 014f5d0cfea..6b5eb909d53 100644 --- a/app/services/post_alerter.rb +++ b/app/services/post_alerter.rb @@ -8,7 +8,7 @@ class PostAlerter def not_allowed?(user, post) user.blank? || - user.id == Discourse::SYSTEM_USER_ID || + user.id < 0 || user.id == post.user_id end @@ -269,7 +269,7 @@ class PostAlerter def create_notification(user, type, post, opts=nil) return if user.blank? - return if user.id == Discourse::SYSTEM_USER_ID + return if user.id < 0 return if type == Notification.types[:liked] && user.user_option.like_notification_frequency == UserOption.like_notification_frequency_type[:never]