github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Improve checks for non-human users.

Browse Source
This commit is contained in:
Guo Xiang Tan
2017-03-14 14:33:06 +08:00
parent aeb169bd0e
commit 5943543ec3
8 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/session_controller.rb
View File

@ -243,7 +243,7 @@ class SessionController < ApplicationController
RateLimiter.new(nil, "forgot-password-login-min-#{params[:login].to_s[0..100]}", 3, 1.minute).performed! RateLimiter.new(nil, "forgot-password-login-min-#{params[:login].to_s[0..100]}", 3, 1.minute).performed!
user = User.find_by_username_or_email(params[:login]) user = User.find_by_username_or_email(params[:login])
user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID && !user.staged user_presence = user.present? && user.id > 0 && !user.staged
if user_presence if user_presence
email_token = user.email_tokens.create(email: user.email) email_token = user.email_tokens.create(email: user.email)
Jobs.enqueue(:critical_user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token) Jobs.enqueue(:critical_user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)

2
app/controllers/users_controller.rb
View File

@ -491,7 +491,7 @@ class UsersController < ApplicationController
RateLimiter.new(nil, "admin-login-hr-#{request.remote_ip}", 6, 1.hour).performed! RateLimiter.new(nil, "admin-login-hr-#{request.remote_ip}", 6, 1.hour).performed!
RateLimiter.new(nil, "admin-login-min-#{request.remote_ip}", 3, 1.minute).performed! RateLimiter.new(nil, "admin-login-min-#{request.remote_ip}", 3, 1.minute).performed!
user = User.where(email: params[:email], admin: true).where.not(id: Discourse::SYSTEM_USER_ID).first user = User.where(email: params[:email], admin: true).human_users.first
if user if user
email_token = user.email_tokens.create(email: user.email) email_token = user.email_tokens.create(email: user.email)
Jobs.enqueue(:critical_user_email, type: :admin_login, user_id: user.id, email_token: email_token.token) Jobs.enqueue(:critical_user_email, type: :admin_login, user_id: user.id, email_token: email_token.token)

2
app/jobs/scheduled/disable_bootstrap_mode.rb
View File

@ -4,7 +4,7 @@ module Jobs
def execute(args) def execute(args)
return unless SiteSetting.bootstrap_mode_enabled return unless SiteSetting.bootstrap_mode_enabled
total_users = User.where.not(id: Discourse::SYSTEM_USER_ID).count total_users = User.human_users.count
if SiteSetting.bootstrap_mode_min_users == 0 || total_users > SiteSetting.bootstrap_mode_min_users if SiteSetting.bootstrap_mode_min_users == 0 || total_users > SiteSetting.bootstrap_mode_min_users
SiteSetting.set_and_log('default_trust_level', TrustLevel[0]) if SiteSetting.send('default_trust_level') == TrustLevel[1] SiteSetting.set_and_log('default_trust_level', TrustLevel[0]) if SiteSetting.send('default_trust_level') == TrustLevel[1]

2
app/models/draft_sequence.rb
View File

@ -3,7 +3,7 @@ class DraftSequence < ActiveRecord::Base
user_id = user user_id = user
user_id = user.id unless user.class == Fixnum user_id = user.id unless user.class == Fixnum
return 0 if user_id == Discourse::SYSTEM_USER_ID return 0 if user_id < 0
h = { user_id: user_id, draft_key: key } h = { user_id: user_id, draft_key: key }
c = DraftSequence.find_by(h) c = DraftSequence.find_by(h)

9
app/models/post_action.rb
View File

@ -160,9 +160,12 @@ SQL
def self.clear_flags!(post, moderator) def self.clear_flags!(post, moderator)
# -1 is the automatic system cleary # -1 is the automatic system cleary
action_type_ids = moderator.id == -1 ? action_type_ids =
PostActionType.auto_action_flag_types.values : if moderator.id == Discourse::SYSTEM_USER_ID
PostActionType.auto_action_flag_types.values
else
PostActionType.flag_types.values PostActionType.flag_types.values
end
actions = PostAction.where(post_id: post.id) actions = PostAction.where(post_id: post.id)
.where(post_action_type_id: action_type_ids) .where(post_action_type_id: action_type_ids)
@ -487,7 +490,7 @@ SQL
.flags .flags
.joins(:post) .joins(:post)
.where("posts.topic_id = ?", topic.id) .where("posts.topic_id = ?", topic.id)
.where.not(user_id: Discourse::SYSTEM_USER_ID) .where("post_actions.user_id > 0")
.group("post_actions.user_id") .group("post_actions.user_id")
.pluck("post_actions.user_id, COUNT(post_id)") .pluck("post_actions.user_id, COUNT(post_id)")

2
app/models/topic_converter.rb
View File

@ -61,7 +61,7 @@ class TopicConverter
@topic.notifier.watch_topic!(topic.user_id) @topic.notifier.watch_topic!(topic.user_id)
@topic.topic_allowed_users(true).each do |tau| @topic.topic_allowed_users(true).each do |tau|
next if tau.user_id == -1 || tau.user_id == topic.user_id next if tau.user_id < 0 || tau.user_id == topic.user_id
topic.notifier.watch!(tau.user_id) topic.notifier.watch!(tau.user_id)
end end
end end

4
app/models/user.rb
View File

@ -900,7 +900,7 @@ class User < ActiveRecord::Base
end end
def is_singular_admin? def is_singular_admin?
User.where(admin: true).where.not(id: id).where.not(id: Discourse::SYSTEM_USER_ID).blank? User.where(admin: true).where.not(id: id).human_users.blank?
end end
def logged_out def logged_out
@ -925,7 +925,7 @@ class User < ActiveRecord::Base
end end
def clear_global_notice_if_needed def clear_global_notice_if_needed
return if id == Discourse::SYSTEM_USER_ID return if id < 0
if admin && SiteSetting.has_login_hint if admin && SiteSetting.has_login_hint
SiteSetting.has_login_hint = false SiteSetting.has_login_hint = false

4
app/services/post_alerter.rb
View File

@ -8,7 +8,7 @@ class PostAlerter
def not_allowed?(user, post) def not_allowed?(user, post)
user.blank? || user.blank? ||
user.id == Discourse::SYSTEM_USER_ID || user.id < 0 ||
user.id == post.user_id user.id == post.user_id
end end
@ -269,7 +269,7 @@ class PostAlerter
def create_notification(user, type, post, opts=nil) def create_notification(user, type, post, opts=nil)
return if user.blank? return if user.blank?
return if user.id == Discourse::SYSTEM_USER_ID return if user.id < 0
return if type == Notification.types[:liked] && user.user_option.like_notification_frequency == UserOption.like_notification_frequency_type[:never] return if type == Notification.types[:liked] && user.user_option.like_notification_frequency == UserOption.like_notification_frequency_type[:never]