From f12e77d500e5cab129fedc67127d7ceaf3a32192 Mon Sep 17 00:00:00 2001 From: Bianca Nenciu Date: Wed, 22 Mar 2023 20:51:42 +0200 Subject: [PATCH] FIX: Do not allow anonymous users to be anonymized (#20776) --- app/services/user_anonymizer.rb | 4 +++- lib/guardian/user_guardian.rb | 2 +- spec/lib/guardian_spec.rb | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/services/user_anonymizer.rb b/app/services/user_anonymizer.rb index 6f1b317c6c7..f000e6baa04 100644 --- a/app/services/user_anonymizer.rb +++ b/app/services/user_anonymizer.rb @@ -3,6 +3,8 @@ class UserAnonymizer attr_reader :user_history + EMAIL_SUFFIX = "@anonymized.invalid" + # opts: # anonymize_ip - an optional new IP to update their logs with def initialize(user, actor = nil, opts = nil) @@ -38,7 +40,7 @@ class UserAnonymizer end @user.save! - @user.primary_email.update_attribute(:email, "#{@user.username}@anonymized.invalid") + @user.primary_email.update_attribute(:email, "#{@user.username}#{EMAIL_SUFFIX}") options = @user.user_option options.mailing_list_mode = false diff --git a/lib/guardian/user_guardian.rb b/lib/guardian/user_guardian.rb index f81b78271d0..77e8e7bcb16 100644 --- a/lib/guardian/user_guardian.rb +++ b/lib/guardian/user_guardian.rb @@ -74,7 +74,7 @@ module UserGuardian end def can_anonymize_user?(user) - is_staff? && !user.nil? && !user.staff? + is_staff? && !user.nil? && !user.staff? && !user.email.ends_with?(UserAnonymizer::EMAIL_SUFFIX) end def can_merge_user?(user) diff --git a/spec/lib/guardian_spec.rb b/spec/lib/guardian_spec.rb index fba8a71e48b..e6a4998faab 100644 --- a/spec/lib/guardian_spec.rb +++ b/spec/lib/guardian_spec.rb @@ -2773,6 +2773,10 @@ RSpec.describe Guardian do expect(Guardian.new(user).can_anonymize_user?(user)).to be_falsey end + it "it false for an anonymized user" do + expect(Guardian.new(user).can_anonymize_user?(anonymous_user)).to be_falsey + end + it "is true for admin anonymizing a regular user" do expect(Guardian.new(admin).can_anonymize_user?(user)).to eq(true) end