gotosocial/internal/processing/admin/signupreject.go

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package admin

import (
	"context"
	"errors"
	"fmt"

	"code.superseriousbusiness.org/gotosocial/internal/ap"
	apimodel "code.superseriousbusiness.org/gotosocial/internal/api/model"
	"code.superseriousbusiness.org/gotosocial/internal/db"
	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
	"code.superseriousbusiness.org/gotosocial/internal/gtsmodel"
	"code.superseriousbusiness.org/gotosocial/internal/messages"
)

func (p *Processor) SignupReject(
	ctx context.Context,
	adminAcct *gtsmodel.Account,
	accountID string,
	privateComment string,
	sendEmail bool,
	message string,
) (*apimodel.AdminAccountInfo, gtserror.WithCode) {
	user, err := p.state.DB.GetUserByAccountID(ctx, accountID)
	if err != nil && !errors.Is(err, db.ErrNoEntries) {
		err := gtserror.Newf("db error getting user for account id %s: %w", accountID, err)
		return nil, gtserror.NewErrorInternalError(err)
	}

	if user == nil {
		err := fmt.Errorf("user for account %s not found", accountID)
		return nil, gtserror.NewErrorNotFound(err, err.Error())
	}

	// Get a lock on the account URI,
	// since we're going to be deleting
	// it and its associated user.
	unlock := p.state.ProcessingLocks.Lock(user.Account.URI)
	defer unlock()

	// Can't reject an account with a
	// user that's already been approved.
	if *user.Approved {
		err := fmt.Errorf("account %s has already been approved", accountID)
		return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
	}

	// Convert to API account *before* doing the
	// rejection, since the rejection will cause
	// the user and account to be removed.
	apiAccount, err := p.converter.AccountToAdminAPIAccount(ctx, user.Account)
	if err != nil {
		err := gtserror.Newf("error converting account %s to admin api model: %w", accountID, err)
		return nil, gtserror.NewErrorInternalError(err)
	}

	// Set approved to false on the API model, to
	// reflect the changes that will occur
	// asynchronously in the processor.
	apiAccount.Approved = false

	// Ensure we an email address.
	var email string
	if user.Email != "" {
		email = user.Email
	} else {
		email = user.UnconfirmedEmail
	}

	// Create a denied user entry for
	// the worker to process + store.
	deniedUser := &gtsmodel.DeniedUser{
		ID:                     user.ID,
		Email:                  email,
		Username:               user.Account.Username,
		SignUpIP:               user.SignUpIP,
		InviteID:               user.InviteID,
		Locale:                 user.Locale,
		CreatedByApplicationID: user.CreatedByApplicationID,
		SignUpReason:           user.Reason,
		PrivateComment:         privateComment,
		SendEmail:              &sendEmail,
		Message:                message,
	}

	// Process rejection side effects asynschronously.
	p.state.Workers.Client.Queue.Push(&messages.FromClientAPI{
		// Use ap.ObjectProfile here to
		// distinguish this message (user model)
		// from ap.ActorPerson (account model).
		APObjectType:   ap.ObjectProfile,
		APActivityType: ap.ActivityReject,
		GTSModel:       deniedUser,
		Origin:         adminAcct,
		Target:         user.Account,
	})

	return apiAccount, nil
}
[feature] Admin accounts endpoints; approve/reject sign-ups (#2826) * update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check before adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com> 2024-04-13 13:25:10 +02:00			`// GoToSocial`
			`// Copyright (C) GoToSocial Authors admin@gotosocial.org`
			`// SPDX-License-Identifier: AGPL-3.0-or-later`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`package admin`

			`import (`
			`"context"`
			`"errors"`
			`"fmt"`

[feature] Move to code.superseriousbusiness.org 2025-04-26 15:34:10 +02:00			`"code.superseriousbusiness.org/gotosocial/internal/ap"`
			`apimodel "code.superseriousbusiness.org/gotosocial/internal/api/model"`
			`"code.superseriousbusiness.org/gotosocial/internal/db"`
			`"code.superseriousbusiness.org/gotosocial/internal/gtserror"`
			`"code.superseriousbusiness.org/gotosocial/internal/gtsmodel"`
			`"code.superseriousbusiness.org/gotosocial/internal/messages"`
[feature] Admin accounts endpoints; approve/reject sign-ups (#2826) * update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check before adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com> 2024-04-13 13:25:10 +02:00			`)`

[feature] Self-serve email change for users (#2957) * [feature] Email change * frontend stuff for changing email * docs * tests etc * differentiate more clearly between local user+account and account * populate user 2024-06-06 15:43:25 +02:00			`func (p *Processor) SignupReject(`
[feature] Admin accounts endpoints; approve/reject sign-ups (#2826) * update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check before adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com> 2024-04-13 13:25:10 +02:00			`ctx context.Context,`
			`adminAcct *gtsmodel.Account,`
			`accountID string,`
			`privateComment string,`
			`sendEmail bool,`
			`message string,`
			`) (*apimodel.AdminAccountInfo, gtserror.WithCode) {`
			`user, err := p.state.DB.GetUserByAccountID(ctx, accountID)`
			`if err != nil && !errors.Is(err, db.ErrNoEntries) {`
			`err := gtserror.Newf("db error getting user for account id %s: %w", accountID, err)`
			`return nil, gtserror.NewErrorInternalError(err)`
			`}`

			`if user == nil {`
			`err := fmt.Errorf("user for account %s not found", accountID)`
			`return nil, gtserror.NewErrorNotFound(err, err.Error())`
			`}`

			`// Get a lock on the account URI,`
			`// since we're going to be deleting`
			`// it and its associated user.`
[bugfix] Lock when checking/creating notifs to avoid race (#2890) * [bugfix] Lock when checking/creating notifs to avoid race * test notif spam 2024-05-02 14:43:00 +02:00			`unlock := p.state.ProcessingLocks.Lock(user.Account.URI)`
[feature] Admin accounts endpoints; approve/reject sign-ups (#2826) * update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check before adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com> 2024-04-13 13:25:10 +02:00			`defer unlock()`

			`// Can't reject an account with a`
			`// user that's already been approved.`
			`if *user.Approved {`
			`err := fmt.Errorf("account %s has already been approved", accountID)`
			`return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())`
			`}`

			`// Convert to API account before doing the`
			`// rejection, since the rejection will cause`
			`// the user and account to be removed.`
			`apiAccount, err := p.converter.AccountToAdminAPIAccount(ctx, user.Account)`
			`if err != nil {`
			`err := gtserror.Newf("error converting account %s to admin api model: %w", accountID, err)`
			`return nil, gtserror.NewErrorInternalError(err)`
			`}`

			`// Set approved to false on the API model, to`
			`// reflect the changes that will occur`
			`// asynchronously in the processor.`
			`apiAccount.Approved = false`

			`// Ensure we an email address.`
			`var email string`
			`if user.Email != "" {`
			`email = user.Email`
			`} else {`
			`email = user.UnconfirmedEmail`
			`}`

			`// Create a denied user entry for`
			`// the worker to process + store.`
			`deniedUser := &gtsmodel.DeniedUser{`
			`ID: user.ID,`
			`Email: email,`
			`Username: user.Account.Username,`
			`SignUpIP: user.SignUpIP,`
			`InviteID: user.InviteID,`
			`Locale: user.Locale,`
			`CreatedByApplicationID: user.CreatedByApplicationID,`
			`SignUpReason: user.Reason,`
			`PrivateComment: privateComment,`
			`SendEmail: &sendEmail,`
			`Message: message,`
			`}`

			`// Process rejection side effects asynschronously.`
[performance] update remaining worker pools to use queues (#2865) * start replacing client + federator + media workers with new worker + queue types * refactor federatingDB.Delete(), drop queued messages when deleting account / status * move all queue purging to the processor workers * undo toolchain updates * code comments, ensure dereferencer worker pool gets started * update gruf libraries in readme * start the job scheduler separately to the worker pools * reshuffle ordering or server.go + remove duplicate worker start / stop * update go-list version * fix vendoring * move queue invalidation to before wipeing / deletion, to ensure queued work not dropped * add logging to worker processing functions in testrig, don't start workers in unexpected places * update go-structr to add (+then rely on) QueueCtx{} type * ensure more worker pools get started properly in tests * fix remaining broken tests relying on worker queue logic * fix account test suite queue popping logic, ensure noop workers do not pull from queue * move back accidentally shuffled account deletion order * ensure error (non nil!!) gets passed in refactored federatingDB{}.Delete() * silently drop deletes from accounts not permitted to * don't warn log on forwarded deletes * make if else clauses easier to parse * use getFederatorMsg() * improved code comment * improved code comment re: requesting account delete checks * remove boolean result from worker start / stop since false = already running or already stopped * remove optional passed-in http.client * remove worker starting from the admin CLI commands (we don't need to handle side-effects) * update prune cli to start scheduler but not all of the workers * fix rebase issues * remove redundant return statements * i'm sorry sir linter 2024-04-26 13:50:46 +01:00			`p.state.Workers.Client.Queue.Push(&messages.FromClientAPI{`
[feature] Self-serve email change for users (#2957) * [feature] Email change * frontend stuff for changing email * docs * tests etc * differentiate more clearly between local user+account and account * populate user 2024-06-06 15:43:25 +02:00			`// Use ap.ObjectProfile here to`
			`// distinguish this message (user model)`
			`// from ap.ActorPerson (account model).`
			`APObjectType: ap.ObjectProfile,`
[feature] Admin accounts endpoints; approve/reject sign-ups (#2826) * update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check before adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com> 2024-04-13 13:25:10 +02:00			`APActivityType: ap.ActivityReject,`
			`GTSModel: deniedUser,`
[performance] update remaining worker pools to use queues (#2865) * start replacing client + federator + media workers with new worker + queue types * refactor federatingDB.Delete(), drop queued messages when deleting account / status * move all queue purging to the processor workers * undo toolchain updates * code comments, ensure dereferencer worker pool gets started * update gruf libraries in readme * start the job scheduler separately to the worker pools * reshuffle ordering or server.go + remove duplicate worker start / stop * update go-list version * fix vendoring * move queue invalidation to before wipeing / deletion, to ensure queued work not dropped * add logging to worker processing functions in testrig, don't start workers in unexpected places * update go-structr to add (+then rely on) QueueCtx{} type * ensure more worker pools get started properly in tests * fix remaining broken tests relying on worker queue logic * fix account test suite queue popping logic, ensure noop workers do not pull from queue * move back accidentally shuffled account deletion order * ensure error (non nil!!) gets passed in refactored federatingDB{}.Delete() * silently drop deletes from accounts not permitted to * don't warn log on forwarded deletes * make if else clauses easier to parse * use getFederatorMsg() * improved code comment * improved code comment re: requesting account delete checks * remove boolean result from worker start / stop since false = already running or already stopped * remove optional passed-in http.client * remove worker starting from the admin CLI commands (we don't need to handle side-effects) * update prune cli to start scheduler but not all of the workers * fix rebase issues * remove redundant return statements * i'm sorry sir linter 2024-04-26 13:50:46 +01:00			`Origin: adminAcct,`
			`Target: user.Account,`
[feature] Admin accounts endpoints; approve/reject sign-ups (#2826) * update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check before adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com> 2024-04-13 13:25:10 +02:00			`})`

			`return apiAccount, nil`
			`}`