From d766d0c4e064bf7f66098123f39d15c2dc67e415 Mon Sep 17 00:00:00 2001 From: David Schneiderbauer Date: Sat, 16 Sep 2017 02:18:25 +0200 Subject: [PATCH] Prevent sending emails and notifications to inactive users (#2384) * Filter inactive users before sending emails or creating browser notifications Signed-off-by: David Schneiderbauer * fix formatting issues Signed-off-by: David Schneiderbauer * included requested changes Signed-off-by: David Schneiderbauer * optimized database queries * rebasing new master and add tablenames for clarification in xorm queries * remove escaped quotationmarks using backticks Signed-off-by: David Schneiderbauer --- models/fixtures/repository.yml | 2 +- models/fixtures/watch.yml | 5 ++++ models/issue.go | 7 ++++-- models/issue_mail.go | 8 +++++-- models/issue_test.go | 3 ++- models/issue_watch.go | 5 +++- models/issue_watch_test.go | 5 ++++ models/migrations/migrations.go | 2 ++ models/migrations/v41.go | 42 +++++++++++++++++++++++++++++++++ models/notification_test.go | 5 ++-- models/repo_watch.go | 6 ++++- models/repo_watch_test.go | 14 ++++------- models/user.go | 2 +- 13 files changed, 85 insertions(+), 21 deletions(-) create mode 100644 models/migrations/v41.go diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml index 3409ba811..51812d358 100644 --- a/models/fixtures/repository.yml +++ b/models/fixtures/repository.yml @@ -9,7 +9,7 @@ num_pulls: 2 num_closed_pulls: 0 num_milestones: 2 - num_watches: 2 + num_watches: 3 - id: 2 diff --git a/models/fixtures/watch.yml b/models/fixtures/watch.yml index cd6efb102..2ff888b7c 100644 --- a/models/fixtures/watch.yml +++ b/models/fixtures/watch.yml @@ -7,3 +7,8 @@ id: 2 user_id: 4 repo_id: 1 + +- + id: 3 + user_id: 10 + repo_id: 1 diff --git a/models/issue.go b/models/issue.go index 2b71e0776..9d081471a 100644 --- a/models/issue.go +++ b/models/issue.go @@ -1204,8 +1204,11 @@ func GetParticipantsByIssueID(issueID int64) ([]*User, error) { func getParticipantsByIssueID(e Engine, issueID int64) ([]*User, error) { userIDs := make([]int64, 0, 5) if err := e.Table("comment").Cols("poster_id"). - Where("issue_id = ?", issueID). - And("type = ?", CommentTypeComment). + Where("`comment`.issue_id = ?", issueID). + And("`comment`.type = ?", CommentTypeComment). + And("`user`.is_active = ?", true). + And("`user`.prohibit_login = ?", false). + Join("INNER", "user", "`user`.id = `comment`.poster_id"). Distinct("poster_id"). Find(&userIDs); err != nil { return nil, fmt.Errorf("get poster IDs: %v", err) diff --git a/models/issue_mail.go b/models/issue_mail.go index 9e604a50f..74ef66055 100644 --- a/models/issue_mail.go +++ b/models/issue_mail.go @@ -36,9 +36,13 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, comment return fmt.Errorf("getParticipantsByIssueID [issue_id: %d]: %v", issue.ID, err) } - // In case the issue poster is not watching the repository, + // In case the issue poster is not watching the repository and is active, // even if we have duplicated in watchers, can be safely filtered out. - if issue.PosterID != doer.ID { + poster, err := GetUserByID(issue.PosterID) + if err != nil { + return fmt.Errorf("GetUserByID [%d]: %v", issue.PosterID, err) + } + if issue.PosterID != doer.ID && poster.IsActive && !poster.ProhibitLogin { participants = append(participants, issue.Poster) } diff --git a/models/issue_test.go b/models/issue_test.go index 8a8ccce45..21df146b5 100644 --- a/models/issue_test.go +++ b/models/issue_test.go @@ -80,7 +80,8 @@ func TestGetParticipantsByIssueID(t *testing.T) { // User 1 is issue1 poster (see fixtures/issue.yml) // User 2 only labeled issue1 (see fixtures/comment.yml) // Users 3 and 5 made actual comments (see fixtures/comment.yml) - checkParticipants(1, []int{3, 5}) + // User 3 is inactive, thus not active participant + checkParticipants(1, []int{5}) } func TestIssue_AddLabel(t *testing.T) { diff --git a/models/issue_watch.go b/models/issue_watch.go index 37511787e..994ae5a97 100644 --- a/models/issue_watch.go +++ b/models/issue_watch.go @@ -90,7 +90,10 @@ func GetIssueWatchers(issueID int64) ([]*IssueWatch, error) { func getIssueWatchers(e Engine, issueID int64) (watches []*IssueWatch, err error) { err = e. - Where("issue_id = ?", issueID). + Where("`issue_watch`.issue_id = ?", issueID). + And("`user`.is_active = ?", true). + And("`user`.prohibit_login = ?", false). + Join("INNER", "user", "`user`.id = `issue_watch`.user_id"). Find(&watches) return } diff --git a/models/issue_watch_test.go b/models/issue_watch_test.go index d8b456c3a..a4819b222 100644 --- a/models/issue_watch_test.go +++ b/models/issue_watch_test.go @@ -43,6 +43,11 @@ func TestGetIssueWatchers(t *testing.T) { iws, err := GetIssueWatchers(1) assert.NoError(t, err) + // Watcher is inactive, thus 0 + assert.Equal(t, 0, len(iws)) + + iws, err = GetIssueWatchers(2) + assert.NoError(t, err) assert.Equal(t, 1, len(iws)) iws, err = GetIssueWatchers(5) diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index e7542954d..c36f6fabb 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -130,6 +130,8 @@ var migrations = []Migration{ NewMigration("adds time tracking and stopwatches", addTimetracking), // v40 -> v41 NewMigration("migrate protected branch struct", migrateProtectedBranchStruct), + // v41 -> v42 + NewMigration("add default value to user prohibit_login", addDefaultValueToUserProhibitLogin), } // Migrate database to current version diff --git a/models/migrations/v41.go b/models/migrations/v41.go new file mode 100644 index 000000000..89763c3af --- /dev/null +++ b/models/migrations/v41.go @@ -0,0 +1,42 @@ +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "fmt" + + "code.gitea.io/gitea/models" + + "github.com/go-xorm/xorm" +) + +func addDefaultValueToUserProhibitLogin(x *xorm.Engine) (err error) { + user := &models.User{ + ProhibitLogin: false, + } + + if _, err := x.Where("`prohibit_login` IS NULL").Cols("prohibit_login").Update(user); err != nil { + return err + } + + dialect := x.Dialect().DriverName() + + switch dialect { + case "mysql": + _, err = x.Exec("ALTER TABLE user MODIFY `prohibit_login` tinyint(1) NOT NULL DEFAULT 0") + case "postgres": + _, err = x.Exec("ALTER TABLE \"user\" ALTER COLUMN `prohibit_login` SET NOT NULL, ALTER COLUMN `prohibit_login` SET DEFAULT false") + case "mssql": + // xorm already set DEFAULT 0 for data type BIT in mssql + _, err = x.Exec(`ALTER TABLE [user] ALTER COLUMN "prohibit_login" BIT NOT NULL`) + case "sqlite3": + } + + if err != nil { + return fmt.Errorf("Error changing user prohibit_login column definition: %v", err) + } + + return err +} diff --git a/models/notification_test.go b/models/notification_test.go index 2166afa2a..c1b7d5052 100644 --- a/models/notification_test.go +++ b/models/notification_test.go @@ -16,9 +16,8 @@ func TestCreateOrUpdateIssueNotifications(t *testing.T) { assert.NoError(t, CreateOrUpdateIssueNotifications(issue, 2)) - notf := AssertExistsAndLoadBean(t, &Notification{UserID: 1, IssueID: issue.ID}).(*Notification) - assert.Equal(t, NotificationStatusUnread, notf.Status) - notf = AssertExistsAndLoadBean(t, &Notification{UserID: 4, IssueID: issue.ID}).(*Notification) + // Two watchers are inactive, thus only notification for user 10 is created + notf := AssertExistsAndLoadBean(t, &Notification{UserID: 10, IssueID: issue.ID}).(*Notification) assert.Equal(t, NotificationStatusUnread, notf.Status) CheckConsistencyFor(t, &Issue{ID: issue.ID}) } diff --git a/models/repo_watch.go b/models/repo_watch.go index c3baab9d2..cf9dba900 100644 --- a/models/repo_watch.go +++ b/models/repo_watch.go @@ -51,7 +51,11 @@ func WatchRepo(userID, repoID int64, watch bool) (err error) { func getWatchers(e Engine, repoID int64) ([]*Watch, error) { watches := make([]*Watch, 0, 10) - return watches, e.Find(&watches, &Watch{RepoID: repoID}) + return watches, e.Where("`watch`.repo_id=?", repoID). + And("`user`.is_active=?", true). + And("`user`.prohibit_login=?", false). + Join("INNER", "user", "`user`.id = `watch`.user_id"). + Find(&watches) } // GetWatchers returns all watchers of given repository. diff --git a/models/repo_watch_test.go b/models/repo_watch_test.go index a1543566c..1277b156c 100644 --- a/models/repo_watch_test.go +++ b/models/repo_watch_test.go @@ -40,7 +40,8 @@ func TestGetWatchers(t *testing.T) { repo := AssertExistsAndLoadBean(t, &Repository{ID: 1}).(*Repository) watches, err := GetWatchers(repo.ID) assert.NoError(t, err) - assert.Len(t, watches, repo.NumWatches) + // Two watchers are inactive, thus minus 2 + assert.Len(t, watches, repo.NumWatches-2) for _, watch := range watches { assert.EqualValues(t, repo.ID, watch.RepoID) } @@ -77,21 +78,16 @@ func TestNotifyWatchers(t *testing.T) { } assert.NoError(t, NotifyWatchers(action)) + // Two watchers are inactive, thus action is only created for user 8, 10 AssertExistsAndLoadBean(t, &Action{ ActUserID: action.ActUserID, - UserID: 1, - RepoID: action.RepoID, - OpType: action.OpType, - }) - AssertExistsAndLoadBean(t, &Action{ - ActUserID: action.ActUserID, - UserID: 4, + UserID: 8, RepoID: action.RepoID, OpType: action.OpType, }) AssertExistsAndLoadBean(t, &Action{ ActUserID: action.ActUserID, - UserID: 8, + UserID: 10, RepoID: action.RepoID, OpType: action.OpType, }) diff --git a/models/user.go b/models/user.go index f6d705101..9adc5bd4e 100644 --- a/models/user.go +++ b/models/user.go @@ -111,7 +111,7 @@ type User struct { AllowGitHook bool AllowImportLocal bool // Allow migrate repository by local path AllowCreateOrganization bool `xorm:"DEFAULT true"` - ProhibitLogin bool + ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"` // Avatar Avatar string `xorm:"VARCHAR(2048) NOT NULL"`