From dfa030a3765c5b5e43e263234155d344f5c6186e Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 24 May 2024 14:29:55 +0300 Subject: Do not allow unverified users to comment messages --- src/main/assets/scripts.js | 2 +- src/main/java/com/juick/CommandsManager.java | 5 ++- src/main/java/com/juick/model/User.java | 2 +- .../java/com/juick/service/TelegramService.java | 2 + .../java/com/juick/server/tests/ServerTests.java | 49 +++++++++++++++------- 5 files changed, 41 insertions(+), 19 deletions(-) diff --git a/src/main/assets/scripts.js b/src/main/assets/scripts.js index 3c83bba4..38406c2a 100644 --- a/src/main/assets/scripts.js +++ b/src/main/assets/scripts.js @@ -315,10 +315,10 @@ function showCommentForm(mid, rid) { .then(result => { if (result.newMessage) { window.location.hash = `#${result.newMessage.rid}` + window.location.reload() } else { alert(result.text) } - window.location.reload() }).catch(error => { alert(error.message) }) diff --git a/src/main/java/com/juick/CommandsManager.java b/src/main/java/com/juick/CommandsManager.java index d389deaa..a0f6e5e5 100644 --- a/src/main/java/com/juick/CommandsManager.java +++ b/src/main/java/com/juick/CommandsManager.java @@ -545,7 +545,7 @@ public class CommandsManager { } } Pair> messageTags = tagService.fromString(txt); - if (user.getUid() == msg.get().getUser().getUid() && rid == 0 && messageTags.getRight().size() > 0) { + if (user.getUid() == msg.get().getUser().getUid() && rid == 0 && !messageTags.getRight().isEmpty()) { var updatedTags = tagService.updateTags(mid, messageTags.getRight()); if (!CollectionUtils.isEqualCollection(updatedTags, msg.get().getTags())) { messagesService.setReadOnly(msg.get().getMid(), TagUtils.hasTag(updatedTags, "readonly")); @@ -554,6 +554,9 @@ public class CommandsManager { return CommandResult.fromString("Tags are NOT updated (5 tags maximum?)"); } } else { + if (!user.isVerified()) { + return CommandResult.fromString("Please, verify your account at https://juick.com/settings"); + } if (!messagesService.canViewThread(mid, user.getUid())) { return CommandResult.fromString("Message unavailable"); } diff --git a/src/main/java/com/juick/model/User.java b/src/main/java/com/juick/model/User.java index 438b208f..7b0b7099 100644 --- a/src/main/java/com/juick/model/User.java +++ b/src/main/java/com/juick/model/User.java @@ -241,7 +241,7 @@ public class User implements Serializable { @XmlTransient public boolean isVerified() { - return verified; + return verified || !uri.toString().isEmpty(); } public void setVerified(boolean verified) { diff --git a/src/main/java/com/juick/service/TelegramService.java b/src/main/java/com/juick/service/TelegramService.java index 16ba531d..71c9b9e3 100644 --- a/src/main/java/com/juick/service/TelegramService.java +++ b/src/main/java/com/juick/service/TelegramService.java @@ -18,6 +18,7 @@ package com.juick.service; import com.juick.model.User; +import org.springframework.cache.annotation.CacheEvict; import java.util.List; @@ -32,6 +33,7 @@ public interface TelegramService { boolean createTelegramUser(long tgID, String tgName); + @CacheEvict(value = "users_by_name", allEntries = true) boolean deleteTelegramUser(Integer uid); List getTelegramIdentifiers(List users); diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java index 8b75ab6b..ba672831 100644 --- a/src/test/java/com/juick/server/tests/ServerTests.java +++ b/src/test/java/com/juick/server/tests/ServerTests.java @@ -278,6 +278,8 @@ public class ServerTests { .orElseThrow(IllegalStateException::new); freefd = userService.createUser(freefdName, freefdPassword) .orElseThrow(IllegalStateException::new); + ugnich = makeUserVerified(ugnich); + freefd = makeUserVerified(freefd); webClient.getOptions().setJavaScriptEnabled(false); webClient.getOptions().setCssEnabled(false); isSetUp = true; @@ -660,8 +662,9 @@ public class ServerTests { new TypeReference<>() { }); assertThat(users.size(), is(1)); - assertThat(users.get(0).getTokens().size(), is(1)); - assertThat(users.get(0).getTokens().get(0).token(), equalTo(token)); + // ugnich has durov and apns token + assertThat(users.get(0).getTokens().size(), is(2)); + assertThat(users.get(0).getTokens().stream().filter(t -> t.type().equals("apns")).findFirst().get().token(), equalTo(token)); } @Test @@ -775,6 +778,7 @@ public class ServerTests { public void protocolTests() throws Exception { String tmpDir = storageService.getTemporaryDirectory(); User user = userService.createUser("me", "secret").orElseThrow(IllegalStateException::new); + user = makeUserVerified(user); Tag yo = tagService.getTag("yo", true); Message msg = commandsManager .processCommand(user, "*yo yoyo", @@ -846,6 +850,7 @@ public class ServerTests { last = list.get(0); assertThat(last, equalTo(reply.getCreated())); assertEquals(2, reply.getReplyto()); + readerUser = makeUserVerified(readerUser); assertThat(commandsManager.processCommand(readerUser, "#" + mid + " *yo *there", emptyUri).getText(), startsWith("Reply posted")); assertEquals("Tags are updated", @@ -1230,8 +1235,9 @@ public class ServerTests { CommandResult result = commandsManager.processCommand(ugnich, "freefd - dick", emptyUri); int mid = result.getNewMessage().get().getMid(); commandsManager.processCommand(freefd, String.format("#%d ugnich - dick too", mid), emptyUri); - commandsManager.processCommand(serviceUser, String.format("#%d/1 ban for a hour!", mid), emptyUri); - commandsManager.processCommand(serviceUser, + var juick = makeUserVerified(serviceUser); + commandsManager.processCommand(juick, String.format("#%d/1 ban for a hour!", mid), emptyUri); + commandsManager.processCommand(juick, String.format("#%d freefd is here but it is hidden from you", mid), emptyUri); assertThat(messagesService.getMessage(mid).get().getReplies(), is(3)); @@ -1246,7 +1252,7 @@ public class ServerTests { mockMvc.perform(get("/api/thread").with(httpBasic(ugnichName, ugnichPassword)).param("mid", String.valueOf(mid))) .andExpect(jsonPath("$[0].replies", is(1))); - commandsManager.processCommand(serviceUser, String.format("#%d/4 mmm?!", mid), emptyUri); + commandsManager.processCommand(juick, String.format("#%d/4 mmm?!", mid), emptyUri); assertThat(messagesService.getMessage(mid).get().getReplies(), is(5)); replies = messagesService.getReplies(ugnich, mid); reply = messagesService.getReply(mid, 5); @@ -1264,8 +1270,8 @@ public class ServerTests { int freefdMsg = messagesService.createMessage(freefd.getUid(), "sux", null, Set.of(tag)); assertThat(messagesService.getTag(tag.getId(), freefd.getUid(), 0, 10).size(), is(1)); assertThat(messagesService.getTag(tag.getId(), ugnich.getUid(), 0, 10).size(), is(0)); - messagesService.recommendMessage(freefdMsg, serviceUser.getUid()); - assertThat(messagesService.getUserBlogWithRecommendations(serviceUser, ugnich, 0, 0) + messagesService.recommendMessage(freefdMsg, juick.getUid()); + assertThat(messagesService.getUserBlogWithRecommendations(juick, ugnich, 0, 0) .contains(freefdMsg), is(false)); commandsManager.processCommand(ugnich, "BL @freefd", emptyUri); @@ -2167,19 +2173,30 @@ public class ServerTests { assertThat(top.size(), is(1)); } + private User makeUserVerified(User user) { + var id = System.currentTimeMillis(); + telegramService.createTelegramUser(id, user.getName()); + var hash = userService.getSignUpHashByTelegramID(id, user.getName()); + userService.setTelegramUser(hash, user.getUid()); + return userService.getUserByName(user.getName()); + } + @Test public void verifiedUsersTest() { - assertThat(userService.getUserByName("ugnich").isVerified(), is(false)); - jdbcTemplate.update("INSERT INTO telegram(user_id, tg_id, tg_name) VALUES(?, ?, ?)", ugnich.getUid(), - 100001866137681L, "tg_test"); - assertThat(userService.canDeleteTelegramUser(userService.getUserByName("ugnich")), is(false)); + var user = userService.createUser("new_unverified_user", "evil").orElseThrow(); + assertThat(userService.getUserByName(user.getName()).isVerified(), is(false)); + user = makeUserVerified(user); + assertThat(userService.getUserByName(user.getName()).isVerified(), is(true)); + assertThat(userService.canDeleteTelegramUser(userService.getUserByName(user.getName())), is(false)); userService.addFacebookState("12345", "http://localhost"); - userService.createFacebookUser(12345, "12345", "5678", "ugnich"); - userService.setFacebookUser("12345", ugnich.getUid()); - assertThat(userService.getUserByName("ugnich").isVerified(), is(true)); - assertThat(userService.canDeleteTelegramUser(userService.getUserByName("ugnich")), is(true)); + userService.createFacebookUser(12345, "12345", "5678", user.getName()); + userService.setFacebookUser("12345", user.getUid()); + assertThat(userService.canDeleteTelegramUser(userService.getUserByName(user.getName())), is(true)); jdbcTemplate.update("DELETE FROM facebook"); - assertThat(userService.canDeleteTelegramUser(userService.getUserByName("ugnich")), is(false)); + assertThat(userService.canDeleteTelegramUser(userService.getUserByName(user.getName())), is(false)); + assertThat(userService.getUserByName(user.getName()).isVerified(), is(true)); + telegramService.deleteTelegramUser(user.getUid()); + assertThat(userService.getUserByName(user.getName()).isVerified(), is(false)); } @Test -- cgit v1.2.3