Merge branch 'main' into db-fields-sensitive

Dont federate post locking via Update activity (#4717 )
* Dont federate post locking via Update activity * cleanup * add missing mod log entries * update assets
2024-05-15 21:19:40 +00:00 · 2024-05-15 07:36:00 -04:00 · 2024-05-14 23:03:43 -04:00 · 2024-05-14 22:48:24 -04:00 · 2024-05-14 22:43:43 -04:00 · 2024-05-14 22:37:30 -04:00
21 changed files with 2549 additions and 2181 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/api_tests/.npmrc
+++ b/api_tests/.npmrc
@ -0,0 +1 @@
+package-manager-strict=false
--- a/api_tests/pnpm-lock.yaml
+++ b/api_tests/pnpm-lock.yaml
--- a/api_tests/src/post.spec.ts
+++ b/api_tests/src/post.spec.ts
@ -661,40 +661,60 @@ test("A and G subscribe to B (center) A posts, it gets announced to G", async ()
 });

 test("Report a post", async () => {
-  // Note, this is a different one from the setup
-  let betaCommunity = (await resolveBetaCommunity(beta)).community;
-  if (!betaCommunity) {
-    throw "Missing beta community";
-  }
+  // Create post from alpha
+  let alphaCommunity = (await resolveBetaCommunity(alpha)).community!;
  await followBeta(alpha);
-  let postRes = await createPost(beta, betaCommunity.community.id);
+  let postRes = await createPost(alpha, alphaCommunity.community.id);
  expect(postRes.post_view.post).toBeDefined();

  let alphaPost = (await resolvePost(alpha, postRes.post_view.post)).post;
  if (!alphaPost) {
    throw "Missing alpha post";
  }
-  let alphaReport = (
-    await reportPost(alpha, alphaPost.post.id, randomString(10))
-  ).post_report_view.post_report;

+  // Send report from gamma
+  let gammaPost = (await resolvePost(gamma, alphaPost.post)).post!;
+  let gammaReport = (
+    await reportPost(gamma, gammaPost.post.id, randomString(10))
+  ).post_report_view.post_report;
+  expect(gammaReport).toBeDefined();
+
+  // Report was federated to community instance
  let betaReport = (await waitUntil(
    () =>
      listPostReports(beta).then(p =>
        p.post_reports.find(
          r =>
-            r.post_report.original_post_name === alphaReport.original_post_name,
+            r.post_report.original_post_name === gammaReport.original_post_name,
        ),
      ),
    res => !!res,
  ))!.post_report;
  expect(betaReport).toBeDefined();
  expect(betaReport.resolved).toBe(false);
-  expect(betaReport.original_post_name).toBe(alphaReport.original_post_name);
-  expect(betaReport.original_post_url).toBe(alphaReport.original_post_url);
-  expect(betaReport.original_post_body).toBe(alphaReport.original_post_body);
-  expect(betaReport.reason).toBe(alphaReport.reason);
+  expect(betaReport.original_post_name).toBe(gammaReport.original_post_name);
+  //expect(betaReport.original_post_url).toBe(gammaReport.original_post_url);
+  expect(betaReport.original_post_body).toBe(gammaReport.original_post_body);
+  expect(betaReport.reason).toBe(gammaReport.reason);
  await unfollowRemotes(alpha);
+
+  // Report was federated to poster's instance
+  let alphaReport = (await waitUntil(
+    () =>
+      listPostReports(alpha).then(p =>
+        p.post_reports.find(
+          r =>
+            r.post_report.original_post_name === gammaReport.original_post_name,
+        ),
+      ),
+    res => !!res,
+  ))!.post_report;
+  expect(alphaReport).toBeDefined();
+  expect(alphaReport.resolved).toBe(false);
+  expect(alphaReport.original_post_name).toBe(gammaReport.original_post_name);
+  //expect(alphaReport.original_post_url).toBe(gammaReport.original_post_url);
+  expect(alphaReport.original_post_body).toBe(gammaReport.original_post_body);
+  expect(alphaReport.reason).toBe(gammaReport.reason);
 });

 test("Fetch post via redirect", async () => {
--- a/crates/api/src/local_user/add_admin.rs
+++ b/crates/api/src/local_user/add_admin.rs
@ -29,7 +29,7 @@ pub async fn add_admin(
    .await?
    .ok_or(LemmyErrorType::ObjectNotLocal)?;

-  let added_admin = LocalUser::update(
+  LocalUser::update(
    &mut context.pool(),
    added_local_user.local_user.id,
    &LocalUserUpdateForm {
@ -43,7 +43,7 @@ pub async fn add_admin(
  // Mod tables
  let form = ModAddForm {
    mod_person_id: local_user_view.person.id,
-    other_person_id: added_admin.person_id,
+    other_person_id: added_local_user.person.id,
    removed: Some(!data.added),
  };

--- a/crates/api/src/local_user/save_settings.rs
+++ b/crates/api/src/local_user/save_settings.rs
@ -142,11 +142,7 @@ pub async fn save_user_settings(
    ..Default::default()
  };

-  // Ignore errors, because 'no fields updated' will return an error.
-  // https://github.com/LemmyNet/lemmy/issues/4076
-  LocalUser::update(&mut context.pool(), local_user_id, &local_user_form)
-    .await
-    .ok();
+  LocalUser::update(&mut context.pool(), local_user_id, &local_user_form).await?;

  // Update the vote display modes
  let vote_display_modes_form = LocalUserVoteDisplayModeUpdateForm {
--- a/crates/api/src/local_user/verify_email.rs
+++ b/crates/api/src/local_user/verify_email.rs
@ -9,12 +9,10 @@ use lemmy_db_schema::{
  source::{
    email_verification::EmailVerification,
    local_user::{LocalUser, LocalUserUpdateForm},
-    person::Person,
  },
-  traits::Crud,
  RegistrationMode,
 };
-use lemmy_db_views::structs::SiteView;
+use lemmy_db_views::structs::{LocalUserView, SiteView};
 use lemmy_utils::error::{LemmyErrorType, LemmyResult};

 pub async fn verify_email(
@ -38,7 +36,7 @@ pub async fn verify_email(
  };
  let local_user_id = verification.local_user_id;

-  let local_user = LocalUser::update(&mut context.pool(), local_user_id, &form).await?;
+  LocalUser::update(&mut context.pool(), local_user_id, &form).await?;

  EmailVerification::delete_old_tokens_for_local_user(&mut context.pool(), local_user_id).await?;

@ -46,12 +44,16 @@ pub async fn verify_email(
  if site_view.local_site.registration_mode == RegistrationMode::RequireApplication
    && site_view.local_site.application_email_admins
  {
-    let person = Person::read(&mut context.pool(), local_user.person_id)
+    let local_user = LocalUserView::read(&mut context.pool(), local_user_id)
      .await?
      .ok_or(LemmyErrorType::CouldntFindPerson)?;

-    send_new_applicant_email_to_admins(&person.name, &mut context.pool(), context.settings())
-      .await?;
+    send_new_applicant_email_to_admins(
+      &local_user.person.name,
+      &mut context.pool(),
+      context.settings(),
+    )
+    .await?;
  }

  Ok(Json(SuccessResponse::default()))
--- a/crates/apub/assets/lemmy/activities/create_or_update/create_page.json
+++ b/crates/apub/assets/lemmy/activities/create_or_update/create_page.json
@ -23,7 +23,6 @@
        "href": "https://lemmy.ml/pictrs/image/xl8W7FZfk9.jpg"
      }
    ],
-    "commentsEnabled": true,
    "sensitive": false,
    "language": {
      "identifier": "ko",
--- a/crates/apub/assets/lemmy/activities/create_or_update/update_page.json
+++ b/crates/apub/assets/lemmy/activities/create_or_update/update_page.json
@ -23,7 +23,6 @@
        "href": "https://lemmy.ml/pictrs/image/xl8W7FZfk9.jpg"
      }
    ],
-    "commentsEnabled": true,
    "sensitive": false,
    "published": "2021-10-29T15:10:51.557399Z",
    "updated": "2021-10-29T15:11:35.976374Z"
--- a/crates/apub/assets/lemmy/collections/group_featured_posts.json
+++ b/crates/apub/assets/lemmy/collections/group_featured_posts.json
@ -15,7 +15,6 @@
      "cc": [],
      "mediaType": "text/html",
      "attachment": [],
-      "commentsEnabled": true,
      "sensitive": false,
      "published": "2023-02-06T06:42:41.939437Z",
      "language": {
@ -36,7 +35,6 @@
      "cc": [],
      "mediaType": "text/html",
      "attachment": [],
-      "commentsEnabled": true,
      "sensitive": false,
      "published": "2023-02-06T06:42:37.119567Z",
      "language": {
--- a/crates/apub/assets/lemmy/collections/group_outbox.json
+++ b/crates/apub/assets/lemmy/collections/group_outbox.json
@ -22,7 +22,6 @@
          ],
          "name": "another outbox test",
          "mediaType": "text/html",
-          "commentsEnabled": true,
          "sensitive": false,
          "stickied": false,
          "published": "2021-11-18T17:19:45.895163Z"
@ -51,7 +50,6 @@
          ],
          "name": "outbox test",
          "mediaType": "text/html",
-          "commentsEnabled": true,
          "sensitive": false,
          "stickied": false,
          "published": "2021-11-18T17:19:05.763109Z"
--- a/crates/apub/assets/lemmy/objects/page.json
+++ b/crates/apub/assets/lemmy/objects/page.json
@ -25,7 +25,6 @@
    "url": "https://enterprise.lemmy.ml/pictrs/image/eOtYb9iEiB.png"
  },
  "sensitive": false,
-  "commentsEnabled": true,
  "language": {
    "identifier": "fr",
    "name": "Français"
--- a/crates/apub/src/activities/community/lock_page.rs
+++ b/crates/apub/src/activities/community/lock_page.rs
@ -26,6 +26,7 @@ use lemmy_db_schema::{
  source::{
    activity::ActivitySendTargets,
    community::Community,
+    moderator::{ModLockPost, ModLockPostForm},
    person::Person,
    post::{Post, PostUpdateForm},
  },
@ -60,12 +61,22 @@ impl ActivityHandler for LockPage {
  }

  async fn receive(self, context: &Data<Self::DataType>) -> Result<(), Self::Error> {
+    insert_received_activity(&self.id, context).await?;
+    let locked = Some(true);
    let form = PostUpdateForm {
-      locked: Some(true),
+      locked,
      ..Default::default()
    };
    let post = self.object.dereference(context).await?;
    Post::update(&mut context.pool(), post.id, &form).await?;
+
+    let form = ModLockPostForm {
+      mod_person_id: self.actor.dereference(context).await?.id,
+      post_id: post.id,
+      locked,
+    };
+    ModLockPost::create(&mut context.pool(), &form).await?;
+
    Ok(())
  }
 }
@ -94,12 +105,21 @@ impl ActivityHandler for UndoLockPage {

  async fn receive(self, context: &Data<Self::DataType>) -> Result<(), Self::Error> {
    insert_received_activity(&self.id, context).await?;
+    let locked = Some(false);
    let form = PostUpdateForm {
-      locked: Some(false),
+      locked,
      ..Default::default()
    };
    let post = self.object.object.dereference(context).await?;
    Post::update(&mut context.pool(), post.id, &form).await?;
+
+    let form = ModLockPostForm {
+      mod_person_id: self.actor.dereference(context).await?.id,
+      post_id: post.id,
+      locked,
+    };
+    ModLockPost::create(&mut context.pool(), &form).await?;
+
    Ok(())
  }
 }
--- a/crates/apub/src/activities/create_or_update/post.rs
+++ b/crates/apub/src/activities/create_or_update/post.rs
@ -4,7 +4,6 @@ use crate::{
    community::send_activity_in_community,
    generate_activity_id,
    verify_is_public,
-    verify_mod_action,
    verify_person_in_community,
  },
  activity_lists::AnnouncableActivities,
@ -78,14 +77,13 @@ impl CreateOrUpdatePage {

    let create_or_update =
      CreateOrUpdatePage::new(post.into(), &person, &community, kind, &context).await?;
-    let is_mod_action = create_or_update.object.is_mod_action(&context).await?;
    let activity = AnnouncableActivities::CreateOrUpdatePost(create_or_update);
    send_activity_in_community(
      activity,
      &person,
      &community,
      ActivitySendTargets::empty(),
-      is_mod_action,
+      false,
      &context,
    )
    .await?;
@ -112,30 +110,8 @@ impl ActivityHandler for CreateOrUpdatePage {
    let community = self.community(context).await?;
    verify_person_in_community(&self.actor, &community, context).await?;
    check_community_deleted_or_removed(&community)?;
-
-    match self.kind {
-      CreateOrUpdateType::Create => {
-        verify_domains_match(self.actor.inner(), self.object.id.inner())?;
-        verify_urls_match(self.actor.inner(), self.object.creator()?.inner())?;
-        // Check that the post isnt locked, as that isnt possible for newly created posts.
-        // However, when fetching a remote post we generate a new create activity with the current
-        // locked value, so this check may fail. So only check if its a local community,
-        // because then we will definitely receive all create and update activities separately.
-        let is_locked = self.object.comments_enabled == Some(false);
-        if community.local && is_locked {
-          Err(LemmyErrorType::NewPostCannotBeLocked)?
-        }
-      }
-      CreateOrUpdateType::Update => {
-        let is_mod_action = self.object.is_mod_action(context).await?;
-        if is_mod_action {
-          verify_mod_action(&self.actor, &community, context).await?;
-        } else {
-          verify_domains_match(self.actor.inner(), self.object.id.inner())?;
-          verify_urls_match(self.actor.inner(), self.object.creator()?.inner())?;
-        }
-      }
-    }
+    verify_domains_match(self.actor.inner(), self.object.id.inner())?;
+    verify_urls_match(self.actor.inner(), self.object.creator()?.inner())?;
    ApubPost::verify(&self.object, self.actor.inner(), context).await?;
    Ok(())
  }
--- a/crates/apub/src/api/user_settings_backup.rs
+++ b/crates/apub/src/api/user_settings_backup.rs
@ -4,9 +4,10 @@ use crate::objects::{
  person::ApubPerson,
  post::ApubPost,
 };
-use activitypub_federation::{config::Data, fetch::object_id::ObjectId};
+use activitypub_federation::{config::Data, fetch::object_id::ObjectId, traits::Object};
 use actix_web::web::Json;
 use futures::{future::try_join_all, StreamExt};
+use itertools::Itertools;
 use lemmy_api_common::{context::LemmyContext, SuccessResponse};
 use lemmy_db_schema::{
  newtypes::DbUrl,
@ -30,8 +31,11 @@ use lemmy_utils::{
  spawn_try_task,
 };
 use serde::{Deserialize, Serialize};
+use std::future::Future;
 use tracing::info;

+const PARALLELISM: usize = 10;
+
 /// Backup of user data. This struct should never be changed so that the data can be used as a
 /// long-term backup in case the instance goes down unexpectedly. All fields are optional to allow
 /// importing partial backups.
@ -40,7 +44,7 @@ use tracing::info;
 ///
 /// Be careful with any changes to this struct, to avoid breaking changes which could prevent
 /// importing older backups.
-#[derive(Debug, Serialize, Deserialize, Clone)]
+#[derive(Debug, Serialize, Deserialize, Clone, Default)]
 pub struct UserSettingsBackup {
  pub display_name: Option<String>,
  pub bio: Option<String>,
@ -167,141 +171,91 @@ pub async fn import_settings(
  }

  spawn_try_task(async move {
-    const PARALLELISM: usize = 10;
    let person_id = local_user_view.person.id;

-    // These tasks fetch objects from remote instances which might be down.
-    // TODO: Would be nice if we could send a list of failed items with api response, but then
-    //       the request would likely timeout.
-    let mut failed_items = vec![];
-
    info!(
-      "Starting settings backup for {}",
+      "Starting settings import for {}",
      local_user_view.person.name
    );

-    futures::stream::iter(
-      data
-        .followed_communities
-        .clone()
-        .into_iter()
-        // reset_request_count works like clone, and is necessary to avoid running into request limit
-        .map(|f| (f, context.reset_request_count()))
-        .map(|(followed, context)| async move {
-          // need to reset outgoing request count to avoid running into limit
-          let community = followed.dereference(&context).await?;
-          let form = CommunityFollowerForm {
-            person_id,
-            community_id: community.id,
-            pending: true,
-          };
-          CommunityFollower::follow(&mut context.pool(), &form).await?;
-          LemmyResult::Ok(())
-        }),
+    let failed_followed_communities = fetch_and_import(
+      data.followed_communities.clone(),
+      &context,
+      |(followed, context)| async move {
+        let community = followed.dereference(&context).await?;
+        let form = CommunityFollowerForm {
+          person_id,
+          community_id: community.id,
+          pending: true,
+        };
+        CommunityFollower::follow(&mut context.pool(), &form).await?;
+        LemmyResult::Ok(())
+      },
    )
-    .buffer_unordered(PARALLELISM)
-    .collect::<Vec<_>>()
-    .await
-    .into_iter()
-    .enumerate()
-    .for_each(|(i, r)| {
-      if let Err(e) = r {
-        failed_items.push(data.followed_communities.get(i).map(|u| u.inner().clone()));
-        info!("Failed to import followed community: {e}");
-      }
-    });
-
-    futures::stream::iter(
-      data
-        .saved_posts
-        .clone()
-        .into_iter()
-        .map(|s| (s, context.reset_request_count()))
-        .map(|(saved, context)| async move {
-          let post = saved.dereference(&context).await?;
-          let form = PostSavedForm {
-            person_id,
-            post_id: post.id,
-          };
-          PostSaved::save(&mut context.pool(), &form).await?;
-          LemmyResult::Ok(())
-        }),
-    )
-    .buffer_unordered(PARALLELISM)
-    .collect::<Vec<_>>()
-    .await
-    .into_iter()
-    .enumerate()
-    .for_each(|(i, r)| {
-      if let Err(e) = r {
-        failed_items.push(data.followed_communities.get(i).map(|u| u.inner().clone()));
-        info!("Failed to import saved post community: {e}");
-      }
-    });
-
-    futures::stream::iter(
-      data
-        .saved_comments
-        .clone()
-        .into_iter()
-        .map(|s| (s, context.reset_request_count()))
-        .map(|(saved, context)| async move {
-          let comment = saved.dereference(&context).await?;
-          let form = CommentSavedForm {
-            person_id,
-            comment_id: comment.id,
-          };
-          CommentSaved::save(&mut context.pool(), &form).await?;
-          LemmyResult::Ok(())
-        }),
-    )
-    .buffer_unordered(PARALLELISM)
-    .collect::<Vec<_>>()
-    .await
-    .into_iter()
-    .enumerate()
-    .for_each(|(i, r)| {
-      if let Err(e) = r {
-        failed_items.push(data.followed_communities.get(i).map(|u| u.inner().clone()));
-        info!("Failed to import saved comment community: {e}");
-      }
-    });
-
-    let failed_items: Vec<_> = failed_items.into_iter().flatten().collect();
-    info!(
-      "Finished settings backup for {}, failed items: {:#?}",
-      local_user_view.person.name, failed_items
-    );
-
-    // These tasks don't connect to any remote instances but only insert directly in the database.
-    // That means the only error condition are db connection failures, so no extra error handling is
-    // needed.
-    try_join_all(data.blocked_communities.iter().map(|blocked| async {
-      // dont fetch unknown blocked objects from home server
-      let community = blocked.dereference_local(&context).await?;
-      let form = CommunityBlockForm {
-        person_id,
-        community_id: community.id,
-      };
-      CommunityBlock::block(&mut context.pool(), &form).await?;
-      LemmyResult::Ok(())
-    }))
    .await?;

-    try_join_all(data.blocked_users.iter().map(|blocked| async {
-      // dont fetch unknown blocked objects from home server
-      let target = blocked.dereference_local(&context).await?;
-      let form = PersonBlockForm {
-        person_id,
-        target_id: target.id,
-      };
-      PersonBlock::block(&mut context.pool(), &form).await?;
-      LemmyResult::Ok(())
-    }))
+    let failed_saved_posts = fetch_and_import(
+      data.saved_posts.clone(),
+      &context,
+      |(saved, context)| async move {
+        let post = saved.dereference(&context).await?;
+        let form = PostSavedForm {
+          person_id,
+          post_id: post.id,
+        };
+        PostSaved::save(&mut context.pool(), &form).await?;
+        LemmyResult::Ok(())
+      },
+    )
+    .await?;
+
+    let failed_saved_comments = fetch_and_import(
+      data.saved_comments.clone(),
+      &context,
+      |(saved, context)| async move {
+        let comment = saved.dereference(&context).await?;
+        let form = CommentSavedForm {
+          person_id,
+          comment_id: comment.id,
+        };
+        CommentSaved::save(&mut context.pool(), &form).await?;
+        LemmyResult::Ok(())
+      },
+    )
+    .await?;
+
+    let failed_community_blocks = fetch_and_import(
+      data.blocked_communities.clone(),
+      &context,
+      |(blocked, context)| async move {
+        let community = blocked.dereference(&context).await?;
+        let form = CommunityBlockForm {
+          person_id,
+          community_id: community.id,
+        };
+        CommunityBlock::block(&mut context.pool(), &form).await?;
+        LemmyResult::Ok(())
+      },
+    )
+    .await?;
+
+    let failed_user_blocks = fetch_and_import(
+      data.blocked_users.clone(),
+      &context,
+      |(blocked, context)| async move {
+        let context = context.reset_request_count();
+        let target = blocked.dereference(&context).await?;
+        let form = PersonBlockForm {
+          person_id,
+          target_id: target.id,
+        };
+        PersonBlock::block(&mut context.pool(), &form).await?;
+        LemmyResult::Ok(())
+      },
+    )
    .await?;

    try_join_all(data.blocked_instances.iter().map(|domain| async {
-      // dont fetch unknown blocked objects from home server
      let instance = Instance::read_or_create(&mut context.pool(), domain.clone()).await?;
      let form = InstanceBlockForm {
        person_id,
@ -312,17 +266,53 @@ pub async fn import_settings(
    }))
    .await?;

+    info!("Settings import completed for {}, the following items failed: {failed_followed_communities}, {failed_saved_posts}, {failed_saved_comments}, {failed_community_blocks}, {failed_user_blocks}",
+    local_user_view.person.name);
+
    Ok(())
  });

  Ok(Json(Default::default()))
 }

+async fn fetch_and_import<Kind, Fut>(
+  objects: Vec<ObjectId<Kind>>,
+  context: &Data<LemmyContext>,
+  import_fn: impl FnMut((ObjectId<Kind>, Data<LemmyContext>)) -> Fut,
+) -> LemmyResult<String>
+where
+  Kind: Object + Send + 'static,
+  for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
+  Fut: Future<Output = LemmyResult<()>>,
+{
+  let mut failed_items = vec![];
+  futures::stream::iter(
+    objects
+      .clone()
+      .into_iter()
+      // need to reset outgoing request count to avoid running into limit
+      .map(|s| (s, context.reset_request_count()))
+      .map(import_fn),
+  )
+  .buffer_unordered(PARALLELISM)
+  .collect::<Vec<_>>()
+  .await
+  .into_iter()
+  .enumerate()
+  .for_each(|(i, r): (usize, LemmyResult<()>)| {
+    if r.is_err() {
+      if let Some(object) = objects.get(i) {
+        failed_items.push(object.inner().clone());
+      }
+    }
+  });
+  Ok(failed_items.into_iter().join(","))
+}
 #[cfg(test)]
 #[allow(clippy::indexing_slicing)]
 mod tests {

-  use crate::api::user_settings_backup::{export_settings, import_settings};
+  use crate::api::user_settings_backup::{export_settings, import_settings, UserSettingsBackup};
  use activitypub_federation::config::Data;
  use lemmy_api_common::context::LemmyContext;
  use lemmy_db_schema::{
@ -420,6 +410,44 @@ mod tests {
    Ok(())
  }

+  #[tokio::test]
+  #[serial]
+  async fn test_settings_partial_import() -> LemmyResult<()> {
+    let context = LemmyContext::init_test_context().await;
+
+    let export_user =
+      create_user("hanna".to_string(), Some("my bio".to_string()), &context).await?;
+
+    let community_form = CommunityInsertForm::builder()
+      .name("testcom".to_string())
+      .title("testcom".to_string())
+      .instance_id(export_user.person.instance_id)
+      .build();
+    let community = Community::create(&mut context.pool(), &community_form).await?;
+    let follower_form = CommunityFollowerForm {
+      community_id: community.id,
+      person_id: export_user.person.id,
+      pending: false,
+    };
+    CommunityFollower::follow(&mut context.pool(), &follower_form).await?;
+
+    let backup = export_settings(export_user.clone(), context.reset_request_count()).await?;
+
+    let import_user = create_user("charles".to_string(), None, &context).await?;
+
+    let backup2 = UserSettingsBackup {
+      followed_communities: backup.followed_communities.clone(),
+      ..Default::default()
+    };
+    import_settings(
+      actix_web::web::Json(backup2),
+      import_user.clone(),
+      context.reset_request_count(),
+    )
+    .await?;
+    Ok(())
+  }
+
  #[tokio::test]
  #[serial]
  async fn disallow_large_backup() -> LemmyResult<()> {
--- a/crates/apub/src/lib.rs
+++ b/crates/apub/src/lib.rs
@ -29,7 +29,9 @@ pub(crate) mod mentions;
 pub mod objects;
 pub mod protocol;

-pub const FEDERATION_HTTP_FETCH_LIMIT: u32 = 50;
+/// Maximum number of outgoing HTTP requests to fetch a single object. Needs to be high enough
+/// to fetch a new community with posts, moderators and featured posts.
+pub const FEDERATION_HTTP_FETCH_LIMIT: u32 = 100;

 /// Only include a basic context to save space and bandwidth. The main context is hosted statically
 /// on join-lemmy.org. Include activitystreams explicitly for better compat, but this could
--- a/crates/apub/src/objects/post.rs
+++ b/crates/apub/src/objects/post.rs
@ -36,7 +36,6 @@ use lemmy_db_schema::{
  source::{
    community::Community,
    local_site::LocalSite,
-    moderator::{ModLockPost, ModLockPostForm},
    person::Person,
    post::{Post, PostInsertForm, PostUpdateForm},
  },
@ -147,7 +146,6 @@ impl Object for ApubPost {
      source: self.body.clone().map(Source::new),
      attachment,
      image: self.thumbnail_url.clone().map(ImageObject::new),
-      comments_enabled: Some(!self.locked),
      sensitive: Some(self.nsfw),
      language,
      published: Some(self.published),
@ -165,12 +163,8 @@ impl Object for ApubPost {
    expected_domain: &Url,
    context: &Data<Self::DataType>,
  ) -> LemmyResult<()> {
-    // We can't verify the domain in case of mod action, because the mod may be on a different
-    // instance from the post author.
-    if !page.is_mod_action(context).await? {
-      verify_domains_match(page.id.inner(), expected_domain)?;
-      verify_is_remote_object(&page.id, context)?;
-    };
+    verify_domains_match(page.id.inner(), expected_domain)?;
+    verify_is_remote_object(&page.id, context)?;

    let community = page.community(context).await?;
    check_apub_id_valid_with_strictness(page.id.inner(), community.local, context).await?;
@ -218,62 +212,46 @@ impl Object for ApubPost {
      name = name.chars().take(MAX_TITLE_LENGTH).collect();
    }

-    // read existing, local post if any (for generating mod log)
-    let old_post = page.id.dereference_local(context).await;
-
    let first_attachment = page.attachment.first();
    let local_site = LocalSite::read(&mut context.pool()).await.ok();

-    let form = if !page.is_mod_action(context).await? {
-      let url = if let Some(attachment) = first_attachment.cloned() {
-        Some(attachment.url())
-      } else if page.kind == PageType::Video {
-        // we cant display videos directly, so insert a link to external video page
-        Some(page.id.inner().clone())
-      } else {
-        None
-      };
-      check_url_scheme(&url)?;
-
-      let alt_text = first_attachment.cloned().and_then(Attachment::alt_text);
-
-      let url = proxy_image_link_opt_apub(url, context).await?;
-
-      let slur_regex = &local_site_opt_to_slur_regex(&local_site);
-      let url_blocklist = get_url_blocklist(context).await?;
-
-      let body = read_from_string_or_source_opt(&page.content, &page.media_type, &page.source);
-      let body = process_markdown_opt(&body, slur_regex, &url_blocklist, context).await?;
-      let language_id =
-        LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
-
-      PostInsertForm::builder()
-        .name(name)
-        .url(url.map(Into::into))
-        .body(body)
-        .alt_text(alt_text)
-        .creator_id(creator.id)
-        .community_id(community.id)
-        .locked(page.comments_enabled.map(|e| !e))
-        .published(page.published.map(Into::into))
-        .updated(page.updated.map(Into::into))
-        .deleted(Some(false))
-        .nsfw(page.sensitive)
-        .ap_id(Some(page.id.clone().into()))
-        .local(Some(false))
-        .language_id(language_id)
-        .build()
+    let url = if let Some(attachment) = first_attachment.cloned() {
+      Some(attachment.url())
+    } else if page.kind == PageType::Video {
+      // we cant display videos directly, so insert a link to external video page
+      Some(page.id.inner().clone())
    } else {
-      // if is mod action, only update locked/stickied fields, nothing else
-      PostInsertForm::builder()
-        .name(name)
-        .creator_id(creator.id)
-        .community_id(community.id)
-        .ap_id(Some(page.id.clone().into()))
-        .locked(page.comments_enabled.map(|e| !e))
-        .updated(page.updated.map(Into::into))
-        .build()
+      None
    };
+    check_url_scheme(&url)?;
+
+    let alt_text = first_attachment.cloned().and_then(Attachment::alt_text);
+
+    let url = proxy_image_link_opt_apub(url, context).await?;
+
+    let slur_regex = &local_site_opt_to_slur_regex(&local_site);
+    let url_blocklist = get_url_blocklist(context).await?;
+
+    let body = read_from_string_or_source_opt(&page.content, &page.media_type, &page.source);
+    let body = process_markdown_opt(&body, slur_regex, &url_blocklist, context).await?;
+    let language_id =
+      LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
+
+    let form = PostInsertForm::builder()
+      .name(name)
+      .url(url.map(Into::into))
+      .body(body)
+      .alt_text(alt_text)
+      .creator_id(creator.id)
+      .community_id(community.id)
+      .published(page.published.map(Into::into))
+      .updated(page.updated.map(Into::into))
+      .deleted(Some(false))
+      .nsfw(page.sensitive)
+      .ap_id(Some(page.id.clone().into()))
+      .local(Some(false))
+      .language_id(language_id)
+      .build();

    let timestamp = page.updated.or(page.published).unwrap_or_else(naive_now);
    let post = Post::insert_apub(&mut context.pool(), timestamp, &form).await?;
@ -287,16 +265,6 @@ impl Object for ApubPost {
      context.reset_request_count(),
    );

-    // write mod log entry for lock
-    if Page::is_locked_changed(&old_post, &page.comments_enabled) {
-      let form = ModLockPostForm {
-        mod_person_id: creator.id,
-        post_id: post.id,
-        locked: Some(post.locked),
-      };
-      ModLockPost::create(&mut context.pool(), &form).await?;
-    }
-
    Ok(post.into())
  }
 }
--- a/crates/apub/src/protocol/objects/page.rs
+++ b/crates/apub/src/protocol/objects/page.rs
@ -60,7 +60,6 @@ pub struct Page {
  #[serde(default)]
  pub(crate) attachment: Vec<Attachment>,
  pub(crate) image: Option<ImageObject>,
-  pub(crate) comments_enabled: Option<bool>,
  pub(crate) sensitive: Option<bool>,
  pub(crate) published: Option<DateTime<Utc>>,
  pub(crate) updated: Option<DateTime<Utc>>,
@ -156,28 +155,6 @@ pub enum HashtagType {
 }

 impl Page {
-  /// Only mods can change the post's locked status. So if it is changed from the default value,
-  /// it is a mod action and needs to be verified as such.
-  ///
-  /// Locked needs to be false on a newly created post (verified in [[CreatePost]].
-  pub(crate) async fn is_mod_action(&self, context: &Data<LemmyContext>) -> LemmyResult<bool> {
-    let old_post = self.id.clone().dereference_local(context).await;
-    Ok(Page::is_locked_changed(&old_post, &self.comments_enabled))
-  }
-
-  pub(crate) fn is_locked_changed<E>(
-    old_post: &Result<ApubPost, E>,
-    new_comments_enabled: &Option<bool>,
-  ) -> bool {
-    if let Some(new_comments_enabled) = new_comments_enabled {
-      if let Ok(old_post) = old_post {
-        return new_comments_enabled != &!old_post.locked;
-      }
-    }
-
-    false
-  }
-
  pub(crate) fn creator(&self) -> LemmyResult<ObjectId<ApubPerson>> {
    match &self.attributed_to {
      AttributedTo::Lemmy(l) => Ok(l.clone()),
--- a/crates/db_schema/src/impls/local_user.rs
+++ b/crates/db_schema/src/impls/local_user.rs
@ -55,12 +55,17 @@ impl LocalUser {
    pool: &mut DbPool<'_>,
    local_user_id: LocalUserId,
    form: &LocalUserUpdateForm,
-  ) -> Result<LocalUser, Error> {
+  ) -> Result<usize, Error> {
    let conn = &mut get_conn(pool).await?;
-    diesel::update(local_user::table.find(local_user_id))
+    let res = diesel::update(local_user::table.find(local_user_id))
      .set(form)
-      .get_result::<Self>(conn)
-      .await
+      .execute(conn)
+      .await;
+    // Diesel will throw an error if the query is all Nones (not updating anything), ignore this.
+    match res {
+      Err(Error::QueryBuilderError(_)) => Ok(0),
+      other => other,
+    }
  }

  pub async fn delete(pool: &mut DbPool<'_>, id: LocalUserId) -> Result<usize, Error> {
--- a/crates/db_views/src/post_view.rs
+++ b/crates/db_views/src/post_view.rs
@ -950,9 +950,8 @@ mod tests {
      show_bot_accounts: Some(false),
      ..Default::default()
    };
-    let inserted_local_user =
-      LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
-    data.local_user_view.local_user = inserted_local_user;
+    LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
+    data.local_user_view.local_user.show_bot_accounts = false;

    let read_post_listing = PostQuery {
      community_id: Some(data.inserted_community.id),
@ -986,9 +985,8 @@ mod tests {
      show_bot_accounts: Some(true),
      ..Default::default()
    };
-    let inserted_local_user =
-      LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
-    data.local_user_view.local_user = inserted_local_user;
+    LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
+    data.local_user_view.local_user.show_bot_accounts = true;

    let post_listings_with_bots = PostQuery {
      community_id: Some(data.inserted_community.id),
@ -1110,9 +1108,8 @@ mod tests {
      show_bot_accounts: Some(false),
      ..Default::default()
    };
-    let inserted_local_user =
-      LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
-    data.local_user_view.local_user = inserted_local_user;
+    LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
+    data.local_user_view.local_user.show_bot_accounts = false;

    let read_post_listing = PostQuery {
      community_id: Some(data.inserted_community.id),
@ -1533,9 +1530,8 @@ mod tests {
      show_read_posts: Some(false),
      ..Default::default()
    };
-    let inserted_local_user =
-      LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
-    data.local_user_view.local_user = inserted_local_user;
+    LocalUser::update(pool, data.local_user_view.local_user.id, &local_user_form).await?;
+    data.local_user_view.local_user.show_read_posts = false;

    // Mark a post as read
    PostRead::mark_as_read(
--- a/src/api_routes_http.rs
+++ b/src/api_routes_http.rs
@ -262,12 +262,22 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
      // User
      .service(
        // Account action, I don't like that it's in /user maybe /accounts
-        // Handle /user/register separately to add the register() rate limitter
+        // Handle /user/register separately to add the register() rate limiter
        web::resource("/user/register")
          .guard(guard::Post())
          .wrap(rate_limit.register())
          .route(web::post().to(register)),
      )
+      // User
+      .service(
+        // Handle /user/login separately to add the register() rate limiter
+        // TODO: pretty annoying way to apply rate limits for register and login, we should
+        //       group them under a common path so that rate limit is only applied once (eg under /account).
+        web::resource("/user/login")
+          .guard(guard::Post())
+          .wrap(rate_limit.register())
+          .route(web::post().to(login)),
+      )
      .service(
        // Handle captcha separately
        web::resource("/user/get_captcha")
@ -306,7 +316,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
          .route("/banned", web::get().to(list_banned_users))
          .route("/block", web::post().to(block_person))
          // TODO Account actions. I don't like that they're in /user maybe /accounts
-          .route("/login", web::post().to(login))
          .route("/logout", web::post().to(logout))
          .route("/delete_account", web::post().to(delete_account))
          .route("/password_reset", web::post().to(reset_password))
Author	SHA1	Message	Date
SleeplessOne1917	f83ea218b4	Merge branch 'main' into db-fields-sensitive	2024-05-15 21:19:40 +00:00
Nutomic	93c9a5f2b1	Dont federate post locking via Update activity (#4717 ) * Dont federate post locking via Update activity * cleanup * add missing mod log entries * update assets	2024-05-15 07:36:00 -04:00
Nutomic	9a9d518153	Fix import blocked objects (#4712 ) * Allow importing partial backup (fixes #4672) * Fetch blocked objects if not known locally (fixes #4669) * extract helper fn * add comment * cleanup * remove test * fmt * remove .ok()	2024-05-14 23:03:43 -04:00
Nutomic	7fb03c502e	Add test to ensure reports are sent to user's home instance (ref #4701 ) (#4711 ) * Add test to ensure reports are sent to user's home instance (ref #4701) * enable all tests * set package-manager-strict=false	2024-05-14 22:48:24 -04:00
Nutomic	49bb17b583	Stricter rate limit for login (#4718 )	2024-05-14 22:43:43 -04:00
Nutomic	723cb549d4	Allow importing partial backup (fixes #4672 ) (#4705 ) * Allow importing partial backup (fixes #4672) * Dont throw error on empty LocalUser::update * fix tests	2024-05-14 22:37:30 -04:00