techhub/mastodon
2
0
Fork 0
Code Activity

Fix streaming still being authorized for suspended accounts (#36449)

Browse Source
This commit is contained in:
Claire
2025-10-13 15:35:58 +02:00
committed by GitHub
parent adf291631e
commit d7f4eca801
3 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/concerns/account/suspensions.rb
View File

@@ -32,6 +32,10 @@ module Account::Suspensions
update!(suspended_at: date, suspension_origin: origin) update!(suspended_at: date, suspension_origin: origin)
create_canonical_email_block! if block_email create_canonical_email_block! if block_email
end end
# This terminates all connections for the given account with the streaming
# server:
redis.publish("timeline:system:#{id}", Oj.dump(event: :kill)) if local?
end end
def unsuspend! def unsuspend!

24
spec/system/streaming/streaming_spec.rb
View File

@@ -98,4 +98,28 @@ RSpec.describe 'Streaming', :inline_jobs, :streaming do
expect(streaming_client.open?).to be(false) expect(streaming_client.open?).to be(false)
end end
end end
context 'with a suspended user account' do
before do
user.account.suspend!
end
it 'receives an 401 unauthorized error when trying to connect' do
streaming_client.connect
expect(streaming_client.status).to eq(401)
expect(streaming_client.open?).to be(false)
end
end
context 'when the user account is suspended whilst connected' do
it 'terminates the connection for the user' do
streaming_client.connect
user.account.suspend!
expect(streaming_client.wait_for(:closed).code).to be(1000)
expect(streaming_client.open?).to be(false)
end
end
end end

2
streaming/index.js
View File

@@ -352,7 +352,7 @@ const startServer = async () => {
* @returns {Promise<ResolvedAccount>} * @returns {Promise<ResolvedAccount>}
*/ */
const accountFromToken = async (token, req) => { const accountFromToken = async (token, req) => {
const result = await pgPool.query('SELECT oauth_access_tokens.id, oauth_access_tokens.resource_owner_id, users.account_id, users.chosen_languages, oauth_access_tokens.scopes FROM oauth_access_tokens INNER JOIN users ON oauth_access_tokens.resource_owner_id = users.id WHERE oauth_access_tokens.token = $1 AND oauth_access_tokens.revoked_at IS NULL AND users.disabled IS FALSE LIMIT 1', [token]); const result = await pgPool.query('SELECT oauth_access_tokens.id, oauth_access_tokens.resource_owner_id, users.account_id, users.chosen_languages, oauth_access_tokens.scopes FROM oauth_access_tokens INNER JOIN users ON oauth_access_tokens.resource_owner_id = users.id INNER JOIN accounts ON accounts.id = users.account_id WHERE oauth_access_tokens.token = $1 AND oauth_access_tokens.revoked_at IS NULL AND users.disabled IS FALSE AND accounts.suspended_at IS NULL LIMIT 1', [token]);
if (result.rows.length === 0) { if (result.rows.length === 0) {
throw new AuthenticationError('Invalid access token'); throw new AuthenticationError('Invalid access token');