stop banned accounts from posting

This commit is contained in:
rimu 2023-12-30 19:22:22 +13:00
parent afb253f6d0
commit ede9c32953
3 changed files with 23 additions and 6 deletions

View file

@ -74,6 +74,7 @@ def logout():
@bp.route('/register', methods=['GET', 'POST']) @bp.route('/register', methods=['GET', 'POST'])
def register(): def register():
disallowed_usernames = ['admin']
if current_user.is_authenticated: if current_user.is_authenticated:
return redirect(url_for('main.index')) return redirect(url_for('main.index'))
form = RegistrationForm() form = RegistrationForm()
@ -84,6 +85,8 @@ def register():
if form.real_email.data.lower().startswith('postmaster@') or form.real_email.data.lower().startswith('abuse@') or \ if form.real_email.data.lower().startswith('postmaster@') or form.real_email.data.lower().startswith('abuse@') or \
form.real_email.data.lower().startswith('noc@'): form.real_email.data.lower().startswith('noc@'):
flash(_('Sorry, you cannot use that email address'), 'error') flash(_('Sorry, you cannot use that email address'), 'error')
if form.user_name.data in disallowed_usernames:
flash(_('Sorry, you cannot use that user name'), 'error')
else: else:
verification_token = random_token(16) verification_token = random_token(16)
form.user_name.data = form.user_name.data.strip() form.user_name.data = form.user_name.data.strip()

View file

@ -1,6 +1,6 @@
from datetime import datetime from datetime import datetime
from flask import redirect, url_for, flash, current_app, abort, request, g from flask import redirect, url_for, flash, current_app, abort, request, g, make_response
from flask_login import login_user, logout_user, current_user, login_required from flask_login import login_user, logout_user, current_user, login_required
from flask_babel import _ from flask_babel import _
from sqlalchemy import or_, desc from sqlalchemy import or_, desc
@ -18,7 +18,7 @@ from app.models import Post, PostReply, \
from app.post import bp from app.post import bp
from app.utils import get_setting, render_template, allowlist_html, markdown_to_html, validation_required, \ from app.utils import get_setting, render_template, allowlist_html, markdown_to_html, validation_required, \
shorten_string, markdown_to_text, domain_from_url, validate_image, gibberish, ap_datetime, return_304, \ shorten_string, markdown_to_text, domain_from_url, validate_image, gibberish, ap_datetime, return_304, \
request_etag_matches, ip_address request_etag_matches, ip_address, user_ip_banned
def show_post(post_id: int): def show_post(post_id: int):
@ -43,6 +43,13 @@ def show_post(post_id: int):
flash('Comments have been disabled.', 'warning') flash('Comments have been disabled.', 'warning')
return redirect(url_for('activitypub.post_ap', post_id=post_id)) return redirect(url_for('activitypub.post_ap', post_id=post_id))
if current_user.banned:
flash('You have been banned.', 'error')
logout_user()
resp = make_response(redirect(url_for('main.index')))
resp.set_cookie('sesion', '17489047567495', expires=datetime(year=2099, month=12, day=30))
return resp
reply = PostReply(user_id=current_user.id, post_id=post.id, community_id=post.community.id, body=form.body.data, reply = PostReply(user_id=current_user.id, post_id=post.id, community_id=post.community.id, body=form.body.data,
body_html=markdown_to_html(form.body.data), body_html_safe=True, body_html=markdown_to_html(form.body.data), body_html_safe=True,
from_bot=current_user.bot, up_votes=1, nsfw=post.nsfw, nsfl=post.nsfl, from_bot=current_user.bot, up_votes=1, nsfw=post.nsfw, nsfl=post.nsfl,
@ -225,9 +232,10 @@ def post_vote(post_id: int, vote_direction):
current_user.last_seen = utcnow() current_user.last_seen = utcnow()
current_user.ip_address = ip_address() current_user.ip_address = ip_address()
db.session.commit() if not current_user.banned:
current_user.recalculate_attitude() db.session.commit()
db.session.commit() current_user.recalculate_attitude()
db.session.commit()
post.flush_cache() post.flush_cache()
return render_template('post/_post_voting_buttons.html', post=post, return render_template('post/_post_voting_buttons.html', post=post,
upvoted_class=upvoted_class, upvoted_class=upvoted_class,
@ -323,6 +331,12 @@ def continue_discussion(post_id, comment_id):
@bp.route('/post/<int:post_id>/comment/<int:comment_id>/reply', methods=['GET', 'POST']) @bp.route('/post/<int:post_id>/comment/<int:comment_id>/reply', methods=['GET', 'POST'])
@login_required @login_required
def add_reply(post_id: int, comment_id: int): def add_reply(post_id: int, comment_id: int):
if current_user.banned:
flash('You have been banned.', 'error')
logout_user()
resp = make_response(redirect(url_for('main.index')))
resp.set_cookie('sesion', '17489047567495', expires=datetime(year=2099, month=12, day=30))
return resp
post = Post.query.get_or_404(post_id) post = Post.query.get_or_404(post_id)
if not post.comments_enabled: if not post.comments_enabled:

View file

@ -67,7 +67,7 @@ def edit_profile(actor):
if current_user.id != user.id: if current_user.id != user.id:
abort(401) abort(401)
form = ProfileForm() form = ProfileForm()
if form.validate_on_submit(): if form.validate_on_submit() and not current_user.banned:
current_user.email = form.email.data current_user.email = form.email.data
if form.password_field.data.strip() != '': if form.password_field.data.strip() != '':
current_user.set_password(form.password_field.data) current_user.set_password(form.password_field.data)