discourse/app/controllers/admin/users_controller.rb

# frozen_string_literal: true

class Admin::UsersController < Admin::StaffController
  MAX_SIMILAR_USERS = 10

  before_action :fetch_user,
                only: %i[
                  suspend
                  unsuspend
                  log_out
                  revoke_admin
                  revoke_moderation
                  grant_moderation
                  approve
                  activate
                  deactivate
                  silence
                  unsilence
                  trust_level
                  trust_level_lock
                  add_group
                  remove_group
                  primary_group
                  anonymize
                  merge
                  reset_bounce_score
                  disable_second_factor
                  delete_posts_batch
                  sso_record
                ]

  def index
    users = ::AdminUserIndexQuery.new(params).find_users

    opts = {}
    if params[:show_emails] == "true"
      StaffActionLogger.new(current_user).log_show_emails(users, context: request.path)
      opts[:emails_desired] = true
    end

    render_serialized(users, AdminUserListSerializer, opts)
  end

  def show
    @user = User.find_by(id: params[:id])
    raise Discourse::NotFound unless @user

    similar_users = User.real.where.not(id: @user.id).where(ip_address: @user.ip_address)

    render_serialized(
      @user,
      AdminDetailedUserSerializer,
      root: false,
      similar_users: similar_users.limit(MAX_SIMILAR_USERS),
      similar_users_count: similar_users.count,
    )
  end

  def delete_posts_batch
    deleted_posts = @user.delete_posts_in_batches(guardian)
    # staff action logs will have an entry for each post

    render json: { posts_deleted: deleted_posts.length }
  end

  # DELETE action to delete penalty history for a user
  def penalty_history
    # We don't delete any history, we merely remove the action type
    # with a removed type. It can still be viewed in the logs but
    # will not affect TL3 promotions.
    sql = <<~SQL
      UPDATE user_histories
      SET action = CASE
        WHEN action = :silence_user THEN :removed_silence_user
        WHEN action = :unsilence_user THEN :removed_unsilence_user
        WHEN action = :suspend_user THEN :removed_suspend_user
        WHEN action = :unsuspend_user THEN :removed_unsuspend_user
      END
      WHERE target_user_id = :user_id
        AND action IN (
          :silence_user,
          :suspend_user,
          :unsilence_user,
          :unsuspend_user
        )
    SQL

    DB.exec(
      sql,
      UserHistory
        .actions
        .slice(
          :silence_user,
          :suspend_user,
          :unsilence_user,
          :unsuspend_user,
          :removed_silence_user,
          :removed_unsilence_user,
          :removed_suspend_user,
          :removed_unsuspend_user,
        )
        .merge(user_id: params[:user_id].to_i),
    )

    render json: success_json
  end

  def suspend
    guardian.ensure_can_suspend!(@user)

    if @user.suspended?
      suspend_record = @user.suspend_record
      message =
        I18n.t(
          "user.already_suspended",
          staff: suspend_record.acting_user.username,
          time_ago:
            AgeWords.time_ago_in_words(
              suspend_record.created_at,
              true,
              scope: :"datetime.distance_in_words_verbose",
            ),
        )
      return render json: failed_json.merge(message: message), status: 409
    end

    params.require(%i[suspend_until reason])

    all_users = [@user]
    if Array === params[:other_user_ids]
      all_users.concat(User.where(id: params[:other_user_ids]).to_a)
      all_users.uniq!
    end

    user_history = nil

    all_users.each do |user|
      user.suspended_till = params[:suspend_until]
      user.suspended_at = DateTime.now

      message = params[:message]

      User.transaction do
        user.save!

        user_history =
          StaffActionLogger.new(current_user).log_user_suspend(
            user,
            params[:reason],
            message: message,
            post_id: params[:post_id],
          )
      end
      user.logged_out

      if message.present?
        Jobs.enqueue(
          :critical_user_email,
          type: "account_suspended",
          user_id: user.id,
          user_history_id: user_history.id,
        )
      end

      DiscourseEvent.trigger(
        :user_suspended,
        user: user,
        reason: params[:reason],
        message: message,
        user_history: user_history,
        post_id: params[:post_id],
        suspended_till: params[:suspend_until],
        suspended_at: DateTime.now,
      )
    end

    perform_post_action

    render_json_dump(
      suspension: {
        suspend_reason: params[:reason],
        full_suspend_reason: user_history.try(:details),
        suspended_till: @user.suspended_till,
        suspended_at: @user.suspended_at,
        suspended_by: BasicUserSerializer.new(current_user, root: false).as_json,
      },
    )
  end

  def unsuspend
    guardian.ensure_can_suspend!(@user)
    @user.suspended_till = nil
    @user.suspended_at = nil
    @user.save!
    StaffActionLogger.new(current_user).log_user_unsuspend(@user)

    DiscourseEvent.trigger(:user_unsuspended, user: @user)

    render_json_dump(suspension: { suspended_till: nil, suspended_at: nil })
  end

  def log_out
    if @user
      @user.user_auth_tokens.destroy_all
      @user.logged_out
      render json: success_json
    else
      render json: { error: I18n.t("admin_js.admin.users.id_not_found") }, status: 404
    end
  end

  def revoke_admin
    guardian.ensure_can_revoke_admin!(@user)
    @user.revoke_admin!
    StaffActionLogger.new(current_user).log_revoke_admin(@user)
    render_serialized(@user, AdminDetailedUserSerializer, root: false)
  end

  def grant_admin
    result = run_second_factor!(SecondFactor::Actions::GrantAdmin)
    if result.no_second_factors_enabled?
      render json: success_json.merge(email_confirmation_required: true)
    else
      render json: success_json
    end
  end

  def revoke_moderation
    guardian.ensure_can_revoke_moderation!(@user)
    @user.revoke_moderation!
    StaffActionLogger.new(current_user).log_revoke_moderation(@user)
    render_serialized(@user, AdminDetailedUserSerializer, root: false)
  end

  def grant_moderation
    guardian.ensure_can_grant_moderation!(@user)
    @user.grant_moderation!
    StaffActionLogger.new(current_user).log_grant_moderation(@user)
    render_serialized(@user, AdminDetailedUserSerializer, root: false)
  end

  def add_group
    group = Group.find(params[:group_id].to_i)
    raise Discourse::NotFound unless group

    return render_json_error(I18n.t("groups.errors.can_not_modify_automatic")) if group.automatic
    guardian.ensure_can_edit!(group)

    group.add(@user)
    GroupActionLogger.new(current_user, group).log_add_user_to_group(@user)

    render body: nil
  end

  def remove_group
    group = Group.find(params[:group_id].to_i)
    raise Discourse::NotFound unless group

    return render_json_error(I18n.t("groups.errors.can_not_modify_automatic")) if group.automatic
    guardian.ensure_can_edit!(group)

    if group.remove(@user)
      GroupActionLogger.new(current_user, group).log_remove_user_from_group(@user)
    end

    render body: nil
  end

  def primary_group
    if params[:primary_group_id].present?
      primary_group_id = params[:primary_group_id].to_i
      if group = Group.find(primary_group_id)
        guardian.ensure_can_change_primary_group!(@user, group)

        @user.primary_group_id = primary_group_id if group.user_ids.include?(@user.id)
      end
    else
      @user.primary_group_id = nil
    end

    @user.save!

    render body: nil
  end

  def trust_level
    guardian.ensure_can_change_trust_level!(@user)
    level = params[:level].to_i

    if @user.manual_locked_trust_level.nil?
      if [0, 1, 2].include?(level) && Promotion.public_send("tl#{level + 1}_met?", @user)
        @user.manual_locked_trust_level = level
        @user.save
      elsif level == 3 && Promotion.tl3_lost?(@user)
        @user.manual_locked_trust_level = level
        @user.save
      end
    end

    @user.change_trust_level!(level, log_action_for: current_user)

    render_serialized(@user, AdminUserSerializer)
  rescue Discourse::InvalidAccess => e
    render_json_error(e.message)
  end

  def trust_level_lock
    guardian.ensure_can_change_trust_level!(@user)

    new_lock = params[:locked].to_s
    return render_json_error I18n.t("errors.invalid_boolean") unless new_lock =~ /true|false/

    @user.manual_locked_trust_level = (new_lock == "true") ? @user.trust_level : nil
    @user.save

    StaffActionLogger.new(current_user).log_lock_trust_level(@user)
    Promotion.recalculate(@user, current_user)

    render body: nil
  end

  def approve
    guardian.ensure_can_approve!(@user)

    reviewable =
      ReviewableUser.find_by(target: @user) ||
        Jobs::CreateUserReviewable.new.execute(user_id: @user.id).reviewable

    reviewable.perform(current_user, :approve_user)
    render body: nil
  end

  def approve_bulk
    Reviewable.bulk_perform_targets(current_user, :approve_user, "ReviewableUser", params[:users])
    render body: nil
  end

  def activate
    guardian.ensure_can_activate!(@user)
    # ensure there is an active email token
    if !@user.email_tokens.active.exists?
      @user.email_tokens.create!(email: @user.email, scope: EmailToken.scopes[:signup])
    end
    @user.activate
    StaffActionLogger.new(current_user).log_user_activate(@user, I18n.t("user.activated_by_staff"))
    render json: success_json
  end

  def deactivate
    guardian.ensure_can_deactivate!(@user)
    @user.deactivate(current_user)
    StaffActionLogger.new(current_user).log_user_deactivate(
      @user,
      I18n.t("user.deactivated_by_staff"),
      params.slice(:context),
    )
    refresh_browser @user
    render json: success_json
  end

  def silence
    guardian.ensure_can_silence_user! @user

    if @user.silenced?
      silenced_record = @user.silenced_record
      message =
        I18n.t(
          "user.already_silenced",
          staff: silenced_record.acting_user.username,
          time_ago:
            AgeWords.time_ago_in_words(
              silenced_record.created_at,
              true,
              scope: :"datetime.distance_in_words_verbose",
            ),
        )
      return render json: failed_json.merge(message: message), status: 409
    end

    all_users = [@user]
    if Array === params[:other_user_ids]
      all_users.concat(User.where(id: params[:other_user_ids]).to_a)
      all_users.uniq!
    end

    user_history = nil

    all_users.each do |user|
      silencer =
        UserSilencer.new(
          user,
          current_user,
          silenced_till: params[:silenced_till],
          reason: params[:reason],
          message_body: params[:message],
          keep_posts: true,
          post_id: params[:post_id],
        )

      if silencer.silence
        user_history = silencer.user_history
        Jobs.enqueue(
          :critical_user_email,
          type: "account_silenced",
          user_id: user.id,
          user_history_id: user_history.id,
        )
      end
    end

    perform_post_action

    render_json_dump(
      silence: {
        silenced: true,
        silence_reason: user_history.try(:details),
        silenced_till: @user.silenced_till,
        silenced_at: @user.silenced_at,
        silenced_by: BasicUserSerializer.new(current_user, root: false).as_json,
      },
    )
  end

  def unsilence
    guardian.ensure_can_unsilence_user! @user
    UserSilencer.unsilence(@user, current_user)

    render_json_dump(
      unsilence: {
        silenced: false,
        silence_reason: nil,
        silenced_till: nil,
        silenced_at: nil,
      },
    )
  end

  def disable_second_factor
    guardian.ensure_can_disable_second_factor!(@user)
    user_second_factor = @user.user_second_factors
    user_security_key = @user.security_keys
    raise Discourse::InvalidParameters if user_second_factor.empty? && user_security_key.empty?

    user_second_factor.destroy_all
    user_security_key.destroy_all
    StaffActionLogger.new(current_user).log_disable_second_factor_auth(@user)

    Jobs.enqueue(:critical_user_email, type: "account_second_factor_disabled", user_id: @user.id)

    render json: success_json
  end

  def destroy
    user = User.find_by(id: params[:id].to_i)
    guardian.ensure_can_delete_user!(user)

    options = params.slice(:context, :delete_as_spammer)
    %i[delete_posts block_email block_urls block_ip].each do |param_name|
      options[param_name] = ActiveModel::Type::Boolean.new.cast(params[param_name])
    end
    options[:prepare_for_destroy] = true

    hijack do
      begin
        if UserDestroyer.new(current_user).destroy(user, options)
          render json: { deleted: true }
        else
          render json: {
                   deleted: false,
                   user: AdminDetailedUserSerializer.new(user, root: false).as_json,
                 }
        end
      rescue UserDestroyer::PostsExistError
        render json: {
                 deleted: false,
                 message:
                   I18n.t(
                     "user.cannot_delete_has_posts",
                     username: user.username,
                     count: user.posts.joins(:topic).count,
                   ),
               },
               status: 403
      end
    end
  end

  def badges
  end

  def tl3_requirements
  end

  def ip_info
    params.require(:ip)

    render json: DiscourseIpInfo.get(params[:ip], resolve_hostname: true)
  end

  def sync_sso
    return render body: nil, status: 404 unless SiteSetting.enable_discourse_connect

    begin
      sso =
        DiscourseConnect.parse(
          "sso=#{params[:sso]}&sig=#{params[:sig]}",
          secure_session: secure_session,
        )
    rescue DiscourseConnect::ParseError
      return(
        render json: failed_json.merge(message: I18n.t("discourse_connect.login_error")),
               status: 422
      )
    end

    begin
      user = sso.lookup_or_create_user
      DiscourseEvent.trigger(:sync_sso, user)
      render_serialized(user, AdminDetailedUserSerializer, root: false)
    rescue ActiveRecord::RecordInvalid => ex
      render json: failed_json.merge(message: ex.message), status: 403
    rescue DiscourseConnect::BlankExternalId => ex
      render json: failed_json.merge(message: I18n.t("discourse_connect.blank_id_error")),
             status: 422
    end
  end

  def delete_other_accounts_with_same_ip
    params.require(:ip)
    params.require(:exclude)
    params.require(:order)

    user_destroyer = UserDestroyer.new(current_user)
    options = {
      delete_posts: true,
      block_email: true,
      block_urls: true,
      block_ip: true,
      delete_as_spammer: true,
      context: I18n.t("user.destroy_reasons.same_ip_address", ip_address: params[:ip]),
    }

    AdminUserIndexQuery
      .new(params)
      .find_users(50)
      .each { |user| user_destroyer.destroy(user, options) }

    render json: success_json
  end

  def total_other_accounts_with_same_ip
    params.require(:ip)
    params.require(:exclude)
    params.require(:order)

    render json: { total: AdminUserIndexQuery.new(params).count_users }
  end

  def anonymize
    guardian.ensure_can_anonymize_user!(@user)
    opts = {}
    opts[:anonymize_ip] = params[:anonymize_ip] if params[:anonymize_ip].present?

    if user = UserAnonymizer.new(@user, current_user, opts).make_anonymous
      render json: success_json.merge(username: user.username)
    else
      render json:
               failed_json.merge(user: AdminDetailedUserSerializer.new(user, root: false).as_json)
    end
  end

  def merge
    target_username = params.require(:target_username)
    target_user = User.find_by_username(target_username)
    raise Discourse::NotFound if target_user.blank?

    guardian.ensure_can_merge_users!(@user, target_user)

    Jobs.enqueue(
      :merge_user,
      user_id: @user.id,
      target_user_id: target_user.id,
      current_user_id: current_user.id,
    )
    render json: success_json
  end

  def reset_bounce_score
    guardian.ensure_can_reset_bounce_score!(@user)
    @user.user_stat&.reset_bounce_score!
    StaffActionLogger.new(current_user).log_reset_bounce_score(@user)
    render json: success_json
  end

  def sso_record
    guardian.ensure_can_delete_sso_record!(@user)
    @user.single_sign_on_record.destroy!
    render json: success_json
  end

  private

  def perform_post_action
    return unless params[:post_id].present? && params[:post_action].present?

    if post = Post.where(id: params[:post_id]).first
      case params[:post_action]
      when "delete"
        PostDestroyer.new(current_user, post).destroy if guardian.can_delete_post_or_topic?(post)
      when "delete_replies"
        if guardian.can_delete_post_or_topic?(post)
          PostDestroyer.delete_with_replies(current_user, post)
        end
      when "edit"
        revisor = PostRevisor.new(post)

        # Take what the moderator edited in as gospel
        revisor.revise!(
          current_user,
          { raw: params[:post_edit] },
          skip_validations: true,
          skip_revision: true,
        )
      end
    end
  end

  def fetch_user
    @user = User.find_by(id: params[:user_id])
    raise Discourse::NotFound unless @user
  end

  def refresh_browser(user)
    MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
  end
end