FEATURE: anonymous_account_duration_minutes , cycle anon accounts after N minutes from last post

fixes it so anon users can not like stuff
2015-04-08 12:29:43 +10:00 · 2015-04-08 12:29:43 +10:00 · 4bfca12b11
parent 6398cd855c
commit 4bfca12b11
7 changed files with 55 additions and 7 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -725,6 +725,12 @@ class User < ActiveRecord::Base
    UserProfile.create(user_id: id)
  end

+  def anonymous?
+    SiteSetting.allow_anonymous_posting &&
+      trust_level >= 1 &&
+      custom_fields["master_id"].to_i > 0
+  end
+
  protected

  def badge_grant
--- a/app/serializers/current_user_serializer.rb
+++ b/app/serializers/current_user_serializer.rb
@ -104,9 +104,7 @@ class CurrentUserSerializer < BasicUserSerializer
  end

  def is_anonymous
-    SiteSetting.allow_anonymous_posting &&
-      object.trust_level >= 1 &&
-      object.custom_fields["master_id"].to_i > 0
+    object.anonymous?
  end

 end
--- a/app/services/anonymous_shadow_creator.rb
+++ b/app/services/anonymous_shadow_creator.rb
@ -16,7 +16,14 @@ class AnonymousShadowCreator
       user.trust_level < SiteSetting.anonymous_posting_min_trust_level

    if (shadow_id = user.custom_fields["shadow_id"].to_i) > 0
-      User.find_by(id: shadow_id) || create_shadow(user)
+      shadow = User.find_by(id: shadow_id)
+
+      if shadow && shadow.post_count > 0 &&
+          shadow.last_posted_at < SiteSetting.anonymous_account_duration_minutes.minutes.ago
+        shadow = nil
+      end
+
+      shadow || create_shadow(user)
    else
      create_shadow(user)
    end
@ -34,13 +41,17 @@ class AnonymousShadowCreator
        trust_level_locked: true,
        email_private_messages: false,
        email_digests: false,
-        created_at: user.created_at
+        created_at: 1.day.ago # bypass new user restrictions
      )

      shadow.email_tokens.update_all  confirmed: true
      shadow.activate


+      # can not hold dupes
+      UserCustomField.where(user_id: user.id,
+                            name: "shadow_id").destroy_all
+
      UserCustomField.create!(user_id: user.id,
                              name: "shadow_id",
                              value: shadow.id)
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -1091,6 +1091,7 @@ en:
    enable_user_directory: "Provide a directory of users for browsing"
    allow_anonymous_posting: "Allow users to switch to anonymous mode"
    anonymous_posting_min_trust_level: "Minimum trust level required to enable anonymous posting"
+    anonymous_account_duration_minutes: "To protect anonymity create a new anonymous account every N minutes for each user. Example: if set to 600, as soon as 600 minutes elapse from last post AND user switches to anon, a new anonymous account is created."

    allow_profile_backgrounds: "Allow users to upload profile backgrounds."

--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@ -315,6 +315,8 @@ users:
  anonymous_posting_min_trust_level:
    default: 1
    client: true
+  anonymous_account_duration_minutes:
+    default: 10080

 posting:
  min_post_length:
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@ -8,7 +8,7 @@ module PostGuardian
    already_taken_this_action = taken.any? && taken.include?(PostActionType.types[action_key])
    already_did_flagging      = taken.any? && (taken & PostActionType.flag_types.values).any?

-    if authenticated? && post
+    result = if authenticated? && post && !@user.anonymous?

      return false if action_key == :notify_moderators && !SiteSetting.enable_private_messages

@ -37,6 +37,8 @@ module PostGuardian
      # no voting more than once on single vote topics
      not(action_key == :vote && opts[:voted_in_topic] && post.topic.has_meta_data_boolean?(:single_vote))
    end
+
+    !!result
  end

  def can_defer_flags?(post)
--- a/spec/services/anonymous_shadow_creator_spec.rb
+++ b/spec/services/anonymous_shadow_creator_spec.rb
@ -11,6 +11,26 @@ describe AnonymousShadowCreator do
    AnonymousShadowCreator.get(Fabricate.build(:user, trust_level: 0)).should == nil
  end

+  it "returns a new shadow once time expires" do
+    SiteSetting.allow_anonymous_posting = true
+    SiteSetting.anonymous_account_duration_minutes = 1
+
+    user = Fabricate(:user, trust_level: 3)
+    shadow = AnonymousShadowCreator.get(user)
+
+    freeze_time 2.minutes.from_now
+    shadow2 = AnonymousShadowCreator.get(user)
+
+    shadow.id.should == shadow2.id
+    create_post(user: shadow)
+
+    freeze_time 4.minutes.from_now
+    shadow3 = AnonymousShadowCreator.get(user)
+
+    shadow2.id.should_not == shadow3.id
+
+  end
+
  it "returns a shadow for a legit user" do
    SiteSetting.allow_anonymous_posting = true
    user = Fabricate(:user, trust_level: 3)
@ -21,9 +41,17 @@ describe AnonymousShadowCreator do
    shadow.id.should == shadow2.id

    shadow.trust_level.should == 1
-
    shadow.username.should == "anonymous"

+    shadow.created_at.should_not == user.created_at
+
+
+    p = create_post
+    Guardian.new(shadow).post_can_act?(p, :like).should == false
+    Guardian.new(user).post_can_act?(p, :like).should == true
+
+    user.anonymous?.should == false
+    shadow.anonymous?.should == true
  end

 end