diff --git a/server/controllers/api/abuse.ts b/server/controllers/api/abuse.ts index 72c418e74..a6d0b0512 100644 --- a/server/controllers/api/abuse.ts +++ b/server/controllers/api/abuse.ts @@ -167,7 +167,11 @@ async function reportAbuse (req: express.Request, res: express.Response) { const body: AbuseCreate = req.body const { id } = await sequelizeTypescript.transaction(async t => { - const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) + const user = res.locals.oauth.token.User + // Don't send abuse notification if reporter is an admin/moderator + const skipNotification = user.hasRight(UserRight.MANAGE_ABUSES) + + const reporterAccount = await AccountModel.load(user.Account.id, t) const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r]) const baseAbuse = { @@ -184,7 +188,8 @@ async function reportAbuse (req: express.Request, res: express.Response) { reporterAccount, transaction: t, startAt: body.video.startAt, - endAt: body.video.endAt + endAt: body.video.endAt, + skipNotification }) } @@ -193,7 +198,8 @@ async function reportAbuse (req: express.Request, res: express.Response) { baseAbuse, commentInstance, reporterAccount, - transaction: t + transaction: t, + skipNotification }) } @@ -202,7 +208,8 @@ async function reportAbuse (req: express.Request, res: express.Response) { baseAbuse, accountInstance, reporterAccount, - transaction: t + transaction: t, + skipNotification }) }) diff --git a/server/lib/activitypub/process/process-flag.ts b/server/lib/activitypub/process/process-flag.ts index 7ed409d0e..fd3e46e2b 100644 --- a/server/lib/activitypub/process/process-flag.ts +++ b/server/lib/activitypub/process/process-flag.ts @@ -75,7 +75,8 @@ async function processCreateAbuse (activity: ActivityCreate | ActivityFlag, byAc endAt, reporterAccount, transaction: t, - videoInstance: video + videoInstance: video, + skipNotification: false }) } @@ -84,7 +85,8 @@ async function processCreateAbuse (activity: ActivityCreate | ActivityFlag, byAc baseAbuse, reporterAccount, transaction: t, - commentInstance: videoComment + commentInstance: videoComment, + skipNotification: false }) } @@ -92,7 +94,8 @@ async function processCreateAbuse (activity: ActivityCreate | ActivityFlag, byAc baseAbuse, reporterAccount, transaction: t, - accountInstance: flaggedAccount + accountInstance: flaggedAccount, + skipNotification: false }) }) } catch (err) { diff --git a/server/lib/moderation.ts b/server/lib/moderation.ts index 456b615b2..c2565f867 100644 --- a/server/lib/moderation.ts +++ b/server/lib/moderation.ts @@ -107,8 +107,9 @@ async function createVideoAbuse (options: { endAt: number transaction: Transaction reporterAccount: MAccountDefault + skipNotification: boolean }) { - const { baseAbuse, videoInstance, startAt, endAt, transaction, reporterAccount } = options + const { baseAbuse, videoInstance, startAt, endAt, transaction, reporterAccount, skipNotification } = options const associateFun = async (abuseInstance: MAbuseFull) => { const videoAbuseInstance: MVideoAbuseVideoFull = await VideoAbuseModel.create({ @@ -129,6 +130,7 @@ async function createVideoAbuse (options: { reporterAccount, flaggedAccount: videoInstance.VideoChannel.Account, transaction, + skipNotification, associateFun }) } @@ -138,8 +140,9 @@ function createVideoCommentAbuse (options: { commentInstance: MCommentOwnerVideo transaction: Transaction reporterAccount: MAccountDefault + skipNotification: boolean }) { - const { baseAbuse, commentInstance, transaction, reporterAccount } = options + const { baseAbuse, commentInstance, transaction, reporterAccount, skipNotification } = options const associateFun = async (abuseInstance: MAbuseFull) => { const commentAbuseInstance: MCommentAbuseAccountVideo = await VideoCommentAbuseModel.create({ @@ -158,6 +161,7 @@ function createVideoCommentAbuse (options: { reporterAccount, flaggedAccount: commentInstance.Account, transaction, + skipNotification, associateFun }) } @@ -167,8 +171,9 @@ function createAccountAbuse (options: { accountInstance: MAccountDefault transaction: Transaction reporterAccount: MAccountDefault + skipNotification: boolean }) { - const { baseAbuse, accountInstance, transaction, reporterAccount } = options + const { baseAbuse, accountInstance, transaction, reporterAccount, skipNotification } = options const associateFun = () => { return Promise.resolve({ isOwned: accountInstance.isOwned() }) @@ -179,6 +184,7 @@ function createAccountAbuse (options: { reporterAccount, flaggedAccount: accountInstance, transaction, + skipNotification, associateFun }) } @@ -207,9 +213,10 @@ async function createAbuse (options: { reporterAccount: MAccountDefault flaggedAccount: MAccountLight associateFun: (abuseInstance: MAbuseFull) => Promise<{ isOwned: boolean} > + skipNotification: boolean transaction: Transaction }) { - const { base, reporterAccount, flaggedAccount, associateFun, transaction } = options + const { base, reporterAccount, flaggedAccount, associateFun, transaction, skipNotification } = options const auditLogger = auditLoggerFactory('abuse') const abuseAttributes = Object.assign({}, base, { flaggedAccountId: flaggedAccount.id }) @@ -227,13 +234,15 @@ async function createAbuse (options: { const abuseJSON = abuseInstance.toFormattedAdminJSON() auditLogger.create(reporterAccount.Actor.getIdentifier(), new AbuseAuditView(abuseJSON)) - afterCommitIfTransaction(transaction, () => { - Notifier.Instance.notifyOnNewAbuse({ - abuse: abuseJSON, - abuseInstance, - reporter: reporterAccount.Actor.getIdentifier() + if (!skipNotification) { + afterCommitIfTransaction(transaction, () => { + Notifier.Instance.notifyOnNewAbuse({ + abuse: abuseJSON, + abuseInstance, + reporter: reporterAccount.Actor.getIdentifier() + }) }) - }) + } logger.info('Abuse report %d created.', abuseInstance.id) diff --git a/server/tests/api/notifications/moderation-notifications.ts b/server/tests/api/notifications/moderation-notifications.ts index f806fed31..81ce8061b 100644 --- a/server/tests/api/notifications/moderation-notifications.ts +++ b/server/tests/api/notifications/moderation-notifications.ts @@ -24,11 +24,13 @@ import { wait, waitJobs } from '@shared/extra-utils' -import { AbuseState, CustomConfig, UserNotification, VideoPrivacy } from '@shared/models' +import { AbuseState, CustomConfig, UserNotification, UserRole, VideoPrivacy } from '@shared/models' describe('Test moderation notifications', function () { let servers: PeerTubeServer[] = [] - let userAccessToken: string + let userToken1: string + let userToken2: string + let userNotifications: UserNotification[] = [] let adminNotifications: UserNotification[] = [] let adminNotificationsServer2: UserNotification[] = [] @@ -39,11 +41,13 @@ describe('Test moderation notifications', function () { const res = await prepareNotificationsTest(3) emails = res.emails - userAccessToken = res.userAccessToken + userToken1 = res.userAccessToken servers = res.servers userNotifications = res.userNotifications adminNotifications = res.adminNotifications adminNotificationsServer2 = res.adminNotificationsServer2 + + userToken2 = await servers[1].users.generateUserAndToken('user2', UserRole.USER) }) describe('Abuse for moderators notification', function () { @@ -58,13 +62,25 @@ describe('Test moderation notifications', function () { } }) + it('Should not send a notification to moderators on local abuse reported by an admin', async function () { + this.timeout(20000) + + const name = 'video for abuse ' + buildUUID() + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) + + await servers[0].abuses.report({ videoId: video.id, reason: 'super reason' }) + + await waitJobs(servers) + await checkNewVideoAbuseForModerators({ ...baseParams, shortUUID: video.shortUUID, videoName: name, checkType: 'absence' }) + }) + it('Should send a notification to moderators on local video abuse', async function () { this.timeout(20000) const name = 'video for abuse ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) - await servers[0].abuses.report({ videoId: video.id, reason: 'super reason' }) + await servers[0].abuses.report({ token: userToken1, videoId: video.id, reason: 'super reason' }) await waitJobs(servers) await checkNewVideoAbuseForModerators({ ...baseParams, shortUUID: video.shortUUID, videoName: name, checkType: 'presence' }) @@ -74,12 +90,12 @@ describe('Test moderation notifications', function () { this.timeout(20000) const name = 'video for abuse ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) await waitJobs(servers) const videoId = await servers[1].videos.getId({ uuid: video.uuid }) - await servers[1].abuses.report({ videoId, reason: 'super reason' }) + await servers[1].abuses.report({ token: userToken2, videoId, reason: 'super reason' }) await waitJobs(servers) await checkNewVideoAbuseForModerators({ ...baseParams, shortUUID: video.shortUUID, videoName: name, checkType: 'presence' }) @@ -89,16 +105,16 @@ describe('Test moderation notifications', function () { this.timeout(20000) const name = 'video for abuse ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) const comment = await servers[0].comments.createThread({ - token: userAccessToken, + token: userToken1, videoId: video.id, text: 'comment abuse ' + buildUUID() }) await waitJobs(servers) - await servers[0].abuses.report({ commentId: comment.id, reason: 'super reason' }) + await servers[0].abuses.report({ token: userToken1, commentId: comment.id, reason: 'super reason' }) await waitJobs(servers) await checkNewCommentAbuseForModerators({ ...baseParams, shortUUID: video.shortUUID, videoName: name, checkType: 'presence' }) @@ -108,10 +124,10 @@ describe('Test moderation notifications', function () { this.timeout(20000) const name = 'video for abuse ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) await servers[0].comments.createThread({ - token: userAccessToken, + token: userToken1, videoId: video.id, text: 'comment abuse ' + buildUUID() }) @@ -120,7 +136,7 @@ describe('Test moderation notifications', function () { const { data } = await servers[1].comments.listThreads({ videoId: video.uuid }) const commentId = data[0].id - await servers[1].abuses.report({ commentId, reason: 'super reason' }) + await servers[1].abuses.report({ token: userToken2, commentId, reason: 'super reason' }) await waitJobs(servers) await checkNewCommentAbuseForModerators({ ...baseParams, shortUUID: video.shortUUID, videoName: name, checkType: 'presence' }) @@ -133,7 +149,7 @@ describe('Test moderation notifications', function () { const { account } = await servers[0].users.create({ username, password: 'donald' }) const accountId = account.id - await servers[0].abuses.report({ accountId, reason: 'super reason' }) + await servers[0].abuses.report({ token: userToken1, accountId, reason: 'super reason' }) await waitJobs(servers) await checkNewAccountAbuseForModerators({ ...baseParams, displayName: username, checkType: 'presence' }) @@ -149,7 +165,7 @@ describe('Test moderation notifications', function () { await waitJobs(servers) const account = await servers[1].accounts.get({ accountName: username + '@' + servers[0].host }) - await servers[1].abuses.report({ accountId: account.id, reason: 'super reason' }) + await servers[1].abuses.report({ token: userToken2, accountId: account.id, reason: 'super reason' }) await waitJobs(servers) await checkNewAccountAbuseForModerators({ ...baseParams, displayName: username, checkType: 'presence' }) @@ -165,13 +181,13 @@ describe('Test moderation notifications', function () { server: servers[0], emails, socketNotifications: userNotifications, - token: userAccessToken + token: userToken1 } const name = 'abuse ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) - const body = await servers[0].abuses.report({ token: userAccessToken, videoId: video.id, reason: 'super reason' }) + const body = await servers[0].abuses.report({ token: userToken1, videoId: video.id, reason: 'super reason' }) abuseId = body.abuse.id }) @@ -205,7 +221,7 @@ describe('Test moderation notifications', function () { server: servers[0], emails, socketNotifications: userNotifications, - token: userAccessToken + token: userToken1 } baseParamsAdmin = { @@ -216,15 +232,15 @@ describe('Test moderation notifications', function () { } const name = 'abuse ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) { - const body = await servers[0].abuses.report({ token: userAccessToken, videoId: video.id, reason: 'super reason' }) + const body = await servers[0].abuses.report({ token: userToken1, videoId: video.id, reason: 'super reason' }) abuseId = body.abuse.id } { - const body = await servers[0].abuses.report({ token: userAccessToken, videoId: video.id, reason: 'super reason 2' }) + const body = await servers[0].abuses.report({ token: userToken1, videoId: video.id, reason: 'super reason 2' }) abuseId2 = body.abuse.id } }) @@ -254,7 +270,7 @@ describe('Test moderation notifications', function () { this.timeout(10000) const message = 'my super message to moderators' - await servers[0].abuses.addMessage({ token: userAccessToken, abuseId: abuseId2, message }) + await servers[0].abuses.addMessage({ token: userToken1, abuseId: abuseId2, message }) await waitJobs(servers) const toEmail = 'admin' + servers[0].internalServerNumber + '@example.com' @@ -265,7 +281,7 @@ describe('Test moderation notifications', function () { this.timeout(10000) const message = 'my super message that should not be sent to reporter' - await servers[0].abuses.addMessage({ token: userAccessToken, abuseId: abuseId2, message }) + await servers[0].abuses.addMessage({ token: userToken1, abuseId: abuseId2, message }) await waitJobs(servers) const toEmail = 'user_1@example.com' @@ -281,7 +297,7 @@ describe('Test moderation notifications', function () { server: servers[0], emails, socketNotifications: userNotifications, - token: userAccessToken + token: userToken1 } }) @@ -289,7 +305,7 @@ describe('Test moderation notifications', function () { this.timeout(10000) const name = 'video for abuse ' + buildUUID() - const { uuid, shortUUID } = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const { uuid, shortUUID } = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) await servers[0].blacklist.add({ videoId: uuid }) @@ -301,7 +317,7 @@ describe('Test moderation notifications', function () { this.timeout(10000) const name = 'video for abuse ' + buildUUID() - const { uuid, shortUUID } = await servers[0].videos.upload({ token: userAccessToken, attributes: { name } }) + const { uuid, shortUUID } = await servers[0].videos.upload({ token: userToken1, attributes: { name } }) await servers[0].blacklist.add({ videoId: uuid }) @@ -335,7 +351,7 @@ describe('Test moderation notifications', function () { await checkUserRegistered({ ...baseParams, username: 'user_45', checkType: 'presence' }) - const userOverride = { socketNotifications: userNotifications, token: userAccessToken, check: { web: true, mail: false } } + const userOverride = { socketNotifications: userNotifications, token: userToken1, check: { web: true, mail: false } } await checkUserRegistered({ ...baseParams, ...userOverride, username: 'user_45', checkType: 'absence' }) }) }) @@ -377,7 +393,7 @@ describe('Test moderation notifications', function () { await checkNewInstanceFollower({ ...baseParams, followerHost: 'localhost:' + servers[2].port, checkType: 'presence' }) - const userOverride = { socketNotifications: userNotifications, token: userAccessToken, check: { web: true, mail: false } } + const userOverride = { socketNotifications: userNotifications, token: userToken1, check: { web: true, mail: false } } await checkNewInstanceFollower({ ...baseParams, ...userOverride, followerHost: 'localhost:' + servers[2].port, checkType: 'absence' }) }) @@ -404,7 +420,7 @@ describe('Test moderation notifications', function () { const followingHost = servers[2].host await checkAutoInstanceFollowing({ ...baseParams, followerHost, followingHost, checkType: 'presence' }) - const userOverride = { socketNotifications: userNotifications, token: userAccessToken, check: { web: true, mail: false } } + const userOverride = { socketNotifications: userNotifications, token: userToken1, check: { web: true, mail: false } } await checkAutoInstanceFollowing({ ...baseParams, ...userOverride, followerHost, followingHost, checkType: 'absence' }) config.followings.instance.autoFollowBack.enabled = false @@ -461,7 +477,7 @@ describe('Test moderation notifications', function () { server: servers[0], emails, socketNotifications: userNotifications, - token: userAccessToken + token: userToken1 } currentCustomConfig = await servers[0].config.getCustomConfig() @@ -490,7 +506,7 @@ describe('Test moderation notifications', function () { this.timeout(120000) videoName = 'video with auto-blacklist ' + buildUUID() - const video = await servers[0].videos.upload({ token: userAccessToken, attributes: { name: videoName } }) + const video = await servers[0].videos.upload({ token: userToken1, attributes: { name: videoName } }) shortUUID = video.shortUUID uuid = video.uuid @@ -547,7 +563,7 @@ describe('Test moderation notifications', function () { } } - const { shortUUID, uuid } = await servers[0].videos.upload({ token: userAccessToken, attributes }) + const { shortUUID, uuid } = await servers[0].videos.upload({ token: userToken1, attributes }) await servers[0].blacklist.remove({ videoId: uuid }) @@ -579,7 +595,7 @@ describe('Test moderation notifications', function () { } } - const { shortUUID } = await servers[0].videos.upload({ token: userAccessToken, attributes }) + const { shortUUID } = await servers[0].videos.upload({ token: userToken1, attributes }) await wait(6000) await checkVideoIsPublished({ ...userBaseParams, videoName: name, shortUUID, checkType: 'absence' })