Merge v0.2024.009 into 'release'.

Author: kajmagnus

appsv/model/src/main/scala/com/debiki/core/user.scala

@@ -1077,9 +1077,14 @@ case class Anonym(
   // Currently only approved users may use anonyms, so, for now:
   override def isAuthenticated: Bo = true
 
-  // Or use the real user's levels? But then it can be simpler to know how hen is?
+  // Don't use the real user's levels — that'd make it simpler to guess how the
+  // true user is. For now, let's use NewMember.
+  // Later: Set the trust level to the min level required, to post in the
+  // anonymous category? Then, can e.g. avoid moderators having to approve all
+  // anonymous comments (since they'd be by "new" members, anonyms being per page,
+  // not having posted elsewhere before),  without leaking any info about the true
+  // user's trust level.  [anon_tr_lv]
   def effectiveTrustLevel: TrustLevel = TrustLevel.NewMember
-  //def effectiveThreatLevel: ThreatLevel = ThreatLevel.SeemsSafe
 
   // But the accounts haven't been approved?
   override def isApprovedOrStaff: Bo = false

appsv/server/controllers/VoteController.scala

@@ -123,7 +123,7 @@ class VoteController @Inject()(cc: ControllerComponents, edContext: TyContext)
           "TyE7M3MRSED5", "The post just got hard deleted?")
 
     val storePatchJson = dao.jsonMaker.makeStorePatchForPost(
-          updatedPost, showHidden = true, reqerId = request.theReqerId)
+          updatedPost, showHidden = true)
 
     var responseJson: JsObject =
           storePatchJson ++

appsv/server/debiki/ReactJson.scala

@@ -556,6 +556,16 @@ class JsonMaker(dao: SiteDao) {
 
     val reactStoreJsonString = jsonObj.toString()
 
+    // Make sure we [dont_leak_true_ids].  This page json is for everyone, not a specific
+    // person, and then no aliases' true ids should be included.  (However,
+    // in  userDataJson()  and requestersJsonImpl()  (below) it can be ok with true ids.)
+    val trueIds = (jsonObj \\ JsX.AnonForIdFieldName)
+    if (trueIds.nonEmpty) {
+      // Only include in the server logs, don't show to the end user.
+      System.err.println(s"True ids in page json: $reactStoreJsonString  [TyEIDLEAKPAGE1]")
+      die(s"Bug: True ids in page json, see server logs. [TyEIDLEAKPAGE2]")
+    }
+
     val version = CachedPageVersion(
       siteVersion = transaction.loadSiteVersion(),
       pageVersion = page.version,
@@ -1447,20 +1457,19 @@ class JsonMaker(dao: SiteDao) {
 
 
   def makeStorePatchForPostIds(postIds: Set[PostId], showHidden: Bo,
-        inclUnapproved: Bo, maySquash: Bo, dao: SiteDao, reqerId: Opt[PatId] = None,
-        ): JsObject = {
+        inclUnapproved: Bo, maySquash: Bo, dao: SiteDao): JsObject = {
     dieIf(Globals.isDevOrTest && dao != this.dao, "TyE602MWJL43") ; CLEAN_UP // remove dao param?
     dao.readTx { tx =>
       // This might render CommonMark, in a tx — slightly bad. [nashorn_in_tx]
-      makeStorePatchForPostIds(postIds, showHidden = showHidden,
-            inclUnapproved = inclUnapproved, maySquash = maySquash, tx, reqerId = reqerId)
+      _makeStorePatchForPostIds(postIds, showHidden = showHidden,
+            inclUnapproved = inclUnapproved, maySquash = maySquash, tx)
     }
   }
 
   // [post_to_json]
-  private def makeStorePatchForPostIds(postIds: Set[PostId],
+  private def _makeStorePatchForPostIds(postIds: Set[PostId],
           showHidden: Bo, inclUnapproved: Bo, maySquash: Bo,
-          transaction: SiteTx, reqerId: Opt[PatId]): JsObject = {
+          transaction: SiteTx): JsObject = {
     val posts = transaction.loadPostsByUniqueId(postIds).values
     val tagsAndBadges = transaction.loadPostTagsAndAuthorBadges(postIds)
     val tagTypes = dao.getTagTypes(tagsAndBadges.tagTypeIds)
@@ -1472,14 +1481,14 @@ class JsonMaker(dao: SiteDao) {
     makeStorePatch3(pageIdVersions, posts,
           showHidden = showHidden, inclUnapproved = inclUnapproved,
           maySquash = maySquash, tagsAndBadges, tagTypes,
-          pats, reqerId = reqerId, appVersion = dao.globals.applicationVersion)(transaction)
+          pats, appVersion = dao.globals.applicationVersion)(transaction)
   }
 
 
-  def makeStorePatchForPost(post: Post, showHidden: Bo, reqerId: PatId): JsObject = {
+  def makeStorePatchForPost(post: Post, showHidden: Bo): JsObject = {
     makeStorePatchForPostIds(
           postIds = Set(post.id), showHidden = showHidden, inclUnapproved = true,
-          maySquash = false, dao, reqerId = Some(reqerId))
+          maySquash = false, dao)
   }
 
 
@@ -1494,7 +1503,7 @@ class JsonMaker(dao: SiteDao) {
   private def makeStorePatch3(pageIdVersions: Iterable[PageIdVersion], posts: Iterable[Post],
           showHidden: Bo, inclUnapproved: Bo, maySquash: Bo,
           tagsAndBadges: TagsAndBadges, tagTypes: Seq[TagType],
-          pats: Iterable[Pat], reqerId: Opt[PatId] = None, appVersion: St)(
+          pats: Iterable[Pat], appVersion: St)(
           tx: SiteTx): JsObject = {
     require(posts.isEmpty || pats.nonEmpty, "Posts but no authors [EsE4YK7W2]")
 
@@ -1521,7 +1530,7 @@ class JsonMaker(dao: SiteDao) {
     Json.obj(
       "appVersion" -> appVersion,
       "pageVersionsByPageId" -> pageVersionsByPageIdJson,
-      "usersBrief" -> pats.map(JsPat(_, tagsAndBadges, toShowForPatId = reqerId)),
+      "usersBrief" -> pats.map(JsPat(_, tagsAndBadges)),
       "tagTypes" -> tagTypes.map(JsTagType),
       "postsByPageId" -> postsByPageIdJson)
   }

appsv/server/debiki/dao/PagesDao.scala

@@ -314,23 +314,31 @@ trait PagesDao {
     require(pinOrder.isDefined == pinWhere.isDefined, "Ese5MJK2")
     require(embeddingUrl.trimNoneIfBlank == embeddingUrl, "Cannot have blank emb urls [TyE75SPJBJ]")
 
+    SECURITY // Maybe page id shouldn't be public? [rand-page-id] To prevent people from
+    // discovering all pages. E.g. iterating through all discussions, in a public blog.
+    val pageId = tx.nextPageId()
+
+    val personaAndLevels: UserAndLevels = SiteDao.getPersonaAndLevels(
+          realAuthorAndLevels, pageId = pageId, asAlias, mayReuseAnon = false,
+          isCreatingPage = true)(tx, IfBadAbortReq)
+
+    val authorMaybeAnon: Pat = personaAndLevels.user
+
     val pageSlug = anySlug.getOrElse({
         context.nashorn.slugifyTitle(title.source)
     }).take(PagePath.MaxSlugLength).dropRightWhile(_ == '-').dropWhile(_ == '-')
 
     COULD // try to move this authz + review-reason check to talkyard.server.authz.Authz?
     val (
       reviewReasons: Seq[ReviewReason],
-      shallApprove: Boolean) =
-        throwOrFindReviewNewPageReasons(realAuthorAndLevels, pageRole, tx)  // [mod_deanon_risk]
+      shallApprove: Bo) =
+          throwOrFindReviewNewPageReasons(personaAndLevels, pageRole, tx)  // [mod_deanon_risk]
 
+    // Similar to: [find_approver_id].  [mod_deanon_risk]
     val approvedById =
-      if (realAuthor.isStaff) {  // [mod_deanon_risk]
-        dieIf(!shallApprove, "EsE2UPU70")
-        Some(realAuthor.id)
-      }
-      else if (shallApprove) Some(SystemUserId)
-      else None
+          if (!shallApprove) None
+          else if (realAuthor.isStaff && asAlias.isEmpty) Some(realAuthor.id)
+          else Some(SystemUserId)
 
     if (pageRole.isSection) {
       // A forum page is created before its root category — verify that the root category
@@ -360,20 +368,13 @@ trait PagesDao {
     }
 
     val folder = anyFolder getOrElse "/"
-    SECURITY // Maybe page id shouldn't be public? [rand-page-id] To prevent people from
-    // discovering all pages. E.g. iterating through all discussions, in a public blog.
-    val pageId = tx.nextPageId()
     val siteId = tx.siteId // [5GKEPMW2] remove this row later
     val pagePath = PagePathWithId(folder = folder, pageId = pageId,
       showId = showId, pageSlug = pageSlug, canonical = true)
 
     val titleUniqueId = tx.nextPostId()
     val bodyUniqueId = titleUniqueId + 1
 
-    val authorMaybeAnon: Pat = SiteDao.getAliasOrTruePat(
-          truePat = realAuthor, pageId = pageId, asAlias, mayReuseAnon = false,
-          isCreatingPage = true)(tx, IfBadAbortReq)
-
     val titlePost = Post.createTitle(
       uniqueId = titleUniqueId,
       pageId = pageId,