Add ability to disable the suspicious sign in detector

The CatCatNya~ production config has an IP retention period of one day. That will cause suspicious login emails to be sent out simply because we don't have any known IP data. Therefore, add an option disabling it.
2024-11-22 07:08:07 +01:00 · 2024-05-23 01:16:21 +02:00 · 2024-05-23 01:16:21 +02:00 · 21a0804210
commit 21a0804210
parent c1054880a3
4 changed files with 37 additions and 13 deletions
--- a/.env.production.catcatnya
+++ b/.env.production.catcatnya
@ -47,3 +47,4 @@ MAX_REACTIONS=3
 MAX_SEARCH_RESULTS=1000
 MAX_REMOTE_EMOJI_SIZE=1048576
 IP_RETENTION_PERIOD=86400
+ENABLE_SUSPICIOUS_SIGN_IN=false
--- a/.env.production.sample
+++ b/.env.production.sample
@ -307,8 +307,14 @@ MAX_REACTIONS=1

 # IP and session retention
 # -----------------------
-# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml (already applied for Catstodon)
 # to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
+
+# In case you've shortened IP retention a lot, you may want to disable the suspicious sign in detector entirely,
+# in order to avoid spurious "suspicious login detected" emails being sent to users.
+# The default is true, because for the default retention period of one year, there is good data for such emails.
+# For instances having a retention period of merely a day, that may not be enough, so you may set it to false.
+#ENABLE_SUSPICIOUS_SIGN_IN=false
--- a/README.md
+++ b/README.md
@ -2,10 +2,13 @@

 ## Introduction

-This Mastodon fork is based on the [glitch-soc Fork of Mastodon](https://github.com/glitch-soc/mastodon), with changes made to suit [CatCatNya~](https://catcatnya.com).
-I intend to contribute some useful differences back to [glitch-soc](https://github.com/glitch-soc/mastodon) and [vanilla Mastodon](https://github.com/mastodon/mastodon).
+This Mastodon fork is based on the [glitch-soc Fork of Mastodon](https://github.com/glitch-soc/mastodon), with changes
+made to suit [CatCatNya~](https://catcatnya.com).
+I intend to contribute some useful differences back to [glitch-soc](https://github.com/glitch-soc/mastodon)
+and [vanilla Mastodon](https://github.com/mastodon/mastodon).

-To install, take a look at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/). The instructions and features are the same, except for the differences outlined below.
+To install, take a look at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/). The instructions and
+features are the same, except for the differences outlined below.

 Contributing guidelines are available [here](CONTRIBUTING.md).

@ -20,22 +23,35 @@ instead, use merge (fast-forward, if possible, with merge commit otherwise).
 - Some files are adjusted specifically for the CatCatNya~ instance. Specifically, these:
  - sounds/boop.mp3
  - sounds/boop.ogg
-    <br>You might want to revert these to the upstream files (or your own versions!) if you decide to use this fork for your own instance.
+    <br>You might want to revert these to the upstream files (or your own versions!) if you decide to use this fork for
+    your own instance.
 - The rate limits for authenticated users have been relaxed a bit.
- The API endpoint `/api/v1/custom_emojis` is no longer affected by AUTHORIZED_FETCH, allowing anyone to copy custom emojis.
+- The API endpoint `/api/v1/custom_emojis` is no longer affected by AUTHORIZED_FETCH, allowing anyone to copy custom
+  emojis.
 - Allow higher resolution images. (4096x4096 instead of the previous limit of 3840x2160)
 - Allow posting polls with only one poll option (if `MIN_POLL_OPTIONS` is set to 1 on your instance).
- Added oatstodon flavour (taken from [types.pl fork](https://github.com/ralsei/types.pl), by [@oat@hellsite.site](https://hellsite.site/@oat)), with slight adjustments since.
- Emoji reactions on statuses (with both Unicode and custom emojis, same as for announcements), a feature originally developed for [Nyastodon](https://git.bsd.gay/fef/nyastodon).
-  Ended up as a Catstodon-maintained patch after its initial two Pull Requests to glitch-soc, but was handed over to [Essem's fork, Chuckya](https://github.com/TheEssem/mastodon) and is now pending [its fourth attempt of merging into glitch-soc](https://github.com/glitch-soc/mastodon/pull/2462).
+- Added oatstodon flavour (taken from [types.pl fork](https://github.com/ralsei/types.pl),
+  by [@oat@hellsite.site](https://hellsite.site/@oat)), with slight adjustments since.
+- Emoji reactions on statuses (with both Unicode and custom emojis, same as for announcements), a feature originally
+  developed for [Nyastodon](https://git.bsd.gay/fef/nyastodon).
+  Ended up as a Catstodon-maintained patch after its initial two Pull Requests to glitch-soc, but was handed over
+  to [Essem's fork, Chuckya](https://github.com/TheEssem/mastodon) and is now
+  pending [its fourth attempt of merging into glitch-soc](https://github.com/glitch-soc/mastodon/pull/2462).
 - Lifts the "only federate local favourites" restriction on favourites/likes and emoji reactions.
- Cherry-picks the [activity filter branch](https://github.com/chikorita157/mastodon-sakura/tree/newmain-tmp3-noellabo-filtering) from [Sakurajima Mastodon](https://github.com/chikorita157/mastodon-sakura).
+- Cherry-picks the
+  [activity filter branch](https://github.com/chikorita157/mastodon-sakura/tree/newmain-tmp3-noellabo-filtering)
+  from [Sakurajima Mastodon](https://github.com/chikorita157/mastodon-sakura).
+- Adds the ability to disable the suspicious sign in detection entirely.
+  - Useful for situations where the instance may not have up-to-date IP information, such as when the period of IP
+    address retention is set to a low value (see *Previous differences now merged into vanilla Mastodon*)

 ## Previous differences now merged into glitch-soc

- Fixed incorrect upload size limit display when adding new a new custom emoji. ([Pull request](https://github.com/glitch-soc/mastodon/pull/1763))
+- Fixed incorrect upload size limit display when adding new a new custom
+  emoji. ([Pull request](https://github.com/glitch-soc/mastodon/pull/1763))
 - Everything merged into vanilla Mastodon

 ## Previous differences now merged into vanilla Mastodon

- The period of retention of IP addresses and sessions was made configurable. ([Pull request](https://github.com/mastodon/mastodon/pull/18757))
+- The period of retention of IP addresses and sessions was made
+  configurable. ([Pull request](https://github.com/mastodon/mastodon/pull/18757))
--- a/app/lib/suspicious_sign_in_detector.rb
+++ b/app/lib/suspicious_sign_in_detector.rb
@ -3,13 +3,14 @@
 class SuspiciousSignInDetector
  IPV6_TOLERANCE_MASK = 64
  IPV4_TOLERANCE_MASK = 16
+  ENABLE_SUSPICIOUS_SIGN_IN = ENV['ENABLE_SUSPICIOUS_SIGN_IN'] != 'false'

  def initialize(user)
    @user = user
  end

  def suspicious?(request)
-    !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request)
+    !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request) if DISABLE_SUSPICIOUS_SIGN_IN
  end

  private