From 21a08042108bf4d0f8b2a4526c647fb290d6c57d Mon Sep 17 00:00:00 2001
From: Jeremy Kescher <jeremy@kescher.at>
Date: Thu, 23 May 2024 01:16:21 +0200
Subject: [PATCH] Add ability to disable the suspicious sign in detector

The CatCatNya~ production config has an IP retention period of one day. That will cause suspicious login emails to be sent out simply because we don't have any known IP data.

Therefore, add an option disabling it.
---
 .env.production.catcatnya              |  1 +
 .env.production.sample                 |  8 +++++-
 README.md                              | 38 ++++++++++++++++++--------
 app/lib/suspicious_sign_in_detector.rb |  3 +-
 4 files changed, 37 insertions(+), 13 deletions(-)

diff --git a/.env.production.catcatnya b/.env.production.catcatnya
index 8ac33d4bce..1fd974704d 100644
--- a/.env.production.catcatnya
+++ b/.env.production.catcatnya
@@ -47,3 +47,4 @@ MAX_REACTIONS=3
 MAX_SEARCH_RESULTS=1000
 MAX_REMOTE_EMOJI_SIZE=1048576
 IP_RETENTION_PERIOD=86400
+ENABLE_SUSPICIOUS_SIGN_IN=false
diff --git a/.env.production.sample b/.env.production.sample
index 850c533d84..726c5ada1c 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -307,8 +307,14 @@ MAX_REACTIONS=1
 
 # IP and session retention
 # -----------------------
-# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml (already applied for Catstodon)
 # to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
+
+# In case you've shortened IP retention a lot, you may want to disable the suspicious sign in detector entirely,
+# in order to avoid spurious "suspicious login detected" emails being sent to users.
+# The default is true, because for the default retention period of one year, there is good data for such emails.
+# For instances having a retention period of merely a day, that may not be enough, so you may set it to false.
+#ENABLE_SUSPICIOUS_SIGN_IN=false
diff --git a/README.md b/README.md
index 2221831248..aa2fb51265 100644
--- a/README.md
+++ b/README.md
@@ -2,10 +2,13 @@
 
 ## Introduction
 
-This Mastodon fork is based on the [glitch-soc Fork of Mastodon](https://github.com/glitch-soc/mastodon), with changes made to suit [CatCatNya~](https://catcatnya.com).
-I intend to contribute some useful differences back to [glitch-soc](https://github.com/glitch-soc/mastodon) and [vanilla Mastodon](https://github.com/mastodon/mastodon).
+This Mastodon fork is based on the [glitch-soc Fork of Mastodon](https://github.com/glitch-soc/mastodon), with changes
+made to suit [CatCatNya~](https://catcatnya.com).
+I intend to contribute some useful differences back to [glitch-soc](https://github.com/glitch-soc/mastodon)
+and [vanilla Mastodon](https://github.com/mastodon/mastodon).
 
-To install, take a look at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/). The instructions and features are the same, except for the differences outlined below.
+To install, take a look at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/). The instructions and
+features are the same, except for the differences outlined below.
 
 Contributing guidelines are available [here](CONTRIBUTING.md).
 
@@ -20,22 +23,35 @@ instead, use merge (fast-forward, if possible, with merge commit otherwise).
 - Some files are adjusted specifically for the CatCatNya~ instance. Specifically, these:
   - sounds/boop.mp3
   - sounds/boop.ogg
-    <br>You might want to revert these to the upstream files (or your own versions!) if you decide to use this fork for your own instance.
+    <br>You might want to revert these to the upstream files (or your own versions!) if you decide to use this fork for
+    your own instance.
 - The rate limits for authenticated users have been relaxed a bit.
-- The API endpoint `/api/v1/custom_emojis` is no longer affected by AUTHORIZED_FETCH, allowing anyone to copy custom emojis.
+- The API endpoint `/api/v1/custom_emojis` is no longer affected by AUTHORIZED_FETCH, allowing anyone to copy custom
+  emojis.
 - Allow higher resolution images. (4096x4096 instead of the previous limit of 3840x2160)
 - Allow posting polls with only one poll option (if `MIN_POLL_OPTIONS` is set to 1 on your instance).
-- Added oatstodon flavour (taken from [types.pl fork](https://github.com/ralsei/types.pl), by [@oat@hellsite.site](https://hellsite.site/@oat)), with slight adjustments since.
-- Emoji reactions on statuses (with both Unicode and custom emojis, same as for announcements), a feature originally developed for [Nyastodon](https://git.bsd.gay/fef/nyastodon).
-  Ended up as a Catstodon-maintained patch after its initial two Pull Requests to glitch-soc, but was handed over to [Essem's fork, Chuckya](https://github.com/TheEssem/mastodon) and is now pending [its fourth attempt of merging into glitch-soc](https://github.com/glitch-soc/mastodon/pull/2462).
+- Added oatstodon flavour (taken from [types.pl fork](https://github.com/ralsei/types.pl),
+  by [@oat@hellsite.site](https://hellsite.site/@oat)), with slight adjustments since.
+- Emoji reactions on statuses (with both Unicode and custom emojis, same as for announcements), a feature originally
+  developed for [Nyastodon](https://git.bsd.gay/fef/nyastodon).
+  Ended up as a Catstodon-maintained patch after its initial two Pull Requests to glitch-soc, but was handed over
+  to [Essem's fork, Chuckya](https://github.com/TheEssem/mastodon) and is now
+  pending [its fourth attempt of merging into glitch-soc](https://github.com/glitch-soc/mastodon/pull/2462).
 - Lifts the "only federate local favourites" restriction on favourites/likes and emoji reactions.
-- Cherry-picks the [activity filter branch](https://github.com/chikorita157/mastodon-sakura/tree/newmain-tmp3-noellabo-filtering) from [Sakurajima Mastodon](https://github.com/chikorita157/mastodon-sakura).
+- Cherry-picks the
+  [activity filter branch](https://github.com/chikorita157/mastodon-sakura/tree/newmain-tmp3-noellabo-filtering)
+  from [Sakurajima Mastodon](https://github.com/chikorita157/mastodon-sakura).
+- Adds the ability to disable the suspicious sign in detection entirely.
+  - Useful for situations where the instance may not have up-to-date IP information, such as when the period of IP
+    address retention is set to a low value (see *Previous differences now merged into vanilla Mastodon*)
 
 ## Previous differences now merged into glitch-soc
 
-- Fixed incorrect upload size limit display when adding new a new custom emoji. ([Pull request](https://github.com/glitch-soc/mastodon/pull/1763))
+- Fixed incorrect upload size limit display when adding new a new custom
+  emoji. ([Pull request](https://github.com/glitch-soc/mastodon/pull/1763))
 - Everything merged into vanilla Mastodon
 
 ## Previous differences now merged into vanilla Mastodon
 
-- The period of retention of IP addresses and sessions was made configurable. ([Pull request](https://github.com/mastodon/mastodon/pull/18757))
+- The period of retention of IP addresses and sessions was made
+  configurable. ([Pull request](https://github.com/mastodon/mastodon/pull/18757))
diff --git a/app/lib/suspicious_sign_in_detector.rb b/app/lib/suspicious_sign_in_detector.rb
index 74f49aa558..de5b6026a8 100644
--- a/app/lib/suspicious_sign_in_detector.rb
+++ b/app/lib/suspicious_sign_in_detector.rb
@@ -3,13 +3,14 @@
 class SuspiciousSignInDetector
   IPV6_TOLERANCE_MASK = 64
   IPV4_TOLERANCE_MASK = 16
+  ENABLE_SUSPICIOUS_SIGN_IN = ENV['ENABLE_SUSPICIOUS_SIGN_IN'] != 'false'
 
   def initialize(user)
     @user = user
   end
 
   def suspicious?(request)
-    !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request)
+    !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request) if DISABLE_SUSPICIOUS_SIGN_IN
   end
 
   private