mirror of https://github.com/mastodon/mastodon
Prevent accidental serialization of `Account` and `User` records
This commit is contained in:
parent
4ef0b48b95
commit
b0d1d29c8b
|
@ -86,6 +86,7 @@ class Account < ApplicationRecord
|
|||
include DomainMaterializable
|
||||
include DomainNormalizable
|
||||
include Paginable
|
||||
include NoImplicitSerialization
|
||||
|
||||
enum :protocol, { ostatus: 0, activitypub: 1 }
|
||||
enum :suspension_origin, { local: 0, remote: 1 }, prefix: true
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module NoImplicitSerialization
|
||||
# Prevent implicit serialization in ActiveModel::Serializer or other code paths.
|
||||
# This is a hardening step to avoid accidental leaking of attributes.
|
||||
def as_json
|
||||
raise NotImplementedError
|
||||
end
|
||||
end
|
|
@ -59,6 +59,7 @@ class User < ApplicationRecord
|
|||
include User::LdapAuthenticable
|
||||
include User::Omniauthable
|
||||
include User::PamAuthenticable
|
||||
include NoImplicitSerialization
|
||||
|
||||
# The home and list feeds will be stored in Redis for this amount
|
||||
# of time, and status fan-out to followers will include only people
|
||||
|
|
Loading…
Reference in New Issue