Add additional post flag validation preventing targeting

app/controllers/reports_controller.rb

@@ -24,6 +24,13 @@ def upload_tags
     @upload_reports = Reports::UploadTags.includes(versions: { post: :versions }).for_user(params[:user_id]).order("id desc").paginate(params[:page], :limit => params[:limit])
   end
 
+  def flag_targeting
+  end
+
+  def flag_targeting_create(user_id)
+
+  end
+
   def down_voting_post
   end
 

app/logical/danbooru_math.rb

@@ -0,0 +1,11 @@
+class DanbooruMath
+  def self.ci_lower_bound(pos, n, confidence = 0.95)
+    if n == 0
+      return 0
+    end
+
+    z = Statistics2.pnormaldist(1-(1-confidence)/2)
+    phat = 1.0*pos/n
+    100 * (phat + z*z/(2*n) - z * Math.sqrt((phat*(1-phat)+z*z/(4*n))/n))/(1+z*z/n)
+  end
+end

app/logical/reports/post_flags.rb

@@ -0,0 +1,62 @@
+module Reports
+  class PostFlags
+    attr_reader :user_id, :date_range
+
+    def initialize(user_id:, date_range:)
+      @user_id = user_id
+      @date_range = date_range
+    end
+
+    def candidates
+      PostFlag.where("posts.uploader_id = ? and posts.created_at >= ? and post_flags.creator_id <> ?", user_id, date_range, User.system.id).joins(:post).pluck("post_flags.creator_id").uniq
+    end
+
+    def build_message(user_id, data)
+      user_name = User.id_to_name(user_id)
+
+      if data.empty?
+        return "There don't appear to be any users targeting #{user_name} for flags."
+      else
+        msg = "The following users may be targeting #{user_name} for flags. Over half of their flags are targeting the user, with 95\% confidence.\n\n"
+
+        data.each do |flagger_id, targets|
+          targets.each do |uploader_id, score|
+            if uploader_id == user_id && score > 50
+              msg += "* " + User.id_to_name(flagger_id)
+            end
+          end
+        end
+      end
+    end
+
+    def attackers
+      matches = []
+
+      build.each do |flagger, uploaders|
+        if uploaders[user_id].to_i > 50
+          matches << flagger
+        end
+      end
+
+      return matches
+    end
+
+    def build
+      flaggers = Hash.new {|h, k| h[k] = {}}
+
+      candidates.each do |candidate|
+        PostFlag.joins(:post).where("post_flags.creator_id = ? and posts.created_at >= ?", candidate, date_range).select("posts.uploader_id").group("posts.uploader_id").having("count(*) > 1").count.each do |uploader_id, count|
+          flaggers[candidate][uploader_id] = count
+        end
+
+        sum = flaggers[candidate].values.sum
+
+        flaggers[candidate].each_key do |user_id|
+          flaggers[candidate][user_id] = DanbooruMath.ci_lower_bound(flaggers[candidate][user_id], sum)
+        end
+      end
+
+      return flaggers
+    end
+  end
+end

app/models/post_flag.rb

@@ -8,13 +8,13 @@ module Reasons
   end
 
   COOLDOWN_PERIOD = 3.days
+  CREATION_THRESHOLD = 10 # in 30 days
 
-  belongs_to :creator, :class_name => "User"
+  belongs_to_creator :class_name => "User"
   belongs_to :post
-  validates_presence_of :reason, :creator_id, :creator_ip_addr
-  validate :validate_creator_is_not_limited
+  validates_presence_of :reason
+  validate :validate_creator_is_not_limited, on: :create
   validate :validate_post
-  before_validation :initialize_creator, :on => :create
   validates_uniqueness_of :creator_id, :scope => :post_id, :on => :create, :unless => :is_deletion, :message => "have already flagged this post"
   before_save :update_post
   attr_accessor :is_deletion
@@ -156,6 +156,14 @@ def update_post
   def validate_creator_is_not_limited
     return if is_deletion
 
+    if PostFlag.for_creator(creator_id).where("created_at > ?", 30.days.ago).count >= CREATION_THRESHOLD
+      report = Reports::PostFlags.new(user_id: post.uploader_id, date_range: 90.days.ago)
+
+      if report.attackers.include?(creator_id)
+        errors[:creator] << "cannot flag posts uploaded by this user"
+      end
+    end
+
     if CurrentUser.can_approve_posts?
       # do nothing
     elsif creator.created_at > 1.week.ago
@@ -178,11 +186,6 @@ def validate_post
     errors[:post] << "is deleted" if post.is_deleted?
   end
 
-  def initialize_creator
-    self.creator_id ||= CurrentUser.id
-    self.creator_ip_addr = CurrentUser.ip_addr if creator_ip_addr == "127.0.0.1" || creator_ip_addr.blank?
-  end
-
   def resolve!
     update_column(:is_resolved, true)
   end

test/unit/post_flag_test.rb

@@ -3,116 +3,168 @@
 class PostFlagTest < ActiveSupport::TestCase
   context "In all cases" do
     setup do
-      Timecop.travel(2.weeks.ago) do
-        @alice = FactoryBot.create(:gold_user)
+      travel_to(2.weeks.ago) do
+        @alice = create(:gold_user)
+      end
+      as(@alice) do
+        @post = create(:post, tag_string: "aaa", uploader: @alice)
       end
-      CurrentUser.user = @alice
-      CurrentUser.ip_addr = "127.0.0.2"
-      @post = FactoryBot.create(:post, :tag_string => "aaa")
-    end
-
-    teardown do
-      CurrentUser.user = nil
-      CurrentUser.ip_addr = nil
     end
 
     context "a basic user" do
       setup do
-        Timecop.travel(2.weeks.ago) do
-          @bob = FactoryBot.create(:user)
+        travel_to(2.weeks.ago) do
+          @bob = create(:user)
         end
-        CurrentUser.user = @bob
       end
 
       should "not be able to flag more than 1 post in 24 hours" do
-        @post_flag = PostFlag.new(:post => @post, :reason => "aaa", :is_resolved => false)
+        @post_flag = PostFlag.new(post: @post, reason: "aaa", is_resolved: false)
         @post_flag.expects(:flag_count_for_creator).returns(1)
         assert_difference("PostFlag.count", 0) do
-          @post_flag.save
+          as(@bob) { @post_flag.save }
         end
         assert_equal(["You can flag 1 post a day"], @post_flag.errors.full_messages)
       end
     end
 
     context "a gold user" do
+      setup do
+        travel_to(2.weeks.ago) do
+          @bob = create(:gold_user)
+        end
+      end
+
       should "not be able to flag a post more than twice" do
-        assert_difference("PostFlag.count", 1) do
-          @post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
+        assert_difference(-> { PostFlag.count }, 1) do
+          as(@bob) do
+            @post_flag = PostFlag.create(post: @post, reason: "aaa", is_resolved: false) 
+          end
         end
 
-        assert_difference("PostFlag.count", 0) do
-          @post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
+        assert_difference(-> { PostFlag.count }, 0) do
+          as(@bob) do
+            @post_flag = PostFlag.create(post: @post, reason: "aaa", is_resolved: false)
+          end
         end
 
         assert_equal(["have already flagged this post"], @post_flag.errors[:creator_id])
       end
 
+      should "not be able to target a single uploader" do
+        travel_to(2.weeks.ago) do
+          as(@alice) do
+            @posts = FactoryBot.create_list(:post, 10, uploader: @alice)
+          end
+        end
+
+        as(@bob) do
+          travel_to(1.week.ago) do
+            @flags = @posts.map {|x| PostFlag.create(reason: "bad #{x.id}", post: x)}
+          end
+
+          @bad_flag = PostFlag.create(post: @post, reason: "bad #{@post.id}")
+        end
+
+        assert_equal(["You cannot flag posts uploaded by this user"], @bad_flag.errors.full_messages)
+      end
+
       should "not be able to flag more than 10 posts in 24 hours" do
-        @post_flag = PostFlag.new(:post => @post, :reason => "aaa", :is_resolved => false)
-        @post_flag.expects(:flag_count_for_creator).returns(10)
-        assert_difference("PostFlag.count", 0) do
-          @post_flag.save
+        as(@bob) do
+          @post_flag = PostFlag.new(post: @post, reason: "aaa", is_resolved: false)
+          @post_flag.expects(:flag_count_for_creator).returns(10)
+
+          assert_difference(-> { PostFlag.count }, 0) do
+            @post_flag.save
+          end
         end
         assert_equal(["You can flag 10 posts a day"], @post_flag.errors.full_messages)
       end
 
       should "not be able to flag a deleted post" do
-        @post.update_attribute(:is_deleted, true)
-        assert_difference("PostFlag.count", 0) do
-          @post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
+        as(@alice) do
+          @post.update(is_deleted: true)
+        end
+
+        assert_difference(-> { PostFlag.count }, 0) do
+          as(@bob) do
+            @post_flag = PostFlag.create(post: @post, reason: "aaa", is_resolved: false)
+          end
         end
         assert_equal(["Post is deleted"], @post_flag.errors.full_messages)
       end
 
       should "not be able to flag a pending post" do
-        @post.update_columns(is_pending: true)
-        @flag = @post.flags.create(reason: "test")
+        as(@alice) do
+          @post.update(is_pending: true)
+        end
+        as(@bob) do
+          @flag = @post.flags.create(reason: "test")
+        end
 
         assert_equal(["Post is pending and cannot be flagged"], @flag.errors.full_messages)
       end
 
       should "not be able to flag a post in the cooldown period" do
-        users = FactoryBot.create_list(:user, 2, created_at: 2.weeks.ago)
-        flag1 = FactoryBot.create(:post_flag, post: @post, creator: users.first)
-        @post.approve!
+        @mod = create(:moderator_user)
+
+        travel_to(2.weeks.ago) do
+          @users = FactoryBot.create_list(:user, 2)
+        end
+
+        as(@users.first) do
+          @flag1 = PostFlag.create(post: @post, reason: "something")
+        end
+
+        as(@mod) do
+          @post.approve!
+        end
 
         travel_to(PostFlag::COOLDOWN_PERIOD.from_now - 1.minute) do
-          flag2 = FactoryBot.build(:post_flag, post: @post, creator: users.second)
-          assert(flag2.invalid?)
-          assert_match(/cannot be flagged more than once/, flag2.errors[:post].join)
+          as(@users.second) do
+            @flag2 = PostFlag.create(post: @post, reason: "something")
+          end
+          assert_match(/cannot be flagged more than once/, @flag2.errors[:post].join)
         end
 
         travel_to(PostFlag::COOLDOWN_PERIOD.from_now + 1.minute) do
-          flag3 = FactoryBot.build(:post_flag, post: @post, creator: users.second)
-          assert(flag3.valid?)
+          as(@users.second) do
+            @flag3 = PostFlag.create(post: @post, reason: "something")
+          end
+          assert(@flag3.errors.empty?)
         end
       end
 
       should "initialize its creator" do
-        @post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
+        @post_flag = as(@alice) do
+          PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
+        end
         assert_equal(@alice.id, @post_flag.creator_id)
-        assert_equal(IPAddr.new("127.0.0.2"), @post_flag.creator_ip_addr)
+        assert_equal(IPAddr.new("127.0.0.1"), @post_flag.creator_ip_addr)
       end
     end
 
     context "a moderator user" do
       setup do
-        Timecop.travel(2.weeks.ago) do
-          @dave = FactoryBot.create(:moderator_user)
+        travel_to(2.weeks.ago) do
+          @dave = create(:moderator_user)
         end
-        CurrentUser.user = @dave
       end
 
       should "not be able to view flags on their own uploads" do
-        @modpost = FactoryBot.create(:post, :tag_string => "mmm",:uploader_id => @dave.id)
-        CurrentUser.scoped(@alice) do
+        @modpost = create(:post, :tag_string => "mmm", :uploader => @dave)
+        as(@alice) do
           @flag1 = PostFlag.create(:post => @modpost, :reason => "aaa", :is_resolved => false)
         end
+
         assert_equal(false, @dave.can_view_flagger_on_post?(@flag1))
-        flag2 = PostFlag.search(:creator_id => @alice.id)
-        assert_equal(0, flag2.length)
-        flag3 = PostFlag.search({})
-        assert_nil(JSON.parse(flag3.to_json)[0]["creator_id"])
+
+        as(@dave) do
+          flag2 = PostFlag.search(:creator_id => @alice.id)
+          assert_equal(0, flag2.length)
+          flag3 = PostFlag.search({})
+          assert_nil(JSON.parse(flag3.to_json)[0]["creator_id"])
+        end
       end
     end
   end