From a1f23d685344ead18fd8f3a0477576075edc5026 Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Tue, 26 Nov 2024 11:03:34 +0000 Subject: [PATCH 1/2] Read Sift moderation whitelist from environment --- src/researchhub/settings.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/researchhub/settings.py b/src/researchhub/settings.py index d93e8c412..937fe6476 100644 --- a/src/researchhub/settings.py +++ b/src/researchhub/settings.py @@ -594,7 +594,10 @@ def silky_capture(request): "tyler@researchhub.com", ] -SIFT_MODERATION_WHITELIST = [35747, 34581, 36837, 35436, 14, 33287, 34416] +SIFT_MODERATION_WHITELIST = [ + user_id.strip() + for user_id in os.environ.get("SIFT_MODERATION_WHITELIST", "").split(",") +] # Persona PERSONA_WEBHOOK_SECRET = os.environ.get( From 1b23908fa07cbadca92531a7ff08db0447b41249 Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Tue, 26 Nov 2024 11:03:59 +0000 Subject: [PATCH 2/2] Use settings object instead of importing settings directly --- src/user/views/user_views.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/user/views/user_views.py b/src/user/views/user_views.py index 1bc72c4e2..6216f9afb 100644 --- a/src/user/views/user_views.py +++ b/src/user/views/user_views.py @@ -35,11 +35,7 @@ DynamicContributionSerializer, ) from reputation.views import BountyViewSet -from researchhub.settings import ( - EMAIL_WHITELIST, - SIFT_MODERATION_WHITELIST, - SIFT_WEBHOOK_SECRET_KEY, -) +from researchhub import settings from researchhub_comment.models import RhCommentModel from user.filters import UserFilter from user.models import Author, Follow, Major, University, User @@ -758,7 +754,7 @@ def sift_check_user_content(self, request): postback_signature = request.headers.get("X-Sift-Science-Signature") # Next, let's try to assemble the signature on our side to verify - key = SIFT_WEBHOOK_SECRET_KEY.encode("utf-8") + key = settings.SIFT_WEBHOOK_SECRET_KEY.encode("utf-8") postback_body = request.body h = hmac.new(key, postback_body, sha1) @@ -771,8 +767,8 @@ def sift_check_user_content(self, request): user = User.objects.get(id=user_id) if ( - not user.moderator or user.email not in EMAIL_WHITELIST - ) and user.id not in SIFT_MODERATION_WHITELIST: + not user.moderator or user.email not in settings.EMAIL_WHITELIST + ) and user.id not in settings.SIFT_MODERATION_WHITELIST: if "mark_as_probable_spammer_content_abuse" in decision_id: log_info( f"Possible Spammer - {user.id}: {user.first_name} {user.last_name} - {decision_id}"