bluesky: opt out users who have disabled logged out view on bsky.app

ie "Discourage apps from showing my account to logged-out users" on https://bsky.app/moderation fixes #828 https://docs.bsky.app/docs/advanced-guides/resolving-identities#for-backend-services https://github.com/bluesky-social/atproto/blob/main/packages/api/docs/labels.md#label-behaviors
2024-02-23 10:33:02 -08:00 · 2024-02-23 10:33:02 -08:00 · 56a3c0e34b
commit 56a3c0e34b
--- a/models.py
+++ b/models.py
@ -324,6 +324,9 @@ class User(StringIdModel, metaclass=ProtocolUserMeta):
        if not self.obj or not self.obj.as1:
            return None

+        if not as1.is_public(self.obj.as1, unlisted=False):
+            return 'opt-out'
+
        for field in 'summary', 'displayName':
            text = html_to_text(self.obj.as1.get(field, ''))
            for tag in OPT_OUT_TAGS:
--- a/tests/test_atproto.py
+++ b/tests/test_atproto.py
@ -13,6 +13,7 @@ import dns.resolver
 from dns.resolver import NXDOMAIN
 from flask import g
 from google.cloud.tasks_v2.types import Task
+from granary.bluesky import NO_AUTHENTICATED_LABEL
 from granary.tests.test_bluesky import (
    ACTOR_AS,
    ACTOR_PROFILE_BSKY,
@ -193,6 +194,22 @@ class ATProtoTest(TestCase):
            self.req('https://plc.local/did:plc:user'),
        ))

+    def test_no_authenticated_label_opt_out(self):
+        # !no-authenticated label is for users who disable logged out visibility,
+        # ie only show their profile to users who are logged into Bluesky
+        self.store_object(id='did:plc:user', raw=DID_DOC)
+        obj = self.store_object(id='at://did:plc:user/app.bsky.actor.profile/self',
+                                bsky={
+                                    **ACTOR_PROFILE_BSKY,
+                                    'labels': [{
+                                        'val' : NO_AUTHENTICATED_LABEL,
+                                        'neg' : False,
+                                    }],
+                                })
+        user = self.make_user('did:plc:user', cls=ATProto, obj_key=obj.key)
+
+        self.assertEqual('opt-out', user.status)
+
    def test_target_for_user_no_stored_did(self):
        self.assertEqual('https://atproto.brid.gy/', ATProto.target_for(
            Object(id='at://foo')))
--- a/tests/test_models.py
+++ b/tests/test_models.py
@ -227,8 +227,14 @@ class UserTest(TestCase):
        })
        self.assertIsNone(user.status)

+        user.obj.our_as1.update({
+            'to': [{'objectType': 'group', 'alias': '@unlisted'}],
+        })
+        self.assertEqual('opt-out', user.status)
+
        user.obj.our_as1.update({
            'summary': 'well #nobot yeah',
+            'to': None,
        })
        self.assertEqual('opt-out', user.status)

--- a/tests/testutil.py
+++ b/tests/testutil.py
@ -279,15 +279,16 @@ class TestCase(unittest.TestCase, testutil.Asserts):

    def make_user(self, id, cls, **kwargs):
        """Reuse RSA key across Users because generating it is expensive."""
-        obj_key = None
-
        obj_as1 = kwargs.pop('obj_as1', None)
        obj_as2 = kwargs.pop('obj_as2', None)
        obj_mf2 = kwargs.pop('obj_mf2', None)
        obj_id = kwargs.pop('obj_id', None)

-        obj_key = None
-        if cls != ATProto:
+        obj_key = kwargs.pop('obj_key', None)
+        if obj_key:
+            assert not obj_as1 and not obj_as2 and not obj_mf2 and not obj_id
+
+        if not obj_key and cls != ATProto:
            if not obj_id:
                obj_id = ((obj_as2 or {}).get('id')
                          or util.get_url((obj_mf2 or {}), 'properties')