Fix "stuck moderator" problem

With various combinations of the blinded setting, older Session dev
versions, and the cli tool, you could end up with a "stuck" unblinded
moderator that can't be removed (when blinding is enabled) because the
blinded ID already exists, so when you try to remove it it removes
moderator status from the *blinded* user instead.

The resolves a few things around this:

- the cli tool now tries to remove *both* the blinded and unblinded
  mod/admin permissions if given an unblinded ID with a known blinded
  ID, to "unstick" this moderator.
- the cli tool was wrongly showing the given session id, rather than the
  actual resolved session id, so was showing that it was removing
  "05..." when actually it was removing the blinded user "15...".
- legacy endpoints for adding a moderator (and bans) now try blinding
  the ID.  This hopefully won't matter as I don't believe the legacy
  endpoints will get used with the updated Session client, but might
  make a difference if blinding gets flipped on and then off again.

Author: jagerman

sogs/__main__.py

@@ -152,7 +152,7 @@
 from . import web
 from .model.room import Room, get_rooms
 from .model.user import User, SystemUser, get_all_global_moderators
-from .model.exc import AlreadyExists, NoSuchRoom
+from .model.exc import AlreadyExists, NoSuchRoom, NoSuchUser
 
 web.appdb = db.get_conn()
 
@@ -322,7 +322,20 @@ def print_room(room: Room):
                 print(f"{u.session_id} was not a global moderator")
             else:
                 u.remove_moderator(removed_by=sysadmin)
-                print(f"Removed {sid} as global {'admin' if was_admin else 'moderator'}")
+                print(f"Removed {u.session_id} as global {'admin' if was_admin else 'moderator'}")
+
+            if u.is_blinded and sid.startswith('05'):
+                try:
+                    u2 = User(session_id=sid, try_blinding=False, autovivify=False)
+                    if u2.global_admin or u2.global_moderator:
+                        was_admin = u2.global_admin
+                        u2.remove_moderator(removed_by=sysadmin)
+                        print(
+                            f"Removed {u2.session_id} as global "
+                            f"{'admin' if was_admin else 'moderator'}"
+                        )
+                except NoSuchUser:
+                    pass
     else:
         if args.rooms == ['*']:
             rooms = get_rooms()
@@ -334,9 +347,22 @@ def print_room(room: Room):
 
         for sid in args.delete_moderators:
             u = User(session_id=sid, try_blinding=True)
+            u2 = None
+            if u.is_blinded and sid.startswith('05'):
+                try:
+                    u2 = User(session_id=sid, try_blinding=False, autovivify=False)
+                except NoSuchUser:
+                    pass
+
             for room in rooms:
                 room.remove_moderator(u, removed_by=sysadmin)
                 print(f"Removed {u.session_id} as moderator/admin of {room.name} ({room.token})")
+                if u2 is not None:
+                    room.remove_moderator(u2, removed_by=sysadmin)
+                    print(
+                        f"Removed {u2.session_id} as moderator/admin of {room.name} ({room.token})"
+                    )
+
 elif args.list_rooms:
     rooms = get_rooms()
     if rooms:

sogs/routes/legacy.py

@@ -331,7 +331,7 @@ def handle_legacy_single_delete(msgid):
 @legacy.post("/block_list")
 def handle_legacy_ban():
     user, room = legacy_check_user_room(moderator=True)
-    ban = User(session_id=request.json['public_key'], autovivify=True)
+    ban = User(session_id=request.json['public_key'], autovivify=True, try_blinding=True)
 
     room.ban_user(to_ban=ban, mod=user)
 
@@ -341,7 +341,7 @@ def handle_legacy_ban():
 @legacy.post("/ban_and_delete_all")
 def handle_legacy_banhammer():
     mod, room = legacy_check_user_room(moderator=True)
-    ban = User(session_id=request.json['public_key'], autovivify=True)
+    ban = User(session_id=request.json['public_key'], autovivify=True, try_blinding=True)
 
     with db.transaction():
         room.ban_user(to_ban=ban, mod=mod)
@@ -353,7 +353,7 @@ def handle_legacy_banhammer():
 @legacy.delete("/block_list/<SessionID:session_id>")
 def handle_legacy_unban(session_id):
     user, room = legacy_check_user_room(moderator=True)
-    to_unban = User(session_id=session_id, autovivify=False)
+    to_unban = User(session_id=session_id, autovivify=False, try_blinding=True)
     if room.unban_user(to_unban, mod=user):
         return jsonify({"status_code": http.OK})
 
@@ -395,7 +395,7 @@ def handle_legacy_add_admin():
     if len(session_id) != 66 or not session_id.startswith("05"):
         abort(http.BAD_REQUEST)
 
-    mod = User(session_id=session_id, autovivify=True)
+    mod = User(session_id=session_id, autovivify=True, try_blinding=True)
     room.set_moderator(mod, admin=True, visible=True, added_by=user)
 
     return jsonify({"status_code": http.OK})
@@ -408,7 +408,7 @@ def handle_legacy_add_admin():
 def handle_legacy_remove_admin(session_id):
     user, room = legacy_check_user_room(admin=True)
 
-    mod = User(session_id=session_id, autovivify=False)
+    mod = User(session_id=session_id, autovivify=False, try_blinding=True)
     room.remove_moderator(mod, removed_by=user)
 
     return jsonify({"status_code": http.OK})