From 09bd8350c9c3a0e92cbf1d2fb6e12c4b6c7b2f67 Mon Sep 17 00:00:00 2001
From: single-right-quote
 <34298117+single-right-quote@users.noreply.github.com>
Date: Fri, 8 Apr 2022 07:23:28 +0000
Subject: [PATCH] [UNTESTED] Require a word boundary after a mention

It is very longstanding behavior for `MENTION_RE` to match strings of
the form `@user@domain@thoasuhsantoshu`. This change requires Unicode
whitespace after a message, with an edge case of allowing a mention to
occur at the very end of the post.

This is really a just a start when it comes to mention matching. The
new test is as well. As well as the entire service spec.
---
 app/models/account.rb                          |  2 +-
 spec/services/process_mentions_service_spec.rb | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/models/account.rb b/app/models/account.rb
index 1966c5a48b..b6e53cf30a 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -62,7 +62,7 @@ class Account < ApplicationRecord
   )
 
   USERNAME_RE   = /[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?/i
-  MENTION_RE    = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]\.\-]+[[:word:]]+)?)/i
+  MENTION_RE    = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]\.\-]+[[:word:]]+)?)(?:[[:space:]]|$)/i
   URL_PREFIX_RE = /\Ahttp(s?):\/\/[^\/]+/
 
   include Attachmentable
diff --git a/spec/services/process_mentions_service_spec.rb b/spec/services/process_mentions_service_spec.rb
index 89b265e9a0..27efd81978 100644
--- a/spec/services/process_mentions_service_spec.rb
+++ b/spec/services/process_mentions_service_spec.rb
@@ -45,6 +45,19 @@
         expect(remote_user.mentions.where(status: status).count).to eq 1
       end
     end
+
+    context 'with a malformed mention' do
+      let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') }
+      let(:status) { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}@osueth", visibility: visibility) }
+
+      before do
+        subject.call(status)
+      end
+
+      it 'does not create a mention' do
+        expect(remote_user.mentions.where(status: status).count).to eq 0
+      end
+    end
   end
 
   context 'Temporarily-unreachable ActivityPub user' do