Commit graph

8956 commits

Author SHA1 Message Date
Claire 56f9c44f33 Merge branch 'main' into glitch-soc/merge-upstream 2021-09-30 11:45:13 +02:00
Claire 24f9ea7818
Fix webauthn secure key authentication (#16792)
* Add tests

* Fix webauthn secure key authentication

Fixes #16769
2021-09-30 05:26:29 +02:00
Mashiro 2e549fa2d5
Fix drawer tab menu routes in advanced web ui (#16793) 2021-09-30 05:19:08 +02:00
Claire 29b5c5f483 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/models/custom_emoji.rb`:
  Slight refactor upstream, next to a line that was different in glitch-soc
  because of our local configurable limits on custom emoji size.
  Ported upstream changes.
- `yarn.lock`:
  Not really a conflict, upstream dependency textually too close to a
  glitch-soc-only dependency.
  Updated upstream dependency as upstream.
2021-09-30 00:01:20 +02:00
Claire fc3ae1343d
Switch from unmaintained paperclip to kt-paperclip (#16724)
* Switch from unmaintained paperclip to kt-paperclip

* Drop some compatibility monkey-patches not required by kt-paperclip

* Drop media spoof check monkey-patching

It's broken with kt-paperclip and hopefully it won't be needed anymore

* Fix regression introduced by paperclip 6.1.0

* Do not rely on pathname to call FastImage

* Add test for ogg vorbis file with cover art

* Add audio/vorbis to the accepted content-types

This seems erroneous as this would be the content-type for a vorbis stream
without an ogg container, but that's what the `marcel` gem outputs, so…

* Restore missing for_as_default method

* Refactor Attachmentable concern and delay Paperclip's content-type spoof check

Check for content-type spoofing *after* setting the extension ourselves, this
fixes a regression with kt-paperclip's validations being more strict than
paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown
extensions.

* Please CodeClimate

* Add audio/vorbis to the unreliable set

It doesn't correspond to a file format and thus has no extension associated.
2021-09-29 23:52:36 +02:00
Claire c4ccbbccab Fixup style issue 2021-09-28 13:24:34 +02:00
Claire 345b64340b [Glitch] Fix incorrect use of old WebUI paths
Port 6b19e1e632 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-09-28 13:07:27 +02:00
Claire 188d66c9a8 [Glitch] Add aliases for WebUI routes that were renamed in #16171
Port 11502ae46e to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-09-28 13:07:27 +02:00
Claire b2dd2e95ad Merge branch 'main' into glitch-soc/merge-upstream 2021-09-28 12:37:54 +02:00
Claire 6b19e1e632
Fix incorrect use of old WebUI paths (#16773)
* Fix incorrect use of old WebUI paths

PR #16171 renamed some routes but missed some occurrences.
Without #16772, this leads to unreachable routes in those cases.

* Fix floating action button being displayed on statuses and compose screen
2021-09-27 07:24:04 +02:00
Claire 11502ae46e
Add aliases for WebUI routes that were renamed in #16171 (#16772)
* Add aliases for some WebUI routes that were renamed in #16171

Accounts and statuses routes need more work as they use different parameters.

* Add aliases for /statuses/* routes

* Add aliases for /accounts/* WebUI routes

Does not correctly set the “active” state on the navigation tabs but this is
a minor issue.

* Fix some routes

* Fix /accounts/:id/{media,followers,following} not loading on legacy routes
2021-09-27 07:23:48 +02:00
Eugen Rochko a7f6524c6b [Glitch] Change routing paths to use usernames in web UI
Port 52e5c07948 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-09-26 21:35:57 +02:00
Claire 3622110778 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `streaming/index.js`:
  Filtering code for streaming notifications has been refactored upstream, but
  glitch-soc had similar code for local-only toots in the same places.
  Ported upstream changes, but did not refactor local-only filtering.
2021-09-26 18:28:59 +02:00
Eugen Rochko a0d4129893
Refactor notifications to go through a separate stream in streaming API (#16765)
Eliminate need to have custom notifications filtering logic in the
streaming API code by publishing notifications into a separate stream
and then simply using the multi-stream capability to subscribe to that
stream when necessary
2021-09-26 13:23:28 +02:00
Eugen Rochko 52e5c07948
Change routing paths to use usernames in web UI (#16171) 2021-09-26 05:46:13 +02:00
Claire bf827b17e1 Merge branch 'main' into glitch-soc/merge-upstream 2021-09-19 13:07:27 +02:00
Claire e0af97164a
Fix followers synchronization mechanism not working when URI has empty path (#16744)
Follow-up to #16510, forgot the controller exposing the actual followers…
2021-09-15 18:51:16 +02:00
Claire f1e6884d6b Merge branch 'main' into glitch-soc/merge-upstream 2021-09-14 13:50:30 +02:00
Claire db57bff11d
Stop setting a shortcode to newly-created media attachments (#16730)
* Stop setting a shortcode to newly-created media attachments

The WebUI has stopped using the “short media URL” in ages. This isn't used
anywhere except for mail notifications.

Deprecating it would allow us to eventually get rid of at least a database
column and corruption-prone index, as well as a controller.

* Fix tests
2021-09-13 18:59:37 +02:00
Claire 7aa4d481db Fix media icons not being added in CWs 2021-09-09 17:14:09 +02:00
Holger 209f8f3a60
use relative path for scope (#16714)
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
2021-09-08 23:33:36 +02:00
Claire 12cd097e7c
Fix addressing of remote groups' followers (#16700)
Fixes #16699
2021-09-08 23:33:23 +02:00
Claire 4a94f4127b Fix glitch-soc front-end not linking to the provided SOURCE_URL 2021-09-08 16:36:45 +02:00
Claire 6bbcd99f14 Fix media attachments not being displayed on polls
Fixes #1595
2021-09-08 16:36:30 +02:00
Claire f9185c72a9 Merge branch 'main' into glitch-soc/merge-upstream 2021-09-02 10:52:09 +02:00
Claire 2b18f7a943
Fix processing mentions to domains with non-ascii TLDs (#16689)
Fixes #16602
2021-09-01 22:06:40 +02:00
matildepark 39193be1c4 [Glitch] Fix follow request count to dynamically update
Port 79341d0f5f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-27 11:31:09 +02:00
Claire 463d23dfd5 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-27 11:29:03 +02:00
Truong Nguyen 7283a5d3b9
Explicitly set userVerification to discoraged (#16545) 2021-08-26 09:51:22 -05:00
Claire 94bcf45321
Fix authentication failures after going halfway through a sign-in attempt (#16607)
* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25 22:52:41 +02:00
matildepark 79341d0f5f
Fix follow request count to dynamically update (#16652) 2021-08-25 17:46:29 +02:00
Daniel 5c21021176
Fix undefined variable for Auth::OmniauthCallbacksController (#16654)
The addition of authentication history broke the omniauth login with
the following error:

  method=GET path=/auth/auth/cas/callback format=html
  controller=Auth::OmniauthCallbacksController action=cas status=500
  error='NameError: undefined local variable or method `user' for
  #<Auth::OmniauthCallbacksController:0x00000000036290>
  Did you mean?  @user' duration=435.93 view=0.00 db=36.19

* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
  name to `@user`
2021-08-25 17:40:56 +02:00
Claire 1aca5ef9bc Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 16:14:45 +02:00
Claire 3c45dfa0fe
Fix “discoverable” account setting being tied to profile directory (#16637) 2021-08-20 16:11:58 +02:00
Claire 4f074b68ba [Glitch] Fix crash if a notification contains an unprocessed media attachment
Port 0c24c865b7 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20 13:14:59 +02:00
Claire 0e62c38b02 [Glitch] Fix download button color in audio player
Port aaf24d3093 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20 13:14:03 +02:00
Claire 4e2a8c9b38 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 13:01:50 +02:00
Claire 9ac7e6fef7
Fix remotely-suspended accounts' toots being merged back into timelines (#16628)
* Fix remotely-suspended accounts' toots being merged back into timelines

* Mark remotely-deleted accounts as remotely suspended
2021-08-20 07:40:33 +01:00
Holger 0cae6c07bb
Fix #16603 (#16605)
Fix issue #16603 undefined method `serialize_payload' for Unsuspend Account Service error.
It seems that this service forgot to `include Payloadable` so that `serialize_payload` could not be found in this service.
2021-08-20 07:39:37 +01:00
Claire 0c24c865b7
Fix crash if a notification contains an unprocessed media attachment (#16573)
* Refactor AttachmentList

* Do not crash if a notification contains an unprocessed media attachment

Fixes #16530

* Fix spacing in compact form
2021-08-11 17:49:10 +02:00
Claire aaf24d3093
Fix download button color in audio player (#16572)
Fixes #16571
2021-08-11 17:48:55 +02:00
Claire 5efb1ff337
Fix followers synchronization mechanism not working when URI has empty path (#16510)
* Fix followers synchronization mechanism not working when URI has empty path

To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.

Also adds tests and rename them to reflect the proper method names.

* Move url prefix regexp to its own constant
2021-08-11 17:48:42 +02:00
Claire 47ea9b2d67 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-11 16:41:59 +02:00
Claire 13b08610a0
Fix crash when encountering invalid account fields (#16598)
* Add test

* Fix crash when encountering invalid account fields
2021-08-11 16:40:55 +02:00
Takeshi Umeda 8681ef85d0 [Glitch] Fix logout link not working in safari
Port b2875b1864 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-09 23:45:58 +02:00
Jeong Arm 8d55cb7d71 [Glitch] Fix trends layout
Port 6e0ab6814f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-09 23:40:31 +02:00
Claire 76c7226eb0 Fix account statuses cleanup settings controller for glitch-soc's theming system 2021-08-09 23:28:06 +02:00
Claire 8ec4be4233 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Not a real conflict, upstream-updated dependency (redis) textually too
  close to glitch-soc-only dependecy.
  Updated redis gem like upstream did.
2021-08-09 23:25:49 +02:00
Claire 4ac78e2a06
Add feature to automatically delete old toots (#16529)
* Add account statuses cleanup policy model

* Record last inspected toot to delete to speed up successive calls to statuses_to_delete

* Add service to cleanup a given account's statuses within a budget

* Add worker to go through account policies and delete old toots

* Fix last inspected status id logic

All existing statuses older or equal to last inspected status id must be
kept by the current policy. This is an invariant that must be kept so that
resuming deletion from the last inspected status remains sound.

* Add tests

* Refactor scheduler and add tests

* Add user interface

* Add support for discriminating based on boosts/favs

* Add UI support for min_reblogs and min_favs, rework UI

* Address first round of review comments

* Replace Snowflake#id_at_start with with_random parameter

* Add tests

* Add tests for StatusesCleanupController

* Rework settings page

* Adjust load-avoiding mechanisms

* Please CodeClimate
2021-08-09 23:11:50 +02:00
Takeshi Umeda 709876bd6c
Fix invalid blurhash handling in Create activity (#16583) 2021-08-09 13:33:19 +02:00