Commit graph

8737 commits

Author SHA1 Message Date
Claire 876840e9ef
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire 051efed5ed
Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
2021-03-19 23:48:47 +01:00
Claire 5d48402be1
Fixing the hero widget (#15926)
* Removing last-child padding conflicts with light theme in hero widget

* Add missing background color to widget

* Reset widget.scss to default

* Hope this works

Co-authored-by: koyu <me@koyu.space>
2021-03-19 20:23:32 +01:00
Claire 39a490c70e
Fix custom CSS when CDN_HOST is set (#15927) 2021-03-19 20:23:08 +01:00
Eugen Rochko af8fe6e1e9
WIP (#15222) 2021-03-19 17:15:36 +01:00
Claire 2bb573d021 Messing around with box-shadow
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-19 14:47:57 +01:00
Claire e71f4d468b Add more button states?
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-19 14:47:54 +01:00
Claire 200d7a1708 Change notification settings UI to be more compact
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-19 14:47:06 +01:00
Claire 3b7b607300 Migrate glitch-soc local notification settings to upstream system 2021-03-19 13:57:36 +01:00
Claire db6551ec09 Add option to opt out of unread notification markers
Port 55ac2b9c60 to glitch-soc
2021-03-19 13:57:32 +01:00
Claire 3ad6ef72cb Merge branch 'main' into glitch-soc/merge-upstream 2021-03-19 13:57:15 +01:00
Claire 741d0952b1
Improve account counters handling (#15913)
* Improve account counters handling

* Use ActiveRecord::Base::sanitize_sql to pass values instead of interpolating them

Keep using string interpolation for `key` as it is safe and using
“ActiveRecord::Base::sanitize_sql_hash_for_assignment” would require stitching
bits of SQL in a way that is not more easily checked for safety.

* Add migration hook to catch PostgreSQL versions earlier than 9.5
2021-03-19 13:14:57 +01:00
Claire b358229834
Further preparation for Rails 6 (#15916)
* Use ActiveRecord::Result#to_ary instead of deprecated to_hash

They do the same thing, and to_hash has been removed from Rails 6.1

* Explicitly name polymorphic indexes to workaround a bug in Rails 6.1

cf. https://github.com/rails/rails/issues/41693

* Fix incorrect usage of “foreign_key” in migration script

* Use `ActiveModel::Errors#delete` instead of deprecated clear method

* Fix link headers tests on Rails 6.1

Rails 6.1 adds values to the Link header by default, thus it is not a
LinkHeader object anymore. Fix the test to parse the Link header instead
of assuming it is a LinkHeader.
2021-03-19 02:45:34 +01:00
Claire 55ac2b9c60
Add option to opt out of unread notification markers (#15842)
Fixes #15133
2021-03-19 02:44:57 +01:00
Claire a4dcaef53b
Prepare Mastodon for zeitwerk autoloader (#15917)
* Prepare Mastodon for zeitwerk autoloader (Rails 6)

Add inflections and rename/move a few classes.

In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.

* Add inflection for Url → URL
2021-03-19 02:42:43 +01:00
Claire 5027abecd1
Fix cache_collection crashing when given an empty collection (#15921)
* Fix cache_collection crashing when given an empty collection

* Add tests
2021-03-18 00:41:32 +01:00
Claire 43eff898a0
Prepare Mastodon for Rails 6 (#15911)
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
2021-03-17 10:09:55 +01:00
Claire eac4a3e9c8 Merge branch 'main' into glitch-soc/merge-upstream 2021-03-15 11:26:59 +01:00
Eugen Rochko e89e976e92
Fix configuration for sidekiq-unique-jobs after 7.x upgrade (#15908)
Remove locks from scheduled jobs
2021-03-15 11:17:43 +01:00
Filipe Rodrigues 3dc94d9f91
Fix reference to non-existing translation in the exports page. (#15894)
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.

This issue was introduced in commit dcd86204 (PR #14956).

(h/t @meqif for helping with figuring out the bug)
2021-03-15 02:17:29 +01:00
Claire 995ad2af30 Fix DM timeline failing to load from database 2021-03-12 23:17:34 +01:00
Claire 1b02d29be5
Fix not being able to change world filter expiration back to “Never” (#15858)
Fixes #15849
2021-03-12 05:25:50 +01:00
Claire 5cc45d22d3
Remove subscription_expires_at leftover from OStatus (#15857) 2021-03-12 05:25:24 +01:00
Claire 1b6a21e6bc Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/validators/status_length_validator.rb`:
  Conflict due to glitch-soc's configurable maximum toot chars.
  Ported upstream changes.
2021-03-11 16:08:15 +01:00
Claire 67c5cdea40
Fix some ignored brakeman warnings (#15829) 2021-03-07 07:06:56 +01:00
Claire 318efa49de Fix various CodeClimate warnings 2021-03-06 14:51:53 +01:00
Claire 5614e6724e
Fix URL scanning in note length validator and preview card fetching (#15827)
* Add tests

* Fix URL scanning in note length validator and preview card fetching
2021-03-04 00:12:26 +01:00
Claire 7336276252 [Glitch] Update twitter-text from 1.14 to 3.1.0 and fix toot character counting
Port 65db262550 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-02 12:37:23 +01:00
Claire 7cffe8dca7 [Glitch] Add borders to 📱 and 📲 emojis
Port a8139ab016 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-02 12:27:29 +01:00
Claire 974ddc28a3 [Glitch] Fix WebUI crashing when SVG support is disabled
Port 0635c8760d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-02 12:26:12 +01:00
Claire d8fdbb054e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/validators/status_length_validator.rb`:
  Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real
  conflict.
  Applied upstream changes.
- `package.json`:
  glitch-soc-only dependency textually too close to a dependency updated
  upstream, not a real conflict.
  Applied upstream changes.
2021-03-02 12:06:58 +01:00
Claire 65db262550
Update twitter-text from 1.14 to 3.1.0 and fix toot character counting (#15382)
* Update twitter-text from 1.14 to 3.1.0

* Disable emoji parsing

* Properly depend on twitter-text for url detection

* Fix some URLs being wrongly detected client-side

* Add test for server-side validation of non-autolinkable URLs

* Fix server-side status length counting
2021-03-02 12:02:56 +01:00
Claire a8139ab016
Add borders to 📱 and 📲 emojis (#15794) 2021-03-01 21:22:54 +01:00
Eugen Rochko ee1119208c
Add POST /api/v1/emails/confirmations to REST API (#15816)
Only available to the application the user originally signed-up with
2021-03-01 18:39:47 +01:00
Eugen Rochko 9aa37b32c3
Add details to error response for POST /api/v1/accounts in REST API (#15803) 2021-03-01 04:59:13 +01:00
Claire 0635c8760d
Fix WebUI crashing when SVG support is disabled (#15809)
Fixes #14910
2021-02-28 01:01:34 +01:00
Claire 75189af528
Fix crash on receiving requests with missing Digest header (#15782)
* Fix crash on receiving requests with missing Digest header

Return an error pointing out that Digest is missing, instead of crashing.

Fixes #15743

* Fix from review feedback
2021-02-26 17:40:27 +01:00
Claire 4f19504986
Add inline description of moderation actions in moderation interface (#15792) 2021-02-24 16:53:16 +01:00
Claire 5f4c0b79c2
Change ResolveAccountService's handling of skip_webfinger (#15750)
* Change ResolveAccountService's handling of skip_webfinger

Change it so it never makes any webfinger query, as the name would imply.

* Add tests

* Change FollowService to not take an URI for target_account

* Restore domain-block check in FollowService

* Fix tests
2021-02-24 06:32:13 +01:00
Claire 1b50ac08c1
Fix server rules not being displayed if extended server discription isn't set (#15778) 2021-02-22 18:26:24 +01:00
abcang 6ae04d990c [Glitch] Fix default searchTokens
Port 2127f40e6b to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-22 15:47:17 +01:00
Eugen Rochko 24fb5d7572 [Glitch] Add server rules
Port SCSS changes from 8331fdf7e0 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-22 15:45:28 +01:00
Claire 679642e26c Merge branch 'main' into glitch-soc/merge-upstream 2021-02-22 15:23:46 +01:00
abcang 2127f40e6b
Fix default searchTokens (#15775) 2021-02-22 11:26:08 +01:00
Eugen Rochko 8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Justin Tracey c9e8e1739c
replace all instances of "ends_with?" with "end_with?" (#15745)
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
Eugen Rochko e31ed27485
Add GET /api/v1/accounts/lookup REST API (#15740) 2021-02-16 15:28:32 +01:00
Claire 49eef466b8 [Glitch] Add dropdown for boost privacy in boost confirmation modal
Port 07b46cb332 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 12:31:49 +01:00
Claire 9213b02656 Refactor privacy dropdown to have an interface closer to upstream's 2021-02-12 12:04:04 +01:00
kaias1jp 847779b1e4 [Glitch] Fixed WebUI crash when a status opened in the media modal is deleted
Port 08ae116dc6 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:58:34 +01:00
Jeong Arm 8f24f7626a [Glitch] Use custom mascot on static share page
Port d499bb031f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:57:09 +01:00
Mélanie Chauvel 0e7484209c [Glitch] Slightly reorder three dots menu on toots to make it more intuitive
Port f5fefdc11a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:55:37 +01:00
Eugen Rochko 28f533f370 [Glitch] Change max. image dimensions to 1920x1080px (1080p)
Port acf1842896 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:46:00 +01:00
Claire 5e11f3a6e1 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/styles/mastodon/modal.scss`:
  For some reason we changed the file loading path in glitch-soc,
  but now upstream has completely changed how the logo is loaded.
  Applied upstream changes.
2021-02-12 10:28:32 +01:00
Eugen Rochko 15ced8728f
Refactor Api::Web::SettingsController (#15717) 2021-02-12 07:19:15 +01:00
Eugen Rochko f8972d4503
Fix YouTube embeds failing due to YouTube serving wrong OEmbed URLs (#15716) 2021-02-12 05:45:38 +01:00
kaias1jp 08ae116dc6
Fixed WebUI crash when a status opened in the media modal is deleted (#15701)
* Fixed picture in picture compatibility error in WebUI when status is deleted

* Revert "Fixed picture in picture compatibility error in WebUI when status is deleted"

This reverts commit f003b7d9d8.

* Close the modal display of the image when status is deleted

* Fixed the case statement before the default statement

* Removed unnecessary parts
2021-02-11 19:59:47 +01:00
Takeshi Umeda 7927959d8f
fix typo (#15705) 2021-02-11 06:22:11 +01:00
Cecylia Bocovich e79f8dd85c
Onion service related changes to HTTPS handling (#15560)
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
2021-02-11 04:40:13 +01:00
Jeong Arm d499bb031f
Use custom mascot on static share page (#15687)
* Use custom mascot on static share page

* Use full_asset_url
2021-02-11 02:18:56 +01:00
Claire be3b9f8151
Fix URI of repeat follow requests not being recorded (#15662)
* Fix URI of repeat follow requests not being recorded

In case we receive a “repeat” or “duplicate” follow request, we automatically
fast-forward the accept with the latest received Activity `id`, but we don't
record it.

In general, a “repeat” or “duplicate” follow request may happen if for some
reason (e.g. inconsistent handling of Block or Undo Accept activities, an
instance being brought back up from the dead, etc.) the local instance thought
the remote actor were following them while the remote actor thought otherwise.

In those cases, the remote instance does not know about the older Follow
activity `id`, so keeping that record serves no purpose, but knowing the most
recent one is useful if the remote implementation at some point refers to it
by `id` without inlining it.

* Add tests
2021-02-11 01:53:44 +01:00
Mélanie Chauvel f5fefdc11a
Slightly reorder three dots menu on toots to make it more intuitive (#15647)
* Slightly reorder three dots menu on toots to make it more intuitive

- Make “Pin to profile” always appear at the same place
- Add separator to group “Bookmark” and “Pin to profile”
- Fix separator being the first item in some cases

* Fix missing semicolon and keep status_action_bar.js and action_bar.js in sync
2021-02-11 01:05:04 +01:00
Claire 07b46cb332
Add dropdown for boost privacy in boost confirmation modal (#15704)
* Various dropdown code quality fixes

* Prepare support for privacy selection in boost modal

* Add dropdown for boost privacy in boost confirmation modal
2021-02-11 00:53:12 +01:00
Claire a30a40c437 Fix background color for favourite modal on DMs 2021-02-10 19:27:18 +01:00
Claire acdeb162b8
Create instance actor if it hasn't been properly seeded (#15693)
An uncommon but somewhat difficult to digagnose issue is dealing with
improperly-seeded databases. In such cases, instance-signed fetches will
fail with a ActiveRecord::RecordNotFound error, usually caught and handled
as generic 404, leading people to think the remote resource itself has not
been found, while it's the local instance actor that does not exist.

This commit changes the code so that failure to find the instance actor
automatically creates a new one, so that improperly-seeded databases do
not cause any issue.
2021-02-09 18:12:54 +01:00
Eugen Rochko acf1842896
Change max. image dimensions to 1920x1080px (1080p) (#15690)
* Change max. image size to 1920x1080px

* Change it in web UI too
2021-02-09 01:21:06 +01:00
ThibG e1fa06c459 [Glitch] Change custom emoji to be animated when hovering container
Port 3efa0c54b6 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-03 17:16:22 +01:00
Claire 4d40685850 Merge branch 'main' into glitch-soc/merge-upstream 2021-02-03 17:02:48 +01:00
ThibG a044ddac5b
Fix race conditions on account migration creation (#15597)
* Atomically check for processing lock in Move handler

* Prevent race condition when creating account migrations

Fixes #15595

* Add tests

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-02-02 14:49:57 +01:00
ThibG 3efa0c54b6
Change custom emoji to be animated when hovering container (#15637)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-31 21:25:31 +01:00
abcang 7ab53f221a
Improved performance of notification preloading (#15640)
* Improved performance of notification preloading

* Remove Cacheable from Notification

* Fix test
2021-01-31 21:24:57 +01:00
abcang c8c764dd8b
Fix N+1 query when rendering with StatusSerializer (#15641) 2021-01-31 21:24:17 +01:00
abcang 2319e85a8a
Fix react/jsx-no-duplicate-props (#15636) 2021-01-28 18:24:22 +01:00
ThibG 52ff3ca675
Merge pull request #1491 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2021-01-26 23:21:32 +01:00
leo60228 ca6c62068e Support customizing poll option limits 2021-01-26 14:07:31 +01:00
ThibG 00e55445b9 [Glitch] Add “translate” class to other user strings
Port 5fcac81302 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-26 14:05:24 +01:00
Claire b81710c02c Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `CONTRIBUTING.md`:
  Not a real conflict, glitch-soc quotes the upstream file, which has been
  changed. Update the quote.
2021-01-26 14:01:30 +01:00
Takeshi Umeda 7f1c56954b
Fix first return value of FetchLinkCardService.html method (#15630) 2021-01-25 09:22:41 +01:00
luigi 7ea9588520
Use Enumerable#filter_map in more places (#15527) 2021-01-22 16:28:15 +01:00
ThibG 5fcac81302
Add “translate” class to other user strings (#15611)
* Add “translate” class to other user strings

Follow-up to #15610.

Allow Google Translate to work on more user content:
- poll options
- reply indicator (contents of the status being replied to)
- directory account cards
- account note in follow requests list

* Fix incorrect styling of account bio

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-22 10:09:23 +01:00
luigi eb51e43fb4
Optimize some regex matching (#15528)
* Use Regex#match?

* Replace =~ too

* Avoid to call match? from Nil

* Keep value of Regexp.last_match
2021-01-22 10:09:08 +01:00
ThibG c48e2a48ba [Glitch] Fix Google Translate breaking web interface
Port 7d0031a515 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-21 16:59:47 +01:00
Claire f90fa11db5 Merge branch 'main' into glitch-soc/merge-upstream 2021-01-21 16:51:12 +01:00
ThibG 7d0031a515
Fix Google Translate breaking web interface (#15610)
- marks the page as a whole as untranslatable
- still marks user text as translatable

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-21 14:29:54 +01:00
ThibG e955ca5463
Fix sign-up restrictions based on IP addresses not being enforced (#15607)
Fixes #15606

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-21 06:18:30 +01:00
ThibG 2ff01f78f7
Fix /activity endpoint not require signature in authorized fetch mode (#15592)
Fixes #15589

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-19 06:47:36 +01:00
Claire e202314a75 Merge branch 'master' into glitch-soc/merge-upstream 2021-01-18 13:57:12 +01:00
ThibG 54d4e5252b
Use Rails' index_by where it makes sense (#15542)
* Use Rails' index_by where it makes sense

* Fix tests

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-12 09:27:38 +01:00
ThibG 7bed25f3ea
Fix processing of incoming Block activities (#15546)
Unlike locally-issued blocks, they weren't clearing follow
relationships in both directions, follow requests or notifications.

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-12 09:25:01 +01:00
ThibG 31e68bf3d3 [Glitch] Fix OCR lang data failing to load
Port 73ddb60c32 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-11 12:00:26 +01:00
Claire 33d30632fb Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/models/public_feed.rb`:
  Upstream refactored a bit, glitch-soc had specific code for local-only
  statuses.
  Updated glitch-soc's specific code accordingly.
2021-01-11 11:55:42 +01:00
Levi Bard 11d603101a
Fix muting users with duration via the REST api (#15516) 2021-01-10 12:47:21 +01:00
luigi 087ed84367
Optimize map { ... }.compact calls (#15513)
* Optimize map { ... }.compact

using Enumerable#filter_map, supported since Ruby 2.7

* Add poyfill for Enumerable#filter_map
2021-01-10 00:32:01 +01:00
ThibG 73ddb60c32
Fix OCR lang data failing to load (#15519)
Fixes #15472

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-09 03:48:50 +01:00
ThibG a1a8aa4a08
Skip processing Update activities on unknown accounts (#15514)
This also skips fetching the actor completely.

This will be useful if we end up distributing Update activities linked to
account suspensions more widely (they are currently only delivered to
the suspended account's followers), as currently, instances not knowing
about the suspended account would fetch it to then process the suspension.

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-08 12:26:29 +01:00
abcang efffdd3778
Fix rubocop config and warnings (#15503)
* disable NewCops

* update TargetRubyVersion

* Fix Lint/MissingSuper for ActiveModelSerializers::Model

* Fix Lint/MissingSuper for feed

* Fix Lint/FloatComparison

* Do not use instance variables
2021-01-07 09:40:55 +01:00
Takeshi Umeda 55e84f9125 [Glitch] Fix logo button style more
Port 3f4b0dfd47 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-06 19:03:52 +01:00
Takeshi Umeda 7710a6c4b1 [Glitch] Fix logo button style
Port ba748a83f2 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-06 19:03:21 +01:00
Takeshi Umeda f3aa085af5 [Glitch] Fix getting-started footer in single column mode not being clickable in Safari
Port e38874dcf7 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-06 18:38:10 +01:00
Takeshi Umeda 98fd0cca55 [Glitch] Fix defaultProps of frameRate to string
Port a50fe47a77 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-01-06 18:32:37 +01:00