Commit graph

8772 commits

Author SHA1 Message Date
Eugen Rochko 6d6000f61f
Fix remote reporters not receiving suspend/unsuspend activities (#16050) 2021-04-17 14:55:46 +02:00
Eugen Rochko 480d7c9478
Fix missing source strings and inconsistent lead text style in admin UI (#16052) 2021-04-17 11:12:49 +02:00
Eugen Rochko b3ceb3dcc4
Add canonical e-mail blocks for suspended accounts (#16049)
Prevent new accounts from being created using the same underlying
e-mail as a suspended account using extensions and period
permutations. Stores e-mails as a SHA256 hash
2021-04-17 03:14:25 +02:00
Eugen Rochko dde8739020
Fix reports of already suspended accounts being recorded (#16047) 2021-04-16 22:01:05 +02:00
Takeshi Umeda baed52c2a7
Fix not to show follow button in global suggestion (#16045)
* Fix not to show follow button in global suggestion

* Fix style
2021-04-16 10:06:42 +02:00
Takeshi Umeda 9bb3341849
Fix to update suggestion list after dismiss (#16044)
* Fix to update suggestion list after dismiss

* Change to inline

* Fix style
2021-04-16 10:06:16 +02:00
Eugen Rochko 3b8d085436
Fix app name, website and redirect URIs not having a maximum length (#16042)
Fix app scopes not being validated
2021-04-15 16:28:43 +02:00
Eugen Rochko ce2148c571
Add policy param to POST /api/v1/push/subscriptions (#16040)
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
2021-04-15 05:00:25 +02:00
Takeshi Umeda c968d22ee9
Fix an error with 'multiple mentions with same username' (#16038) 2021-04-14 15:48:49 +02:00
Claire e78d06eecf
Add border to 🚲 emoji (#16035) 2021-04-13 23:43:51 +02:00
Eugen Rochko 120965eb0b
Change Web Push API deliveries to use request pooling (#16014) 2021-04-12 14:25:34 +02:00
Eugen Rochko f7117646af
Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
Eugen Rochko 619fad6cf8
Remove spam check and dependency on nilsimsa gem (#16011) 2021-04-11 11:22:50 +02:00
Eugen Rochko 7183d9a113
Change multiple mentions with same username to render with domain (#15718)
Fix #15506
2021-04-10 11:51:02 +02:00
Claire c5fe0864d1
Fix SidekiqProcessCheck checking for a queue name that isn't used in Mastodon (#16002) 2021-04-05 23:41:37 +02:00
Eugen Rochko 2ae8c41e5d [Glitch] Add system checks to dashboard in admin UI
Port SCSS changes from 487e37d6d4

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-04-05 14:34:36 +02:00
Claire 6be0b4b014 [Glitch] Fix crash in old browsers
Port abad99fa10 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-04-05 14:33:42 +02:00
Claire c901ae77d4 Merge branch 'main' into glitch-soc/merge-upstream 2021-04-05 14:31:07 +02:00
Noiob 39b9a0619a Remove superfluous toot length check 2021-04-05 14:30:43 +02:00
Claire 117f6638d0
Fix SVG files not being correctly included in templates (#16001)
In Rails 6.1, raw file inclusion in templates have to be explicitly marked as
HTML-safe, otherwise it's rendered as text.
2021-04-05 13:05:49 +02:00
Eugen Rochko 487e37d6d4
Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Eugen Rochko 82cce18227
Change health check (#15988) 2021-04-03 02:39:04 +02:00
Claire abad99fa10
Fix crash in old browsers (#15985)
Fixes #15984
2021-04-01 00:00:12 +02:00
Claire 15efa32cca Merge branch 'main' into glitch-soc/merge-upstream 2021-03-31 10:34:29 +02:00
Claire a650a1157d
Fix /admin/tags/:id crashing since Rails 6.1 update (#15953)
Raw SQL passed to `pluck` now has to be explicitly marked as SQL via
Arel.sql, see https://github.com/rails/rails/pull/27947
2021-03-26 18:36:16 +01:00
Claire 59f94593d0
Add warning in admin dashboard if some required queues are not handled (#15954) 2021-03-26 18:22:54 +01:00
Eugen Rochko dd1eb9918a
Add email param to POST /api/v1/emails/confirmations (#15949)
Allow changing e-mail as long as the account is unconfirmed
2021-03-25 02:46:13 +01:00
Marcin Mikołajczak f8e50eaea3
Add transition to media modal background (#15843)
* Add transition to media modal background

* use reduceMotion

* Move background color transition into css

Signed-off-by: marcin mikołajczak <me@mkljczk.pl>
2021-03-24 13:51:32 +01:00
Claire 5ea53b6158 [Glitch] Fix compose form behavior in mobile view
Port 034f37b85a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-24 11:21:21 +01:00
dependabot[bot] b61e44461c [Glitch] Bump react-select from 3.2.0 to 4.0.2
Add cacheKey to NonceProvider for react-select

Port changes from c3aef491d6 to glitch-soc

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-24 11:01:57 +01:00
Claire f60c99a8fb Merge branch 'main' into glitch-soc/merge-upstream 2021-03-24 10:53:50 +01:00
Claire cbd0ee1d07
Update Mastodon to Rails 6.1 (#15910)
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
2021-03-24 10:44:31 +01:00
Claire 1c4dee4554
Fix Mastodon not understanding as:Public and Public (#15948)
Fixes #5551
2021-03-24 10:19:40 +01:00
Claire 034f37b85a
Fix compose form behavior in mobile view (#15555)
* Fix ComposeForm being mounted twice in mobile view

Fixes #13094

* Fix compose form focus and pre-selection behavior in mobile view

* Split _updateFocusAndSelection out of componentDidUpdate
2021-03-24 10:19:07 +01:00
dependabot[bot] c3aef491d6
Bump react-select from 3.2.0 to 4.0.2 (#15624)
* Bump react-select from 3.2.0 to 4.0.2

Bumps [react-select](https://github.com/JedWatson/react-select) from 3.2.0 to 4.0.2.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.2.0...react-select@4.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

* Add cacheKey to NonceProvider for react-select

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-03-22 15:41:47 +09:00
Claire 876840e9ef
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire 051efed5ed
Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
2021-03-19 23:48:47 +01:00
Claire 5d48402be1
Fixing the hero widget (#15926)
* Removing last-child padding conflicts with light theme in hero widget

* Add missing background color to widget

* Reset widget.scss to default

* Hope this works

Co-authored-by: koyu <me@koyu.space>
2021-03-19 20:23:32 +01:00
Claire 39a490c70e
Fix custom CSS when CDN_HOST is set (#15927) 2021-03-19 20:23:08 +01:00
Eugen Rochko af8fe6e1e9
WIP (#15222) 2021-03-19 17:15:36 +01:00
Claire 2bb573d021 Messing around with box-shadow
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-19 14:47:57 +01:00
Claire e71f4d468b Add more button states?
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-19 14:47:54 +01:00
Claire 200d7a1708 Change notification settings UI to be more compact
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-19 14:47:06 +01:00
Claire 3b7b607300 Migrate glitch-soc local notification settings to upstream system 2021-03-19 13:57:36 +01:00
Claire db6551ec09 Add option to opt out of unread notification markers
Port 55ac2b9c60 to glitch-soc
2021-03-19 13:57:32 +01:00
Claire 3ad6ef72cb Merge branch 'main' into glitch-soc/merge-upstream 2021-03-19 13:57:15 +01:00
Claire 741d0952b1
Improve account counters handling (#15913)
* Improve account counters handling

* Use ActiveRecord::Base::sanitize_sql to pass values instead of interpolating them

Keep using string interpolation for `key` as it is safe and using
“ActiveRecord::Base::sanitize_sql_hash_for_assignment” would require stitching
bits of SQL in a way that is not more easily checked for safety.

* Add migration hook to catch PostgreSQL versions earlier than 9.5
2021-03-19 13:14:57 +01:00
Claire b358229834
Further preparation for Rails 6 (#15916)
* Use ActiveRecord::Result#to_ary instead of deprecated to_hash

They do the same thing, and to_hash has been removed from Rails 6.1

* Explicitly name polymorphic indexes to workaround a bug in Rails 6.1

cf. https://github.com/rails/rails/issues/41693

* Fix incorrect usage of “foreign_key” in migration script

* Use `ActiveModel::Errors#delete` instead of deprecated clear method

* Fix link headers tests on Rails 6.1

Rails 6.1 adds values to the Link header by default, thus it is not a
LinkHeader object anymore. Fix the test to parse the Link header instead
of assuming it is a LinkHeader.
2021-03-19 02:45:34 +01:00
Claire 55ac2b9c60
Add option to opt out of unread notification markers (#15842)
Fixes #15133
2021-03-19 02:44:57 +01:00
Claire a4dcaef53b
Prepare Mastodon for zeitwerk autoloader (#15917)
* Prepare Mastodon for zeitwerk autoloader (Rails 6)

Add inflections and rename/move a few classes.

In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.

* Add inflection for Url → URL
2021-03-19 02:42:43 +01:00
Claire 5027abecd1
Fix cache_collection crashing when given an empty collection (#15921)
* Fix cache_collection crashing when given an empty collection

* Add tests
2021-03-18 00:41:32 +01:00
Claire 43eff898a0
Prepare Mastodon for Rails 6 (#15911)
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
2021-03-17 10:09:55 +01:00
Claire eac4a3e9c8 Merge branch 'main' into glitch-soc/merge-upstream 2021-03-15 11:26:59 +01:00
Eugen Rochko e89e976e92
Fix configuration for sidekiq-unique-jobs after 7.x upgrade (#15908)
Remove locks from scheduled jobs
2021-03-15 11:17:43 +01:00
Filipe Rodrigues 3dc94d9f91
Fix reference to non-existing translation in the exports page. (#15894)
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.

This issue was introduced in commit dcd86204 (PR #14956).

(h/t @meqif for helping with figuring out the bug)
2021-03-15 02:17:29 +01:00
Claire 995ad2af30 Fix DM timeline failing to load from database 2021-03-12 23:17:34 +01:00
Claire 1b02d29be5
Fix not being able to change world filter expiration back to “Never” (#15858)
Fixes #15849
2021-03-12 05:25:50 +01:00
Claire 5cc45d22d3
Remove subscription_expires_at leftover from OStatus (#15857) 2021-03-12 05:25:24 +01:00
Claire 1b6a21e6bc Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/validators/status_length_validator.rb`:
  Conflict due to glitch-soc's configurable maximum toot chars.
  Ported upstream changes.
2021-03-11 16:08:15 +01:00
Claire 67c5cdea40
Fix some ignored brakeman warnings (#15829) 2021-03-07 07:06:56 +01:00
Claire 318efa49de Fix various CodeClimate warnings 2021-03-06 14:51:53 +01:00
Claire 5614e6724e
Fix URL scanning in note length validator and preview card fetching (#15827)
* Add tests

* Fix URL scanning in note length validator and preview card fetching
2021-03-04 00:12:26 +01:00
Claire 7336276252 [Glitch] Update twitter-text from 1.14 to 3.1.0 and fix toot character counting
Port 65db262550 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-02 12:37:23 +01:00
Claire 7cffe8dca7 [Glitch] Add borders to 📱 and 📲 emojis
Port a8139ab016 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-02 12:27:29 +01:00
Claire 974ddc28a3 [Glitch] Fix WebUI crashing when SVG support is disabled
Port 0635c8760d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-03-02 12:26:12 +01:00
Claire d8fdbb054e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/validators/status_length_validator.rb`:
  Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real
  conflict.
  Applied upstream changes.
- `package.json`:
  glitch-soc-only dependency textually too close to a dependency updated
  upstream, not a real conflict.
  Applied upstream changes.
2021-03-02 12:06:58 +01:00
Claire 65db262550
Update twitter-text from 1.14 to 3.1.0 and fix toot character counting (#15382)
* Update twitter-text from 1.14 to 3.1.0

* Disable emoji parsing

* Properly depend on twitter-text for url detection

* Fix some URLs being wrongly detected client-side

* Add test for server-side validation of non-autolinkable URLs

* Fix server-side status length counting
2021-03-02 12:02:56 +01:00
Claire a8139ab016
Add borders to 📱 and 📲 emojis (#15794) 2021-03-01 21:22:54 +01:00
Eugen Rochko ee1119208c
Add POST /api/v1/emails/confirmations to REST API (#15816)
Only available to the application the user originally signed-up with
2021-03-01 18:39:47 +01:00
Eugen Rochko 9aa37b32c3
Add details to error response for POST /api/v1/accounts in REST API (#15803) 2021-03-01 04:59:13 +01:00
Claire 0635c8760d
Fix WebUI crashing when SVG support is disabled (#15809)
Fixes #14910
2021-02-28 01:01:34 +01:00
Claire 75189af528
Fix crash on receiving requests with missing Digest header (#15782)
* Fix crash on receiving requests with missing Digest header

Return an error pointing out that Digest is missing, instead of crashing.

Fixes #15743

* Fix from review feedback
2021-02-26 17:40:27 +01:00
Claire 4f19504986
Add inline description of moderation actions in moderation interface (#15792) 2021-02-24 16:53:16 +01:00
Claire 5f4c0b79c2
Change ResolveAccountService's handling of skip_webfinger (#15750)
* Change ResolveAccountService's handling of skip_webfinger

Change it so it never makes any webfinger query, as the name would imply.

* Add tests

* Change FollowService to not take an URI for target_account

* Restore domain-block check in FollowService

* Fix tests
2021-02-24 06:32:13 +01:00
Claire 1b50ac08c1
Fix server rules not being displayed if extended server discription isn't set (#15778) 2021-02-22 18:26:24 +01:00
abcang 6ae04d990c [Glitch] Fix default searchTokens
Port 2127f40e6b to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-22 15:47:17 +01:00
Eugen Rochko 24fb5d7572 [Glitch] Add server rules
Port SCSS changes from 8331fdf7e0 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-22 15:45:28 +01:00
Claire 679642e26c Merge branch 'main' into glitch-soc/merge-upstream 2021-02-22 15:23:46 +01:00
abcang 2127f40e6b
Fix default searchTokens (#15775) 2021-02-22 11:26:08 +01:00
Eugen Rochko 8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Justin Tracey c9e8e1739c
replace all instances of "ends_with?" with "end_with?" (#15745)
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
Eugen Rochko e31ed27485
Add GET /api/v1/accounts/lookup REST API (#15740) 2021-02-16 15:28:32 +01:00
Claire 49eef466b8 [Glitch] Add dropdown for boost privacy in boost confirmation modal
Port 07b46cb332 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 12:31:49 +01:00
Claire 9213b02656 Refactor privacy dropdown to have an interface closer to upstream's 2021-02-12 12:04:04 +01:00
kaias1jp 847779b1e4 [Glitch] Fixed WebUI crash when a status opened in the media modal is deleted
Port 08ae116dc6 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:58:34 +01:00
Jeong Arm 8f24f7626a [Glitch] Use custom mascot on static share page
Port d499bb031f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:57:09 +01:00
Mélanie Chauvel 0e7484209c [Glitch] Slightly reorder three dots menu on toots to make it more intuitive
Port f5fefdc11a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:55:37 +01:00
Eugen Rochko 28f533f370 [Glitch] Change max. image dimensions to 1920x1080px (1080p)
Port acf1842896 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-02-12 10:46:00 +01:00
Claire 5e11f3a6e1 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/styles/mastodon/modal.scss`:
  For some reason we changed the file loading path in glitch-soc,
  but now upstream has completely changed how the logo is loaded.
  Applied upstream changes.
2021-02-12 10:28:32 +01:00
Eugen Rochko 15ced8728f
Refactor Api::Web::SettingsController (#15717) 2021-02-12 07:19:15 +01:00
Eugen Rochko f8972d4503
Fix YouTube embeds failing due to YouTube serving wrong OEmbed URLs (#15716) 2021-02-12 05:45:38 +01:00
kaias1jp 08ae116dc6
Fixed WebUI crash when a status opened in the media modal is deleted (#15701)
* Fixed picture in picture compatibility error in WebUI when status is deleted

* Revert "Fixed picture in picture compatibility error in WebUI when status is deleted"

This reverts commit f003b7d9d8.

* Close the modal display of the image when status is deleted

* Fixed the case statement before the default statement

* Removed unnecessary parts
2021-02-11 19:59:47 +01:00
Takeshi Umeda 7927959d8f
fix typo (#15705) 2021-02-11 06:22:11 +01:00
Cecylia Bocovich e79f8dd85c
Onion service related changes to HTTPS handling (#15560)
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
2021-02-11 04:40:13 +01:00
Jeong Arm d499bb031f
Use custom mascot on static share page (#15687)
* Use custom mascot on static share page

* Use full_asset_url
2021-02-11 02:18:56 +01:00
Claire be3b9f8151
Fix URI of repeat follow requests not being recorded (#15662)
* Fix URI of repeat follow requests not being recorded

In case we receive a “repeat” or “duplicate” follow request, we automatically
fast-forward the accept with the latest received Activity `id`, but we don't
record it.

In general, a “repeat” or “duplicate” follow request may happen if for some
reason (e.g. inconsistent handling of Block or Undo Accept activities, an
instance being brought back up from the dead, etc.) the local instance thought
the remote actor were following them while the remote actor thought otherwise.

In those cases, the remote instance does not know about the older Follow
activity `id`, so keeping that record serves no purpose, but knowing the most
recent one is useful if the remote implementation at some point refers to it
by `id` without inlining it.

* Add tests
2021-02-11 01:53:44 +01:00
Mélanie Chauvel f5fefdc11a
Slightly reorder three dots menu on toots to make it more intuitive (#15647)
* Slightly reorder three dots menu on toots to make it more intuitive

- Make “Pin to profile” always appear at the same place
- Add separator to group “Bookmark” and “Pin to profile”
- Fix separator being the first item in some cases

* Fix missing semicolon and keep status_action_bar.js and action_bar.js in sync
2021-02-11 01:05:04 +01:00
Claire 07b46cb332
Add dropdown for boost privacy in boost confirmation modal (#15704)
* Various dropdown code quality fixes

* Prepare support for privacy selection in boost modal

* Add dropdown for boost privacy in boost confirmation modal
2021-02-11 00:53:12 +01:00
Claire a30a40c437 Fix background color for favourite modal on DMs 2021-02-10 19:27:18 +01:00
Claire acdeb162b8
Create instance actor if it hasn't been properly seeded (#15693)
An uncommon but somewhat difficult to digagnose issue is dealing with
improperly-seeded databases. In such cases, instance-signed fetches will
fail with a ActiveRecord::RecordNotFound error, usually caught and handled
as generic 404, leading people to think the remote resource itself has not
been found, while it's the local instance actor that does not exist.

This commit changes the code so that failure to find the instance actor
automatically creates a new one, so that improperly-seeded databases do
not cause any issue.
2021-02-09 18:12:54 +01:00