Commit Graph

6328 Commits (dba4be1038063845a74e83aaa85d6ab08d5625dd)

Author SHA1 Message Date
Claire aa86cf9557
Fix opening the emoji picker scrolling the single-column view to the top (#17579)
Fixes #17577
2022-02-16 21:44:47 +01:00
Claire 00b45b967e
Fix edge case where settings/admin page sidebar would be incorrectly hidden (#17580) 2022-02-16 21:44:19 +01:00
Claire 8f537a1168
Change relays handling to not record boosts (#17571)
* Change relays handling to not record boosts

* Update tests
2022-02-16 14:36:44 +01:00
Claire 73fce8d311
Fix performance of server-side filtering (#17575)
Fixes #17567
2022-02-16 14:28:45 +01:00
Claire 793da08995
Change dasbhoard links for “new users” and “active users” (#17570)
Make them filter for local accounts by default
2022-02-16 13:17:28 +01:00
Eugen Rochko 564efd0651
Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Jeong Arm d39df35441
Fix admin statuses page order with media (#17538) 2022-02-14 16:07:04 +01:00
Jeong Arm 9a015e43ef
Add `from:` query operator to search syntax (#16526)
* Add 'by:userhandle' parameter to search api

* Use search syntax for "by" prefix

* Codeclimate

* Use 'from' instead of 'by'
2022-02-14 00:17:09 +01:00
Eugen Rochko bbd3474416
Fix privacy policy link not being visible on small screens (#17533)
Fix #17482
2022-02-13 02:52:34 +01:00
Eugen Rochko 6240466866
Fix duplicate accounts when searching by IP range in admin UI (#17524) 2022-02-13 01:58:26 +01:00
Claire 7396a254c1
Fix empty batch statuses selection causing a 500 error (#17532)
* Fix empty batch statuses selection causing a 500 error

* Simplify current_params
2022-02-12 19:52:17 +01:00
Claire 38845592c4
Fix controls for unchangeable properties on status edit not being disabled (#17531)
Fixes #17520
2022-02-12 19:00:33 +01:00
Eugen Rochko e848d281d5
Fix layout of the report page on smaller screens in admin UI (#17523)
Fix #17491
2022-02-12 01:08:23 +01:00
Jeong Arm ee47e2028b
Enable domain purge button on suspended domains too (#17209)
* Enable domain purge button on suspended domains too

* Change unless to if
2022-02-11 22:23:19 +01:00
Eugen Rochko 8f03b7a2fb
Add notifications when a reblogged status has been updated (#17404)
* Add notifications when a reblogged status has been updated

* Change wording to say "edit" instead of "update" and add missing controls

* Replace previous update notifications with the most up-to-date one
2022-02-11 22:20:19 +01:00
Eugen Rochko d0fcf07436
Change actions in reports to require only one click (#17487) 2022-02-11 21:51:57 +01:00
Eugen Rochko a27729ee48
Change reblogs to not count towards hashtag trends anymore (#17501) 2022-02-11 21:16:23 +01:00
Eugen Rochko c9a52833b6
Fix deletes not being signed in authorized fetch mode (#17484)
Fix #17483
2022-02-11 14:52:45 +01:00
Claire d4e6774a0c
Fix Undo Announce sometimes inlining the originally Announced status (#17516)
* Change tests to have more specific expectations on sent ActivityPub payloads

* Check that payload doesn't actually contain the contents of the boosted toot

* Fix Undo Announce sometimes inlining the originally Announced status
2022-02-11 14:52:07 +01:00
Eugen Rochko 6f38765fcc
New Crowdin updates (#16858)
* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations simple_form.en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations simple_form.en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations devise.en.yml (French)
[ci skip]

* New translations devise.en.yml (French)
[ci skip]

* New translations activerecord.en.yml (French)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Hebrew)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations activerecord.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations doorkeeper.en.yml (Slovenian)
[ci skip]

* New translations activerecord.en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations devise.en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations devise.en.yml (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations doorkeeper.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations devise.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations doorkeeper.en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations simple_form.en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations simple_form.en.yml (Thai)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Armenian)
[ci skip]

* New translations en.yml (Georgian)
[ci skip]

* New translations en.yml (Lithuanian)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Norwegian)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Albanian)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (Serbian (Cyrillic))
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Finnish)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.yml (Romanian)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Spanish, Mexico)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.yml (Sardinian)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Sorani (Kurdish))
[ci skip]

* New translations en.yml (Kurmanji (Kurdish))
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.yml (Welsh)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Estonian)
[ci skip]

* New translations en.yml (Kazakh)
[ci skip]

* New translations en.yml (Norwegian Nynorsk)
[ci skip]

* New translations en.yml (Kurmanji (Kurdish))
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Albanian)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations en.yml (Spanish, Mexico)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Kurmanji (Kurdish))
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations simple_form.en.yml (Polish)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* Ran `i18n-tasks normalize`

* Ran `yarn manage:translations`

* Add space

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-11 04:50:27 +01:00
Eugen Rochko 3dc1e3cfc3
Chore: Disable menu items for editing statuses in web UI (#17497)
Feature must be unlocked in a separate release for max. compatibility
2022-02-10 15:28:53 +01:00
Claire da91b18a8b
Fix NoMethodError in StatusUpdateDistributionWorker (#17499)
* Add tests

* Fix NoMethodError in StatusUpdateDistributionWorker

* Fix tests
2022-02-10 14:57:10 +01:00
Claire 63854bee6c
Fix poll votes not being properly reset on poll change (#17498)
* Fix poll votes not being properly reset on poll change

* Fix and add tests

* Fix poll update handling when the number of options changes
2022-02-10 14:26:54 +01:00
Eugen Rochko 1bfcb75105
Fix outdated iso-639 reference in update status service (#17496) 2022-02-10 03:09:44 +01:00
Eugen Rochko 63002cde03
Add editing for published statuses (#17320)
* Add editing for published statuses

* Fix change of multiple-choice boolean in poll not resetting votes

* Remove the ability to update existing media attachments for now
2022-02-10 00:15:30 +01:00
Eugen Rochko 2f8159baad
Add `category` and `rule_ids` params to `POST /api/v1/reports` (#17492) 2022-02-10 00:10:16 +01:00
Eugen Rochko 3aebe711fd
Change languages to be listed under standard instead of native name in admin UI (#17485) 2022-02-09 04:15:38 +01:00
Eugen Rochko fd3a45e348
Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Eugen Rochko 2adcad04ff
Fix error in suggestions API due to typo (#17486)
Regression from #17479
2022-02-08 22:23:04 +01:00
Eugen Rochko b6d7726ecb
Remove language detection through cld3 (#17478)
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Eugen Rochko 85b86fe28c
Add global `locale` param (#17464)
- Remove the session-based locale stickyness
2022-02-08 02:34:56 +01:00
Eugen Rochko 35850f8195
Fix localization of cold-start follow recommendations (#17479) 2022-02-08 01:53:49 +01:00
Claire 52c1b86964
Fix Ruby 2.5 incompatibility (#17465) 2022-02-07 19:57:06 +01:00
Eugen Rochko f1f6ddd536
Fix structured data parsing from links choking on bad data (#17403)
* Fix structured data parsing from links choking on bad data

- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag

* Remove unnecessary slash escapes from CDATA regex pattern
2022-02-07 18:16:31 +01:00
Claire 73a782391c
Fix replies collection incorrectly looping (#17462)
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
2022-02-07 17:06:43 +01:00
Claire 0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor (#17460) 2022-02-07 13:14:48 +01:00
Claire 92658f0fb0
Fix instance actor not being dereferenceable (#17457)
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
2022-02-06 15:31:03 +01:00
Eugen Rochko e03e7ac290
Fix error on account relationships page in admin UI (#17444) 2022-02-05 05:06:34 +01:00
Claire c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428) 2022-02-03 14:09:04 +01:00
Claire 948235592a
Fix response_to_recipient? CTE (#17427) 2022-02-03 14:07:43 +01:00
Claire d1ecc323e7
Compact JSON-LD signed incoming activities (#17426)
Co-authored-by: Puck Meerburg <puck@puck.moe>
2022-02-03 14:07:29 +01:00
Claire 987d88ea56
Fix requiring an extra restart after recent post-deployment migrations (#17422)
Follow-up to #16409
2022-02-01 20:57:39 +01:00
Claire f5639e1cbe
Change public profile pages to be disabled for unconfirmed users (#17385)
Fixes #17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
2022-01-28 14:24:37 +01:00
Claire 03d59340da
Fix Sidekiq warnings about JSON serialization (#17381)
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
2022-01-28 00:43:56 +01:00
Claire 166cc5b89d
Fix local distribution of edited statuses (#17380)
Because `FanOutOnWriteService#update?` was broken, edits were considered as new
toots and a regular `update` payload was sent.
2022-01-26 20:53:50 +01:00
Eugen Rochko 6505b39e5d
Fix poll updates being saved as status edits (#17373)
Fix #17344
2022-01-26 18:05:39 +01:00
Claire dd63923c0a
Fix link_to_login argument handling when a block is passed (#17345) 2022-01-24 03:29:03 +01:00
Claire 0a120d86d2
Fix error-prone SQL queries (#15828)
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-23 18:10:10 +01:00
Claire a63495230a
Change `percent` to `rate` in retention metrics API (#16910) 2022-01-23 16:01:25 +01:00
Claire bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire cfa583fa71
Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)
Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2022-01-23 15:50:41 +01:00
Claire 8a07ecd377
Remove leftover database columns from Devise::Models::Rememberable (#17191)
* Remove leftover database columns from Devise::Models::Rememberable

* Update fix-duplication maintenance script

* Improve errors/warnings in the fix-duplicates maintenance script
2022-01-23 15:46:30 +01:00
Claire 3a103cd317
Fix text being incorrectly pre-selected in composer textarea on /share (#17339)
Fixes #17295
2022-01-20 20:56:21 +01:00
Claire 6eea3f8f9c
Add post edited notice in admin and public UIs (#17335)
* Add edited toot flag on public pages

* Add toot edit flag to admin pages
2022-01-20 13:37:31 +01:00
Eugen Rochko 9eb775a9d1
Fix error when using raw distribution worker (#17334)
Regression from #16697
2022-01-19 23:05:59 +01:00
Eugen Rochko d412a8d1f2
Fix error when processing poll updates (#17333)
Regression from #16697
2022-01-19 22:50:01 +01:00
Eugen Rochko 1060666c58
Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Jeong Arm 2d1f082bb6
Fix NameError on ActivityPub::FetchFeaturedCollectionService (#17326)
Related: #16954
2022-01-19 04:08:46 +01:00
Claire c60f8ce032
Fix `pinned` attribute not being set for private self-posts (#17304) 2022-01-17 11:59:46 +01:00
Eugen Rochko 14f436c457
Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire d5c9feb7b7
Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Claire 081e4426f8
Fix admin interface crash when displaying deleted user (#17301) 2022-01-16 20:57:37 +01:00
Eugen Rochko 8e84ebf0cb
Remove IP tracking columns from users table (#16409) 2022-01-16 13:23:50 +01:00
Jeong Arm bc7a8ae6d6
Gradually increase retry waiting for media processing (#17271) 2022-01-10 14:25:08 +01:00
Jeong Arm d3db2eb7fb
Remove custom emojis on domain purge (#17210) 2021-12-30 08:41:09 +01:00
Claire 37e80994f8
Fix media descriptions not being used for client-side filtering (#17206)
Fix oversight in #13837
2021-12-28 23:25:50 +01:00
Eugen Rochko fe71548844
Fix warnings on Rails boot (#16946) 2021-12-27 00:47:20 +01:00
Rens Groothuijsen e65080181a
Fix tag rendering error in hashtag column settings (#17184)
* Flatten tags in configuration to regular array before converting to JSON

* Render filter tags using toJS instead of toJSON
2021-12-26 19:22:05 +01:00
Jeong Arm 720e8ab0f5
Fix duplicate record on admin/accounts when searching with IP (#17150) 2021-12-21 00:17:14 +01:00
Claire 76761d5fc0
Add ability for admins to delete canonical email blocks (#16644)
* Add admin option to remove canonical email blocks from a deleted account

* Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17 23:02:14 +01:00
Claire 7f803c41e2
Add ability to purge undeliverable domains from admin interface (#16686)
* Add ability to purge undeliverable domains from admin interface

* Add tests
2021-12-17 23:01:21 +01:00
Claire 0c17fd9109
Change title of retention chart (#16909)
Changes from “Retention” to “User retention rate by month after sign-up”.
This should make it much clearer to people not familiar with retention charts
what it actually means.
2021-12-17 23:00:41 +01:00
Claire 40f202c1e5
Change list title input styling (#17092) 2021-12-17 23:00:05 +01:00
David Sterry 2aafa5b4e7
ignore hashtag suggestions if they vary only in case (#16460)
* ignore hashtag suggestions if they vary only in case

* remove console.logs and unused args

* consistently add space when dismissing suggestions

* linting
2021-12-15 23:47:19 +01:00
Takeshi Umeda bda8e4f815
Fix follow recommendation biased towards older accounts (#17126) 2021-12-13 23:21:14 +01:00
Eugen Rochko fe45184b36
Change trending hashtags threshold back from 15 to 5 (#17122) 2021-12-13 05:32:29 +01:00
heguro 41503507ec
Fix redirection when succeeded WebAuthn (#17098) 2021-12-05 21:50:12 +01:00
Rens Groothuijsen 66baa629ea
Show correct error message if chosen password is too long (#17082)
* Add correct error message for exceeding max length on password confirmation field

* Code style fixes
2021-12-05 21:49:50 +01:00
Eugen Rochko 0fb9536d38
Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
Eugen Rochko a458b74c7e
Fix error on trending mailer due to missing constant (#17072) 2021-11-29 17:39:40 +01:00
Jeong Arm 4a109ec1ba
Fix server graph on admin/tags/:id (#17066) 2021-11-28 23:13:07 +01:00
Jeong Arm 1c826471e7
Fix admin statuses order(#16937) (#16969)
* Fix #16937

* Add test for statuses order
2021-11-26 22:12:27 +01:00
Claire 3f382e337d
Fix searching for additional hashtags in hashtag column (#17054) 2021-11-26 22:11:09 +01:00
Claire 1630807ee2
Fix color of hashtag column settings inputs (#17058)
Fixes #17057
2021-11-26 22:09:11 +01:00
Claire ddcb9da74f
Fix opening wrong profile when clicking on username of boosting user in WebUI (#17060)
Fixes #16799
2021-11-26 22:04:09 +01:00
Eugen Rochko 7de0ee7aba
Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Eugen Rochko 12b3ff6c6d
Fix error on trending hashtags/links pages in admin UI due to missing constant (#17044) 2021-11-26 01:12:39 +01:00
Claire b1fd6d4490
Fix handling of recursive toots in WebUI (#17041) 2021-11-25 23:46:39 +01:00
Claire 013bee6afb
Fix filtering DMs from non-followed users (#17042) 2021-11-25 23:46:30 +01:00
Eugen Rochko 6e50134a42
Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Claire 02a87431cf
Fix error when suspending user with an already-existing canonical email block (#17036)
* Fix error when suspending user with an already-existing canonical email block

Fixes #17033

While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.

A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.

* Add tests
2021-11-24 17:41:03 +01:00
Claire db32835338
Fix overflow of long profile fields in admin view (#17010) 2021-11-19 18:22:49 +01:00
Claire 6159020617
Fix background-color of emoji-mart selector (#17011)
Reverts part of #16907 to fix hardcoded color
2021-11-19 18:21:37 +01:00
Takeshi Umeda 3419d3ec84
Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915)
* Bump chewy from 5.2.0 to 7.2.2

* fix style (codeclimate)

* fix style

* fix style

* Bump chewy from 7.2.2 to 7.2.3
2021-11-18 22:02:08 +01:00
Mashiro 2b6a25c609
Add lazy load to emoji-mart (#16907)
* perf: lazyload emoji-mart!

* Bump lazyload
2021-11-18 22:01:31 +01:00
Claire 3517867b76
Fix confusing error when webfinger request returns empty document (#16986)
For some reason, some misconfigured servers return an empty document when
queried over webfinger. Since an empty document does not lead to a parse
error, the error is not caught properly and triggers uncaught exceptions
later on.

This PR fixes that by immediately erroring out with `Webfinger::Error` on
getting an empty response.
2021-11-14 21:55:40 +01:00
Eugen Rochko 5d7c852283
Fix no link previews being generated for pages with invalid structured data (#16979)
Fix #16955
2021-11-13 23:07:13 +01:00
Claire ef8deb0878
Fix OpenGraph/LinkedData embeds having incorrectly-generated iframes (#16978) 2021-11-13 03:30:27 +01:00
Claire 6da135a493
Fix reviving revoked sessions and invalidating login (#16943)
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:13:58 +01:00
Claire 87085a5152
Fix AccountNote not having a maximum length (#16942) 2021-11-06 00:12:25 +01:00