Commit Graph

5241 Commits (778562c223844226a52198100dc081811bdd9d35)

Author SHA1 Message Date
Akihiko Odaki 9b8a448477 Isolate each specs for cache store (#6450)
The cache store is explicitly used by some specs, but they were not
isolated and therefore not reliable. This fixes the issue by clearing
the cache after each specs.
2018-02-17 22:35:05 +01:00
Eugen Rochko a71af98401
Push discovered status through streaming API within a time window (#6484)
Time window of 6 hours
2018-02-17 14:28:48 +01:00
Akihiko Odaki a7c50c7aba Limit the languages used for notification mailer test (#6487)
Some available languages lack translations for notification mails. Now it
tests for two languages which is certain to have required translations:
German and English.

German is the language the current project owner, Eugen Rochko speaks, and
providing English translations for new messages is de facto mandatory.
2018-02-17 14:27:51 +01:00
Simó Albert i Beltran c770b503c0 Fix Spanish translation of remote_follow acct (#6475) 2018-02-17 03:53:38 +09:00
Simó Albert i Beltran ffdf0f2ff6 Fix Catalan translation of remote_follow acct (#6476) 2018-02-16 19:15:56 +01:00
Daniel Hunsaker eb3262b941 [Nanobox] Fix backups for file storage (#6483) 2018-02-16 17:10:01 +01:00
Eugen Rochko 9dbae6e8a1
Save video metadata and improve video OpenGraph tags (#6481)
* Save metadata from video attachments, put correct dimensions into OG tags

* Add twitter:player for videos

* Fix code style and test
2018-02-16 07:22:20 +01:00
Eugen Rochko 1122579216
Do not hide NSFW media/CW'd text in OpenGraph tags (#6479)
Reasoning: HTML title tag affects everyone. But OpenGraph only affects
when somebody is deliberately sharing the content, usually in an
environment where such content is expected. Hiding the content in
OpenGraph tags results in deceitful previews which inhibit the
shareability of the post.

Example: Somebody writes a clever post about politics but kindly
puts a "uspol" content warning on it. Mastodon users are thankful,
but sharing this post on another platform results in non-Mastodon
users believing the entire contents of the post is "uspol" and not
clicking through/reading and re-sharing.
2018-02-16 04:40:53 +01:00
Eugen Rochko 478ca39e5e
After click to embed video, autoplay it (#6480) 2018-02-15 23:05:12 +01:00
Eugen Rochko f7765acf9d
Fix #5173: Click card to embed external content (#6471) 2018-02-15 07:04:28 +01:00
abcang ecdac9017e Fix media button type (#6478) 2018-02-15 04:40:42 +01:00
Marcin Mikołajczak ba8ec4eed6 i18n: Update Polish translation (#6470)
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
2018-02-14 07:55:45 +09:00
Daniel King 6ef3874b2e Fix URLs incorrectly having trailing hyphen removed (#6465)
In cases where a URL has a trailing hyphen the FetchLinkCardService incorrectly removes the hyphen when it is parsed

The hyphen is not a reserved character in the URI spec https://tools.ietf.org/html/rfc3986#section-2.2
2018-02-11 23:49:18 +01:00
Eugen Rochko e20700fe8f
Fix Chewy trying to update index with the wrong strategy (#6464) 2018-02-11 22:59:44 +01:00
Eugen Rochko cf36d184f4
Interactive `rake mastodon:setup` task (#6451)
* Add better CLI prompt

* Add rake mastodon:setup interactive wizard

* Test db/redis/smtp configurations and add admin user at the end

* Test database connection even when database does not exist yet
2018-02-11 18:40:57 +01:00
Kazushige Tominaga 718802a05d Added FetchRemoteAccountService spec (#6456)
* Added #link_header spec

* Added #call spec

* Delete spec of private methods

* Added #call spec
2018-02-10 17:10:57 +01:00
ThibG 411c9ecb4b Fix password recovery (#6459)
* Fix password recovery

* Use “resource” instead of “current_user”
2018-02-10 17:09:44 +01:00
Kazushige Tominaga cbe8743e47 Added #call spec (#6455)
* Added #link_header spec

* Added #call spec

* Delete spec of private methods
2018-02-10 03:31:38 +01:00
Eugen Rochko 3ebc0ad4d3
Full-text search for authorized statuses (#6423)
* Add full-text search for authorized statuses

- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index

Fix #5880
Fix #4293
Fix #1152

* Add commented out docker-compose configuration for ES container

* Optimize index import, filter search results

* Add basic normalization to the index

* Add better stemming and normalization to the index

* Skip webfinger request if search query includes both @ and a space

* Fix code style

* Visually separate search result sections

* Fix code style issues
2018-02-09 23:04:47 +01:00
masarakki 235c14c79d fix-indent (#6453) 2018-02-09 15:29:48 +01:00
Eugen Rochko 2ef9d0e101
Change web UI "posts" to "toots" on profile for consistency (#6447) 2018-02-09 00:27:18 +01:00
Eugen Rochko 76f3d5d16b
Add preference to always display sensitive media (#6448) 2018-02-09 00:26:57 +01:00
Kazushige Tominaga 1167c6dbf8 Perform request spec (#6446)
* Added #link_header spec

* Added #perform_request spec
2018-02-09 08:12:35 +09:00
abcang 298c81c00f Clear account cache of notification target_status (#6442) 2018-02-08 15:33:23 +01:00
abcang cf32f7da5c Fix response of signature_verification_failure_reason (#6441) 2018-02-08 05:00:45 +01:00
Kazushige Tominaga 2bb393684b Added #link_header spec (#6439) 2018-02-08 08:17:53 +09:00
Akihiko Odaki 67f7ffa792 Change user_id column non-nullable (#6435) 2018-02-07 16:35:44 +01:00
Daniel King 95c8232109 match hashtag regex in js client with server (#6431)
the slight mismatch in hashtag regex between js and ruby was causing
hashtag warning to be displayed for unlisted tweets when an invalid
hashtag was entered

exact version of ruby regex not possible in js as POSIX bracket
expressions are not supported, this version approximates and doesn't
give same unicode support
2018-02-05 02:44:13 +01:00
Eugen Rochko 38e0133e1b
Make PAM gem optional, allow configuration over environment (#6415) 2018-02-04 15:05:53 +01:00
abcang 9b6223f5e2 Validation of count works even when text of status is nil (#6429) 2018-02-04 12:32:41 +01:00
abcang 3f35d43222 Exclude nil from relationships array (#6427) 2018-02-04 12:32:10 +01:00
abcang c156a83e7d Make sure status is not nil (#6428) 2018-02-04 12:31:46 +01:00
Daniel King 258dcb849f Upgrade Vagrant box to Xenial (#6421)
* upgrade vagrant box to xenial

this allows the redis version to be upgraded to support the new redis
features used in the activity tracker

* add libpam0g package to vagrant box

this is required for native extensions of gems to build after the
addition of PAM support was added in #5303
2018-02-04 06:03:01 +01:00
Renato "Lond" Cerqueira 4e4f1b0dcb Add option to show only local toots in timeline preview (#6292)
* Add option to show only local toots in timeline preview
Right know, toots from all the known fediverse are shown in the main
page of an instance. That however doesn't reflect the instance itself.
With this option the admin may choose to display only local toots so
that users checking the instance get a better idea of internal
conversations.

* Fix issues pointed by codeclimate and eslint

* Add default message for community timeline

* Update pl.yml
2018-02-04 06:00:10 +01:00
Eugen Rochko 26f21fd5a0
CAS + SAML authentication feature (#6425)
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
2018-02-04 05:42:13 +01:00
Akihiko Odaki 9da81a1639 Isolate internal services from external networks in Docker configuration (#6369)
The database and Redis do not need external connections, so isolate them
and prevent unauthorized access.
2018-02-03 18:44:22 +01:00
takayamaki d75d2a9f99 fix ColumnBackButtonSlim should extended from ColumnBackButton (#6417) 2018-02-03 18:41:51 +01:00
Akihiko Odaki f7bf36d8fc Require environment for generate_static_pages (#6420)
It is required for ApplicationController.
2018-02-03 18:41:01 +01:00
abcang 33f56811e3 Fix column header button (#6411) 2018-02-02 13:31:28 +01:00
abcang 7e5c433dfc Fix saving of oEmbed image (#6409) 2018-02-02 11:57:59 +01:00
Akihiko Odaki c1efe0aa1d Set minimum height for mastodon on drawer (#6142) 2018-02-02 11:56:50 +01:00
ThibG ac1093256c Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207) 2018-02-02 10:54:04 +01:00
Charlotte Fields af40824998 moved save button (#3792)
* moved save button

* added save back to the bottom

* Update show.html.haml
2018-02-02 10:45:43 +01:00
Akihiko Odaki 77dd9e7d27 Remove wave from list drawer (#6381) 2018-02-02 10:32:41 +01:00
Akihiko Odaki 5da5c65db8 Unify links container implementation in about pages (#6382)
They were redundant, and also had a inconsistency; the button for
"other instances" had an icon for the external link in "more" page, but
it didn't in the other pages.

This unifies the implementation, and the external link icon is now shown
in all the about pages.
2018-02-02 10:32:21 +01:00
Akihiko Odaki 0be9a1e321 Accept ActivityPub announce from the author of the original note (#6236) 2018-02-02 10:22:15 +01:00
puckipedia 8e4cf6282b Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) 2018-02-02 10:19:59 +01:00
Alexander 04fef7b888 pam authentication (#5303)
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
2018-02-02 10:18:55 +01:00
abcang 1afc70c990 Fix mistake in cache deletion (#6408) 2018-02-02 10:10:18 +01:00
Rob Watson f4bd51da1e Upgrade Paperclip > 5.2.1 (#6404)
Mitigation for CVE-2017-0889.

https://www.cvedetails.com/cve/CVE-2017-0889/
https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8
2018-02-01 17:54:22 +01:00