Commit Graph

67 Commits (d8e0c8a89e1f1dd1c4ce1513deaeb3c85c6e4a42)

Author SHA1 Message Date
Eugen Rochko 3639862dee
Fix existing username validator not allowing multiple accounts (#16153)
Fix #16107
2021-05-04 14:22:04 +02:00
Eugen Rochko daccc07dc1
Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
Eugen Rochko b3ceb3dcc4
Add canonical e-mail blocks for suspended accounts (#16049)
Prevent new accounts from being created using the same underlying
e-mail as a suspended account using extensions and period
permutations. Stores e-mails as a SHA256 hash
2021-04-17 03:14:25 +02:00
Claire 051efed5ed
Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
2021-03-19 23:48:47 +01:00
Claire a4dcaef53b
Prepare Mastodon for zeitwerk autoloader (#15917)
* Prepare Mastodon for zeitwerk autoloader (Rails 6)

Add inflections and rename/move a few classes.

In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.

* Add inflection for Url → URL
2021-03-19 02:42:43 +01:00
Claire 5614e6724e
Fix URL scanning in note length validator and preview card fetching (#15827)
* Add tests

* Fix URL scanning in note length validator and preview card fetching
2021-03-04 00:12:26 +01:00
Claire 65db262550
Update twitter-text from 1.14 to 3.1.0 and fix toot character counting (#15382)
* Update twitter-text from 1.14 to 3.1.0

* Disable emoji parsing

* Properly depend on twitter-text for url detection

* Fix some URLs being wrongly detected client-side

* Add test for server-side validation of non-autolinkable URLs

* Fix server-side status length counting
2021-03-02 12:02:56 +01:00
Eugen Rochko 9aa37b32c3
Add `details` to error response for `POST /api/v1/accounts` in REST API (#15803) 2021-03-01 04:59:13 +01:00
luigi eb51e43fb4
Optimize some regex matching (#15528)
* Use Regex#match?

* Replace =~ too

* Avoid to call match? from Nil

* Keep value of Regexp.last_match
2021-01-22 10:09:08 +01:00
luigi 087ed84367
Optimize map { ... }.compact calls (#15513)
* Optimize map { ... }.compact

using Enumerable#filter_map, supported since Ruby 2.7

* Add poyfill for Enumerable#filter_map
2021-01-10 00:32:01 +01:00
Eugen Rochko eb35be0431
Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
ThibG 8d217d7231
Improve email address validation (#14565)
* Increase DNS timeout from 1 second to 5 seconds for MX check

1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.

* Add more precise error messages for invalid e-mail addresses
2020-08-12 12:40:25 +02:00
Eugen Rochko 5d8398c8b8
Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
Sasha Sorokin 37b3985bfa
Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.

Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
2020-04-02 17:10:55 +02:00
abcang 61a7390b66
Search account domain in lowercase (#13016)
* Search account domain in lowercase

* fix rubocop error

* fix spec/models/account_spec.rb
2020-02-01 15:42:24 +01:00
Eugen Rochko ae2198bd95
Fix validations of reactions limit (#12955) 2020-01-25 16:00:29 +01:00
Eugen Rochko f816da9c64
Add limit of 8 different reaction types per announcement (#12950) 2020-01-25 05:23:33 +01:00
Eugen Rochko f52c988e12
Add announcements (#12662)
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
ThibG d386d89179 Fix invalid votes from the API being accepted (#12601)
* Fix invalid votes from the API being accepted

Fixes #12556

- Ensure `choice` is an integer instead of silently converting to 0
- Ensure `choice` corresponds to an actual choice of the poll

* Please CodeClimate
2020-01-12 14:17:03 +01:00
Eugen Rochko b54b725d6b
Fix uncaught domain normalization error in remote follow (#11703) 2019-08-30 02:19:17 +02:00
Eugen Rochko bfca58d137
Fix encoding error when checking e-mail MX records (#11696) 2019-08-30 01:35:12 +02:00
Eugen Rochko 7a1f8a58df
Fix crash when saving invalid domain name (#11528)
Fix #7629
2019-08-08 23:04:19 +02:00
Eugen Rochko 115dab78f1
Change admin UI for hashtags and add back whitelisted trends (#11490)
Fix #271

Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.

When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.

The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.

The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
2019-08-05 19:54:29 +02:00
Rey Tucker 94f5c714f1 Don't delete periods when validating username uniqueness (#11392) (#11400)
* Check to make sure usernames with '.' cannot be created

* Add test for instance actor account name conflicts

This makes sure that migration 20190715164535_add_instance_actor
won't fail if there's already an account that is named the same
as the domain (minus the .)

* Put the test into the correct context...

* Add another test to split this into two validations

* Don't delete periods when validating username uniqueness (#11392)

The 20190715164535_add_instance_actor migration fails if there's
already a username similar to the domain name, e.g. if you are
'vulpine.club' and have a user named 'vulpineclub', validation
fails.

Upon further review, usernames with periods are dropped by the
regular expression in the Account class, so we don't need to
worry about it here.

Fixes #11392
2019-07-24 14:19:17 +02:00
ThibG ae18386558 Fix “invited by” not showing up for invited accounts in admin interface (#10791) 2019-05-19 21:40:36 +02:00
Eugen Rochko 7cb369d4c6
Change e-mail whitelist/blacklist to not be checked when invited (#10683)
* Change e-mail whitelist/blacklist to not be checked when invited

And only when creating an account, not when updating it later

Fix #10648

* Fix test
2019-05-03 23:44:44 +02:00
Eugen Rochko 400397c0c7
Change HTML validator to ignore all errors except unmatched tags (#10534) 2019-04-10 03:34:16 +02:00
Hinaloe 48f466daf1 Allow set the voting period to just 5 minutes (#10525)
* Add spec of PollValidator for #10190

* Raise fraction less than 1 second

* format

* simplify time initialize
2019-04-09 17:02:12 +02:00
Eugen Rochko 2c63e0292a
Fix admin validation being too strict about usernames (#10449)
* Fix admin validation being too strict about usernames

Fix #10446

* Strip Setting.site_contact_username consistently throughout the codebase
2019-04-06 17:53:17 +02:00
ThibG 0c46bd11aa Fix HTML validation (#10354)
* Fix HTML validation

* Report first HTML error instead on validation error
2019-03-26 17:33:26 +01:00
Eugen Rochko 555c4e11ba
Add validations to admin settings (#10348)
* Add validations to admin settings

- Validate correct HTML markup
- Validate presence of contact username & e-mail
- Validate that all usernames are valid
- Validate that enums have expected values

* Fix code style issue

* Fix tests
2019-03-23 14:07:04 +01:00
Eugen Rochko 5996be994d
Fix poll validation issues (#10186)
- Fix missing interpolation argument in PollValidator
- Fix PollValidator rejecting exact allowed min/max durations
2019-03-06 04:54:11 +01:00
ThibG f2a1b8b96b Widen allowed time windows for polls (#10162) 2019-03-04 22:46:38 +01:00
Eugen Rochko 8fe93b0701
Fix vote validation for polls with multiple choices (#10138) 2019-03-03 23:41:30 +01:00
Eugen Rochko 230a012f00
Add polls (#10111)
* Add polls

Fix #1629

* Add tests

* Fixes

* Change API for creating polls

* Use name instead of content for votes

* Remove poll validation for remote polls

* Add polls to public pages

* When updating the poll, update options just in case they were changed

* Fix public pages showing both poll and other media
2019-03-03 22:18:23 +01:00
Franck Zoccolo 4f0322dcae Add support for IPv6 only MXes in Email validation (#10009)
* Add support for IPv6 only MXes

* Fixed email validator tests
2019-02-12 14:48:04 +01:00
Eugen Rochko 45899cfa69
Change note length validation to ignore mention domains and URLs (#9717)
Fix #4419
2019-01-05 07:16:46 +01:00
ysksn 19abf4ef0b Add specs for UnreservedUsernameValidator (#9698)
* Add specs for UnreservedUsernameValidator

* Use instance variable
2019-01-03 13:10:02 +09:00
ysksn 05edec6917 Add specs for BlackListedEmailValidator (#9651)
* Add specs for BlackListedEmailValidator

* Use instance variable
2018-12-29 07:23:44 +01:00
ysksn 4725aeec9f Add specs for DisallowedHashtagsValidator (#9653)
In order to implement tests easier, `#select_tags` created.
2018-12-29 07:22:51 +01:00
ysksn ccb9c1b952 Add pending specs for StatusLengthValidator (#9647)
* Add pending specs of StatusLengthValidator

* Use instance variable
2018-12-28 08:18:47 +01:00
Eugen Rochko dbb1ee269f
Improve e-mail MX validator and add tests (#9489) 2018-12-10 22:53:25 +01:00
Eugen Rochko 7f4adfaf77
Fix follow limit validator reporting lower number past threshold (#9230)
* Fix follow limit validator reporting lower number past threshold

* Avoid floating point follow limit
2018-11-08 21:06:01 +01:00
Eugen Rochko a46ab86adf
Limit the number of people that can be followed from one account (#8807)
Configurable soft limit of 7,500, and above that, configurable
ratio of 1.1 * followers, controlled by:

- MAX_FOLLOWS_THRESHOLD
- MAX_FOLLOWS_RATIO

Fix #2311
2018-10-04 17:36:11 +02:00
abcang 9ad334f65c Call address instead of exchange (#8076) 2018-07-26 04:49:28 +02:00
Eugen Rochko 32a4b524fb
In e-mail validator, fallback from MX to A record (#7955)
Fix #7831
2018-07-05 20:57:24 +02:00
takayamaki 03f4c214b4 fix: Don't validate MX record in development (#7654) 2018-05-28 19:14:24 +02:00
Eugen Rochko 63c7b91572 Validate that e-mail resolves with MX and it's not blacklisted (#7631)
Original patch by @j-a4
2018-05-27 11:58:08 +09:00
Emelia Smith 60b871d56c Implement the ability for instances to define a list of disallowed hashtags (#7176)
The goal here isn't to prevent these hashtags from existing, but just to strongly curtail their usage; The hashtags may still exist in the database via federated status, or from being created prior to this feature.
2018-04-23 23:52:58 +02:00