Merge commit '9d8dfeb5fbbc274482489a3ac9f22dd736da156c' into glitch-soc/merge-upstream
Conflicts: - `app/javascript/packs/admin.jsx`: Changes applied to `app/javascript/core/admin.js` instead.main-rebase-security-fix
commit
1ad91dece8
|
@ -144,6 +144,10 @@ Rails.delegate(document, '#form_admin_settings_enable_bootstrap_timeline_account
|
|||
const onChangeRegistrationMode = (target) => {
|
||||
const enabled = target.value === 'approved';
|
||||
|
||||
[].forEach.call(document.querySelectorAll('.form_admin_settings_registrations_mode .warning-hint'), (warning_hint) => {
|
||||
warning_hint.style.display = target.value === 'open' ? 'inline' : 'none';
|
||||
});
|
||||
|
||||
[].forEach.call(document.querySelectorAll('#form_admin_settings_require_invite_text'), (input) => {
|
||||
input.disabled = !enabled;
|
||||
if (enabled) {
|
||||
|
|
|
@ -201,10 +201,15 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
value = first_of_value(@json[key])
|
||||
|
||||
return if value.nil?
|
||||
return value['url'] if value.is_a?(Hash)
|
||||
|
||||
image = fetch_resource_without_id_validation(value)
|
||||
image['url'] if image
|
||||
if value.is_a?(String)
|
||||
value = fetch_resource_without_id_validation(value)
|
||||
return if value.nil?
|
||||
end
|
||||
|
||||
value = first_of_value(value['url']) if value.is_a?(Hash) && value['type'] == 'Image'
|
||||
value = value['href'] if value.is_a?(Hash)
|
||||
value if value.is_a?(String)
|
||||
end
|
||||
|
||||
def public_key
|
||||
|
|
|
@ -10,9 +10,11 @@
|
|||
|
||||
%p.lead= t('admin.settings.registrations.preamble')
|
||||
|
||||
.flash-message= t('admin.settings.registrations.moderation_recommandation')
|
||||
|
||||
.fields-row
|
||||
.fields-row__column.fields-row__column-6.fields-group
|
||||
= f.input :registrations_mode, collection: %w(open approved none), wrapper: :with_label, include_blank: false, label_method: ->(mode) { I18n.t("admin.settings.registrations_mode.modes.#{mode}") }
|
||||
= f.input :registrations_mode, collection: %w(open approved none), wrapper: :with_label, include_blank: false, label_method: ->(mode) { I18n.t("admin.settings.registrations_mode.modes.#{mode}") }, warning_hint: I18n.t('admin.settings.registrations_mode.warning_hint')
|
||||
|
||||
.fields-row__column.fields-row__column-6.fields-group
|
||||
= f.input :require_invite_text, as: :boolean, wrapper: :with_label, disabled: !approved_registrations?
|
||||
|
|
|
@ -767,6 +767,7 @@ en:
|
|||
disabled: To no one
|
||||
users: To logged-in local users
|
||||
registrations:
|
||||
moderation_recommandation: Please make sure you have an adequate and reactive moderation team before you open registrations to everyone!
|
||||
preamble: Control who can create an account on your server.
|
||||
title: Registrations
|
||||
registrations_mode:
|
||||
|
@ -774,6 +775,7 @@ en:
|
|||
approved: Approval required for sign up
|
||||
none: Nobody can sign up
|
||||
open: Anyone can sign up
|
||||
warning_hint: We recommend using “Approval required for sign up” unless you are confident your moderation team can handle spam and malicious registrations in a timely fashion.
|
||||
security:
|
||||
authorized_fetch: Require authentication from federated servers
|
||||
authorized_fetch_hint: Requiring authentication from federated servers enables stricter enforcement of both user-level and server-level blocks. However, this comes at the cost of a performance penalty, reduces the reach of your replies, and may introduce compatibility issues with some federated services. In addition, this will not prevent dedicated actors from fetching your public posts and accounts.
|
||||
|
|
|
@ -9,7 +9,7 @@ defaults: &defaults
|
|||
site_terms: ''
|
||||
site_contact_username: ''
|
||||
site_contact_email: ''
|
||||
registrations_mode: 'open'
|
||||
registrations_mode: 'none'
|
||||
profile_directory: true
|
||||
closed_registrations_message: ''
|
||||
timeline_preview: false
|
||||
|
|
|
@ -5,7 +5,7 @@ require 'rails_helper'
|
|||
RSpec.describe ActivityPub::ProcessAccountService, type: :service do
|
||||
subject { described_class.new }
|
||||
|
||||
context 'with property values' do
|
||||
context 'with property values, an avatar, and a profile header' do
|
||||
let(:payload) do
|
||||
{
|
||||
id: 'https://foo.test',
|
||||
|
@ -16,10 +16,29 @@ RSpec.describe ActivityPub::ProcessAccountService, type: :service do
|
|||
{ type: 'PropertyValue', name: 'Occupation', value: 'Unit test' },
|
||||
{ type: 'PropertyValue', name: 'non-string', value: %w(foo bar) },
|
||||
],
|
||||
image: {
|
||||
type: 'Image',
|
||||
mediaType: 'image/png',
|
||||
url: 'https://foo.test/image.png',
|
||||
},
|
||||
icon: {
|
||||
type: 'Image',
|
||||
url: [
|
||||
{
|
||||
mediaType: 'image/png',
|
||||
href: 'https://foo.test/icon.png',
|
||||
},
|
||||
],
|
||||
},
|
||||
}.with_indifferent_access
|
||||
end
|
||||
|
||||
it 'parses out of attachment' do
|
||||
before do
|
||||
stub_request(:get, 'https://foo.test/image.png').to_return(request_fixture('avatar.txt'))
|
||||
stub_request(:get, 'https://foo.test/icon.png').to_return(request_fixture('avatar.txt'))
|
||||
end
|
||||
|
||||
it 'parses property values, avatar and profile header as expected' do
|
||||
account = subject.call('alice', 'example.com', payload)
|
||||
|
||||
expect(account.fields)
|
||||
|
@ -37,6 +56,10 @@ RSpec.describe ActivityPub::ProcessAccountService, type: :service do
|
|||
name: eq('Occupation'),
|
||||
value: eq('Unit test')
|
||||
)
|
||||
expect(account).to have_attributes(
|
||||
avatar_remote_url: 'https://foo.test/icon.png',
|
||||
header_remote_url: 'https://foo.test/image.png'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -23,6 +23,12 @@ RSpec.configure do |config|
|
|||
config.before :suite do
|
||||
Rails.application.load_seed
|
||||
Chewy.strategy(:bypass)
|
||||
|
||||
# NOTE: we switched registrations mode to closed by default, but the specs
|
||||
# very heavily rely on having it enabled by default, as it relies on users
|
||||
# being approved by default except in select cases where explicitly testing
|
||||
# other registration modes
|
||||
Setting.registrations_mode = 'open'
|
||||
end
|
||||
|
||||
config.after :suite do
|
||||
|
|
|
@ -102,6 +102,13 @@ RSpec.configure do |config|
|
|||
self.use_transactional_tests = false
|
||||
|
||||
DatabaseCleaner.cleaning do
|
||||
# NOTE: we switched registrations mode to closed by default, but the specs
|
||||
# very heavily rely on having it enabled by default, as it relies on users
|
||||
# being approved by default except in select cases where explicitly testing
|
||||
# other registration modes
|
||||
# Also needs to be set per-example here because of the database cleaner.
|
||||
Setting.registrations_mode = 'open'
|
||||
|
||||
example.run
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue