From a35568286c0fad3a4b9b516d633fca8a622d6c12 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 20 Mar 2019 22:06:41 -0500 Subject: [PATCH 1/7] cas_options :validate_url should be :service_validate_url (#10328) Otherwise, no matter what is given for CAS_VALIDATE_URL the default /serviceValidate path would be used. --- config/initializers/omniauth.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 254e751d42..e8d7697a11 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -14,7 +14,7 @@ Devise.setup do |config| cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST'] cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT'] cas_options[:ssl] = ENV['CAS_SSL'] == 'true' if ENV['CAS_SSL'] - cas_options[:validate_url] = ENV['CAS_VALIDATE_URL'] if ENV['CAS_VALIDATE_URL'] + cas_options[:service_validate_url] = ENV['CAS_VALIDATE_URL'] if ENV['CAS_VALIDATE_URL'] cas_options[:callback_url] = ENV['CAS_CALLBACK_URL'] if ENV['CAS_CALLBACK_URL'] cas_options[:logout_url] = ENV['CAS_LOGOUT_URL'] if ENV['CAS_LOGOUT_URL'] cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL'] From 69d4cfe90f070897abac3a6fef5af48adbbc6e0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Thu, 21 Mar 2019 19:02:21 +0900 Subject: [PATCH 2/7] Bump capybara from 3.14.0 to 3.15.0 (#10330) Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.14.0 to 3.15.0. - [Release notes](https://github.com/teamcapybara/capybara/releases) - [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md) - [Commits](https://github.com/teamcapybara/capybara/compare/3.14.0...3.15.0) Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index ab4e117566..ba922dec67 100644 --- a/Gemfile +++ b/Gemfile @@ -107,7 +107,7 @@ group :production, :test do end group :test do - gem 'capybara', '~> 3.14' + gem 'capybara', '~> 3.15' gem 'climate_control', '~> 0.2' gem 'faker', '~> 1.9' gem 'microformats', '~> 4.1' diff --git a/Gemfile.lock b/Gemfile.lock index 71b5f3a9d5..e2a256ca78 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -127,7 +127,7 @@ GEM sshkit (~> 1.3) capistrano-yarn (2.0.2) capistrano (~> 3.0) - capybara (3.14.0) + capybara (3.15.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -670,7 +670,7 @@ DEPENDENCIES capistrano-rails (~> 1.4) capistrano-rbenv (~> 2.1) capistrano-yarn (~> 2.0) - capybara (~> 3.14) + capybara (~> 3.15) charlock_holmes (~> 0.7.6) chewy (~> 5.0) cld3 (~> 3.2.3) From 098c21c3543f14a96a64d843f3a255b4d6f2b383 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Thu, 21 Mar 2019 19:02:48 +0900 Subject: [PATCH 3/7] Bump oj from 3.7.10 to 3.7.11 (#10332) Bumps [oj](https://github.com/ohler55/oj) from 3.7.10 to 3.7.11. - [Release notes](https://github.com/ohler55/oj/releases) - [Changelog](https://github.com/ohler55/oj/blob/master/CHANGELOG.md) - [Commits](https://github.com/ohler55/oj/compare/v3.7.10...v3.7.11) Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index e2a256ca78..6dd8eb1dbc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -364,7 +364,7 @@ GEM concurrent-ruby (~> 1.0, >= 1.0.2) sidekiq (>= 3.5) statsd-ruby (~> 1.4, >= 1.4.0) - oj (3.7.10) + oj (3.7.11) omniauth (1.9.0) hashie (>= 3.4.6, < 3.7.0) rack (>= 1.6.2, < 3) From 9526b0abd7d49b9fe93878ba4f8b1729edb1f52c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Thu, 21 Mar 2019 19:03:02 +0900 Subject: [PATCH 4/7] Bump puma from 3.12.0 to 3.12.1 (#10331) Bumps [puma](https://github.com/puma/puma) from 3.12.0 to 3.12.1. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v3.12.0...v3.12.1) Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6dd8eb1dbc..03634e0721 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -420,7 +420,7 @@ GEM pry (>= 0.10.4) psych (3.1.0) public_suffix (3.0.3) - puma (3.12.0) + puma (3.12.1) pundit (2.0.1) activesupport (>= 3.0.0) raabro (1.1.6) From f398b9ce024278bb0f2a7176e8d981b3cf505dfa Mon Sep 17 00:00:00 2001 From: ThibG Date: Thu, 21 Mar 2019 14:24:09 +0100 Subject: [PATCH 5/7] Fix processing poll Updates (#10333) ActivityPub::ProcessPollService was checking the JSON-LD context although it was passed only the `Question` object embedded in the `Update` activity. --- app/services/activitypub/fetch_remote_poll_service.rb | 1 + app/services/activitypub/process_poll_service.rb | 6 +----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/app/services/activitypub/fetch_remote_poll_service.rb b/app/services/activitypub/fetch_remote_poll_service.rb index 44a23712c3..854a32d050 100644 --- a/app/services/activitypub/fetch_remote_poll_service.rb +++ b/app/services/activitypub/fetch_remote_poll_service.rb @@ -5,6 +5,7 @@ class ActivityPub::FetchRemotePollService < BaseService def call(poll, on_behalf_of = nil) json = fetch_resource(poll.status.uri, true, on_behalf_of) + return unless supported_context?(json) ActivityPub::ProcessPollService.new.call(poll, json) end end diff --git a/app/services/activitypub/process_poll_service.rb b/app/services/activitypub/process_poll_service.rb index ee248169d9..61357abd3c 100644 --- a/app/services/activitypub/process_poll_service.rb +++ b/app/services/activitypub/process_poll_service.rb @@ -5,7 +5,7 @@ class ActivityPub::ProcessPollService < BaseService def call(poll, json) @json = json - return unless supported_context? && expected_type? + return unless expected_type? previous_expires_at = poll.expires_at @@ -54,10 +54,6 @@ class ActivityPub::ProcessPollService < BaseService private - def supported_context? - super(@json) - end - def expected_type? equals_or_includes_any?(@json['type'], %w(Question)) end From c9670886218db21a08588d9aaa4ec9d61fc48f0b Mon Sep 17 00:00:00 2001 From: ThibG Date: Thu, 21 Mar 2019 23:33:18 +0100 Subject: [PATCH 6/7] Mark the 410 gone response for suspended accounts as cachable (#10339) This will help a great deal with #9377 when a caching reverse proxy is configured. --- app/controllers/concerns/account_controller_concern.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/controllers/concerns/account_controller_concern.rb b/app/controllers/concerns/account_controller_concern.rb index 8817fd7de4..4f28941ae9 100644 --- a/app/controllers/concerns/account_controller_concern.rb +++ b/app/controllers/concerns/account_controller_concern.rb @@ -69,6 +69,10 @@ module AccountControllerConcern end def check_account_suspension - gone if @account.suspended? + if @account.suspended? + skip_session! + expires_in(3.minutes, public: true) + gone + end end end From d20386e20947d9fd70ebda9128208d2da93a74dc Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 21 Mar 2019 23:33:28 +0100 Subject: [PATCH 7/7] Improve config serializer for Keybase (#10338) - Regex must no longer be surrounded by `/` - Description must be short and cannot contain HTML tags --- app/lib/proof_provider/keybase/config_serializer.rb | 5 +++-- app/serializers/manifest_serializer.rb | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/lib/proof_provider/keybase/config_serializer.rb b/app/lib/proof_provider/keybase/config_serializer.rb index 474ea74e27..557bafe84e 100644 --- a/app/lib/proof_provider/keybase/config_serializer.rb +++ b/app/lib/proof_provider/keybase/config_serializer.rb @@ -2,6 +2,7 @@ class ProofProvider::Keybase::ConfigSerializer < ActiveModel::Serializer include RoutingHelper + include ActionView::Helpers::TextHelper attributes :version, :domain, :display_name, :username, :brand_color, :logo, :description, :prefill_url, @@ -29,11 +30,11 @@ class ProofProvider::Keybase::ConfigSerializer < ActiveModel::Serializer end def description - Setting.site_short_description.presence || Setting.site_description.presence || I18n.t('about.about_mastodon_html') + strip_tags(Setting.site_short_description.presence || I18n.t('about.about_mastodon_html')) end def username - { min: 1, max: 30, re: Account::USERNAME_RE.inspect } + { min: 1, max: 30, re: '[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?' } end def prefill_url diff --git a/app/serializers/manifest_serializer.rb b/app/serializers/manifest_serializer.rb index cc8b9a4d45..28127437d5 100644 --- a/app/serializers/manifest_serializer.rb +++ b/app/serializers/manifest_serializer.rb @@ -18,7 +18,7 @@ class ManifestSerializer < ActiveModel::Serializer end def description - strip_tags(object.site_description.presence || I18n.t('about.about_mastodon_html')) + strip_tags(object.site_short_description.presence || I18n.t('about.about_mastodon_html')) end def icons