Merge pull request #2742 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes up to d818ddd687
main-rebase-security-fix
Claire 2024-06-17 13:38:38 +02:00 committed by GitHub
commit 68c9fa8fcc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
35 changed files with 153 additions and 78 deletions

View File

@ -28,11 +28,7 @@ jobs:
env: env:
RAILS_ENV: ${{ matrix.mode }} RAILS_ENV: ${{ matrix.mode }}
BUNDLE_WITH: ${{ matrix.mode }} BUNDLE_WITH: ${{ matrix.mode }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: precompile_placeholder SECRET_KEY_BASE_DUMMY: 1
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: precompile_placeholder
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: precompile_placeholder
OTP_SECRET: precompile_placeholder
SECRET_KEY_BASE: precompile_placeholder
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

View File

@ -212,11 +212,7 @@ ARG TARGETPLATFORM
RUN \ RUN \
# Use Ruby on Rails to create Mastodon assets # Use Ruby on Rails to create Mastodon assets
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \ SECRET_KEY_BASE_DUMMY=1 \
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
OTP_SECRET=precompile_placeholder \
SECRET_KEY_BASE=precompile_placeholder \
bundle exec rails assets:precompile; \ bundle exec rails assets:precompile; \
# Cleanup temporary files # Cleanup temporary files
rm -fr /opt/mastodon/tmp; rm -fr /opt/mastodon/tmp;

View File

@ -109,7 +109,7 @@ GEM
aws-sdk-kms (1.83.0) aws-sdk-kms (1.83.0)
aws-sdk-core (~> 3, >= 3.197.0) aws-sdk-core (~> 3, >= 3.197.0)
aws-sigv4 (~> 1.1) aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.152.0) aws-sdk-s3 (1.152.1)
aws-sdk-core (~> 3, >= 3.197.0) aws-sdk-core (~> 3, >= 3.197.0)
aws-sdk-kms (~> 1) aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.8) aws-sigv4 (~> 1.8)
@ -498,6 +498,10 @@ GEM
opentelemetry-semantic_conventions opentelemetry-semantic_conventions
opentelemetry-helpers-sql-obfuscation (0.1.0) opentelemetry-helpers-sql-obfuscation (0.1.0)
opentelemetry-common (~> 0.20) opentelemetry-common (~> 0.20)
opentelemetry-instrumentation-action_mailer (0.1.0)
opentelemetry-api (~> 1.0)
opentelemetry-instrumentation-active_support (~> 0.1)
opentelemetry-instrumentation-base (~> 0.22.1)
opentelemetry-instrumentation-action_pack (0.9.0) opentelemetry-instrumentation-action_pack (0.9.0)
opentelemetry-api (~> 1.0) opentelemetry-api (~> 1.0)
opentelemetry-instrumentation-base (~> 0.22.1) opentelemetry-instrumentation-base (~> 0.22.1)
@ -551,8 +555,9 @@ GEM
opentelemetry-api (~> 1.0) opentelemetry-api (~> 1.0)
opentelemetry-common (~> 0.20.0) opentelemetry-common (~> 0.20.0)
opentelemetry-instrumentation-base (~> 0.22.1) opentelemetry-instrumentation-base (~> 0.22.1)
opentelemetry-instrumentation-rails (0.30.1) opentelemetry-instrumentation-rails (0.30.2)
opentelemetry-api (~> 1.0) opentelemetry-api (~> 1.0)
opentelemetry-instrumentation-action_mailer (~> 0.1.0)
opentelemetry-instrumentation-action_pack (~> 0.9.0) opentelemetry-instrumentation-action_pack (~> 0.9.0)
opentelemetry-instrumentation-action_view (~> 0.7.0) opentelemetry-instrumentation-action_view (~> 0.7.0)
opentelemetry-instrumentation-active_job (~> 0.7.0) opentelemetry-instrumentation-active_job (~> 0.7.0)

View File

@ -4,6 +4,18 @@ module Admin
class DomainBlocksController < BaseController class DomainBlocksController < BaseController
before_action :set_domain_block, only: [:destroy, :edit, :update] before_action :set_domain_block, only: [:destroy, :edit, :update]
PERMITTED_PARAMS = %i(
domain
obfuscate
private_comment
public_comment
reject_media
reject_reports
severity
).freeze
PERMITTED_UPDATE_PARAMS = PERMITTED_PARAMS.without(:domain).freeze
def batch def batch
authorize :domain_block, :create? authorize :domain_block, :create?
@form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button)) @form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
@ -88,11 +100,17 @@ module Admin
end end
def update_params def update_params
params.require(:domain_block).permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate) params
.require(:domain_block)
.slice(*PERMITTED_UPDATE_PARAMS)
.permit(*PERMITTED_UPDATE_PARAMS)
end end
def resource_params def resource_params
params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate) params
.require(:domain_block)
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end end
def form_domain_block_batch_params def form_domain_block_batch_params

View File

@ -13,6 +13,13 @@ class Api::V1::Admin::TagsController < Api::BaseController
LIMIT = 100 LIMIT = 100
PERMITTED_PARAMS = %i(
display_name
listable
trendable
usable
).freeze
def index def index
authorize :tag, :index? authorize :tag, :index?
render json: @tags, each_serializer: REST::Admin::TagSerializer render json: @tags, each_serializer: REST::Admin::TagSerializer
@ -40,7 +47,9 @@ class Api::V1::Admin::TagsController < Api::BaseController
end end
def tag_params def tag_params
params.permit(:display_name, :trendable, :usable, :listable) params
.slice(*PERMITTED_PARAMS)
.permit(*PERMITTED_PARAMS)
end end
def next_path def next_path

View File

@ -225,7 +225,11 @@
"domain_pill.their_username": "مُعرّفُهم الفريد على الخادم. من الممكن العثور على مستخدمين بنفس اسم المستخدم على خوادم مختلفة.", "domain_pill.their_username": "مُعرّفُهم الفريد على الخادم. من الممكن العثور على مستخدمين بنفس اسم المستخدم على خوادم مختلفة.",
"domain_pill.username": "اسم المستخدم", "domain_pill.username": "اسم المستخدم",
"domain_pill.whats_in_a_handle": "ما المقصود بالمُعرِّف؟", "domain_pill.whats_in_a_handle": "ما المقصود بالمُعرِّف؟",
"domain_pill.who_they_are": "بما أن المعالجات تقول من هو الشخص ومكان وجوده، يمكنك التفاعل مع الناس عبر الشبكة الاجتماعية لـ <button>ActivityPub-Power منصات</button>.",
"domain_pill.who_you_are": "لأن معالجتك تقول من أنت ومكان وجودك، يمكن الناس التفاعل معك عبر الشبكة الاجتماعية لـ <button>ActivityPub-Power منصات</button>.",
"domain_pill.your_handle": "عنوانك الكامل:", "domain_pill.your_handle": "عنوانك الكامل:",
"domain_pill.your_server": "منزلك الرقمي، حيث تعيش جميع مشاركاتك. لا تحب هذا؟ إنقل الخوادم في أي وقت واخضر متابعينك أيضًا.",
"domain_pill.your_username": "معرفك الفريد على هذا الخادم. من الممكن العثور على مستخدمين بنفس إسم المستخدم على خوادم مختلفة.",
"embed.instructions": "يمكنكم إدماج هذا المنشور على موقعكم الإلكتروني عن طريق نسخ الشفرة أدناه.", "embed.instructions": "يمكنكم إدماج هذا المنشور على موقعكم الإلكتروني عن طريق نسخ الشفرة أدناه.",
"embed.preview": "إليك ما سيبدو عليه:", "embed.preview": "إليك ما سيبدو عليه:",
"emoji_button.activity": "الأنشطة", "emoji_button.activity": "الأنشطة",
@ -262,6 +266,7 @@
"empty_column.list": "هذه القائمة فارغة مؤقتا و لكن سوف تمتلئ تدريجيا عندما يبدأ الأعضاء المُنتَمين إليها بنشر منشورات.", "empty_column.list": "هذه القائمة فارغة مؤقتا و لكن سوف تمتلئ تدريجيا عندما يبدأ الأعضاء المُنتَمين إليها بنشر منشورات.",
"empty_column.lists": "ليس عندك أية قائمة بعد. سوف تظهر قوائمك هنا إن قمت بإنشاء واحدة.", "empty_column.lists": "ليس عندك أية قائمة بعد. سوف تظهر قوائمك هنا إن قمت بإنشاء واحدة.",
"empty_column.mutes": "لم تقم بكتم أي مستخدم بعد.", "empty_column.mutes": "لم تقم بكتم أي مستخدم بعد.",
"empty_column.notification_requests": "لا يوجد شيء هنا. عندما تتلقى إشعارات جديدة، سوف تظهر هنا وفقًا لإعداداتك.",
"empty_column.notifications": "لم تتلق أي إشعار بعدُ. تفاعل مع المستخدمين الآخرين لإنشاء محادثة.", "empty_column.notifications": "لم تتلق أي إشعار بعدُ. تفاعل مع المستخدمين الآخرين لإنشاء محادثة.",
"empty_column.public": "لا يوجد أي شيء هنا! قم بنشر شيء ما للعامة، أو اتبع المستخدمين الآخرين المتواجدين على الخوادم الأخرى لملء خيط المحادثات", "empty_column.public": "لا يوجد أي شيء هنا! قم بنشر شيء ما للعامة، أو اتبع المستخدمين الآخرين المتواجدين على الخوادم الأخرى لملء خيط المحادثات",
"error.unexpected_crash.explanation": "نظرا لوجود خطأ في التعليمات البرمجية أو مشكلة توافق مع المتصفّح، تعذر عرض هذه الصفحة بشكل صحيح.", "error.unexpected_crash.explanation": "نظرا لوجود خطأ في التعليمات البرمجية أو مشكلة توافق مع المتصفّح، تعذر عرض هذه الصفحة بشكل صحيح.",
@ -292,6 +297,8 @@
"filter_modal.select_filter.subtitle": "استخدم فئة موجودة أو قم بإنشاء فئة جديدة", "filter_modal.select_filter.subtitle": "استخدم فئة موجودة أو قم بإنشاء فئة جديدة",
"filter_modal.select_filter.title": "تصفية هذا المنشور", "filter_modal.select_filter.title": "تصفية هذا المنشور",
"filter_modal.title.status": "تصفية منشور", "filter_modal.title.status": "تصفية منشور",
"filtered_notifications_banner.mentions": "{count, plural, one {إشارة} two {إشارتين} few {# إشارات} other {# إشارة}}",
"filtered_notifications_banner.pending_requests": "إشعارات من {count, plural, zero {}=0 {لا أحد} one {شخص واحد قد تعرفه} two {شخصين قد تعرفهما} few {# أشخاص قد تعرفهم} many {# شخص قد تعرفهم} other {# شخص قد تعرفهم}}",
"filtered_notifications_banner.title": "الإشعارات المصفاة", "filtered_notifications_banner.title": "الإشعارات المصفاة",
"firehose.all": "الكل", "firehose.all": "الكل",
"firehose.local": "هذا الخادم", "firehose.local": "هذا الخادم",
@ -301,6 +308,8 @@
"follow_requests.unlocked_explanation": "حتى وإن كان حسابك غير مقفل، يعتقد فريق {domain} أنك قد ترغب في مراجعة طلبات المتابعة من هذه الحسابات يدوياً.", "follow_requests.unlocked_explanation": "حتى وإن كان حسابك غير مقفل، يعتقد فريق {domain} أنك قد ترغب في مراجعة طلبات المتابعة من هذه الحسابات يدوياً.",
"follow_suggestions.curated_suggestion": "اختيار الموظفين", "follow_suggestions.curated_suggestion": "اختيار الموظفين",
"follow_suggestions.dismiss": "لا تُظهرها مجدّدًا", "follow_suggestions.dismiss": "لا تُظهرها مجدّدًا",
"follow_suggestions.featured_longer": "مختار يدوياً من قِبل فريق {domain}",
"follow_suggestions.friends_of_friends_longer": "مشهور بين الأشخاص الذين تتابعهم",
"follow_suggestions.hints.featured": "تم اختيار هذا الملف الشخصي يدوياً من قبل فريق {domain}.", "follow_suggestions.hints.featured": "تم اختيار هذا الملف الشخصي يدوياً من قبل فريق {domain}.",
"follow_suggestions.hints.friends_of_friends": "هذا الملف الشخصي مشهور بين الأشخاص الذين تتابعهم.", "follow_suggestions.hints.friends_of_friends": "هذا الملف الشخصي مشهور بين الأشخاص الذين تتابعهم.",
"follow_suggestions.hints.most_followed": "هذا الملف الشخصي هو واحد من الأكثر متابعة على {domain}.", "follow_suggestions.hints.most_followed": "هذا الملف الشخصي هو واحد من الأكثر متابعة على {domain}.",
@ -405,6 +414,7 @@
"limited_account_hint.action": "إظهار الملف التعريفي على أي حال", "limited_account_hint.action": "إظهار الملف التعريفي على أي حال",
"limited_account_hint.title": "تم إخفاء هذا الملف الشخصي من قبل مشرفي {domain}.", "limited_account_hint.title": "تم إخفاء هذا الملف الشخصي من قبل مشرفي {domain}.",
"link_preview.author": "مِن {name}", "link_preview.author": "مِن {name}",
"link_preview.more_from_author": "المزيد من {name}",
"lists.account.add": "أضف إلى القائمة", "lists.account.add": "أضف إلى القائمة",
"lists.account.remove": "احذف من القائمة", "lists.account.remove": "احذف من القائمة",
"lists.delete": "احذف القائمة", "lists.delete": "احذف القائمة",
@ -465,10 +475,13 @@
"notification.follow_request": "لقد طلب {name} متابعتك", "notification.follow_request": "لقد طلب {name} متابعتك",
"notification.mention": "{name} ذكرك", "notification.mention": "{name} ذكرك",
"notification.moderation-warning.learn_more": "اعرف المزيد", "notification.moderation-warning.learn_more": "اعرف المزيد",
"notification.moderation_warning": "لقد تلقيت تحذيرًا بالإشراف",
"notification.moderation_warning.action_delete_statuses": "تم إزالة بعض مشاركاتك.",
"notification.moderation_warning.action_disable": "تم تعطيل حسابك.", "notification.moderation_warning.action_disable": "تم تعطيل حسابك.",
"notification.moderation_warning.action_mark_statuses_as_sensitive": "بعض من منشوراتك تم تصنيفها على أنها حساسة.", "notification.moderation_warning.action_mark_statuses_as_sensitive": "بعض من منشوراتك تم تصنيفها على أنها حساسة.",
"notification.moderation_warning.action_none": "لقد تلقى حسابك تحذيرا بالإشراف.", "notification.moderation_warning.action_none": "لقد تلقى حسابك تحذيرا بالإشراف.",
"notification.moderation_warning.action_sensitive": "سيتم وضع علامة على منشوراتك على أنها حساسة من الآن فصاعدا.", "notification.moderation_warning.action_sensitive": "سيتم وضع علامة على منشوراتك على أنها حساسة من الآن فصاعدا.",
"notification.moderation_warning.action_silence": "لقد تم تقييد حسابك.",
"notification.moderation_warning.action_suspend": "لقد تم تعليق حسابك.", "notification.moderation_warning.action_suspend": "لقد تم تعليق حسابك.",
"notification.own_poll": "انتهى استطلاعك للرأي", "notification.own_poll": "انتهى استطلاعك للرأي",
"notification.poll": "لقد انتهى استطلاع رأي شاركتَ فيه", "notification.poll": "لقد انتهى استطلاع رأي شاركتَ فيه",

View File

@ -613,9 +613,10 @@ code {
font-family: inherit; font-family: inherit;
pointer-events: none; pointer-events: none;
cursor: default; cursor: default;
max-width: 140px; max-width: 50%;
white-space: nowrap; white-space: nowrap;
overflow: hidden; overflow: hidden;
text-overflow: ellipsis;
&::after { &::after {
content: ''; content: '';

View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
module AccessGrantExtension
extend ActiveSupport::Concern
included do
scope :expired, -> { where.not(expires_in: nil).where('created_at + MAKE_INTERVAL(secs => expires_in) < NOW()') }
scope :revoked, -> { where.not(revoked_at: nil).where(revoked_at: ...Time.now.utc) }
end
end

View File

@ -9,6 +9,10 @@ module AccessTokenExtension
has_many :web_push_subscriptions, class_name: 'Web::PushSubscription', inverse_of: :access_token has_many :web_push_subscriptions, class_name: 'Web::PushSubscription', inverse_of: :access_token
after_commit :push_to_streaming_api after_commit :push_to_streaming_api
scope :expired, -> { where.not(expires_in: nil).where('created_at + MAKE_INTERVAL(secs => expires_in) < NOW()') }
scope :not_revoked, -> { where(revoked_at: nil) }
scope :revoked, -> { where.not(revoked_at: nil).where(revoked_at: ...Time.now.utc) }
end end
def revoke(clock = Time) def revoke(clock = Time)

View File

@ -43,7 +43,7 @@ class Admin::Metrics::Measure::InstanceAccountsMeasure < Admin::Metrics::Measure
SELECT count(*) FROM new_accounts SELECT count(*) FROM new_accounts
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -44,7 +44,7 @@ class Admin::Metrics::Measure::InstanceFollowersMeasure < Admin::Metrics::Measur
SELECT count(*) FROM new_followers SELECT count(*) FROM new_followers
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -44,7 +44,7 @@ class Admin::Metrics::Measure::InstanceFollowsMeasure < Admin::Metrics::Measure:
SELECT count(*) FROM new_follows SELECT count(*) FROM new_follows
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -53,7 +53,7 @@ class Admin::Metrics::Measure::InstanceMediaAttachmentsMeasure < Admin::Metrics:
SELECT COALESCE(SUM(size), 0) FROM new_media_attachments SELECT COALESCE(SUM(size), 0) FROM new_media_attachments
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -44,7 +44,7 @@ class Admin::Metrics::Measure::InstanceReportsMeasure < Admin::Metrics::Measure:
SELECT count(*) FROM new_reports SELECT count(*) FROM new_reports
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -45,7 +45,7 @@ class Admin::Metrics::Measure::InstanceStatusesMeasure < Admin::Metrics::Measure
SELECT count(*) FROM new_statuses SELECT count(*) FROM new_statuses
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -32,7 +32,7 @@ class Admin::Metrics::Measure::NewUsersMeasure < Admin::Metrics::Measure::BaseMe
SELECT count(*) FROM new_users SELECT count(*) FROM new_users
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -32,7 +32,7 @@ class Admin::Metrics::Measure::OpenedReportsMeasure < Admin::Metrics::Measure::B
SELECT count(*) FROM new_reports SELECT count(*) FROM new_reports
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -15,6 +15,14 @@ module Admin::Metrics::Measure::QueryHelper
ActiveRecord::Base.sanitize_sql_array(sql_array) ActiveRecord::Base.sanitize_sql_array(sql_array)
end end
def generated_series_days
Arel.sql(
<<~SQL.squish
SELECT generate_series(timestamp :start_at, :end_at, '1 day')::date AS period
SQL
)
end
def account_domain_sql(include_subdomains) def account_domain_sql(include_subdomains)
if include_subdomains if include_subdomains
"accounts.domain IN (SELECT domain FROM instances WHERE reverse('.' || domain) LIKE reverse('.' || :domain::text))" "accounts.domain IN (SELECT domain FROM instances WHERE reverse('.' || domain) LIKE reverse('.' || :domain::text))"

View File

@ -32,7 +32,7 @@ class Admin::Metrics::Measure::ResolvedReportsMeasure < Admin::Metrics::Measure:
SELECT count(*) FROM resolved_reports SELECT count(*) FROM resolved_reports
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) AS axis ) AS axis
SQL SQL
end end

View File

@ -40,7 +40,7 @@ class Admin::Metrics::Measure::TagServersMeasure < Admin::Metrics::Measure::Base
SELECT COUNT(*) FROM tag_servers SELECT COUNT(*) FROM tag_servers
) AS value ) AS value
FROM ( FROM (
SELECT generate_series(date_trunc('day', :start_at::timestamp)::date, date_trunc('day', :end_at::timestamp)::date, interval '1 day') AS period #{generated_series_days}
) as axis ) as axis
SQL SQL
end end

View File

@ -9,12 +9,12 @@ class Vacuum::AccessTokensVacuum
private private
def vacuum_revoked_access_tokens! def vacuum_revoked_access_tokens!
Doorkeeper::AccessToken.where.not(expires_in: nil).where('created_at + make_interval(secs => expires_in) < NOW()').in_batches.delete_all Doorkeeper::AccessToken.expired.in_batches.delete_all
Doorkeeper::AccessToken.where.not(revoked_at: nil).where('revoked_at < NOW()').in_batches.delete_all Doorkeeper::AccessToken.revoked.in_batches.delete_all
end end
def vacuum_revoked_access_grants! def vacuum_revoked_access_grants!
Doorkeeper::AccessGrant.where.not(expires_in: nil).where('created_at + make_interval(secs => expires_in) < NOW()').in_batches.delete_all Doorkeeper::AccessGrant.expired.in_batches.delete_all
Doorkeeper::AccessGrant.where.not(revoked_at: nil).where('revoked_at < NOW()').in_batches.delete_all Doorkeeper::AccessGrant.revoked.in_batches.delete_all
end end
end end

View File

@ -75,7 +75,7 @@ class Web::PushSubscription < ApplicationRecord
class << self class << self
def unsubscribe_for(application_id, resource_owner) def unsubscribe_for(application_id, resource_owner)
access_token_ids = Doorkeeper::AccessToken.where(application_id: application_id, resource_owner_id: resource_owner.id, revoked_at: nil).pluck(:id) access_token_ids = Doorkeeper::AccessToken.where(application_id: application_id, resource_owner_id: resource_owner.id).not_revoked.pluck(:id)
where(access_token_id: access_token_ids).delete_all where(access_token_id: access_token_ids).delete_all
end end
end end

View File

@ -15,9 +15,11 @@
# #
class WebauthnCredential < ApplicationRecord class WebauthnCredential < ApplicationRecord
SIGN_COUNT_LIMIT = (2**63)
validates :external_id, :public_key, :nickname, :sign_count, presence: true validates :external_id, :public_key, :nickname, :sign_count, presence: true
validates :external_id, uniqueness: true validates :external_id, uniqueness: true
validates :nickname, uniqueness: { scope: :user_id } validates :nickname, uniqueness: { scope: :user_id }
validates :sign_count, validates :sign_count,
numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: (2**63) - 1 } numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: SIGN_COUNT_LIMIT - 1 }
end end

View File

@ -1,3 +1,7 @@
- content_for :header_tags do
%meta{ name: 'robots', content: 'noindex, noarchive' }/
%link{ rel: 'canonical', href: @redirect_path }
.redirect .redirect
.redirect__logo .redirect__logo
= link_to render_logo, root_path = link_to render_logo, root_path

View File

@ -115,6 +115,7 @@ module Mastodon
Doorkeeper::AuthorizationsController.layout 'modal' Doorkeeper::AuthorizationsController.layout 'modal'
Doorkeeper::AuthorizedApplicationsController.layout 'admin' Doorkeeper::AuthorizedApplicationsController.layout 'admin'
Doorkeeper::Application.include ApplicationExtension Doorkeeper::Application.include ApplicationExtension
Doorkeeper::AccessGrant.include AccessGrantExtension
Doorkeeper::AccessToken.include AccessTokenExtension Doorkeeper::AccessToken.include AccessTokenExtension
Devise::FailureApp.include AbstractController::Callbacks Devise::FailureApp.include AbstractController::Callbacks
Devise::FailureApp.include Localized Devise::FailureApp.include Localized

View File

@ -157,7 +157,11 @@ Rails.application.configure do
} }
# TODO: Remove once devise-two-factor data migration complete # TODO: Remove once devise-two-factor data migration complete
config.x.otp_secret = ENV.fetch('OTP_SECRET') config.x.otp_secret = if ENV['SECRET_KEY_BASE_DUMMY']
SecureRandom.hex(64)
else
ENV.fetch('OTP_SECRET')
end
# Enable DNS rebinding protection and other `Host` header attacks. # Enable DNS rebinding protection and other `Host` header attacks.
# config.hosts = [ # config.hosts = [

View File

@ -5,6 +5,11 @@
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
).each do |key| ).each do |key|
if ENV['SECRET_KEY_BASE_DUMMY']
# Use placeholder value during production env asset compilation
ENV[key] = SecureRandom.hex(64)
end
value = ENV.fetch(key) do value = ENV.fetch(key) do
abort <<~MESSAGE abort <<~MESSAGE

View File

@ -122,26 +122,28 @@ module Paperclip
colors['out_array'].zip(colors['x_array'], colors['y_array']).map do |v, x, y| colors['out_array'].zip(colors['x_array'], colors['y_array']).map do |v, x, y|
rgb_from_xyv(histogram, x, y, v) rgb_from_xyv(histogram, x, y, v)
end.reverse end.flatten.reverse.uniq
end end
# rubocop:disable Naming/MethodParameterName # rubocop:disable Naming/MethodParameterName
def rgb_from_xyv(image, x, y, v) def rgb_from_xyv(image, x, y, v)
pixel = image.getpoint(x, y) pixel = image.getpoint(x, y)
# Unfortunately, we only have the first 2 dimensions, so try to # As we only have the first 2 dimensions for this maximum, we
# guess the third one by looking up the value # can't distinguish with different maxima with the same `r` and `g`
# values but different `b` values.
#
# Therefore, we return an array of maxima, which is always non-empty,
# but may contain multiple colors with the same values.
# NOTE: this means that if multiple bins with the same `r` and `g` pixel.filter_map.with_index do |pv, z|
# components have the same number of occurrences, we will always return next if pv != v
# the one with the lowest `b` value. This means that in case of a tie,
# we will return the same color twice and skip the ones it tied with.
z = pixel.find_index(v)
r = (x + 0.5) * 256 / BINS r = (x + 0.5) * 256 / BINS
g = (y + 0.5) * 256 / BINS g = (y + 0.5) * 256 / BINS
b = (z + 0.5) * 256 / BINS b = (z + 0.5) * 256 / BINS
ColorDiff::Color::RGB.new(r, g, b) ColorDiff::Color::RGB.new(r, g, b)
end
end end
def w3c_contrast(color1, color2) def w3c_contrast(color1, color2)

View File

@ -23,8 +23,11 @@ describe Settings::Preferences::AppearanceController do
end end
describe 'PUT #update' do describe 'PUT #update' do
subject { put :update, params: { user: { settings_attributes: { skin: 'contrast' } } } }
it 'redirects correctly' do it 'redirects correctly' do
put :update, params: { user: { setting_theme: 'contrast' } } expect { subject }
.to change { user.reload.settings.skin }.to('contrast')
expect(response).to redirect_to(settings_preferences_appearance_path) expect(response).to redirect_to(settings_preferences_appearance_path)
end end

View File

@ -3,22 +3,30 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe AccountDomainBlock do RSpec.describe AccountDomainBlock do
let(:account) { Fabricate(:account) }
it 'removes blocking cache after creation' do it 'removes blocking cache after creation' do
account = Fabricate(:account)
Rails.cache.write("exclude_domains_for:#{account.id}", 'a.domain.already.blocked') Rails.cache.write("exclude_domains_for:#{account.id}", 'a.domain.already.blocked')
described_class.create!(account: account, domain: 'a.domain.blocked.later') expect { block_domain_for_account('a.domain.blocked.later') }
.to change { account_has_exclude_domains_cache? }.to(false)
expect(Rails.cache.exist?("exclude_domains_for:#{account.id}")).to be false
end end
it 'removes blocking cache after destruction' do it 'removes blocking cache after destruction' do
account = Fabricate(:account) block = block_domain_for_account('domain')
block = described_class.create!(account: account, domain: 'domain')
Rails.cache.write("exclude_domains_for:#{account.id}", 'domain') Rails.cache.write("exclude_domains_for:#{account.id}", 'domain')
block.destroy! expect { block.destroy! }
.to change { account_has_exclude_domains_cache? }.to(false)
end
expect(Rails.cache.exist?("exclude_domains_for:#{account.id}")).to be false private
def block_domain_for_account(domain)
Fabricate(:account_domain_block, account: account, domain: domain)
end
def account_has_exclude_domains_cache?
Rails.cache.exist?("exclude_domains_for:#{account.id}")
end end
end end

View File

@ -36,16 +36,15 @@ RSpec.describe Follow do
end end
end end
describe 'recent' do describe '.recent' do
it 'sorts so that more recent follows comes earlier' do let!(:follow_earlier) { Fabricate(:follow) }
follow0 = described_class.create!(account: alice, target_account: bob) let!(:follow_later) { Fabricate(:follow) }
follow1 = described_class.create!(account: bob, target_account: alice)
a = described_class.recent.to_a it 'sorts with most recent follows first' do
results = described_class.recent
expect(a.size).to eq 2 expect(results.size).to eq 2
expect(a[0]).to eq follow1 expect(results).to eq [follow_later, follow_earlier]
expect(a[1]).to eq follow0
end end
end end

View File

@ -8,11 +8,6 @@ RSpec.describe Import do
let(:data) { attachment_fixture('imports.txt') } let(:data) { attachment_fixture('imports.txt') }
describe 'validations' do describe 'validations' do
it 'has a valid parameters' do
import = described_class.create(account: account, type: type, data: data)
expect(import).to be_valid
end
it 'is invalid without an type' do it 'is invalid without an type' do
import = described_class.create(account: account, data: data) import = described_class.create(account: account, data: data)
expect(import).to model_have_error_on_field(:type) expect(import).to model_have_error_on_field(:type)

View File

@ -31,14 +31,6 @@ describe Poll do
end end
describe 'validations' do describe 'validations' do
context 'when valid' do
let(:poll) { Fabricate.build(:poll) }
it 'is valid with valid attributes' do
expect(poll).to be_valid
end
end
context 'when not valid' do context 'when not valid' do
let(:poll) { Fabricate.build(:poll, expires_at: nil) } let(:poll) { Fabricate.build(:poll, expires_at: nil) }

View File

@ -71,8 +71,8 @@ RSpec.describe WebauthnCredential do
expect(webauthn_credential).to model_have_error_on_field(:sign_count) expect(webauthn_credential).to model_have_error_on_field(:sign_count)
end end
it 'is invalid if sign_count is greater 2**63 - 1' do it 'is invalid if sign_count is greater than the limit' do
webauthn_credential = Fabricate.build(:webauthn_credential, sign_count: 2**63) webauthn_credential = Fabricate.build(:webauthn_credential, sign_count: (described_class::SIGN_COUNT_LIMIT * 2))
webauthn_credential.valid? webauthn_credential.valid?

View File

@ -113,7 +113,7 @@ RSpec.describe 'Domain Allows' do
end end
context 'with invalid domain name' do context 'with invalid domain name' do
let(:params) { 'foo bar' } let(:params) { { domain: 'foo bar' } }
it 'returns http unprocessable entity' do it 'returns http unprocessable entity' do
subject subject