Ensure the only allowed author of top-level entries in feed is the person
the feed belongs to (a verified user). Ensure delete events only apply
if the deleted item belonged to that user.
The old implementation sets default From address in mailers. It sets
the address from SMTP_FROM_ADDRESS, or notifications@localhost. The
behavior is occasionally undesired results.
In production environment, notifications@localhost is likely to be
incorrect.
In testing environment, the email address should not be varied by a
environment variable.
After appling this change,
In production environment, it will throw an exception when launching
Mastodon.
In testing environment, the address will be fixed with
notifications@localhost.
* add a system_font_ui setting on the server
* Plug the system_font_ui on the front-end
* add EN/FR locales for the new setting
* put Roboto after all other fonts
* remove trailing whitespace so CodeClimate is happy
* fix user_spec.rb
* correctly write user_spect this time
* slightly better way of adding the classes
* add comments to the system-font stack for clarification
* use .system-font for the class instead
* don't use multiple lines for comments
* remove trailing whitespace
* use the classnames module for consistency
* use `mastodon-font-sans-serif` instead of Roboto directly
* Update links in status content on update as well as mount
Fixes occasional bugs with mentions and hashtags not being set to open in a new column like they should, and instead opening in a new page
* use classList instead of raw className
This fixes a warning on status unmounting (e.g. deletion).
This also resets IntersectionObserverWrapper on disconnect to avoid `unobserve()` calls
which has bug in Edge.
* Fix embedded SVG fill attribute
SCSS darken/lighten functions may not return a color value, but a color
name like "white". See following example:
https://www.sassmeister.com/gist/c41da93b87d536890ddf30a1f42e7816
This patch will normalize $color argument to FFFFFF style.
I also changed the function name from "url-friendly-colour" to
"hex-color", Because...
1. The name "url-friendly" is not meaningful enough to describe what it
does.
2. It is familier to me using "color" rather than "colour"
kojima:kojiMac mastodon[master]$ git grep -l colour
app/javascript/styles/boost.scss
spec/fixtures/files/attachment.jpg
kojima:kojiMac mastodon[master]$ git grep -l color
.rspec
.scss-lint.yml
Gemfile.lock
app/javascript/mastodon/features/status/components/action_bar.js
app/javascript/styles/about.scss
app/javascript/styles/accounts.scss
app/javascript/styles/admin.scss
app/javascript/styles/basics.scss
app/javascript/styles/boost.scss
app/javascript/styles/compact_header.scss
app/javascript/styles/components.scss
app/javascript/styles/containers.scss
app/javascript/styles/footer.scss
app/javascript/styles/forms.scss
app/javascript/styles/landing_strip.scss
app/javascript/styles/reset.scss
app/javascript/styles/stream_entries.scss
app/javascript/styles/tables.scss
app/javascript/styles/variables.scss
app/views/admin/subscriptions/_subscription.html.haml
app/views/layouts/application.html.haml
app/views/layouts/error.html.haml
app/views/manifests/show.json.rabl
bin/webpack-dev-server
config/initializers/httplog.rb
public/500.html
public/emoji/1f1e6-1f1e8.svg
public/emoji/1f1ec-1f1f8.svg
public/emoji/1f1f3-1f1ee.svg
public/emoji/1f1fb-1f1ec.svg
spec/fixtures/requests/idn.txt
yarn.lock
* Add semicolon
* Added Korean Translation (based on japanese)
* Update korean translation
* Update korean translation: fix syntax error
* Updated korean translation
* Update korean translation
* Update ko.json
Translate non-translated parts
* Update ko.yml
Translated missed parts - and fixed some typos
* Create simple_form.ko.yml
* Updated korean translation
* i18n: fix test fails
In from_redis method, statuses retrieved from the database was mapped to
the IDs retrieved from Redis. It was equivalent to order from high to low
because those IDs are sorted in the same order.
Statuses are ordered with the ID by default, so we do not have to reorder.
Sorting statuses in the database is even faster since the IDs are indexed
with B-tree.
* add missing locales for French translation
* accent "Media" in the front-end locales
* images => médias
* Change 'rapport' to 'signalement' in French locales to be more coherent
* fix typo
* remove duplicate EN locale
* translate missing locales
* update missing locale
* fix typo
* unify with "utilisateur⋅ice⋅s"
* address PR comments
* Use instance name in "password changed" mail
instead of "Mastodon".
Fixes tootsuite#2620.
* Use instance name in password reset mail
instead of "Mastodon".
* Fix#3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation
* Restore recovery code re-generation
* Improve display of some 2FA elements
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
* Fix#2347 - Bind web UI access token to session
When you logout, session also destroys the access token, so it's no longer
valid. If access token is destroyed some other way, the session is also
destroyed, requiring a re-login.
Fix#1681 - Add scheduler to remove revoked access tokens and grants
* Fix test
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
* Introduce domains method to Account relation
Account had followers_domains method, which was excessively specific.
Let relation of Account have domains method instead.
* Move follow_mapping in Account to AccountInteractions
* Introduce shared examples for AccountAvatar inclusion
* Cover Account more
* Fix regression from #3842
Simplify the query by omitting all direct statuses. Private statuses
are allowed because they are from accounts we are following (so
by definition)
Resolves#3887 (alternative)
* Adjust test
(This patch has been merged as bugfix and reverted, but still valuable as
improvement)
Previously, we've attached IntersectionObserver twice for boosted statuses:
wrapper Status and wrapped Status. but wrapped Status don't need to manage
intersection and visibility by itself, because it's a part of wrapper Status.
* Revert "Bump version to 1.4.4"
This reverts commit bd6bee29de.
* Revert "Fix conversations (fixes#3869) (#3870)"
This reverts commit ee7952c349.
* Revert "Fix streaming server. Redis connection subscribe for each channel. (#3828)"
This reverts commit 8f202bc639.
* Revert "Filter direct statuses in Status.as_home_timeline (#3842)"
This reverts commit 77dcf442e7.
* Revert "Fix RemoteFollow behavior (#3868)"
This reverts commit 1d2eba7a84.
* Revert "Update fabricator for MediaAttachment to attach a file according to type (#3862)"
This reverts commit baa248a801.
* Revert "Upgrade React Router (#3677)"
This reverts commit 9bc32eb267.
* Revert "Do not call setState from unmounted component (#3853)"
This reverts commit 59849b392d.
* Revert "Replace TextIconButton for SensitiveButton to IconButton (#3759)"
This reverts commit 47dceaded6.
* Revert "Fix RTL detection on Ruby side (#3867)"
This reverts commit 55376105f5.
* Revert "i18n: Fixed typo in Polish translation (#3864)"
This reverts commit 3c355ed26b.
* Revert "Don't attach IntersectionObserver for wrapped statuses (#3863)"
This reverts commit 79c04b0a2c.
The classes using Status.as_home_timeline, namely Feed and
PrecomputeFeedService are expected to filter direct statuses as
FanOutWriteService does, but their filtering were incomplete or missing.
This commit solves the problem by filtering direct statuses in
as_home_timeline as the other similar methods such as as_public_timeline
does.
This fixes a bug that sometimes boosted statuses being hidden on scrolling.
Previously, we've attached IntersectionObserver twice for boosted statuses:
wrapper Status and wrapped Status. This will call intersection handler twice,
so this may results race condition...probably.
* Whitelist allowed classes for federated statuses
Allowed classes are currently:
- Any microformats class (h/p/u/dt/e-*)
- the classes mention, hashtag, ellipses and invisible.
this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text.
resolved#3790
* Fix code style
mergeDeep also merges columns, but it should be replaced simply.
So in the new function, first apply mergeDeep except columns, and set default columns if columns unset.
* Make Pubsubhubbub::DistributionWorker handle both single stream entry
arguments, as well as arrays of stream entries
* Add BatchedRemoveStatusService, make SuspendAccountService use it
* Improve method names
* Add test
* Add more tests
* Use PuSH payloads of 100 to have a clear mapping of
1000 input statuses -> 10 PuSH payloads
It was nice while it lasted
* Add form for account deletion
* If avatar or header are gone from source, remove them
* Add option to have SuspendAccountService remove user record, add tests
* Exclude suspended accounts from search
* Fix#2619 - When redis feed is empty, fall back to database
* Use redis value to return feed from database only while RegenerationWorker
hasn't finished running
* Fix specs
* Replace usage of reject!
TagManager.local_url? was sometimes called with an URI with a nil host,
leading to a crash in TagManager.local_url?. This fixes moves the
already-existing uri.host.blank? check in front to avoid this case.
* Move ancestors/descendants out of timelines reducer
* Refactor timelines reducer
All types of timelines now have a flat structure and use the same
reducer functions and actions
* Reintroduce some missing behaviours
* Fix wrong import in reports
* Fix includes typo
* Fix issue related to "next" pagination in timelines and notifications
* Fix bug with timeline's initial state, expandNotifications
```
DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:60)
DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:60)
DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:60)
DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:61)
DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:62)
DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:63)
```
Here's PR describing changes to Dirty API https://github.com/rails/rails/pull/25337
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.
More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
- Use plaintext
- Strip out URLs
- Strip out mentions
- Strip out hashtags
- Strip out whitespace from "overall" count
- Consistent between JS and Ruby
* Improve default language decision
This change allows to takes account of accepted language determined by
the user agent even if the custom default locale of the instance is
configured.
* Cover Localized more
* Fix code style
Each of mute, favourite, reblog has been updated to:
- Have a separate controller with just a create and destroy action
- Preserve historical route names to not break the API
- Mild refactoring to break up long methods
* Add specs for api statuses routes
* Update favourited_by and reblogged_by api routes
* Move methods into new controllers
* Use load_accounts methods to simplify index actions
* Clean up load_accounts methods
* Clean up link header generation
* Check for link headers in specs
* Remove unused actions from api/v1/statuses controller
* Remove specs for moved actions
* Move ApiController to Api/BaseController
* API controllers inherit from Api::BaseController
* Add coverage for various error cases in api/base controller
* Coverage for rate limit headers
* Move rate limit headers methods to concern
* Move throttle check to condition on before_action
* Move match_data variable into method
* Move utc timestamp to separate method
* Move header setting into smaller methods
* specs cleanup
Steps to reproduce the original issue:
1. Have two remote accounts, A that you don't follow, and B that you follow.
2. Have A post a toot and reply to it.
3. Boost A's reply from remote account B.
This used to cause the local instance to get A's reply but fail to link it to
the original post.
* Add regex filter on the community timeline and the public timeline
* correcting
* Adjust the height of header buttons
* Remove trailing spaces
* Remove trailing spaces
* Solve some code duplication
* reset the state of the locale files in app/javascript/mastodon/locales
* adjust to upstream
* adjust to upstream
* change keys of locale settings
* Sort results by the name
* Switch search method to simple `LIKE` matching instead of tsvector/tsquery
Previously we used scores from ts_rank_cd() to sort results, but it didn't work
because the function returns same score for all results. It's not for calculate
similarity of single words. Sometimes this bug even push out exact matching tag
from results.
Additionally, PostgreSQL supports prefix searching with standard btree index.
Using it offers simpler code, but also less index size and some speed.
* Try fixing ThreadResolveWorker calls
From my understanding of ActiveRecord, a transaction is commited as soon as
the exit of the outmost ActiveRecord.transaction block. However, inner
transaction blocks will exit without the transaction being commited.
In this case, ThreadResolveWorker were fired *within* a transaction block,
so moving the call out of it should do the trick. However, this is somewhat
fragile, as this whole codepath could be called within yet another transaction.
* Set status thread within the transaction block if it is immediately available from database
* Add a StatusFilter class to identify visibility of statuses by accounts
* Extract StatusThreadingConcern from Status
* Clarify purpose of checking for nil account
* Redirect to streaming_api_base_url
When Rails receives a request to streaming API, it most likely
means that there is another host which is configured to respond
to it. This is to redirect clients to that host if
`STREAMING_API_BASE_URL` is set as another host.
* Use the new Ruby 1.9 hash syntax
* i18n Update : Add preference setting for delete toot modal
Adding a line for "Add preference setting for delete toot modal"
* i18n update for pin/unpin
Update to add two more translations
* i18n update to have the dates in plain occitan
* Removed the blank line
* %{selft} back in the translation
* Do not fall back to StreamEntry if object_type is unavailable in TagManager
Since 24c77e57b2, when Status, the only model
with stream_entry, and StreamEntry got its own logic in uri_for and
url_for, the purpose of the fallbacks to activity_type of StreamEntry
became unclear.
This commit removes the fallbacks. When adding another model with
stream_entry in future, consider to update uri_for and url_for.
* Cover TagManager more
* Do not default the format in ProviderDiscovery
The format should be determined when discovering, as it is in the current
implementation, and it is a flaw if it is not determined.
* Spec ProviderDiscovery
* Allow mounting arbitrary columns
* Refactor column headers, allow pinning/unpinning and moving columns around
* Collapse animation
* Re-introduce scroll to top
* Save column settings properly, do not display pin options in
single-column view, do not display collapse icon if there is
nothing to collapse
* Fix one instance of public timeline being closed closing the stream
Fix back buttons inconsistently sending you back to / even if history exists
* Getting started displays links to columns that are not mounted
* Add redis key "subscribed:timeline:#{account.id}" to indicate active streaming API listeners exists.
* Add endpoint for notification only stream.
* Run PushUpdateWorker only for users uses Streaming API now.
* Move close hander streamTo(Http/Ws) -> stream(Http/Ws)End (Deal with #3370)
* Add stream type for stream start log message.
* zh-cn.json: "additional info" -> "more info"
This commit changes the "extended info" (about/more) text to something that translates to "more info", as "additional info" in zh can sound like appending things to the (ugh) navbar, I guess.
Or should I just change it to "about this site" (关于本站)?
* zh-cn.json: navbar.info -> "about this site"
* zh-臺灣.json: navbar.info -> "about this site"
This implementation is a bit smaller and still has the following benefits:
* No need of app/javascript/packs/custom.js
For custom stylesheet, it typically has only
"require('../styles/custom.scss')" and is redundant.
* No need to extract vendor stylesheet to another asset
Extracting vendor stylesheet could be forgotten by developers who do not
use custom stylesheet.
* Update rails to version 5.1.1
* Run `rails app:update`
* Remove the override of polymorphic activity relationship
* Silence warning about otp_secret attribute being unknown to rails
* We will only introduce form_with where we want to use remote data
* Add failing specs for hashtag and username extraction in language detector
* Remove usernames and hashtags from text before language detection
* Handle multiple instances of special case, and reduce whitespace
* Remove trailing whitespace in i18n mailers
* Use query methods instead of #present? on AR attributes
* Delegate Status#account_domain method
* Delegate Mention #account_username and #account_acct methods
* Move specs for account finder methods to concern spec
* Move account finder methods to concern
* Improve spec wording
* Use more explicit comparison to ensure correct return value
* Add coverage for .find_local! and .find_remote!
* Add some methods to the finder
* Use arel on matching_username method
* Avoid ternary in matching domain method
* Simplify finder methods
* Use an AccountFinder class to simplify lookup
* Set delete_modal preference to true by default
* Does not show confirmation modal if delete_modal is false
* Add ja translation for preference setting page
The combination of object-fit, relative position 50% from top and translating it
back upwards 50% is what allows us to crop the video properly, so it needs to
be +50%-50%
* Fix#2922 - Load stylesheet from "custom.css" entrypoint when present
This is pretty much the same way it worked as before, albeit with
having to create app/javascript/packs/custom.js with
require('../styles/custom.scss') (or whatever you want really), which
will be a blank slate for you to import whatever you want
* Remove old assets directory
* Extract font-awesome into common.css and always load it
* Update nl strings for 1.4
* Update nl strings for 1.4
* Update nl strings for 1.4
* nl strings (+1)
More new OTP strings will be translated another time
* Fix nil input not handled well in AuthorExtractor concern
* Fix hard error in ProcessFeedService when replied-to status has been deleted
* Fix nil errors in ProcessInteractionService when favourited status
cannot be found
because it may causes flicker on the conversation when it contains blocked/muted user's status.
We use `/api/v1/statuses/{id}/context` to obtain status ids in the
conversation which filters blocked/muted user, but also uses internal
cache constructed from `in_reply_to_id` by `normalizeStatus()` in
`reducers/timelines.js` on each status loading which doesn't filter.
So statuses appears in conversation if those are cached, even those
statuses are from blocked/muted user. Then context cache will be updated
with the result of the context API and those statuses will be removed.
I have left the `normalizeStatus()` function itself which is called many
functions in the file as a placeholder for now, but maybe it should be
removed completely.
In single user mode, visitors are redirected to the single user's
profile page. So, if you are the owner without a session, you start
from that page, click the login button and authenticate yourself
expecting you'll soon get started with the home page, but in reality
you'll get redirected back to where you started from -- your own
profile page.
This fixes the behavior by redirecting you home after login if you
have started from your own profile page.
I've found this issue when I clicked replies to muted user on the timeline.
Properties I've removed in here were added with lazy loading using
IntersectionObserver (5efcea69), but those statuses are not need to be
tracked anyway because it will be rendered as only empty div.
This will reduce requests on who have only few statuses.
- Use next link header to detect more items from first request
- Omit next link header if result items are fewer than requested count
(It had omit it only if result was empty before)
* @object is not needed
* Remove unneeded dependencies
* Do not call private method
* Prefer #respond_to_missing? over #respond_to?
`#respond_to?` doesn't support `User.settings.method(:method_name)`
* Use find_or_initialize_by instead of
* Add load more button for large screens
* Fix `next` state value on the first loading
* Don't load if `isLoading || !hasMore`
* Start load on near the bottom
Link headers in following/followers API should include follow_id as max_id/since_id.
However, these API use current_user's account_id instead of follow_id from #3167.
This causes irrelevant result on loading more users.
- Increase coverage to exercise all parts of each action
- Move into namespace to share common code
- Misc refactor of each action for smaller methods, simpler code