Commit Graph

445 Commits (72b7cd349ccffb557d2c55f4ba76b525ff47ef9e)

Author SHA1 Message Date
Takeshi Umeda 3419d3ec84
Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) ()
* Bump chewy from 5.2.0 to 7.2.2

* fix style (codeclimate)

* fix style

* fix style

* Bump chewy from 7.2.2 to 7.2.3
2021-11-18 22:02:08 +01:00
Claire 6da135a493
Fix reviving revoked sessions and invalidating login ()
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:13:58 +01:00
Jeong Arm c8ce728705
Support authentication for ElasticSearch ()
* Support authentication for ElasticSearch

* Fix chewy auth settings
2021-10-24 17:20:03 +02:00
Claire b21f3aa21d
Minor memory optimizations ()
Reduce constant memory usage by ~100kB and further reduce boot-up memory
allocations and temporary memory use by a further ~200kB.
2021-10-14 21:04:57 +02:00
Daniel 2ed1c92c63
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED ()
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.

We need a new environment variable like for SAML to assume the email
from CAS is verified.

* config/initializers/omniauth.rb: define CAS option for assuming
  email are always verified.
* .env.nanobox: add new variable as an example.
2021-08-25 18:41:24 +02:00
Claire 211d5c3c30
Fix inefficiencies in auto-linking code ()
The auto-linking code basically rewrote the whole string escaping non-ascii
characters in an inefficient way, and building a full character offset map
between the unescaped and escaped texts before sending the contents to
TwitterText's extractor.

Instead of doing that, this commit changes the TwitterText regexps to include
valid IRI characters in addition to valid URI characters.
2021-07-15 15:56:58 +02:00
Claire b715cede4d
Fix mailer jobs for deleted notifications erroring out ()
Fixes an oversight in the Rails 6 migration
2021-05-24 03:02:46 +02:00
Claire 97539b6a96
Fix host check on healthcheck path not being disabled ()
Fixes 

There was a typo in 
2021-05-17 22:36:08 +02:00
Jeong Arm f09322f9cc
Disable host check on healthcheck path () 2021-05-16 19:48:59 +02:00
Takeshi Umeda 9b18914c35
Add a Redis environment variable for sidekiq () 2021-05-09 10:40:17 +02:00
Claire 566fc90913
Add Ruby 3.0 support ()
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0

Also improve the Terrapin monkey-patch for the stderr/stdout issue.

* Fix keyword argument handling throughout the codebase

* Monkey-patch Paperclip to fix keyword arguments handling in validators

* Change validation_extensions to please CodeClimate

* Bump microformats from 4.2.1 to 4.3.1

* Allow Ruby 3.0

* Add Ruby 3.0 test target to CircleCI

* Add test for admin dashboard warnings

* Fix admin dashboard warnings on Ruby 3.0
2021-05-06 14:22:54 +02:00
Takeshi Umeda 2360191434
Fix guard against DNS rebinding attacks () 2021-04-22 20:33:36 +02:00
Takeshi Umeda 8323023464
Add guard against DNS rebinding attacks ()
* Add guard against DNS rebinding attacks

* Fix not to apply to test environment
2021-04-21 17:45:58 +02:00
Eugen Rochko 3b8d085436
Fix app name, website and redirect URIs not having a maximum length ()
Fix app scopes not being validated
2021-04-15 16:28:43 +02:00
Eugen Rochko 3f2533ca8e
Fix autoloading deprecation warnings from Rails 6 () 2021-04-09 02:31:20 +02:00
Eugen Rochko 82cce18227
Change health check () 2021-04-03 02:39:04 +02:00
Claire cbd0ee1d07
Update Mastodon to Rails 6.1 ()
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
2021-03-24 10:44:31 +01:00
Claire a4dcaef53b
Prepare Mastodon for zeitwerk autoloader ()
* Prepare Mastodon for zeitwerk autoloader (Rails 6)

Add inflections and rename/move a few classes.

In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.

* Add inflection for Url → URL
2021-03-19 02:42:43 +01:00
Claire 43eff898a0
Prepare Mastodon for Rails 6 ()
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
2021-03-17 10:09:55 +01:00
Eugen Rochko e89e976e92
Fix configuration for sidekiq-unique-jobs after 7.x upgrade ()
Remove locks from scheduled jobs
2021-03-15 11:17:43 +01:00
Claire 65db262550
Update twitter-text from 1.14 to 3.1.0 and fix toot character counting ()
* Update twitter-text from 1.14 to 3.1.0

* Disable emoji parsing

* Properly depend on twitter-text for url detection

* Fix some URLs being wrongly detected client-side

* Add test for server-side validation of non-autolinkable URLs

* Fix server-side status length counting
2021-03-02 12:02:56 +01:00
Eugen Rochko ee1119208c
Add `POST /api/v1/emails/confirmations` to REST API ()
Only available to the application the user originally signed-up with
2021-03-01 18:39:47 +01:00
Shlee ab9c2ed98d
Delete pagination.rb () 2021-02-19 09:52:58 +01:00
Claire 21fb3f3684
Drop dependency on secure_headers, fix response headers ()
* Drop dependency on secure_headers, use always_write_cookie instead

* Fix cookies in Tor Hidden Services by moving configuration to application.rb

* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2021-02-11 23:47:05 +01:00
Cecylia Bocovich e79f8dd85c
Onion service related changes to HTTPS handling ()
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
2021-02-11 04:40:13 +01:00
Shubhendra Singh Chauhan c8d11b8bdb
Fixed code quality issues ()
* Added .deepsource.toml

* Removed bad use of `alias`

* Fixed operand order in the binary expression

* Prefixed unused method arguments with an underscore

* Replaced the old OpenSSL algorithmic constants with the newer strings initializers.

* Removed unnecessary UTF-8 encoding comment
2021-01-31 21:26:09 +01:00
luigi eb51e43fb4
Optimize some regex matching ()
* Use Regex#match?

* Replace =~ too

* Avoid to call match? from Nil

* Keep value of Regexp.last_match
2021-01-22 10:09:08 +01:00
kaiyou f47c177eb7
Support clock drift in Omniauth SAML provider ()
The setting is not well documented by the provider, but allows for
clock skew between SP and IDP, see:
https://github.com/omniauth/omniauth-saml/blob/master/spec/omniauth/strategies/saml_spec.rb

Co-authored-by: kaiyou <dev@kaiyou.fr>
2021-01-08 07:07:08 +01:00
Eugen Rochko 9915d11c0d
Fix unnecessary queries when batch-removing statuses, 100x faster () 2020-12-22 17:13:55 +01:00
Eugen Rochko 1045549f85
Add stoplight for object storage failures, return HTTP 503 () 2020-12-15 12:55:29 +01:00
Eugen Rochko df1653174b
Add cache buster feature for media files ()
Nginx can be configured to bypass proxy cache when a special header
is in the request. If the response is cacheable, it will replace
the cache for that request. Proxy caching of media files is
desirable when using object storage as a way of minimizing bandwidth
costs, but has the drawback of leaving deleted media files for
a configured amount of cache time. A cache buster can make those
media files immediately unavailable. This especially makes sense
when suspending and unsuspending an account.
2020-11-19 17:38:06 +01:00
Eugen Rochko acc1c03861
Fix cookies not having a SameSite attribute () 2020-11-06 11:57:14 +01:00
Josh Leeb-du Toit 0c24f4dce2
Add support for Gemini urls ()
This PR updates the `valid_url` regex and sanitizer allowlist to provide
support for Gemini urls.

Closes 
2020-10-19 17:02:13 +02:00
Eugen Rochko 5e1364c448
Add IP-based rules () 2020-10-12 16:33:49 +02:00
tateisu 7919418e4c
add S3_READ_TIMEOUT environment variable () 2020-10-06 21:29:22 +02:00
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method ()
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
Eugen Rochko 81a3db1564
Change rate limits for various paths ()
- Rate limit login attempts by target account
- Rate limit password resets and e-mail re-confirmations by target account
- Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before
2020-07-07 15:26:39 +02:00
ThibG a783bdf4ad
Fix hashtag column options styling ()
* Enable nonces for stylesheets

* Pass nonce to react-select
2020-07-07 01:33:38 +02:00
Eugen Rochko 6d23d40420
Change Redis#exists calls to Redis#exists? to avoid deprecation warning () 2020-07-01 19:05:21 +02:00
Eugen Rochko 7aaf2b44ec
Fix remote files not using Content-Type header, streaming () 2020-06-30 23:58:02 +02:00
Eugen Rochko 8c04e37b03
Remove the terms blacklist and whitelist from UX ()
Localization strings:

- "Whitelist mode" -> "Limited federation mode"
- "Blacklist e-mail domain" -> "Block e-mail domain"
- "Whitelist domain" -> "Allow domain for federation"

...And so on

Environment variables (backwards-compatible):

- `WHITELIST_MODE` -> `LIMITED_FEDERATION_MODE`
- `EMAIL_DOMAIN_BLACKLIST` -> `EMAIL_DOMAIN_DENYLIST`
- `EMAIL_DOMAIN_WHITELIST` -> `EMAIL_DOMAIN_ALLOWLIST`

tootctl:

- `tootctl domains purge --whitelist-mode` -> `tootctl domains purge --limited-federation-mode`

Removed badly maintained and no longer relevant .env.production.sample file
2020-06-27 20:20:11 +02:00
mayaeh f56129a947
Suppress Redis#exists(key) warning () 2020-06-17 10:31:31 +02:00
Eugen Rochko 5d8398c8b8
Add E2EE API () 2020-06-02 19:24:53 +02:00
Takeshi Umeda 8e056bd82e
Fix csv upload () 2020-05-24 09:15:23 +02:00
Takeshi Umeda 1c434615b3
Fix workaround for Elasticsearch 7.x () 2020-05-23 05:48:14 +02:00
Eugen Rochko 4b766f9846
Refactor monkey-patching of Goldfinger () 2020-05-10 11:41:43 +02:00
ThibG 34756cc4e0
Fix "tootctl media remove-orphans" crashing on “Import” files ()
* Fix "tootctl media remove-orphans" crashing on “Import” files

* Also remove empty directories when removing orphaned media
2020-05-09 21:06:55 +02:00
ThibG e1629a7758
Remove 'unsafe-inline' from Content-Security-Policy style-src ()
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
2020-05-08 21:22:57 +02:00
ThibG dea5db0e25
Fix PgHero Content-Security-Policy when CDN_HOST is used () 2020-05-04 13:52:41 +02:00
mayaeh acc367fd14
Fix naming issue () 2020-04-27 10:32:05 +02:00
Eugen Rochko c3ca3801f2
Add separate cache directory for non-local uploads () 2020-04-26 23:29:08 +02:00
Eugen Rochko d18d6c29f3
Fix search not working due to proxy settings when using hidden services ()
Fix 
2020-04-17 15:14:24 +02:00
Eugen Rochko f65568f1d4
Add ability to filter audit log in admin UI () 2020-04-03 13:06:34 +02:00
Eugen Rochko 9014367bd8
Fix background jobs not using locks like they are supposed to ()
Also:

- Fix locks not being removed when jobs go to the dead job queue
- Add UI for managing locks to the Sidekiq dashboard
- Remove unused Sidekiq workers

Fix 
2020-03-31 21:59:03 +02:00
Eugen Rochko 9241cbf861
Fix re-sending of e-mail confirmation not being rate limited ()
Fix 
2020-03-31 18:20:48 +02:00
ThibG 7ddbbdea6d
Fix OCR not working on Safari because of unsupported worker-src CSP ()
Fixes 
2020-03-27 22:35:57 +01:00
dependabot-preview[bot] 56531d646e
Bump sidekiq from 5.2.7 to 6.0.4 ()
* Bump sidekiq from 5.2.7 to 6.0.0

Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Sidekiq::Logger.logger -> Sidekiq.logger

* Drop support Ruby 2.4

* update

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2020-03-21 12:04:54 +09:00
Eugen Rochko 339ce1c4e9
Add specific rate limits for posting and following () 2020-03-08 15:17:39 +01:00
Eugen Rochko f52c988e12
Add announcements ()
* Add announcements

Fix 

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
ThibG a8e46cf7a1 Add support for magnet: URIs () 2020-01-23 21:27:26 +01:00
ThibG ea436b355b Add support for linking XMPP URIs in toots ()
* Fix wrong grouping in Twitter valid_url regex

* Add support for xmpp URIs

Fixes 

The difficult part is autolinking, because Twitter-text's extractor does
some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP
URIs do not really match the assumptions of that lib, so it doesn't sound
wise to try to shoehorn it into the existing regex.

This is why I used a specific regex (very close, although slightly more
permissive than the RFC), and a specific scan function (a simplified version
of the generalized one from Twitter).

* Remove leading “xmpp:” from auto-linked text
2020-01-11 02:15:25 +01:00
Eugen Rochko 49b2f7c0a2
Fix base64-encoded file uploads not being possible ()
Fix , Fix 
2020-01-04 01:54:07 +01:00
Eugen Rochko 59c697a30c
Fix resource_owner_from_credentials in Doorkeeper initializer ()
- Nil error when e-mail not found
- LDAP authentication used in place of PAM authentication
2020-01-03 05:35:46 +01:00
Eugen Rochko 09d54d1f62
Fix uncaught query param encoding errors () 2020-01-02 17:14:58 +01:00
Eugen Rochko 17159625b3
Add `S3_OVERRIDE_PATH_STYLE` environment variable ()
To support Exoscale
2019-12-10 07:40:01 +01:00
Eugen Rochko f3d232381d
Add `tootctl media remove-orphans` () 2019-12-08 15:37:12 +01:00
tateisu f1ef777d40 add S3_OPEN_TIMEOUT environment variable () 2019-12-02 21:05:27 +01:00
Mathieu Brunot bd8dc9bd0c Add an LDAP Mail attribute config ()
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2019-12-01 18:52:21 +01:00
Mathieu Brunot d70268f099 Convert LDAP username ()
*  Convert LDAP username 

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* 🐛 Fix conversion var use

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* 🐛 Fix LDAP uid conversion test

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* 👌 Remove comments with ref to PR

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* 👌 Remove unnecessary paranthesis

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* 🔧 Move space in conversion string

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2019-12-01 07:21:28 +01:00
ntl-purism f3a93987b6 LDAP & PAM added to OAuth password grant strategy () ()
When authenticating via OAuth, the resource owner password grant
strategy is allowed by Mastodon, but (without this PR), it does not
attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM
authenticated users cannot sign in to Mastodon with their
email/password credentials via OAuth (for instance, for native/mobile
app users).

This PR fleshes out the authentication strategy supplied to doorkeeper
in its initializer by looking up the user with LDAP and/or PAM when
devise is configured to use LDAP/PAM backends. It attempts to follow the
same logic as the Auth::SessionsController for handling email/password
credentials.

Note : Since this pull request affects an initializer, it's unclear
how to add test automation.

Note : The PAM authentication path has not been manually tested. It
was added for completeness sake, and it is hoped that it can be manually
tested before merging.
2019-11-30 19:44:59 +01:00
ThibG dfea7368c9 Add bookmarks ()
* Add backend support for bookmarks

Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.

* Add spec for bookmark endpoints

* Add front-end support for bookmarks

* Introduce OAuth scopes for bookmarks

* Add bookmarks to archive takeout

* Fix migration

* Coding style fixes

* Fix rebase issue

* Update bookmarked_statuses to latest UI changes

* Update bookmark actions to properly reflect status changes in state

* Add bookmarks item to single-column layout

* Make active bookmarks red
2019-11-13 23:02:10 +01:00
Eugen Rochko 45eccaf8c5
Fix preloaded JSON-LD context for identity not being used ()
Regression from 
2019-10-10 06:48:53 +02:00
Eugen Rochko 354fdd317e
Fix attachment not being re-downloaded even if file is not stored ()
Change the behaviour of remotable concern. Previously, it would skip
downloading an attachment if the stored remote URL is identical to
the new one. Now it would not be skipped if the attachment is not
actually currently stored by Paperclip.
2019-10-09 07:10:46 +02:00
Eugen Rochko 086fc7ed77
Fix S3 adapter retrying failing uploads with exponential backoff ()
The default limit of 10 retries with exponential backoff meant
that if the S3 server was timing out, you would be stuck with it
for much, much longer than the 5 second read timeout we expect.

The uploading happens within a database transaction, which means
a failing S3 server could negatively affect database performance
2019-10-06 06:20:57 +02:00
Eugen Rochko 5c42f47617
Fix records not being indexed sometimes ()
It's possible that after commit callbacks were not firing when
exceptions occurred in the process. Also, the default Sidekiq
strategy does not push indexing jobs immediately, which is not
necessary and could be part of the issue too.
2019-10-01 01:19:11 +02:00
Eugen Rochko 5f69eb89e2
Add a nodeinfo endpoint ()
* Add nodeinfo endpoint

* dont commit stuff from my local dev

* consistant naming since we implimented 2.1 schema

* Add some additional node info stuff

* Add nodeinfo endpoint

* dont commit stuff from my local dev

* consistant naming since we implimented 2.1 schema

* expanding this to include federation info

* codeclimate feedback

* CC feedback

* using activeserializers seems like a good idea...

* get rid of draft 2.1 version

* Reimplement 2.1, also fix metaData -> metadata

* Fix metaData -> metadata here too

* Fix nodeinfo 2.1 tests

* Implement cache for monthly user aggregate

* Useless

* Remove ostatus from the list of supported protocols

* Fix nodeinfo's open_registration reading obsolete setting variable

* Only serialize domain blocks with user-facing limitations

* Do not needlessly list noop severity in nodeinfo

* Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone

* Enable caching for nodeinfo endpoints

* Fix rendering nodeinfo

* CodeClimate fixes

* Please CodeClimate

* Change InstancePresenter#active_user_count_months for clarity

* Refactor NodeInfoSerializer#metadata

* Remove nodeinfo 2.1 support as the schema doesn't exist

* Clean-up
2019-09-29 21:31:51 +02:00
Yamagishi Kazutoshi a5c558f052 Hide error message on /heath ()
* Hide error message on /heath

* update health_check
2019-09-24 20:28:25 +02:00
Yamagishi Kazutoshi b02169f124 Cast multipart threshold to integer () 2019-09-24 17:32:12 +02:00
Eugen Rochko a1f04c1e34
Fix authentication before 2FA challenge ()
Regression from 
2019-09-24 04:35:36 +02:00
Yamagishi Kazutoshi 172eaeba3f Add config of multipart threshold for S3 () 2019-09-23 15:37:45 +02:00
Eugen Rochko c707ef49d9
Fix 2FA challenge and password challenge for non-database users ()
* Fix 2FA challenge not appearing for non-database users

Fix 

* Fix account deletion not working when using external login

Fix 
2019-09-15 21:08:39 +02:00
Yamagishi Kazutoshi 4e1b742cb2 Change rate limit for media proxy () 2019-09-13 16:02:52 +02:00
Yamagishi Kazutoshi d7268befa8 Add healthcheck endpoint for web () 2019-09-07 02:47:51 +02:00
ThibG 692c5b439a Fix ActivityPub context not being dynamically computed ()
* Fix contexts not being dynamically included

Fixes 

* Refactor Note context in serializer

* Refactor Actor serializer
2019-09-03 22:52:32 +02:00
ThibG 8203e24cf4 Fix CSP needlessly allowing blob URLs in script-src () 2019-08-19 20:36:58 +02:00
Eugen Rochko b7f5f0ec10
Fix media host not being included in connect-src for OCR () 2019-08-16 01:54:36 +02:00
Eugen Rochko 28636f43e4
Add OCR tool to media editing modal () 2019-08-15 15:13:26 +02:00
Eugen Rochko 24552b5160
Add whitelist mode () 2019-07-30 11:10:46 +02:00
Eugen Rochko 3bc0c4a884
Remove unused StatsD code and expose StatsD as a global variable ()
The instrumentation code was used for StatsD metrics collection
prior to the switch to the nsa gem and should have been removed
at that point as it no longer does anything at all
2019-07-02 11:34:39 +02:00
Eugen Rochko 7696f77245
Add moderation API ()
Fix 
Fix 
2019-06-20 02:52:34 +02:00
Eugen Rochko 1db4117030
Change preferences page into appearance, notifications, and other () 2019-06-07 03:39:24 +02:00
Hinaloe b793722d7d Fix undefined method error () 2019-05-28 15:31:51 +03:00
mayaeh afb17b7045 Fix undefined method error. () 2019-05-28 05:42:04 +02:00
ThibG 0e9b8be18a Improve rate limiting ()
* Rate limit based on remote address IP, not on potential reverse proxy

* Limit rate of unauthenticated API requests further

* Rate-limit paging requests to one every 3 seconds
2019-05-27 21:57:49 +02:00
dependabot[bot] ecbea2e3c6 Bump rack-attack from 5.4.2 to 6.0.0 ()
* Bump rack-attack from 5.4.2 to 6.0.0

Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 5.4.2 to 6.0.0.
- [Release notes](https://github.com/kickstarter/rack-attack/releases)
- [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kickstarter/rack-attack/compare/v5.4.2...v6.0.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* fix payload[:request]
2019-05-03 16:16:11 +02:00
Eugen Rochko 8a0d677cde
Fix stoplight logging to stderr separate from Rails logger () 2019-04-23 04:39:48 +02:00
Eugen Rochko 0e8819f0e8
Add rate limit for media proxy requests ()
30 per 30 minutes, like media uploads
2019-04-07 04:26:43 +02:00
Eugen Rochko 11fe293e1b
Remove unused ActivityPub `@context` values depending on response ()
Fix 
2019-03-27 15:55:23 +01:00
Eric 7169928f96 cas_options :validate_url should be :service_validate_url ()
Otherwise, no matter what is given for CAS_VALIDATE_URL the default /serviceValidate path would be used.
2019-03-21 04:06:41 +01:00
Eugen Rochko 99fa1ce93d
Add tight rate-limit for API deletions ()
Deletions take a lot of resources to execute and cause a lot of
federation traffic, so it makes sense to decrease the number
someone can queue up through the API.

30 per 30 minutes
2019-02-14 06:27:54 +01:00
Eugen Rochko 016ad37bc8
Fix URL linkifier grabbing full-width spaces and quotations ()
Fix 
Fix 
2019-02-09 20:13:11 +01:00
Eugen Rochko 4699cf853c
Add timeouts for S3 () 2019-01-18 01:36:59 +01:00
Moritz Heiber ecf40d09ed Disable Same-Site cookie implementation to fix SSO issues on WebKit browsers () 2019-01-15 23:11:46 +01:00
Nolan Lawson f05eb67081 Enable immutable caching for S3 objects ()
I also added "public" here, as I can't think of a good reason not to add it. Perhaps it has some marginal benefit in that ISPs (or other proxies) can cache it for all users. The assets are certainly publicly available and the same for all users.
2019-01-05 12:29:53 -05:00
Eugen Rochko 5d2fc6de32
Add REST API for creating an account ()
* Add REST API for creating an account

The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.

The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.

The method is rate-limited by IP to 5 requests per 30 minutes.

* Redirect users back to app from confirmation if they were created with an app

* Add tests

* Return 403 on the method if registrations are not open

* Require agreement param to be true in the API when creating an account
2018-12-24 19:12:38 +01:00
Eugen Rochko 240c122767
Skip mailer job retries when a record no longer exists ()
Fix 
2018-12-21 06:16:17 +01:00
ThibG 3f12c07ff5 Use same CORS policy for /@:username and /users/:username ()
Fixes 

rack-cors being called before the application router, it does not follow
the redirection, and we need a separate rule for /users/:username.
2018-12-10 21:39:47 +01:00
ThibG 84e5ed43e7 Preload common JSON-LD contexts ()
Fixes 
2018-12-02 16:46:13 +01:00
Ben Lubar 13e049d772 Allow cross-origin requests to /.well-known/* URLs. ()
Right now, this includes three endpoints: host-meta, webfinger, and change-password.

host-meta and webfinger are publicly available and do not use any authentication. Nothing bad can be done by accessing them in a user's browser.

change-password being CORS-enabled will only reveal the URL it redirects to (which is /auth/edit) but not anything about the actual /auth/edit page, because it does not have CORS enabled.

The documentation for hosting an instance on a different domain should also be updated to point out that Access-Control-Allow-Origin: * should be set at a minimum for the /.well-known/host-meta redirect to allow browser-based non-proxied instance discovery.
2018-10-25 03:13:35 +02:00
Eugen Rochko a38a452481
Add unread indicator to conversations () 2018-10-19 01:47:29 +02:00
ThibG 8ab081ec32 Add manifest_src to CSP, add blob to connect_src () 2018-10-12 19:07:30 +02:00
Eugen Rochko edc7f895be
Fix CSP headers blocking media and development environment ()
Regression from 
2018-10-12 01:43:09 +02:00
ThibG 2d27c11061 Set Content-Security-Policy rules through RoR's config ()
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
2018-10-11 20:35:46 +02:00
Sascha b2a57a5d6f add ffmpeg initializer ()
* add ffmpeg initializer

* use different expression to check for environment var
2018-10-09 03:02:52 +02:00
ashleyhull-versent f194857ac9 rubocop issues - Cleaning up ()
* cleanup pass

* undo mistakes

* fixed.

* revert
2018-10-08 04:50:11 +02:00
aus-social 0a4739c732 lint pass 2 ()
* Code quality pass

* Typofix

* Update applications_controller_spec.rb

* Update applications_controller_spec.rb
2018-10-04 17:38:04 +02:00
aus-social 1f98eae1cf Lint pass () 2018-10-04 12:36:53 +02:00
Yamagishi Kazutoshi 65f04e6046 Fix that Rails.cache information could not be sent via StatsD () 2018-09-30 00:05:59 +02:00
Eugen Rochko f4d549d300
Redesign forms, verify link ownership with rel="me" ()
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
luzpaz 40dd19be37 Misc. typos ()
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-14 00:53:09 +02:00
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax ()
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
2018-09-08 23:54:28 +02:00
M Somerville 2bba6e582d Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. ()
Still check for S3_CLOUDFRONT_HOST for existing installs.
2018-08-25 13:27:08 +02:00
ThibG f06fa09962 Revert to using Paperclip's filesystem storage, and fix dangling records in remove_remote ()
* Fix uncaching worker

* Revert to using Paperclip's filesystem backend instead of fog-local

fog-local has lots of concurrency issues, causing failure to delete files,
dangling file records, and spurious errors UncacheMediaWorker
2018-08-21 17:53:01 +02:00
Immae b0f4fe456b Add ldap search filter () 2018-08-15 18:12:44 +02:00
Eugen Rochko 018a9e4e7f
Add post-deployment migration system ()
Adopted from GitLab CE. Generate new migration with:

    rails g post_deployment_migration name_of_migration_here

By default they are run together with db:migrate. To not run them,
the env variable SKIP_POST_DEPLOYMENT_MIGRATIONS must be set

Code by Yorick Peterse <yorickpeterse@gmail.com>, see also:

83c8241160
2018-08-13 13:40:01 +02:00
abcang 69bf116345 Add secure option to additional cookie () 2018-07-25 18:49:47 +02:00
Eugen Rochko 1f6ed4f86a
Add more granular OAuth scopes ()
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
2018-07-05 18:31:35 +02:00
MIYAGI Hikaru ddd0bb69e1 Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` ()
If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address.
I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
2018-06-29 15:36:02 +02:00
Eugen Rochko 0df91c7b1e
Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor ()
* Add dat:// and gopher:// to URL extractor

Fix 

* Fix comment indent

* Add dweb, ipfs, ipns, ssb
2018-06-15 20:21:47 +02:00
Eugen Rochko 53f0452b70
Remove rack-timeout ()
Timeout considered harmful due to leaving the app in a broken
state, including unreaped database connections
2018-06-15 19:46:25 +02:00
Eugen Rochko d87649db07
Disable AMS logging ()
Especially in production it's just noise and doesn't mix well with the log format
2018-05-26 01:08:31 +02:00
MIYAGI Hikaru 919eef3098 User agent for WebFinger ()
* User agent for WebFinger

* local_domain → web_domain

* 'http' is away accidentally...
2018-05-18 01:47:22 +02:00
Eugen Rochko b4fb766b23
Add REST API for Web Push Notifications subscriptions ()
- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
2018-05-11 11:49:12 +02:00
Hugo Gameiro ea4e243303 Improve OpenStack v3 compatibility ()
* Update paperclip.rb

* Update .env.production.sample

* Update paperclip.rb
2018-05-07 02:28:28 +02:00
Akihiko Odaki a7e71bbd08 Add a missing question mark in rack_attack.rb () 2018-05-03 18:51:00 +02:00
Akihiko Odaki b1d4471e36 Throttle media post ()
The previous rate limit allowed to post media so fast that it is possible
to fill up the disk space even before an administrator notices. The new
rate limit is configured so that it takes 24 hours to eat 10 gigabytes:
10 * 1024 / 8 / (24 * 60 / 30) = 27 (which rounded to 30)

The period is set long so that it does not prevent from attaching several
media to one post, which would happen in a short period. For example,
if the period is 5 minutes, the rate limit would be:
10 * 1024 / 8 / (24 * 60 / 5) = 4

This long period allows to lift the limit up.
2018-05-03 17:32:00 +02:00
Eugen Rochko cb5b5cb5f7
Slightly reduce RAM usage ()
* No need to re-require sidekiq plugins, they are required via Gemfile

* Add derailed_benchmarks tool, no need to require TTY gems in Gemfile

* Replace ruby-oembed with FetchOEmbedService

Reduce startup by 45382 allocated objects

* Remove preloaded JSON-LD in favour of caching HTTP responses

Reduce boot RAM by about 6 MiB

* Fix tests

* Fix test suite by stubbing out JSON-LD contexts
2018-05-02 18:58:48 +02:00
MIYAGI Hikaru f58dcbc981 HTTP proxy support for outgoing request, manage access to hidden service ()
* Add support for HTTP client proxy

* Add access control for darknet

Supress error when access to darknet via transparent proxy

* Fix the codes pointed out

* Lint

* Fix an omission + lint

* any? -> include?

* Change detection method to regexp to avoid test fail
2018-04-25 02:14:49 +02:00
Yamagishi Kazutoshi 50529cbceb Upgrade Rails to version 5.2.0 () 2018-04-12 14:45:17 +02:00
Eugen Rochko 49bbef1202
Use RAILS_LOG_LEVEL to set log level of Sidekiq, too ()
Fix  (oops)
2018-04-10 16:08:28 +02:00
Eugen Rochko 80a944c882
Log rate limit hits ()
Fix 
2018-04-10 01:20:18 +02:00
Eugen Rochko d4de2239b0
Add a circuit breaker for ActivityPub deliveries () 2018-04-07 21:36:58 +02:00
Yamagishi Kazutoshi 28384c1771 Revert "Revert "Upgrade Paperclip to version 6.0.0" ()" ()
This reverts commit 40871caa4b.
2018-03-24 12:52:45 +01:00
Eugen Rochko ac49c7932d
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env ()
Fix , fix 
2018-03-20 19:41:51 +01:00
Alexander 33ee347c99 rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) () 2018-03-19 20:09:26 +01:00
Eugen Rochko 40871caa4b
Revert "Upgrade Paperclip to version 6.0.0" ()
* Revert "Bump version to 2.3.2rc1"

This reverts commit cdf8b92fea.

* Revert "Downgrade Dockerfile to Ruby 2.4.3 on Alpine 3.6 ()"

This reverts commit 0074cad44f.

* Revert "Handle Mastodon::HostValidationError when pulling remoteable assets ()"

This reverts commit 4a0a19fe54.

* Revert "Correct the reference to user's password in mastodon:add_user task ()"

This reverts commit 338bff8b93.

* Revert "Upgrade Paperclip to version 6.0.0 ()"

This reverts commit b88fcd53f7.
2018-03-17 14:20:35 +01:00
Yamagishi Kazutoshi b88fcd53f7 Upgrade Paperclip to version 6.0.0 () 2018-03-17 12:37:58 +01:00
Effy Elden dd9d00d293 Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available () 2018-03-07 06:19:10 +01:00
Alexander 42fe05dea1 fix logic for pam_controlled_service () 2018-03-02 19:02:50 +01:00
Eugen Rochko 47bdb9b33b
Fix : Seamless LDAP login () 2018-02-28 19:04:53 +01:00