Commit Graph

101 Commits (7ad5a3a2b728229704e29819b3b87bc0ccdc473f)

Author SHA1 Message Date
Emelia Smith 4655be0da6
Fix add validation to webpush subscription keys (#30542) 2024-06-05 19:16:47 +00:00
Matt Jankowski 4a77e477ee
Consolidate account scopes for `LOWER` (index using) username/domain queries (#30451) 2024-05-28 14:11:31 +00:00
Claire 38b9d31f63
Improve email address validation (#29838) 2024-04-05 07:48:45 +00:00
Matt Jankowski 67f54c4e75
Fix `Rails/WhereExists` cop in app/validators (#28854) 2024-01-23 09:06:53 +00:00
Claire 6ad0fb5a77
Fix NULL MX handling and tighten DNS resolving specs (#28607) 2024-01-05 11:07:57 +00:00
Matt Jankowski 00c6ebd86f
Reduce `.times` usage in `StatusPin` and add `PIN_LIMIT` constant in validator (#27945) 2023-11-20 09:07:25 +00:00
Matt Jankowski 19900f647e
Add coverage for `UnreservedUsernameValidator` (#25590) 2023-10-17 13:05:28 +02:00
Matt Jankowski f5bc1f20e2
Add coverage for `ExistingUsernameValidator` (#25592)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-16 15:41:23 +02:00
Matt Jankowski 660993b415
Add coverage for `URLValidator` (#25591) 2023-07-28 23:12:25 +02:00
Matt Jankowski 6602edf064
Add coverage for `LanguageValidator` (#25593) 2023-07-28 23:12:09 +02:00
Matt Jankowski 30f5ec7303
Rubocop fix: `Perfomance/UnfreezeString` (#26217) 2023-07-28 23:11:05 +02:00
Matt Jankowski b8b2470cf8
Fix `Style/SlicingWithRange` cop (#25923) 2023-07-12 10:03:06 +02:00
Matt Jankowski 9f5deb310b
Fix Performance/MapCompact cop (#24797)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-05-23 10:49:12 +02:00
Claire 5cd55d8aaf
Fix being able to vote on your own polls (#25015) 2023-05-17 00:08:42 +02:00
Matt Jankowski 88d33f361f
Fix Lint/DuplicateBranch cop (#24766) 2023-05-02 12:57:11 +02:00
Claire 32a030dd74
Rewrite import feature (#21054) 2023-05-02 12:08:48 +02:00
Matt Jankowski c40d5e5a8f
Misc coverage improvements for validators (#23928) 2023-03-04 17:00:00 +01:00
Matt Jankowski 4bb39ac3c3
Fix single-record invalid condition on PollVote (#23810) 2023-02-27 09:31:15 +01:00
Matt Jankowski 730bb3e211
Remove unused HTML Validator (#23866) 2023-02-24 20:06:32 +01:00
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2023-02-20 06:58:28 +01:00
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin (#23703) 2023-02-19 07:09:40 +09:00
Claire a5a00d7f7a
Fix email with empty domain name labels passing validation (#23246)
* Fix email with empty domain name labels passing validation

`EmailMxValidator` would allow empty labels because `Resolv::DNS` is
particularly lenient about them, but the email would be invalid and
unusable.

* Add tests
2023-01-24 20:18:41 +01:00
Claire 3654c94583
Strip spaces around URL when adding a relay (#22655)
* Strip spaces around URL when adding a relay

Fixes #22650

* Gracefuly handle URL parsing errors in URL validator
2023-01-05 13:33:33 +01:00
Eugen Rochko 317ec06dc7
Fix error when uploading malformed CSV import (#19509) 2022-10-28 23:30:44 +02:00
Eugen Rochko abf6c87ee8
Fix remote account in contact account setting not being used (#19351) 2022-10-21 14:07:02 +02:00
Eugen Rochko 50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
Eugen Rochko a2871cd747
Add administrative webhooks (#18510)
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
2022-06-09 21:57:36 +02:00
Eugen Rochko f6d35ed57d
Remove IP matching from e-mail domain blocks (#18190)
Clear out e-mail domain blocks created from automatically resolved DNS records
2022-04-29 23:27:03 +02:00
Eugen Rochko bbc7afa2a2
Fix being able to post URLs longer than 4096 characters (#17908) 2022-03-30 14:46:03 +02:00
Eugen Rochko a29a982eaa
Change e-mail domain blocks to block IPs dynamically (#17635)
* Change e-mail domain blocks to block IPs dynamically

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-24 17:28:23 +01:00
Eugen Rochko b6d7726ecb
Remove language detection through cld3 (#17478)
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Claire d5c9feb7b7
Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Claire b21f3aa21d
Minor memory optimizations (#16507)
Reduce constant memory usage by ~100kB and further reduce boot-up memory
allocations and temporary memory use by a further ~200kB.
2021-10-14 21:04:57 +02:00
Eugen Rochko 275fa4746b
Add `configuration` attribute to `GET /api/v1/instance` (#16485)
List various values like file size limits and supported mime types
2021-07-10 17:58:41 +02:00
Eugen Rochko 3639862dee
Fix existing username validator not allowing multiple accounts (#16153)
Fix #16107
2021-05-04 14:22:04 +02:00
Eugen Rochko daccc07dc1
Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
Eugen Rochko b3ceb3dcc4
Add canonical e-mail blocks for suspended accounts (#16049)
Prevent new accounts from being created using the same underlying
e-mail as a suspended account using extensions and period
permutations. Stores e-mails as a SHA256 hash
2021-04-17 03:14:25 +02:00
Claire 051efed5ed
Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
2021-03-19 23:48:47 +01:00
Claire a4dcaef53b
Prepare Mastodon for zeitwerk autoloader (#15917)
* Prepare Mastodon for zeitwerk autoloader (Rails 6)

Add inflections and rename/move a few classes.

In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.

* Add inflection for Url → URL
2021-03-19 02:42:43 +01:00
Claire 5614e6724e
Fix URL scanning in note length validator and preview card fetching (#15827)
* Add tests

* Fix URL scanning in note length validator and preview card fetching
2021-03-04 00:12:26 +01:00
Claire 65db262550
Update twitter-text from 1.14 to 3.1.0 and fix toot character counting (#15382)
* Update twitter-text from 1.14 to 3.1.0

* Disable emoji parsing

* Properly depend on twitter-text for url detection

* Fix some URLs being wrongly detected client-side

* Add test for server-side validation of non-autolinkable URLs

* Fix server-side status length counting
2021-03-02 12:02:56 +01:00
Eugen Rochko 9aa37b32c3
Add `details` to error response for `POST /api/v1/accounts` in REST API (#15803) 2021-03-01 04:59:13 +01:00
luigi eb51e43fb4
Optimize some regex matching (#15528)
* Use Regex#match?

* Replace =~ too

* Avoid to call match? from Nil

* Keep value of Regexp.last_match
2021-01-22 10:09:08 +01:00
luigi 087ed84367
Optimize map { ... }.compact calls (#15513)
* Optimize map { ... }.compact

using Enumerable#filter_map, supported since Ruby 2.7

* Add poyfill for Enumerable#filter_map
2021-01-10 00:32:01 +01:00
Eugen Rochko eb35be0431
Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
ThibG 8d217d7231
Improve email address validation (#14565)
* Increase DNS timeout from 1 second to 5 seconds for MX check

1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.

* Add more precise error messages for invalid e-mail addresses
2020-08-12 12:40:25 +02:00
Eugen Rochko 5d8398c8b8
Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
Sasha Sorokin 37b3985bfa
Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.

Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
2020-04-02 17:10:55 +02:00
abcang 61a7390b66
Search account domain in lowercase (#13016)
* Search account domain in lowercase

* fix rubocop error

* fix spec/models/account_spec.rb
2020-02-01 15:42:24 +01:00