Commit Graph

9158 Commits (b7882a75d21132a35e9ee4d204b0dc08fc5ecb73)

Author SHA1 Message Date
Claire a9faba63f1 Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabled
This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
2022-01-25 13:58:24 +01:00
Claire 2d4faa5cfd Disable captcha if registrations are disabled for various reasons 2022-01-24 22:12:57 +01:00
Claire c209cf5a09 Renew Rails session ID on successful registration 2022-01-24 22:01:05 +01:00
Claire d36eb0503f Please CodeClimate 2022-01-24 21:29:50 +01:00
Claire 5c88cb1a67 Add optional hCaptcha support
Fixes #1649

This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then
enabling the admin setting at
`/admin/settings/edit#form_admin_settings_captcha_enabled`

Subsequently, a hCaptcha widget will be displayed on `/about` and
`/auth/sign_up` unless:
- the user is already signed-up already
- the user has used an invite link
- the user has already solved the captcha (and registration failed for another
  reason)

The Content-Security-Policy headers are altered automatically to allow the
third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same
rules as above.
2022-01-24 21:22:13 +01:00
Claire d045ba2add Fix link_to_login argument handling when a block is passed (#17345) 2022-01-24 03:29:03 +01:00
Claire 73eeb58f10 [Glitch] Change `percent` to `rate` in retention metrics API
Port 41d64ee271 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-23 18:24:40 +01:00
Claire 1800e05513 [Glitch] Fix text being incorrectly pre-selected in composer textarea on /share
Port 335049cc33 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-23 18:24:34 +01:00
Claire 67028c4779 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `spec/models/status_spec.rb`:
  Upstream added tests too close to glitch-soc-specific tests.
  Kept both tests.
2022-01-23 18:24:01 +01:00
Claire e92ac5b769 Fix error-prone SQL queries (#15828)
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-23 18:10:10 +01:00
Claire 41d64ee271 Change `percent` to `rate` in retention metrics API (#16910) 2022-01-23 16:01:25 +01:00
Claire 06f653972a Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire 12bb24ea35 Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)
Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2022-01-23 15:50:41 +01:00
Claire 8114f4208f Remove leftover database columns from Devise::Models::Rememberable (#17191)
* Remove leftover database columns from Devise::Models::Rememberable

* Update fix-duplication maintenance script

* Improve errors/warnings in the fix-duplicates maintenance script
2022-01-23 15:46:30 +01:00
Claire 335049cc33 Fix text being incorrectly pre-selected in composer textarea on /share (#17339)
Fixes #17295
2022-01-20 20:56:21 +01:00
Claire 68a9057420 Add post edited notice in admin and public UIs (#17335)
* Add edited toot flag on public pages

* Add toot edit flag to admin pages
2022-01-20 13:37:31 +01:00
Claire 458f232d21 Add content-type to status source in glitch-soc 2022-01-20 00:03:44 +01:00
Eugen Rochko cb8ec71677 [Glitch] Add support for editing for published statuses
Port front-end changes from 06b698a723 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-20 00:03:41 +01:00
Claire 01e495563e Merge branch 'main' into glitch-soc/merge-upstream 2022-01-19 23:52:53 +01:00
Claire 686eaacbc8 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/lib/activitypub/activity/create.rb`:
  Upstream refactored how `Create` activities are handled and how values are
  extracted from `Create`d objects. This conflicted with how glitch-soc
  supported the `directMessage` flag to explicitly distinguish between
  limited and direct messages.
  Ported glitch-soc's changes to latest upstream changes.
- `app/services/fan_out_on_write_service.rb`:
  Upstream largely refactored that file and changed some of the logic.
  This conflicted with glitch-soc's handling of the direct timeline and
  the options to allow replies and boosts in public feeds.
  Ported those glitch-soc changes on top of latest upstream changes.
- `app/services/process_mentions_service.rb`:
  Upstream refactored to move mention-related ActivityPub deliveries to
  `ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check
  to not send local-only toots to remote mentioned users.
  Took upstream's version, as the check is not needed anymore, since it is
  performed at the `ActivityPub::DeliveryWorker` call site already.
- `app/workers/feed_insert_worker.rb`:
  Upstream added support for `update` toot events, while glitch-soc had
  support for an extra timeline support, `direct`.
  Ported upstream changes and extended them to the `direct` timeline.

Additional changes:
- `app/lib/activitypub/parser/status_parser.rb`:
  Added code to handle the `directMessage` flag and take it into account
  to compute visibility.
- `app/lib/feed_manager.rb`:
  Extended upstream's support of `update` toot events to glitch-soc's
  `direct` timeline.
2022-01-19 23:52:48 +01:00
Eugen Rochko a427958026 Fix error when using raw distribution worker (#17334)
Regression from #16697
2022-01-19 23:05:59 +01:00
Eugen Rochko bfbfbf5032 Fix error when processing poll updates (#17333)
Regression from #16697
2022-01-19 22:50:01 +01:00
Eugen Rochko 06b698a723 Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Claire 6ae170697a Merge pull request #1662 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-19 14:22:59 +01:00
Claire ad5fd97277 Merge branch 'main' into glitch-soc/merge-upstream 2022-01-19 12:32:44 +01:00
Jeong Arm be15674215 Fix NameError on ActivityPub::FetchFeaturedCollectionService (#17326)
Related: #16954
2022-01-19 04:08:46 +01:00
Claire 8904dac905 Merge pull request #1660 from ClearlyClaire/glitch-soc/features/themes-multiple-packs
Refactor glitch-soc's theme handling
2022-01-18 00:18:07 +01:00
Claire 5d38a8573c Please CodeClimate 2022-01-17 13:06:06 +01:00
Claire a250aefe77 Move controller theming code to concern 2022-01-17 12:50:52 +01:00
Claire 833a5e4e52 Fix `pinned` attribute not being set for private self-posts (#17304) 2022-01-17 11:59:46 +01:00
Eugen Rochko a5cb48879d [Glitch] Add notifications for statuses deleted by moderators
Port front-end changes from 2fb76550a9 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-17 11:19:44 +01:00
Claire 485cf5c0c1 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/views/admin/reports/show.html.haml`:
  Conflicts due to glitch-soc's theming system.
2022-01-17 10:45:25 +01:00
Claire a10833e909 Fix `pinned` attribute not being set for private self-posts 2022-01-17 09:52:19 +01:00
Eugen Rochko 2fb76550a9 Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire b20dafb566 [Glitch] Add support for private pinned posts
Port JS changes from 5aade2baac to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-17 08:35:27 +01:00
Claire de7f936b96 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/accounts_controller.rb`:
  Upstream introduced support for private pinned toots, but glitch-soc's query
  was a bit different as it filtered out local-only toots.
  Used upstream's query, while adding local-only filtering back.
- `app/controllers/activitypub/collections_controller.rb`:
  Same thing with regards to local-only posts.
- `app/validators/status_pin_validator.rb`:
  Not a real conflict, but the line below was different in glitch-soc due to
  the configurable pinned toots limit.
2022-01-17 08:28:52 +01:00
Claire 5aade2baac Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Claire 21828806b3 Merge branch 'main' into glitch-soc/merge-upstream 2022-01-16 22:29:05 +01:00
Claire 91c1fbf714 Fix missing media: 'all' on default skins 2022-01-16 22:26:18 +01:00
Claire a3a9d4d789 Refactor theming HAML template a bit 2022-01-16 22:26:18 +01:00
Claire c8973773bc Refactor theme config loading 2022-01-16 22:26:18 +01:00
Claire 37dadd4512 Refactor some more 2022-01-16 22:26:18 +01:00
Claire 10bef4493c Refactor glitch-soc's theme handling 2022-01-16 22:12:11 +01:00
Claire 928890bd38 Fix admin interface crash when displaying deleted user (#17301) 2022-01-16 20:57:37 +01:00
Jeong Arm 923eda5cd5 [Glitch] Gradually increase retry waiting for media processing
Port 52b05dad34 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-16 18:14:33 +01:00
Claire 577c74d422 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Upstream added some text, but our README is completely different.
  Kept our README unchanged.
2022-01-16 18:11:20 +01:00
Eugen Rochko 7b3972c270 Remove IP tracking columns from users table (#16409) 2022-01-16 13:23:50 +01:00
Jeong Arm 52b05dad34 Gradually increase retry waiting for media processing (#17271) 2022-01-10 14:25:08 +01:00
Claire 817072e9c7 [Glitch] Fix media descriptions not being used for client-side filtering
Port 651e997a98 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-07 19:54:58 +01:00
Claire 338c47b6c6 Merge branch 'main' into glitch-soc/merge-upstream 2022-01-07 19:51:47 +01:00
Jeong Arm db10cd8d15 Remove custom emojis on domain purge (#17210) 2021-12-30 08:41:09 +01:00
Claire 651e997a98 Fix media descriptions not being used for client-side filtering (#17206)
Fix oversight in #13837
2021-12-28 23:25:50 +01:00
Rens Groothuijsen 5baeb90bd4 [Glitch] Fix tag rendering error in hashtag column settings
Port 9d43863426 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-12-27 15:22:12 +01:00
Claire 2136aa2759 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  We have completely different contents. Kept our version.
- `package.json`:
  Not a real conflict, just an upstream dependency udpated
  textually too close to a glitch-soc-only dependency.
  Updated dependencies like upstream.
- `streaming/index.js`:
  Conflict due to code style changes on parts that were
  modified in glitch-soc to handle local-only toots.
  Changed style according to upstream.
2021-12-27 15:16:18 +01:00
Eugen Rochko 9a8784829f Fix warnings on Rails boot (#16946) 2021-12-27 00:47:20 +01:00
Rens Groothuijsen 9d43863426 Fix tag rendering error in hashtag column settings (#17184)
* Flatten tags in configuration to regular array before converting to JSON

* Render filter tags using toJS instead of toJSON
2021-12-26 19:22:05 +01:00
Jeong Arm ba93eb818b Fix duplicate record on admin/accounts when searching with IP (#17150) 2021-12-21 00:17:14 +01:00
Claire 77e23e2005 [Glitch] Change title of retention chart
Port 36347cf494 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-12-18 11:47:54 +01:00
Claire 65987b3956 Merge branch 'main' into glitch-soc/merge-upstream 2021-12-18 11:44:54 +01:00
Claire d8da1689c1 Add ability for admins to delete canonical email blocks (#16644)
* Add admin option to remove canonical email blocks from a deleted account

* Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17 23:02:14 +01:00
Claire 44c8b6ff2f Add ability to purge undeliverable domains from admin interface (#16686)
* Add ability to purge undeliverable domains from admin interface

* Add tests
2021-12-17 23:01:21 +01:00
Claire 36347cf494 Change title of retention chart (#16909)
Changes from “Retention” to “User retention rate by month after sign-up”.
This should make it much clearer to people not familiar with retention charts
what it actually means.
2021-12-17 23:00:41 +01:00
Claire 1e34cfabdd Change list title input styling (#17092) 2021-12-17 23:00:05 +01:00
David Sterry 8962f00ec8 [Glitch] ignore hashtag suggestions if they vary only in case
Port 65ee707755 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-12-16 16:48:42 +01:00
Rens Groothuijsen a5d9a408e3 [Glitch] Show correct error message if chosen password is too long
Port 8143d127a4 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-12-16 16:26:04 +01:00
Eugen Rochko ee4be446b6 [Glitch] Add batch suspend for accounts in admin UI
Port SCSS changes from 65ee707755 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-12-16 16:25:21 +01:00
Claire 179f1d3a78 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/views/admin/pending_accounts/index.html.haml`:
  Removed upstream, while it had glitch-soc-specific changes to accomodate
  for glitch-soc's theming system.
  Removed the file.

Additional changes:
- `app/views/admin/accounts/index.html.haml':
  Accomodate for glitch-soc's theming system.
2021-12-16 16:20:44 +01:00
David Sterry 65ee707755 ignore hashtag suggestions if they vary only in case (#16460)
* ignore hashtag suggestions if they vary only in case

* remove console.logs and unused args

* consistently add space when dismissing suggestions

* linting
2021-12-15 23:47:19 +01:00
Takeshi Umeda 794d9d267d Fix follow recommendation biased towards older accounts (#17126) 2021-12-13 23:21:14 +01:00
Eugen Rochko 2c6be5dc9a Change trending hashtags threshold back from 15 to 5 (#17122) 2021-12-13 05:32:29 +01:00
heguro 2b292c44bc Fix redirection when succeeded WebAuthn (#17098) 2021-12-05 21:50:12 +01:00
Rens Groothuijsen 8143d127a4 Show correct error message if chosen password is too long (#17082)
* Add correct error message for exceeding max length on password confirmation field

* Code style fixes
2021-12-05 21:49:50 +01:00
Eugen Rochko 7bf5924339 Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
Claire 4359fa92da Fix unneeded outline around list name edition input 2021-12-03 21:03:40 +01:00
Claire efeabec5eb Merge branch 'main' into glitch-soc/merge-upstream 2021-11-30 12:13:54 +01:00
Eugen Rochko f3966223bd Fix error on trending mailer due to missing constant (#17072) 2021-11-29 17:39:40 +01:00
Jeong Arm cb22372cd7 Fix server graph on admin/tags/:id (#17066) 2021-11-28 23:13:07 +01:00
Claire b22b76a571 [Glitch] Fix searching for additional hashtags in hashtag column
Port 5305dada6c to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-11-26 22:58:46 +01:00
Claire 9565dc366d [Glitch] Fix color of hashtag column settings inputs
Port 986391cd19 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-11-26 22:58:13 +01:00
Claire 759226e116 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.env.production.sample`:
  Copied upstream changes.
- `app/controllers/settings/identity_proofs_controller.rb`:
  Minor conflict due to glitch-soc's extra “enable_keybase” setting.
  Upstream removed keybase support altogether, so did the same.
- `app/controllers/well_known/keybase_proof_config_controller.rb`:
  Minor conflict due to glitch-soc's extra “enable_keybase” setting.
  Upstream removed keybase support altogether, so did the same.
- `lib/mastodon/statuses_cli.rb`:
  Minor conflict due to an optimization that wasn't shared between
  the two versions. Copied upstream's version.
2021-11-26 22:53:55 +01:00
Jeong Arm 5ac17e3a77 Fix admin statuses order(#16937) (#16969)
* Fix #16937

* Add test for statuses order
2021-11-26 22:12:27 +01:00
Claire 5305dada6c Fix searching for additional hashtags in hashtag column (#17054) 2021-11-26 22:11:09 +01:00
Claire 986391cd19 Fix color of hashtag column settings inputs (#17058)
Fixes #17057
2021-11-26 22:09:11 +01:00
Claire ad3668eb5f Fix opening wrong profile when clicking on username of boosting user in WebUI (#17060)
Fixes #16799
2021-11-26 22:04:09 +01:00
Jeong Arm 849a007a2c [Glitch] Port upstream changes about trending links 2021-11-26 11:36:22 +01:00
Eugen Rochko 4375813ea7 Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Claire aa9e32af3d Merge branch 'main' into glitch-soc/merge-upstream 2021-11-26 01:15:32 +01:00
Claire 61510d37d4 Revert "Fix trends admin page crashing"
This reverts commit 367a3ca2cb.
2021-11-26 01:15:29 +01:00
Eugen Rochko 6c1d78b277 Fix error on trending hashtags/links pages in admin UI due to missing constant (#17044) 2021-11-26 01:12:39 +01:00
Claire 367a3ca2cb Fix trends admin page crashing 2021-11-26 00:50:13 +01:00
Claire 082bab6378 Disable trending links review request emails 2021-11-25 23:55:05 +01:00
Claire 595bc5edb3 [Glitch] Fix handling of recursive toots in WebUI
Port 202862753a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-11-25 23:52:22 +01:00
Claire 784e38f70b Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/views/admin/tags/index.html.haml`:
  Removed upstream while it had changes in glitch-soc to accomodate for the
  theming system.

Additional changes to accomodate for the theming system:
- `app/views/admin/trends/links/preview_card_providers/index.html.haml`
- `app/views/admin/trends/links/index.html.haml`
- `app/views/admin/trends/tags/index.html.haml`
- `app/views/admin/tags/show.html.haml`
2021-11-25 23:50:35 +01:00
Claire 202862753a Fix handling of recursive toots in WebUI (#17041) 2021-11-25 23:46:39 +01:00
Claire be1c45d252 Fix filtering DMs from non-followed users (#17042) 2021-11-25 23:46:30 +01:00
Claire f4c179c3f5 Merge branch 'main' into glitch-soc/merge-upstream 2021-11-25 18:42:18 +01:00
Eugen Rochko ad73becf3e Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Claire 5d2ed78074 Fix error when suspending user with an already-existing canonical email block (#17036)
* Fix error when suspending user with an already-existing canonical email block

Fixes #17033

While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.

A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.

* Add tests
2021-11-24 17:41:03 +01:00
Claire 7b2b943141 [Glitch] Fix overflow of long profile fields in admin view
Port 199022cf9d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-11-19 18:55:27 +01:00
Claire 6a7737a8bc Merge branch 'main' into glitch-soc/merge-upstream 2021-11-19 18:51:41 +01:00