treehouse
/
mastodon
19
8
Fork 5
Code Issues 32 Pull Requests Projects 1 Releases Wiki Activity
4,893 Commits
10 Branches
15 Tags
734 MiB
Commit Graph

185 Commits (d3760fd25c603a454c1cb505c7d95423d07ea255)

Author SHA1 Message Date
Rob Watson 564e2c448b Upgrade Paperclip > 5.2.1 (#6404) 
Mitigation for CVE-2017-0889.

https://www.cvedetails.com/cve/CVE-2017-0889/
https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8
 2018-02-01 17:54:22 +01:00
Eugen Rochko 0efaa528c4 Update goldfinger, ostatus2 and http.rb versions (#6337) 2018-01-23 14:30:42 +01:00
Aboobacker MK a1979b50c9 Redirect to 2FA creation page when otp_secret is not available (#6314) 2018-01-21 13:21:28 +01:00
Yamagishi Kazutoshi 2df7c3a008 Add support Ruby v2.5.0 (#6097) 2018-01-19 20:53:30 +01:00
Eugen Rochko 9613c3238c HTML e-mails for UserMailer (#6256) 
- premailer gem to turn CSS into inline styles automatically
- rework UserMailer templates
- reword UserMailer templates
 2018-01-16 03:29:11 +01:00
Eugen Rochko 321be04a5f Fix OpenSSL dependency in ostatus2 (#6174) 2018-01-04 10:56:00 +09:00
Patrick Figel 3c20cfd734 Add confirmation step for email changes (#6071) 
* Add confirmation step for email changes

This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.

Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.

Fixes #3871

* Add review fixes
 2018-01-02 16:55:00 +01:00
beatrix e2ccf65789 add ruby-progressbar to gemfile (fixes #6110) (#6111) 2017-12-26 18:43:52 +01:00
Yamagishi Kazutoshi f76681ebd6 Revert fog-aws (ref #5604) (#5934) 2017-12-09 00:47:52 +01:00
Eugen Rochko b037fbf9f4 Remove rabl dependency (#5894) 
* Remove rabl dependency

* Replicate old Oj configuration
 2017-12-06 15:04:49 +09:00
Yamagishi Kazutoshi e3ab149f97 Update dependencies for Ruby (2017-12-03) (#5878) 
* Update active_model_serializers to version 0.10.7

* Update capistrano-rails to version 1.3.1

* Update capistrano-rbenv to version 2.1.3

* Update capybara to version 2.16.1

* Update devise-two-factor to version 3.0.2

* Update i18n-tasks to version 0.8.19

* Update ox to version 2.8.2

* Update parallel_tests to version 2.19.0

* Update puma to version 3.11.0

* Update redis-namespace to version 1.6.0

* Update rspec-rails to version 3.7.2

* Update scss_lint to version 0.56.0

* Update webmock to version 3.1.1

* Update webpush to version 0.3.3

* bundle update
 2017-12-03 16:55:27 +01:00
Yamagishi Kazutoshi a624688ebd Unify file upload to using fog (#5604) 2017-11-07 14:30:31 +01:00
K.SHIRAKASHI f066d2418a Revert ruby-jwt version (#5575) 
jwt 2.1.0 still does not work well.
ref. https://github.com/zaru/webpush/issues/42
 2017-11-01 00:47:35 +09:00
Yamagishi Kazutoshi 10b30bd94e Update dependencies for Ruby (2017-10-30) (#5566) 
* Update better_errors to version 2.4.0

* Update binding_of_caller to version 0.7.3

* Update bootsnap to version 1.1.5

* Update browser to version 2.5.2

* Update capistrano to version 3.10.0

* Update capistrano-bundler to version 1.3.0

* Update capistrano-rbenv to version 2.1.2

* Update capybara to version 2.15.4

* Update cld3 to version 3.2.1

* Update fabrication to version 2.18.0

* Update fog-openstack to version 0.1.22

* Update kaminari to version 1.1.1

* Update lograge to version 0.7.1

* Update nokogiri to version 1.8.1

* Update oj to version 3.3.9

* Update ox to version 2.8.1

* Update parallel_tests to version 2.17.0

* Update pkg-config to version 1.2.8

* Update rspec-rails to version 3.7.1

* Update rubocop to version 0.51.0

* Update scss_lint to version 0.55.0

* Update sidekiq to version 5.0.5

* Update sidekiq-scheduler to version 2.1.10

* Update tzinfo-data to version 1.2017.3

* Update webpacker to version 3.0.2

* bundle update
 2017-10-31 12:22:32 +01:00
abcang 7c1f3173bb Close connection when succeeded posting (#5390) 
* Close connection when succeeded posting

* Update webmock
 2017-10-14 14:38:57 +02:00
Eugen Rochko 6033b8eac1 Replace self-rolled statsd instrumention with localshred/nsa (#5118) 2017-09-29 03:16:44 +02:00
Yamagishi Kazutoshi 12b7306a03 Upgrade Webpacker to version 3.0.1 (#5122) 2017-09-27 14:41:54 +02:00
Eugen Rochko a90aac6953 Update brakeman to 3.0 and bundler-audit to 0.6 (#5117) 2017-09-27 03:13:09 +02:00
Eugen Rochko 65827bd2b4 Add strong_migrations gem to warn when creating unsafe migrations (#5078) 2017-09-25 02:11:14 +02:00
Daigo 3 Dango 0de28e70e8 Bump ruby version to 2.4.2 (#4958) 
* Bump ruby version to 2.4.2

https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/

Gemfile.lock is also updated.

TODO
- [ ] Update Dockerfile with Alpine release of ruby-2.4.2

* Revert jwt version

It seems that jwt 2.0.0 fails in some environment.
ref. https://github.com/zaru/webpush/issues/42

* Bump Ruby version on docker image
 2017-09-18 04:55:57 +02:00
Akihiko Odaki d4a1ddd46a Fix filterable_languages method of SettingsHelper (#4966) 2017-09-16 14:59:41 +02:00
Grey Baker 4b1d1a698d Bump puma from 3.9.1 to 3.10.0 (#4879) 
Bumps [puma](https://github.com/puma/puma) from 3.9.1 to 3.10.0.
- [Release notes](https://github.com/puma/puma/releases/tag/v3.10.0)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.9.1...v3.10.0)
 2017-09-11 23:43:19 +02:00
Grey Baker 05b12e52ac Bump rails from 5.1.3 to 5.1.4 (#4875) 
Bumps [rails](https://github.com/rails/rails) from 5.1.3 to 5.1.4.
- [Commits](https://github.com/rails/rails/compare/v5.1.3...v5.1.4)
 2017-09-11 23:03:14 +02:00
Eugen Rochko a27821f725 Fix language filter codes (#4841) 
* Fix language filter codes

CLD3 returns BCP-47 language identifier, filter settings expect
identifiers in the ISO 639-1 format. Convert between formats,
and exclude duplicate languages from filter choices (zh-CN->zh)

* Fix zh name
 2017-09-08 12:32:22 +02:00
Adam Thurlow 57a821d4b9 swift-enable the paperclip! 📎 (#2322) 2017-09-05 23:17:06 +02:00
Eugen Rochko 155b35e3ad Update bundler-audit and brakeman (#4740) 2017-08-30 03:30:13 +02:00
Eugen Rochko 5147147da9 Add handling of Linked Data Signatures in payloads (#4687) 
* Add handling of Linked Data Signatures in payloads

* Add a way to sign JSON, fix canonicalization of signature options

* Fix signatureValue encoding, send out signed JSON when distributing

* Add missing security context
 2017-08-26 13:47:38 +02:00
Yamagishi Kazutoshi e2eb4983ab Update addressable to version 2.5.2 (#4686) 2017-08-25 14:17:08 +02:00
nullkal e3eb31818f Update charlock_holmes to 0.7.5 (#4620) 2017-08-17 14:46:53 +02:00
Yamagishi Kazutoshi 4e7e54ace5 Update dependencies for Ruby (#4543) 
* Update twitter-text to version 1.14.7

* Update tilt to version 2.0.8

* Update statsd-instrument to version 2.1.4

* Update sidekiq to version 5.0.4

* Update sidekiq-scheduler to version 2.1.8

* Update sidekiq-unique-jobs to version 5.0.9

* Update redis-activesupport to version 5.0.3

* Update rails-settings-cached to version v0.6.6

* Update pkg-config to version 1.2.4

* Update parallel_tests to version 2.14.2

* Update jsonapi-renderer to version 0.1.3

* Update i18n-tasks to version 0.9.16

* Update httplog to version 0.99.7

* Update fabrication to version 2.16.2

* Update bootsnap to version 1.1.2

* Update aws-sigv4 to version 1.0.1

* Update aws-sdk-core to version 2.10.21

* Update hashdiff to version 0.3.5

* Update rails to version 5.1.3
 2017-08-07 18:55:36 +02:00
Eugen Rochko 50cc4ee027 Update goldfinger to 2.0.1, see tootsuite/goldfinger#5 (#4527) 2017-08-05 15:29:52 +02:00
Yamagishi Kazutoshi 0319c4958f Run `bundle` (regression from #4284) (#4290) 2017-07-21 14:22:05 +02:00
Eugen Rochko 92e49e5c5d Update Goldfinger gem to 2.0 (#4286) 
- No masking of HTTP::Error and OpenSSL::SSL::SSLError
- No longer accepts non-HTTPS WebFinger endpoints
 2017-07-21 13:40:48 +02:00
Eugen Rochko df59dc6639 Refactor ResolveRemoteAccountService (#4258) 
* Refactor ResolveRemoteAccountService

* Remove trailing whitespace

* Use redis locks around critical ResolveRemoteAccountService code

* Add test for race condition of lock
 2017-07-19 14:44:04 +02:00
ThibG 9c1791c546 Optimize uri normalization (#4212) 
* Add dependency on idn-ruby to speed up URI normalization

* Use normalized_host instead of normalize.host when applicable

When we are only interested in the normalized host, calling normalized_host
avoids normalizing the other components of the URI as well as creating a
new object
 2017-07-15 17:24:35 +02:00
unarist 1065b0ac32 Follow renaming of microformats2 gem (#4203) 2017-07-14 19:57:49 +02:00
Eugen Rochko 5138dde794 Fix #4149, fix #1199 - Store emojis as unicode (#4189) 
- Use unicode when selecting emoji through picker
- Convert shortcodes to unicode when storing text input server-side
- Do not convert shortcodes in JS anymore
 2017-07-14 19:47:53 +02:00
Sorin Davidoi ecab38fd66 Web Push Notifications (#3243) 
* feat: Register push subscription

* feat: Notify when mentioned

* feat: Boost, favourite, reply, follow, follow request

* feat: Notification interaction

* feat: Handle change of public key

* feat: Unsubscribe if things go wrong

* feat: Do not send normal notifications if push is enabled

* feat: Focus client if open

* refactor: Move push logic to WebPushSubscription

* feat: Better title and body

* feat: Localize messages

* chore: Fix lint errors

* feat: Settings

* refactor: Lazy load

* fix: Check if push settings exist

* feat: Device-based preferences

* refactor: Simplify logic

* refactor: Pull request feedback

* refactor: Pull request feedback

* refactor: Create /api/web/push_subscriptions endpoint

* feat: Spec PushSubscriptionController

* refactor: WebPushSubscription => Web::PushSubscription

* feat: Spec Web::PushSubscription

* feat: Display first media attachment

* feat: Support direction

* fix: Stuff broken while rebasing

* refactor: Integration with session activations

* refactor: Cleanup

* refactor: Simplify implementation

* feat: Set VAPID keys via environment

* chore: Comments

* fix: Crash when no alerts

* fix: Set VAPID keys in testing environment

* fix: Follow link

* feat: Notification actions

* fix: Delete previous subscription

* chore: Temporary logs

* refactor: Move migration to a later date

* fix: Fetch the correct session activation and misc bugs

* refactor: Move migration to a later date

* fix: Remove follow request (no notifications)

* feat: Send administrator contact to push service

* feat: Set time-to-live

* fix: Do not show sensitive images

* fix: Reducer crash in error handling

* feat: Add badge

* chore: Fix lint error

* fix: Checkbox label overlap

* fix: Check for payload support

* fix: Rename action "type" (crash in latest Chrome)

* feat: Action to expand notification

* fix: Lint errors

* fix: Unescape notification body

* fix: Do not allow boosting if the status is hidden

* feat: Add VAPID keys to the production sample environment

* fix: Strip HTML tags from status

* refactor: Better error messages

* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)

* fix: Error when target_status is nil

* fix: Handle lack of image

* fix: Delete reference to invalid subscriptions

* feat: Better error handling

* fix: Unescape HTML characters after tags are striped

* refactor: Simpify code

* fix: Modify to work with #4091

* Sort strings alphabetically

* i18n: Updated Polish translation

it annoys me that it's not fully localized :P

* refactor: Use current_session in PushSubscriptionController

* fix: Rebase mistake

* fix: Set cacheName to mastodon

* refactor: Pull request feedback

* refactor: Remove logging statements

* chore(yarn): Fix conflicts with master

* chore(yarn): Copy latest from master

* chore(yarn): Readd offline-plugin

* refactor: Use save! and update!

* refactor: Send notifications async

* fix: Allow retry when push fails

* fix: Save track for failed pushes

* fix: Minify sw.js

* fix: Remove account_id from fabricator
 2017-07-13 22:15:32 +02:00
nullkal 07024f56df Use charlock_holmes instead of nkf at FetchLinkCardService (#4080) 
* Specs for language detection

* Use CharlockHolmes instead of NKF

* Correct mistakes

* Correct style

* Set hint_enc instead of falling back and strip_tags

* Improve specs

* Add dependencies
 2017-07-08 22:44:31 +02:00
Eugen Rochko 20e15ecfb3 Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 2017-07-07 04:02:06 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 4a041cde77 Explicitly require MIME::Types (#4083) 2017-07-05 23:58:03 +02:00
Matt Jankowski 620618f7bc Version bumps for gems (#4002) 
* Update aws-sdk to version 2.10.4

* Update bootsnap to version 1.1.1

* Update capistrano to version 3.8.2

* Update capybara to version 2.14.4

* Update cld3 to version 3.1.3

* Update http_accept_language to version 2.1.1

* Update sidekiq to version 5.0.3

* Update rspec-sidekiq to version 3.0.3

* Update sidekiq-scheduler to version 2.1.7

* Update oj to version 3.2.0

* Update openssl to version 2.0.4

* Update pg to version 0.21.0

* Update twitter-text to version 1.14.6

* Update unicode-display_width to version 1.3.0

* Update scss_lint to version 0.54.0

* Update hamlit to version 2.8.4

* Update erubi to version 1.6.1

* Update httplog to version 0.99.4

* Update aws-sdk to version 2.10.6
 2017-06-30 13:42:04 +02:00
Yamagishi Kazutoshi 9127df69d3 Update Rails to v5.1.2 (#3968) 2017-06-27 13:41:03 +02:00
Eugen Rochko c465c5b3a8 Add overview of active sessions (#3929) 
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test
 2017-06-25 16:54:30 +02:00
Yamagishi Kazutoshi dece663cd0 Upgrade Webpacker to version 2.0 (#3729) 2017-06-18 02:57:09 +02:00
Eugen Rochko 8ae61fc4cf Fix #3582 - Update OStatus2 gem (#3699) 2017-06-11 17:47:29 +02:00
Matt Jankowski 10c5c41a5c Gem versions, including security-related mail gem update (#3687) 
* Update mail to version 2.6.6

* Update aws-sdk to version 2.9.37

* Update capybara to version 2.14.2

* Update oj to version 3.1.0

* Update sidekiq to version 5.0.2

* Update puma to version 3.9.1

* Update sanitize to version 4.5.0

* Update capistrano-rails to version 1.3.0
 2017-06-10 20:26:50 +02:00
Daigo 3 Dango 78a63b4aa9 Update nokogumbo to 1.4.13 (#3617) 
$ bundle update --source nokogumbo# Please enter the commit message for your changes. Lines starting

nokogumbo 1.4.11 and 1.4.12 don't work on Heroku.
 2017-06-06 20:43:02 +02:00
Matt Jankowski 1ee9f97270 Gem version bumps (#3524) 
* Update annotate to version 2.7.2

* Update puma to version 3.9.0

* Update aws-sdk to version 2.9.28

* Update bootsnap to version 1.0.0

* Update nio4r to version 2.1.0

* Update nokogumbo to version 1.4.12

* Update oj to version 3.0.11

* Update pkg-config to version 1.2.3

* Update rubocop to version 0.49.1

* Update sidekiq-scheduler to version 2.1.5
 2017-06-05 01:10:13 +02:00
takayamaki aa6740c21b change sidekiq queueing to bulk push (#3536) 2017-06-04 00:11:15 +02:00