about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--app/javascript/mastodon/actions/compose.js12
-rw-r--r--app/lib/request.rb13
-rw-r--r--app/services/activitypub/process_account_service.rb2
-rw-r--r--config/application.rb4
-rw-r--r--config/environments/production.rb4
-rw-r--r--config/initializers/devise.rb3
-rw-r--r--lib/devise/ldap_authenticatable.rb76
-rw-r--r--spec/lib/request_spec.rb11
8 files changed, 79 insertions, 46 deletions
diff --git a/app/javascript/mastodon/actions/compose.js b/app/javascript/mastodon/actions/compose.js
index 130b4af23..1371f22b2 100644
--- a/app/javascript/mastodon/actions/compose.js
+++ b/app/javascript/mastodon/actions/compose.js
@@ -1,4 +1,5 @@
 import api from '../api';
+import { CancelToken } from 'axios';
 import { throttle } from 'lodash';
 import { search as emojiSearch } from '../features/emoji/emoji_mart_search_light';
 import { tagHistory } from '../settings';
@@ -11,6 +12,8 @@ import {
   refreshPublicTimeline,
 } from './timelines';
 
+let cancelFetchComposeSuggestionsAccounts;
+
 export const COMPOSE_CHANGE          = 'COMPOSE_CHANGE';
 export const COMPOSE_SUBMIT_REQUEST  = 'COMPOSE_SUBMIT_REQUEST';
 export const COMPOSE_SUBMIT_SUCCESS  = 'COMPOSE_SUBMIT_SUCCESS';
@@ -257,13 +260,22 @@ export function undoUploadCompose(media_id) {
 };
 
 export function clearComposeSuggestions() {
+  if (cancelFetchComposeSuggestionsAccounts) {
+    cancelFetchComposeSuggestionsAccounts();
+  }
   return {
     type: COMPOSE_SUGGESTIONS_CLEAR,
   };
 };
 
 const fetchComposeSuggestionsAccounts = throttle((dispatch, getState, token) => {
+  if (cancelFetchComposeSuggestionsAccounts) {
+    cancelFetchComposeSuggestionsAccounts();
+  }
   api(getState).get('/api/v1/accounts/search', {
+    cancelToken: new CancelToken(cancel => {
+      cancelFetchComposeSuggestionsAccounts = cancel;
+    }),
     params: {
       q: token.slice(1),
       resolve: false,
diff --git a/app/lib/request.rb b/app/lib/request.rb
index 5776b3d78..298fb9528 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -94,9 +94,16 @@ class Request
   class Socket < TCPSocket
     class << self
       def open(host, *args)
-        address = IPSocket.getaddress(host)
-        raise Mastodon::HostValidationError if PrivateAddressCheck.private_address? IPAddr.new(address)
-        super address, *args
+        outer_e = nil
+        Addrinfo.foreach(host, nil, nil, :SOCK_STREAM) do |address|
+          begin
+            raise Mastodon::HostValidationError if PrivateAddressCheck.private_address? IPAddr.new(address.ip_address)
+            return super address.ip_address, *args
+          rescue => e
+            outer_e = e
+          end
+        end
+        raise outer_e if outer_e
       end
 
       alias new open
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index 68e9db766..7d8dc1369 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -16,7 +16,7 @@ class ActivityPub::ProcessAccountService < BaseService
 
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
-        @account        = Account.find_by(uri: @uri)
+        @account        = Account.find_remote(@username, @domain)
         @old_public_key = @account&.public_key
         @old_protocol   = @account&.protocol
 
diff --git a/config/application.rb b/config/application.rb
index 4319167dc..c0899ad70 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -77,9 +77,7 @@ module Mastodon
     ]
 
     config.i18n.default_locale = ENV['DEFAULT_LOCALE']&.to_sym
-    if config.i18n.available_locales.include?(config.i18n.default_locale)
-      config.i18n.fallbacks = [:en]
-    else
+    unless config.i18n.available_locales.include?(config.i18n.default_locale)
       config.i18n.default_locale = :en
     end
 
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 6cd13d441..7a800db19 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -55,8 +55,8 @@ Rails.application.configure do
   # config.action_mailer.raise_delivery_errors = false
 
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-  # the I18n.default_locale when a translation cannot be found).
-  config.i18n.fallbacks = true
+  # English when a translation cannot be found).
+  config.i18n.fallbacks = [:en]
 
   # Send deprecation notices to registered listeners.
   config.active_support.deprecation = :notify
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 97757d0fb..e0d263f16 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -55,6 +55,8 @@ module Devise
   @@ldap_bind_dn = nil
   mattr_accessor :ldap_password
   @@ldap_password = nil
+  mattr_accessor :ldap_tls_no_verify
+  @@ldap_tls_no_verify = false
 
   class Strategies::PamAuthenticatable
     def valid?
@@ -357,5 +359,6 @@ Devise.setup do |config|
     config.ldap_bind_dn        = ENV.fetch('LDAP_BIND_DN')
     config.ldap_password       = ENV.fetch('LDAP_PASSWORD')
     config.ldap_uid            = ENV.fetch('LDAP_UID', 'cn')
+    config.ldap_tls_no_verify  = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
   end
 end
diff --git a/lib/devise/ldap_authenticatable.rb b/lib/devise/ldap_authenticatable.rb
index 531abdbbe..ef786fbb7 100644
--- a/lib/devise/ldap_authenticatable.rb
+++ b/lib/devise/ldap_authenticatable.rb
@@ -1,49 +1,53 @@
 # frozen_string_literal: true
 
-if ENV['LDAP_ENABLED'] == 'true'
-  require 'net/ldap'
-  require 'devise/strategies/authenticatable'
+require 'net/ldap'
+require 'devise/strategies/authenticatable'
 
-  module Devise
-    module Strategies
-      class LdapAuthenticatable < Authenticatable
-        def authenticate!
-          if params[:user]
-            ldap = Net::LDAP.new(
-              host: Devise.ldap_host,
-              port: Devise.ldap_port,
-              base: Devise.ldap_base,
-              encryption: {
-                method: Devise.ldap_method,
-                tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS,
-              },
-              auth: {
-                method: :simple,
-                username: Devise.ldap_bind_dn,
-                password: Devise.ldap_password,
-              },
-              connect_timeout: 10
-            )
+module Devise
+  module Strategies
+    class LdapAuthenticatable < Authenticatable
+      def authenticate!
+        if params[:user]
+          ldap = Net::LDAP.new(
+            host: Devise.ldap_host,
+            port: Devise.ldap_port,
+            base: Devise.ldap_base,
+            encryption: {
+              method: Devise.ldap_method,
+              tls_options: tls_options,
+            },
+            auth: {
+              method: :simple,
+              username: Devise.ldap_bind_dn,
+              password: Devise.ldap_password,
+            },
+            connect_timeout: 10
+          )
 
-            if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password))
-              user = User.ldap_get_user(user_info.first)
-              success!(user)
-            else
-              return fail(:invalid_login)
-            end
+          if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password))
+            user = User.ldap_get_user(user_info.first)
+            success!(user)
+          else
+            return fail(:invalid_login)
           end
         end
+      end
 
-        def email
-          params[:user][:email]
-        end
+      def email
+        params[:user][:email]
+      end
 
-        def password
-          params[:user][:password]
+      def password
+        params[:user][:password]
+      end
+
+      def tls_options
+        OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options|
+          options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify
         end
       end
     end
   end
-
-  Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)
 end
+
+Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)
diff --git a/spec/lib/request_spec.rb b/spec/lib/request_spec.rb
index dc7daa52c..5da357c55 100644
--- a/spec/lib/request_spec.rb
+++ b/spec/lib/request_spec.rb
@@ -48,6 +48,13 @@ describe Request do
         expect(a_request(:get, 'http://example.com')).to have_been_made.once
       end
 
+      it 'executes a HTTP request when the first address is private' do
+        allow(Addrinfo).to receive(:foreach).with('example.com', nil, nil, :SOCK_STREAM)
+                                            .and_yield(Addrinfo.new(["AF_INET", 0, "example.com", "0.0.0.0"], :PF_INET, :SOCK_STREAM))
+                                            .and_yield(Addrinfo.new(["AF_INET6", 0, "example.com", "2001:4860:4860::8844"], :PF_INET6, :SOCK_STREAM))
+        expect(a_request(:get, 'http://example.com')).to have_been_made.once
+      end
+
       it 'sets headers' do
         expect(a_request(:get, 'http://example.com').with(headers: subject.headers)).to have_been_made
       end
@@ -61,7 +68,9 @@ describe Request do
       end
 
       it 'raises Mastodon::ValidationError' do
-        allow(IPSocket).to receive(:getaddress).with('example.com').and_return('0.0.0.0')
+        allow(Addrinfo).to receive(:foreach).with('example.com', nil, nil, :SOCK_STREAM)
+                                            .and_yield(Addrinfo.new(["AF_INET", 0, "example.com", "0.0.0.0"], :PF_INET, :SOCK_STREAM))
+                                            .and_yield(Addrinfo.new(["AF_INET6", 0, "example.com", "2001:db8::face"], :PF_INET6, :SOCK_STREAM))
         expect{ subject.perform }.to raise_error Mastodon::ValidationError
       end
     end