about summary refs log tree commit diff
path: root/app/controllers/concerns
AgeCommit message (Collapse)Author
2022-10-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/home_controller.rb`: Upstream made it so `/web` is available to non-logged-in users and `/` redirects to `/web` instead of `/about`. Kept our version since glitch-soc's WebUI doesn't have what's needed yet and I think /about is still a much better landing page anyway. - `app/models/form/admin_settings.rb`: Upstream added new settings, and glitch-soc had an extra setting. Not really a conflict. Added upstream's new settings. - `app/serializers/initial_state_serializer.rb`: Upstream added a new `server` initial state object. Not really a conflict. Merged upstream's changes. - `app/views/admin/settings/edit.html.haml`: Upstream added new settings. Not really a conflict. Merged upstream's changes. - `app/workers/scheduler/feed_cleanup_scheduler.rb`: Upstream refactored that part and removed the file. Ported our relevant changes into `app/lib/vacuum/feeds_vacuum.rb` - `config/settings.yml`: Upstream added new settings. Not a real conflict. Added upstream's new settings.
2022-09-21Refactor ActivityPub handling to prepare for non-Account actors (#19212)Claire
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2022-09-21Fix typo in SignatureVerification (#19209)Claire
Fix regression from #15605
2022-09-20Improve error reporting and logging when processing remote accounts (#15605)Claire
* Add a more descriptive PrivateNetworkAddressError exception class * Remove unnecessary exception class to rescue clause * Remove unnecessary include to JsonLdHelper * Give more neutral error message when too many webfinger redirects * Remove unnecessary guard condition * Rework how “ActivityPub::FetchRemoteAccountService” handles errors Add “suppress_errors” keyword argument to avoid raising errors in ActivityPub::FetchRemoteAccountService#call (default/previous behavior). * Rework how “ActivityPub::FetchRemoteKeyService” handles errors Add “suppress_errors” keyword argument to avoid raising errors in ActivityPub::FetchRemoteKeyService#call (default/previous behavior). * Fix Webfinger::RedirectError not being a subclass of Webfinger::Error * Add suppress_errors option to ResolveAccountService Defaults to true (to preserve previous behavior). If set to false, errors will be raised instead of caught, allowing the caller to be informed of what went wrong. * Return more precise error when failing to fetch account signing AP payloads * Add tests * Fixes * Refactor error handling a bit * Fix various issues * Add specific error when provided Digest is not 256 bits of base64-encoded data * Please CodeClimate * Improve webfinger error reporting
2022-08-28Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/settings/preferences_controller.rb`: Upstream dropping `digest` from notifications emails while we have more notification emails settings. Removed `digest` from our list while keeping our extra settings. - `app/javascript/packs/admin.js`: Conflicts caused by glitch-soc's theming system. Applied the changes to `app/javascript/core/admin.js`. - `app/views/settings/preferences/other/show.html.haml`: Upstream removed a setting close to a glitch-soc-only setting. Applied upstream's change.
2022-08-25Add audit log entries for user roles (#19040)Eugen Rochko
* Refactor audit log schema * Add audit log entries for user roles
2022-05-16Allow import/export of instance-level domain blocks/allows (#1754)Levi Bard
* Allow import/export of instance-level domain blocks/allows. Fixes #15095 * Pacify circleci * Address simple code review feedback * Add headers to exported CSV * Extract common import/export functionality to AdminExportControllerConcern * Add additional fields to instance-blocked domain export * Address review feedback * Split instance domain block/allow import/export into separate pages/controllers * Address code review feedback * Pacify DeepSource * Work around Paperclip::HasAttachmentFile for Rails 6 * Fix deprecated API warning in export tests * Remove after_commit workaround
2022-04-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/concerns/sign_in_token_authentication_concern.rb`: Upstream removed this file, while glitch-soc had changes to deal with its theming system. Removed the file like upstream did.
2022-04-06Remove sign-in token authentication, instead send e-mail about new sign-in ↵Eugen Rochko
(#17970)
2022-03-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-03-01Change authorized applications page (#17656)Eugen Rochko
* Change authorized applications page * Hide revoke button for superapps and suspended accounts * Clean up db/schema.rb
2022-02-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/models/account.rb`: Not a real conflict, just upstream getting rid of unused constants too close to glitch-soc-specific contents. Removed unused constants like upstream did. - `app/models/trends.rb`: Conflict because glitch-soc disabled email notifications for trending links. Upstream has refactored this quite a bit and added trending posts. Took upstream code, but disabling the extra trending stuff will come in another commit. - `app/views/admin/trends/links/index.html.haml`: Conflict due to glitch-soc's theming system. Ported upstream changes accordingly.
2022-02-25Add trending statuses (#17431)Eugen Rochko
* Add trending statuses * Fix dangling items with stale scores in localized sets * Various fixes and improvements - Change approve_all/reject_all to approve_accounts/reject_accounts - Change Trends::Query methods to not mutate the original query - Change Trends::Query#skip to offset - Change follow recommendations to be refreshed in a transaction * Add tests for trending statuses filtering behaviour * Fix not applying filtering scope in controller
2022-02-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-19Bump pundit from 2.1.1 to 2.2.0 (#17543)dependabot[bot]
* Bump pundit from 2.1.1 to 2.2.0 Bumps [pundit](https://github.com/varvet/pundit) from 2.1.1 to 2.2.0. - [Release notes](https://github.com/varvet/pundit/releases) - [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md) - [Commits](https://github.com/varvet/pundit/compare/v2.1.1...v2.2.0) --- updated-dependencies: - dependency-name: pundit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * `include Pundit` is deprecated Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-19Change global `locale` param to `lang` to avoid conflicts (#17592)Eugen Rochko
2022-02-12Add support for multiple source files per packClaire
2022-02-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-08Add global `locale` param (#17464)Eugen Rochko
- Remove the session-based locale stickyness
2022-02-05Move glitch-soc-specific theming methods to ThemingConcernClaire
2022-01-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-25Change CAPTCHA handling to be only on email verificationClaire
This simplifies the implementation considerably, and while not providing ideal UX, it's the most flexible approach.
2022-01-25Add ability to set hCaptcha either on registration form or on e-mail validationClaire
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band registration API.
2022-01-24Disable captcha if registrations are disabled for various reasonsClaire
2022-01-24Please CodeClimateClaire
2022-01-24Add optional hCaptcha supportClaire
Fixes #1649 This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then enabling the admin setting at `/admin/settings/edit#form_admin_settings_captcha_enabled` Subsequently, a hCaptcha widget will be displayed on `/about` and `/auth/sign_up` unless: - the user is already signed-up already - the user has used an invite link - the user has already solved the captcha (and registration failed for another reason) The Content-Security-Policy headers are altered automatically to allow the third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same rules as above.
2022-01-18Merge pull request #1660 from ↵Claire
ClearlyClaire/glitch-soc/features/themes-multiple-packs Refactor glitch-soc's theme handling
2022-01-17Please CodeClimateClaire
2022-01-17Move controller theming code to concernClaire
2022-01-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream added some text, but our README is completely different. Kept our README unchanged.
2022-01-16Remove IP tracking columns from users table (#16409)Eugen Rochko
2021-12-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/views/admin/pending_accounts/index.html.haml`: Removed upstream, while it had glitch-soc-specific changes to accomodate for glitch-soc's theming system. Removed the file. Additional changes: - `app/views/admin/accounts/index.html.haml': Accomodate for glitch-soc's theming system.
2021-12-05Fix redirection when succeeded WebAuthn (#17098)heguro
2021-12-05Add batch suspend for accounts in admin UI (#17009)Eugen Rochko
2021-08-27Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-25Fix authentication failures after going halfway through a sign-in attempt ↵Claire
(#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-06-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-06-21Add authentication history (#16408)Eugen Rochko
2021-03-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-03-18Fix cache_collection crashing when given an empty collection (#15921)Claire
* Fix cache_collection crashing when given an empty collection * Add tests
2021-03-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/validators/status_length_validator.rb`: Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real conflict. Applied upstream changes. - `package.json`: glitch-soc-only dependency textually too close to a dependency updated upstream, not a real conflict. Applied upstream changes.
2021-02-26Fix crash on receiving requests with missing Digest header (#15782)Claire
* Fix crash on receiving requests with missing Digest header Return an error pointing out that Digest is missing, instead of crashing. Fixes #15743 * Fix from review feedback
2021-01-18Merge branch 'master' into glitch-soc/merge-upstreamClaire
2021-01-12Use Rails' index_by where it makes sense (#15542)ThibG
* Use Rails' index_by where it makes sense * Fix tests Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-11Merge branch 'master' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/models/public_feed.rb`: Upstream refactored a bit, glitch-soc had specific code for local-only statuses. Updated glitch-soc's specific code accordingly.
2021-01-10Optimize map { ... }.compact calls (#15513)luigi
* Optimize map { ... }.compact using Enumerable#filter_map, supported since Ruby 2.7 * Add poyfill for Enumerable#filter_map
2020-12-10Merge branch 'master' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/about_controller.rb`: Minor conflict caused by glitch-soc's theming system. Ported upstream changes.
2020-12-10Add honeypot fields and minimum fill-out time for sign-up form (#15276)ThibG
* Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-11-14Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/concerns/sign_in_token_authentication_concern.rb`: Conflict caused because of glitch-soc's theming system. Took upstream's new code and applied the theming system changes on top of it. - `app/controllers/concerns/two_factor_authentication_concern.rb`: Conflict caused because of glitch-soc's theming system. Took upstream's new code and applied the theming system changes on top of it.