Age | Commit message (Collapse) | Author |
|
signatures (#6225)
|
|
UserTrackingConcern is circumvented by SessionsController#create
because it calls warden, which calls the User#update_tracked_fields!
method directly. Move returning user logic to that method.
|
|
The service used to be named ResolveRemoteAccountService resolves local
accounts as well.
|
|
* Fix regeneration key not getting expired
* Add rake task to remove old regeneration markers
|
|
* Add GET /api/v1/instance/peers API to reveal known domains
* Add GET /api/v1/instance/activity API
* Make new APIs disableable, exclude private statuses from activity stats
* Fix code style issue
* Fix week timestamps
|
|
|
|
* Fix #668 - Rate limit by user instead of IP when API user is authenticated
* Fix code style issue
* Use request decorator provided by Doorkeeper
|
|
* Add logging of admin actions
* Update brakeman whitelist
* Log creates, updates and destroys with history of changes
* i18n: Update Polish translation (#5782)
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
* Split admin navigation into moderation and administration
* Redesign audit log page
* 🇵🇱 (#5795)
* Add color coding to audit log
* Change dismiss->resolve, log all outcomes of report as resolve
* Update terminology (e-mail blacklist) (#5796)
* Update terminology (e-mail blacklist)
imho looks better
* Update en.yml
* Fix code style issues
* i18n-tasks normalize
|
|
* Add moderator role and add pundit policies for admin actions
* Add rake task for turning user into mod and revoking it again
* Fix handling of unauthorized exception
* Deliver new report e-mails to staff, not just admins
* Add promote/demote to admin UI, hide some actions conditionally
* Fix unused i18n
|
|
- For some reason, :if option on before_action did not work. It got
executed every time, returned false, and the action run anyway,
which led to the current_sign_in_at and sign_in_count being
updated on every request
- Return "do not filter" early in FeedManager#filter_from_home? if
the status is authored by receiver. Usually this method is not
called for own statuses at all, but it is called when Feed#get
uses the database
- Return early if #reload_stale_associations! has nothing to load
to save a database query with WHERE 1=0
|
|
Additionally, ActivityPub::FetchRemoteStatusService no longer parses
activities.
OStatus::Activity::Creation no longer delegates to ActivityPub because
the provided ActivityPub representations are not signed while OStatus
representations are.
|
|
* Return sensible HTTP status for ActivityPub inbox processing
* Return sensible HTTP status for salmon slap processing
* Return additional information to debug signature verification failures
|
|
(#5129)
If the signature could not be verified and the webfinger of the account
was last retrieved longer than the cache period, try re-resolving the
account and then attempting to verify the signature again
|
|
- Tries to avoid performing HTTP request if the keyId is an actor URI
- Likewise if the URI is a fragment URI on top of actor URI
- Resolves public key, returns owner if the owner links back to the key
|
|
|
|
|
|
* Add Request class with HTTP signature generator
Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06
* Add HTTP signature verification concern
* Add test for SignatureVerification concern
* Add basic test for Request class
* Make PuSH subscribe/unsubscribe requests use new Request class
Accidentally fix lease_seconds not being set and sent properly, and
change the new minimum subscription duration to 1 day
* Make all PuSH workers use new Request class
* Make Salmon sender use new Request class
* Make FetchLinkService use new Request class
* Make FetchAtomService use the new Request class
* Make Remotable use the new Request class
* Make ResolveRemoteAccountService use the new Request class
* Add more tests
* Allow +-30 seconds window for signed request to remain valid
* Disable time window validation for signed requests, restore 7 days
as PuSH subscription duration (which was previous default due to a bug)
|
|
* Fix #2619 - When redis feed is empty, fall back to database
* Use redis value to return feed from database only while RegenerationWorker
hasn't finished running
* Fix specs
* Replace usage of reject!
|
|
* Improve default language decision
This change allows to takes account of accepted language determined by
the user agent even if the custom default locale of the instance is
configured.
* Cover Localized more
* Fix code style
|
|
controller (#3625)
* Coverage for rate limit headers
* Move rate limit headers methods to concern
* Move throttle check to condition on before_action
* Move match_data variable into method
* Move utc timestamp to separate method
* Move header setting into smaller methods
* specs cleanup
|
|
|
|
|
|
* Remove methods from ObfuscateFilename
* Spec ObfuscateFilename
|
|
|
|
* disable Bundler/OrderedGems
* fix rubocop Lint/UselessAssignment
* fix rubocop Style/BlockDelimiters
* fix rubocop Style/AlignHash
* fix rubocop Style/AlignParameters, Style/EachWithObject
* fix rubocop Style/SpaceInLambdaLiteral
|
|
|
|
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden.
Warden::Manager can be found in rake middleware. It is outside of the controller.
In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager
delegates request to failure_app to generate response and flash[:alert] after catching it.
Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only
inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
|
|
* Add routing specs for accounts followers and following actions
* Use more restful route naming for public account follow pages
Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index
Adds routing spec to ensure prior URLs are preserved.
|
|
* Add locale spec with failing locale plus region check
* Use a more accurate locale when supplied by browser headers
Previously we were using a matching option which would use the first locale
available which matched the locale portion, even if a region was specified.
This changes to first try to find an exact match, and then fall back to the
region, and then fall back to the default.
* Clean up default_locale method
|
|
* Remove trailing whitespace
* Use query methods instead of explicit .blank? checks
|
|
* Use HTTP Accept-Language to detect locale
* Fix gem order to comply with codeclimate
* Sort gem to comply with rubocop
* I18n.default_locale fallback when there is no accept-language header
|
|
|
|
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
|
|
|
|
|
|
Fix #233, fix #268
|
|
|