Age | Commit message (Collapse) | Author |
|
* Add tests
* Fix webauthn secure key authentication
Fixes #16769
|
|
Conflicts:
- `streaming/index.js`:
Filtering code for streaming notifications has been refactored upstream, but
glitch-soc had similar code for local-only toots in the same places.
Ported upstream changes, but did not refactor local-only filtering.
|
|
|
|
|
|
(#16744)
Follow-up to #16510, forgot the controller exposing the actual followers…
|
|
|
|
|
|
(#16607)
* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
|
|
The addition of authentication history broke the omniauth login with
the following error:
method=GET path=/auth/auth/cas/callback format=html
controller=Auth::OmniauthCallbacksController action=cas status=500
error='NameError: undefined local variable or method `user' for
#<Auth::OmniauthCallbacksController:0x00000000036290>
Did you mean? @user' duration=435.93 view=0.00 db=36.19
* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
name to `@user`
|
|
|
|
Conflicts:
- `Gemfile.lock`:
Not a real conflict, upstream-updated dependency (redis) textually too
close to glitch-soc-only dependecy.
Updated redis gem like upstream did.
|
|
* Add account statuses cleanup policy model
* Record last inspected toot to delete to speed up successive calls to statuses_to_delete
* Add service to cleanup a given account's statuses within a budget
* Add worker to go through account policies and delete old toots
* Fix last inspected status id logic
All existing statuses older or equal to last inspected status id must be
kept by the current policy. This is an invariant that must be kept so that
resuming deletion from the last inspected status remains sound.
* Add tests
* Refactor scheduler and add tests
* Add user interface
* Add support for discriminating based on boosts/favs
* Add UI support for min_reblogs and min_favs, rework UI
* Address first round of review comments
* Replace Snowflake#id_at_start with with_random parameter
* Add tests
* Add tests for StatusesCleanupController
* Rework settings page
* Adjust load-avoiding mechanisms
* Please CodeClimate
|
|
|
|
|
|
|
|
* Add tests
* Fix user email address being banned on self-deletion
Fixes #16498
|
|
Conflicts:
- `app/helpers/accounts_helper.rb`:
Conflict due to upstream changing how followers count is displayed while we
have an option to hide followers count.
Ported upstream change.
- `app/views/accounts/_header.html.haml`:
Conflict due to upstream changing how followers count is displayed while we
have an option to hide followers count.
Ported upstream change.
- `app/views/directories/index.html.haml`:
Conflict due to upstream changing how followers count is displayed while we
have an option to hide followers count.
Ported upstream change.
|
|
Remove "active within last two weeks" exception for sign in token requirement
Change admin reset password to lock access until the password is reset
|
|
* Fix anonymous access to outbox not being cached by the reverse proxy
Up until now, anonymous access to outbox was marked as public, but with a
0 duration for caching, which means remote proxies would only serve from cache
when the server was completely overwhelmed.
Changed that cache duration to one minute, so that repeated anonymous access
to one account's outbox can be appropriately cached.
Also added `Signature` to the `Vary` header in case a page is requested, so
that authenticated fetches are never served from cache (which only contains
public toots).
* Remove Vary: Accept header from webfinger controller
Indeed, we have stopped returning xrd, and only ever return jrd, so the
Accept request header does not matter anymore.
* Cache negative webfinger hits for 3 minutes
|
|
|
|
|
|
network (#16418)
* Add tests
* Fix serialization of followers/following counts when user hides their network
Fixes #16382
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
|
|
* Fix e-mail confirmations API not working correctly
* Fix typo
|
|
|
|
|
|
* Remove set-cookie header on custom.css
* Additional fix for set-cookie
|
|
Conflicts:
- `README.md`:
Upstream's README got updated, but we have a completely different one.
Kept ours.
|
|
Follow-up to #16276
|
|
- `app/views/statuses/_simple_status.html.haml`:
Small markup change in glitch-soc, on a line that has been modified by
upstream. Ported upstream changes.
|
|
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending
Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots
Remove references to hashtags in profile directory from the code
and the admin UI
|
|
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0
Also improve the Terrapin monkey-patch for the stderr/stdout issue.
* Fix keyword argument handling throughout the codebase
* Monkey-patch Paperclip to fix keyword arguments handling in validators
* Change validation_extensions to please CodeClimate
* Bump microformats from 4.2.1 to 4.3.1
* Allow Ruby 3.0
* Add Ruby 3.0 test target to CircleCI
* Add test for admin dashboard warnings
* Fix admin dashboard warnings on Ruby 3.0
|
|
* Add management of delivery availavility in Federation settings
* fix translate
* Remove useless object creation
* Fix DeepSource issue
* Add shortcut for all
* Fix DeepSource(skipcq)
* Change 'remove' to 'clear'
* Fix style
* Change class method name (exhausted_deliveries_key_by)
|
|
|
|
Database serialization failure occurs when a read-replica is used
and a query takes long enough that rows on the primary database
become unavailable. It should return HTTP 503 as it is temporary.
Re-order rescue definitions according to their status codes
|
|
Clicking the confirmation link multiple times currently leads to entering
account settings, which can be confusing. This commit changes that so that
it redirects to the root path, so it behaves the same way as clicking only
once in most cases.
|
|
|
|
|
|
|
|
Conflicts:
- `README.md`:
Upstream updated copyright year, we don't mention it so kept our version.
- `app/controllers/admin/dashboard_controller.rb`:
Not really a conflict, upstream change (removing the spam checker) too close
to glitch-soc changes. Ported upstream changes.
- `app/models/form/admin_settings.rb`:
Same.
- `app/services/remove_status_service.rb`:
Same.
- `app/views/admin/settings/edit.html.haml`:
Same.
- `config/settings.yml`:
Same.
- `config/environments/production.rb`:
Not a real conflict, upstream added a default HTTP header, but we have
extra headers in glitch-soc.
Added the header.
|
|
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Raw SQL passed to `pluck` now has to be explicitly marked as SQL via
Arel.sql, see https://github.com/rails/rails/pull/27947
|
|
|