about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2021-09-30Fix webauthn secure key authentication (#16792)Claire
* Add tests * Fix webauthn secure key authentication Fixes #16769
2021-09-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `streaming/index.js`: Filtering code for streaming notifications has been refactored upstream, but glitch-soc had similar code for local-only toots in the same places. Ported upstream changes, but did not refactor local-only filtering.
2021-09-26Change routing paths to use usernames in web UI (#16171)Eugen Rochko
2021-09-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-15Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16744) Follow-up to #16510, forgot the controller exposing the actual followers…
2021-08-27Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-26Explicitly set userVerification to discoraged (#16545)Truong Nguyen
2021-08-25Fix authentication failures after going halfway through a sign-in attempt ↵Claire
(#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25Fix undefined variable for Auth::OmniauthCallbacksController (#16654)Daniel
The addition of authentication history broke the omniauth login with the following error: method=GET path=/auth/auth/cas/callback format=html controller=Auth::OmniauthCallbacksController action=cas status=500 error='NameError: undefined local variable or method `user' for #<Auth::OmniauthCallbacksController:0x00000000036290> Did you mean? @user' duration=435.93 view=0.00 db=36.19 * app/controllers/auth/omniauth_callbacks_controller.rb: fix variable name to `@user`
2021-08-09Fix account statuses cleanup settings controller for glitch-soc's theming systemClaire
2021-08-09Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `Gemfile.lock`: Not a real conflict, upstream-updated dependency (redis) textually too close to glitch-soc-only dependecy. Updated redis gem like upstream did.
2021-08-09Add feature to automatically delete old toots (#16529)Claire
* Add account statuses cleanup policy model * Record last inspected toot to delete to speed up successive calls to statuses_to_delete * Add service to cleanup a given account's statuses within a budget * Add worker to go through account policies and delete old toots * Fix last inspected status id logic All existing statuses older or equal to last inspected status id must be kept by the current policy. This is an invariant that must be kept so that resuming deletion from the last inspected status remains sound. * Add tests * Refactor scheduler and add tests * Add user interface * Add support for discriminating based on boosts/favs * Add UI support for min_reblogs and min_favs, rework UI * Address first round of review comments * Replace Snowflake#id_at_start with with_random parameter * Add tests * Add tests for StatusesCleanupController * Rework settings page * Adjust load-avoiding mechanisms * Please CodeClimate
2021-07-25Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-07-21Add logging of S3-related errors (#16381)Claire
2021-07-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-07-14Fix user email address being banned on self-deletion (#16503)Claire
* Add tests * Fix user email address being banned on self-deletion Fixes #16498
2021-07-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/helpers/accounts_helper.rb`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change. - `app/views/accounts/_header.html.haml`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change. - `app/views/directories/index.html.haml`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change.
2021-07-08Add ability to skip sign-in token authentication for specific users (#16427)Eugen Rochko
Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-07-03Fix anonymous access to outbox not being cached by the reverse proxy (#16458)Claire
* Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes
2021-06-23Fix login date not showing up in login history by using “public” packClaire
2021-06-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-06-21Fix serialization of followers/following counts when user hides their ↵Claire
network (#16418) * Add tests * Fix serialization of followers/following counts when user hides their network Fixes #16382 Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-06-21Add authentication history (#16408)Eugen Rochko
2021-06-03Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-06-02Fix e-mail confirmations API not working correctly (#16348)Eugen Rochko
* Fix e-mail confirmations API not working correctly * Fix typo
2021-05-31Fix some IDs in instance actor outbox (#16343)Claire
2021-05-31Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-05-30Remove set-cookie header on custom.css (#16314)Jeong Arm
* Remove set-cookie header on custom.css * Additional fix for set-cookie
2021-05-27Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream's README got updated, but we have a completely different one. Kept ours.
2021-05-22Fix media proxy RedisLocks auto-releasing too fast (#16291)Claire
Follow-up to #16276
2021-05-07Merge branch 'main' into glitch-soc/merge-upstreamClaire
- `app/views/statuses/_simple_status.html.haml`: Small markup change in glitch-soc, on a line that has been modified by upstream. Ported upstream changes.
2021-05-07Change trending hashtags to be affected be reblogs (#16164)Eugen Rochko
If a status with a hashtag becomes very popular, it stands to reason that the hashtag should have a chance at trending Fix no stats being recorded for hashtags that are not allowed to trend, and stop ignoring bots Remove references to hashtags in profile directory from the code and the admin UI
2021-05-06Add Ruby 3.0 support (#16046)Claire
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0 Also improve the Terrapin monkey-patch for the stderr/stdout issue. * Fix keyword argument handling throughout the codebase * Monkey-patch Paperclip to fix keyword arguments handling in validators * Change validation_extensions to please CodeClimate * Bump microformats from 4.2.1 to 4.3.1 * Allow Ruby 3.0 * Add Ruby 3.0 test target to CircleCI * Add test for admin dashboard warnings * Fix admin dashboard warnings on Ruby 3.0
2021-05-05Add management of delivery availability in Federation settings (#15771)Takeshi Umeda
* Add management of delivery availavility in Federation settings * fix translate * Remove useless object creation * Fix DeepSource issue * Add shortcut for all * Fix DeepSource(skipcq) * Change 'remove' to 'clear' * Fix style * Change class method name (exhausted_deliveries_key_by)
2021-05-05Fix error when trying to render component for media without meta (#16112)Eugen Rochko
2021-05-05Fix database serialization failure returning HTTP 500 (#16101)Eugen Rochko
Database serialization failure occurs when a read-replica is used and a query takes long enough that rows on the primary database become unavailable. It should return HTTP 503 as it is temporary. Re-order rescue definitions according to their status codes
2021-05-03Change confirmations controller to redirect to / for approved users (#16151)Claire
Clicking the confirmation link multiple times currently leads to entering account settings, which can be confusing. This commit changes that so that it redirects to the root path, so it behaves the same way as clicking only once in most cases.
2021-04-26Further improve the media attached status query for accounts (#16106)abcang
2021-04-25Improve media attached status query (#16105)abcang
2021-04-24Change auto-following admin-selected accounts, show in recommendations (#16078)Eugen Rochko
2021-04-20Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream updated copyright year, we don't mention it so kept our version. - `app/controllers/admin/dashboard_controller.rb`: Not really a conflict, upstream change (removing the spam checker) too close to glitch-soc changes. Ported upstream changes. - `app/models/form/admin_settings.rb`: Same. - `app/services/remove_status_service.rb`: Same. - `app/views/admin/settings/edit.html.haml`: Same. - `config/settings.yml`: Same. - `config/environments/production.rb`: Not a real conflict, upstream added a default HTTP header, but we have extra headers in glitch-soc. Added the header.
2021-04-15Add `policy` param to `POST /api/v1/push/subscriptions` (#16040)Eugen Rochko
With possible values `all`, `followed`, `follower`, and `none`, control from whom notifications will generate a Web Push alert
2021-04-12Add cold-start follow recommendations (#15945)Eugen Rochko
2021-04-11Remove spam check and dependency on nilsimsa gem (#16011)Eugen Rochko
2021-04-05Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-04-03Add system checks to dashboard in admin UI (#15989)Eugen Rochko
2021-04-03Change health check (#15988)Eugen Rochko
2021-03-31Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-03-26Fix /admin/tags/:id crashing since Rails 6.1 update (#15953)Claire
Raw SQL passed to `pluck` now has to be explicitly marked as SQL via Arel.sql, see https://github.com/rails/rails/pull/27947
2021-03-26Add warning in admin dashboard if some required queues are not handled (#15954)Claire