Age | Commit message (Collapse) | Author |
|
|
|
Database serialization failure occurs when a read-replica is used
and a query takes long enough that rows on the primary database
become unavailable. It should return HTTP 503 as it is temporary.
Re-order rescue definitions according to their status codes
|
|
Clicking the confirmation link multiple times currently leads to entering
account settings, which can be confusing. This commit changes that so that
it redirects to the root path, so it behaves the same way as clicking only
once in most cases.
|
|
|
|
|
|
|
|
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
|
|
|
|
|
|
|
|
|
|
Raw SQL passed to `pluck` now has to be explicitly marked as SQL via
Arel.sql, see https://github.com/rails/rails/pull/27947
|
|
|
|
Allow changing e-mail as long as the account is unconfirmed
|
|
* Update devise-two-factor to unreleased fork for Rails 6 support
Update tests to match new `rotp` version.
* Update nsa gem to unreleased fork for Rails 6 support
* Update rails to 6.1.3 and rails-i18n to 6.0
* Update to unreleased fork of pluck_each for Ruby 6 support
* Run "rails app:update"
* Add missing ActiveStorage config file
* Use config.ssl_options instead of removed ApplicationController#force_ssl
Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.
* Fix nonce directives by removing Rails 5 specific monkey-patching
* Fix fixture_file_upload deprecation warning
* Fix yield-based test failing with Rails 6
* Use Rails 6's index_with when possible
* Use ActiveRecord::Cache::Store#delete_multi from Rails 6
This will yield better performances when deleting an account
* Disable Rails 6.1's automatic preload link headers
Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.
In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.
* Switch to Rails 6.0 default config
* Switch to Rails 6.1 default config
* Do not include autoload paths in the load path
|
|
* Use ActiveRecord::Result#to_ary instead of deprecated to_hash
They do the same thing, and to_hash has been removed from Rails 6.1
* Explicitly name polymorphic indexes to workaround a bug in Rails 6.1
cf. https://github.com/rails/rails/issues/41693
* Fix incorrect usage of “foreign_key” in migration script
* Use `ActiveModel::Errors#delete` instead of deprecated clear method
* Fix link headers tests on Rails 6.1
Rails 6.1 adds values to the Link header by default, thus it is not a
LinkHeader object anymore. Fix the test to parse the Link header instead
of assuming it is a LinkHeader.
|
|
* Fix cache_collection crashing when given an empty collection
* Add tests
|
|
Only available to the application the user originally signed-up with
|
|
|
|
* Fix crash on receiving requests with missing Digest header
Return an error pointing out that Digest is missing, instead of crashing.
Fixes #15743
* Fix from review feedback
|
|
|
|
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
|
|
|
|
|
|
* Enable secure cookie flag for https only
* Disable force_ssl for .onion hosts only
Co-authored-by: Aiden McClelland <me@drbonez.dev>
|
|
An uncommon but somewhat difficult to digagnose issue is dealing with
improperly-seeded databases. In such cases, instance-signed fetches will
fail with a ActiveRecord::RecordNotFound error, usually caught and handled
as generic 404, leading people to think the remote resource itself has not
been found, while it's the local instance actor that does not exist.
This commit changes the code so that failure to find the instance actor
automatically creates a new one, so that improperly-seeded databases do
not cause any issue.
|
|
* Improved performance of notification preloading
* Remove Cacheable from Notification
* Fix test
|
|
Fixes #15589
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
* Use Rails' index_by where it makes sense
* Fix tests
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
* Optimize map { ... }.compact
using Enumerable#filter_map, supported since Ruby 2.7
* Add poyfill for Enumerable#filter_map
|
|
This also skips fetching the actor completely.
This will be useful if we end up distributing Update activities linked to
account suspensions more widely (they are currently only delivered to
the suspended account's followers), as currently, instances not knowing
about the suspended account would fetch it to then process the suspension.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Fixes #15460
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
(#15415)
* Update featured_tags_controller.rb
* Update featured_tag_serializer.rb
* Update featured_tag_serializer.rb
* Delete account_featured_tag_serializer.rb
* please codeclimate
* please codeclimate
|
|
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
|
|
|
|
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
|
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
About 2x speed-up on inboxes query
|
|
featured tags (#15270)
|
|
Fixes #15191
|
|
* Add ability to export bookmarks
* Add support for importing bookmarks
* Add bookmark import tests
* Add bookmarks export test
|
|
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
|
|
* Add interrelationship icon
* Fix arrow for rtl
* Fix to predefined color
|
|
* Add follow selected followers button
* Fix unused variable
* Fix i18n normalize
|
|
|
|
* Change order of announcements in admin page to sort show newly-created first
Fixes #15090
* Use reverse-chronological rather than creation date only
|
|
* Add account sensitized
* Fix i18n normalize
* Fix description and spec
* Fix spec
* Fix wording
|
|
* Add more specific error message when request body digest is invalid
This may help other implementors debug their implementation.
* Relax Host parameter requirement to GET requests
The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.
* Support Digest headers using multiple algorithms or lowercase alogirthm names
|
|
|