about summary refs log tree commit diff
path: root/app/models/concerns
AgeCommit message (Collapse)Author
2018-04-23Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)Eugen Rochko
2018-04-22Rescue Mastodon::LengthValidationError in Remoteable (#7228)Eugen Rochko
Fix #7198 by allowing records with optional attachments to save
2018-04-13Merge pull request #419 from ThibG/glitch-soc/features/bookmarksDavid Yip
Bookmarks
2018-04-11Add backend support for bookmarksThibaut Girka
Bookmarks behave like favourites, except they aren't shared with other users and do not have an associated counter.
2018-04-11Paginate ancestor statuses in public page (#7102)Akihiko Odaki
This also limits the statuses returned by API, but pagination is not implemented in Web API yet. I still expect it brings user experience better than making a user wait to fetch all ancestor statuses and flooding the column with them.
2018-04-09Exclude status itself from context query (#7083)Akihiko Odaki
ancestor_statuses and descendant_statuses used to include the root status itself, but the behavior is confusing because the root status is not an ancestor nor descendant.
2018-03-27Fix UniqueUsernameValidator comparison (#6926)Eugen Rochko
Comparison was downcasing only one side, therefore if previously existing account had a non-lowercase spelling, it would be ignored when checking for duplicates. New rake task `mastodon:maintenance:find_duplicate_usernames` will help find constraint violations that might have occured from the presence of this bug. Bump version to 2.3.3
2018-03-26Validate HTTP response length while receiving (#6891)Akihiko Odaki
to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
2018-03-24Close http connection in perform method of Request class (#6889)Akihiko Odaki
HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
2018-03-17Handle Mastodon::HostValidationError when pulling remoteable assets (#6782)Daniel Hunsaker
This will prevent, for example, `rake mastodon:redownload_avatars` from crashing when an instance is no longer responding to connection attempts, instead silently continuing as expected.
2018-03-08Rescue when there's no extension in the remotable (#6358)Renato "Lond" Cerqueira
* Rescue when there's no extension in the remotable Sometimes the remotable is pointing to a directory with no file extension. Maybe it should not be expecting to identify based on extensions to begin with, but since it's the case, it should be ready for it. * Fix codeclimate issue * Check if filename is nil instead of rescueing exception Suggestion made in the PR * Avoid concatenation issue if filename is nil If filename is nil, extname was undefined * Invert condition Address PR comments
2018-03-07Add additional first_name and last_name SAML attribute statement options, ↵Effy Elden
and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669)
2018-03-06Fix #3807: Increase avatars to 400x400 max (#6651)Eugen Rochko
But do not upscale when they are smaller
2018-02-26Fix prev/next links on public profile page (#6497)Ian McCowan
* Fix prev/next links on public profile page * Don't make pagination urls if no available statuses * Fix empty check method * Put left chevron before prev page link * Add scope for pagination "starting at" a given id * Status pagination try 2: s/prev/older and s/next/newer "older" on left, "newer" on right Use new scope for "newer" link Extract magic 20 page size to constant Remove max_id from feed pagination as it's not respected * Reinstate max_id for accounts atom stream * normalize
2018-02-23New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML ↵Ghislain Loaec
strategies) (#6540)
2018-02-22New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 (#6538)Ghislain Loaec
2018-02-22Fix #6525: Make sure file is opened in LazyThumbnail processor (#6529)Eugen Rochko
2018-02-21Fix avatar and header issues by using custom geometry detector (#6515)Eugen Rochko
* Fix avatar and header issues by using custom geometry detector Revert a part of #6508. The file passed to dynamic styles method was not actually a file, but an instance of Paperclip::Attachment, which broke all styles by always returning {} from the method. One problem with GIF avatars was that Paperclip::GeometryDetector reported wrong dimensions for them, e.g. 120x120 GIF avatar would for some reason be detected as 120x53. By writing our own geometry parser, we can use FastImage, which also happens to be faster than ImageMagick, to detect image dimensions, which are also correct. Unfortunately, this PR does not implement skipping a `convert` entirely if the dimensions are already correct, as I found no easy way to write that behaviour into Paperclip without rewriting the Paperclip::Thumbnail class. * Only invoke convert if dimension or format needs to be changed
2018-02-19Don't resize avatars/headers if their dimensions are already right (#6508)Eugen Rochko
Also don't apply "-quality 80" option which is probably the reason for slight color differences between original and remote image (because it would apply it twice, once on original instance, and again on the receiving instance)
2018-02-18Cache relationships in API (#6482)Eugen Rochko
* Cache relationships in API * Fetch relationships for search results in UI * Only save one account's maps in each cache item
2018-02-04CAS + SAML authentication feature (#6425)Eugen Rochko
* Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
2017-11-28Allow hiding of reblogs from followed users (#5762)aschmitz
* Allow hiding of reblogs from followed users This adds a new entry to the account menu to allow users to hide future reblogs from a user (and then if they've done that, to show future reblogs instead). This does not remove or add historical reblogs from/to the user's timeline; it only affects new statuses. The API for this operates by sending a "reblogs" key to the follow endpoint. If this is sent when starting a new follow, it will be respected from the beginning of the follow relationship (even if the follow request must be approved by the followee). If this is sent when a follow relationship already exists, it will simply update the existing follow relationship. As with the notification muting, this will now return an object ({reblogs: [true|false]}) or false for each follow relationship when requesting relationship information for an account. This should cause few issues due to an object being truthy in many languages, but some modifications may need to be made in pickier languages. Database changes: adds a show_reblogs column (default true, non-nullable) to the follows and follow_requests tables. Because these are non-nullable, we use the existing MigrationHelpers to perform this change without locking those tables, although the tables are likely to be small anyway. Tests included. See also <https://github.com/glitch-soc/mastodon/pull/212>. * Rubocop fixes * Code review changes * Test fixes This patchset closes #648 and resolves #3271. * Rubocop fix * Revert reblogs defaulting in argument, fix tests It turns out we needed this for the same reason we needed it in muting: if nil gets passed in somehow (most usually by an API client not passing any value), we need to detect and handle it. We could specify a default in the parameter and then also catch nil, but there's no great reason to duplicate the default value.
2017-11-16Fix AccountFinderConcern::AccountFinder#with_usernames (#5722)ysksn
2017-11-15Optional notification muting (#5087)Surinna Curtis
* Add a hide_notifications column to mutes * Add muting_notifications? and a notifications argument to mute! * block notifications in notify_service from hard muted accounts * Add specs for how mute! interacts with muting_notifications? * specs testing that hide_notifications in mutes actually hides notifications * Add support for muting notifications in MuteService * API support for muting notifications (and specs) * Less gross passing of notifications flag * Break out a separate mute modal with a hide-notifications checkbox. * Convert profile header mute to use mute modal * Satisfy eslint. * specs for MuteService notifications params * add trailing newlines to files for Pork :) * Put the label for the hide notifications checkbox in a label element. * Add a /api/v1/mutes/details route that just returns the array of mutes. * Define a serializer for /api/v1/mutes/details * Add more specs for the /api/v1/mutes/details endpoint * Expose whether a mute hides notifications in the api/v1/relationships endpoint * Show whether muted users' notifications are muted in account lists * Allow modifying the hide_notifications of a mute with the /api/v1/accounts/:id/mute endpoint * make the hide/unhide notifications buttons work * satisfy eslint * In probably dead code, replace a dispatch of muteAccount that was skipping the modal with launching the mute modal. * fix a missing import * add an explanatory comment to AccountInteractions * Refactor handling of default params for muting to make code cleaner * minor code style fixes oops * Fixed a typo that was breaking the account mute API endpoint * Apply white-space: nowrap to account relationships icons * Fix code style issues * Remove superfluous blank line * Rename /api/v1/mutes/details -> /api/v2/mutes * Don't serialize "account" in MuteSerializer Doing so is somewhat unnecessary since it's always the current user's account. * Fix wrong variable name in api/v2/mutes * Use Toggle in place of checkbox in the mute modal. * Make the Toggle in the mute modal look better * Code style changes in specs and removed an extra space * Code review suggestions from akihikodaki Also fixed a syntax error in tests for AccountInteractions. * Make AddHideNotificationsToMute Concurrent It's not clear how much this will benefit instances in practice, as the number of mutes tends to be pretty small, but this should prevent any blocking migrations nonetheless. * Fix up migration things * Remove /api/v2/mutes
2017-09-14Fix #4908 - Do not keep remote file names, generate random (#4934)Eugen Rochko
2017-08-25Pinned statuses (#4675)Eugen Rochko
* Pinned statuses * yarn manage:translations
2017-08-08Add ActivityPub inbox (#4216)Eugen Rochko
* Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-08Add coalesce option to avatar and header convert processor (#4552)Yamagishi Kazutoshi
Resolve #3199
2017-08-08Revert "Set false to animated options for thumbnail processor" (#4550)Yamagishi Kazutoshi
* Revert "Adjust tags and accounts page (#4534)" This reverts commit a3e53bd442752f210db2025f2dfc45e7599354c2. * Revert "feat: Cache status height to avoid expensive renders (#4439)" This reverts commit 8eb6d171e690e013eb2881478cfa1fd50b4ba705. * Revert "Refactor Avatar and AvatarOverlay to have 'account' as prop instead of src and staticSrc (#4526)" This reverts commit 594234740788a51fa528152343eb50dc1c6ca093. * Revert "Update dependencies for Ruby (#4543)" This reverts commit 22db9472253f6ffcfed254f7a406a58b53e80cfe. * Revert "[Docker] Add multicore support to "make" and "bundler" (#4544)" This reverts commit 5d408fd9aa76f9ef3d559a377bccbcece998fbfa. * Revert "It makes no sense to try using invalid or expired link again (#4521)" This reverts commit 47579ec58ce984acc9f194f8cb145abd88d0ea19. * Revert "i18n: Update Polish translation (#4545)" This reverts commit 3363a05539c0c774fca4651755e6423fe131d205. * Revert "Set false to animated options for thumbnail processor (#4547)" This reverts commit 87f10d476cf7a05bc60851c93e3c051eca8c357e.
2017-08-07Set false to animated options for thumbnail processor (#4547)Yamagishi Kazutoshi
Resolve #3199 Fix the aspect ratio of animated GIF whose background is transparent.
2017-07-14HTTP signatures (#4146)Eugen Rochko
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
2017-07-11Fix #2848 - Rake task to redownload avatars/headers (#4156)Eugen Rochko
Can be filtered by a specific domain Resolves #2292
2017-07-03Rescue exceptions caused by FetchLinkCardService (#4045)abcang
2017-06-30Rescue Addressable::URI::InvalidURIError at Remotable (#4017)abcang
2017-06-22Some minor change and spec for Account (#3813)Akihiko Odaki (@fn_aki@pawoo.net)
* Introduce domains method to Account relation Account had followers_domains method, which was excessively specific. Let relation of Account have domains method instead. * Move follow_mapping in Account to AccountInteractions * Introduce shared examples for AccountAvatar inclusion * Cover Account more
2017-06-08Improve RuboCop rules (compatibility to Code Climate) (#3636)Yamagishi Kazutoshi
https://github.com/codeclimate/codeclimate-rubocop/blob/08f8de84ebfb39caa96391e23816877278f6441c/Gemfile.lock#L38 Code Climate is using RuboCop v0.46.0. Change several rules to maintain compatibility.
2017-06-05Introduce StatusThreadingConcern (#3490)Matt Jankowski
* Add a StatusFilter class to identify visibility of statuses by accounts * Extract StatusThreadingConcern from Status * Clarify purpose of checking for nil account
2017-06-04Remove Targetable (#3548)Akihiko Odaki (@fn_aki@pawoo.net)
2017-06-01Handle nil and blank cases in Account finders (#3500)Matt Jankowski
2017-05-31Expand spec coverage and refactor the `Account.find_` methods (#3485)Matt Jankowski
* Move specs for account finder methods to concern spec * Move account finder methods to concern * Improve spec wording * Use more explicit comparison to ensure correct return value * Add coverage for .find_local! and .find_remote! * Add some methods to the finder * Use arel on matching_username method * Avoid ternary in matching domain method * Simplify finder methods * Use an AccountFinder class to simplify lookup
2017-05-21Fix mutes_controller error and incorrect statuses_controller report (#3202)Akihiko Odaki
This commit fixes a regression in commit f55480756337dd4df7513e89673e81e003f1201a.
2017-05-19Add buttons to block and unblock domain (#3127)Eugen Rochko
* Add buttons to block and unblock domain * Relationship API now returns "domain_blocking" status for accounts, rename "block entire domain" to "hide entire domain", fix unblocking domain, do not block notifications from domain-blocked-but-followed people, do not send Salmons to domain blocked users * Add test * Personal domain blocks shouldn't affect Salmon after all, since in this direction of communication the control is very thin when it comes to public stuff. Best stay consistent and not affect federation in this way * Ignore followers and follow request from domain blocked folks, ensure account domain blocks are not created for empty domain, and avoid duplicates in validation * Purge followers when blocking domain (without soft-blocks, since they are useless here) * Add tests, fix local timeline being empty when having any domain blocks
2017-05-19Define instance method outside #included (#3128)alpaca-tc
2017-05-19Account domain blocks (#2381)Eugen Rochko
* Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation * Adding account domain blocks that filter notifications and public timelines * Add tests for domain blocks in notifications, public timelines Filter reblogs of blocked domains from home * Add API for listing and creating account domain blocks * API for creating/deleting domain blocks, tests for Status#ancestors and Status#descendants, filter domain blocks from them * Filter domains in streaming API * Update account_domain_block_spec.rb
2017-05-18Fetch remote image using http.rb (#3114)Yamagishi Kazutoshi
2017-05-11Fix #1426 - Trim long usernames in public follower/following lists (#2993)Eugen Rochko
Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
2017-05-05Move account header and avatar methods to a concern (#2825)Matt Jankowski
2017-05-05Fixes unknown mime type (#2822)alpaca-tc
2017-05-01Fix Rubocop offences (#2630)yhirano
* disable Bundler/OrderedGems * fix rubocop Lint/UselessAssignment * fix rubocop Style/BlockDelimiters * fix rubocop Style/AlignHash * fix rubocop Style/AlignParameters, Style/EachWithObject * fix rubocop Style/SpaceInLambdaLiteral
2017-05-01Detect extension for preview card (#2679)Yamagishi Kazutoshi
* Detect extension for preview card * next