| Age | Commit message (Collapse) | Author |
|---|
|
When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1.
This fixes #13580
|
|
|
|
|
|
|
|
|
|
Follow-up to #13452, fixing broken `uri.nil?` test.
Also remove the separate check for `uri` presence, as that would result
in a “Please review 2 errors below” while only one would be listed.
|
|
|
|
Conflicts:
- `package.json`:
No real conflict, upstream updated a dependency which is
textually adjacent to a glitch-soc-specific dependency.
Updated it.
- `yarn.lock`:
No real conflict, upstream updated a dependency which is
textually adjacent to a glitch-soc-specific dependency.
Updated it.
|
|
* Fix “Email changed” notification sometimes having wrong e-mail
Fixes #6778
The root of the issue is that `send_devise_notification` was called before
the changes were properly commited to the database, causing the mailer to
pick previous values if running too early.
Devise's documentation provides guidance on how to handle that[1][2], however,
I have found it to not be working, as the following happens, in that order:
- `send_devise_notification` is called for the `email_changed` notification.
In that case, `changed?` is false and `saved_changes?` is true, so
if we use the former, we have the same issue.
- the `after_commit` hook is called
- `send_devise_notification` is called for the `confirmation_instructions`
notification.
In that case, `changed?` is still false, and `saved_changes?` still true,
so if we use the latter, that second notification email is simply not
going to be sent (as we would be queuing the notification *after*
executing the after_commit hook).
This is because it may be called from either an `after_update` or
`after_commit` hook, the difference not being a call to `save` but the
transaction actually being committed to the database. This may arguably
be a bug in Devise, or Devise's notification.
The proposed workaround is inspired by Devise's documentation but checks
whether a transaction is open to make the call whether to immediately
send the notification or defer it to the `after_commit` hook.
[1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification
[2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194
* Fix cases when sending notifications without changing the model
* Defer sending if and only if in transaction including current record
|
|
* Fix error not being displayed when adding an account alias, add error for self-references
Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
* Add “You have no aliases.” note in confusing empty aliases table
Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
|
|
Conflicts:
- `app/javascript/packs/public.js`:
Upstream modified code that we split between multiple files due
to glitch-soc's theming system.
Ported those changes.
|
|
|
|
* Fix PostgreSQL load when linking in announcements
Fixes #13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
|
|
|
|
|
|
Conflicts:
- `app/services/post_status_service.rb`:
CW/sensitive logic fixed upstream, but different in glitch-soc.
Ported the changes accordingly.
|
|
Change `tootctl media lookup` to not use an interactive prompt
|
|
Conflicts:
- `README.md`:
Our README.md files are completely different. Discarded upstream changes.
- `app/javascript/core/admin.js`:
Updating rails-ujs, no real conflict, but a comment to close to changed
code. Various glitch-soc-only files have been updated to match those changes,
though.
- `package.json`:
No real conflict, just an additional dependency in glitch-soc that was too
close to something updated upstream. Took upstream's changes.
|
|
|
|
report (#13289)
|
|
in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
|
|
|
|
|
|
|
|
Even if the container format is the same (.mp4), the codec could
be different and not playable in web browsers
|
|
- Dimensions at most 1920x1200
- Frame rate at most 60
|
|
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
|
|
(#13210)
Fix #9106
|
|
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
Conflict due to upstream adding a new parameter (with_rate_limit),
too close to glitch-soc's own additional parameter (content_type).
Added upstream's parameter.
- `app/services/post_status_service.rb`:
Conflict due to upstream adding a new parameter (rate_limit),
too close to glitch-soc's own additional parameter (content_type).
Added upstream's parameter.
- `app/views/settings/preferences/appearance/show.html.haml`:
Conflict due to us not exposing theme settings here (as we have
a different flavour/skin menu).
Took upstream change, while still not exposing theme settings.
- `config/webpack/shared.js`:
Coding style fixes for a part we have rewritten.
Discarded upstream changes.
|
|
(#13212)
* Add support for links to public statuses in announcements to be opened in WebUI
* Please CodeClimate
|
|
* Add ability to order accounts in moderation view
* Display last status date in “Most recent activity” for remote users
|
|
|
|
(#13170)
Fixes #13168
|
|
|
|
(#13164)
|
|
|
|
Because the file name was set after loading the file, Paperclip
was flagging the differing file extension as content type spoofing
Fix #12938
|
|
|
|
* Search account domain in lowercase
* fix rubocop error
* fix spec/models/account_spec.rb
|
|
Conflicts:
- `app/serializers/rest/account_serializer.rb`:
Upstream added code too close to glitch-soc-specific followers-hiding code.
Ported upstream changes.
|
|
|
|
|
|
Change `all_day` to be a visual client-side cue only
Publish immediately if `scheduled_at` is in the past
Add `published_at` and `updated_at` to announcements JSON
|
|
|
|
|
|
Conflicts:
- `app/controllers/statuses_controller.rb`:
Minor conflict due to theming system
|
|
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.
This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
|
|
Follow-up to #12927
|
|
* Add announcements
Fix #11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
|
|
Fix #12554
|
