| Age | Commit message (Collapse) | Author |
|---|
|
|
|
When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1.
This fixes #13580
|
|
|
|
|
|
Follow-up to #13452, fixing broken `uri.nil?` test.
Also remove the separate check for `uri` presence, as that would result
in a “Please review 2 errors below” while only one would be listed.
|
|
|
|
* Fix “Email changed” notification sometimes having wrong e-mail
Fixes #6778
The root of the issue is that `send_devise_notification` was called before
the changes were properly commited to the database, causing the mailer to
pick previous values if running too early.
Devise's documentation provides guidance on how to handle that[1][2], however,
I have found it to not be working, as the following happens, in that order:
- `send_devise_notification` is called for the `email_changed` notification.
In that case, `changed?` is false and `saved_changes?` is true, so
if we use the former, we have the same issue.
- the `after_commit` hook is called
- `send_devise_notification` is called for the `confirmation_instructions`
notification.
In that case, `changed?` is still false, and `saved_changes?` still true,
so if we use the latter, that second notification email is simply not
going to be sent (as we would be queuing the notification *after*
executing the after_commit hook).
This is because it may be called from either an `after_update` or
`after_commit` hook, the difference not being a call to `save` but the
transaction actually being committed to the database. This may arguably
be a bug in Devise, or Devise's notification.
The proposed workaround is inspired by Devise's documentation but checks
whether a transaction is open to make the call whether to immediately
send the notification or defer it to the `after_commit` hook.
[1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification
[2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194
* Fix cases when sending notifications without changing the model
* Defer sending if and only if in transaction including current record
|
|
* Fix error not being displayed when adding an account alias, add error for self-references
Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
* Add “You have no aliases.” note in confusing empty aliases table
Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
|
|
|
|
* Fix PostgreSQL load when linking in announcements
Fixes #13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
|
|
|
|
Change `tootctl media lookup` to not use an interactive prompt
|
|
|
|
report (#13289)
|
|
in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
|
|
|
|
|
|
|
|
Even if the container format is the same (.mp4), the codec could
be different and not playable in web browsers
|
|
- Dimensions at most 1920x1200
- Frame rate at most 60
|
|
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
|
|
(#13210)
Fix #9106
|
|
(#13212)
* Add support for links to public statuses in announcements to be opened in WebUI
* Please CodeClimate
|
|
* Add ability to order accounts in moderation view
* Display last status date in “Most recent activity” for remote users
|
|
|
|
(#13170)
Fixes #13168
|
|
(#13164)
|
|
Because the file name was set after loading the file, Paperclip
was flagging the differing file extension as content type spoofing
Fix #12938
|
|
* Search account domain in lowercase
* fix rubocop error
* fix spec/models/account_spec.rb
|
|
|
|
|
|
Change `all_day` to be a visual client-side cue only
Publish immediately if `scheduled_at` is in the past
Add `published_at` and `updated_at` to announcements JSON
|
|
|
|
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.
This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
|
|
Follow-up to #12927
|
|
* Add announcements
Fix #11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
|
|
Fix #12554
|
|
* Add “account timeline” filter category
Previously, no filter category applied to account timelines.
* Rename “Account timelines” into “Profiles”
|
|
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
|
|
|
|
|
|
* Fix unused role routes being generated
* Remove unused JavaScript code
* Refactor filters code to be DRYer
* Fix `.count == 0` comparisons to `.empty?` in views
* Fix filters in views
|
|
Fix #12849
|
|
|
|
* Remove #filter_from_context?
* Create scope Status.with_accounts
Retrieving AR objects should be
their model's scope
|
|
* improve shown status title, useful for atom/rss
* use single quotes to satisfy codeclimate
* fix tests, make message more pretty
* fix tests
* fix codestyle
* fix codestyle
* remove atom_serializer_spec
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
Fixes #12795
It was already possible to create domain blocks for TLDs, but those
weren't enforced, nor editable. This commit changes it so that they
are enforced and editable.
|
|
Fix #3804, Fix #5776
|
|
This changes the REST API to return unicode domains in the `acct`
attribute instead of punycode, and to render unicode instead of
punycode on public HTML pages as well.
Fix #7812, fix #12246
|
|
category (#12647)
Instead, just re-use the existing category if any.
Fixes #12608
|
