about summary refs log tree commit diff
path: root/app/models
AgeCommit message (Collapse)Author
2021-11-06Fix reviving revoked sessions and invalidating login (#16943)Claire
Up until now, we have used Devise's Rememberable mechanism to re-log users after the end of their browser sessions. This mechanism relies on a signed cookie containing a token. That token was stored on the user's record, meaning it was shared across all logged in browsers, meaning truly revoking a browser's ability to auto-log-in involves revoking the token itself, and revoking access from *all* logged-in browsers. We had a session mechanism that dynamically checks whether a user's session has been disabled, and would log out the user if so. However, this would only clear a session being actively used, and a new one could be respawned with the `remember_user_token` cookie. In practice, this caused two issues: - sessions could be revived after being closed from /auth/edit (security issue) - auto-log-in would be disabled for *all* browsers after logging out from one of them This PR removes the `remember_token` mechanism and treats the `_session_id` cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06Fix AccountNote not having a maximum length (#16942)Claire
2021-11-05Fix handling announcements with links (#16941)Claire
Broken since #15827
2021-10-25Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `.env.production.sample`: Upstream added new configuration options, uncommented by default. Commented them. - `Gemfile.lock`: Upstream updated dependencies textually close to glitch-soc-specific dependencies. Updated those upstream dependencies.
2021-10-18Add remove from followers api (#16864)Takeshi Umeda
* Add followed_by? to account_interactions * Add RemoveFromFollowersService * Fix AccountBatch to use RemoveFromFollowersService * Add remove from followers API
2021-10-14Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream added some documentation in the README, but our README is pretty different and barebone. Kept our README.
2021-10-14Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/admin/dashboard_controller.rb`: Upstream completely redesigned the admin dashboard. glitch-soc tracked extra features, but that list is gone. Followed upstram. - `app/views/admin/dashboard/index.html.haml` Upstream completely redesigned the admin dashboard. glitch-soc tracked extra features, but that list is gone. Followed upstram.
2021-10-14Allow keeping only 1 boosts/favs on auto deleting posts (#16653)Jeong Arm
* Allow keeping 1 boosts/favs on auto deleting posts * Fix tests
2021-10-14Fix 404 error when filtering admin action logs by non-existent target ↵Claire
account (#16643) Currently, there is no way for an admin to delete an account record. However, should that happen in the future, or should an admin mistype an account id, `/admin/action_logs?target_account_id=<non-existent-account-id>` currently returns a 404 instead of an empty list. With this commit, the aforementioned page returns a correct list instead (potentially non-empty if the account has been manually deleted)
2021-10-14Fix scheduled statuses decreasing statuses counts (#16791)Claire
* Add tests * Fix scheduled statuses decreasing statuses counts Fixes #16774
2021-10-13Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `package.json`: Not really a conflict, just a glitch-soc-only dependency textually too close to an updated upstream one. - `yarn.lock`: Not really a conflict, just a glitch-soc-only dependency textually too close to an updated upstream one.
2021-10-13Fix error when rendering public pages with media attachments (#16763)Claire
* Add tests * Fix error when rendering public pages with media attachments * Add tests * Fix tests * Please CodeClimate
2021-10-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-10-06Fix media attachment size validation not correctly accounting for file type ↵Claire
(#16819) * Fix media attachment size validation not correctly accounting for file type Fixes a regression introduced in #16724 caused by the fact that kt-paperclip now correctly runs validations before processing, meaning that file size verification could not rely on our before_post_processing hook. Moved the `before_post_processing` hooks to `before_validate` to make sure the media attachment type is set correctly before the file gets validated. * Add tests
2021-09-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/models/custom_emoji.rb`: Slight refactor upstream, next to a line that was different in glitch-soc because of our local configurable limits on custom emoji size. Ported upstream changes. - `yarn.lock`: Not really a conflict, upstream dependency textually too close to a glitch-soc-only dependency. Updated upstream dependency as upstream.
2021-09-29Switch from unmaintained paperclip to kt-paperclip (#16724)Claire
* Switch from unmaintained paperclip to kt-paperclip * Drop some compatibility monkey-patches not required by kt-paperclip * Drop media spoof check monkey-patching It's broken with kt-paperclip and hopefully it won't be needed anymore * Fix regression introduced by paperclip 6.1.0 * Do not rely on pathname to call FastImage * Add test for ogg vorbis file with cover art * Add audio/vorbis to the accepted content-types This seems erroneous as this would be the content-type for a vorbis stream without an ogg container, but that's what the `marcel` gem outputs, so… * Restore missing for_as_default method * Refactor Attachmentable concern and delay Paperclip's content-type spoof check Check for content-type spoofing *after* setting the extension ourselves, this fixes a regression with kt-paperclip's validations being more strict than paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown extensions. * Please CodeClimate * Add audio/vorbis to the unreliable set It doesn't correspond to a file format and thus has no extension associated.
2021-09-14Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-13Stop setting a shortcode to newly-created media attachments (#16730)Claire
* Stop setting a shortcode to newly-created media attachments The WebUI has stopped using the “short media URL” in ages. This isn't used anywhere except for mail notifications. Deprecating it would allow us to eventually get rid of at least a database column and corruption-prone index, as well as a controller. * Fix tests
2021-09-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-01Fix processing mentions to domains with non-ascii TLDs (#16689)Claire
Fixes #16602
2021-08-20Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-11Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16510) * Fix followers synchronization mechanism not working when URI has empty path To my knowledge, there is no current implementation on the fediverse that can use bare domains (e.g., actor is at https://example.org instead of something like https://example.org/actor) that also plans to support the followers synchronization mechanism. However, Mastodon's current implementation would exclude such accounts from followers list. Also adds tests and rename them to reflect the proper method names. * Move url prefix regexp to its own constant
2021-08-11Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-11Fix crash when encountering invalid account fields (#16598)Claire
* Add test * Fix crash when encountering invalid account fields
2021-08-09Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `Gemfile.lock`: Not a real conflict, upstream-updated dependency (redis) textually too close to glitch-soc-only dependecy. Updated redis gem like upstream did.
2021-08-09Add feature to automatically delete old toots (#16529)Claire
* Add account statuses cleanup policy model * Record last inspected toot to delete to speed up successive calls to statuses_to_delete * Add service to cleanup a given account's statuses within a budget * Add worker to go through account policies and delete old toots * Fix last inspected status id logic All existing statuses older or equal to last inspected status id must be kept by the current policy. This is an invariant that must be kept so that resuming deletion from the last inspected status remains sound. * Add tests * Refactor scheduler and add tests * Add user interface * Add support for discriminating based on boosts/favs * Add UI support for min_reblogs and min_favs, rework UI * Address first round of review comments * Replace Snowflake#id_at_start with with_random parameter * Add tests * Add tests for StatusesCleanupController * Rework settings page * Adjust load-avoiding mechanisms * Please CodeClimate
2021-08-08Fix owned account notes not being deleted when an account is deleted (#16579)Claire
* Add account_notes relationship * Add tests * Fix owned account notes not being deleted when an account is deleted * Add post-migration to clean up orphaned account notes
2021-07-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-07-14Fix user email address being banned on self-deletion (#16503)Claire
* Add tests * Fix user email address being banned on self-deletion Fixes #16498
2021-07-11Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/serializers/rest/instance_serializer.rb`: Upstream changed the fields returned by /api/v1/instance by adding a `configuration` field holding a lot of useful information making our `max_toot_chars` and `poll_limits` fields obsolete. Keeping those around for now for compatibility. - `app/validators/status_length_validator.rb`: No real conflict, just URL_PLACEHOLDER_CHARS introduced too close to MAX_CHARS which is defined differently in glitch-soc. Ported upstream changes.
2021-07-11Add ability to filter reports by origin of target account (#16487)Eugen Rochko
2021-07-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/helpers/accounts_helper.rb`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change. - `app/views/accounts/_header.html.haml`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change. - `app/views/directories/index.html.haml`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change.
2021-07-08Add ability to skip sign-in token authentication for specific users (#16427)Eugen Rochko
Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-07-07Fix upgrade path from 3.4.0 (#16465)Claire
3.4.1 dropped account_stats.lock_version, but in a way breaking the usual upgrade path by requiring services to be reloaded after the post-migrations. Indeed, `self.locking_column = nil` was not enough for Rails to ignore the `lock_version` column when preparing statements on application load, resulting in some ActiveRecord queries (typically those involving `includes(:account_stat)`) erroring out with: ActiveRecord::StatementInvalid (PG::UndefinedColumn: ERROR: column account_stats.lock_version does not exist
2021-07-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-07-02Fix not being able to suspend accounts that already have a canonical e-mail ↵Eugen Rochko
block (#16455)
2021-06-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-06-21Add authentication history (#16408)Eugen Rochko
2021-06-03Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-06-02Fix account deletion sometimes failing because of optimistic locks (#16317)Claire
* Fix account deletion sometimes failing because of optimistic locks In some rare occasions[1], deleting accounts would fail with a `StaleObjectError` exception. Indeed, account deletion manually sets the `AccountStat` values without handling cases where the optimistic locking on `AccountStat` would fail. To my knowledge, with the rewrite of account counters in #15913, the `DeleteAccountService` is now the only place that changes the counters in a way that is not atomic. Since in this specific case, we do not care about the previous values of the account counters, it appears we don't need locking at all for this table anymore. [1]: https://discourse.joinmastodon.org/t/account-cant-be-deleted/3602 * Bump MAX_SUPPORTED_VERSION in maintenance script
2021-05-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: our READMEs are entirely different and upstream's has been updated. Kept our README.
2021-05-12Update fix-duplicates maintenance script to support latest migrations (#16231)Claire
* Update maintenance script to support latest database migrations * Update Account#merge_with!
2021-05-12Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-05-11Fix to be able to redownload avatar and header (#16190)Takeshi Umeda
* Fix to reset if header and avatar download fails * Add RedownloadAvatarWorker and RedownloadHeaderWorker
2021-05-09Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-05-09Fix FollowRecommendationsScheduler failing because of unpopulated views (#16189)Claire
Since #16173, `account_summaries` and `follow_recommendations` are not populated at creation time, which causes concurrent refresh to fail. As we currently only use those materialized views right after explicitly refreshing them, this commit changes refreshes to not be performed concurrently. This will fix the issue and ensure the refresh completes faster while using less resources.
2021-05-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-05-07Remove PubSubHubbub-related columns from accounts table (#16170)Eugen Rochko
2021-05-07Merge branch 'main' into glitch-soc/merge-upstreamClaire
- `app/views/statuses/_simple_status.html.haml`: Small markup change in glitch-soc, on a line that has been modified by upstream. Ported upstream changes.
2021-05-07Change trending hashtags to be affected be reblogs (#16164)Eugen Rochko
If a status with a hashtag becomes very popular, it stands to reason that the hashtag should have a chance at trending Fix no stats being recorded for hashtags that are not allowed to trend, and stop ignoring bots Remove references to hashtags in profile directory from the code and the admin UI