about summary refs log tree commit diff
path: root/app/models
AgeCommit message (Collapse)Author
2020-05-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Upstream disabled the embed controller for reblogs. Not a real conflict, but glitch-soc has an extra line to deal with its theming system. Ported upstream changes. - `app/javascript/packs/public.js`: Upstream made changes to get rid of most inline CSS, this changes javascript for public pages, which in glitch are split between different files. Ported those changes. - `app/models/status.rb`: Upstream changed the block check in `Status#permitted_for` to include domain-block checks. Not a real conflict with glitch-soc, but our scope is slightly different, as our scope for unauthenticated access do not include instance-local toots. Ported upstream changes. - `app/serializers/rest/instance_serializer.rb`: Not a real conflict, upstream added a new field to the instance serializer, the conflict is one line above since we added more of that. Ported upstream changes. - `app/views/settings/profiles/show.html.haml`: Upstream got rid of most inline CSS and moved hidden elements to data attributes in the process, in fields were we have different values. Ported upstream changes while keeping our glitch-specific values. - `app/views/statuses/_simple_status.html.haml`: Upstream got rid of inline CSS on an HAML line we treat differently, stripping empty text nodes. Ported upstream changes to the style attribute, keeping the empty text node stripping behavior.
2020-05-03Revert "improve status title (#8596)" (#13591)Yamagishi Kazutoshi
This reverts commit 05756c9a14864655ae6777505a4ee5cfa9b0ee93.
2020-05-03Add more tests for ActivityPub controllers (#13585)Eugen Rochko
2020-04-30Only check locally when deduplicating usernames (#13581)kaiyou
When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1. This fixes #13580
2020-04-26Add separate cache directory for non-local uploads (#12821)Eugen Rochko
2020-04-25Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-04-23Fix enable/disable relay failures (#13535)Takeshi Umeda
2020-04-17Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-04-15Fix confusing error when failing to add an alias to an unknown account (#13480)ThibG
Follow-up to #13452, fixing broken `uri.nil?` test. Also remove the separate check for `uri` presence, as that would result in a “Please review 2 errors below” while only one would be listed.
2020-04-15Change delivery failure tracking to work with hostnames instead of URLs (#13437)Eugen Rochko
2020-04-15Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `package.json`: No real conflict, upstream updated a dependency which is textually adjacent to a glitch-soc-specific dependency. Updated it. - `yarn.lock`: No real conflict, upstream updated a dependency which is textually adjacent to a glitch-soc-specific dependency. Updated it.
2020-04-15Fix “Email changed” notification sometimes having wrong e-mail (#13475)ThibG
* Fix “Email changed” notification sometimes having wrong e-mail Fixes #6778 The root of the issue is that `send_devise_notification` was called before the changes were properly commited to the database, causing the mailer to pick previous values if running too early. Devise's documentation provides guidance on how to handle that[1][2], however, I have found it to not be working, as the following happens, in that order: - `send_devise_notification` is called for the `email_changed` notification. In that case, `changed?` is false and `saved_changes?` is true, so if we use the former, we have the same issue. - the `after_commit` hook is called - `send_devise_notification` is called for the `confirmation_instructions` notification. In that case, `changed?` is still false, and `saved_changes?` still true, so if we use the latter, that second notification email is simply not going to be sent (as we would be queuing the notification *after* executing the after_commit hook). This is because it may be called from either an `after_update` or `after_commit` hook, the difference not being a call to `save` but the transaction actually being committed to the database. This may arguably be a bug in Devise, or Devise's notification. The proposed workaround is inspired by Devise's documentation but checks whether a transaction is open to make the call whether to immediately send the notification or defer it to the `after_commit` hook. [1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification [2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194 * Fix cases when sending notifications without changing the model * Defer sending if and only if in transaction including current record
2020-04-13Fix account aliases page (#13452)ThibG
* Fix error not being displayed when adding an account alias, add error for self-references Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org> * Add “You have no aliases.” note in confusing empty aliases table Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org> Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-04-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/javascript/packs/public.js`: Upstream modified code that we split between multiple files due to glitch-soc's theming system. Ported those changes.
2020-04-05Add rate limit for reporting (#13390)Eugen Rochko
2020-04-05Fix PostgreSQL load when linking in announcements (#13250)ThibG
* Fix PostgreSQL load when linking in announcements Fixes #13245 by caching status lookups Since statuses are supposed to be known already and we only need their URLs and a few other things, caching them should be fine. Since it's only used by announcements so far, there won't be much statuses to cache. * Perform status lookup when saving announcements, not when rendering them * Change EntityCache#status to fetch URLs instead of looking into the database * Move announcement link lookup to publishing worker * Address issues pointed out during review
2020-04-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-04-03Add ability to filter audit log in admin UI (#13381)Eugen Rochko
2020-03-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/services/post_status_service.rb`: CW/sensitive logic fixed upstream, but different in glitch-soc. Ported the changes accordingly.
2020-03-26Change `tootctl media remove-orphans` to work for all classes (#13316)Eugen Rochko
Change `tootctl media lookup` to not use an interactive prompt
2020-03-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `README.md`: Our README.md files are completely different. Discarded upstream changes. - `app/javascript/core/admin.js`: Updating rails-ujs, no real conflict, but a comment to close to changed code. Various glitch-soc-only files have been updated to match those changes, though. - `package.json`: No real conflict, just an additional dependency in glitch-soc that was too close to something updated upstream. Took upstream's changes.
2020-03-21Make bookmarks also searchable (#13271)Jeong Arm
2020-03-21Fix reported accounts not being whitelisted when resolving a spamcheck ↵ThibG
report (#13289)
2020-03-12Add option to include resolved DNS records when blacklisting e-mail domains ↵Eugen Rochko
in admin UI (#13254) * Add shortcuts to blacklist a user's e-mail domain in admin UI * Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12Add titles to warning presets in admin UI (#13252)Eugen Rochko
2020-03-10Fix videos with unsupported colorspace not being transcoded (#13242)ThibG
2020-03-09Fix MP4 (H264 + AAC) video files being needlessly re-encoded (#13239)ThibG
2020-03-09Change video uploads to always be converted to H264/MP4 (#13220)Eugen Rochko
Even if the container format is the same (.mp4), the codec could be different and not playable in web browsers
2020-03-09Change video uploads to enforce certain limits (#13218)Eugen Rochko
- Dimensions at most 1920x1200 - Frame rate at most 60
2020-03-09Add federation support for the "hide network" preference (#11673)ThibG
* Change ActivityPub follower/following collections to not link first page * Add support for hiding followers and following of remote users * Switch to using a single `hide_collections` column * Address code style remarks
2020-03-08Change local media attachments to perform heavy processing asynchronously ↵Eugen Rochko
(#13210) Fix #9106
2020-03-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/api/v1/statuses_controller.rb`: Conflict due to upstream adding a new parameter (with_rate_limit), too close to glitch-soc's own additional parameter (content_type). Added upstream's parameter. - `app/services/post_status_service.rb`: Conflict due to upstream adding a new parameter (rate_limit), too close to glitch-soc's own additional parameter (content_type). Added upstream's parameter. - `app/views/settings/preferences/appearance/show.html.haml`: Conflict due to us not exposing theme settings here (as we have a different flavour/skin menu). Took upstream change, while still not exposing theme settings. - `config/webpack/shared.js`: Coding style fixes for a part we have rewritten. Discarded upstream changes.
2020-03-08Add support for links to statuses in announcements to be opened in web UI ↵ThibG
(#13212) * Add support for links to public statuses in announcements to be opened in WebUI * Please CodeClimate
2020-03-08Add sorting by username, creation and last activity in moderation view (#13076)ThibG
* Add ability to order accounts in moderation view * Display last status date in “Most recent activity” for remote users
2020-03-08Add specific rate limits for posting and following (#13172)Eugen Rochko
2020-03-05Fix "tootctl media remove-orphans" crashing when encountering invalid media ↵Eugen Rochko
(#13170) Fixes #13168
2020-02-29Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-28Fix announcements with fully-qualified mention to local user crashing WebUI ↵ThibG
(#13164)
2020-02-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-03Fix remote convertible media attachments not being saved (#13032)Eugen Rochko
Because the file name was set after loading the file, Paperclip was flagging the differing file extension as content type spoofing Fix #12938
2020-02-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-01Search account domain in lowercase (#13016)abcang
* Search account domain in lowercase * fix rubocop error * fix spec/models/account_spec.rb
2020-01-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/serializers/rest/account_serializer.rb`: Upstream added code too close to glitch-soc-specific followers-hiding code. Ported upstream changes.
2020-01-27Add publish/unpublish controls to announcements in admin UI (#12967)Eugen Rochko
2020-01-26Fix expired announcements being re-published (#12964)Eugen Rochko
2020-01-26Add streaming API updates for announcements being modified or deleted (#12963)Eugen Rochko
Change `all_day` to be a visual client-side cue only Publish immediately if `scheduled_at` is in the past Add `published_at` and `updated_at` to announcements JSON
2020-01-25Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-01-25Fix user disabling changing activity timestamps, fix nil error (#12943)Eugen Rochko
2020-01-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Minor conflict due to theming system
2020-01-24Fix password change/reset not immediately invalidating other sessions (#12928)Eugen Rochko
While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.