Age | Commit message (Collapse) | Author |
|
* Fix email with empty domain name labels passing validation
`EmailMxValidator` would allow empty labels because `Resolv::DNS` is
particularly lenient about them, but the email would be invalid and
unusable.
* Add tests
|
|
* Strip spaces around URL when adding a relay
Fixes #22650
* Gracefuly handle URL parsing errors in URL validator
|
|
|
|
|
|
|
|
* Add administrative webhooks
* Fix error when webhook is deleted before delivery worker runs
|
|
Clear out e-mail domain blocks created from automatically resolved DNS records
|
|
|
|
* Change e-mail domain blocks to block IPs dynamically
* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
* Remove language detection through cld3
* Update app/helpers/languages_helper.rb
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
* Add support for private pinned toots
* Allow local user to pin private toots
* Change wording to avoid "direct message"
|
|
Reduce constant memory usage by ~100kB and further reduce boot-up memory
allocations and temporary memory use by a further ~200kB.
|
|
List various values like file size limits and supported mime types
|
|
Fix #16107
|
|
|
|
Prevent new accounts from being created using the same underlying
e-mail as a suspended account using extensions and period
permutations. Stores e-mails as a SHA256 hash
|
|
* Bypass MX validation for explicitly allowed domains
This spares some lookups and prevent issues in some edge cases with
local domains.
* Add tests
* Fix test
|
|
* Prepare Mastodon for zeitwerk autoloader (Rails 6)
Add inflections and rename/move a few classes.
In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.
* Add inflection for Url → URL
|
|
* Add tests
* Fix URL scanning in note length validator and preview card fetching
|
|
* Update twitter-text from 1.14 to 3.1.0
* Disable emoji parsing
* Properly depend on twitter-text for url detection
* Fix some URLs being wrongly detected client-side
* Add test for server-side validation of non-autolinkable URLs
* Fix server-side status length counting
|
|
|
|
* Use Regex#match?
* Replace =~ too
* Avoid to call match? from Nil
* Keep value of Regexp.last_match
|
|
* Optimize map { ... }.compact
using Enumerable#filter_map, supported since Ruby 2.7
* Add poyfill for Enumerable#filter_map
|
|
|
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
* Increase DNS timeout from 1 second to 5 seconds for MX check
1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.
* Add more precise error messages for invalid e-mail addresses
|
|
|
|
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.
Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
|
|
* Search account domain in lowercase
* fix rubocop error
* fix spec/models/account_spec.rb
|
|
|
|
|
|
* Add announcements
Fix #11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
|
|
* Fix invalid votes from the API being accepted
Fixes #12556
- Ensure `choice` is an integer instead of silently converting to 0
- Ensure `choice` corresponds to an actual choice of the poll
* Please CodeClimate
|
|
|
|
|
|
Fix #7629
|
|
Fix #271
Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.
When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.
The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.
The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
|
|
* Check to make sure usernames with '.' cannot be created
* Add test for instance actor account name conflicts
This makes sure that migration 20190715164535_add_instance_actor
won't fail if there's already an account that is named the same
as the domain (minus the .)
* Put the test into the correct context...
* Add another test to split this into two validations
* Don't delete periods when validating username uniqueness (#11392)
The 20190715164535_add_instance_actor migration fails if there's
already a username similar to the domain name, e.g. if you are
'vulpine.club' and have a user named 'vulpineclub', validation
fails.
Upon further review, usernames with periods are dropped by the
regular expression in the Account class, so we don't need to
worry about it here.
Fixes #11392
|
|
(#10791)
|
|
* Change e-mail whitelist/blacklist to not be checked when invited
And only when creating an account, not when updating it later
Fix #10648
* Fix test
|
|
|
|
* Add spec of PollValidator for #10190
* Raise fraction less than 1 second
* format
* simplify time initialize
|
|
* Fix admin validation being too strict about usernames
Fix #10446
* Strip Setting.site_contact_username consistently throughout the codebase
|
|
* Fix HTML validation
* Report first HTML error instead on validation error
|
|
* Add validations to admin settings
- Validate correct HTML markup
- Validate presence of contact username & e-mail
- Validate that all usernames are valid
- Validate that enums have expected values
* Fix code style issue
* Fix tests
|
|
- Fix missing interpolation argument in PollValidator
- Fix PollValidator rejecting exact allowed min/max durations
|
|
|
|
|
|
* Add polls
Fix #1629
* Add tests
* Fixes
* Change API for creating polls
* Use name instead of content for votes
* Remove poll validation for remote polls
* Add polls to public pages
* When updating the poll, update options just in case they were changed
* Fix public pages showing both poll and other media
|
|
* Add support for IPv6 only MXes
* Fixed email validator tests
|