about summary refs log tree commit diff
path: root/app
AgeCommit message (Collapse)Author
2022-01-24Please CodeClimateClaire
2022-01-24Add optional hCaptcha supportClaire
Fixes #1649 This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then enabling the admin setting at `/admin/settings/edit#form_admin_settings_captcha_enabled` Subsequently, a hCaptcha widget will be displayed on `/about` and `/auth/sign_up` unless: - the user is already signed-up already - the user has used an invite link - the user has already solved the captcha (and registration failed for another reason) The Content-Security-Policy headers are altered automatically to allow the third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same rules as above.
2022-01-23[Glitch] Change `percent` to `rate` in retention metrics APIClaire
Port a63495230a3a28e022504f36356cd75b17b635ba to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-23[Glitch] Fix text being incorrectly pre-selected in composer textarea on /shareClaire
Port 3a103cd317fd56aca27fca01e03647df44e3ffd2 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `spec/models/status_spec.rb`: Upstream added tests too close to glitch-soc-specific tests. Kept both tests.
2022-01-23Fix error-prone SQL queries (#15828)Claire
* Fix error-prone SQL queries in Account search While this code seems to not present an actual vulnerability, one could easily be introduced by mistake due to how the query is built. This PR parameterises the `to_tsquery` input to make the query more robust. * Harden code for Status#tagged_with_all and Status#tagged_with_none Those two scopes aren't used in a way that could be vulnerable to an SQL injection, but keeping them unchanged might be a hazard. * Remove unneeded spaces surrounding tsquery term * Please CodeClimate * Move advanced_search_for SQL template to its own function This avoids one level of indentation while making clearer that the SQL template isn't build from all the dynamic parameters of advanced_search_for. * Add tests covering tagged_with, tagged_with_all and tagged_with_none * Rewrite tagged_with_none to avoid multiple joins and make it more robust * Remove obsolete brakeman warnings * Revert "Remove unneeded spaces surrounding tsquery term" The two queries are not strictly equivalent. This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-23Change `percent` to `rate` in retention metrics API (#16910)Claire
2022-01-23Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)Claire
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)Claire
Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being.
2022-01-23Remove leftover database columns from Devise::Models::Rememberable (#17191)Claire
* Remove leftover database columns from Devise::Models::Rememberable * Update fix-duplication maintenance script * Improve errors/warnings in the fix-duplicates maintenance script
2022-01-20Fix text being incorrectly pre-selected in composer textarea on /share (#17339)Claire
Fixes #17295
2022-01-20Add post edited notice in admin and public UIs (#17335)Claire
* Add edited toot flag on public pages * Add toot edit flag to admin pages
2022-01-20Add content-type to status source in glitch-socClaire
2022-01-20[Glitch] Add support for editing for published statusesEugen Rochko
Port front-end changes from 1060666c583670bb3b89ed5154e61038331e30c3 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/lib/activitypub/activity/create.rb`: Upstream refactored how `Create` activities are handled and how values are extracted from `Create`d objects. This conflicted with how glitch-soc supported the `directMessage` flag to explicitly distinguish between limited and direct messages. Ported glitch-soc's changes to latest upstream changes. - `app/services/fan_out_on_write_service.rb`: Upstream largely refactored that file and changed some of the logic. This conflicted with glitch-soc's handling of the direct timeline and the options to allow replies and boosts in public feeds. Ported those glitch-soc changes on top of latest upstream changes. - `app/services/process_mentions_service.rb`: Upstream refactored to move mention-related ActivityPub deliveries to `ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check to not send local-only toots to remote mentioned users. Took upstream's version, as the check is not needed anymore, since it is performed at the `ActivityPub::DeliveryWorker` call site already. - `app/workers/feed_insert_worker.rb`: Upstream added support for `update` toot events, while glitch-soc had support for an extra timeline support, `direct`. Ported upstream changes and extended them to the `direct` timeline. Additional changes: - `app/lib/activitypub/parser/status_parser.rb`: Added code to handle the `directMessage` flag and take it into account to compute visibility. - `app/lib/feed_manager.rb`: Extended upstream's support of `update` toot events to glitch-soc's `direct` timeline.
2022-01-19Fix error when using raw distribution worker (#17334)Eugen Rochko
Regression from #16697
2022-01-19Fix error when processing poll updates (#17333)Eugen Rochko
Regression from #16697
2022-01-19Add support for editing for published statuses (#16697)Eugen Rochko
* Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake
2022-01-19Merge pull request #1662 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2022-01-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-19Fix NameError on ActivityPub::FetchFeaturedCollectionService (#17326)Jeong Arm
Related: #16954
2022-01-18Merge pull request #1660 from ↵Claire
ClearlyClaire/glitch-soc/features/themes-multiple-packs Refactor glitch-soc's theme handling
2022-01-17Please CodeClimateClaire
2022-01-17Move controller theming code to concernClaire
2022-01-17Fix `pinned` attribute not being set for private self-posts (#17304)Claire
2022-01-17[Glitch] Add notifications for statuses deleted by moderatorsEugen Rochko
Port front-end changes from 14f436c457560862fafabd753eb314c8b8a8e674 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/views/admin/reports/show.html.haml`: Conflicts due to glitch-soc's theming system.
2022-01-17Fix `pinned` attribute not being set for private self-postsClaire
2022-01-17Add notifications for statuses deleted by moderators (#17204)Eugen Rochko
2022-01-17[Glitch] Add support for private pinned postsClaire
Port JS changes from d5c9feb7b7fc489afbd0a287431fe07b42451ef0 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream introduced support for private pinned toots, but glitch-soc's query was a bit different as it filtered out local-only toots. Used upstream's query, while adding local-only filtering back. - `app/controllers/activitypub/collections_controller.rb`: Same thing with regards to local-only posts. - `app/validators/status_pin_validator.rb`: Not a real conflict, but the line below was different in glitch-soc due to the configurable pinned toots limit.
2022-01-17Add support for private pinned posts (#16954)Claire
* Add support for private pinned toots * Allow local user to pin private toots * Change wording to avoid "direct message"
2022-01-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-16Fix missing media: 'all' on default skinsClaire
2022-01-16Refactor theming HAML template a bitClaire
2022-01-16Refactor theme config loadingClaire
2022-01-16Refactor some moreClaire
2022-01-16Refactor glitch-soc's theme handlingClaire
2022-01-16Fix admin interface crash when displaying deleted user (#17301)Claire
2022-01-16[Glitch] Gradually increase retry waiting for media processingJeong Arm
Port bc7a8ae6d6d2c2118e5c49add83539498b9d543b to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream added some text, but our README is completely different. Kept our README unchanged.
2022-01-16Remove IP tracking columns from users table (#16409)Eugen Rochko
2022-01-10Gradually increase retry waiting for media processing (#17271)Jeong Arm
2022-01-07[Glitch] Fix media descriptions not being used for client-side filteringClaire
Port 37e80994f81bdb07e31f1a55cd37c967822a1a2a to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-07Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-12-30Remove custom emojis on domain purge (#17210)Jeong Arm
2021-12-28Fix media descriptions not being used for client-side filtering (#17206)Claire
Fix oversight in #13837
2021-12-27[Glitch] Fix tag rendering error in hashtag column settingsRens Groothuijsen
Port e65080181af82c14d3441a0890f2ba0a6fb9cd7e to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-12-27Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: We have completely different contents. Kept our version. - `package.json`: Not a real conflict, just an upstream dependency udpated textually too close to a glitch-soc-only dependency. Updated dependencies like upstream. - `streaming/index.js`: Conflict due to code style changes on parts that were modified in glitch-soc to handle local-only toots. Changed style according to upstream.