about summary refs log tree commit diff
path: root/app
AgeCommit message (Collapse)Author
2022-02-03Fix compacted JSON-LD possibly causing compatibility issues on forwarding ↵Claire
(#17428)
2022-02-03Fix response_to_recipient? CTE (#17427)Claire
2022-02-03Compact JSON-LD signed incoming activities (#17426)Claire
Co-authored-by: Puck Meerburg <puck@puck.moe>
2022-02-01Fix requiring an extra restart after recent post-deployment migrations (#17422)Claire
Follow-up to #16409
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-26Fix local distribution of edited statuses (#17380)Claire
Because `FanOutOnWriteService#update?` was broken, edits were considered as new toots and a regular `update` payload was sent.
2022-01-26Fix poll updates being saved as status edits (#17373)Eugen Rochko
Fix #17344
2022-01-24Fix link_to_login argument handling when a block is passed (#17345)Claire
2022-01-23Fix error-prone SQL queries (#15828)Claire
* Fix error-prone SQL queries in Account search While this code seems to not present an actual vulnerability, one could easily be introduced by mistake due to how the query is built. This PR parameterises the `to_tsquery` input to make the query more robust. * Harden code for Status#tagged_with_all and Status#tagged_with_none Those two scopes aren't used in a way that could be vulnerable to an SQL injection, but keeping them unchanged might be a hazard. * Remove unneeded spaces surrounding tsquery term * Please CodeClimate * Move advanced_search_for SQL template to its own function This avoids one level of indentation while making clearer that the SQL template isn't build from all the dynamic parameters of advanced_search_for. * Add tests covering tagged_with, tagged_with_all and tagged_with_none * Rewrite tagged_with_none to avoid multiple joins and make it more robust * Remove obsolete brakeman warnings * Revert "Remove unneeded spaces surrounding tsquery term" The two queries are not strictly equivalent. This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-23Change `percent` to `rate` in retention metrics API (#16910)Claire
2022-01-23Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)Claire
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)Claire
Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being.
2022-01-23Remove leftover database columns from Devise::Models::Rememberable (#17191)Claire
* Remove leftover database columns from Devise::Models::Rememberable * Update fix-duplication maintenance script * Improve errors/warnings in the fix-duplicates maintenance script
2022-01-20Fix text being incorrectly pre-selected in composer textarea on /share (#17339)Claire
Fixes #17295
2022-01-20Add post edited notice in admin and public UIs (#17335)Claire
* Add edited toot flag on public pages * Add toot edit flag to admin pages
2022-01-19Fix error when using raw distribution worker (#17334)Eugen Rochko
Regression from #16697
2022-01-19Fix error when processing poll updates (#17333)Eugen Rochko
Regression from #16697
2022-01-19Add support for editing for published statuses (#16697)Eugen Rochko
* Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake
2022-01-19Fix NameError on ActivityPub::FetchFeaturedCollectionService (#17326)Jeong Arm
Related: #16954
2022-01-17Fix `pinned` attribute not being set for private self-posts (#17304)Claire
2022-01-17Add notifications for statuses deleted by moderators (#17204)Eugen Rochko
2022-01-17Add support for private pinned posts (#16954)Claire
* Add support for private pinned toots * Allow local user to pin private toots * Change wording to avoid "direct message"
2022-01-16Fix admin interface crash when displaying deleted user (#17301)Claire
2022-01-16Remove IP tracking columns from users table (#16409)Eugen Rochko
2022-01-10Gradually increase retry waiting for media processing (#17271)Jeong Arm
2021-12-30Remove custom emojis on domain purge (#17210)Jeong Arm
2021-12-28Fix media descriptions not being used for client-side filtering (#17206)Claire
Fix oversight in #13837
2021-12-27Fix warnings on Rails boot (#16946)Eugen Rochko
2021-12-26Fix tag rendering error in hashtag column settings (#17184)Rens Groothuijsen
* Flatten tags in configuration to regular array before converting to JSON * Render filter tags using toJS instead of toJSON
2021-12-21Fix duplicate record on admin/accounts when searching with IP (#17150)Jeong Arm
2021-12-17Add ability for admins to delete canonical email blocks (#16644)Claire
* Add admin option to remove canonical email blocks from a deleted account * Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17Add ability to purge undeliverable domains from admin interface (#16686)Claire
* Add ability to purge undeliverable domains from admin interface * Add tests
2021-12-17Change title of retention chart (#16909)Claire
Changes from “Retention” to “User retention rate by month after sign-up”. This should make it much clearer to people not familiar with retention charts what it actually means.
2021-12-17Change list title input styling (#17092)Claire
2021-12-15ignore hashtag suggestions if they vary only in case (#16460)David Sterry
* ignore hashtag suggestions if they vary only in case * remove console.logs and unused args * consistently add space when dismissing suggestions * linting
2021-12-13Fix follow recommendation biased towards older accounts (#17126)Takeshi Umeda
2021-12-13Change trending hashtags threshold back from 15 to 5 (#17122)Eugen Rochko
2021-12-05Fix redirection when succeeded WebAuthn (#17098)heguro
2021-12-05Show correct error message if chosen password is too long (#17082)Rens Groothuijsen
* Add correct error message for exceeding max length on password confirmation field * Code style fixes
2021-12-05Add batch suspend for accounts in admin UI (#17009)Eugen Rochko
2021-11-29Fix error on trending mailer due to missing constant (#17072)Eugen Rochko
2021-11-28Fix server graph on admin/tags/:id (#17066)Jeong Arm
2021-11-26Fix admin statuses order(#16937) (#16969)Jeong Arm
* Fix #16937 * Add test for statuses order
2021-11-26Fix searching for additional hashtags in hashtag column (#17054)Claire
2021-11-26Fix color of hashtag column settings inputs (#17058)Claire
Fixes #17057
2021-11-26Fix opening wrong profile when clicking on username of boosting user in ↵Claire
WebUI (#17060) Fixes #16799
2021-11-26Remove Keybase integration (#17045)Eugen Rochko
2021-11-26Fix error on trending hashtags/links pages in admin UI due to missing ↵Eugen Rochko
constant (#17044)
2021-11-25Fix handling of recursive toots in WebUI (#17041)Claire