about summary refs log tree commit diff
path: root/app
AgeCommit message (Collapse)Author
2021-09-29Switch from unmaintained paperclip to kt-paperclip (#16724)Claire
* Switch from unmaintained paperclip to kt-paperclip * Drop some compatibility monkey-patches not required by kt-paperclip * Drop media spoof check monkey-patching It's broken with kt-paperclip and hopefully it won't be needed anymore * Fix regression introduced by paperclip 6.1.0 * Do not rely on pathname to call FastImage * Add test for ogg vorbis file with cover art * Add audio/vorbis to the accepted content-types This seems erroneous as this would be the content-type for a vorbis stream without an ogg container, but that's what the `marcel` gem outputs, so… * Restore missing for_as_default method * Refactor Attachmentable concern and delay Paperclip's content-type spoof check Check for content-type spoofing *after* setting the extension ourselves, this fixes a regression with kt-paperclip's validations being more strict than paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown extensions. * Please CodeClimate * Add audio/vorbis to the unreliable set It doesn't correspond to a file format and thus has no extension associated.
2021-09-27Fix incorrect use of old WebUI paths (#16773)Claire
* Fix incorrect use of old WebUI paths PR #16171 renamed some routes but missed some occurrences. Without #16772, this leads to unreachable routes in those cases. * Fix floating action button being displayed on statuses and compose screen
2021-09-27Add aliases for WebUI routes that were renamed in #16171 (#16772)Claire
* Add aliases for some WebUI routes that were renamed in #16171 Accounts and statuses routes need more work as they use different parameters. * Add aliases for /statuses/* routes * Add aliases for /accounts/* WebUI routes Does not correctly set the “active” state on the navigation tabs but this is a minor issue. * Fix some routes * Fix /accounts/:id/{media,followers,following} not loading on legacy routes
2021-09-26Refactor notifications to go through a separate stream in streaming API (#16765)Eugen Rochko
Eliminate need to have custom notifications filtering logic in the streaming API code by publishing notifications into a separate stream and then simply using the multi-stream capability to subscribe to that stream when necessary
2021-09-26Change routing paths to use usernames in web UI (#16171)Eugen Rochko
2021-09-15Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16744) Follow-up to #16510, forgot the controller exposing the actual followers…
2021-09-13Stop setting a shortcode to newly-created media attachments (#16730)Claire
* Stop setting a shortcode to newly-created media attachments The WebUI has stopped using the “short media URL” in ages. This isn't used anywhere except for mail notifications. Deprecating it would allow us to eventually get rid of at least a database column and corruption-prone index, as well as a controller. * Fix tests
2021-09-08use relative path for `scope` (#16714)Holger
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
2021-09-08Fix addressing of remote groups' followers (#16700)Claire
Fixes #16699
2021-09-01Fix processing mentions to domains with non-ascii TLDs (#16689)Claire
Fixes #16602
2021-08-26Explicitly set userVerification to discoraged (#16545)Truong Nguyen
2021-08-25Fix authentication failures after going halfway through a sign-in attempt ↵Claire
(#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25Fix follow request count to dynamically update (#16652)matildepark
2021-08-25Fix undefined variable for Auth::OmniauthCallbacksController (#16654)Daniel
The addition of authentication history broke the omniauth login with the following error: method=GET path=/auth/auth/cas/callback format=html controller=Auth::OmniauthCallbacksController action=cas status=500 error='NameError: undefined local variable or method `user' for #<Auth::OmniauthCallbacksController:0x00000000036290> Did you mean? @user' duration=435.93 view=0.00 db=36.19 * app/controllers/auth/omniauth_callbacks_controller.rb: fix variable name to `@user`
2021-08-20Fix “discoverable” account setting being tied to profile directory (#16637)Claire
2021-08-20Fix remotely-suspended accounts' toots being merged back into timelines (#16628)Claire
* Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended
2021-08-20Fix #16603 (#16605)Holger
Fix issue #16603 undefined method `serialize_payload' for Unsuspend Account Service error. It seems that this service forgot to `include Payloadable` so that `serialize_payload` could not be found in this service.
2021-08-11Fix crash if a notification contains an unprocessed media attachment (#16573)Claire
* Refactor AttachmentList * Do not crash if a notification contains an unprocessed media attachment Fixes #16530 * Fix spacing in compact form
2021-08-11Fix download button color in audio player (#16572)Claire
Fixes #16571
2021-08-11Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16510) * Fix followers synchronization mechanism not working when URI has empty path To my knowledge, there is no current implementation on the fediverse that can use bare domains (e.g., actor is at https://example.org instead of something like https://example.org/actor) that also plans to support the followers synchronization mechanism. However, Mastodon's current implementation would exclude such accounts from followers list. Also adds tests and rename them to reflect the proper method names. * Move url prefix regexp to its own constant
2021-08-11Fix crash when encountering invalid account fields (#16598)Claire
* Add test * Fix crash when encountering invalid account fields
2021-08-09Add feature to automatically delete old toots (#16529)Claire
* Add account statuses cleanup policy model * Record last inspected toot to delete to speed up successive calls to statuses_to_delete * Add service to cleanup a given account's statuses within a budget * Add worker to go through account policies and delete old toots * Fix last inspected status id logic All existing statuses older or equal to last inspected status id must be kept by the current policy. This is an invariant that must be kept so that resuming deletion from the last inspected status remains sound. * Add tests * Refactor scheduler and add tests * Add user interface * Add support for discriminating based on boosts/favs * Add UI support for min_reblogs and min_favs, rework UI * Address first round of review comments * Replace Snowflake#id_at_start with with_random parameter * Add tests * Add tests for StatusesCleanupController * Rework settings page * Adjust load-avoiding mechanisms * Please CodeClimate
2021-08-09Fix invalid blurhash handling in Create activity (#16583)Takeshi Umeda
2021-08-08Fix when MoveWorker cannot get locale from remote account (#16576)Takeshi Umeda
2021-08-08Fix owned account notes not being deleted when an account is deleted (#16579)Claire
* Add account_notes relationship * Add tests * Fix owned account notes not being deleted when an account is deleted * Add post-migration to clean up orphaned account notes
2021-08-06Fix logout link not working in safari (#16574)Takeshi Umeda
2021-08-05Fix trends layout (#16570)Jeong Arm
2021-07-25Add confirmation modal when closing media edit modal with unsaved changes ↵Claire
(#16518) * Add confirmation modal when closing media edit modal with unsaved changes * Move focal point media state to redux so it does not get erased by confirmation dialog * Change upload modal behavior to keep it open while saving changes Instead of closing it immediately and losing changes if they fail to save… * Make it work with react-intl 2.9
2021-07-25Fix “open” link of media modal not closing modal (#16524)Claire
2021-07-24Fix scoped order warning in RemoveStatusService (#16531)Claire
Fixes “Scoped order is ignored, it's forced to be batch order.”
2021-07-23Fix crashes with Microsoft Translate on Microsoft Edge (#16525)Claire
Fixes #16509 Microsoft Edge with translation enabled rewrites the DOM in ways that confuse react and prevent it from working properly. Wrapping the offending parts in a span avoids this issue.
2021-07-21Add logging of S3-related errors (#16381)Claire
2021-07-17Fix replying from modal (#16516)Claire
Fixes #16515 Not using a router object somehow made `this.history` lag behind the real browser history whenever pushing a new history item in `replyCompose`. Not using the context-provided router in this case was an oversight made when porting glitch-soc changes in #16499.
2021-07-15Fix inefficiencies in auto-linking code (#16506)Claire
The auto-linking code basically rewrote the whole string escaping non-ascii characters in an inefficient way, and building a full character offset map between the unescaped and escaped texts before sending the contents to TwitterText's extractor. Instead of doing that, this commit changes the TwitterText regexps to include valid IRI characters in addition to valid URI characters.
2021-07-14Fix minor code quality issues (#16502)Claire
2021-07-14Fix user email address being banned on self-deletion (#16503)Claire
* Add tests * Fix user email address being banned on self-deletion Fixes #16498
2021-07-13Change references to tootsuite/mastodon to mastodon/mastodon (#16491)Claire
* Change references to tootsuite/mastodon to mastodon/mastodon * Remove obsolete test fixture * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG And a few other places
2021-07-13Improve modal flow and back button handling (#16499)Claire
* Refactor shouldUpdateScroll passing So far, shouldUpdateScroll has been manually passed down from the very top of the React component hierarchy even though it is a static function common to all ScrollContainer instances, so replaced that with a custom class extending ScrollContainer. * Generalize “press back to close modal” to any modal and to public pages * Fix boost confirmation modal closing media modal
2021-07-11Add ability to filter reports by origin of target account (#16487)Eugen Rochko
2021-07-10Add `configuration` attribute to `GET /api/v1/instance` (#16485)Eugen Rochko
List various values like file size limits and supported mime types
2021-07-08Add ability to skip sign-in token authentication for specific users (#16427)Eugen Rochko
Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-07-07Fix upgrade path from 3.4.0 (#16465)Claire
3.4.1 dropped account_stats.lock_version, but in a way breaking the usual upgrade path by requiring services to be reloaded after the post-migrations. Indeed, `self.locking_column = nil` was not enough for Rails to ignore the `lock_version` column when preparing statements on application load, resulting in some ActiveRecord queries (typically those involving `includes(:account_stat)`) erroring out with: ActiveRecord::StatementInvalid (PG::UndefinedColumn: ERROR: column account_stats.lock_version does not exist
2021-07-07Change number_to_human calls to always use 3-digits precision (#16469)Claire
Fixes #16435
2021-07-05Fix pop-in player display when poster has long username or handle (#16468)Claire
2021-07-03Fix anonymous access to outbox not being cached by the reverse proxy (#16458)Claire
* Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes
2021-07-02Fix not being able to suspend accounts that already have a canonical e-mail ↵Eugen Rochko
block (#16455)
2021-06-27Fix #16407 (#16432)David Sterry
2021-06-25Fix styling of boost button in media modal not reflecting ability to boost ↵Claire
(#16387)
2021-06-25Fix WebUI crash when a toot with a playing video gets deleted (#16384)Claire
* Fix WebUI crash when a toot with a playing video gets deleted * Fix pop-up player not closing the moment a status is deleted
2021-06-23Fix newlines in accout notes added by the Move handler (#16415)Claire
* Fix newlines in account notes added by the move handler * Make MoveWorker more robust