about summary refs log tree commit diff
path: root/db
AgeCommit message (Collapse)Author
2021-07-08Add ability to skip sign-in token authentication for specific users (#16427)Eugen Rochko
Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-06-30Fix missing on_delete: :cascade for canonical_email_blocks foreign key (#16448)Claire
2021-06-21Add authentication history (#16408)Eugen Rochko
2021-06-02Fix migration script not being able to run if it fails midway (#16312)Claire
* Fix migration script not being able to run if it fails midway * Fix old migration script * Fix old migration script * Refactor CorruptionError
2021-06-02Fix account deletion sometimes failing because of optimistic locks (#16317)Claire
* Fix account deletion sometimes failing because of optimistic locks In some rare occasions[1], deleting accounts would fail with a `StaleObjectError` exception. Indeed, account deletion manually sets the `AccountStat` values without handling cases where the optimistic locking on `AccountStat` would fail. To my knowledge, with the rewrite of account counters in #15913, the `DeleteAccountService` is now the only place that changes the counters in a way that is not atomic. Since in this specific case, we do not care about the previous values of the account counters, it appears we don't need locking at all for this table anymore. [1]: https://discourse.joinmastodon.org/t/account-cant-be-deleted/3602 * Bump MAX_SUPPORTED_VERSION in maintenance script
2021-05-07Remove PubSubHubbub-related columns from accounts table (#16170)Eugen Rochko
2021-05-07Do not populate AccountSummaries and FollowRecommendation views on migration ↵Claire
(#16173) Materializing those views can take a while, and they are currently refreshed anyway each time they are actually used, in the FollowRecommendationsScheduler.
2021-05-07Change trending hashtags to be affected be reblogs (#16164)Eugen Rochko
If a status with a hashtag becomes very popular, it stands to reason that the hashtag should have a chance at trending Fix no stats being recorded for hashtags that are not allowed to trend, and stop ignoring bots Remove references to hashtags in profile directory from the code and the admin UI
2021-05-05Improve performance of follow recommendation scheduler (#16159)Claire
Express follow_recommendations in terms of account_summaries rather than accounts, integrate filters that are unconditionally used, and materialize the resulting view. This should result in the bulk of the computation being performed only once instead of **once per recommendation language**.
2021-04-26Further improve the media attached status query for accounts (#16106)abcang
2021-04-25Improve tag search query (#16104)abcang
2021-04-17Add canonical e-mail blocks for suspended accounts (#16049)Eugen Rochko
Prevent new accounts from being created using the same underlying e-mail as a suspended account using extensions and period permutations. Stores e-mails as a SHA256 hash
2021-04-16Fix wrong timestamp_id identifier for accounts table in schema.rb (#16048)Eugen Rochko
2021-04-15Change account ids to snowflake ids (#15844)Claire
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2021-04-12Add cold-start follow recommendations (#15945)Eugen Rochko
2021-03-19Further preparation for Rails 6 (#15916)Claire
* Use ActiveRecord::Result#to_ary instead of deprecated to_hash They do the same thing, and to_hash has been removed from Rails 6.1 * Explicitly name polymorphic indexes to workaround a bug in Rails 6.1 cf. https://github.com/rails/rails/issues/41693 * Fix incorrect usage of “foreign_key” in migration script * Use `ActiveModel::Errors#delete` instead of deprecated clear method * Fix link headers tests on Rails 6.1 Rails 6.1 adds values to the Link header by default, thus it is not a LinkHeader object anymore. Fix the test to parse the Link header instead of assuming it is a LinkHeader.
2021-03-19Use more robust hook for loading timestamp_id function into database (#15919)Claire
2021-03-19Prepare Mastodon for zeitwerk autoloader (#15917)Claire
* Prepare Mastodon for zeitwerk autoloader (Rails 6) Add inflections and rename/move a few classes. In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb were manually loaded while still in autoload paths. * Add inflection for Url → URL
2021-03-12Bump sidekiq-unique-jobs from 6.0.25 to 7.0.1 (#15627)dependabot[bot]
* Bump sidekiq-unique-jobs from 6.0.25 to 7.0.1 Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.25 to 7.0.1. - [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases) - [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md) - [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.25...v7.0.1) Signed-off-by: dependabot[bot] <support@github.com> * Fix migration being broken by sidekiq-unique-jobs update * Fix migration script following API changes in dependency * Fixup Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: ThibG <thib@sitedethib.com>
2021-03-12Remove subscription_expires_at leftover from OStatus (#15857)Claire
2021-02-21Add server rules (#15769)Eugen Rochko
2020-12-18Fix old migration script not being able to run if it fails midway (#15361)ThibG
* Fix old migration script not being able to run if it fails midway Improve the robustness of a migration script likely to fail because of database corruption so it can run again once database corruptions are fixed. * Display a specific error message in case of index corruption Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18Add option to obfuscate domain name in public list of domain blocks (#15355)Eugen Rochko
- Replace the middle of the domain with * characters (except for periods) - Add SHA-256 digest of the domain name in tooltip
2020-12-15Add indication to admin UI of whether a report has been forwarded (#13237)ThibG
* Add indication to admin UI of whether a report has been forwarded * Rework how forwarded status is displayed Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14Fix performance on instances list in admin UI (#15282)Eugen Rochko
- Reduce duplicate queries - Remove n+1 queries - Add accounts count to detailed view - Add separate action log entry for updating existing domain blocks
2020-11-08Add support for reversible suspensions through ActivityPub (#14989)Eugen Rochko
2020-11-04Add account sensitized (#14361)Takeshi Umeda
* Add account sensitized * Fix i18n normalize * Fix description and spec * Fix spec * Fix wording
2020-10-13Add duration parameter to muting. (#13831)OSAMU SATO
* Adding duration to muting. * Remove useless checks
2020-10-12Add IP-based rules (#14963)Eugen Rochko
2020-09-18Add option to be notified when a followed user posts (#13546)Eugen Rochko
* Add bell button Fix #4890 * Remove duplicate type from post-deployment migration * Fix legacy class type mappings * Improve query performance with better index * Fix validation * Remove redundant index from notifications
2020-09-15Change account suspensions to be reversible by default (#14726)Eugen Rochko
2020-09-01Add configuration option to filter replies in lists (#9205)ThibG
* Add database support for list show-reply preferences * Add backend support to read and update list-specific show_replies settings * Add basic UI to set list replies setting * Add specs for list replies policy * Switch "cycling" reply policy link to a set of radio inputs * Capitalize replies_policy strings * Change radio button design to be consistent with that of the directory explorer
2020-08-24Add WebAuthn as an alternative 2FA method (#14466)santiagorodriguez96
* feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-07-08Fix RemoveDuplicatedIndexesPghero to check for the existence of the index ↵Takeshi Umeda
(#14259)
2020-07-07Fix media attachments enumeration (#14254)Eugen Rochko
* Fix media attachment enumeration * Switch media_attachments id to snowflake ids Co-authored-by: Thibaut Girka <thib@sitedethib.com>
2020-06-30Add user notes on accounts (#14148)ThibG
* Add UserNote model * Add UI for user notes * Put comment in relationships entity * Add API to create user notes * Copy user notes to new account when receiving a Move activity * Address some of the review remarks * Replace modal by inline edition * Please CodeClimate * Button design changes * Change design again * Cancel note edition when pressing Escape * Fixes * Tweak design again * Move “Add note” item, and allow users to add notes to themselves * Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
2020-06-29Add customizable thumbnails for audio and video attachments (#14145)Eugen Rochko
- Change audio files to not be stripped of metadata - Automatically extract cover art from audio if it exists - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id` - Add `icon` to represent it in attachments in ActivityPub - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null - Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-25remove duplicated indexes according to pghero (#13695)Lerk
2020-06-21Fix unique username constraint for local users not being enforced in ↵ThibG
database (#14099) This should not be an issue in practice because of the Rails-level uniqueness check, but local accounts having a NULL domain means the uniqueness constraint did not apply to them (since no two NULL values are considered equal).
2020-06-09Add e-mail-based sign in challenge for users with disabled 2FA (#14013)Eugen Rochko
2020-06-05Add blurhash to preview cards (#13984)ThibG
Fixes #13001
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-05-10Reset secret of web app that could have been exposed by Doorkeeper (#13688)Eugen Rochko
There are no obvious ways it could be misused, as the secret is not really used for anything, but it is best to secure it for the future Follow-up to #13613
2020-05-09Fix old unique jobs digests not having been cleaned up (#13683)Eugen Rochko
2020-05-08Fix migrations failing due to strong-migrations update (#13680)Eugen Rochko
2020-04-26Add separate cache directory for non-local uploads (#12821)Eugen Rochko
2020-04-16Fix migration 20200407202420_migrate_unavailable_inboxes (#13481)Takeshi Umeda
2020-04-15Change delivery failure tracking to work with hostnames instead of URLs (#13437)Eugen Rochko
2020-04-05Fix PostgreSQL load when linking in announcements (#13250)ThibG
* Fix PostgreSQL load when linking in announcements Fixes #13245 by caching status lookups Since statuses are supposed to be known already and we only need their URLs and a few other things, caching them should be fine. Since it's only used by announcements so far, there won't be much statuses to cache. * Perform status lookup when saving announcements, not when rendering them * Change EntityCache#status to fetch URLs instead of looking into the database * Move announcement link lookup to publishing worker * Address issues pointed out during review
2020-03-12Add option to include resolved DNS records when blacklisting e-mail domains ↵Eugen Rochko
in admin UI (#13254) * Add shortcuts to blacklist a user's e-mail domain in admin UI * Add option to blacklist resolved MX and IP records for e-mail domains