From 8b69a66380bbe32127e717ca2d79244392b7d2b6 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 9 Apr 2019 16:06:30 +0200 Subject: Add "why do you want to join" field to invite requests (#10524) * Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted --- app/models/user.rb | 3 +++ app/models/user_invite_request.rb | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 app/models/user_invite_request.rb (limited to 'app/models') diff --git a/app/models/user.rb b/app/models/user.rb index d703f9588..c9309bc21 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -74,6 +74,9 @@ class User < ApplicationRecord has_many :applications, class_name: 'Doorkeeper::Application', as: :owner has_many :backups, inverse_of: :user + has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy + accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? } + validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale? validates_with BlacklistedEmailValidator, if: :email_changed? validates_with EmailMxValidator, if: :validate_email_dns? diff --git a/app/models/user_invite_request.rb b/app/models/user_invite_request.rb new file mode 100644 index 000000000..2b76c88b9 --- /dev/null +++ b/app/models/user_invite_request.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +# == Schema Information +# +# Table name: user_invite_requests +# +# id :bigint(8) not null, primary key +# user_id :bigint(8) +# text :text +# created_at :datetime not null +# updated_at :datetime not null +# + +class UserInviteRequest < ApplicationRecord + belongs_to :user, inverse_of: :invite_request + validates :text, presence: true, length: { maximum: 420 } +end -- cgit From 36b39fbac55a9b141b99b54f193ec2702f8c3c39 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 10 Apr 2019 00:35:49 +0200 Subject: Add preference to disable e-mails about new pending accounts (#10529) --- app/controllers/settings/preferences_controller.rb | 2 +- app/models/user.rb | 6 +++++- app/views/settings/notifications/show.html.haml | 1 + config/locales/simple_form.en.yml | 1 + config/settings.yml | 1 + 5 files changed, 9 insertions(+), 2 deletions(-) (limited to 'app/models') diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb index 90967635d..5afdf0eec 100644 --- a/app/controllers/settings/preferences_controller.rb +++ b/app/controllers/settings/preferences_controller.rb @@ -49,7 +49,7 @@ class Settings::PreferencesController < Settings::BaseController :setting_hide_network, :setting_aggregate_reblogs, :setting_show_application, - notification_emails: %i(follow follow_request reblog favourite mention digest report), + notification_emails: %i(follow follow_request reblog favourite mention digest report pending_account), interactions: %i(must_be_follower must_be_following) ) end diff --git a/app/models/user.rb b/app/models/user.rb index c9309bc21..135baae12 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -191,6 +191,10 @@ class User < ApplicationRecord settings.notification_emails['report'] end + def allows_pending_account_emails? + settings.notification_emails['pending_account'] + end + def hides_network? @hides_network ||= settings.hide_network end @@ -295,7 +299,7 @@ class User < ApplicationRecord def notify_staff_about_pending_account! User.staff.includes(:account).each do |u| - next unless u.allows_report_emails? + next unless u.allows_pending_account_emails? AdminMailer.new_pending_account(u.account, self).deliver_later end end diff --git a/app/views/settings/notifications/show.html.haml b/app/views/settings/notifications/show.html.haml index 8aaac043b..6ec57b502 100644 --- a/app/views/settings/notifications/show.html.haml +++ b/app/views/settings/notifications/show.html.haml @@ -14,6 +14,7 @@ - if current_user.staff? = ff.input :report, as: :boolean, wrapper: :with_label + = ff.input :pending_account, as: :boolean, wrapper: :with_label .fields-group = f.simple_fields_for :notification_emails, hash_to_object(current_user.settings.notification_emails) do |ff| diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 3317127f3..1a43e19e2 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -128,6 +128,7 @@ en: follow: Send e-mail when someone follows you follow_request: Send e-mail when someone requests to follow you mention: Send e-mail when someone mentions you + pending_account: Send e-mail when a new account needs review reblog: Send e-mail when someone boosts your status report: Send e-mail when a new report is submitted 'no': 'No' diff --git a/config/settings.yml b/config/settings.yml index 4f05519a5..63f7c3380 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -39,6 +39,7 @@ defaults: &defaults follow_request: true digest: true report: true + pending_account: true interactions: must_be_follower: false must_be_following: false -- cgit From 400397c0c790d7d401d14cea6a0f4c1643af45bc Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 10 Apr 2019 03:34:16 +0200 Subject: Change HTML validator to ignore all errors except unmatched tags (#10534) --- app/models/form/admin_settings.rb | 3 ++- app/validators/html_validator.rb | 12 +++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'app/models') diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index d3af8c30f..86a86ec66 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -49,7 +49,8 @@ class Form::AdminSettings attr_accessor(*KEYS) - validates :site_short_description, :site_description, :site_extended_description, :site_terms, :closed_registrations_message, html: true + validates :site_short_description, :site_description, html: { wrap_with: :p } + validates :site_extended_description, :site_terms, :closed_registrations_message, html: true validates :registrations_mode, inclusion: { in: %w(open approved none) } validates :min_invite_role, inclusion: { in: %w(disabled user moderator admin) } validates :site_contact_email, :site_contact_username, presence: true diff --git a/app/validators/html_validator.rb b/app/validators/html_validator.rb index b7caee5a9..1c9cd303c 100644 --- a/app/validators/html_validator.rb +++ b/app/validators/html_validator.rb @@ -1,18 +1,20 @@ # frozen_string_literal: true class HtmlValidator < ActiveModel::EachValidator + ERROR_RE = /Opening and ending tag mismatch|Unexpected end tag/ + def validate_each(record, attribute, value) return if value.blank? + errors = html_errors(value) - unless errors.empty? - record.errors.add(attribute, I18n.t('html_validator.invalid_markup', error: errors.first.to_s)) - end + + record.errors.add(attribute, I18n.t('html_validator.invalid_markup', error: errors.first.to_s)) unless errors.empty? end private def html_errors(str) - fragment = Nokogiri::HTML.fragment(str) - fragment.errors + fragment = Nokogiri::HTML.fragment(options[:wrap_with] ? "<#{options[:wrap_with]}>#{str}" : str) + fragment.errors.select { |error| ERROR_RE =~ error.message } end end -- cgit From d431c810d34ee9d569e21982fb854b5ac8c61291 Mon Sep 17 00:00:00 2001 From: Alex Gessner Date: Wed, 10 Apr 2019 12:11:53 -0400 Subject: increase allowable length of remote proof username (#10546) --- app/models/account_identity_proof.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/models') diff --git a/app/models/account_identity_proof.rb b/app/models/account_identity_proof.rb index 1ac234735..5871d0e84 100644 --- a/app/models/account_identity_proof.rb +++ b/app/models/account_identity_proof.rb @@ -18,7 +18,7 @@ class AccountIdentityProof < ApplicationRecord belongs_to :account validates :provider, inclusion: { in: ProofProvider::SUPPORTED_PROVIDERS } - validates :provider_username, format: { with: /\A[a-z0-9_]+\z/i }, length: { minimum: 2, maximum: 15 } + validates :provider_username, format: { with: /\A[a-z0-9_]+\z/i }, length: { minimum: 2, maximum: 30 } validates :provider_username, uniqueness: { scope: [:account_id, :provider] } validates :token, format: { with: /\A[a-f0-9]+\z/ }, length: { maximum: 66 } -- cgit From a9f130b8d8e1d92a10cb92b1295b12d274f3139c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 10 Apr 2019 20:28:43 +0200 Subject: Fix Keybase verification using wrong domain for remote accounts (#10547) --- app/lib/proof_provider/keybase.rb | 16 ++++++++++++---- app/lib/proof_provider/keybase/badge.rb | 9 +++------ app/lib/proof_provider/keybase/verifier.rb | 5 +++-- app/lib/proof_provider/keybase/worker.rb | 5 ++--- app/models/account_identity_proof.rb | 4 ++-- spec/lib/proof_provider/keybase/verifier_spec.rb | 2 +- 6 files changed, 23 insertions(+), 18 deletions(-) (limited to 'app/models') diff --git a/app/lib/proof_provider/keybase.rb b/app/lib/proof_provider/keybase.rb index 628972e9d..9680b90ee 100644 --- a/app/lib/proof_provider/keybase.rb +++ b/app/lib/proof_provider/keybase.rb @@ -2,7 +2,7 @@ class ProofProvider::Keybase BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io') - DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain) + DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain) class Error < StandardError; end @@ -50,12 +50,20 @@ class ProofProvider::Keybase end def badge - @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token) + @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain) + end + + def verifier + @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain) end private - def verifier - @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token) + def domain + if @proof.account.local? + DOMAIN + else + @proof.account.domain + end end end diff --git a/app/lib/proof_provider/keybase/badge.rb b/app/lib/proof_provider/keybase/badge.rb index 3aa067ecf..f587b1cc7 100644 --- a/app/lib/proof_provider/keybase/badge.rb +++ b/app/lib/proof_provider/keybase/badge.rb @@ -3,10 +3,11 @@ class ProofProvider::Keybase::Badge include RoutingHelper - def initialize(local_username, provider_username, token) + def initialize(local_username, provider_username, token, domain) @local_username = local_username @provider_username = provider_username @token = token + @domain = domain end def proof_url @@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge end def icon_url - "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}" + "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}" end def avatar_url @@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge def default_avatar_url asset_pack_path('media/images/proof_providers/keybase.png') end - - def domain - Rails.configuration.x.local_domain - end end diff --git a/app/lib/proof_provider/keybase/verifier.rb b/app/lib/proof_provider/keybase/verifier.rb index ab1422323..af69b1bfc 100644 --- a/app/lib/proof_provider/keybase/verifier.rb +++ b/app/lib/proof_provider/keybase/verifier.rb @@ -1,10 +1,11 @@ # frozen_string_literal: true class ProofProvider::Keybase::Verifier - def initialize(local_username, provider_username, token) + def initialize(local_username, provider_username, token, domain) @local_username = local_username @provider_username = provider_username @token = token + @domain = domain end def valid? @@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier def query_params { - domain: ProofProvider::Keybase::DOMAIN, + domain: @domain, kb_username: @provider_username, username: @local_username, sig_hash: @token, diff --git a/app/lib/proof_provider/keybase/worker.rb b/app/lib/proof_provider/keybase/worker.rb index 2872f59c1..bcdd18cc5 100644 --- a/app/lib/proof_provider/keybase/worker.rb +++ b/app/lib/proof_provider/keybase/worker.rb @@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker end def perform(proof_id) - proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id) - verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token) - status = verifier.status + proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id) + status = proof.provider_instance.verifier.status # If Keybase thinks the proof is valid, and it exists here in Mastodon, # then it should be live. Keybase just has to notice that it's here diff --git a/app/models/account_identity_proof.rb b/app/models/account_identity_proof.rb index 5871d0e84..10b66cccf 100644 --- a/app/models/account_identity_proof.rb +++ b/app/models/account_identity_proof.rb @@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord delegate :refresh!, :on_success_path, :badge, to: :provider_instance - private - def provider_instance @provider_instance ||= ProofProvider.find(provider, self) end + private + def queue_worker provider_instance.worker_class.perform_async(id) end diff --git a/spec/lib/proof_provider/keybase/verifier_spec.rb b/spec/lib/proof_provider/keybase/verifier_spec.rb index 4ce67da9c..0081a735d 100644 --- a/spec/lib/proof_provider/keybase/verifier_spec.rb +++ b/spec/lib/proof_provider/keybase/verifier_spec.rb @@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do token: '11111111111111111111111111' ) - described_class.new('alice', 'cryptoalice', '11111111111111111111111111') + described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain) end let(:query_params) do -- cgit