From c0b849bdfda8a2386bc85836d2d181890746de98 Mon Sep 17 00:00:00 2001 From: ThibG Date: Sun, 3 May 2020 22:04:18 +0200 Subject: Fix use of inline CSS in public pages (#13576) Change `account_link_to` to use an image tag rather than some inline CSS. Dropped the `size` parameter in the process, but it wasn't used for anything except the default value of 36px. Dropped CSS rules that were always overriden, and defaulted to 36px width and height instead. --- app/views/admin/reports/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/views') diff --git a/app/views/admin/reports/index.html.haml b/app/views/admin/reports/index.html.haml index 0263b80fb..2149fcc46 100644 --- a/app/views/admin/reports/index.html.haml +++ b/app/views/admin/reports/index.html.haml @@ -25,7 +25,7 @@ - target_account = reports.first.target_account .report-card .report-card__profile - = account_link_to target_account, '', size: 36, path: admin_account_path(target_account.id) + = account_link_to target_account, '', path: admin_account_path(target_account.id) .report-card__profile__stats = link_to t('admin.reports.account.notes', count: target_account.targeted_moderation_notes.count), admin_account_path(target_account.id) %br/ -- cgit From e1629a77585245493d4b0ffb8d612d19b53d9087 Mon Sep 17 00:00:00 2001 From: ThibG Date: Fri, 8 May 2020 21:22:57 +0200 Subject: Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679) * Make sure wicg-inert doesn't rely on inline CSS * Remove unsafe-inline from style-src --- app/views/layouts/application.html.haml | 2 ++ config/initializers/content_security_policy.rb | 2 +- public/inert.css | 11 +++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 public/inert.css (limited to 'app/views') diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 25d001337..39fa0678f 100755 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -26,6 +26,8 @@ = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous' = csrf_meta_tags + = stylesheet_link_tag '/inert.css', skip_pipeline: true, media: 'all', id: 'inert-style' + - if Setting.custom_css.present? = stylesheet_link_tag custom_css_path, media: 'all' diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index f26d9c8ea..7dcc028ab 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -22,7 +22,7 @@ Rails.application.config.content_security_policy do |p| p.frame_ancestors :none p.font_src :self, assets_host p.img_src :self, :https, :data, :blob, assets_host - p.style_src :self, :unsafe_inline, assets_host + p.style_src :self, assets_host p.media_src :self, :https, :data, assets_host p.frame_src :self, :https p.manifest_src :self, assets_host diff --git a/public/inert.css b/public/inert.css new file mode 100644 index 000000000..275fad2e6 --- /dev/null +++ b/public/inert.css @@ -0,0 +1,11 @@ +[inert] { + pointer-events: none; + cursor: default; +} + +[inert], [inert] * { + user-select: none; + -webkit-user-select: none; + -moz-user-select: none; + -ms-user-select: none; +} -- cgit From 8be4c2ba21c6a8e4abb0522dac398645c71d8e94 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 10 May 2020 11:21:10 +0200 Subject: Add ability to remove identity proofs from account (#13682) Fix #12613 --- .../settings/identity_proofs_controller.rb | 12 ++++++++---- app/views/settings/identity_proofs/_proof.html.haml | 1 + config/locales/en.yml | 4 +++- config/routes.rb | 2 +- .../settings/identity_proofs_controller_spec.rb | 20 +++++++++++++++++++- 5 files changed, 32 insertions(+), 7 deletions(-) (limited to 'app/views') diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb index a749d8020..3a90b7c4d 100644 --- a/app/controllers/settings/identity_proofs_controller.rb +++ b/app/controllers/settings/identity_proofs_controller.rb @@ -21,8 +21,7 @@ class Settings::IdentityProofsController < Settings::BaseController if current_account.username.casecmp(params[:username]).zero? render layout: 'auth' else - flash[:alert] = I18n.t('identity_proofs.errors.wrong_user', proving: params[:username], current: current_account.username) - redirect_to settings_identity_proofs_path + redirect_to settings_identity_proofs_path, alert: I18n.t('identity_proofs.errors.wrong_user', proving: params[:username], current: current_account.username) end end @@ -34,11 +33,16 @@ class Settings::IdentityProofsController < Settings::BaseController PostStatusService.new.call(current_user.account, text: post_params[:status_text]) if publish_proof? redirect_to @proof.on_success_path(params[:user_agent]) else - flash[:alert] = I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize) - redirect_to settings_identity_proofs_path + redirect_to settings_identity_proofs_path, alert: I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize) end end + def destroy + @proof = current_account.identity_proofs.find(params[:id]) + @proof.destroy! + redirect_to settings_identity_proofs_path, success: I18n.t('identity_proofs.removed') + end + private def check_required_params diff --git a/app/views/settings/identity_proofs/_proof.html.haml b/app/views/settings/identity_proofs/_proof.html.haml index 524827ad7..14e8e91be 100644 --- a/app/views/settings/identity_proofs/_proof.html.haml +++ b/app/views/settings/identity_proofs/_proof.html.haml @@ -18,3 +18,4 @@ %td = table_link_to 'external-link', t('identity_proofs.view_proof'), proof.badge.proof_url if proof.badge.proof_url + = table_link_to 'trash', t('identity_proofs.remove'), settings_identity_proof_path(proof), method: :delete, data: { confirm: t('admin.accounts.are_you_sure') } diff --git a/config/locales/en.yml b/config/locales/en.yml index 8a7cf070f..cc34b9094 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -844,12 +844,14 @@ en: invalid_token: Keybase tokens are hashes of signatures and must be 66 hex characters verification_failed: Keybase does not recognize this token as a signature of Keybase user %{kb_username}. Please retry from Keybase. wrong_user: Cannot create a proof for %{proving} while logged in as %{current}. Log in as %{proving} and try again. - explanation_html: Here you can cryptographically connect your other identities, such as a Keybase profile. This lets other people send you encrypted messages and trust content you send them. + explanation_html: Here you can cryptographically connect your other identities from other platforms, such as Keybase. This lets other people send you encrypted messages on those platforms and allows them to trust that the content you send them comes from you. i_am_html: I am %{username} on %{service}. identity: Identity inactive: Inactive publicize_checkbox: 'And toot this:' publicize_toot: 'It is proven! I am %{username} on %{service}: %{url}' + remove: Remove proof from account + removed: Successfully removed proof from account status: Verification status view_proof: View proof imports: diff --git a/config/routes.rb b/config/routes.rb index fa6639138..920a48fe7 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -130,7 +130,7 @@ Rails.application.routes.draw do resource :confirmation, only: [:new, :create] end - resources :identity_proofs, only: [:index, :show, :new, :create, :update] + resources :identity_proofs, only: [:index, :new, :create, :destroy] resources :applications, except: [:edit] do member do diff --git a/spec/controllers/settings/identity_proofs_controller_spec.rb b/spec/controllers/settings/identity_proofs_controller_spec.rb index 261e980d4..16f236227 100644 --- a/spec/controllers/settings/identity_proofs_controller_spec.rb +++ b/spec/controllers/settings/identity_proofs_controller_spec.rb @@ -151,7 +151,7 @@ describe Settings::IdentityProofsController do @proof1 = Fabricate(:account_identity_proof, account: user.account) @proof2 = Fabricate(:account_identity_proof, account: user.account) allow_any_instance_of(AccountIdentityProof).to receive(:badge) { double(avatar_url: '', profile_url: '', proof_url: '') } - allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) { } + allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) {} end it 'has the first proof username on the page' do @@ -165,4 +165,22 @@ describe Settings::IdentityProofsController do end end end + + describe 'DELETE #destroy' do + before do + allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true } + @proof1 = Fabricate(:account_identity_proof, account: user.account) + allow_any_instance_of(AccountIdentityProof).to receive(:badge) { double(avatar_url: '', profile_url: '', proof_url: '') } + allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) {} + delete :destroy, params: { id: @proof1.id } + end + + it 'redirects to :index' do + expect(response).to redirect_to settings_identity_proofs_path + end + + it 'removes the proof' do + expect(AccountIdentityProof.where(id: @proof1.id).count).to eq 0 + end + end end -- cgit From 48503384d00525fe61a038bdb8a55868fdc1db92 Mon Sep 17 00:00:00 2001 From: ThibG Date: Wed, 13 May 2020 21:20:34 +0200 Subject: Fix some account avatars on public pages having incorrect size (#13692) * Fix some account avatars on public pages having incorrect size * Remove outdated and overridden width and height attributes * Remove more hardcoded width/height attributes --- app/javascript/styles/mastodon/statuses.scss | 5 +++++ app/views/about/show.html.haml | 2 +- app/views/directories/index.html.haml | 2 +- app/views/statuses/_detailed_status.html.haml | 4 ++-- app/views/statuses/_simple_status.html.haml | 4 ++-- 5 files changed, 11 insertions(+), 6 deletions(-) (limited to 'app/views') diff --git a/app/javascript/styles/mastodon/statuses.scss b/app/javascript/styles/mastodon/statuses.scss index 0b7be7afd..a8fd2936c 100644 --- a/app/javascript/styles/mastodon/statuses.scss +++ b/app/javascript/styles/mastodon/statuses.scss @@ -149,6 +149,11 @@ &__avatar { left: 15px; top: 17px; + + .account__avatar { + width: 48px; + height: 48px; + } } &__content { diff --git a/app/views/about/show.html.haml b/app/views/about/show.html.haml index 07e06100a..565c4ed59 100644 --- a/app/views/about/show.html.haml +++ b/app/views/about/show.html.haml @@ -27,7 +27,7 @@ .avatar-stack - @instance_presenter.sample_accounts.each do |account| - = image_tag current_account&.user&.setting_auto_play_gif ? account.avatar_original_url : account.avatar_static_url, width: 48, height: 48, alt: '', class: 'account__avatar' + = image_tag current_account&.user&.setting_auto_play_gif ? account.avatar_original_url : account.avatar_static_url, alt: '', class: 'account__avatar' - if Setting.timeline_preview .directory__tag diff --git a/app/views/directories/index.html.haml b/app/views/directories/index.html.haml index bdc1e9d5a..7975ee999 100644 --- a/app/views/directories/index.html.haml +++ b/app/views/directories/index.html.haml @@ -25,7 +25,7 @@ .directory__card__bar = link_to TagManager.instance.url_for(account), class: 'directory__card__bar__name' do .avatar - = image_tag account.avatar.url, alt: '', width: 48, height: 48, class: 'u-photo' + = image_tag account.avatar.url, alt: '', class: 'u-photo' .display-name %bdi diff --git a/app/views/statuses/_detailed_status.html.haml b/app/views/statuses/_detailed_status.html.haml index 544b92330..33b81c748 100644 --- a/app/views/statuses/_detailed_status.html.haml +++ b/app/views/statuses/_detailed_status.html.haml @@ -3,9 +3,9 @@ = link_to ActivityPub::TagManager.instance.url_for(status.account), class: 'detailed-status__display-name u-url', target: stream_link_target, rel: 'noopener' do .detailed-status__display-avatar - if current_account&.user&.setting_auto_play_gif || autoplay - = image_tag status.account.avatar_original_url, width: 48, height: 48, alt: '', class: 'account__avatar u-photo' + = image_tag status.account.avatar_original_url, alt: '', class: 'account__avatar u-photo' - else - = image_tag status.account.avatar_static_url, width: 48, height: 48, alt: '', class: 'account__avatar u-photo' + = image_tag status.account.avatar_static_url, alt: '', class: 'account__avatar u-photo' %span.display-name %bdi %strong.display-name__html.p-name.emojify= display_name(status.account, custom_emojify: true, autoplay: autoplay) diff --git a/app/views/statuses/_simple_status.html.haml b/app/views/statuses/_simple_status.html.haml index ff09ab2ee..d7853eca9 100644 --- a/app/views/statuses/_simple_status.html.haml +++ b/app/views/statuses/_simple_status.html.haml @@ -9,9 +9,9 @@ .status__avatar %div - if current_account&.user&.setting_auto_play_gif || autoplay - = image_tag status.account.avatar_original_url, width: 48, height: 48, alt: '', class: 'u-photo account__avatar' + = image_tag status.account.avatar_original_url, alt: '', class: 'u-photo account__avatar' - else - = image_tag status.account.avatar_static_url, width: 48, height: 48, alt: '', class: 'u-photo account__avatar' + = image_tag status.account.avatar_static_url, alt: '', class: 'u-photo account__avatar' %span.display-name %bdi %strong.display-name__html.p-name.emojify= display_name(status.account, custom_emojify: true, autoplay: autoplay) -- cgit