From 5f0fc639dada7a58d2bb5524b4ec081ee6cc143f Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 7 Apr 2022 20:17:49 +0200 Subject: Fix error re-running some migrations if they get interrupted at the wrong moment (#17989) --- lib/mastodon/migration_helpers.rb | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/mastodon/migration_helpers.rb b/lib/mastodon/migration_helpers.rb index e920ff88f..beef83362 100644 --- a/lib/mastodon/migration_helpers.rb +++ b/lib/mastodon/migration_helpers.rb @@ -813,6 +813,9 @@ module Mastodon def update_index(table_name, index_name, columns, **index_options) if index_name_exists?(table_name, "#{index_name}_new") && index_name_exists?(table_name, index_name) remove_index table_name, "#{index_name}_new" + elsif index_name_exists?(table_name, "#{index_name}_new") + # Very unlikely case where the script has been interrupted during/after removal but before renaming + rename_index table_name, "#{index_name}_new", index_name end begin -- cgit From cb45c04d2642291cedd85b2483f0d827d130d6e2 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 7 Apr 2022 20:46:30 +0200 Subject: Fix migration error handling (#17991) --- lib/mastodon/migration_helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/mastodon/migration_helpers.rb b/lib/mastodon/migration_helpers.rb index beef83362..2ab8150ec 100644 --- a/lib/mastodon/migration_helpers.rb +++ b/lib/mastodon/migration_helpers.rb @@ -812,7 +812,7 @@ module Mastodon # removing the old one def update_index(table_name, index_name, columns, **index_options) if index_name_exists?(table_name, "#{index_name}_new") && index_name_exists?(table_name, index_name) - remove_index table_name, "#{index_name}_new" + remove_index table_name, name: "#{index_name}_new" elsif index_name_exists?(table_name, "#{index_name}_new") # Very unlikely case where the script has been interrupted during/after removal but before renaming rename_index table_name, "#{index_name}_new", index_name -- cgit From 6e418bf3465d2df6b47e9b43d3b960504b81e8fb Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 8 Apr 2022 12:47:18 +0200 Subject: Fix cookies secure flag being set when served over Tor (#17992) --- config/application.rb | 1 - config/initializers/devise.rb | 4 +--- config/initializers/session_store.rb | 2 +- lib/action_dispatch/cookie_jar_extensions.rb | 25 ------------------------- 4 files changed, 2 insertions(+), 30 deletions(-) delete mode 100644 lib/action_dispatch/cookie_jar_extensions.rb (limited to 'lib') diff --git a/config/application.rb b/config/application.rb index bed935ce3..a1ba71f61 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,7 +40,6 @@ require_relative '../lib/devise/two_factor_pam_authenticatable' require_relative '../lib/chewy/strategy/custom_sidekiq' require_relative '../lib/webpacker/manifest_extensions' require_relative '../lib/webpacker/helper_extensions' -require_relative '../lib/action_dispatch/cookie_jar_extensions' require_relative '../lib/rails/engine_extensions' require_relative '../lib/active_record/database_tasks_extensions' require_relative '../lib/active_record/batches' diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index b434c68fa..c55bea7a7 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -8,7 +8,6 @@ Warden::Manager.after_set_user except: :fetch do |user, warden| value: session_id, expires: 1.year.from_now, httponly: true, - secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), same_site: :lax, } end @@ -23,7 +22,6 @@ Warden::Manager.after_fetch do |user, warden| value: session_id, expires: 1.year.from_now, httponly: true, - secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), same_site: :lax, } else @@ -265,7 +263,7 @@ Devise.setup do |config| # Options to be passed to the created cookie. For instance, you can set # secure: true in order to force SSL only cookies. - config.rememberable_options = { secure: true } + config.rememberable_options = {} # ==> Configuration for :validatable # Range for password length. diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 3d9bf96fd..210964b1f 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -2,5 +2,5 @@ Rails.application.config.session_store :cookie_store, key: '_mastodon_session', - secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), + secure: false, # All cookies have their secure flag set by the force_ssl option in production same_site: :lax diff --git a/lib/action_dispatch/cookie_jar_extensions.rb b/lib/action_dispatch/cookie_jar_extensions.rb deleted file mode 100644 index 1be9053ba..000000000 --- a/lib/action_dispatch/cookie_jar_extensions.rb +++ /dev/null @@ -1,25 +0,0 @@ -# frozen_string_literal: true - -module ActionDispatch - module CookieJarExtensions - private - - # Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service - # users. Otherwise, ActionDispatch would drop the cookie over HTTP. - def write_cookie?(*) - request.host.end_with?('.onion') || super - end - end -end - -ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions) - -module Rack - module SessionPersistedExtensions - def security_matches?(request, options) - request.host.end_with?('.onion') || super - end - end -end - -Rack::Session::Abstract::Persisted.prepend(Rack::SessionPersistedExtensions) -- cgit From 012537452a1b9087ea085253e8d42fe4129cea42 Mon Sep 17 00:00:00 2001 From: 0x2019 <34298117+single-right-quote@users.noreply.github.com> Date: Fri, 8 Apr 2022 19:21:49 +0000 Subject: Fix error resposes for `from` search prefix (#17963) * Fix error responses in `from` search prefix (addresses mastodon/mastodon#17941) Using unsupported prefixes now reports a 422; searching for posts from an account the instance is not aware of reports a 404. TODO: The UI for this on the front end is abysmal. Searching `from:username@domain` now succeeds when `domain` is the local domain; searching `from:@username(@domain)?` now works as expected. * Remove unused methods on new Error classes as they are not being used Currently when `raise`d there are error messages being supplied, but this is not actually being used. The associated `raise`s have been edited accordingly. * Remove needless comments * Satisfy rubocop * Try fixing tests being unable to find AccountFindingConcern methods * Satisfy rubocop * Simplify `from` prefix logic This incorporates @ClearlyClaire's suggestion (see https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737). Accepctable account strings in `from:` clauses are more lenient than before this commit; for example, `from:@user@example.org@asnteo +cat` will not error, and return posts by @user@example.org containing the word "cat". This is more consistent with how Mastodon matches mentions in statuses. In addition, `from` clauses will not be checked for syntatically invalid usernames or domain names, simply 404ing when `Account.find_remote!` raises ActiveRecord::NotFound. New code for this PR that is no longer used has been removed. --- app/controllers/api/v2/search_controller.rb | 4 ++++ app/lib/search_query_transformer.rb | 8 ++++---- lib/exceptions.rb | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/app/controllers/api/v2/search_controller.rb b/app/controllers/api/v2/search_controller.rb index f17431dd1..a30560133 100644 --- a/app/controllers/api/v2/search_controller.rb +++ b/app/controllers/api/v2/search_controller.rb @@ -11,6 +11,10 @@ class Api::V2::SearchController < Api::BaseController def index @search = Search.new(search_results) render json: @search, serializer: REST::SearchSerializer + rescue Mastodon::SyntaxError + unprocessable_entity + rescue ActiveRecord::RecordNotFound + not_found end private diff --git a/app/lib/search_query_transformer.rb b/app/lib/search_query_transformer.rb index c685d7b6f..aef05e9d9 100644 --- a/app/lib/search_query_transformer.rb +++ b/app/lib/search_query_transformer.rb @@ -88,14 +88,14 @@ class SearchQueryTransformer < Parslet::Transform case prefix when 'from' @filter = :account_id - username, domain = term.split('@') - account = Account.find_remote(username, domain) - raise "Account not found: #{term}" unless account + username, domain = term.gsub(/\A@/, '').split('@') + domain = nil if TagManager.instance.local_domain?(domain) + account = Account.find_remote!(username, domain) @term = account.id else - raise "Unknown prefix: #{prefix}" + raise Mastodon::SyntaxError end end end diff --git a/lib/exceptions.rb b/lib/exceptions.rb index eb472abaa..0c677b660 100644 --- a/lib/exceptions.rb +++ b/lib/exceptions.rb @@ -10,6 +10,7 @@ module Mastodon class StreamValidationError < ValidationError; end class RaceConditionError < Error; end class RateLimitExceededError < Error; end + class SyntaxError < Error; end class UnexpectedResponseError < Error attr_reader :response -- cgit From ed5491e5de6ede501715c421ad5fa53493f61250 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 8 Apr 2022 21:57:24 +0200 Subject: Bump version to 3.5.1 (#18000) --- CHANGELOG.md | 43 +++++++++++++++++++++++++++++++++++++++++++ lib/mastodon/version.rb | 2 +- 2 files changed, 44 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/CHANGELOG.md b/CHANGELOG.md index dd0ccc5f7..8814d5a4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,49 @@ Changelog All notable changes to this project will be documented in this file. +## [3.5.1] - 2022-04-08 +### Added + +- Add pagination for trending statuses in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/17976)) + +### Changed + +- Change e-mail notifications to only be sent when recipient is offline ([Gargron](https://github.com/mastodon/mastodon/pull/17984)) + - Send e-mails for mentions and follows by default again + - But only when recipient does not have push notifications through an app +- Change `website` attribute to be nullable on `Application` entity in REST API ([rinsuki](https://github.com/mastodon/mastodon/pull/17962)) + +### Removed + +- Remove sign-in token authentication, instead send e-mail about new sign-in ([Gargron](https://github.com/mastodon/mastodon/pull/17970)) + - You no longer need to enter a security code sent through e-mail + - Instead you get an e-mail about a new sign-in from an unfamiliar IP address + +### Fixed + +- Fix error resposes for `from` search prefix ([single-right-quote](https://github.com/mastodon/mastodon/pull/17963)) +- Fix dangling language-specific trends ([Gargron](https://github.com/mastodon/mastodon/pull/17997)) +- Fix extremely rare race condition when deleting a status or account ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17994)) +- Fix trends returning less results per page when filtered in REST API ([Gargron](https://github.com/mastodon/mastodon/pull/17996)) +- Fix pagination header on empty trends responses in REST API ([Gargron](https://github.com/mastodon/mastodon/pull/17986)) +- Fix cookies secure flag being set when served over Tor ([Gargron](https://github.com/mastodon/mastodon/pull/17992)) +- Fix migration error handling ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17991)) +- Fix error when re-running some migrations if they get interrupted at the wrong moment ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17989)) +- Fix potentially missing statuses when reconnecting to streaming API in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17981), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17987), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17980)) +- Fix error when sending warning emails with custom text ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17983)) +- Fix unset `SMTP_RETURN_PATH` environment variable causing e-mail not to send ([Gargron](https://github.com/mastodon/mastodon/pull/17982)) +- Fix possible duplicate statuses in timelines in some edge cases in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17971)) +- Fix spurious edits and require incoming edits to be explicitly marked as such ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17918)) +- Fix error when encountering invalid pinned statuses ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17964)) +- Fix inconsistency in error handling when removing a status ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17974)) +- Fix admin API unconditionally requiring CSRF token ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17975)) +- Fix trending tags endpoint missing `offset` param in REST API ([Gargron](https://github.com/mastodon/mastodon/pull/17973)) +- Fix unusual number formatting in some locales ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17929)) +- Fix `S3_FORCE_SINGLE_REQUEST` environment variable not working ([HolgerHuo](https://github.com/mastodon/mastodon/pull/17922)) +- Fix failure to build assets with OpenSSL 3 ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17930)) +- Fix PWA manifest using outdated routes ([HolgerHuo](https://github.com/mastodon/mastodon/pull/17921)) +- Fix error when indexing statuses into Elasticsearch ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17912)) + ## [3.5.0] - 2022-03-30 ### Added diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 256a3d3b7..23e164b2e 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def patch - 0 + 1 end def flags -- cgit From f2b2614d0a3852259f21f7969a946fb3d8b7e96d Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 11 Apr 2022 08:40:18 +0200 Subject: Fix link sanitization for outgoing text/html and text/markdown toots Fixes #1739 --- lib/sanitize_ext/sanitize_config.rb | 4 ++-- spec/lib/advanced_text_formatter_spec.rb | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/sanitize_ext/sanitize_config.rb b/lib/sanitize_ext/sanitize_config.rb index 935e1f4f6..946543868 100644 --- a/lib/sanitize_ext/sanitize_config.rb +++ b/lib/sanitize_ext/sanitize_config.rb @@ -133,7 +133,7 @@ class Sanitize rel += ['nofollow', 'noopener', 'noreferrer'] unless TagManager.instance.local_url?(node['href']) if rel.empty? - node['rel']&.delete + node.remove_attribute('rel') else node['rel'] = rel.join(' ') end @@ -144,7 +144,7 @@ class Sanitize node = env[:node] if node['target'] != '_blank' && TagManager.instance.local_url?(node['href']) - node['target']&.delete + node.remove_attribute('target') else node['target'] = '_blank' end diff --git a/spec/lib/advanced_text_formatter_spec.rb b/spec/lib/advanced_text_formatter_spec.rb index 4e859c93c..ea1a9570d 100644 --- a/spec/lib/advanced_text_formatter_spec.rb +++ b/spec/lib/advanced_text_formatter_spec.rb @@ -50,6 +50,14 @@ RSpec.describe AdvancedTextFormatter do end end + context 'given text with a local-domain mention' do + let(:text) { 'foo https://cb6e6126.ngrok.io/about/more' } + + it 'creates a link' do + is_expected.to include '