1
0
Commit Graph

9238 Commits

Author SHA1 Message Date
Claire
793da08995
Change dasbhoard links for “new users” and “active users” (#17570)
Make them filter for local accounts by default
2022-02-16 13:17:28 +01:00
Eugen Rochko
564efd0651
Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Jeong Arm
d39df35441
Fix admin statuses page order with media (#17538) 2022-02-14 16:07:04 +01:00
Jeong Arm
9a015e43ef
Add from: query operator to search syntax (#16526)
* Add 'by:userhandle' parameter to search api

* Use search syntax for "by" prefix

* Codeclimate

* Use 'from' instead of 'by'
2022-02-14 00:17:09 +01:00
Eugen Rochko
bbd3474416
Fix privacy policy link not being visible on small screens (#17533)
Fix #17482
2022-02-13 02:52:34 +01:00
Eugen Rochko
6240466866
Fix duplicate accounts when searching by IP range in admin UI (#17524) 2022-02-13 01:58:26 +01:00
Claire
f3429d7354 [Glitch] Fix controls for unchangeable properties on status edit not being disabled
Port 38845592c4 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-12 22:36:39 +01:00
Claire
c9669ee167 Merge branch 'main' into glitch-soc/merge-upstream 2022-02-12 21:36:33 +01:00
Holly
27803cd2b7 Make the settings button go to settings when opened in a new tab 2022-02-12 20:12:29 +01:00
Claire
7396a254c1
Fix empty batch statuses selection causing a 500 error (#17532)
* Fix empty batch statuses selection causing a 500 error

* Simplify current_params
2022-02-12 19:52:17 +01:00
Claire
38845592c4
Fix controls for unchangeable properties on status edit not being disabled (#17531)
Fixes #17520
2022-02-12 19:00:33 +01:00
Claire
2d3f8055ed Fix attempts at distributing Update activities for local-only posts 2022-02-12 15:41:18 +01:00
Eugen Rochko
f4db2e1832 [Glitch] Fix layout of the report page on smaller screens in admin UI
Port e848d281d5 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-12 13:15:07 +01:00
Eugen Rochko
958089fb21 [Glitch] Add notifications when a reblogged status has been updated
Port front-end changes from 8f03b7a2fb to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-12 13:15:07 +01:00
Claire
d9379f5331 Merge branch 'main' into glitch-soc/merge-upstream 2022-02-12 11:12:41 +01:00
Eugen Rochko
e848d281d5
Fix layout of the report page on smaller screens in admin UI (#17523)
Fix #17491
2022-02-12 01:08:23 +01:00
Claire
28ec7def58 Fix missing javascript in some admin pages 2022-02-12 00:10:28 +01:00
Claire
f3b9a2b590 Add support for multiple source files per pack 2022-02-12 00:10:28 +01:00
Jeong Arm
ee47e2028b
Enable domain purge button on suspended domains too (#17209)
* Enable domain purge button on suspended domains too

* Change unless to if
2022-02-11 22:23:19 +01:00
Eugen Rochko
8f03b7a2fb
Add notifications when a reblogged status has been updated (#17404)
* Add notifications when a reblogged status has been updated

* Change wording to say "edit" instead of "update" and add missing controls

* Replace previous update notifications with the most up-to-date one
2022-02-11 22:20:19 +01:00
Eugen Rochko
a34e4f7e27 [Glitch] Change actions in reports to require only one click
Port SCSS changes from d0fcf07436

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-11 21:56:27 +01:00
Claire
51cad4f7fb Merge branch 'main' into glitch-soc/merge-upstream 2022-02-11 21:53:20 +01:00
Eugen Rochko
d0fcf07436
Change actions in reports to require only one click (#17487) 2022-02-11 21:51:57 +01:00
Eugen Rochko
a27729ee48
Change reblogs to not count towards hashtag trends anymore (#17501) 2022-02-11 21:16:23 +01:00
Eugen Rochko
c9a52833b6
Fix deletes not being signed in authorized fetch mode (#17484)
Fix #17483
2022-02-11 14:52:45 +01:00
Claire
d4e6774a0c
Fix Undo Announce sometimes inlining the originally Announced status (#17516)
* Change tests to have more specific expectations on sent ActivityPub payloads

* Check that payload doesn't actually contain the contents of the boosted toot

* Fix Undo Announce sometimes inlining the originally Announced status
2022-02-11 14:52:07 +01:00
Eugen Rochko
6f38765fcc
New Crowdin updates (#16858)
* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations simple_form.en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations simple_form.en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations devise.en.yml (French)
[ci skip]

* New translations devise.en.yml (French)
[ci skip]

* New translations activerecord.en.yml (French)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Hebrew)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations activerecord.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations doorkeeper.en.yml (Slovenian)
[ci skip]

* New translations activerecord.en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations devise.en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations devise.en.yml (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations doorkeeper.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations devise.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations doorkeeper.en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations simple_form.en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations simple_form.en.yml (Thai)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Armenian)
[ci skip]

* New translations en.yml (Georgian)
[ci skip]

* New translations en.yml (Lithuanian)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Norwegian)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Albanian)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (Serbian (Cyrillic))
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Finnish)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.yml (Romanian)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Spanish, Mexico)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.yml (Sardinian)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Sorani (Kurdish))
[ci skip]

* New translations en.yml (Kurmanji (Kurdish))
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.yml (Welsh)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Estonian)
[ci skip]

* New translations en.yml (Kazakh)
[ci skip]

* New translations en.yml (Norwegian Nynorsk)
[ci skip]

* New translations en.yml (Kurmanji (Kurdish))
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Albanian)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations devise.en.yml (Thai)
[ci skip]

* New translations en.yml (Spanish, Mexico)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Kurmanji (Kurdish))
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations simple_form.en.yml (Slovenian)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations simple_form.en.yml (Polish)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* Ran `i18n-tasks normalize`

* Ran `yarn manage:translations`

* Add space

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-11 04:50:27 +01:00
Eugen Rochko
642b5a621a [Glitch] Chore: Disable menu items for editing statuses in web UI (#17497)
Port 3dc1e3cfc3 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-10 19:10:59 +01:00
Eugen Rochko
5e67858fbc [Glitch] Add editing for published statuses
Port 63002cde03 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-10 19:10:20 +01:00
Claire
abd113167b Add ability to change content-type when editing a toot
Content-type defaults to edited toot's content-type to avoid surprising
behaviors when using clients that do not support this feature.
2022-02-10 19:10:14 +01:00
Claire
f1a6f9062e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
  Upstream moved things around in a place where glitch-soc had support for
  an extra parameter (`content_type`).
  Follow upstream but reintroduce `content_type`.
2022-02-10 19:09:27 +01:00
Eugen Rochko
3dc1e3cfc3
Chore: Disable menu items for editing statuses in web UI (#17497)
Feature must be unlocked in a separate release for max. compatibility
2022-02-10 15:28:53 +01:00
Claire
da91b18a8b
Fix NoMethodError in StatusUpdateDistributionWorker (#17499)
* Add tests

* Fix NoMethodError in StatusUpdateDistributionWorker

* Fix tests
2022-02-10 14:57:10 +01:00
Claire
63854bee6c
Fix poll votes not being properly reset on poll change (#17498)
* Fix poll votes not being properly reset on poll change

* Fix and add tests

* Fix poll update handling when the number of options changes
2022-02-10 14:26:54 +01:00
Eugen Rochko
1bfcb75105
Fix outdated iso-639 reference in update status service (#17496) 2022-02-10 03:09:44 +01:00
Eugen Rochko
63002cde03
Add editing for published statuses (#17320)
* Add editing for published statuses

* Fix change of multiple-choice boolean in poll not resetting votes

* Remove the ability to update existing media attachments for now
2022-02-10 00:15:30 +01:00
Eugen Rochko
2f8159baad
Add category and rule_ids params to POST /api/v1/reports (#17492) 2022-02-10 00:10:16 +01:00
Claire
d90da7d080 Add content_type to status_edits 2022-02-09 18:02:31 +01:00
Eugen Rochko
44b06c4d96 [Glitch] Add edit history to web UI
Port fd3a45e348 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-02-09 17:51:35 +01:00
Claire
322e907e04 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/views/settings/preferences/appearance/show.html.haml`:
  Upstream renamed some helper functions that were used in a part of the
  settings page which glitch-soc slightly changed the layout of.
  Ported the change.
2022-02-09 17:28:33 +01:00
Claire
0bb3d445ab Please Codeclimate 2022-02-09 17:15:36 +01:00
Claire
e1a4590bca Rework actions modal to bring it closer to upstream and fix modal stacking issue 2022-02-09 16:40:23 +01:00
Claire
bc2eaf3581 Remove unused noModal prop 2022-02-09 16:40:23 +01:00
Claire
f03dc97070 Some more refactoring 2022-02-09 16:40:23 +01:00
Claire
f87ce13afc Refactor dropdown and action modal code slightly
Simplify it a bit and make it closer to upstream
2022-02-09 13:23:12 +01:00
Eugen Rochko
3aebe711fd
Change languages to be listed under standard instead of native name in admin UI (#17485) 2022-02-09 04:15:38 +01:00
Eugen Rochko
fd3a45e348
Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Eugen Rochko
2adcad04ff
Fix error in suggestions API due to typo (#17486)
Regression from #17479
2022-02-08 22:23:04 +01:00
Claire
692963d43b Merge branch 'main' into glitch-soc/merge-upstream 2022-02-08 18:23:53 +01:00
Eugen Rochko
b6d7726ecb
Remove language detection through cld3 (#17478)
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Eugen Rochko
85b86fe28c
Add global locale param (#17464)
- Remove the session-based locale stickyness
2022-02-08 02:34:56 +01:00
Eugen Rochko
35850f8195
Fix localization of cold-start follow recommendations (#17479) 2022-02-08 01:53:49 +01:00
Claire
52c1b86964
Fix Ruby 2.5 incompatibility (#17465) 2022-02-07 19:57:06 +01:00
Eugen Rochko
f1f6ddd536
Fix structured data parsing from links choking on bad data (#17403)
* Fix structured data parsing from links choking on bad data

- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag

* Remove unnecessary slash escapes from CDATA regex pattern
2022-02-07 18:16:31 +01:00
Claire
73a782391c
Fix replies collection incorrectly looping (#17462)
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
2022-02-07 17:06:43 +01:00
Claire
0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor (#17460) 2022-02-07 13:14:48 +01:00
Claire
aa832d623a Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `CHANGELOG.md`:
  Upstream added newlines.
  Conflicts are because the CHANGELOG was independently merged from 3.4.6 on
  last security update.
  Took upstream's version.
- `app/helpers/context_helper.rb`:
  Conflicts because of extra vocabulary in glitch-soc. The conflicts were
  actually handled in last security merge.
  Kept our version.
2022-02-06 15:34:42 +01:00
Claire
92658f0fb0
Fix instance actor not being dereferenceable (#17457)
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
2022-02-06 15:31:03 +01:00
Claire
08f44d1953 Move glitch-soc-specific theming methods to ThemingConcern 2022-02-05 10:58:51 +01:00
Claire
5f48ec9e42 Make theme-selection fall back to default ones if configured is not found 2022-02-05 10:29:27 +01:00
Eugen Rochko
e03e7ac290
Fix error on account relationships page in admin UI (#17444) 2022-02-05 05:06:34 +01:00
Claire
c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428) 2022-02-03 14:09:04 +01:00
Claire
948235592a
Fix response_to_recipient? CTE (#17427) 2022-02-03 14:07:43 +01:00
Claire
d1ecc323e7
Compact JSON-LD signed incoming activities (#17426)
Co-authored-by: Puck Meerburg <puck@puck.moe>
2022-02-03 14:07:29 +01:00
Claire
a3e0dacf5c Fix response_to_recipient? CTE 2022-02-02 19:55:57 +01:00
Claire
7b969436a0 Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 19:55:57 +01:00
Puck Meerburg
63da32468c Compact JSON-LD signed incoming activities 2022-02-02 16:13:11 +01:00
Claire
098f2bc1e1 Merge branch 'main' into glitch-soc/merge-upstream 2022-02-01 20:59:28 +01:00
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations (#17422)
Follow-up to #16409
2022-02-01 20:57:39 +01:00
Claire
7679ddcd5e Merge branch 'main' into glitch-soc/merge-upstream 2022-01-30 22:33:30 +01:00
Claire
f5639e1cbe
Change public profile pages to be disabled for unconfirmed users (#17385)
Fixes #17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
2022-01-28 14:24:37 +01:00
Claire
94a39f6b68 Fix Sidekiq warning when pushing DMs to direct timeline 2022-01-28 09:07:56 +01:00
Claire
b2915613fb Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Upstream-updated lib textually too close to glitch-soc-only dep.
  Updated like upstream.
2022-01-28 08:58:32 +01:00
Claire
03d59340da
Fix Sidekiq warnings about JSON serialization (#17381)
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
2022-01-28 00:43:56 +01:00
Claire
ad6ddb9bdd Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `config/environments/production.rb`:
  Upstream changed a header but we had different default headers.
  Applied the same change, and also dropped HSTS headers redundant with
  Rails'.
2022-01-26 22:32:21 +01:00
Claire
166cc5b89d
Fix local distribution of edited statuses (#17380)
Because `FanOutOnWriteService#update?` was broken, edits were considered as new
toots and a regular `update` payload was sent.
2022-01-26 20:53:50 +01:00
Eugen Rochko
6505b39e5d
Fix poll updates being saved as status edits (#17373)
Fix #17344
2022-01-26 18:05:39 +01:00
Claire
7c2204314a Add some explanation text on the CAPTCHA confirmation page 2022-01-26 13:24:51 +01:00
Claire
b7cf3941b3 Change CAPTCHA handling to be only on email verification
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
2022-01-25 23:56:57 +01:00
Claire
0fb907441c Add ability to set hCaptcha either on registration form or on e-mail validation
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
2022-01-25 23:09:48 +01:00
Claire
a9269f8786 Disable registrations flag in /api/v1/instance when CAPTCHA is enabled
This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
2022-01-25 13:58:24 +01:00
Claire
bf351d72af Disable captcha if registrations are disabled for various reasons 2022-01-24 22:12:57 +01:00
Claire
6a2f248fe4 Renew Rails session ID on successful registration 2022-01-24 22:01:05 +01:00
Claire
04050fbd46 Please CodeClimate 2022-01-24 21:29:50 +01:00
Claire
1b493c9fee Add optional hCaptcha support
Fixes #1649

This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then
enabling the admin setting at
`/admin/settings/edit#form_admin_settings_captcha_enabled`

Subsequently, a hCaptcha widget will be displayed on `/about` and
`/auth/sign_up` unless:
- the user is already signed-up already
- the user has used an invite link
- the user has already solved the captcha (and registration failed for another
  reason)

The Content-Security-Policy headers are altered automatically to allow the
third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same
rules as above.
2022-01-24 21:22:13 +01:00
Claire
dd63923c0a
Fix link_to_login argument handling when a block is passed (#17345) 2022-01-24 03:29:03 +01:00
Claire
9483d0c6b2 [Glitch] Change percent to rate in retention metrics API
Port a63495230a to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-23 18:24:40 +01:00
Claire
4dd4fc2e5e [Glitch] Fix text being incorrectly pre-selected in composer textarea on /share
Port 3a103cd317 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-23 18:24:34 +01:00
Claire
61ef81c548 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `spec/models/status_spec.rb`:
  Upstream added tests too close to glitch-soc-specific tests.
  Kept both tests.
2022-01-23 18:24:01 +01:00
Claire
0a120d86d2
Fix error-prone SQL queries (#15828)
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-23 18:10:10 +01:00
Claire
a63495230a
Change percent to rate in retention metrics API (#16910) 2022-01-23 16:01:25 +01:00
Claire
bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire
cfa583fa71
Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)
Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2022-01-23 15:50:41 +01:00
Claire
8a07ecd377
Remove leftover database columns from Devise::Models::Rememberable (#17191)
* Remove leftover database columns from Devise::Models::Rememberable

* Update fix-duplication maintenance script

* Improve errors/warnings in the fix-duplicates maintenance script
2022-01-23 15:46:30 +01:00
Claire
3a103cd317
Fix text being incorrectly pre-selected in composer textarea on /share (#17339)
Fixes #17295
2022-01-20 20:56:21 +01:00
Claire
6eea3f8f9c
Add post edited notice in admin and public UIs (#17335)
* Add edited toot flag on public pages

* Add toot edit flag to admin pages
2022-01-20 13:37:31 +01:00
Claire
4d0383d75a Add content-type to status source in glitch-soc 2022-01-20 00:03:44 +01:00
Eugen Rochko
d4654dc892 [Glitch] Add support for editing for published statuses
Port front-end changes from 1060666c58 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-01-20 00:03:41 +01:00
Claire
1af4618a06 Merge branch 'main' into glitch-soc/merge-upstream 2022-01-19 23:52:53 +01:00
Claire
fe89554a54 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/lib/activitypub/activity/create.rb`:
  Upstream refactored how `Create` activities are handled and how values are
  extracted from `Create`d objects. This conflicted with how glitch-soc
  supported the `directMessage` flag to explicitly distinguish between
  limited and direct messages.
  Ported glitch-soc's changes to latest upstream changes.
- `app/services/fan_out_on_write_service.rb`:
  Upstream largely refactored that file and changed some of the logic.
  This conflicted with glitch-soc's handling of the direct timeline and
  the options to allow replies and boosts in public feeds.
  Ported those glitch-soc changes on top of latest upstream changes.
- `app/services/process_mentions_service.rb`:
  Upstream refactored to move mention-related ActivityPub deliveries to
  `ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check
  to not send local-only toots to remote mentioned users.
  Took upstream's version, as the check is not needed anymore, since it is
  performed at the `ActivityPub::DeliveryWorker` call site already.
- `app/workers/feed_insert_worker.rb`:
  Upstream added support for `update` toot events, while glitch-soc had
  support for an extra timeline support, `direct`.
  Ported upstream changes and extended them to the `direct` timeline.

Additional changes:
- `app/lib/activitypub/parser/status_parser.rb`:
  Added code to handle the `directMessage` flag and take it into account
  to compute visibility.
- `app/lib/feed_manager.rb`:
  Extended upstream's support of `update` toot events to glitch-soc's
  `direct` timeline.
2022-01-19 23:52:48 +01:00