Merge upstream

app/models/account.rb

@@ -68,8 +68,8 @@ class Account < ApplicationRecord
   DEFAULT_FIELDS_SIZE = 4
   INSTANCE_ACTOR_ID = -99
 
-  USERNAME_RE   = /[a-z0-9_]+([a-z0-9_.-]+[a-z0-9_]+)?/i
-  MENTION_RE    = %r{(?<![=/[:word:]])@((#{USERNAME_RE})(?:@[[:word:].-]+[[:word:]]+)?)}
+  USERNAME_RE   = /[a-z0-9_]+([.-]+[a-z0-9_]+)*/i
+  MENTION_RE    = %r{(?<![=/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]]+([.-]+[[:word:]]+)*)?)}
   URL_PREFIX_RE = %r{\Ahttp(s?)://[^/]+}
   USERNAME_ONLY_RE = /\A#{USERNAME_RE}\z/i
   USERNAME_LENGTH_LIMIT = 72

app/models/account_filter.rb

@@ -21,7 +21,7 @@ class AccountFilter
   end
 
   def results
-    scope = Account.includes(:account_stat, user: [:ips, :invite_request]).without_instance_actor.reorder(nil)
+    scope = Account.includes(:account_stat, user: [:ips, :invite_request]).without_instance_actor
 
     relevant_params.each do |key, value|
       next if key.to_s == 'page'

app/models/admin/tag_filter.rb

@@ -14,7 +14,7 @@ class Admin::TagFilter
   end
 
   def results
-    scope = Tag.reorder(nil)
+    scope = Tag.all
 
     params.each do |key, value|
       next if key == :page

app/models/concerns/account/avatar.rb

@@ -7,10 +7,13 @@ module Account::Avatar
   LIMIT = 200.megabytes
   MAX_PIXELS = 5_000_000 # 1500x500px
 
+  AVATAR_DIMENSIONS = [400, 400].freeze
+  AVATAR_GEOMETRY = [AVATAR_DIMENSIONS.first, AVATAR_DIMENSIONS.last].join('x')
+
   class_methods do
     def avatar_styles(file)
-      styles = { original: { geometry: '400x400#', file_geometry_parser: FastGeometryParser } }
-      styles[:static] = { geometry: '400x400#', format: 'png', convert_options: '-coalesce', file_geometry_parser: FastGeometryParser } if file.content_type == 'image/gif'
+      styles = { original: { geometry: "#{AVATAR_GEOMETRY}#", file_geometry_parser: FastGeometryParser } }
+      styles[:static] = { geometry: "#{AVATAR_GEOMETRY}#", format: 'png', convert_options: '-coalesce', file_geometry_parser: FastGeometryParser } if file.content_type == 'image/gif'
       styles
     end
 

app/models/concerns/account/header.rb

@@ -5,7 +5,10 @@ module Account::Header
 
   IMAGE_MIME_TYPES = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'].freeze
   LIMIT = 200.megabytes
-  MAX_PIXELS = 5_000_000 # 1500x500px
+
+  HEADER_DIMENSIONS = [6000, 2000].freeze
+  HEADER_GEOMETRY = [HEADER_DIMENSIONS.first, HEADER_DIMENSIONS.last].join('x')
+  MAX_PIXELS = HEADER_DIMENSIONS.first * HEADER_DIMENSIONS.last
 
   class_methods do
     def header_styles(file)

app/models/export.rb

@@ -55,42 +55,6 @@ class Export
     end
   end
 
-  def total_storage
-    account.media_attachments.sum(:file_file_size)
-  end
-
-  def total_statuses
-    account.statuses_count
-  end
-
-  def total_bookmarks
-    account.bookmarks.count
-  end
-
-  def total_follows
-    account.following_count
-  end
-
-  def total_lists
-    account.owned_lists.count
-  end
-
-  def total_followers
-    account.followers_count
-  end
-
-  def total_blocks
-    account.blocking.count
-  end
-
-  def total_mutes
-    account.muting.count
-  end
-
-  def total_domain_blocks
-    account.domain_blocks.count
-  end
-
   private
 
   def to_csv(accounts)

app/models/form/admin_settings.rb

@@ -73,6 +73,8 @@ class Form::AdminSettings
     authorized_fetch: :authorized_fetch_mode?,
   }.freeze
 
+  DESCRIPTION_LIMIT = 200
+
   attr_accessor(*KEYS)
 
   validates :registrations_mode, inclusion: { in: %w(open approved none) }, if: -> { defined?(@registrations_mode) }
@@ -82,7 +84,7 @@ class Form::AdminSettings
   validates :show_domain_blocks, inclusion: { in: %w(disabled users all) }, if: -> { defined?(@show_domain_blocks) }
   validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }, if: -> { defined?(@show_domain_blocks_rationale) }
   validates :media_cache_retention_period, :content_cache_retention_period, :backups_retention_period, numericality: { only_integer: true }, allow_blank: true, if: -> { defined?(@media_cache_retention_period) || defined?(@content_cache_retention_period) || defined?(@backups_retention_period) }
-  validates :site_short_description, length: { maximum: 200 }, if: -> { defined?(@site_short_description) }
+  validates :site_short_description, length: { maximum: DESCRIPTION_LIMIT }, if: -> { defined?(@site_short_description) }
   validates :status_page_url, url: true, allow_blank: true
   validate :validate_site_uploads
 

app/models/remote_follow.rb

@@ -3,7 +3,6 @@
 class RemoteFollow
   include ActiveModel::Validations
   include RoutingHelper
-  include WebfingerHelper
 
   attr_accessor :acct, :addressable_template
 
@@ -66,7 +65,7 @@ class RemoteFollow
   end
 
   def acct_resource
-    @acct_resource ||= webfinger!("acct:#{acct}")
+    @acct_resource ||= Webfinger.new("acct:#{acct}").perform
   rescue Webfinger::Error, HTTP::ConnectionError
     nil
   end

app/models/report_filter.rb

@@ -18,13 +18,25 @@ class ReportFilter
   def results
     scope = Report.unresolved
 
-    params.each do |key, value|
+    relevant_params.each do |key, value|
       scope = scope.merge scope_for(key, value)
     end
 
     scope
   end
 
+  private
+
+  def relevant_params
+    params.tap do |args|
+      args.delete(:target_origin) if origin_is_remote_and_domain_present?
+    end
+  end
+
+  def origin_is_remote_and_domain_present?
+    params[:target_origin] == 'remote' && params[:by_target_domain].present?
+  end
+
   def scope_for(key, value)
     case key.to_sym
     when :by_target_domain

app/models/session_activation.rb

@@ -28,6 +28,8 @@ class SessionActivation < ApplicationRecord
 
   before_create :assign_access_token
 
+  DEFAULT_SCOPES = %w(read write follow).freeze
+
   class << self
     def active?(id)
       id && exists?(session_id: id)
@@ -64,7 +66,7 @@ class SessionActivation < ApplicationRecord
     {
       application_id: Doorkeeper::Application.find_by(superapp: true)&.id,
       resource_owner_id: user_id,
-      scopes: 'read write follow',
+      scopes: DEFAULT_SCOPES.join(' '),
       expires_in: Doorkeeper.configuration.access_token_expires_in,
       use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?,
     }

app/models/user.rb

@@ -71,7 +71,8 @@ class User < ApplicationRecord
   ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
 
   devise :two_factor_authenticatable,
-         otp_secret_encryption_key: Rails.configuration.x.otp_secret
+         otp_secret_encryption_key: Rails.configuration.x.otp_secret,
+         otp_secret_length: 32
 
   include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
 

app/models/web/push_subscription.rb

@@ -29,26 +29,6 @@ class Web::PushSubscription < ApplicationRecord
 
   delegate :locale, to: :associated_user
 
-  def encrypt(payload)
-    Webpush::Encryption.encrypt(payload, key_p256dh, key_auth)
-  end
-
-  def audience
-    @audience ||= Addressable::URI.parse(endpoint).normalized_site
-  end
-
-  def crypto_key_header
-    p256ecdsa = vapid_key.public_key_for_push_header
-
-    "p256ecdsa=#{p256ecdsa}"
-  end
-
-  def authorization_header
-    jwt = JWT.encode({ aud: audience, exp: 24.hours.from_now.to_i, sub: "mailto:#{contact_email}" }, vapid_key.curve, 'ES256', typ: 'JWT')
-
-    "WebPush #{jwt}"
-  end
-
   def pushable?(notification)
     policy_allows_notification?(notification) && alert_enabled_for_notification_type?(notification)
   end
@@ -92,14 +72,6 @@ class Web::PushSubscription < ApplicationRecord
     )
   end
 
-  def vapid_key
-    @vapid_key ||= Webpush::VapidKey.from_keys(Rails.configuration.x.vapid_public_key, Rails.configuration.x.vapid_private_key)
-  end
-
-  def contact_email
-    @contact_email ||= ::Setting.site_contact_email
-  end
-
   def alert_enabled_for_notification_type?(notification)
     truthy?(data&.dig('alerts', notification.type.to_s))
   end