Commit graph

13315 commits

Author SHA1 Message Date
Terence Eden
b4ec206994 Add transparancy to modal background for accessibility (#18081)
Fixes #18080 

This keeps the `ui-base-lighter-color` but adds enough transparency so that text is more easily readable.
Tested in Firefox and Chrome.
2022-12-15 17:38:35 +01:00
Arnout Engelen
18e78d2f5a Don't autofocus the compose form (#16517)
When opening a page such as /web/timelines/home in a desktop browser, the
cursor was automatically placed in the textarea of the compose form.

When using the keyboard for navigation (using a browser plugin like vimium or
vim vixen, or just to hit 'space' to scroll down a page), you have remember to
leave the field before using that.

Since you only visit the page to write a new post some of the time, this PR
attempts to have nothing focused initially (and require the user to click or
e.g. use 'tab' to focus the textarea).

Tested:
* /web/timeslines/home no longer autofocuses the compose box
* pressing the 'n' hotkey still focuses the compose box
* clicking 'reply' for a post still focuses the compose box
* replying to a CW'ed post still focuses the compose box
* introducing the CW field still focuses the CW field
* introducing the CW field for a reply still focuses the CW field
* removing the CW field still focuses the compose box
* /web/statuses/new still autofocuses the compose box

fixes #15862
2022-12-15 17:37:05 +01:00
Jeong Arm
429687c59f Add "disabled" user filter for admin/accounts UI (#21282) 2022-12-15 17:30:47 +01:00
Mina Her
520a0c8ea7 Fix margin for search field on medium window size (#21606) 2022-12-15 17:24:38 +01:00
David Vega
4c10de8ae3 Fix single name variables on controller folder (#20092)
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 17:11:58 +01:00
Jeong Arm
0bcfa2b429 Save avatar or header correctly even if other one fails (#18465)
* Save avatar or header correctly if other one fails

* Fix test
2022-12-15 17:11:14 +01:00
Luxiaba
cd49284155 Remove inline-css in logo (#20814) 2022-12-15 17:10:34 +01:00
Yurii Izorkin
d43af3cb19 Add brotli compression (#19025) 2022-12-15 17:07:36 +01:00
Matthías Páll Gissurarson
bf26ee1e27 Fix punycoded local domains not being prettified in initial state (#21440) 2022-12-15 17:05:40 +01:00
Meisam
272ae2baa8 set activation for tag follow button (#21629)
Co-authored-by: meisam <meisam@noreply.codeberg.org>
2022-12-15 17:04:52 +01:00
Claire
c83083eef5 Fix inability to use local LibreTranslate without setting ALLOWED_PRIVATE_ADDRESSES (#21926)
Fixes #20029
2022-12-15 17:04:38 +01:00
Claire
a85c0fc862 Add explanation text to log-in page (#20946) 2022-12-15 16:44:29 +01:00
Fries
0e5b4b87bb Add Montenegrin (cnr) (#21013) 2022-12-15 16:40:57 +01:00
Claire
8985a8d7ec Fix the top action bar appearing in multi-column layout (#20943) 2022-12-15 16:40:45 +01:00
Claire
01f0da2a4f Change CSP directives on API to be tight and concise (#20960) 2022-12-15 16:40:32 +01:00
Kaspar V
d0fb555876 linting: RuboCop update, config fixes (#20574)
* fix(rubocop): update gems and add performance and rspec

fix(rubocop): update gems and add performance and rspec

- update present rubocop gems
- add rubocop-rspec and rubocop-performance gems
- move rubocop gems to gem group :development, :test in order to
  make linting in a github action that runs with RAILS_ENV=test possible

* feat(rubocop): disable some annoyance RSpec cops

To mee these prooved to be more annoying than helpful.
If not agreed, they can be enabled any time.

* fix(rubocop): do not ignore spec/**/*

Because rubocop-rspec should lint the specs as well, and they
deserve to be readable in general. It is relevant code, after all.

* fix(rubocop): change ignore db/**/* to db/schema.rb

because rails cops do some lints for migrations.
E.g. reversable migrations linting and more.

* fix(rubocop): tune rules configs

Bunch of commits squashed:

fix(rubocop): enable Layout/LineLength cop

Because this project has code with line lenghts > 500 chars.
This is not good practice at all, so I strongly suggest to
change the practice in the future.

But allow heredoc, URI and comments to still be long lines
and make the default Max: 120 explicit, by repeating it in the
config. To me this max length seems reasonable. Perhaps
a bit more could be ok for some. But > 500 chars in one line
Seems to be way too long IMHO.

fix(rubocop): Metrics/CyclomaticComplexity Max to 12

The default is 7, perhaps quite strict. But 25 is too loose,
the rule becomes pointless like that.

fix(rubocop): AllCops ruby version, cacheing and more info

- fix the target ruby version from 2.5 to 3.0
- have the cop error messages to be more informative and helpful
- enable cacheing in /tmp

fix(rubocop): Metrics/AbcSize to 34 from 115

Rubocops default is 17. If the rule is at 115 is becomes
pointless.

fix(rubocop): Metrics/BlockLength improvements

- instead of ignoring tasks completely, ignore only the
  long blocks that are specific to tasks (task, namespace)
- ignore also concern specific block methods (included, class_methods)

fix(rubocop): Metrics/ClassLength count heredoc array as one line

fix(rubocop): Metrics/MethodLength Max to 25

- the default is 10, but 65 is too loose, so perhaps 25?

fix(rubocop): Metrics/ModuleLength array and heredoc count as one

fix(rubocop): Metrics/PerceivedComplexity to 16 from 25

Rubocops default is 8, so how about only doubling that, instead
of > than tripple it?

fix(rubocop): enable Style/RedundantAssignment

Because I think that this rule would never really hurt,
but improve code quality and readability.

fix(rubocop): enable Style/RescueStandardError

I think everyone that ever had to debug what this can bring
will hopefully agree that this rule totally makes sense.
In the super rare exeptions where this is totally needed,
it can be excluded by disabling comment in that place.

fix(rubocop): Metrics/ParameterLists add explicit defaults and some excludes
2022-12-15 16:39:59 +01:00
Neil Matatall
728cfe0c1c Use Rails tag API to build RSS feed for spoilers and polls (#20163)
* Use Rails tag API to build RSS feed for spoilers and polls

While the previous method did not contain a bug or a potential issue,
the tag API can be very resilient against future problems and reduces the
amount of manual management of the escape status of the content.

I've added tests to ensure that the formatting is broken and still
escapes control characters correctly.

* this seems cleaner and passes

* Incorporate feedback by moving the br to its own line and using the tag helper over the string constant for the br tag itself

* whoops, tag helper doesn't use a self-closing tag
2022-12-15 16:39:41 +01:00
Dan Peterson
2a98aad36d Fix default S3_HOSTNAME used in mastodon:setup (#19932)
s3-us-east-1.amazonaws.com does not exist.

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 16:38:51 +01:00
Colin Mitchell
017ec81873 Add environment variable to configure sidekiq concurrency (#19589)
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 16:38:37 +01:00
Nick Schonning
691a69adf5 Fix typo in handler function call name (#21829) 2022-12-15 16:37:17 +01:00
Connor Shea
5475089960 Increase the width of the unread notification border. (#21692)
The smaller border is difficult to see for some users, especially
when the browser window was thinner, and so the unread border is at the
very left edge of the window.
2022-12-15 16:37:07 +01:00
Francis Murillo
1bfc5af0a7 Render current day formats in the client timezone (#21878)
* Fix remaining plain %time to %time.formatted

* Add %time.relative-formatted to client format dates on the current day

* Add missing comma dangle to formats

* Use client side message format instead of the server

* Add fallback message to relatve_format.today

* Remove unused translation key and fix js lint issue

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 16:35:25 +01:00
trwnh
c6161591bf Add localization for new admin scopes (#20979)
* Add localization for new admin scopes

* run bundle exec i18n-tasks normalize
2022-12-15 16:21:13 +01:00
Ikko Ashimine
3c4c932938 Fix typo in application_helper_spec.rb (#20981)
enviroment -> environment
2022-12-15 16:20:55 +01:00
Yamagishi Kazutoshi
21ffc2340f FormattedMessage must be used directly (#20982)
* `FormattedMessage` must be used directly

* rollback
2022-12-15 16:20:46 +01:00
Pleclown
8993b7d630 Adding 12 hours option for polls (#21131)
* Adding 12 hours option for polls

Adding 12 hours option for polls

* Adding 12 hours option for polls

Missing > on a line
2022-12-15 16:20:34 +01:00
Alex Stine
ce1103a154 Fix hidden label causing accessibility issue for search inputs (#21275)
* Try unhiding search label.

* Use aria-label. Remove label as empty labels are useless.

* Remove addition of package-lock.json.
2022-12-15 16:20:21 +01:00
Matt Hodges
7ea3a33c86 Embed js height fix (#22141)
* only begin iframe reheight once document state is complete

* format

* lint fixes

* Update public/embed.js to use readystatechange event listener

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Call loaded() if ready, otherwise add listenter

* lint fix

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-12-15 16:18:59 +01:00
Jeremy Kescher
4afb0ba152 Fix being unable to react with the keycap number sign emoji (#22231)
#⃣

This bug is caused by the emoji consisting of:
U+23 #
U+FE0F
U+20E3  ⃣

Because it starts with a #, it's interpreted as an anchor link, which is not passed to the API. Therefore, the API sees no emoji to react with and answers correctly with a 404.
2022-12-15 16:18:39 +01:00
nametoolong
93ad2aba5e Fix N+1 queries from in NotificationsController (#21202)
Co-authored-by: Nonexistent <nx@example.org>
2022-12-15 16:18:20 +01:00
luzpaz
11b7735fb3 Fix typos in source documentation (#21046)
Fixed 2 source comment/documentation typos
2022-12-15 15:57:26 +01:00
Moritz Heiber
c16cab7c3c Add hadolint as Dockerfile linter (#20993)
* Added hadolint as Dockerfile linter in pipeline and resolved remaining hadolint issues in Dockerfile

* Use more specific version of hadolint Action

* Bumpt hadolint Action version to latest version to avoid deprecation notice

* Being _really_ specific now
2022-12-15 15:57:17 +01:00
Riedler
b80d7c9f00 Fix profile avatar being slightly offset into left border (fixes #20822) (#20994)
* hotfix for #20822

I don't know why it was shifted in the first place or why the width is specified twice, but this fixes the problem, so it looks fine to me.

* realigned pfp with content below

* fixed formatting 

my bad

* added comment to explain the negative margin

before I forget - comments are *important* !

Co-authored-by: Riedler <riedler@gelse.eu>
2022-12-15 15:57:02 +01:00
s0
289097866b Fix crash in elasticsearch_check.rb (#21006)
Nil unwrap causes the admin dashboard to crash/500 when the Chewy client info version number value is nil.
This occurs when running another ES-compatible backend such as MeiliSearch.
Obviously it would be good for chewy to recognise upstream but at least avoiding the crash would be fine.
2022-12-15 15:56:48 +01:00
Effy Elden
c7d4d21d99 Allow adding relays while secure mode & limited federation mode are enabled (#22324) 2022-12-15 15:56:05 +01:00
Claire
cd7d124e21 Fix invalid CSS for links in warning and strike cards (#22302) 2022-12-15 15:52:18 +01:00
Jeong Arm
53b6623136 Don't delivery a reply to domains which are blocked by author (#22117)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-12-15 15:52:06 +01:00
Justin Hutchings
ee1ff3bd9f Add CodeQL workflow (#21894) 2022-12-15 15:51:13 +01:00
Claire
50aecc6738 Fix missing Javascript in domain block import confirmation page (#21471)
Follow-up to #20597
2022-12-15 15:47:23 +01:00
Francis Murillo
3a11a90dd3 Revoke all authorized applications on password reset (#21325)
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Claire
4adc6160ad Change dropdown menu to contain “Copy link to post” even for non-public posts (#21316)
Fixes #21244
2022-12-15 15:43:16 +01:00
Meisam
ad2610c413 Validate nodeinfo response by schema (#21395)
* add json-schema to :test in Gemfile

* Create node_info_2.0_schema.json

* test match_response_schema

* Create match_response_schema.rb

* Update nodeinfo_controller_spec.rb

* Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json

* Update match_response_schema.rb

* cleanup

* additionally validate the json schema itself

disable throwing errors

test the schema matcher

* rename nodeinfo schema to nodeinfo_2.0

* use Rails.root.join to construct the path

* prettify json

* sync Gemfile.lock
2022-12-15 15:43:05 +01:00
Claire
762efea31f Add --email and --dry-run options to tootctl accounts delete (#22328) 2022-12-15 14:52:50 +01:00
Claire
747da76540 Allow admins to refresh remotely-suspended accounts (#22327)
* Change suspension text to mention that a remotely suspended account is not locally-suspended

* Add ability to refresh profile of remotely suspended accounts
2022-12-15 14:15:50 +01:00
Claire
76d3dc633f Fix wasteful request to /api/v1/custom_emojis when not logged in (#22326) 2022-12-15 14:07:34 +01:00
Evan
2d3b9084db Add command to remove avatar and header images of inactive remote accounts from the local database (#22149)
* Add tootctl subcommand media remove-profile-media

* Trigger workflows

* Correcting external linting

* External linting error

* External linting fix

* Merging with remove command

* Linting

* Correct long option names

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Correct long option names

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Correct long option names

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Remove saving a list of purged accounts

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-12-14 19:50:07 +01:00
dependabot[bot]
10e6493c7c Bump postcss from 8.4.19 to 8.4.20 (#22256)
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.19 to 8.4.20.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.19...8.4.20)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 05:41:52 +09:00
dependabot[bot]
c452585f04 Bump rails-html-sanitizer from 1.4.3 to 1.4.4 (#22279)
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.3...v1.4.4)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 05:41:34 +09:00
dependabot[bot]
d8542c2459 Bump loofah from 2.19.0 to 2.19.1 (#22278)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.19.0 to 2.19.1.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.19.0...v2.19.1)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 05:34:07 +09:00
dependabot[bot]
135882f9f8 Bump public_suffix from 5.0.0 to 5.0.1 (#22259)
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/weppos/publicsuffix-ruby/releases)
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: public_suffix
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 05:31:21 +09:00