Commit graph

6143 commits

Author SHA1 Message Date
David Yip
79f594fcba Introduce html2text for extracting plaintext from statuses. #236.
Unlike strip_tags, html2text will preserve text present in other nodes,
e.g. anchor tags:

    [1] pry(main)> str = '<a href="http://www.example.com">A link</a>'
    => "<a href=\"http://www.example.com\">A link</a>"
    [2] pry(main)> Html2Text.convert(str)
    => "[A link](http://www.example.com)"
    [3] pry(main)> include ActionView::Helpers::SanitizeHelper
    => Object
    [4] pry(main)> strip_tags(str)
    => "A link"

Preserving the href of an anchor allows keyword mutes to also match on
URLs, which is something that the frontend regex filter can currently
do.
2018-02-10 10:36:16 -06:00
David Yip
00cb763893 Glitch::FilterHelper -> Glitch::KeywordMuteHelper. #234.
The class helps out with keyword mutes, not just some general concept of
"filtering".
2018-02-10 10:36:15 -06:00
Kazushige Tominaga
74c0abdcf7 Added FetchRemoteAccountService spec (#6456)
* Added #link_header spec

* Added #call spec

* Delete spec of private methods

* Added #call spec
2018-02-10 17:10:57 +01:00
ThibG
d12bff875e Fix password recovery (#6459)
* Fix password recovery

* Use “resource” instead of “current_user”
2018-02-10 17:09:44 +01:00
David Yip
a5f1c1f469 Fill out some examples for Glitch::FilterHelper. #234.
Also add HTML entity decoding to Glitch::FilterHelper, which is needed
to e.g. match "<" to the tag-stripped version of "<p><3</p>" or
"<p>&lt;3</p>".
2018-02-10 02:40:27 -06:00
David Yip
e365675e0a Strip HTML from keyword mute input. #234. 2018-02-10 02:40:27 -06:00
Kazushige Tominaga
ab35601c79 Added #call spec (#6455)
* Added #link_header spec

* Added #call spec

* Delete spec of private methods
2018-02-10 03:31:38 +01:00
Eugen Rochko
7ca5a06505 Full-text search for authorized statuses (#6423)
* Add full-text search for authorized statuses

- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index

Fix #5880
Fix #4293
Fix #1152

* Add commented out docker-compose configuration for ES container

* Optimize index import, filter search results

* Add basic normalization to the index

* Add better stemming and normalization to the index

* Skip webfinger request if search query includes both @ and a space

* Fix code style

* Visually separate search result sections

* Fix code style issues
2018-02-09 23:04:47 +01:00
David Yip
7d67b36ba0 Normalize simple_form.en.yml. 2018-02-09 09:41:57 -06:00
David Yip
799b205766 Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
	.travis.yml
	app/lib/user_settings_decorator.rb
	app/models/user.rb
	app/serializers/initial_state_serializer.rb
	app/views/stream_entries/_detailed_status.html.haml
	app/views/stream_entries/_simple_status.html.haml
	config/locales/simple_form.en.yml
2018-02-09 09:25:53 -06:00
masarakki
8f5d41e096 fix-indent (#6453) 2018-02-09 15:29:48 +01:00
Eugen Rochko
26fe2c27c3 Change web UI "posts" to "toots" on profile for consistency (#6447) 2018-02-09 00:27:18 +01:00
Eugen Rochko
219b28e172 Add preference to always display sensitive media (#6448) 2018-02-09 00:26:57 +01:00
Jenkins
777559fa5f Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-02-08 23:17:14 +00:00
Kazushige Tominaga
c208dc4ce7 Perform request spec (#6446)
* Added #link_header spec

* Added #perform_request spec
2018-02-09 08:12:35 +09:00
abcang
c1263f5db5 Clear account cache of notification target_status (#6442) 2018-02-08 15:33:23 +01:00
abcang
1f2aa77758 Fix response of signature_verification_failure_reason (#6441) 2018-02-08 05:00:45 +01:00
Kazushige Tominaga
39eb9eec05 Added #link_header spec (#6439) 2018-02-08 08:17:53 +09:00
Akihiko Odaki
72e284028f Change user_id column non-nullable (#6435) 2018-02-07 16:35:44 +01:00
Jenkins
98c57e4d92 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-02-05 02:17:12 +00:00
Daniel King
752ccc52e8 match hashtag regex in js client with server (#6431)
the slight mismatch in hashtag regex between js and ruby was causing
hashtag warning to be displayed for unlisted tweets when an invalid
hashtag was entered

exact version of ruby regex not possible in js as POSIX bracket
expressions are not supported, this version approximates and doesn't
give same unicode support
2018-02-05 02:44:13 +01:00
David Yip
2b43b1ab6b db/schema.rb: resolve erroneously-unresolved conflict 2018-02-04 17:04:22 -06:00
David Yip
4f8122a98c Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
	.env.production.sample
	app/controllers/auth/confirmations_controller.rb
	db/schema.rb
2018-02-04 16:36:19 -06:00
Eugen Rochko
555e7205da Make PAM gem optional, allow configuration over environment (#6415) 2018-02-04 15:05:53 +01:00
abcang
225fdc2409 Validation of count works even when text of status is nil (#6429) 2018-02-04 12:32:41 +01:00
abcang
6e12cb4524 Exclude nil from relationships array (#6427) 2018-02-04 12:32:10 +01:00
abcang
0092711e16 Make sure status is not nil (#6428) 2018-02-04 12:31:46 +01:00
Daniel King
4ce6ca9bd1 Upgrade Vagrant box to Xenial (#6421)
* upgrade vagrant box to xenial

this allows the redis version to be upgraded to support the new redis
features used in the activity tracker

* add libpam0g package to vagrant box

this is required for native extensions of gems to build after the
addition of PAM support was added in #5303
2018-02-04 06:03:01 +01:00
Renato "Lond" Cerqueira
6528c0c101 Add option to show only local toots in timeline preview (#6292)
* Add option to show only local toots in timeline preview
Right know, toots from all the known fediverse are shown in the main
page of an instance. That however doesn't reflect the instance itself.
With this option the admin may choose to display only local toots so
that users checking the instance get a better idea of internal
conversations.

* Fix issues pointed by codeclimate and eslint

* Add default message for community timeline

* Update pl.yml
2018-02-04 06:00:10 +01:00
Eugen Rochko
5322013f25 CAS + SAML authentication feature (#6425)
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
2018-02-04 05:42:13 +01:00
Jenkins
06d2bfd63f Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-02-04 03:17:11 +00:00
David Yip
5b428b7027 Merge pull request #357 from KnzkDev/fix/detail-style
Fix detailed-status
2018-02-03 20:20:58 -06:00
ncls7615
0318146f16 Fix detailed-status 2018-02-04 10:35:09 +09:00
beatrix
d3e325e047 change referrer policy to same-origin 2018-02-03 14:49:00 -05:00
Akihiko Odaki
ded217f84a Isolate internal services from external networks in Docker configuration (#6369)
The database and Redis do not need external connections, so isolate them
and prevent unauthorized access.
2018-02-03 18:44:22 +01:00
takayamaki
5ad806ecab fix ColumnBackButtonSlim should extended from ColumnBackButton (#6417) 2018-02-03 18:41:51 +01:00
Akihiko Odaki
5892127534 Require environment for generate_static_pages (#6420)
It is required for ApplicationController.
2018-02-03 18:41:01 +01:00
David Yip
6d1023b2e9 Merge remote-tracking branch 'tootsuite/master' into merge-upstream
Conflicts:
      app/javascript/styles/mastodon/components.scss
2018-02-02 08:39:52 -06:00
abcang
48af3df758 Fix column header button (#6411) 2018-02-02 13:31:28 +01:00
abcang
b209de40f4 Fix saving of oEmbed image (#6409) 2018-02-02 11:57:59 +01:00
Akihiko Odaki
1cd049c57b Set minimum height for mastodon on drawer (#6142) 2018-02-02 11:56:50 +01:00
ThibG
f7651c3449 Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207) 2018-02-02 10:54:04 +01:00
Charlotte Fields
9c94c1e66f moved save button (#3792)
* moved save button

* added save back to the bottom

* Update show.html.haml
2018-02-02 10:45:43 +01:00
Akihiko Odaki
180872ddd5 Remove wave from list drawer (#6381) 2018-02-02 10:32:41 +01:00
Akihiko Odaki
f35fadcb9a Unify links container implementation in about pages (#6382)
They were redundant, and also had a inconsistency; the button for
"other instances" had an icon for the external link in "more" page, but
it didn't in the other pages.

This unifies the implementation, and the external link icon is now shown
in all the about pages.
2018-02-02 10:32:21 +01:00
Akihiko Odaki
3cd3cae7f7 Accept ActivityPub announce from the author of the original note (#6236) 2018-02-02 10:22:15 +01:00
puckipedia
081ba8fc90 Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) 2018-02-02 10:19:59 +01:00
Alexander
23ce0c86da pam authentication (#5303)
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
2018-02-02 10:18:55 +01:00
abcang
d3760fd25c Fix mistake in cache deletion (#6408) 2018-02-02 10:10:18 +01:00
Rob Watson
564e2c448b Upgrade Paperclip > 5.2.1 (#6404)
Mitigation for CVE-2017-0889.

https://www.cvedetails.com/cve/CVE-2017-0889/
https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8
2018-02-01 17:54:22 +01:00