* Fix email with empty domain name labels passing validation
`EmailMxValidator` would allow empty labels because `Resolv::DNS` is
particularly lenient about them, but the email would be invalid and
unusable.
* Add tests
Conflicts:
- `config/i18n-tasks.yml`:
Upstream added new ignored strings, glitch-soc has extra ignored strings
because of the theming system.
Added upstream's changes.
* Return specific error on failure to parse Date header
* Add error message when preferredUsername is not set
* Change error report to be JSON and include more details
* Change error report to differentiate unknown account and failed refresh
* Add tests
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes#21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
Conflicts:
- `app/models/status.rb`:
Minor upstream refactor moved hook definitions around,
and glitch-soc has an extra `before_create`.
Moved the `before_create` accordingly.
- `app/services/batched_remove_status_service.rb`:
Minor upstream refactor changed a block in which glitch-soc
had one extra call to handle direct timelines.
Adapted changes to keep glitch-soc's extra call.
Conflicts:
- `README.md`:
Upstream updated its README, while we have a completely different one.
Kept our README.
- `app/controllers/concerns/web_app_controller_concern.rb`:
Conflict because of glitch-soc's theming system.
Additionally, glitch-soc has different behavior regarding moved accounts.
Ported some of the changes, but kept our overall behavior.
- `app/javascript/packs/admin.js`:
Code changes actually applied to `app/javascript/core/admin.js`
* Fix possible race conditions when suspending/unsuspending accounts
* Fix tests
Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
* Fix home tl contains post from who blocked me
* Add test
* Fix feed_manager's build_crutches
blocked_by was not includes status' owner
* Add test for status from I blocked
* Fix typo
Conflicts:
- `README.md`:
Discarded upstream changes: we have our own README
- `app/controllers/follower_accounts_controller.rb`:
Port upstream's minor refactoring
* Use Rails tag API to build RSS feed for spoilers and polls
While the previous method did not contain a bug or a potential issue,
the tag API can be very resilient against future problems and reduces the
amount of manual management of the escape status of the content.
I've added tests to ensure that the formatting is broken and still
escapes control characters correctly.
* this seems cleaner and passes
* Incorporate feedback by moving the br to its own line and using the tag helper over the string constant for the br tag itself
* whoops, tag helper doesn't use a self-closing tag
* Clear sessions on password change
* Rename User::clear_sessions to revoke_access for a clearer meaning
* Add reset paassword controller test
* Use User.find instead of User.find_for_authentication for reset password test
* Use redirect and render for better test meaning in reset password
Co-authored-by: Effy Elden <effy@effy.space>
Conflicts:
- `app/models/concerns/domain_materializable.rb`:
Fixed a code style issue upstream in a PR that got merged in glitch-soc
earlier.
Changed the code to match upstream's.
* Fix trying to fetch posts from other users when fetching featured posts
* Rate-limit discovery of new subdomains
* Put a limit on recursively discovering new accounts
* Fix trying to fetch posts from other users when fetching featured posts
* Rate-limit discovery of new subdomains
* Put a limit on recursively discovering new accounts
* Use a tree‐based approach for adv. text formatting
Sanitizing HTML/Markdown means parsing the content into an HTML tree
under‐the‐hood anyway, and it is more accurate to do mention/hashtag
replacement on the text nodes in that tree than it is to try to hack it
in with regexes et cetera.
This undoes the overrides of `#entities` and `#rewrite` on
`AdvancedTextFormatter` but also stops using them, instead keeping
track of the parsed Nokogiri tree itself and using that in the `#to_s`
method.
Internally, this tree uses `<mastodon-entity>` nodes to keep track of
hashtags, links, and mentions. Sanitization is moved to the beginning,
so it should be known that these do not appear in the input.
* Also disallow entities inside of `<code>`
I think this is generally expected behaviour, and people are annoyed
when their code gets turned into links/hashtags/mentions.
* Minor cleanup to AdvancedTextFormatter
* Change AdvancedTextFormatter to rewrite entities in one pass and sanitize at the end
Also, minor refactoring to better match how other formatters are organized.
* Add some tests
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Don't allow URLs that contain non-normalized paths to be verified
This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".
Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.
* missing do
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed how docker images were built, including how
they were cached.
I don't know much about it, so applied upstream's changes.
- `app/controllers/admin/domain_blocks_controller.rb`:
The feature, that was in glitch-soc, got backported upstream.
It also had a few fixes upstream, so those have been ported!
- `app/javascript/packs/admin.js`:
Glitch-soc changes have been backported upstream. As a result,
some code from `app/javascript/core/admin.js` got added upstream.
Kept our version since our shared Javascript already has that feature.
- `app/models/user.rb`:
Upstream added something to distinguish unusable and unusable-because-moved
accounts, while glitch-soc considers moved accounts usable.
Took upstream's code for `functional_or_moved?` and made `functional?`
call it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream cleaned up code style a bit, on a line that we had custom changes
for.
Applied upstream's change while keeping our change.
- `config/initializers/content_security_policy.rb`:
Upstream adopted one CSP directive we already had.
The conflict is because of our files being structurally different, but the
change itself was already part of glitch-soc.
Kept our version.
Before this change, the following error would cause VerifyAccountLinksWorker to fail:
NoMethodError: undefined method `downcase' for nil:NilClass
[PROJECT_ROOT]/app/services/verify_link_service.rb:31 :in `block in link_back_present?`
Conflicts:
- `app/views/admin/announcements/edit.html.haml`:
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
- `app/views/admin/announcements/new.html.haml`
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
* Test blank account field verifiability
This change tests the need for #20428, which ensures that we guard against a situation in which `at_xpath` returns `nil`.
* Test verifiability of blank fields for remote account profiles
This adds a counterpart test for remote account profiles' fields' verifiability when those fields are blank. I previously added the same test for local accounts.
Conflicts:
- `app/models/account.rb`:
Conflict because we (glitch-soc) have disabled trending of posts without
review.
Discarded that upstream change.
- `app/views/admin/settings/discovery/show.html.haml`:
Just an extra setting in glitch-soc.
Kept that extra setting.
Conflicts:
- `app/models/custom_emoji.rb`:
Not a real conflict, just upstream changing a line too close to
a glitch-soc-specific validation.
Applied upstream changes.
- `app/models/public_feed.rb`:
Not a real conflict, just upstream changing a line too close to
a glitch-soc-specific parameter documentation.
Applied upstream changes.
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
Found via `codespell -q 3 -S ./yarn.lock,./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,followings,keypair,medias,pattens,pixelx,rememberable,ro,te`
* Fix followers count not being updated when migrating follows
Fixes#19900
* Fix validation error in SynchronizeFeaturedTagsCollectionWorker
Also saves remote user's chosen case for hashtags
* Limit remote featured tags before validation
Conflicts:
- `app/javascript/mastodon/features/compose/components/poll_form.js`:
glitch-soc change because of having changed the default number of
available poll options.
Applied upstream's changes while keeping glitch-soc's default number of
poll options.
- `public/oops.png`:
We had a minor graphics change, probably not worth diverging from upstream.
Took upstream version.
- Improve tests
- Fix possible crash when application of a reblogged post isn't set
- Fix discrepancies around favourited and reblogged attributes
- Fix discrepancies around pinned attribute
- Fix polls not being hydrated
Conflicts:
- `app/javascript/mastodon/locales/ja.json`:
Upstream change too close to a glitch-soc-specific string.
The glitch-soc-specific string should not have been in this file, so it
has been moved to `app/javascript/flavours/glitch/locales/ja.js`.
- `app/javascript/packs/public.js`:
Upstream refactored a part, that as usual is split and duplicated in various
pack files. Updated those pack files accordingly.
- `app/views/layouts/application.html.haml`:
Upstream fixed custom.css path in a different way than we did, went with
upstream's change.
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
* Change public accounts pages to mount the web UI
* Fix handling of remote usernames in routes
- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict
* Fix missing `multiColumn` prop
* Fix failing test
* Use `discoverable` attribute to control indexing directives
* Fix `<ColumnLoading />` not using `multiColumn`
* Add `noindex` to accounts in REST API
* Change noindex directive to not be rendered by default before a route is mounted
* Add loading indicator for detailed status in web UI
* Fix missing indicator appearing while account is loading in web UI
Cherry-picked d2528b26b6
Conflicts:
- `app/serializers/initial_state_serializer.rb`:
Upstream changed stuff, we had extra attributes.
Applied upstream changes while keeping our extra attributes.
- `app/serializers/rest/instance_serializer.rb`:
Upstream actually moved that to `app/serializers/rest/v1/instance_serializer.rb`,
so updated that file by keeping our extra attributes, and took upstream's
version of `app/serializers/rest/instance_serializer.rb`.
- `spec/views/about/show.html.haml_spec.rb`:
Took upstream's version.
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
Conflicts:
- `app/controllers/home_controller.rb`:
Upstream made it so `/web` is available to non-logged-in users
and `/` redirects to `/web` instead of `/about`.
Kept our version since glitch-soc's WebUI doesn't have what's
needed yet and I think /about is still a much better landing
page anyway.
- `app/models/form/admin_settings.rb`:
Upstream added new settings, and glitch-soc had an extra setting.
Not really a conflict.
Added upstream's new settings.
- `app/serializers/initial_state_serializer.rb`:
Upstream added a new `server` initial state object.
Not really a conflict.
Merged upstream's changes.
- `app/views/admin/settings/edit.html.haml`:
Upstream added new settings.
Not really a conflict.
Merged upstream's changes.
- `app/workers/scheduler/feed_cleanup_scheduler.rb`:
Upstream refactored that part and removed the file.
Ported our relevant changes into `app/lib/vacuum/feeds_vacuum.rb`
- `config/settings.yml`:
Upstream added new settings.
Not a real conflict.
Added upstream's new settings.
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService
ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account
* Refactor SignatureVerification to allow non-Account actors
* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService
* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors
* Refactor inbound ActivityPub payload processing to accept non-Account actors
* Refactor inbound ActivityPub processing to accept activities relayed through non-Account
* Refactor how Account key URIs are built
* Refactor Request and drop unused key_id_format parameter
* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
* Add a more descriptive PrivateNetworkAddressError exception class
* Remove unnecessary exception class to rescue clause
* Remove unnecessary include to JsonLdHelper
* Give more neutral error message when too many webfinger redirects
* Remove unnecessary guard condition
* Rework how “ActivityPub::FetchRemoteAccountService” handles errors
Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).
* Rework how “ActivityPub::FetchRemoteKeyService” handles errors
Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).
* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error
* Add suppress_errors option to ResolveAccountService
Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.
* Return more precise error when failing to fetch account signing AP payloads
* Add tests
* Fixes
* Refactor error handling a bit
* Fix various issues
* Add specific error when provided Digest is not 256 bits of base64-encoded data
* Please CodeClimate
* Improve webfinger error reporting
Conflicts:
- `app/controllers/settings/preferences_controller.rb`:
Upstream dropping `digest` from notifications emails while we have more
notification emails settings.
Removed `digest` from our list while keeping our extra settings.
- `app/javascript/packs/admin.js`:
Conflicts caused by glitch-soc's theming system.
Applied the changes to `app/javascript/core/admin.js`.
- `app/views/settings/preferences/other/show.html.haml`:
Upstream removed a setting close to a glitch-soc-only setting.
Applied upstream's change.
* Add database table for status-specific filters
* Add REST endpoints, entities and attributes
* Show status filters in /filters interface
* Perform server-side filtering for individual posts filters
* Fix filtering on context mismatch
* Refactor `toServerSideType` by moving it to its own module
* Move loupe and delete icons to their own module
* Add ability to filter individual posts from WebUI
* Replace keyword list by warnings (expired, context mismatch)
* Refactor server-side filtering code
* Add tests
- `.env.production.sample`:
Our sample config file is very different from upstream since it is much more
complete. Upstream added documentation for a few env variables.
Copied the new variables/documentation from upstream.
- `app/lib/feed_manager.rb`:
Upstream added a timeline type (hashtags), while glitch-soc already had an
extra one (direct messages). Not really a conflict but textually close
changes.
Ported upstream's changes.
- `app/models/custom_emoji.rb`:
Upstream upped the custom emoji size limit, while glitch-soc had configurable
limits.
Upped the default limits accordingly.
- `streaming/index.js`:
Upstream reworked how hastags were normalized. Minor conflict due to
glitch-soc's handling of instance-local posts.
Ported upstream's changes.
Conflicts:
- `app/controllers/admin/base_controller.rb`:
Minor conflict caused by glitch-soc's theming system.
- `app/javascript/mastodon/initial_state.js`:
Minor conflict caused by glitch-soc making use of max_toot_chars.
- `app/models/form/admin_settings.rb`:
Minor conflict caused by glitch-soc's theming system.
- `app/models/trends.rb`:
Minor conflict caused by glitch-soc having more granular
notification settings for trends.
- `app/views/admin/accounts/index.html.haml`:
Minor conflict caused by glitch-soc's theming system.
- `app/views/admin/instances/show.html.haml`:
Minor conflict caused by glitch-soc's theming system.
- `app/views/layouts/application.html.haml`:
Minor conflict caused by glitch-soc's theming system.
- `app/views/settings/preferences/notifications/show.html.haml`:
Minor conflict caused by glitch-soc having more granular
notification settings for trends.
- `config/navigation.rb`:
Minor conflict caused by glitch-soc having additional
navigation items for the theming system while upstream
slightly changed every line.
Conflicts:
- `.github/workflows/build-image.yml`:
Fix erroneous deletion in a previous merge.
- `Gemfile`:
Conflict caused by glitch-soc-only hCaptcha dependency
- `app/controllers/auth/sessions_controller.rb`:
Minor conflict due to glitch-soc's theming system.
- `app/controllers/filters_controller.rb`:
Minor conflict due to glitch-soc's theming system.
- `app/serializers/rest/status_serializer.rb`:
Minor conflict due to glitch-soc having an extra `local_only` property
* Add model for custom filter keywords
* Use CustomFilterKeyword internally
Does not change the API
* Fix /filters/edit and /filters/new
* Add migration tests
* Remove whole_word column from custom_filters (covered by custom_filter_keywords)
* Redesign /filters
Instead of a list, present a card that displays more information and handles
multiple keywords per filter.
* Redesign /filters/new and /filters/edit to add and remove keywords
This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.
* Add /api/v2/filters to edit filter with multiple keywords
Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
`keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`
API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
`keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
`keywords_attributes` can also be passed to edit, delete or add keywords in
one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword
* Change from `irreversible` boolean to `action` enum
* Remove irrelevent `irreversible_must_be_within_context` check
* Fix /filters/new and /filters/edit with update for filter_action
* Fix Rubocop/Codeclimate complaining about task names
* Refactor FeedManager#phrase_filtered?
This moves regexp building and filter caching to the `CustomFilter` class.
This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.
* Perform server-side filtering and output result in REST API
* Fix numerous filters_changed events being sent when editing multiple keywords at once
* Add some tests
* Use the new API in the WebUI
- use client-side logic for filters we have fetched rules for.
This is so that filter changes can be retroactively applied without
reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
(e.g. network error, or initial timeline loading)
* Minor optimizations and refactoring
* Perform server-side filtering on the streaming server
* Change the wording of filter action labels
* Fix issues pointed out by linter
* Change design of “Show anyway” link in accordence to review comments
* Drop “irreversible” filtering behavior
* Move /api/v2/filter_keywords to /api/v1/filters/keywords
* Rename `filter_results` attribute to `filtered`
* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer
* Fix systemChannelId value in streaming server
* Simplify code by removing client-side filtering code
The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
- `GET /api/v1/admin/domain_allows` lists allowed domains
- `GET /api/v1/admin/domain_allows/:id` shows one by ID
- `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list
of allowed domains
- `POST /api/v1/admin/domain_allows` to allow a new domain:
if that domain is already allowed, the existing DomainAllow will be returned
Conflicts:
- `README.md`:
Our README is completely different. Discarded upstream changes.
- `app/javascript/packs/mailer.js`:
We had removed the file. Move the changes to `app/javascript/core/mailer.js`.
- Add rake task for generating Apple/Android icons and favicons from SVG
- Add rake task for generating PNG icons and logos for e-mails from SVG
- Remove obsolete Microsoft icons and configuration
- Remove PWA shortcut icons
Conflicts:
- `app/javascript/styles/fonts/montserrat.scss`:
Code style changes upstream, path changes in glitch-soc.
Applied upstream's code style changes.
- `app/javascript/styles/fonts/roboto-mono.scss`:
Code style changes upstream, path changes in glitch-soc.
Applied upstream's code style changes.
- `app/javascript/styles/fonts/roboto.scss`:
Code style changes upstream, path changes in glitch-soc.
Applied upstream's code style changes.
- `app/models/account.rb`:
Textual conflict only caused by glitch-soc using a different value
for character limits in a nearby line.
Applied upstream's changes.
- `app/views/statuses/_simple_status.html.haml`:
Attribute added to a tag modified by glitch-soc.
Added upstream's attributes.
- `yarn.lock`:
Upstream added/updated dependencies close to glitch-soc-only ones.
Updated/added upstream dependencies.
* Add /api/v1/admin/domain_blocks
Fixes#18140
- `GET /api/v1/admin/domain_blocks` lists domain blocks
- `GET /api/v1/admin/domain_blocks/:id` shows one by ID
- `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block
- `POST /api/v1/admin/domain_blocks` to create a new domain block:
if it conflicts with an existing one, returns an error with
an attribute `existing_domain_block` with the rendered domain block
* Simplify conflict handling as suggested in review
* Change unapproved and unconfirmed account to not be accessible in the REST API
* Change Account#searchable? to reject unconfirmed and unapproved users
* Disable search for unapproved and unconfirmed users in Account.search_for
* Disable search for unapproved and unconfirmed users in Account.advanced_search_for
* Remove unconfirmed and unapproved accounts from Account.searchable scope
* Prevent mentions to unapproved/unconfirmed accounts
* Fix some old tests for Account.advanced_search_for
* Add some Account.advanced_search_for tests for existing behaviors
* Add some tests for Account.search_for
* Add Account.advanced_search_for tests unconfirmed and unapproved accounts
* Add Account.searchable tests
* Fix Account.without_unapproved scope potentially messing with previously-applied scopes
* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup
This is so that the API can still be used to check whether an username is free
to use.
* Remove duplicate in_chosen_languages definition
* Use `DEFAULT_FIELDS_SIZE` instead of `MAX_FIELDS` to reduce code differences with upstream
* Remove duplicate annotation
* Fix incorrect cross-flavor imports
* Remove deprecated `hide_network` setting (replaced by account column)
* Remove unused KeywordMutesHelper
* Remove trailing spaces
* Remove commit_hash from InstancePresenter, as it has been unused since mid-2017
Conflicts:
- `package.json`:
Not really a conflict, upstream updated a dependency textually adjacent to a
glitch-soc-only one.
Updated the dependency as upstream did.
* Change RSS feeds
- Use date and time for titles instead of ellipsized text
- Use full content in body, even when there is a content warning
- Use media extensions
* Change feed icons and add width and height attributes to custom emojis
* Fix custom emoji animate on hover breaking
* Fix tests
Conflicts:
- `package.json`:
Not really a conflict, upstream updated a dependency textually adjacent to a
glitch-soc-only one.
Updated the dependency as upstream did.
Conflicts:
- `app/javascript/packs/admin.js`:
Conflicts due to glitch-soc's theming system.
Upstream changes have been ported to `app/javascript/core/admin.js`
- `app/models/trends/statuses.rb`:
Minor conflict due to glitch-soc's option to allow CWed toots in trends.
Ported upstream changes.