Commit graph

361 commits

Author SHA1 Message Date
Claire
72be882792 Fix extremely rare race condition when deleting a toot or account (#17994) 2022-04-08 19:17:37 +02:00
Eugen Rochko
aa6bc541d3 Fix pagination header on empty trends responses in REST API (#17986) 2022-04-07 18:06:15 +02:00
Claire
0e3717eb2d Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
Eugen Rochko
89268074e7 Fix GET /api/v1/trends/tags missing offset param in REST API (#17973) 2022-04-06 20:56:57 +02:00
Claire
0fde990a01 Fix /api/v1/admin/accounts (#17887)
* Fix /api/v1/admin/accounts

Compatibility was broken since #17009 which changed the underlying filter class
without changing the controller.

This commits restore support for the old parameters.

* Add /api/v2/admin/accounts with the new parameters

* Add tests

* Add missing filter for `silenced` status

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-03-28 23:57:38 +02:00
Eugen Rochko
c4a97fc0c8 Add offset pagination to trends in REST API (#17872) 2022-03-26 00:26:50 +01:00
Eugen Rochko
99dd3476c4 Add types param to GET /api/v1/notifications in REST API (#17767)
* Add `types` param to `GET /api/v1/notifications` in REST API

* Improve tests
2022-03-15 04:11:29 +01:00
Eugen Rochko
1d46b5b263 Fix POST /api/v1/emails/confirmations not being available after sign-up (#17743) 2022-03-12 04:14:25 +01:00
Eugen Rochko
a96ba18fd9 Add rate limit for editing (#17728) 2022-03-09 20:06:51 +01:00
Eugen Rochko
d5de12d931 Fix performance of account timelines (#17709)
* Fix performance of account timelines

* Various fixes and improvements

* Fix duplicate results being returned

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix grouping for pinned statuses scope

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-08 09:14:39 +01:00
Eugen Rochko
e3d3b4ae21 Add /api/v1/accounts/familiar_followers to REST API (#17700)
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07 09:36:47 +01:00
Eugen Rochko
3eaa7e21e3 Fix duplicate notifications being possible after poll expiration (#17697) 2022-03-04 01:06:33 +01:00
Claire
3c0d1660aa Allow editing media attachments for scheduled toots (#17690)
Fixes #17676
2022-03-03 16:13:58 +01:00
Eugen Rochko
3bf45628c5 Change follow scope to be covered by read and write scopes in REST API (#17678)
Deprecate `follow` scope
2022-03-03 16:13:40 +01:00
Eugen Rochko
69d1a44f05 Fix leak of existence of otherwise inaccessible statuses in REST API (#17684) 2022-03-02 18:57:26 +01:00
Eugen Rochko
fc26ac7a98 Fix report category not being saved in REST API (#17682) 2022-03-02 18:57:08 +01:00
Eugen Rochko
e6d2b07ec1 Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko
cb76142d9e Add editing for published statuses (#17320)
* Add editing for published statuses

* Fix change of multiple-choice boolean in poll not resetting votes

* Remove the ability to update existing media attachments for now
2022-02-10 00:15:30 +01:00
Eugen Rochko
2c9def57b3 Add category and rule_ids params to POST /api/v1/reports (#17492) 2022-02-10 00:10:16 +01:00
Eugen Rochko
948da1a958 Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Claire
33ea1c9008 Fix Sidekiq warnings about JSON serialization (#17381)
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
2022-01-28 00:43:56 +01:00
Claire
06f653972a Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Eugen Rochko
06b698a723 Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Eugen Rochko
2fb76550a9 Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire
5aade2baac Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Eugen Rochko
7b3972c270 Remove IP tracking columns from users table (#16409) 2022-01-16 13:23:50 +01:00
Eugen Rochko
4375813ea7 Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Eugen Rochko
ad73becf3e Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Takeshi Umeda
dae4762733 Add remove from followers api (#16864)
* Add followed_by? to account_interactions

* Add RemoveFromFollowersService

* Fix AccountBatch to use RemoveFromFollowersService

* Add remove from followers API
2021-10-18 12:02:35 +02:00
Eugen Rochko
cad446611c Add graphs and retention metrics to admin dashboard (#16829) 2021-10-14 20:44:59 +02:00
Eugen Rochko
bb1b12ed77 Fix e-mail confirmations API not working correctly (#16348)
* Fix e-mail confirmations API not working correctly

* Fix typo
2021-06-02 21:07:50 +02:00
Claire
86f5fad111 Add Ruby 3.0 support (#16046)
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0

Also improve the Terrapin monkey-patch for the stderr/stdout issue.

* Fix keyword argument handling throughout the codebase

* Monkey-patch Paperclip to fix keyword arguments handling in validators

* Change validation_extensions to please CodeClimate

* Bump microformats from 4.2.1 to 4.3.1

* Allow Ruby 3.0

* Add Ruby 3.0 test target to CircleCI

* Add test for admin dashboard warnings

* Fix admin dashboard warnings on Ruby 3.0
2021-05-06 14:22:54 +02:00
abcang
dec6f34546 Further improve the media attached status query for accounts (#16106) 2021-04-26 18:57:46 +02:00
abcang
fa2d62e6e2 Improve media attached status query (#16105) 2021-04-25 06:34:48 +02:00
Eugen Rochko
f5d59b3979 Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
Eugen Rochko
2cab9c9f06 Add policy param to POST /api/v1/push/subscriptions (#16040)
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
2021-04-15 05:00:25 +02:00
Eugen Rochko
92b2d926bf Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
Eugen Rochko
6440cd74e9 Add email param to POST /api/v1/emails/confirmations (#15949)
Allow changing e-mail as long as the account is unconfirmed
2021-03-25 02:46:13 +01:00
Eugen Rochko
28399e88b5 Add POST /api/v1/emails/confirmations to REST API (#15816)
Only available to the application the user originally signed-up with
2021-03-01 18:39:47 +01:00
Eugen Rochko
ade70733f7 Add details to error response for POST /api/v1/accounts in REST API (#15803) 2021-03-01 04:59:13 +01:00
Eugen Rochko
4930e71ae7 Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Eugen Rochko
e4ba5635ee Add GET /api/v1/accounts/lookup REST API (#15740) 2021-02-16 15:28:32 +01:00
abcang
2b9d71cc18 Improved performance of notification preloading (#15640)
* Improved performance of notification preloading

* Remove Cacheable from Notification

* Fix test
2021-01-31 21:24:57 +01:00
ThibG
2582047c36 Use Rails' index_by where it makes sense (#15542)
* Use Rails' index_by where it makes sense

* Fix tests

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-12 09:27:38 +01:00
Levi Bard
87d45a9cd8 Fix muting users with duration via the REST api (#15516) 2021-01-10 12:47:21 +01:00
luigi
944b059f50 Optimize map { ... }.compact calls (#15513)
* Optimize map { ... }.compact

using Enumerable#filter_map, supported since Ruby 2.7

* Add poyfill for Enumerable#filter_map
2021-01-10 00:32:01 +01:00
trwnh
33e4e1cfe4 Use existing FeaturedTag serializer and delete AccountFeaturedTag serializer (#15415)
* Update featured_tags_controller.rb

* Update featured_tag_serializer.rb

* Update featured_tag_serializer.rb

* Delete account_featured_tag_serializer.rb

* please codeclimate

* please codeclimate
2020-12-23 16:43:38 +01:00
Eugen Rochko
df8874b24e Fix performance on instances list in admin UI (#15282)
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
2020-12-14 09:06:34 +01:00
Takeshi Umeda
fabb864526 Fix incorrect conditions for suspended accounts in Get API for account featured tags (#15270) 2020-12-04 04:22:35 +01:00
ThibG
a609802736 Fix not being able to unfavorite toots one has lost access to (#15192)
Fixes #15191
2020-11-21 06:18:09 +01:00