Commit graph

189 commits

Author SHA1 Message Date
Claire
ee6f9d2c92 Merge commit 'cc5d2e22dd4b7afb9035cf999979e3cd36d97e46' into glitch-soc/merge-upstream 2023-05-25 22:59:30 +02:00
Claire
b55d56387b [Glitch] Add polling and automatic redirection to /start on email confirmation
Port 86961b5b7b to glitch-soc
2023-05-25 22:37:14 +02:00
Claire
31fe0780bf Change captcha to be presented even for invited users (#2227) 2023-05-25 20:13:18 +02:00
Frankie Roberto
9cf831be0b Order sessions by most-recent to least-recently updated (#25005) 2023-05-22 11:40:00 +02:00
Claire
844d8e101e Add hCaptcha support (#25019) 2023-05-16 23:27:35 +02:00
Claire
2aaf3528ca Merge commit 'd548faf69321260ab4c2a16759ca77773189126a' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/styles/mastodon/forms.scss`:
  Conflict because we ran eslint autofix on upstream files.
- `config/initializers/content_security_policy.rb`:
  Code style changes but we have a different version.
  Kept our version.
- `streaming/index.js`:
  Upstream fixed a typo close to glitch-soc-only code.
  Applied upstream's changes.
2023-05-08 15:28:36 +02:00
Matt Jankowski
390aa577e7 Fix Rails/ActionOrder cop (#24692) 2023-04-30 06:46:39 +02:00
Claire
498de92bc8 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Updated upstream, removed in glitch-soc to disable noise.
  Kept removed.
- `CODE_OF_CONDUCT.md`:
  Upstream updated to a new version of the covenant, but I have not read it
  yet, so kept unchanged.
- `Gemfile.lock`:
  Not a real conflict, one upstream dependency updated textually too close to
  the glitch-soc only `hcaptcha` dependency.
  Applied upstream changes.
- `app/controllers/admin/base_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/application_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/disputes/base_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/relationships_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/statuses_cleanup_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/helpers/application_helper.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/javascript/mastodon/features/compose/components/compose_form.jsx`:
  Upstream added a highlight animation for onboarding, while we changed the
  max character limit.
  Applied our local changes on top of upstream's new version.
- `app/views/layouts/application.html.haml`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `stylelint.config.js`:
  Upstream added ignore paths, glitch-soc had extra ignore paths.
  Added the same paths as upstream.
2023-04-29 10:44:56 +02:00
Claire
5c962d77bb Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/auth/setup_controller.rb`:
  Upstream removed a method close to a glitch-soc theming-related method.
  Removed the method like upstream did.
2023-04-22 10:06:11 +02:00
Eugen Rochko
3ca64638d4 Refactor Cache-Control and Vary definitions (#24347) 2023-04-19 16:07:29 +02:00
Eugen Rochko
9a7a4d79ec Add progress indicator to sign-up flow (#24545) 2023-04-16 07:01:24 +02:00
Claire
0cbf19affd Fix most rubocop issues (#2165)
* Run rubocop --autocorrect on app/, config/ and lib/, also manually fix some remaining style issues

* Run rubocop --autocorrect-all on db/

* Run rubocop --autocorrect-all on `spec/` and fix remaining issues
2023-04-09 11:25:30 +02:00
Claire
b12fcd3d7a Merge branch 'main' into glitch-soc/merge-upstream 2023-04-01 14:31:05 +02:00
Claire
db2b09bdd4 Fix invalid/expired invites being processed on sign-up (#24337) 2023-03-31 21:42:28 +02:00
Claire
f39d9ab256 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream switched to pushing to both DockerHub and GitHub Container
  Repository, while glitch-soc was already pushing to the latter only.
  Updated our configuration to be slightly more consistent with upstream's
  naming and styling, but kept our behavior.
- `Gemfile.lock`:
  Updated dependencies textually too close to glitch-soc only hcaptcha
  dependency.
  Updated dependencies as upstream did.
- `README.md`:
  Upstream updated its README, but we have a completely different one.
  Kept our README, though it probably should be reworked at some point.
- `app/views/auth/sessions/two_factor.html.haml`:
  Minor style fix upstream that's on a line glitch-soc removed because
  of its different theming system.
  Kept our file as is.
- `spec/controllers/health_controller_spec.rb`:
  This file apparently did not exist upstream, upstream created it with
  different contents but it is functionally the same.
  Switched to upstream's version of the file.
- `spec/presenters/instance_presenter_spec.rb`:
  Upstream changed the specs around `GITHUB_REPOSITORY`, while glitch-soc
  had its own code because it's a fork and does not have the same default
  source URL.
  Took upstream's change, but with glitch-soc's repo as the default case.
- `yarn.lock`:
  Upstream dependencies textually too close to a glitch-soc only one.
  Updated dependencies as upstream did.
2023-03-15 09:16:10 +01:00
CSDUMMI
5f9f43d051 Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073) 2023-03-13 00:06:27 +01:00
Claire
f15ded319f Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.prettierignore`:
  Upstream added a line at the end of the file, while glitch-soc had its own
  extra lines.
  Took upstream's change.
- `CONTRIBUTING.md`:
  We have our custom CONTRIBUTING.md quoting upstream. Upstream made changes.
  Ported upstream changes.
- `app/controllers/application_controller.rb`:
  Upstream made code style changes in a method that is entirely replaced
  in glitch-soc.
  Ignored the change.
- `app/models/account.rb`:
  Code style changes textually close to glitch-soc-specific changes.
  Ported upstream changes.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream code style changes.
  Ignored them.
2023-02-25 14:00:40 +01:00
Nick Schonning
ae51248ffe Enable Rubocop HTTP status rules (#23717) 2023-02-20 11:16:40 +09:00
Claire
63992c6900 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Upstream made changes while we have dropped this file.
  Keep the file deleted.
- `.prettierignore`:
  Upstream made changes at the end of the file, where we
  had our extra lines.
  Just moved our extra lines back at the end.
- `app/serializers/initial_state_serializer.rb`:
  Upstream code style changes.
  Applied them.
- `app/services/backup_service.rb`:
  Upstream code style changes.
  Applied them.
2023-02-19 10:42:55 +01:00
Nick Schonning
793f8c7dd5 Autofix Rubocop Style/IfUnlessModifier (#23697) 2023-02-18 12:37:47 +01:00
Claire
f23d971cd8 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Discarded upstream changes: we have our own README
- `app/controllers/follower_accounts_controller.rb`:
  Port upstream's minor refactoring
2022-12-15 20:25:25 +01:00
David Vega
4c10de8ae3 Fix single name variables on controller folder (#20092)
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 17:11:58 +01:00
Francis Murillo
3a11a90dd3 Revoke all authorized applications on password reset (#21325)
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Claire
a1514cfc7d Merge branch 'main' into glitch-soc/merge-upstream 2022-11-18 11:19:44 +01:00
Claire
3b81318a0f Fix form-action CSP directive for external login (#20962) 2022-11-17 22:59:07 +01:00
Claire
9862a6e572 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Our config file is pretty different from upstream.
  Upstream changed CSP directive `script-src` to include
  `wasm-unsafe-eval` instead of `unsafe-eval`, which we
  did not include.
  Added `wasm-unsafe-eval` to `script-src` to fix
  execution of the OCR web worker.
- `package.json`:
  Upstream updated a dependency (`array-includes`) textually
  adjacent to a glitch-soc-only dependency (`atrament`).
  Updated `array-includes` as upstream did.
2022-11-16 08:30:00 +01:00
Daniel Axtens
e61dc520ae Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2022-11-16 04:56:30 +01:00
Claire
99cdfec05e Merge branch 'main' into glitch-soc/merge-upstream 2022-11-07 19:53:30 +01:00
Claire
811f8d2175 Fix crash when external auth provider has no display_name set (#19962)
Fixes #19913
2022-11-07 15:43:24 +01:00
Claire
96bd245f04 Merge branch 'main' into glitch-soc/merge-upstream 2022-10-30 19:35:59 +01:00
Claire
8c94b641a9 Fix invites (#19560)
Fixes #19507

Fix regression from #19296
2022-10-30 19:04:39 +01:00
Claire
0060eb5dcf Merge branch 'main' into glitch-soc/merge-upstream 2022-10-28 19:23:58 +02:00
Eugen Rochko
448d8ae2df Add server rules to sign-up flow (#19296) 2022-10-05 18:57:33 +02:00
Claire
a0c630d5ff Merge branch 'main' into glitch-soc/merge-upstream 2022-08-25 05:07:39 +02:00
Eugen Rochko
b2e1224baa Add ability to block sign-ups from IP (#19037) 2022-08-24 19:00:37 +02:00
Claire
490417762f Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Fix erroneous deletion in a previous merge.
- `Gemfile`:
  Conflict caused by glitch-soc-only hCaptcha dependency
- `app/controllers/auth/sessions_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
- `app/controllers/filters_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
- `app/serializers/rest/status_serializer.rb`:
  Minor conflict due to glitch-soc having an extra `local_only` property
2022-06-28 11:11:18 +02:00
Claire
d28d7d4b72 Fix suspicious sign-in mails never being sent (#18599)
* Add tests

* Fix suspicious sign-in mails never being sent
2022-06-21 15:16:22 +02:00
Claire
17c2120267 Merge branch 'main' into glitch-soc/merge-upstream 2022-05-26 22:49:47 +02:00
Eugen Rochko
89d4d6fd3b Fix confirmation redirect to app without Location header (#18523) 2022-05-26 22:03:54 +02:00
Claire
b0781a933d Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/concerns/sign_in_token_authentication_concern.rb`:
  Upstream removed this file, while glitch-soc had changes to deal with
  its theming system.
  Removed the file like upstream did.
2022-04-06 21:10:23 +02:00
Eugen Rochko
f982d56b4e Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00
Claire
f677c1619a Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/models/status.rb`:
  Upstream updated media and edit-related code textually close to glitch-soc
  additions (local-only and content-type).
  Ported upstream changes.
- `app/models/status_edit.rb`:
  Upstream changes textually close to glitch-soc additions (content-type).
  Ported upstream changes.
- `app/serializers/activitypub/note_serializer.rb`:
  Upstream changed how media attachments are handled. Not really a conflict,
  but textually close to glitch-soc additions (directMessage attribute).
  Ported upstream changes.
- `app/services/remove_status_service.rb`:
  Upstream changed how media attachments are handled. Not really a conflict,
  but textually close to glitch-soc additions (DM timeline).
  Ported upstream changes.
- `app/services/update_status_service.rb`:
  Upstream fixed an issue with language selection. Not really a conflict,
  but textually close to glitch-soc additions (content-type).
  Ported upstream changes.
- `db/schema.rb`:
  Upstream added columns to the `status_edits` table, the conflict is because
  of an additional column (`content-type`) in glitch-soc.
  Ported upstream changes.
- `package.json`:
  Upstream dependency (express) textually adjacent to a glitch-soc-specific one
  (favico.js) got updated.
  Updated it as well.
2022-03-10 09:52:45 +01:00
chandrn7
ce5bebf108 Allow login through OpenID Connect (#16221)
* added OpenID Connect as an SSO option

* minor fixes

* added comments, removed an option that shouldn't be set

* fixed Gemfile.lock

* added newline to end of Gemfile.lock

* removed tab from Gemfile.lock

* remove chomp

* codeclimate changes and small name change to make function's purpose clearer

* codeclimate fix

* added SSO buttons to /about page

* minor refactor

* minor style change

* removed spurious change

* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth

* minor changes
2022-03-09 12:07:35 +01:00
Claire
4795ee7f2c Merge branch 'main' into glitch-soc/merge-upstream 2022-03-02 18:02:48 +01:00
Claire
514842c9c6 Change old moderation strikes to be displayed in a separate page (#17566)
* Change old moderation strikes to be displayed in a separate page

Fixes #17552

This changes the moderation strikes displayed on `/auth/edit` to be those from
the past 3 months, and make all moderation strikes targeting the current user
available in `/disputes`.

* Add short description of what the strikes page is for

* Move link to list of strikes to “Account status” instead of navigation item

* Normalize i18n file

* Fix layout and styling of strikes link

* Revert highlights_on regexp

* Reintroduce account status summary

- this way, “Account status” is never empty
- account status is not necessarily bound to strikes, or recent strikes
2022-03-01 19:37:47 +01:00
Claire
175446f293 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `db/schema.rb`:
  Conflict due to glitch-soc adding the `content_type` column on status edits
  and thus having a different schema version number.
  Solved by taking upstream's schema version number, as it is higher than
  glitch-soc's.
2022-02-17 10:58:44 +01:00
Eugen Rochko
82f8d19424 Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Claire
ea32eb89e1 Change CAPTCHA handling to be only on email verification
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
2022-01-25 23:56:57 +01:00
Claire
6988e6ecc3 Add ability to set hCaptcha either on registration form or on e-mail validation
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
2022-01-25 23:09:48 +01:00
Claire
c209cf5a09 Renew Rails session ID on successful registration 2022-01-24 22:01:05 +01:00