If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
Conflicts:
- `.github/dependabot.yml`:
Updated upstream, we deleted it to not be flooded by Depandabot.
Kept deleted.
- `Gemfile.lock`:
Puma updated on both sides, went for the most recent version.
- `app/controllers/api/v1/mutes_controller.rb`:
Upstream updated the serializer to support timed mutes, while
glitch-soc added a custom API ages ago to get information that
is already available elsewhere.
Dropped the glitch-soc-specific API, went with upstream changes.
- `app/javascript/core/admin.js`:
Conflict due to changing how assets are loaded. Went with upstream.
- `app/javascript/packs/public.js`:
Conflict due to changing how assets are loaded. Went with upstream.
- `app/models/mute.rb`:
🤷
- `app/models/user.rb`:
New user setting added upstream while we have glitch-soc-specific
user settings. Added upstream's user setting.
- `config/settings.yml`:
Upstream added a new user setting close to a user setting we had
changed the defaults for. Added the new upstream setting.
- `package.json`:
Upstream dependency updated “too close” to a glitch-soc-specific
dependency. No real conflict. Updated the dependency.
Conflicts:
- `Gemfile.lock`:
Not a real conflict, upstream updated dependencies that were too close to
glitch-soc-only ones in the file.
- `app/controllers/oauth/authorized_applications_controller.rb`:
Upstream changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's theming system.
Ported upstream changes.
- `app/controllers/settings/base_controller.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's theming system.
Ported upstream changes.
- `app/controllers/settings/sessions_controller.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's theming system.
Ported upstream changes.
- `app/models/user.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc not preventing moved accounts from logging
in.
Ported upstream changes while keeping the ability for moved accounts to log
in.
- `app/policies/status_policy.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's local-only toots.
Ported upstream changes.
- `app/serializers/rest/account_serializer.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's ability to hide followers count.
Ported upstream changes.
- `app/services/process_mentions_service.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's local-only toots.
Ported upstream changes.
- `package.json`:
Not a real conflict, upstream updated dependencies that were too close to
glitch-soc-only ones in the file.
* Add bell button
Fix#4890
* Remove duplicate type from post-deployment migration
* Fix legacy class type mappings
* Improve query performance with better index
* Fix validation
* Remove redundant index from notifications
Conflicts:
- app/controllers/api/v1/timelines/public_controller.rb
- app/lib/feed_manager.rb
- app/models/status.rb
- app/services/precompute_feed_service.rb
- app/workers/feed_insert_worker.rb
- spec/models/status_spec.rb
All conflicts are due to upstream refactoring feed management and us having
local-only toots on top of that. Rewrote local-only toots management for
upstream's changes.
Conflicts:
- `app/controllers/activitypub/collections_controller.rb`:
Conflict caused because we have additional code to make sure pinned
local-only toots don't get rendered on the ActivityPub endpoints.
Ported upstream changes.
Conflicts:
- `config/webpack/shared.js`:
Upstream has changed how Tesseract.js gets included and dropped a dependency.
The conflict is caused by glitch-soc having different code due to its
theming system.
Ported upstream changes.
- `lib/mastodon/version.rb`:
Upstream refactor/code style change in a place we replaced upstream's
repo URL with ours.
Ported upstram changes, keeping our repo URL.
- `yarn.lock`:
Upstream dropped dependencies, one of which was textually too close to
a glitch-soc-specific dependency. Not a real conflict.
* Add database support for list show-reply preferences
* Add backend support to read and update list-specific show_replies settings
* Add basic UI to set list replies setting
* Add specs for list replies policy
* Switch "cycling" reply policy link to a set of radio inputs
* Capitalize replies_policy strings
* Change radio button design to be consistent with that of the directory explorer
* Make Array-creation behavior of Paginable more predictable
Paginable.paginate_by_id usually returns ActiveRecord::Relation, but it
returns an Array if min_id option is present. The behavior caused problems
fixed with the following commits:
- 552e886b64
- b63ede5005
- 64ef37b89d
To prevent from recurring similar problems, this commit introduces two
changes:
- The scope now always returns an Array whether min_id option is present
or not.
- The scope is renamed to to_a_paginated_by_id to clarify it returns an
Array.
* Transform Paginable.to_a_paginated_by_id from a scope to a class method
https://api.rubyonrails.org/classes/ActiveRecord/Scoping/Named/ClassMethods.html#method-i-scope
> The method is intended to return an ActiveRecord::Relation object, which
> is composable with other scopes.
Paginable.to_a_paginated_by_id returns an Array and is not appropriate
as a scope.
Conflicts:
- `app/controllers/accounts_controller.rb`:
Upstream change too close to a glitch-soc change related to
instance-local toots. Merged upstream changes.
- `app/services/fan_out_on_write_service.rb`:
Minor conflict due to glitch-soc's handling of Direct Messages,
merged upstream changes.
- `yarn.lock`:
Not really a conflict, caused by glitch-soc-only dependencies
being textually too close to updated upstream dependencies.
Merged upstream changes.
* Replace incorrect use of distinct with group
Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.
ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4cafdef8d8a2c92bac2002a5fc2fe9c8.
* Introduce ApplicationController#cache_collection_paginated_by_id
ApplicationController#cache_collection_paginated_by_id fuses
ApplicationController#cache_collection and Paginable.paginate_by_id.
An advantage of this method is that it prevents from modifying scope which
Paginable.paginate_by_id may provide.
ApplicationController#cache_collection always return an array and there
is no possibility of the scope modification. It is also clear for a
programmer, considering the implication of "cache".
This method can also emit more efficient queries by using
Cacheable.cache_ids before calling Paginable.paginate_by_id.
Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.
ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4cafdef8d8a2c92bac2002a5fc2fe9c8.
The old implementation had two queries:
1. The query constructed in Api::V1::FavouritesController#results
2. The query constructed in #cached_favourites, which is merged with 1.
Both of them are issued againt PostgreSQL. The combination of the two
queries caused the following problems:
- The small window between the two queries involves race conditions.
- Minor performance inefficiency.
Moreover, the construction of query 2, which involves merging with query
1 has a bug. Query 1 is finalized with paginate_by_id, but paginate_by_id
returns an array when min_id parameter is specified. The behavior prevents
from merging the query, and in the real world, ActiveRecord simply ignores
the merge (!), which results in querying the entire scan of statuses and
favourites table.
This change fixes these issues by simply letting query 1 get all the works
done.
DISTINCT clause removes duplicated records according to all the selected
attributes. In reality, it can remove duplicated records only looking at
statuses.id, but the clause confuses the query planner and yields
insufficient performance.
The behavior is also problematic if the scope produced by HashQueryService
is used to query columns without id (using pluck method, for example). The
scope is expected to contain unique statuses, but the uniquness will be
evaluated with some arbitrary columns other than id.
GROUP BY clause resolves those problem by explicitly specifying the
column to take into account for the record distinction.
A workaround for the problem of DISTINCT clause in
Api::V1::Timelines::TagController is no longer necessary and removed.
Conflicts:
- `app/javascript/mastodon/actions/compose.js`:
Not a “real” conflict, but change too close to a change we made to
fix the vanilla WebUI locally pushing authored local-only toots in the
public TL view.
* Add toot send by current user at local state after send a new toot
Related to #14021
* Decrement toot counter at profile when remove a toot
Related to #14021
* Remove semicolon at end of line
Conflicts:
- `.env.production.sample`:
Upstream deleted it, I decided to keep it.
- `package.json`:
Upstream updated a dependency textually too close to wavesurfer.js
which has been deleted from upstream but is kept in glitch-soc for now.
* Add UserNote model
* Add UI for user notes
* Put comment in relationships entity
* Add API to create user notes
* Copy user notes to new account when receiving a Move activity
* Address some of the review remarks
* Replace modal by inline edition
* Please CodeClimate
* Button design changes
* Change design again
* Cancel note edition when pressing Escape
* Fixes
* Tweak design again
* Move “Add note” item, and allow users to add notes to themselves
* Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
- Change audio files to not be stripped of metadata
- Automatically extract cover art from audio if it exists
- Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
- Add `icon` to represent it in attachments in ActivityPub
- Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
- Fix duration of audio not being displayed on public pages until the file is loaded
Conflicts:
- `app/controllers/activitypub/collections_controller.rb`:
Conflict due to glitch-soc having to take care of local-only
pinned toots in that controller.
Took upstream's changes and restored the local-only special
handling.
- `app/controllers/auth/sessions_controller.rb`:
Minor conflicts due to the theming system, applied upstream
changes, adapted the following two files for glitch-soc's
theming system:
- `app/controllers/concerns/sign_in_token_authentication_concern.rb`
- `app/controllers/concerns/two_factor_authentication_concern.rb`
- `app/services/backup_service.rb`:
Minor conflict due to glitch-soc having to handle local-only
toots specially. Applied upstream changes and restored
the local-only special handling.
- `app/views/admin/custom_emojis/index.html.haml`:
Minor conflict due to the theming system.
- `package.json`:
Upstream dependency updated, too close to a glitch-soc-only
dependency in the file.
- `yarn.lock`:
Upstream dependency updated, too close to a glitch-soc-only
dependency in the file.
Conflicts:
- `Gemfile.lock`:
Not a real conflict, just a glitch-soc-only dependency too close to a
dependency that got updated upstream. Updated as well.
- `app/models/status.rb`:
Not a real conflict, just a change too close to glitch-soc-changed code
for optionally showing boosts in public timelines.
Applied upstream changes.
- `app/views/layouts/application.html.haml`:
Upstream a new, static CSS file, conflict due to glitch-soc's theming
system, include the file regardless of the theme.
- `config/initializers/content_security_policy.rb`:
Upstream dropped 'unsafe-inline' from the 'style-src' directive, but
both files are very different. Removed 'unsafe-inline' as well.
Conflicts:
- `app/controllers/statuses_controller.rb`:
Upstream disabled the embed controller for reblogs.
Not a real conflict, but glitch-soc has an extra line to deal
with its theming system.
Ported upstream changes.
- `app/javascript/packs/public.js`:
Upstream made changes to get rid of most inline CSS, this changes
javascript for public pages, which in glitch are split between
different files. Ported those changes.
- `app/models/status.rb`:
Upstream changed the block check in `Status#permitted_for` to
include domain-block checks. Not a real conflict with glitch-soc,
but our scope is slightly different, as our scope for
unauthenticated access do not include instance-local toots.
Ported upstream changes.
- `app/serializers/rest/instance_serializer.rb`:
Not a real conflict, upstream added a new field to the instance
serializer, the conflict is one line above since we added more of
that.
Ported upstream changes.
- `app/views/settings/profiles/show.html.haml`:
Upstream got rid of most inline CSS and moved hidden elements
to data attributes in the process, in fields were we have
different values.
Ported upstream changes while keeping our glitch-specific
values.
- `app/views/statuses/_simple_status.html.haml`:
Upstream got rid of inline CSS on an HAML line we treat
differently, stripping empty text nodes.
Ported upstream changes to the style attribute, keeping
the empty text node stripping behavior.
Conflicts:
- `app/javascript/packs/public.js`:
Upstream modified code that we split between multiple files due
to glitch-soc's theming system.
Ported those changes.
Conflicts:
- `app/javascript/mastodon/features/compose/components/poll_form.js`:
Upstream bumped poll option character limit, but we already had
a higher one, kept ours.
- `app/validators/poll_validator.rb`:
Upstream bumped poll option character limit, but we already had
a higher one, kept ours.
- `config/initializers/content_security_policy.rb`:
Upstream added a rule, the way we compute ours is different, but
that added rule has been ported.
- `package.json`:
No real conflict, dependency update. Performed the same update.
- `yarn.lock`:
No real conflict, dependency update. Performed the same update.
* Fix 404 and 410 API errors being silently discarded in WebUI
Fixes#13278
* Return more appropriate error when user replies to a deleted toot
* Please CodeClimate
* Fix 404/410 errors on fetching account timelines & identity proofs
* Refactor error handling
* Move error message string to statuses.errors
Conflicts:
- `README.md`:
Our README.md files are completely different. Discarded upstream changes.
- `app/javascript/core/admin.js`:
Updating rails-ujs, no real conflict, but a comment to close to changed
code. Various glitch-soc-only files have been updated to match those changes,
though.
- `package.json`:
No real conflict, just an additional dependency in glitch-soc that was too
close to something updated upstream. Took upstream's changes.
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
Conflict due to upstream adding a new parameter (with_rate_limit),
too close to glitch-soc's own additional parameter (content_type).
Added upstream's parameter.
- `app/services/post_status_service.rb`:
Conflict due to upstream adding a new parameter (rate_limit),
too close to glitch-soc's own additional parameter (content_type).
Added upstream's parameter.
- `app/views/settings/preferences/appearance/show.html.haml`:
Conflict due to us not exposing theme settings here (as we have
a different flavour/skin menu).
Took upstream change, while still not exposing theme settings.
- `config/webpack/shared.js`:
Coding style fixes for a part we have rewritten.
Discarded upstream changes.
Conflicts:
- `Gemfile`:
We updated httplog in a separate commit.
Took upstream's change which updated it further.
- `Gemfile.lock`:
We updated httplog in a separate commit.
Took upstream's change which updated it further.
- `app/lib/sanitize_config.rb`:
Upstream added better unsupported link stripping,
while we had different sanitizing configs.
Took only upstream's link stripping code.
- `config/locales/simple_form.pl.yml`:
Strings unused in glitch-soc had been removed from
glitch-soc, reintroduced them even if they are not
useful, to reduce the risk of later merge conflicts.
* Change meaning of /api/v1/announcements/:id/dismiss to mark an announcement as read
* Change how unread announcements are counted in UI
* Add unread marker to announcements and mark announcements as unread as they are displayed
* Fixups
* Add announcements
Fix#11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
Conflicts:
- `README.md`:
We have different README files. Discarded upstream changes.
- `app/views/layouts/admin.html.haml`:
Conflict due to glitch-soc theming system.
Adapted upstream changes.
- `app/views/layouts/embedded.html.haml`:
Conflict due to glitch-soc theming system.
Adapted upstream changes.
- `yarn.lock`:
No real conflict, glitch-specific dependency too close to
an updated one. Adapted upstream change.
Conflicts:
- `app/controllers/application_controller.rb`:
Conflict due to theming system.
- `app/controllers/oauth/authorizations_controller.rb`:
Conflict due to theming system.
* Hide blocked, muted, and blocked-by users from toot favourite lists
* Hide blocked, muted, and blocked-by users from toot reblog lists
* Hide blocked, muted, and blocked-by users from followers/following (API)
* Fix tests
* Hide blocked, muted, and blocked-by users from followers/following on public pages
Conflicts:
- package.json
Not really a conflict, caused by an additional dependency in glitch-soc.
- yarn.lock
Not really a conflict, caused by an additional dependency in glitch-soc.
* Add follow_request notification type
The notification type already existed in the backend but was never pushed
to the front-end. This also means translation strings were also available
for the backend, from the notification mailer.
Unlike other notification types, these are off by default, to match what
I remember of Gargron's view on the topic: that follow requests should not
clutter notifications and should instead be reviewed at the user's own
leisure in the dedicated column.
Since follow requests have their own column, I've deemed it unnecessary to
add a specific tab for them in the notification quick filter.
* Show follow request link in single-column if there are pending requests, even if account isn't locked
* Push follow requests from notifications to the follow_requests list
* Offer to accept or reject follow request from the notification
* Redesign follow request notification
* make it not return http 400 when passing and empty source argument
* create a spec for the empty source hash bug
* compact checks for nil, empty? parameters
* use nil.blank? instead checking for nil
* Add backend support for bookmarks
Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.
* Add spec for bookmark endpoints
* Add front-end support for bookmarks
* Introduce OAuth scopes for bookmarks
* Add bookmarks to archive takeout
* Fix migration
* Coding style fixes
* Fix rebase issue
* Update bookmarked_statuses to latest UI changes
* Update bookmark actions to properly reflect status changes in state
* Add bookmarks item to single-column layout
* Make active bookmarks red
Change the behaviour of remotable concern. Previously, it would skip
downloading an attachment if the stored remote URL is identical to
the new one. Now it would not be skipped if the attachment is not
actually currently stored by Paperclip.
Fetching statuses from all followed accounts at once takes too long
within Postgres. Fetching them one by one and merging in Ruby
could be a lot less resource-intensive
Because the query for dynamically fetching the home timeline is so
heavy, we can no longer offer it when the home timeline is missing
* Change silenced accounts to require approval on follow
* Also require approval for follows by people explicitly muted by target accounts
* Do not auto-accept silenced or muted accounts when switching from locked to unlocked
* Add `follow_requests_count` to verify_credentials
* Show “Follow requests” menu item if needed even if account is locked
* Add tests
* Correctly reflect that follow requests weren't auto-accepted when local account is silenced
* Accept follow requests from user-muted accounts to avoid leaking mutes
Conflicts:
- Gemfile
- app/controllers/api/v1/search_controller.rb
Conflict because we changed the number of default results to be
configurable
- app/lib/settings/scoped_settings.rb
Addition of a new “noindex” site-wide setting,
conflict due to our change of the two other site-wide settings
(default flavour and skin instead of theme)
- spec/controllers/application_controller_spec.rb
Addition of a new “noindex” site-wide setting,
conflict due to our change of the two other site-wide settings
(default flavour and skin instead of theme)