glitchier-soc

Commit Graph

Author	SHA1	Message	Date
Claire	a9269f8786	Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabled This is to avoid apps trying and failing at using the registrations API, which does not let us require a CAPTCHA and cannot be clearly signaled as unavailable.	3 years ago
Claire	bf351d72af	Disable captcha if registrations are disabled for various reasons	3 years ago
Claire	6a2f248fe4	Renew Rails session ID on successful registration	3 years ago
Claire	3f6a36168f	Fix tests	3 years ago
Claire	04050fbd46	Please CodeClimate	3 years ago
Claire	1b493c9fee	Add optional hCaptcha support Fixes #1649 This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then enabling the admin setting at `/admin/settings/edit#form_admin_settings_captcha_enabled` Subsequently, a hCaptcha widget will be displayed on `/about` and `/auth/sign_up` unless: - the user is already signed-up already - the user has used an invite link - the user has already solved the captcha (and registration failed for another reason) The Content-Security-Policy headers are altered automatically to allow the third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same rules as above.	3 years ago
Claire	e58e0eb9aa	Merge pull request #1663 from ClearlyClaire/glitch-soc/merge-upstream Merge upstream changes	3 years ago
Claire	9483d0c6b2	[Glitch] Change `percent` to `rate` in retention metrics API Port `a63495230a` to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>	3 years ago
Claire	4dd4fc2e5e	[Glitch] Fix text being incorrectly pre-selected in composer textarea on /share Port `3a103cd317` to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>	3 years ago
Claire	61ef81c548	Merge branch 'main' into glitch-soc/merge-upstream Conflicts: - `spec/models/status_spec.rb`: Upstream added tests too close to glitch-soc-specific tests. Kept both tests.	3 years ago
Claire	0a120d86d2	Fix error-prone SQL queries (#15828 ) * Fix error-prone SQL queries in Account search While this code seems to not present an actual vulnerability, one could easily be introduced by mistake due to how the query is built. This PR parameterises the `to_tsquery` input to make the query more robust. * Harden code for Status#tagged_with_all and Status#tagged_with_none Those two scopes aren't used in a way that could be vulnerable to an SQL injection, but keeping them unchanged might be a hazard. * Remove unneeded spaces surrounding tsquery term * Please CodeClimate * Move advanced_search_for SQL template to its own function This avoids one level of indentation while making clearer that the SQL template isn't build from all the dynamic parameters of advanced_search_for. * Add tests covering tagged_with, tagged_with_all and tagged_with_none * Rewrite tagged_with_none to avoid multiple joins and make it more robust * Remove obsolete brakeman warnings * Revert "Remove unneeded spaces surrounding tsquery term" The two queries are not strictly equivalent. This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.	3 years ago
Claire	a63495230a	Change `percent` to `rate` in retention metrics API (#16910 )	3 years ago
Claire	bddd9ba36d	Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288 ) * Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider	3 years ago
Claire	cfa583fa71	Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287 ) Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being.	3 years ago
Claire	8a07ecd377	Remove leftover database columns from Devise::Models::Rememberable (#17191 ) * Remove leftover database columns from Devise::Models::Rememberable * Update fix-duplication maintenance script * Improve errors/warnings in the fix-duplicates maintenance script	3 years ago
Claire	96f0b33c8b	Remove old duplicate index (#17245 ) Some Mastodon versions (v1.1 and v1.2) had a duplicate index in `db/schema.rb` without any migration script creating it. #2224 (included in v1.3) removed the duplicate index from the file but did not provide a migration script to remove it. This means that any instance that was installed from v1.1 or v1.2's source code has a duplicate index and a corresponding warning in PgHero. Instances set up using an earlier or later Mastodon version do not have this issue. This PR removes the duplicate index if it is present.	3 years ago
Claire	3a103cd317	Fix text being incorrectly pre-selected in composer textarea on /share (#17339 ) Fixes #17295	3 years ago
Claire	1e8c885e5a	Change mastodon:webpush:generate_vapid_key task to not require functional env (#17338 ) Fixes #17297	3 years ago
Claire	6eea3f8f9c	Add post edited notice in admin and public UIs (#17335 ) * Add edited toot flag on public pages * Add toot edit flag to admin pages	3 years ago
Claire	4d0383d75a	Add content-type to status source in glitch-soc	3 years ago
Eugen Rochko	d4654dc892	[Glitch] Add support for editing for published statuses Port front-end changes from `1060666c58` to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>	3 years ago
Claire	1af4618a06	Merge branch 'main' into glitch-soc/merge-upstream	3 years ago
Claire	fe89554a54	Merge branch 'main' into glitch-soc/merge-upstream Conflicts: - `app/lib/activitypub/activity/create.rb`: Upstream refactored how `Create` activities are handled and how values are extracted from `Create`d objects. This conflicted with how glitch-soc supported the `directMessage` flag to explicitly distinguish between limited and direct messages. Ported glitch-soc's changes to latest upstream changes. - `app/services/fan_out_on_write_service.rb`: Upstream largely refactored that file and changed some of the logic. This conflicted with glitch-soc's handling of the direct timeline and the options to allow replies and boosts in public feeds. Ported those glitch-soc changes on top of latest upstream changes. - `app/services/process_mentions_service.rb`: Upstream refactored to move mention-related ActivityPub deliveries to `ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check to not send local-only toots to remote mentioned users. Took upstream's version, as the check is not needed anymore, since it is performed at the `ActivityPub::DeliveryWorker` call site already. - `app/workers/feed_insert_worker.rb`: Upstream added support for `update` toot events, while glitch-soc had support for an extra timeline support, `direct`. Ported upstream changes and extended them to the `direct` timeline. Additional changes: - `app/lib/activitypub/parser/status_parser.rb`: Added code to handle the `directMessage` flag and take it into account to compute visibility. - `app/lib/feed_manager.rb`: Extended upstream's support of `update` toot events to glitch-soc's `direct` timeline.	3 years ago
Eugen Rochko	9eb775a9d1	Fix error when using raw distribution worker (#17334 ) Regression from #16697	3 years ago
Eugen Rochko	d412a8d1f2	Fix error when processing poll updates (#17333 ) Regression from #16697	3 years ago
Eugen Rochko	1060666c58	Add support for editing for published statuses (#16697 ) * Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake	3 years ago
Claire	b209e919bd	Merge pull request #1662 from ClearlyClaire/glitch-soc/merge-upstream Merge upstream changes	3 years ago
Claire	c42938aed4	Merge branch 'main' into glitch-soc/merge-upstream	3 years ago
Jeong Arm	2d1f082bb6	Fix NameError on ActivityPub::FetchFeaturedCollectionService (#17326 ) Related: #16954	3 years ago
dependabot[bot]	f616897841	Bump json-ld from 3.1.10 to 3.2.0 (#17224 ) Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.10 to 3.2.0. - [Release notes](https://github.com/ruby-rdf/json-ld/releases) - [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.10...3.2.0) --- updated-dependencies: - dependency-name: json-ld dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	a1c14eb076	Bump thor from 1.1.0 to 1.2.1 (#17250 ) Bumps [thor](https://github.com/rails/thor) from 1.1.0 to 1.2.1. - [Release notes](https://github.com/rails/thor/releases) - [Commits](https://github.com/rails/thor/compare/v1.1.0...v1.2.1) --- updated-dependencies: - dependency-name: thor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	987299e0d1	Bump nokogiri from 1.12.5 to 1.13.1 (#17306 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.1. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.1) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	db9d8c8e33	Bump aws-sdk-s3 from 1.109.0 to 1.111.1 (#17277 ) Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.109.0 to 1.111.1. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	587dc720c3	Bump prop-types from 15.7.2 to 15.8.1 (#17278 ) Bumps [prop-types](https://github.com/facebook/prop-types) from 15.7.2 to 15.8.1. - [Release notes](https://github.com/facebook/prop-types/releases) - [Changelog](https://github.com/facebook/prop-types/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/prop-types/compare/v15.7.2...v15.8.1) --- updated-dependencies: - dependency-name: prop-types dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	8e619ab341	Bump ed25519 from 1.2.4 to 1.3.0 (#17310 ) Bumps [ed25519](https://github.com/RubyCrypto/ed25519) from 1.2.4 to 1.3.0. - [Release notes](https://github.com/RubyCrypto/ed25519/releases) - [Changelog](https://github.com/RubyCrypto/ed25519/blob/main/CHANGES.md) - [Commits](https://github.com/RubyCrypto/ed25519/compare/v1.2.4...v1.3.0) --- updated-dependencies: - dependency-name: ed25519 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	da2e05582b	Bump bootsnap from 1.9.3 to 1.10.1 (#17311 ) Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.9.3 to 1.10.1. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.9.3...v1.10.1) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	37ecfa090f	Bump sass from 1.45.2 to 1.48.0 (#17315 ) Bumps [sass](https://github.com/sass/dart-sass) from 1.45.2 to 1.48.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.45.2...1.48.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	bc563c4847	Bump babel-jest from 27.4.5 to 27.4.6 (#17280 ) Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 27.4.5 to 27.4.6. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/commits/v27.4.6/packages/babel-jest) --- updated-dependencies: - dependency-name: babel-jest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	4cda245ed9	Bump @babel/plugin-transform-runtime from 7.16.7 to 7.16.8 (#17314 ) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.16.7 to 7.16.8. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.8/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	c4e748dcf2	Bump ws from 8.3.0 to 8.4.2 (#17318 ) Bumps [ws](https://github.com/websockets/ws) from 8.3.0 to 8.4.2. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/8.3.0...8.4.2) --- updated-dependencies: - dependency-name: ws dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	b066bcf277	Bump rubocop-rails from 2.13.0 to 2.13.2 (#17321 ) Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.13.0 to 2.13.2. - [Release notes](https://github.com/rubocop/rubocop-rails/releases) - [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.13.0...v2.13.2) --- updated-dependencies: - dependency-name: rubocop-rails dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	777b248bd1	Bump redis from 4.0.1 to 4.0.2 (#17309 ) Bumps [redis](https://github.com/redis/node-redis) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/redis/node-redis/releases) - [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/node-redis/compare/redis@4.0.1...redis@4.0.2) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	3b825be804	Bump bullet from 7.0.0 to 7.0.1 (#17312 ) Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.0.0 to 7.0.1. - [Release notes](https://github.com/flyerhzm/bullet/releases) - [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md) - [Commits](https://github.com/flyerhzm/bullet/compare/7.0.0...7.0.1) --- updated-dependencies: - dependency-name: bullet dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	733691322c	Bump react-select from 5.2.1 to 5.2.2 (#17313 ) Bumps [react-select](https://github.com/JedWatson/react-select) from 5.2.1 to 5.2.2. - [Release notes](https://github.com/JedWatson/react-select/releases) - [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md) - [Commits](https://github.com/JedWatson/react-select/compare/react-select@5.2.1...react-select@5.2.2) --- updated-dependencies: - dependency-name: react-select dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	95d63271be	Bump @babel/preset-env from 7.16.7 to 7.16.8 (#17317 ) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.16.7 to 7.16.8. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.8/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	11a97be4b1	Bump pkg-config from 1.4.6 to 1.4.7 (#17307 ) Bumps [pkg-config](https://github.com/ruby-gnome/pkg-config) from 1.4.6 to 1.4.7. - [Release notes](https://github.com/ruby-gnome/pkg-config/releases) - [Changelog](https://github.com/ruby-gnome/pkg-config/blob/master/NEWS) - [Commits](https://github.com/ruby-gnome/pkg-config/compare/1.4.6...1.4.7) --- updated-dependencies: - dependency-name: pkg-config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	18cf973345	Bump active_model_serializers from 0.10.12 to 0.10.13 (#17305 ) Bumps [active_model_serializers](https://github.com/rails-api/active_model_serializers) from 0.10.12 to 0.10.13. - [Release notes](https://github.com/rails-api/active_model_serializers/releases) - [Changelog](https://github.com/rails-api/active_model_serializers/blob/v0.10.13/CHANGELOG.md) - [Commits](https://github.com/rails-api/active_model_serializers/compare/v0.10.12...v0.10.13) --- updated-dependencies: - dependency-name: active_model_serializers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	eefa287d59	Bump follow-redirects from 1.14.4 to 1.14.7 (#17285 ) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.7. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.7) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	8f8f4ab099	Bump jest from 27.4.5 to 27.4.7 (#17279 ) Bumps [jest](https://github.com/facebook/jest) from 27.4.5 to 27.4.7. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/compare/v27.4.5...v27.4.7) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago
dependabot[bot]	ecfed4f3e5	Bump rspec_junit_formatter from 0.5.0 to 0.5.1 (#17275 ) Bumps [rspec_junit_formatter](https://github.com/sj26/rspec_junit_formatter) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/sj26/rspec_junit_formatter/releases) - [Changelog](https://github.com/sj26/rspec_junit_formatter/blob/main/CHANGELOG.md) - [Commits](https://github.com/sj26/rspec_junit_formatter/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: rspec_junit_formatter dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 years ago

1 2 3 4 5 ...

14596 Commits (a9269f8786033eecf0ad307c75f5717c5ab468a2) All Branches Search

14596 Commits (a9269f8786033eecf0ad307c75f5717c5ab468a2)

All Branches