Commit graph

9952 commits

Author SHA1 Message Date
ThibG
3f12a0b8fd Fix leaking private statuses the admin account follows (#11300)
Now that the request is signed, it can return private toots. Do not leak them.
2019-07-15 02:29:04 +02:00
ThibG
955b28b6c9 Merge pull request #1161 from ThibG/glitch-soc/cherry-pick-upstream
Cherry pick changes from upstream
2019-07-15 01:04:31 +02:00
PatOnTheBack
c99c0c5403 Bump handlebars from 4.1.0 to 4.1.2 (#11293)
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.0 to 4.1.2.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.0...v4.1.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
838b0e2e5f Bump rubocop-rails from 2.0.1 to 2.2.0 (#11257)
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.0.1 to 2.2.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.0.1...v2.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
han@highemelry
eed19aa8be Change the retry limit in error of web push notification (#11292)
- Change the maximum count of retry for web push notification (Default -> 5).
   - In case of high load of subscribe server, the retries will be repeated many times.
   - Because the retries occupy the default queue, maximum retry count should be reduced.
2019-07-15 00:48:50 +02:00
ThibG
33545631e1 Fix BlockService trying to reject incorrect follow request (#11288)
Fixes #11148
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
cdac582517 [Security] Bump lodash from 4.17.11 to 4.17.13 (#11287)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
ThibG
e31bedc3a8 Fix Status.remote scope matching *all* statuses (#11265) 2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
c4a6b6568f Bump faker from 1.9.3 to 1.9.6 (#11259)
Bumps [faker](https://github.com/stympy/faker) from 1.9.3 to 1.9.6.
- [Release notes](https://github.com/stympy/faker/releases)
- [Changelog](https://github.com/stympy/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stympy/faker/compare/v1.9.3...1.9.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
083d89b455 Bump simplecov from 0.16.1 to 0.17.0 (#11260)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.16.1...v0.17.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
e821966494 Bump aws-sdk-s3 from 1.43.0 to 1.45.0 (#11262)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.43.0 to 1.45.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.43.0...v1.45.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
517123911c Bump tzinfo-data from 1.2019.1 to 1.2019.2 (#11258)
Bumps [tzinfo-data](https://github.com/tzinfo/tzinfo-data) from 1.2019.1 to 1.2019.2.
- [Release notes](https://github.com/tzinfo/tzinfo-data/releases)
- [Commits](https://github.com/tzinfo/tzinfo-data/compare/v1.2019.1...v1.2019.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
d595655842 Bump eslint-plugin-react from 7.12.1 to 7.14.2 (#11253)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.12.1 to 7.14.2.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.12.1...v7.14.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
d0e50c19a7 Bump @babel/plugin-proposal-class-properties from 7.4.4 to 7.5.0 (#11254)
Bumps [@babel/plugin-proposal-class-properties](https://github.com/babel/babel) from 7.4.4 to 7.5.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.4.4...v7.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
dd20fef6d1 Bump compression-webpack-plugin from 2.0.0 to 3.0.0 (#11224)
Bumps [compression-webpack-plugin](https://github.com/webpack-contrib/compression-webpack-plugin) from 2.0.0 to 3.0.0.
- [Release notes](https://github.com/webpack-contrib/compression-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/compression-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/compression-webpack-plugin/compare/v2.0.0...v3.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
2ed4b13085 Bump intl-relativeformat from 2.2.0 to 6.4.2 (#11255)
Bumps [intl-relativeformat](https://github.com/formatjs/formatjs) from 2.2.0 to 6.4.2.
- [Release notes](https://github.com/formatjs/formatjs/releases)
- [Commits](https://github.com/formatjs/formatjs/compare/intl-relativeformat@2.2.0...intl-relativeformat@6.4.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
dependabot-preview[bot]
bbc829f902 Bump react-redux from 6.0.1 to 7.1.0 (#11256)
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 6.0.1 to 7.1.0.
- [Release notes](https://github.com/reduxjs/react-redux/releases)
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/react-redux/compare/v6.0.1...v7.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15 00:48:50 +02:00
ThibG
1d8a374f2a Fix BackupService crashing when an attachment is missing (#11241)
* Fix BackupService crashing when an attachment is missing

For various reasons such as admin error or out-of-sync media and
database backups, it might be possible for local attachments to be lost.

This commit allows the BackupService to continue its work even if some media
file is missing.

* Change error message
2019-07-15 00:48:49 +02:00
Georg Gadinger
852b0a9765 Update fuubar dependency to 2.4.1 (#11248)
See also: thekompanee/fuubar#111
2019-07-15 00:48:49 +02:00
Thibaut Girka
025cfdf901 Add link to edit each listed filter 2019-07-15 00:48:28 +02:00
Thibaut Girka
af4979e321 Make some strings translatable 2019-07-15 00:48:28 +02:00
Thibaut Girka
9339b4634e Minor refactoring 2019-07-15 00:48:28 +02:00
Thibaut Girka
59b8573907 Move the “Show why” button inline 2019-07-15 00:48:28 +02:00
Thibaut Girka
fde918bf92 Implement feature to add filtered phrases to content warnings 2019-07-15 00:48:28 +02:00
Thibaut Girka
0b23403d58 Implement option to completely hide filtered toots 2019-07-15 00:48:28 +02:00
Thibaut Girka
6476b7dabe Add options to configure filtering behavior 2019-07-15 00:48:28 +02:00
Thibaut Girka
67d1b0c997 Add a way to know why a status has been filtered, and show it anyway 2019-07-15 00:48:28 +02:00
Thibaut Girka
79e97d71d4 Do not keep polls pre-filled in thread mode 2019-07-15 00:41:09 +02:00
Thibaut Girka
4eb6457889 Fix error boundary CSS 2019-07-15 00:28:31 +02:00
PatOnTheBack
45be10c041 Bump handlebars from 4.1.0 to 4.1.2 (#11293)
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.0 to 4.1.2.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.0...v4.1.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-14 14:05:11 +09:00
dependabot-preview[bot]
4338666b5f Bump rubocop-rails from 2.0.1 to 2.2.0 (#11257)
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.0.1 to 2.2.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.0.1...v2.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-13 23:52:08 +09:00
Eugen Rochko
f70b20a01c Add a spam check (#11217)
* Add a spam check

* Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance

* Add more tests

* Add exemption when the message is a reply to something that mentions the sender

* Use Nilsimsa Compare Value instead of Levenshtein distance

* Use MD5 for messages shorter than 10 characters

* Add message to automated report, do not add non-public statuses to
automated report, add trust level to accounts and make unsilencing
raise the trust level to prevent repeated spam checks on that account

* Expire spam check data after 3 months

* Add support for local statuses, reduce expiration to 1 week, always create a report

* Add content warnings to the spam check and exempt empty statuses

* Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check

* Add all matched statuses into automatic report
2019-07-13 16:45:50 +02:00
han@highemelry
b6997d2622 Change the retry limit in error of web push notification (#11292)
- Change the maximum count of retry for web push notification (Default -> 5).
   - In case of high load of subscribe server, the retries will be repeated many times.
   - Because the retries occupy the default queue, maximum retry count should be reduced.
2019-07-12 18:46:21 +02:00
Eugen Rochko
39719ae981 Add ActivityPub secure mode (#11269)
* Add HTTP signature requirement for served ActivityPub resources

* Change `SECURE_MODE` to `AUTHORIZED_FETCH`

* Add 'Signature' to 'Vary' header and improve code style

* Improve code style by adding `public_fetch_mode?` method
2019-07-11 20:11:09 +02:00
ThibG
4bf0ee9467 Fix BlockService trying to reject incorrect follow request (#11288)
Fixes #11148
2019-07-11 14:50:27 +02:00
Eugen Rochko
317b79d673 Add HTTP signatures to all outgoing ActivityPub GET requests (#11284) 2019-07-11 14:49:55 +02:00
dependabot-preview[bot]
727472af94 [Security] Bump lodash from 4.17.11 to 4.17.13 (#11287)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-11 06:33:07 +02:00
Thibaut Girka
8184a7407d Fix report dialog crashing when a toot gets deleted
Fixes #1155
2019-07-10 19:53:31 +02:00
Eugen Rochko
6baf5099a6 Refactor fetching of remote resources (#11251) 2019-07-10 18:59:28 +02:00
ThibG
f9548fd31f Drop magic-public-key from webfinger replies as it's only used for OStatus (#11280) 2019-07-10 17:10:43 +02:00
ThibG
e39e4786b4 Fix handling of webfinger redirects in ResolveAccountService (#11279) 2019-07-10 17:10:12 +02:00
ThibG
80b5a5d735 Fix old migration script depending on the StreamEntry model (#11278) 2019-07-10 17:09:10 +02:00
Eugen Rochko
f83ce1d943 Fix activity being rendered within activity due to caching (#11271)
Fix #11270
2019-07-10 00:43:30 +02:00
Eugen Rochko
d0b0b63b1a Refactor domain block checks (#11268) 2019-07-09 03:27:35 +02:00
ThibG
5031bc3998 Fix Status.remote scope matching *all* statuses (#11265) 2019-07-08 18:17:22 +02:00
Eugen Rochko
e17c937f65 Remove unused remote unfollow controller (#11250) 2019-07-08 12:04:06 +02:00
Eugen Rochko
56f0203c66 Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 12:03:45 +02:00
dependabot-preview[bot]
608b927f5d Bump faker from 1.9.3 to 1.9.6 (#11259)
Bumps [faker](https://github.com/stympy/faker) from 1.9.3 to 1.9.6.
- [Release notes](https://github.com/stympy/faker/releases)
- [Changelog](https://github.com/stympy/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stympy/faker/compare/v1.9.3...1.9.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-08 18:29:00 +09:00
dependabot-preview[bot]
763d9b2ea3 Bump simplecov from 0.16.1 to 0.17.0 (#11260)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.16.1...v0.17.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-08 18:28:33 +09:00
dependabot-preview[bot]
08a75dad8e Bump aws-sdk-s3 from 1.43.0 to 1.45.0 (#11262)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.43.0 to 1.45.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.43.0...v1.45.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-08 18:26:41 +09:00