Commit graph

1280 commits

Author SHA1 Message Date
Claire
623d3d2e32
Change CSP directives on API to be tight and concise () 2022-12-15 16:40:32 +01:00
nametoolong
63b379c2d9
Fix N+1 queries from in NotificationsController ()
Co-authored-by: Nonexistent <nx@example.org>
2022-12-15 16:18:20 +01:00
Effy Elden
441cac758f
Allow adding relays while secure mode & limited federation mode are enabled () 2022-12-15 15:56:05 +01:00
Francis Murillo
5fb1c3e934
Revoke all authorized applications on password reset ()
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Francis Murillo
f6492a7c4d
Log admin approve and reject account ()
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2022-12-07 00:25:18 +01:00
Claire
69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters ()
Fixes 
2022-12-07 00:10:53 +01:00
Claire
68d1df8bc3
Fix some performance issues with /admin/instances ()
/admin/instances?availability=failing remains wholly unefficient
2022-12-01 10:32:10 +01:00
Claire
51a33ce77a
Fix not being able to follow more than one hashtag ()
Fixes regression from 
2022-11-21 10:35:09 +01:00
Claire
48e136605a
Fix form-action CSP directive for external login () 2022-11-17 22:59:07 +01:00
Claire
4ae97a2e4c
Fix OAuth flow being broken by recent CSP change () 2022-11-17 21:31:52 +01:00
lenore gilbert
c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes ()
* Allow import/export of instance-level domain blocks/allows ()

* Allow import/export of instance-level domain blocks/allows.
Fixes 

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit 94e98864e3)

* Add confirmation page when importing blocked domains ()

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit b91196f4b7)

* Fix authorization check in domain blocks controller

(cherry picked from commit 7527937758)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 9094c2f52c)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 26ff48ee48)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-17 11:05:09 +01:00
Claire
cbb0153bd0
Fix invalid/empty RSS feed link on account pages ()
Fixes 
2022-11-17 10:58:33 +01:00
trwnh
7fdeed5fbc
Make tag following idempotent () 2022-11-17 10:55:59 +01:00
Claire
00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users ()
Fixes 
2022-11-17 10:55:23 +01:00
trwnh
e1f819fd78
Fix pagination of followed tags ()
* Fix missing pagination headers on followed tags

* Fix typo
2022-11-17 10:54:10 +01:00
Daniel Axtens
4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations ()
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2022-11-16 04:56:30 +01:00
trwnh
b59ce0a60f
Move V2 Filter methods under /api/v2 prefix ()
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2022-11-14 08:34:07 +01:00
Eugen Rochko
b31afc6294
Fix error when passing unknown filter param in REST API ()
Fix 
2022-11-14 08:06:06 +01:00
Eugen Rochko
167d86d21d
Fix role_ids not accepting arrays in admin API ()
Fix 
2022-11-14 06:56:15 +01:00
Claire
86f6631d28
Remove dead code and refactor status threading code ()
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2022-11-10 22:30:00 +01:00
Claire
1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits () 2022-11-10 21:06:08 +01:00
James Tucker
78a6b871fe
Improve performance by avoiding regex construction ()
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2022-11-10 05:49:30 +01:00
Eugen Rochko
0cd0786aef
Revert filtering public timelines by locale by default () 2022-11-10 05:34:42 +01:00
trwnh
89e1974f30
Make account endorsements idempotent (fix ) ()
* Make account endorsements idempotent (fix )

* Accept suggestion to use exists? instead of find_by + nil check

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* fix logic (unless, not if)

* switch to using `find_or_create_by!`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-11-08 16:39:15 +01:00
trwnh
68d9dcd425
Fix uncaught 500 error on invalid replies_policy (Fix ) () 2022-11-08 16:37:28 +01:00
Claire
1e1289b024
Fix crash when external auth provider has no display_name set ()
Fixes 
2022-11-07 15:43:24 +01:00
Claire
4cb2323458
Fix crash in legacy filter creation controller () 2022-11-07 03:38:53 +01:00
Eugen Rochko
3a41fccc43
Change AUTHORIZED_FETCH to not block unauthenticated REST API access ()
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2022-11-05 22:56:03 +01:00
Claire
c2170991c7
Fix reblogs being discarded after the reblogged status () 2022-11-04 16:31:44 +01:00
Claire
125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails ()
Fixes 
2022-11-02 18:50:21 +01:00
Eugen Rochko
15bae3e0e4
Change post-processing to be deferred only for large media types () 2022-11-01 15:27:58 +01:00
Claire
bb1ef11c30
Change featured hashtag deletion to be done synchronously () 2022-10-31 16:31:44 +01:00
Eugen Rochko
26478f461c
Remove language filtering from hashtag timelines () 2022-10-30 21:29:23 +01:00
Claire
a529d6d93e
Fix invites ()
Fixes 

Fix regression from 
2022-10-30 19:04:39 +01:00
Eugen Rochko
276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete ()
Fix 
2022-10-30 02:43:57 +02:00
Eugen Rochko
5724da0780
Fix language not being saved when editing status ()
Fix 
2022-10-30 02:43:27 +02:00
Eugen Rochko
3e18e05330
Fix uncaught error when invalid date is supplied to API ()
Fix 
2022-10-27 14:30:52 +02:00
Eugen Rochko
f8ca3bb2a1
Add ability to view previous edits of a status in admin UI ()
* Add ability to view previous edits of a status in admin UI

* Change moderator access to posts to be controlled by a separate policy
2022-10-26 13:42:29 +02:00
Eugen Rochko
1ae508bf2f
Change unauthenticated search to not support pagination in REST API ()
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2022-10-26 12:10:02 +02:00
Eugen Rochko
487d81fb92
Fix IP blocks not having a unique index () 2022-10-25 21:43:44 +02:00
Yamagishi Kazutoshi
45d3b32488
Fix Settings::FeaturedTagsController ()
Regression from 
2022-10-22 23:14:58 +02:00
Takeshi Umeda
74ead7d106
Change featured tag updates to add/remove activity ()
* Change featured tag updates to add/remove activity

* Fix to check for the existence of feature tag

* Rename service and worker

* Merge AddHashtagSerializer with AddSerializer

* Undo removal of sidekiq_options
2022-10-22 18:30:55 +02:00
Eugen Rochko
7c152acb2c
Change settings area to be separated into categories in admin UI ()
And update all descriptions
2022-10-22 11:44:41 +02:00
Eugen Rochko
839f893168
Change public accounts pages to mount the web UI ()
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Takeshi Umeda
b0e3f0312c
Add synchronization of remote featured tags ()
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27b104ded2df6bb5665132dc24dab09c.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2022-10-20 09:15:52 +02:00
prplecake
c618d3a0a5
Make "No $entity selected" errors more accurate ()
Previously all controllers would use the single "No accounts changed as
none were selected" message. This commit changes them to read "tags",
"posts", "emojis", etc. where necessary.
2022-10-15 00:20:54 +02:00
Eugen Rochko
1bd00036c2
Change about page to be mounted in the web UI () 2022-10-13 14:42:37 +02:00
Eugen Rochko
45ebdb72ca
Add support for language preferences for trending statuses and links () 2022-10-08 16:45:40 +02:00
Eugen Rochko
a2ba011326
Change privacy policy to be rendered in web UI, add REST API ()
Source string no longer localized, Markdown instead of raw HTML
2022-10-08 06:01:11 +02:00
Eugen Rochko
93f340a4bf
Remove setting that disables account deletes () 2022-10-06 10:16:47 +02:00