Claire
ac583fce21
Fix some old migration scripts ( #17394 )
...
* Fix some old migration scripts
* Fix edge case in two-step migration from older releases
3 years ago
Claire
f5639e1cbe
Change public profile pages to be disabled for unconfirmed users ( #17385 )
...
Fixes #17382
Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
3 years ago
Claire
2ba6267f16
Merge pull request #1668 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
94a39f6b68
Fix Sidekiq warning when pushing DMs to direct timeline
3 years ago
Claire
b2915613fb
Merge branch 'main' into glitch-soc/merge-upstream
...
Conflicts:
- `Gemfile.lock`:
Upstream-updated lib textually too close to glitch-soc-only dep.
Updated like upstream.
3 years ago
Claire
e38fc319dc
Refactor and improve tests ( #17386 )
...
* Change account and user fabricators to simplify and improve tests
- `Fabricate(:account)` implicitly fabricates an associated `user` if
no `domain` attribute is given (an account with `domain: nil` is
considered a local account, but no user record was created), unless
`user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
but is discouraged.
* Fix and refactor tests
- avoid passing unneeded attributes to `Fabricate(:user)` or
`Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
way around
- prefer `Fabricate(:user, account_attributes: …)` to
`Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
not representative of production code.
3 years ago
Claire
03d59340da
Fix Sidekiq warnings about JSON serialization ( #17381 )
...
* Fix Sidekiq warnings about JSON serialization
This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.
See https://github.com/mperham/sidekiq/pull/5071
We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.
* Set Sidekiq to raise on unsafe arguments in test mode
In order to more easily catch issues that would produce warnings in production
code.
3 years ago
Claire
14c69a535b
Fix some old database migrations ( #17379 )
3 years ago
dependabot[bot]
4942a7ce86
Bump pg from 1.2.3 to 1.3.0 ( #17349 )
...
Bumps [pg](https://github.com/ged/ruby-pg ) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/ged/ruby-pg/releases )
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc )
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0 )
---
updated-dependencies:
- dependency-name: pg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
497b8eedda
Bump axios from 0.24.0 to 0.25.0 ( #17354 )
...
Bumps [axios](https://github.com/axios/axios ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
df78d83e95
Bump rdf-normalize from 0.4.0 to 0.5.0 ( #17226 )
...
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases )
- [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0 )
---
updated-dependencies:
- dependency-name: rdf-normalize
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Claire
ad6ddb9bdd
Merge branch 'main' into glitch-soc/merge-upstream
...
Conflicts:
- `config/environments/production.rb`:
Upstream changed a header but we had different default headers.
Applied the same change, and also dropped HSTS headers redundant with
Rails'.
3 years ago
Claire
166cc5b89d
Fix local distribution of edited statuses ( #17380 )
...
Because `FanOutOnWriteService#update?` was broken, edits were considered as new
toots and a regular `update` payload was sent.
3 years ago
Su Yang
10188c7db7
Add healthcheck for sidekiq ( #17365 )
3 years ago
Eugen Rochko
6505b39e5d
Fix poll updates being saved as status edits ( #17373 )
...
Fix #17344
3 years ago
Claire
5893019937
Merge pull request #1667 from ClearlyClaire/glitch-soc/fixes/hcaptcha-text
...
Improve explanations around the hCaptcha feature
3 years ago
Claire
b768a4dea9
Add link to /about/more to the CAPTCHA verification page
3 years ago
Claire
7c2204314a
Add some explanation text on the CAPTCHA confirmation page
3 years ago
Claire
f997a5463b
Add mention of accessibility issues to hCaptcha option in admin page
3 years ago
Claire
129bc42979
Merge pull request #1665 from ClearlyClaire/glitch-soc/features/hcaptcha
...
Add optional hCaptcha support
3 years ago
Claire
b7cf3941b3
Change CAPTCHA handling to be only on email verification
...
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
3 years ago
Claire
0fb907441c
Add ability to set hCaptcha either on registration form or on e-mail validation
...
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
3 years ago
Claire
a9269f8786
Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabled
...
This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
3 years ago
dependabot[bot]
bebf9bf33f
Bump sass from 1.48.0 to 1.49.0 ( #17352 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.48.0...1.49.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
f0d73d82f8
Bump json-ld-preloaded from 3.1.6 to 3.2.0 ( #17353 )
...
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded ) from 3.1.6 to 3.2.0.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases )
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.6...3.2.0 )
---
updated-dependencies:
- dependency-name: json-ld-preloaded
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
7b2c733dfc
Bump fabrication from 2.23.1 to 2.24.0 ( #17356 )
...
Bumps [fabrication](https://github.com/paulelliott/fabrication ) from 2.23.1 to 2.24.0.
- [Release notes](https://github.com/paulelliott/fabrication/releases )
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown )
- [Commits](https://github.com/paulelliott/fabrication/commits )
---
updated-dependencies:
- dependency-name: fabrication
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
cea00f593e
Bump sidekiq from 6.3.1 to 6.4.0 ( #17350 )
...
Bumps [sidekiq](https://github.com/mperham/sidekiq ) from 6.3.1 to 6.4.0.
- [Release notes](https://github.com/mperham/sidekiq/releases )
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md )
- [Commits](https://github.com/mperham/sidekiq/compare/v6.3.1...v6.4.0 )
---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
69cb20bca4
Bump @babel/plugin-transform-runtime from 7.16.8 to 7.16.10 ( #17361 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.16.8 to 7.16.10.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.16.10/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
daf2d8952d
Bump cld3 from 3.4.3 to 3.4.4 ( #17357 )
...
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby ) from 3.4.3 to 3.4.4.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases )
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.4.3...v3.4.4 )
---
updated-dependencies:
- dependency-name: cld3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
2dfb67f0c9
Bump aws-sdk-s3 from 1.111.1 to 1.111.3 ( #17368 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.111.1 to 1.111.3.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
029d89bfea
Bump bootsnap from 1.10.1 to 1.10.2 ( #17367 )
...
Bumps [bootsnap](https://github.com/Shopify/bootsnap ) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/Shopify/bootsnap/releases )
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md )
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.10.1...v1.10.2 )
---
updated-dependencies:
- dependency-name: bootsnap
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
ee7fafe1c8
Bump node-fetch from 2.6.1 to 2.6.7 ( #17366 )
...
Bumps [node-fetch](https://github.com/node-fetch/node-fetch ) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases )
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7 )
---
updated-dependencies:
- dependency-name: node-fetch
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
2033ca6b31
Bump nanoid from 3.1.23 to 3.2.0 ( #17342 )
...
Bumps [nanoid](https://github.com/ai/nanoid ) from 3.1.23 to 3.2.0.
- [Release notes](https://github.com/ai/nanoid/releases )
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ai/nanoid/compare/3.1.23...3.2.0 )
---
updated-dependencies:
- dependency-name: nanoid
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
4b5629cc3d
Bump @babel/preset-env from 7.16.8 to 7.16.11 ( #17358 )
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.16.8 to 7.16.11.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.16.11/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
0d82c0359d
Bump rubocop from 1.24.1 to 1.25.0 ( #17322 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.24.1...v1.25.0 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
d528db801f
Bump @babel/core from 7.16.7 to 7.16.12 ( #17360 )
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.16.7 to 7.16.12.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.16.12/packages/babel-core )
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
808e7cd906
Bump rails from 6.1.4.1 to 6.1.4.4 ( #17159 )
...
* Bump rails from 6.1.4.1 to 6.1.4.4
Bumps [rails](https://github.com/rails/rails ) from 6.1.4.1 to 6.1.4.4.
- [Release notes](https://github.com/rails/rails/releases )
- [Commits](https://github.com/rails/rails/compare/v6.1.4.1...v6.1.4.4 )
---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Revert marcel to 1.0.1
Avoid some regression that need to be investigated
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Claire
bf351d72af
Disable captcha if registrations are disabled for various reasons
3 years ago
Claire
6a2f248fe4
Renew Rails session ID on successful registration
3 years ago
Claire
3f6a36168f
Fix tests
3 years ago
Claire
04050fbd46
Please CodeClimate
3 years ago
Claire
1b493c9fee
Add optional hCaptcha support
...
Fixes #1649
This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then
enabling the admin setting at
`/admin/settings/edit#form_admin_settings_captcha_enabled`
Subsequently, a hCaptcha widget will be displayed on `/about` and
`/auth/sign_up` unless:
- the user is already signed-up already
- the user has used an invite link
- the user has already solved the captcha (and registration failed for another
reason)
The Content-Security-Policy headers are altered automatically to allow the
third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same
rules as above.
3 years ago
Wonderfall
244726e2e8
disable legacy XSS filtering ( #17289 )
...
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
3 years ago
Claire
dd63923c0a
Fix link_to_login argument handling when a block is passed ( #17345 )
3 years ago
Claire
e58e0eb9aa
Merge pull request #1663 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
9483d0c6b2
[Glitch] Change `percent` to `rate` in retention metrics API
...
Port a63495230a
to glitch-soc
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Claire
4dd4fc2e5e
[Glitch] Fix text being incorrectly pre-selected in composer textarea on /share
...
Port 3a103cd317
to glitch-soc
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Claire
61ef81c548
Merge branch 'main' into glitch-soc/merge-upstream
...
Conflicts:
- `spec/models/status_spec.rb`:
Upstream added tests too close to glitch-soc-specific tests.
Kept both tests.
3 years ago
Claire
0a120d86d2
Fix error-prone SQL queries ( #15828 )
...
* Fix error-prone SQL queries in Account search
While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.
This PR parameterises the `to_tsquery` input to make the query more robust.
* Harden code for Status#tagged_with_all and Status#tagged_with_none
Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.
* Remove unneeded spaces surrounding tsquery term
* Please CodeClimate
* Move advanced_search_for SQL template to its own function
This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.
* Add tests covering tagged_with, tagged_with_all and tagged_with_none
* Rewrite tagged_with_none to avoid multiple joins and make it more robust
* Remove obsolete brakeman warnings
* Revert "Remove unneeded spaces surrounding tsquery term"
The two queries are not strictly equivalent.
This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
3 years ago
Claire
a63495230a
Change `percent` to `rate` in retention metrics API ( #16910 )
3 years ago