Commit graph

38492 commits

Author SHA1 Message Date
dependabot[bot]
173d2d27e5
Bump jest from 26.6.3 to 27.1.0 (#16376)
* Bump jest from 26.6.3 to 27.0.4

Bumps [jest](https://github.com/facebook/jest) from 26.6.3 to 27.0.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Set test environment for jest

* Remove unnecessary ext

* Bump jest from 27.0.4 to 27.1.0

* Remove --coverage option

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-08-28 09:58:04 +09:00
dependabot[bot]
516c97b6e5 Bump sidekiq from 6.2.1 to 6.2.2 (#16647)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 08:59:45 +09:00
dependabot[bot]
894605a68c
Bump sidekiq from 6.2.1 to 6.2.2 (#16647)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 08:59:45 +09:00
Claire
0e9be76fcb Merge pull request #1591 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-27 15:28:00 +02:00
Claire
e7e04b46d7
Merge pull request #1591 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-27 15:28:00 +02:00
dependabot[bot]
58ce453c86 Bump webpacker from 5.4.0 to 5.4.2 (#16648)
Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2)

---
updated-dependencies:
- dependency-name: webpacker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:43 +09:00
dependabot[bot]
42de346335
Bump webpacker from 5.4.0 to 5.4.2 (#16648)
Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2)

---
updated-dependencies:
- dependency-name: webpacker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:43 +09:00
dependabot[bot]
8a40b1b40a Bump faker from 2.18.0 to 2.19.0 (#16646)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:00 +09:00
dependabot[bot]
1c8ce9ae34
Bump faker from 2.18.0 to 2.19.0 (#16646)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:00 +09:00
dependabot[bot]
3e6c085559 Bump rubocop from 1.19.0 to 1.19.1 (#16649)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:46:28 +09:00
dependabot[bot]
89d62f23c8
Bump rubocop from 1.19.0 to 1.19.1 (#16649)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:46:28 +09:00
matildepark
694295f171 [Glitch] Fix follow request count to dynamically update
Port 28796d1342 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-27 11:31:09 +02:00
matildepark
39193be1c4 [Glitch] Fix follow request count to dynamically update
Port 79341d0f5f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-27 11:31:09 +02:00
Claire
d856b8f239 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-27 11:29:03 +02:00
Claire
463d23dfd5 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-27 11:29:03 +02:00
Truong Nguyen
567021abeb Explicitly set userVerification to discoraged (#16545) 2021-08-26 09:51:22 -05:00
Truong Nguyen
7283a5d3b9
Explicitly set userVerification to discoraged (#16545) 2021-08-26 09:51:22 -05:00
Claire
84566f17de Fix authentication failures after going halfway through a sign-in attempt (#16607)
* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25 22:52:41 +02:00
Claire
94bcf45321
Fix authentication failures after going halfway through a sign-in attempt (#16607)
* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25 22:52:41 +02:00
Daniel
8632cc7dc5 New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.

We need a new environment variable like for SAML to assume the email
from CAS is verified.

* config/initializers/omniauth.rb: define CAS option for assuming
  email are always verified.
* .env.nanobox: add new variable as an example.
2021-08-25 18:41:24 +02:00
Daniel
2ed1c92c63
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.

We need a new environment variable like for SAML to assume the email
from CAS is verified.

* config/initializers/omniauth.rb: define CAS option for assuming
  email are always verified.
* .env.nanobox: add new variable as an example.
2021-08-25 18:41:24 +02:00
dependabot[bot]
fc9f57c442 Bump rails from 6.1.4 to 6.1.4.1 (#16650)
Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-26 01:39:55 +09:00
dependabot[bot]
366e0b82db
Bump rails from 6.1.4 to 6.1.4.1 (#16650)
Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-26 01:39:55 +09:00
matildepark
28796d1342 Fix follow request count to dynamically update (#16652) 2021-08-25 17:46:29 +02:00
matildepark
79341d0f5f
Fix follow request count to dynamically update (#16652) 2021-08-25 17:46:29 +02:00
Daniel
eb30899df2 Fix undefined variable for Auth::OmniauthCallbacksController (#16654)
The addition of authentication history broke the omniauth login with
the following error:

  method=GET path=/auth/auth/cas/callback format=html
  controller=Auth::OmniauthCallbacksController action=cas status=500
  error='NameError: undefined local variable or method `user' for
  #<Auth::OmniauthCallbacksController:0x00000000036290>
  Did you mean?  @user' duration=435.93 view=0.00 db=36.19

* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
  name to `@user`
2021-08-25 17:40:56 +02:00
Daniel
5c21021176
Fix undefined variable for Auth::OmniauthCallbacksController (#16654)
The addition of authentication history broke the omniauth login with
the following error:

  method=GET path=/auth/auth/cas/callback format=html
  controller=Auth::OmniauthCallbacksController action=cas status=500
  error='NameError: undefined local variable or method `user' for
  #<Auth::OmniauthCallbacksController:0x00000000036290>
  Did you mean?  @user' duration=435.93 view=0.00 db=36.19

* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
  name to `@user`
2021-08-25 17:40:56 +02:00
dependabot[bot]
9c6cecb7a9 Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:53 +09:00
dependabot[bot]
4562ada4b9
Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:53 +09:00
dependabot[bot]
3f2ddcda8a Bump ws from 8.1.0 to 8.2.0 (#16636)
Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:38 +09:00
dependabot[bot]
dd096568d9
Bump ws from 8.1.0 to 8.2.0 (#16636)
Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:38 +09:00
dependabot[bot]
4cfa969d71 Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 (#16590)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:23 +09:00
dependabot[bot]
3ee038ac7d
Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 (#16590)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:23 +09:00
Claire
28d475cb1d Merge pull request #1589 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-20 16:30:21 +02:00
Claire
70909c5b09
Merge pull request #1589 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-20 16:30:21 +02:00
Claire
09d48e5d40 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 16:14:45 +02:00
Claire
1aca5ef9bc Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 16:14:45 +02:00
Claire
8965ccd208 Fix “discoverable” account setting being tied to profile directory (#16637) 2021-08-20 16:11:58 +02:00
Claire
3c45dfa0fe
Fix “discoverable” account setting being tied to profile directory (#16637) 2021-08-20 16:11:58 +02:00
Claire
032fa39093 Merge pull request #1588 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-20 14:26:14 +02:00
Claire
65b003cab8
Merge pull request #1588 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-20 14:26:14 +02:00
Claire
a47b6d409c [Glitch] Fix crash if a notification contains an unprocessed media attachment
Port 35a4765381 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20 13:14:59 +02:00
Claire
4f074b68ba [Glitch] Fix crash if a notification contains an unprocessed media attachment
Port 0c24c865b7 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20 13:14:59 +02:00
Claire
fbf7974e1c [Glitch] Fix download button color in audio player
Port 52e891ceaf to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20 13:14:03 +02:00
Claire
0e62c38b02 [Glitch] Fix download button color in audio player
Port aaf24d3093 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20 13:14:03 +02:00
Claire
9957c6e8cb Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 13:01:50 +02:00
Claire
4e2a8c9b38 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 13:01:50 +02:00
Peter Dave Hello
4f1a4dbd74 Make sure nginx always send HSTS header (#16633)
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308

As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.

Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
2021-08-20 10:54:11 +01:00
Peter Dave Hello
a2afcac7d9
Make sure nginx always send HSTS header (#16633)
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308

As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.

Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
2021-08-20 10:54:11 +01:00
Claire
b48cd23cf3 Add tests for SuspendAccountService and UnsuspendAccountService (#16627)
* Add tests for SuspendAccountService

* Add tests for UnsuspendAccountService
2021-08-20 10:53:33 +01:00