Commit Graph

881 Commits

Author SHA1 Message Date
Eugen Rochko
dbb1ee269f
Improve e-mail MX validator and add tests (#9489) 2018-12-10 22:53:25 +01:00
ysksn
ed24bb2c3e Add specs for activitypub collections controller (#9484)
* Add specs for ActivityPub::CollectionsController#show

* Raise ActiveRecord::RecordNotFound

Raising ActiveRecord::NotFound raises NameError: uninitialized constant
ActiveRecord::NotFound.
2018-12-10 21:39:25 +01:00
ysksn
6eae8f77af Add spec for Admin::SuspentionsController#new (#9483) 2018-12-10 21:38:21 +01:00
ysksn
361818e931 Fix Admin::TagsController#unhide (#9481) 2018-12-10 21:37:38 +01:00
ysksn
ae3d2f446a Add specs for Admin::InvitesController (#9471) 2018-12-10 01:19:28 +09:00
ysksn
dfd123d5b3 Remove pending spec (#9453) 2018-12-07 16:53:55 +01:00
ysksn
d3547fa005 Add specs for ActivityPub::InboxesController (#9456) 2018-12-07 16:40:01 +01:00
ysksn
88b3eed16f Add specs for Admin::AccountModerationNotesHelper (#9455) 2018-12-07 16:39:20 +01:00
ysksn
57bb62d5cf Remove pending spec (#9454)
Since dots are not allowed in username,
this spec is no longer needed.
2018-12-07 16:38:50 +01:00
ysksn
51cbd045da Add specs for AccountTagStat model (#9452) 2018-12-07 16:37:56 +01:00
Eugen Rochko
73be8f38c1
Add profile directory (#9427)
Fix #5578
2018-12-06 17:36:11 +01:00
ysksn
155cf12680 Remove pending spec (#9442)
`#from_account` isn't defined.
2018-12-06 17:39:15 +09:00
ysksn
e2910dff12 Add spec for Identity.find_for_oauth (#9441) 2018-12-06 17:38:49 +09:00
ThibG
e88c6a5c3c Fix thread depth computation in statuses_controller (#9426)
* Add test that should currently fail

* Fix depth computation (will still fail if statuses have been filtered out)

* Fix handling of broken threads
2018-12-05 02:12:29 +01:00
ThibG
395615d9f3 Allow hyphens in the middle of remote user names (#9345)
Fixes #9309

This only allows hyphens in the middle of a username, much like dots,
although I don't have a compelling reason to do so other than keeping
the changes minimal.
2018-11-27 12:28:01 +01:00
Eugen Rochko
73faadad28
Redesign admin accounts index (#9340)
* Improve overview of accounts in admin UI

- Display suspended status, role, last activity and IP prominently
- Default to showing local accounts
- Default to not showing suspended accounts

* Remove unused strings

* Fix tests

* Allow filtering accounts by IP mask
2018-11-26 15:53:27 +01:00
valerauko
db9aea34de Ensure replied-to is a status not a boost (#9129)
* Ensure replied-to is a status not a boost

* Consider case of not a reply

* Add test case for replying to boost

* Move reblog-reply resolution to model

* Remove unnecessary comment
2018-11-25 16:35:21 +01:00
Eugen Rochko
0eaf6d7693
Sort self-replies to the top of descendants (#9320)
Fix #6463
2018-11-24 20:48:50 +01:00
Eugen Rochko
fd8145d232
Fix connect timeout not being enforced (#9329)
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
2018-11-22 20:12:04 +01:00
valerauko
824497fbce Ignore JSON-LD profile in mime type comparison (#9179)
Ignore JSON-LD profile in mime type comparison
2018-11-22 12:49:07 +01:00
Eugen Rochko
d6b9a62e0a
Extract counters from accounts table to account_stats table (#9295) 2018-11-19 00:43:52 +01:00
Eugen Rochko
8069fd636b
Remove intermediary arrays when creating hash maps from results (#9291) 2018-11-16 15:02:18 +01:00
Eugen Rochko
6d59dfa15d
Optimize the process of following someone (#9220)
* Eliminate extra accounts select query from FollowService

* Optimistically update follow state in web UI and hide loading bar

Fix #6205

* Asynchronize NotifyService in FollowService

And fix failing test

* Skip Webfinger resolve routine when called from FollowService if possible

If an account is ActivityPub, then webfinger re-resolving is not necessary
when called from FollowService. Improve options of ResolveAccountService
2018-11-08 21:05:42 +01:00
James Kiesel
4c03e05a4e Allow joining several hashtags in a single column (#8904)
* Nascent tag menu on frontend

* Hook up frontend to search

* Tag intersection backend first pass

* Update yarnlock

* WIP

* Fix for tags not searching correctly

* Make radio buttons function

* Simplify radio buttons with modeOption

* Better naming

* Rearrange options

* Add all/any/none functionality on backend

* Small PR cleanup

* Move to service from scope

* Small cleanup, add proper service tests

* Don't use send with user input :D

* Set appropriate column header

* Handle auto updating timeline

* Fix up toggle function

* Use tag value correctly

* A bit more correct to use 'self' rather than 'all' in status scope

* Fix some style issues

* Fix more code style issues

* Style select dropdown more better

* Only use to_id'ed value to ensure no SQL injection

* Revamp frontend to allow for multiple selects

* Update backend / col header to account for more flexible tagging

* Update brakeman ignore

* Codeclimate suggestions

* Fix presenter tag_url

* Implement initial PR feedback

* Handle additional tag streaming

* CodeClimate tweak
2018-11-05 18:53:25 +01:00
Eugen Rochko
ce2ee68b64
Revert "Fix FetchAtomService content type handling (#9132)" (#9171)
This reverts commit c36a4a1617.
2018-10-31 00:43:34 +01:00
valerauko
c36a4a1617 Fix FetchAtomService content type handling (#9132)
* Add profile to json+ld in Accept

It's required by the ActivityPub spec

* Use headers['Content-type'] instead of mime_type

mime_type strips the profile from the content type, but it's still available raw in the headers hash

* Add test for ld+json with profile
2018-10-30 15:07:57 +01:00
ThibG
33a71e8f7c Do not hide boost notifications from followed people with hidden boosts (#9147)
* Do not hide boost notifications from followed people with hidden boosts

Not displaying boosts from a followed user in the Home timeline and not
having notifications when they reblog your own content are two very
separate concerns, tying them together seem counter-intuitive and unwanted.

* Update specs accordingly
2018-10-30 00:47:31 +01:00
Eugen Rochko
b40ea6d1d4
Bump sanitize from 4.6.6 to 5.0.0 (#9140) 2018-10-29 14:05:25 +01:00
takayamaki
33976c8ecc fix: Execute PAM authentication tests on CircleCI (#9029)
and use 'if' option of context block
2018-10-20 17:28:04 +02:00
Eugen Rochko
d5bfba3262
Do not test PAM authentication by default (#9027)
* Do not test PAM authentication by default

* Disable PAM tests if PAM is not enabled
2018-10-20 07:32:26 +02:00
Eugen Rochko
ddd30f331c
Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00
Eugen Rochko
21ad21cb50
Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 00:15:55 +02:00
ashleyhull-versent
f194857ac9 rubocop issues - Cleaning up (#8912)
* cleanup pass

* undo mistakes

* fixed.

* revert
2018-10-08 04:50:11 +02:00
ashleyhull-versent
2dba313100 Replace SVG asset with Custom mascot (#8766) 2018-10-08 00:20:45 +02:00
Eugen Rochko
774ac47373
Add conversations API (#8832)
* Add conversations API

* Add web UI for conversations

* Add test for conversations API

* Add tests for ConversationAccount

* Improve web UI

* Rename ConversationAccount to AccountConversation

* Remove conversations on block and mute

* Change last_status_id to be a denormalization of status_ids

* Add optimistic locking
2018-10-07 23:44:58 +02:00
Jeong Arm
144d73730d Leave unknown language as nil if account is remote (#8861)
* Force use language detector if account is remote

* Set unknown remote toot's language as nil
2018-10-05 19:17:46 +02:00
aus-social
0a4739c732 lint pass 2 (#8878)
* Code quality pass

* Typofix

* Update applications_controller_spec.rb

* Update applications_controller_spec.rb
2018-10-04 17:38:04 +02:00
Eugen Rochko
a46ab86adf
Limit the number of people that can be followed from one account (#8807)
Configurable soft limit of 7,500, and above that, configurable
ratio of 1.1 * followers, controlled by:

- MAX_FOLLOWS_THRESHOLD
- MAX_FOLLOWS_RATIO

Fix #2311
2018-10-04 17:36:11 +02:00
Eugen Rochko
e645ae9561
Change admin accounts default sort to most recent (#8813) 2018-10-04 16:05:38 +02:00
Eugen Rochko
7fe137d2f7
Fix link verification for remote accounts (#8868) 2018-10-04 15:47:03 +02:00
aus-social
1f98eae1cf Lint pass (#8876) 2018-10-04 12:36:53 +02:00
Eugen Rochko
f0fff3eb10
Support min_id-based pagination in REST API (#8736)
* Allow min_id pagination in Feed#get

* Add min_id pagination to home and list timeline APIs

* Add min_id pagination to account statuses, public and tag APIs

* Remove unused stub in reports API

* Use min_id pagination in notifications, favourites, and fix order

* Fix HomeFeed#from_database not using paginate_by_id
2018-09-28 02:23:45 +02:00
Eugen Rochko
3d7f68c273
Revert Font Awesome 5 upgrade (#8810)
* Revert "Fix some icon names changed by the Font Awesome 5. (#8796)"

This reverts commit 3f9ec3de82.

* Revert "Migrate to font-awesome 5.0. (#8799)"

This reverts commit 8bae14591b.

* Revert "Fix some icons names, unavailable in fontawesome5 (free license). (#8792)"

This reverts commit b9c727a945.

* Revert "Update the icon name changed by the Font Awesome 5. (#8776)"

This reverts commit 17af4d27da.

* Revert "Add bot icon to bot avatars and migrate to newer version of Font Awesome (#8484)"

This reverts commit 4b794e134d.
2018-09-28 02:11:14 +02:00
Naoki Kosaka
8bae14591b Migrate to font-awesome 5.0. (#8799) 2018-09-27 17:08:56 +02:00
ThibG
c39183cc62 Refactor active_nav_class for use with multiple paths (#8757) 2018-09-23 20:42:13 +02:00
Eugen Rochko
f92f1ee80a
Support link verification with redirects (#8735)
(e.g. URL shortener)
2018-09-20 00:10:35 +02:00
Yamagishi Kazutoshi
3da1cc7d5e Fix failed profile verification when rel attribute including values other than me (#8733) 2018-09-19 16:47:31 +02:00
Eugen Rochko
f4d549d300
Redesign forms, verify link ownership with rel="me" (#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
luzpaz
40dd19be37 Misc. typos (#8694)
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-14 00:53:09 +02:00
Eugen Rochko
2288d50a7b
Add force_login option to OAuth authorize page (#8655)
* Add force_login option to OAuth authorize page

For when a user needs to sign into an app from multiple accounts
on the same server

* When logging out from modal header, redirect back after re-login
2018-09-09 04:10:44 +02:00