Conflicts:
- `package.json`:
Not really a conflict, upstream updated a dependency textually adjacent to a
glitch-soc-only one.
Updated the dependency as upstream did.
* Change RSS feeds
- Use date and time for titles instead of ellipsized text
- Use full content in body, even when there is a content warning
- Use media extensions
* Change feed icons and add width and height attributes to custom emojis
* Fix custom emoji animate on hover breaking
* Fix tests
Conflicts:
- `package.json`:
Not really a conflict, upstream updated a dependency textually adjacent to a
glitch-soc-only one.
Updated the dependency as upstream did.
Conflicts:
- `app/javascript/packs/admin.js`:
Conflicts due to glitch-soc's theming system.
Upstream changes have been ported to `app/javascript/core/admin.js`
- `app/models/trends/statuses.rb`:
Minor conflict due to glitch-soc's option to allow CWed toots in trends.
Ported upstream changes.
Conflicts:
- `package.json`:
Not a real conflict, upstream dependency updated textually too close to a
glitch-soc-only dependency.
Updated the upstream dependency.
* Fix PeerTube videos appearing with an erroneous “Edited at” marker
PeerTube videos have an `updated` field equal to `published`.
When processing an incoming activity that has the same value for `updated` and
`published`, assume this doesn't represent an actual edit.
* Please CodeClimate
Unfortunately, the database query could turn out very inefficient and I did not
manage to find a way to improve that. Furthermore, there were still behavior
inconsistencies between fetching the timeline from Redis and fetching it from
Postgres.
* Rework tests
* Add tests
* Fix HomeFeed#get with min_id fetching from database
* Minor code cleanup and optimizations
* Add tests
* Take DMs into account when fetching home TL from database
* Fix not listing own DMs in Home timeline
* Add tests
* Please CodeClimate
* Implement infinity home timeline
* Fix test for infinite home timeline
* Fix infinity home timeline with min_id
* Fix infinite home timeline duplicated statuses
* Codeclimate for infinite home timeline
* Refactor code as reviewed
* Fix redis sufficient check
* Fix typo on variable name
Conflicts:
- `app/controllers/concerns/sign_in_token_authentication_concern.rb`:
Upstream removed this file, while glitch-soc had changes to deal with
its theming system.
Removed the file like upstream did.
* Change post text edit to not be considered significant if it's identical after reformatting
* We don't need to clear previous change information anymore
* Require status edits to be explicit, except for poll tallies
* Fix tests
* Add some tests
* Add poll-related tests
* Add HTML-formatting related tests
* Fix /api/v1/admin/accounts
Compatibility was broken since #17009 which changed the underlying filter class
without changing the controller.
This commits restore support for the old parameters.
* Add /api/v2/admin/accounts with the new parameters
* Add tests
* Add missing filter for `silenced` status
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
* Remove obsolete RSS::Serializer test
Since #17828, RSS::Serializer no longer has specific code for deleted statuses,
but it is never called on deleted statuses anyway.
* Rename erroneously-named test files
* Fix failing test
* Fix test deprecation warnings
* Update CircleCI Ruby orb
1.4.0 has a bug that does not match all the test files due to incorrect
globbing
Conflicts:
- `app/lib/formatter.rb`:
Upstream completely refactored the formatting code and removed that file,
while glitch-soc had code for Markdown and HTML toots.
Took upstream code, glitch-soc changes will be re-implemented on top of the
refactored classes in a later commit.
- `app/models/status.rb`:
Upstream refactored status edit handling and moved code to
`app/models/concerns/status_snapshot_concern.rb`.
Applied glitch-soc's changes to that file.
- `app/serializers/activitypub/note_serializer.rb`:
Not really a conflict, just a line added too close to one modified by
glitch-soc.
Applied upstream changes while keeping the glitch-soc-modified one.
- `app/services/update_status_service.rb`:
Not really a conflict, upstream modified a line adjacent to one added by
glitch-soc.
Applied upstream changes while keeping the glitch-soc line.
- `app/views/statuses/_simple_status.html.haml`:
Upstream refactored formatting, glitch-soc changed the markup slightly.
Applied upstream changes.
- `spec/lib/formatter_spec.rb`:
Upstream completely refactored the formatting code and removed that file,
while glitch-soc had code for Markdown and HTML toots.
Took upstream code, glitch-soc changes will be re-implemented on top of the
refactored classes in a later commit.
* Fix edits with no actual changes being allowed locally
* Fix edits with no actual changes being allowed through ActivityPub
* Fix false positive changes caused by description processing in model
* Fix not recording poll expiration update
* Fix test
* Revert changes to ProcessStatusUpdateService
* Various fixes and improvements
* Fix code style issues
* Various changes and improvements
* Add guard clause
* Fix searching for an already-known status by URL not working
* Fix Update processing from statuses prior to 20220302232632
`ordered_media_attachment_ids_changed?` would return `true` when going from
`nil` to anything (including `[]`).
* Add tests
Conflicts:
- `app/models/status.rb`:
Upstream updated media and edit-related code textually close to glitch-soc
additions (local-only and content-type).
Ported upstream changes.
- `app/models/status_edit.rb`:
Upstream changes textually close to glitch-soc additions (content-type).
Ported upstream changes.
- `app/serializers/activitypub/note_serializer.rb`:
Upstream changed how media attachments are handled. Not really a conflict,
but textually close to glitch-soc additions (directMessage attribute).
Ported upstream changes.
- `app/services/remove_status_service.rb`:
Upstream changed how media attachments are handled. Not really a conflict,
but textually close to glitch-soc additions (DM timeline).
Ported upstream changes.
- `app/services/update_status_service.rb`:
Upstream fixed an issue with language selection. Not really a conflict,
but textually close to glitch-soc additions (content-type).
Ported upstream changes.
- `db/schema.rb`:
Upstream added columns to the `status_edits` table, the conflict is because
of an additional column (`content-type`) in glitch-soc.
Ported upstream changes.
- `package.json`:
Upstream dependency (express) textually adjacent to a glitch-soc-specific one
(favico.js) got updated.
Updated it as well.
* Change how changes to media attachments are stored for edits
Fix not being able to re-order media attachments
* Fix not broadcasting updates when polls/media is changed through ActivityPub
* Various fixes and improvements
* Update app/models/report.rb
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Add tracking of media attachment description changes
* Change poll in status edit to have a structure closer to the real one
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Change design of federation pages in admin UI
* Fix query performance in instance media attachments measure
* Fix reblogs being included in instance languages dimension
Conflicts:
- `app/controllers/settings/preferences_controller.rb`:
Conflicts due to us having more user settings and upstream dropping
`hide_network` (to replace it with an account attribute, properly migrated).
Dropped `hide_network` like upstream.
- `app/lib/user_settings_decorator.rb`:
Conflicts due to us having more user settings and upstream dropping
`hide_network` (to replace it with an account attribute, properly migrated).
Dropped `hide_network` like upstream.
- `app/models/status.rb`:
Conflict because of slight change in how glitch-soc handles the scope to
filter out local-only posts for anonymous viewers.
Took upstream's changes and re-applied glitch-soc's change.
- `app/models/user.rb`:
Conflicts due to us having more user settings and upstream dropping
`hide_network` (to replace it with an account attribute, properly migrated).
Dropped `hide_network` like upstream.
- `app/views/directories/index.html.haml`:
Conflict because upstream redesigned that page while glitch-soc had a minor
change to support hiding the number of followers.
Ported glitch-soc's change on top of upstream's redesign.
Additional changes:
- `app/models/account_statuses_filter.rb`:
See change to `app/models/status.rb`.
* Fix performance of account timelines
* Various fixes and improvements
* Fix duplicate results being returned
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix grouping for pinned statuses scope
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Add `/api/v1/accounts/familiar_followers` to REST API
* Change hide network preference to be stored consistently for local and remote accounts
* Add dummy classes to migration
* Apply suggestions from code review
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Redesign /about when already logged in
* Fix sign up form still showing when OMNIAUTH_ONLY is set
* Fix tests
* Change wording based on suggestions
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Conflicts:
- `app/views/admin/trends/links/index.html.haml`:
Not really a conflict, upstream change textually too close to a glitch-soc
change (removed `javascript_pack_tag` to accomodate for glitch-soc's theming
system).
Ported upstream changes.
- `app/views/admin/trends/links/preview_card_providers/index.html.haml`:
Not really a conflict, upstream change textually too close to a glitch-soc
change (removed `javascript_pack_tag` to accomodate for glitch-soc's theming
system).
Ported upstream changes.
- `app/views/admin/trends/statuses/index.html.haml`:
Not really a conflict, upstream change textually too close to a glitch-soc
change (removed `javascript_pack_tag` to accomodate for glitch-soc's theming
system).
Ported upstream changes.
- `app/views/admin/trends/tags/index.html.haml`:
Not really a conflict, upstream change textually too close to a glitch-soc
change (removed `javascript_pack_tag` to accomodate for glitch-soc's theming
system).
Ported upstream changes.
Conflicts:
- `app/models/account.rb`:
Not a real conflict, just upstream getting rid of unused constants too close
to glitch-soc-specific contents.
Removed unused constants like upstream did.
- `app/models/trends.rb`:
Conflict because glitch-soc disabled email notifications for trending links.
Upstream has refactored this quite a bit and added trending posts.
Took upstream code, but disabling the extra trending stuff will come in
another commit.
- `app/views/admin/trends/links/index.html.haml`:
Conflict due to glitch-soc's theming system.
Ported upstream changes accordingly.
* Add trending statuses
* Fix dangling items with stale scores in localized sets
* Various fixes and improvements
- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction
* Add tests for trending statuses filtering behaviour
* Fix not applying filtering scope in controller
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed the workflow a bit.
Conflict comes from us pushing to ghcr while upstream pushes to dockerhub.
Ported the upstream changes while still pushing to ghcr.
Conflicts:
- `db/schema.rb`:
Conflict due to glitch-soc adding the `content_type` column on status edits
and thus having a different schema version number.
Solved by taking upstream's schema version number, as it is higher than
glitch-soc's.
* Add appeals
* Add ability to reject appeals and ability to browse pending appeals in admin UI
* Add strikes to account page in settings
* Various fixes and improvements
- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes
* Change appealed_at to overruled_at
* Fix missing method error
* Change tests to have more specific expectations on sent ActivityPub payloads
* Check that payload doesn't actually contain the contents of the boosted toot
* Fix Undo Announce sometimes inlining the originally Announced status
sidekiq-bulk's push_bulk can either accept arguments directly or run them
through a block.
Setting expectations on the result of evaluating the blocks allows testing
more code (the block itself) and the test is moved closer to the *interface*
of the tested code than its precise implementation.
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
Upstream moved things around in a place where glitch-soc had support for
an extra parameter (`content_type`).
Follow upstream but reintroduce `content_type`.
* Add editing for published statuses
* Fix change of multiple-choice boolean in poll not resetting votes
* Remove the ability to update existing media attachments for now
Conflicts:
- `app/views/settings/preferences/appearance/show.html.haml`:
Upstream renamed some helper functions that were used in a part of the
settings page which glitch-soc slightly changed the layout of.
Ported the change.
* Fix structured data parsing from links choking on bad data
- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag
* Remove unnecessary slash escapes from CDATA regex pattern
Conflicts:
- `CHANGELOG.md`:
Upstream added newlines.
Conflicts are because the CHANGELOG was independently merged from 3.4.6 on
last security update.
Took upstream's version.
- `app/helpers/context_helper.rb`:
Conflicts because of extra vocabulary in glitch-soc. The conflicts were
actually handled in last security merge.
Kept our version.
* Fix error-prone SQL queries in Account search
While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.
This PR parameterises the `to_tsquery` input to make the query more robust.
* Harden code for Status#tagged_with_all and Status#tagged_with_none
Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.
* Remove unneeded spaces surrounding tsquery term
* Please CodeClimate
* Move advanced_search_for SQL template to its own function
This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.
* Add tests covering tagged_with, tagged_with_all and tagged_with_none
* Rewrite tagged_with_none to avoid multiple joins and make it more robust
* Remove obsolete brakeman warnings
* Revert "Remove unneeded spaces surrounding tsquery term"
The two queries are not strictly equivalent.
This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
* Fix followers synchronization mechanism not working when URI has empty path
To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.
Also adds tests and rename them to reflect the proper method names.
* Move url prefix regexp to its own constant
* Change account and user fabricators to simplify and improve tests
- `Fabricate(:account)` implicitly fabricates an associated `user` if
no `domain` attribute is given (an account with `domain: nil` is
considered a local account, but no user record was created), unless
`user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
but is discouraged.
* Fix and refactor tests
- avoid passing unneeded attributes to `Fabricate(:user)` or
`Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
way around
- prefer `Fabricate(:user, account_attributes: …)` to
`Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
not representative of production code.
Conflicts:
- `config/environments/production.rb`:
Upstream changed a header but we had different default headers.
Applied the same change, and also dropped HSTS headers redundant with
Rails'.
* Fix error-prone SQL queries in Account search
While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.
This PR parameterises the `to_tsquery` input to make the query more robust.
* Harden code for Status#tagged_with_all and Status#tagged_with_none
Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.
* Remove unneeded spaces surrounding tsquery term
* Please CodeClimate
* Move advanced_search_for SQL template to its own function
This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.
* Add tests covering tagged_with, tagged_with_all and tagged_with_none
* Rewrite tagged_with_none to avoid multiple joins and make it more robust
* Remove obsolete brakeman warnings
* Revert "Remove unneeded spaces surrounding tsquery term"
The two queries are not strictly equivalent.
This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
Conflicts:
- `app/lib/activitypub/activity/create.rb`:
Upstream refactored how `Create` activities are handled and how values are
extracted from `Create`d objects. This conflicted with how glitch-soc
supported the `directMessage` flag to explicitly distinguish between
limited and direct messages.
Ported glitch-soc's changes to latest upstream changes.
- `app/services/fan_out_on_write_service.rb`:
Upstream largely refactored that file and changed some of the logic.
This conflicted with glitch-soc's handling of the direct timeline and
the options to allow replies and boosts in public feeds.
Ported those glitch-soc changes on top of latest upstream changes.
- `app/services/process_mentions_service.rb`:
Upstream refactored to move mention-related ActivityPub deliveries to
`ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check
to not send local-only toots to remote mentioned users.
Took upstream's version, as the check is not needed anymore, since it is
performed at the `ActivityPub::DeliveryWorker` call site already.
- `app/workers/feed_insert_worker.rb`:
Upstream added support for `update` toot events, while glitch-soc had
support for an extra timeline support, `direct`.
Ported upstream changes and extended them to the `direct` timeline.
Additional changes:
- `app/lib/activitypub/parser/status_parser.rb`:
Added code to handle the `directMessage` flag and take it into account
to compute visibility.
- `app/lib/feed_manager.rb`:
Extended upstream's support of `update` toot events to glitch-soc's
`direct` timeline.
* Add support for editing for published statuses
* Fix references to stripped-out code
* Various fixes and improvements
* Further fixes and improvements
* Fix updates being potentially sent to unauthorized recipients
* Various fixes and improvements
* Fix wrong words in test
* Fix notifying accounts that were tagged but were not in the audience
* Fix mistake
Conflicts:
- `app/controllers/accounts_controller.rb`:
Upstream introduced support for private pinned toots, but glitch-soc's query
was a bit different as it filtered out local-only toots.
Used upstream's query, while adding local-only filtering back.
- `app/controllers/activitypub/collections_controller.rb`:
Same thing with regards to local-only posts.
- `app/validators/status_pin_validator.rb`:
Not a real conflict, but the line below was different in glitch-soc due to
the configurable pinned toots limit.
* Add admin option to remove canonical email blocks from a deleted account
* Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
Conflicts:
- `app/views/admin/pending_accounts/index.html.haml`:
Removed upstream, while it had glitch-soc-specific changes to accomodate
for glitch-soc's theming system.
Removed the file.
Additional changes:
- `app/views/admin/accounts/index.html.haml':
Accomodate for glitch-soc's theming system.
Conflicts:
- `.env.production.sample`:
Copied upstream changes.
- `app/controllers/settings/identity_proofs_controller.rb`:
Minor conflict due to glitch-soc's extra “enable_keybase” setting.
Upstream removed keybase support altogether, so did the same.
- `app/controllers/well_known/keybase_proof_config_controller.rb`:
Minor conflict due to glitch-soc's extra “enable_keybase” setting.
Upstream removed keybase support altogether, so did the same.
- `lib/mastodon/statuses_cli.rb`:
Minor conflict due to an optimization that wasn't shared between
the two versions. Copied upstream's version.
* Fix error when suspending user with an already-existing canonical email block
Fixes#17033
While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.
A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.
* Add tests
Conflicts:
- `app/views/admin/tags/index.html.haml`:
Removed upstream while it had changes in glitch-soc to accomodate for the
theming system.
Additional changes to accomodate for the theming system:
- `app/views/admin/trends/links/preview_card_providers/index.html.haml`
- `app/views/admin/trends/links/index.html.haml`
- `app/views/admin/trends/tags/index.html.haml`
- `app/views/admin/tags/show.html.haml`
* Add trending links
* Add overriding specific links trendability
* Add link type to preview cards and only trend articles
Change trends review notifications from being sent every 5 minutes to being sent every 2 hours
Change threshold from 5 unique accounts to 15 unique accounts
* Fix tests
* Fix error when suspending user with an already-existing canonical email block
Fixes#17033
While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.
A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.
* Add tests
* Change references to tootsuite/mastodon to mastodon/mastodon
* Remove obsolete test fixture
* Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG
And a few other places
* Fix anonymous access to outbox not being cached by the reverse proxy
Up until now, anonymous access to outbox was marked as public, but with a
0 duration for caching, which means remote proxies would only serve from cache
when the server was completely overwhelmed.
Changed that cache duration to one minute, so that repeated anonymous access
to one account's outbox can be appropriately cached.
Also added `Signature` to the `Vary` header in case a page is requested, so
that authenticated fetches are never served from cache (which only contains
public toots).
* Remove Vary: Accept header from webfinger controller
Indeed, we have stopped returning xrd, and only ever return jrd, so the
Accept request header does not matter anymore.
* Cache negative webfinger hits for 3 minutes
* Add tests
* Fix serialization of followers/following counts when user hides their network
Fixes#16382
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
* Add tests
* Fix some link previews being incorrectly generated from different prior links
PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can
be guessed from the URL. This caching mechanism is not perfectly correct as
there is no guarantee that all pages from a given domain share the same
OEmbed provider endpoint.
This PR prevents the FetchOEmbedService from caching OEmbed endpoint that
cannot be generalized by replacing a fully-qualified URL from the endpoint's
parameters, greatly reducing the number of incorrect cached generalizations.
* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
* Add tests
* Fix some link previews being incorrectly generated from different prior links
PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can
be guessed from the URL. This caching mechanism is not perfectly correct as
there is no guarantee that all pages from a given domain share the same
OEmbed provider endpoint.
This PR prevents the FetchOEmbedService from caching OEmbed endpoint that
cannot be generalized by replacing a fully-qualified URL from the endpoint's
parameters, greatly reducing the number of incorrect cached generalizations.
* Add support for fetching Create and Announce activities by URI
This should improve compatibility with ZAP and offer a way to fetch boosts,
which is currently not possible.
* Add tests
Claire
Tykayn