Commit Graph

660 Commits

Author SHA1 Message Date
Thibaut Girka
ce7d055d3c Merge branch 'master' into glitch-soc/merge-upstream 2019-03-28 18:35:25 +01:00
Alex Gessner
69141dca26 squashed identity proof updates (#10375) 2019-03-28 18:01:09 +01:00
Thibaut Girka
050efbc126 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/workers/activitypub/distribute_poll_update_worker.rb
- config/locales/pl.yml
2019-03-28 13:01:33 +01:00
Eugen Rochko
f1bc90ab50
Rename :poll to :preloadable_poll and :owned_poll to :poll on Status (#10401)
Also, fix some n+1 queries

Resolve #10365
2019-03-28 04:44:59 +01:00
Eugen Rochko
e86663b1da
Fix alternative relay support regression (#10398)
Fix #10324
2019-03-27 19:58:24 +01:00
Eugen Rochko
11fe293e1b
Remove unused ActivityPub @context values depending on response (#10378)
Fix #8078
2019-03-27 15:55:23 +01:00
Thibaut Girka
b9f314bba7 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- config/locales/es.yml
- config/locales/pl.yml
- config/locales/pt-BR.yml
2019-03-26 16:02:54 +01:00
Eugen Rochko
e6cfa7ab89
Change language detector threshold from 140 characters to 4 words (#10376)
Add `lang` attribute to statuses in web UI
2019-03-26 01:23:59 +01:00
Thibaut Girka
edd5441112 Merge branch 'master' into glitch-soc/merge-upstream 2019-03-22 13:05:17 +01:00
Eugen Rochko
3411fbef19
Improve config serializer for Keybase (#10338)
- Regex must no longer be surrounded by `/`
- Description must be short and cannot contain HTML tags
2019-03-21 23:33:28 +01:00
Thibaut Girka
cbf1d711ba Merge branch 'master' into glitch-soc/merge-upstream 2019-03-20 17:32:39 +01:00
ThibG
80f0910e21 Add support for custom emojis in poll options (#10322)
* Backend changes for custom emoji support in poll options

* Serialize poll emojis in REST API

* Render custom emojis in poll options

* Render custom emoji in poll options on public pages
2019-03-20 17:29:12 +01:00
Thibaut Girka
1d6152f440 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- config/locales/en.yml
  Conflict caused by the glitch-soc-specific “flavour” string being too close
  to the newly introduced “identity_proofs” string. Just included both.
2019-03-20 13:54:00 +01:00
Eugen Rochko
9c4cbdbafb
Add Keybase integration (#10297)
* create account_identity_proofs table

* add endpoint for keybase to check local proofs

* add async task to update validity and liveness of proofs from keybase

* first pass keybase proof CRUD

* second pass keybase proof creation

* clean up proof list and add badges

* add avatar url to keybase api

* Always highlight the “Identity Proofs” navigation item when interacting with proofs.

* Update translations.

* Add profile URL.

* Reorder proofs.

* Add proofs to bio.

* Update settings/identity_proofs front-end.

* Use `link_to`.

* Only encode query params if they exist.

URLs without params had a trailing `?`.

* Only show live proofs.

* change valid to active in proof list and update liveness before displaying

* minor fixes

* add keybase config at well-known path

* extremely naive feature flagging off the identity proof UI

* fixes for rubocop

* make identity proofs page resilient to potential keybase issues

* normalize i18n

* tweaks for brakeman

* remove two unused translations

* cleanup and add more localizations

* make keybase_contacts an admin setting

* fix ExternalProofService my_domain

* use Addressable::URI in identity proofs

* use active model serializer for keybase proof config

* more cleanup of keybase proof config

* rename proof is_valid and is_live to proof_valid and proof_live

* cleanup

* assorted tweaks for more robust communication with keybase

* Clean up

* Small fixes

* Display verified identity identically to verified links

* Clean up unused CSS

* Add caching for Keybase avatar URLs

* Remove keybase_contacts setting
2019-03-18 21:00:55 +01:00
Thibaut Girka
291012ec0c Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/accounts_controller.rb
- app/controllers/follower_accounts_controller.rb
- app/controllers/statuses_controller.rb

All conflicts caused by the additional `use_pack` used for glitch-soc's theming
system.
2019-03-18 18:03:27 +01:00
ThibG
a20354a20b Set and store report URIs (#10303)
Fixes #10271
2019-03-17 15:34:56 +01:00
Thibaut Girka
4df3b7cb06 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/settings/follower_domains_controller.rb
  Removed upstream. Did the same here. Maybe we should not have?
- config/locales/en.yml
  Upstream removed the “Authorized followers” page and associated
  translations. This is too close in the file to our glitch-soc-specific
  “flavour” string. No actual conflict.
- config/locales/ja.yml
  Same as above.
- config/locales/pl.yml
  Same as above.
- config/navigation.rb
  No real conflict. New route added too close to the glitch-soc-specific
  “flavours” one.
- config/webpack/configuration.js
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- config/webpack/loaders/babel.js
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
  The contents of this file have been moved to package.json.
- config/webpack/shared.js
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- config/webpacker.yml
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- jest.config.js
  The contents of this file have been moved to package.json.
- package.json
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- yarn.lock
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
2019-03-16 14:14:20 +01:00
Eugen Rochko
1b167707c2
Fix language detection of non-latin alphabets even at few characters (#10276) 2019-03-15 05:07:09 +01:00
Thibaut Girka
02062aab55 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/about_controller.rb
- app/controllers/tags_controller.rb
- app/views/about/show.html.haml
- spec/views/about/show.html.haml_spec.rb
2019-03-13 15:16:02 +01:00
Eugen Rochko
9f5b55ad4f
Fix poll update handler calling method was that was not available (#10246)
* Fix poll update handler calling method was that was not available

Fix regression from #10209

* Refactor VoteService

* Refactor ActivityPub::DistributePollUpdateWorker and optimize it

* Fix typo

* Fix typo
2019-03-12 22:58:59 +01:00
Thibaut Girka
f3e7634156 Merge branch 'master' into glitch-soc/merge-upstream 2019-03-11 17:31:02 +01:00
ThibG
79b00d294d Increase DNS timeouts (#10238) 2019-03-11 13:27:57 +01:00
Thibaut Girka
89bee860cd Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/services/post_status_service.rb
  Small conflict due to handling of instance-local toots.
  A subsequent change is required to ensure instance-local polls are not leaked
  through Update.
2019-03-11 11:23:50 +01:00
ThibG
3a92885a86 Support pushing and receiving updates to poll tallies (#10209)
* Process incoming poll tallies update

* Send Update on poll vote

* Do not send Updates for a poll more often than once every 3 minutes

* Include voters in people to notify of results update

* Schedule closing poll worker on poll creation

* Add new notification type for ending polls

* Add front-end support for ended poll notifications

* Fix UpdatePollSerializer

* Fix Updates not being triggered by local votes

* Fix tests failure

* Fix web push notifications for closing polls

* Minor cleanup

* Notify voters of both remote and local polls when those close

* Fix delivery of poll updates to mentioned accounts and voters
2019-03-11 00:49:31 +01:00
Thibaut Girka
5528719bc9 Merge branch 'master' into glitch-soc/merge-upstream 2019-03-08 00:57:13 +01:00
ThibG
3aaac4f134 Do not allow adding votes to expired polls (#10214)
* Do not allow adding votes to expired polls

* Only validate expires_at on create
2019-03-08 00:54:50 +01:00
Thibaut Girka
9c5e7805cc Merge branch 'master' into glitch-soc/merge-upstream 2019-03-07 13:24:30 +01:00
ThibG
34f261e6af Avoid unnecessarily fetching the replies collection when it is empty (#10201) 2019-03-07 01:50:37 +01:00
Thibaut Girka
f108c6a042 Merge branch 'master' into glitch-soc/merge-upstream 2019-03-06 00:03:46 +01:00
ThibG
efd0fb8088 Fix newlines in OStatus and RSS serializations (#10183) 2019-03-05 23:58:58 +01:00
Thibaut Girka
866496ac16 Merge branch 'master' into glitch-soc/merge-upstream 2019-03-05 21:40:28 +01:00
ThibG
636db1f54f When serializing polls over OStatus, serialize poll options to text (#10160)
* When serializing polls over OStatus, serialize poll options to text

* Do the same for RSS feeds

* Use “[ ] ” as a prefix for poll options instead of “- ”
2019-03-05 21:09:18 +01:00
Thibaut Girka
f513317ba2 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/models/status.rb
- db/schema.rb

Both conflicts are caused by us having extra database columns.
2019-03-05 19:23:16 +01:00
ThibG
833ffce2df Store remote votes URI (#10158)
* Store remote votes URI

* Add spec for accepting remote votes

* Make poll vote id generation work the same way as follows
2019-03-04 22:51:23 +01:00
Eugen Rochko
0e6998da3c
Add tests for ActivityPub poll processing (#10143) 2019-03-04 01:13:42 +01:00
Eugen Rochko
ae1b9cf70a
Fix remote poll expiration time (#10144) 2019-03-04 00:44:34 +01:00
Eugen Rochko
230a012f00
Add polls (#10111)
* Add polls

Fix #1629

* Add tests

* Fixes

* Change API for creating polls

* Use name instead of content for votes

* Remove poll validation for remote polls

* Add polls to public pages

* When updating the poll, update options just in case they were changed

* Fix public pages showing both poll and other media
2019-03-03 22:18:23 +01:00
Thibaut Girka
2267eee356 Merge branch 'master' into glitch-soc/merge-upstream 2019-02-28 21:35:53 +01:00
ThibG
d8498b3983 Give the replies collection an identifier and enable pagination (#10128) 2019-02-28 18:16:34 +01:00
ThibG
9d3c6f1849 Improved remote thread fetching (#10106)
* Fetch up to 5 replies when discovering a new remote status

This is used for resolving threads downwards. The originating
server must add a “replies” attributes with such replies for it to
be useful.

* Add some tests for ActivityPub::FetchRepliesWorker

* Add specs for ActivityPub::FetchRepliesService

* Serialize up to 5 public self-replies for ActivityPub notes

* Add specs for ActivityPub::NoteSerializer

* Move exponential backoff logic to a worker concern

* Fetch first page of paginated collections when fetching thread replies

* Add specs for paginated collections in replies

* Move Note replies serialization to a first CollectionPage

The collection isn't actually paginable yet as it has no id nor
a `next` field. This may come in another PR.

* Use pluck(:uri) instead of map(&:uri) to improve performances

* Fix fetching replies when they are in a CollectionPage
2019-02-28 15:22:21 +01:00
ThibG
9edab46368 Fix mention processing for unknwon accounts on incoming ActivityPub Notes (#10125)
`::FetchRemoteAccountService` is not `ActivityPub::FetchRemoteAccountService`,
its second argument is the pre-fetched body. Passing `id: false` actually passed
a `Hash` as the prefetched body, instead of properly resolving unknown remote
accounts.
2019-02-27 14:57:14 +01:00
Thibaut Girka
f6a4493a58 Merge branch 'master' into glitch-soc/merge-upstream 2019-02-17 15:43:12 +01:00
Eugen Rochko
1a1b8170bb
Fix Announce activities of unknown statuses not fetching those statuses (#10065)
Regression from #9998
2019-02-17 15:16:36 +01:00
Thibaut Girka
369a475a70 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/serializers/rest/instance_serializer.rb
- app/views/layouts/error.html.haml
- public/oops.png
  Took our version (same as upstream but without the things that only
  make sense in an animation).

Additional changes:
- app/javascript/flavours/vanilla/theme.yml
  Include upstream's javascript in error pages.
2019-02-17 12:26:55 +01:00
Eugen Rochko
147b4c2c3a
Add logging for rejected ActivityPub payloads and add tests (#10062) 2019-02-17 03:38:25 +01:00
Eugen Rochko
c417e8c198
Filter incoming Announce activities by relation to local activity (#10041)
* Filter incoming Announce activities by relation to local activity

Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to #10005

* Fix tests
2019-02-15 18:19:45 +01:00
Thibaut Girka
06cc04fd23 Merge branch 'master' into glitch-soc/merge-upstream 2019-02-15 18:02:45 +01:00
Eugen Rochko
dad339da6d
Filter incoming Create activities by relation to local activity (#10005)
Reject those from accounts with no local followers, from relays
that are not enabled, which do not address local accounts and are
not replies to accounts that do have local followers
2019-02-13 18:42:47 +01:00
ThibG
6a5307a573 Alternative handling of private self-boosts (#9998)
* When self-boosting, embed original toot into Announce serialization

* Process unknown self-boosts from Announce object if it is more than an URI

* Add some self-boost specs

* Only serialize private toots in self-Announces
2019-02-13 18:36:23 +01:00
Thibaut Girka
bf94a43496 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/oauth/authorized_applications_controller.rb
  Two changes too close to each other
- app/controllers/settings/sessions_controller.rb
- app/lib/user_settings_decorator.rb
  Two changes too close to each other
- app/models/media_attachment.rb
  New changes too close to glitch-soc only changes.
- app/models/user.rb
  Two changes too close to each other.
- app/services/remove_status_service.rb
  Kept direct timeline code which had been removed upstream.
- app/views/settings/preferences/show.html.haml
  Two changes too close to each other.
- config/locales/en.yml
  Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/ja.yml
  Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/pl.yml
  Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/simple_form.en.yml
  Introduction of a new string too close to glitch-soc-only's “skin”
- config/locales/simple_form.pl.yml
  Introduction of a new string too close to glitch-soc-only's “skin”
- config/settings.yml
  Reverted upstream's decision of enabling posting application by default.
2019-02-10 21:10:09 +01:00
Eugen Rochko
016ad37bc8
Fix URL linkifier grabbing full-width spaces and quotations (#9997)
Fix #9993
Fix #5654
2019-02-09 20:13:11 +01:00
Hinaloe
157d3af46c Only URLs extract with pre-escaped text (#9991)
* [test] add japanese hashtag testcase

* Only URLs extract with pre-escaped text

( https://github.com/tootsuite/mastodon/issues/9989 )
2019-02-09 03:39:38 +01:00
ThibG
ed30110618 Make displaying application used to toot opt-in (#9897)
* Make storing and displaying application used to toot opt-in

* Revert to storing application info, and display it to the author via API
2019-02-02 19:18:15 +01:00
ysksn
bcfff65195 Create Redisable#redis (#9633)
* Create Redisable

* Use #redis instead of Redis.current
2019-02-02 19:11:38 +01:00
Jakub Mendyk
6a5e3da6b0 Allow most kinds of characters in URL query (fixes #8408) (#8447)
* Allow unicode characters in URL query strings

Fixes #8408

* Alternative approach to unicode support in urls

Adds PoC/idea to approch this problem.
2019-02-02 19:01:18 +01:00
Thibaut Girka
05415fa5d3 Make storing and displaying application used to toot opt-in 2019-01-27 13:56:41 +01:00
Thibaut Girka
5e0cf92fd1 Merge branch 'master' into glitch-soc/merge-upstream
No conflicts.
2019-01-19 18:28:37 +01:00
ThibG
75b1488cf4 Add tombstones for remote statuses (#9830)
* Add Tombstone model to remember object deletion

* Do not recreate a status if it has been deleted

* Record Tombstone for remote deleted items

Also, only record deleted items from same-host actors

* Clear an user's tombstones when their key change
2019-01-18 15:56:55 +01:00
Eugen Rochko
31f396b57d
Add support for non-public reblogs from ActivityPub (#9841)
Fix #9838
2019-01-18 15:56:21 +01:00
Eugen Rochko
4ab42287c0
Use summary as summary for converted ActivityPub objects (#9823)
Fix #8609
2019-01-16 18:36:17 +01:00
ThibG
a4f07bad95 Reduce chances of race conditions when processing deleted toots (#9815)
* Reduce chances of race conditions when processing deleted toots

* Prevent race condition when processing deleted toots
2019-01-16 15:42:00 +01:00
Thibaut Girka
fb0c906c71 Revert "Revert "Add handler for Move activity (#9629)""
This reverts commit bb96a74637.
2019-01-10 18:46:17 +01:00
Thibaut Girka
bb96a74637 Revert "Add handler for Move activity (#9629)"
This reverts commit 0f938ff29c.
2019-01-02 15:36:59 +01:00
Thibaut Girka
571d219bb9 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts manually resolved:
- app/services/post_status_service.rb
- config/locales/simple_form.pl.yml
- config/routes.rb
- config/webpack/loaders/sass.js
- config/webpack/shared.js
- package.json
- yarn.lock
2019-01-02 15:36:53 +01:00
ThibG
70be301d69 Ensure blocked user unfollows blocker if Block/Undo Block are processed out of order (#9687)
* Ensure blocked user unfollows blocker if Block/Undo Block are processed out of order

* Add specs for Block causing unfollow and for out-of-order Block + Undo
2019-01-02 01:12:02 +01:00
ThibG
b2f4114550 Do not ignore federated reports targetting already-reported accounts (#9534) 2018-12-30 18:58:51 +01:00
ThibG
290932602b Reduce usage of LD signatures (#9659)
* Do not LDS-sign Follow, Accept, Reject, Undo, Block

* Do not use LDS for Create activities of private toots

* Minor cleanup

* Ignore unsigned activities instead of misattributing them

* Use status.distributable? instead of querying visibility directly
2018-12-30 09:48:59 +01:00
Eugen Rochko
0f938ff29c
Add handler for Move activity (#9629) 2018-12-29 02:24:36 +01:00
Eugen Rochko
aa9a20cde0
Fix ThreadResolveWorker getting queued with invalid URLs (#9628) 2018-12-26 19:15:53 +01:00
Thibaut Girka
bd23288a52 Add a per-user setting to hide followers count
This is only available if the instance-wide setting isn't set and allows
people to hide their own followers count. This does not hide others' to
them.
2018-12-20 14:51:12 +01:00
Thibaut Girka
e7f1bfdc2d Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/javascript/packs/public.js
- app/models/user.rb
- config/settings.yml
- db/schema.rb

Moved public.js changes to settings.js.
2018-12-09 16:08:04 +01:00
ThibG
81bda7d67c Add setting to not aggregate reblogs (#9248)
* Add setting to not aggregate reblogs

Fixes #9222

* Handle cases where user is nil in add_to_home and add_to_list

* Add hint for setting_aggregate_reblogs option

* Reword setting_aggregate_reblogs label
2018-12-09 13:03:01 +01:00
Thibaut Girka
ad7a3974cc Merge branch 'master' into glitch-soc/merge-upstream 2018-11-29 19:22:52 +01:00
Thibaut Girka
53d0293d25 Add database support for list show-reply preferences 2018-11-28 14:46:07 +01:00
Eugen Rochko
c39d7e7b2b
Fix TLS handshake timeout not being enforced (#9381)
Follow-up to #9329
2018-11-27 19:46:05 +01:00
Eugen Rochko
43c311b3a1
Fix nil error when no DNS addresses are found for host (#9379) 2018-11-27 18:13:36 +01:00
Thibaut Girka
f8e07ca5cd Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/models/status.rb

Resolved by taking both changes (not a real conflict, just changes too close
to each other).
2018-11-27 13:23:02 +01:00
Eugen Rochko
fd8145d232
Fix connect timeout not being enforced (#9329)
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
2018-11-22 20:12:04 +01:00
ThibG
466e3d710c Include replies to list owner and replies to list members in list statuses (#9324) 2018-11-21 17:02:58 +01:00
Eugen Rochko
384e953b75
Revert connect timeout from 1s to 10s (#9319)
The failure rate in Sidekiq is too high
2018-11-21 17:00:56 +01:00
Eugen Rochko
9311430ed7
Prevent multiple handlers for Delete of Actor from running (#9292) 2018-11-16 19:46:23 +01:00
Eugen Rochko
8069fd636b
Remove intermediary arrays when creating hash maps from results (#9291) 2018-11-16 15:02:18 +01:00
Thibaut Girka
bfe2b9cc50 Merge branch 'master' into glitch-soc/merge-upstream 2018-11-13 16:28:07 +01:00
ThibG
7f5a4be580 Fix emoji update date processing (#9255) 2018-11-10 23:59:51 +01:00
Thibaut Girka
9201398507 Merge branch 'master' into glitch-soc/merge-upstream 2018-11-09 14:56:31 +01:00
Eugen Rochko
4615512285
Reduce connect timeout limit and limit signature failures by source IP (#9236)
* Reduce connect timeout from 10s to 1s

* Limit failing signature verifications per source IP
2018-11-08 21:35:58 +01:00
Thibaut Girka
1c448d6474 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/auth/sessions_controller.rb

Upstream reverted something we partially reverted already.
Reverted the rest to match upstream.
2018-10-30 17:52:08 +01:00
Eugen Rochko
be202f9377
Accept the same payload in multiple inboxes and deliver (#9150) 2018-10-30 15:03:55 +01:00
Thibaut Girka
a942ad3062 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- config/locales/simple_form.ja.yml

Not a real conflict, one new string was introduced in
glitch and one in upstream.
2018-10-29 14:00:41 +01:00
m.b
2b18f5f85d Add Page AP type support (#9121) 2018-10-29 13:23:29 +01:00
Thibaut Girka
c13cfeac09 Merge branch 'master' into glitch-soc/merge-upstream 2018-10-27 18:54:26 +02:00
ThibG
e53cc673e7 Ignore invalid hashtags on remote statuses instead of rejecting them (#9118)
Fixes #9115
2018-10-26 22:48:35 +02:00
Thibaut Girka
5bb8563f6c Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/admin/base_controller.rb
- app/controllers/filters_controller.rb
- app/controllers/invites_controller.rb
- app/controllers/settings/deletes_controller.rb
- app/controllers/settings/exports_controller.rb
- app/controllers/settings/follower_domains_controller.rb
- app/controllers/settings/migrations_controller.rb
- app/controllers/settings/notifications_controller.rb
- app/controllers/settings/preferences_controller.rb
- app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
- app/javascript/packs/public.js
- app/views/settings/profiles/show.html.haml

Conflicts were mostly due to the addition of body classes to the settings page,
this was caused by rejecting upstream changes for most of those files and
modifying Settings::BaseController instead.

Another cause of conflicts was the deletion of client-side checking of
display name / bio length, this was modified in app/javascript/core/settings.js
instead.
2018-10-26 20:41:43 +02:00
ThibG
82e7988afc Fix missing mention argument when processing incoming Create activities (#9114)
* Fix missing `mention` argument when processing incoming Create activities

* Fix typo (param → params)
2018-10-26 12:59:59 +02:00
Eugen Rochko
d4cf963749
Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)
Fix #9091
2018-10-25 18:12:22 +02:00
Thibaut Girka
dcded13a99 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- .github/ISSUE_TEMPLATE/bug_report.md
  Took our version.
- CONTRIBUTING.md
  Updated the embedded copy of upstream's version.
- README.md
  Took our version.
- app/policies/status_policy.rb
  Not a real conflict, took code from both.
- app/views/layouts/embedded.html.haml
  Added upstream's changes (dns-prefetch) and fixed
  `%body.embed`
- app/views/settings/preferences/show.html.haml
  Reverted some of upstream changes, as we have a
  page dedicated for flavours and skins.
- config/initializers/content_security_policy.rb
  Kept our version of the CSP.
- config/initializers/doorkeeper.rb
  Not a real conflict, took code from both.
2018-10-22 17:51:38 +02:00
Eugen Rochko
fd5285658f
Add option to block reports from domain (#8830) 2018-10-20 08:02:44 +02:00
Eugen Rochko
ddd30f331c
Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00
Thibaut Girka
3d5d899094 Allow selecting both default flavour and theme
Fixes #672
2018-10-12 19:06:35 +02:00
Eugen Rochko
fac529975b Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 07:00:41 +02:00