Follow-up to #13452, fixing broken `uri.nil?` test.
Also remove the separate check for `uri` presence, as that would result
in a “Please review 2 errors below” while only one would be listed.
Conflicts:
- `package.json`:
No real conflict, upstream updated a dependency which is
textually adjacent to a glitch-soc-specific dependency.
Updated it.
- `yarn.lock`:
No real conflict, upstream updated a dependency which is
textually adjacent to a glitch-soc-specific dependency.
Updated it.
* Fix “Email changed” notification sometimes having wrong e-mail
Fixes#6778
The root of the issue is that `send_devise_notification` was called before
the changes were properly commited to the database, causing the mailer to
pick previous values if running too early.
Devise's documentation provides guidance on how to handle that[1][2], however,
I have found it to not be working, as the following happens, in that order:
- `send_devise_notification` is called for the `email_changed` notification.
In that case, `changed?` is false and `saved_changes?` is true, so
if we use the former, we have the same issue.
- the `after_commit` hook is called
- `send_devise_notification` is called for the `confirmation_instructions`
notification.
In that case, `changed?` is still false, and `saved_changes?` still true,
so if we use the latter, that second notification email is simply not
going to be sent (as we would be queuing the notification *after*
executing the after_commit hook).
This is because it may be called from either an `after_update` or
`after_commit` hook, the difference not being a call to `save` but the
transaction actually being committed to the database. This may arguably
be a bug in Devise, or Devise's notification.
The proposed workaround is inspired by Devise's documentation but checks
whether a transaction is open to make the call whether to immediately
send the notification or defer it to the `after_commit` hook.
[1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification
[2]: 406915cb78/lib/devise/models/authenticatable.rb (L133-L194)
* Fix cases when sending notifications without changing the model
* Defer sending if and only if in transaction including current record
Conflicts:
- `app/javascript/packs/public.js`:
Upstream modified code that we split between multiple files due
to glitch-soc's theming system.
Ported those changes.
* Fix PostgreSQL load when linking in announcements
Fixes#13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
Conflicts:
- `README.md`:
Our README.md files are completely different. Discarded upstream changes.
- `app/javascript/core/admin.js`:
Updating rails-ujs, no real conflict, but a comment to close to changed
code. Various glitch-soc-only files have been updated to match those changes,
though.
- `package.json`:
No real conflict, just an additional dependency in glitch-soc that was too
close to something updated upstream. Took upstream's changes.
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
Conflict due to upstream adding a new parameter (with_rate_limit),
too close to glitch-soc's own additional parameter (content_type).
Added upstream's parameter.
- `app/services/post_status_service.rb`:
Conflict due to upstream adding a new parameter (rate_limit),
too close to glitch-soc's own additional parameter (content_type).
Added upstream's parameter.
- `app/views/settings/preferences/appearance/show.html.haml`:
Conflict due to us not exposing theme settings here (as we have
a different flavour/skin menu).
Took upstream change, while still not exposing theme settings.
- `config/webpack/shared.js`:
Coding style fixes for a part we have rewritten.
Discarded upstream changes.
Conflicts:
- `app/serializers/rest/account_serializer.rb`:
Upstream added code too close to glitch-soc-specific followers-hiding code.
Ported upstream changes.
Change `all_day` to be a visual client-side cue only
Publish immediately if `scheduled_at` is in the past
Add `published_at` and `updated_at` to announcements JSON
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.
This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
* Add announcements
Fix#11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
Conflicts:
- `app/javascript/packs/public.js`:
Upstream removed an unused function in code that has
been refactored a bit. Removed that function in the corresponding
places.