Commit Graph

1642 Commits

Author SHA1 Message Date
Claire
b31af34c97
Merge pull request from GHSA-vm39-j3vx-pch3
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Emelia Smith
68eaa804c9
Merge pull request from GHSA-7w3c-p9j8-mq3x
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-02-14 15:15:34 +01:00
Emelia Smith
e8b66a0525
Ignore legacy moderator and admin columns on User model (#29188) 2024-02-13 17:14:49 +00:00
Claire
7ee93b7431
Change source attribute of Suggestion entity in /api/v2/suggestions back to a string (#29108) 2024-02-06 17:10:17 +00:00
Claire
66dda7c762
Fix already-invalid reports failing to resolve (#29027) 2024-02-06 09:35:27 +00:00
Matt Jankowski
86500e3312
Extract scenic view model common methods to concern (#28111) 2024-02-06 09:08:07 +00:00
Eugen Rochko
fa0ba67753
Change materialized views to be refreshed concurrently to avoid locks (#29015) 2024-01-30 18:21:30 +00:00
Eugen Rochko
c4af668e5c
Fix follow recommendations for less used languages (#29017) 2024-01-30 17:24:40 +00:00
Matt Jankowski
42ab855b23
Add specs for Instance model scopes and add with_domain_follows scope (#28767) 2024-01-25 15:28:27 +00:00
Matt Jankowski
6b6586f5d0
Add CustomFilterKeyword#to_regex method (#28893) 2024-01-25 13:00:34 +00:00
Matt Jankowski
38f7f8b909
Tidy up association declaration in Instance model (#28880) 2024-01-24 17:30:28 +00:00
Matt Jankowski
7a1f087659
Add created_before and updated_before scopes to MediaAttachment (#28869) 2024-01-24 10:32:54 +00:00
Matt Jankowski
9d413cbaf8
Fix Rails/WhereExists cop in app/models (#28863) 2024-01-24 09:57:49 +00:00
Matt Jankowski
599bc69503
Simplify AccountSummary.filtered query generation (#28868) 2024-01-24 09:57:32 +00:00
Eugen Rochko
5b1eb09d54
Add annual reports for accounts (#28693) 2024-01-24 09:38:10 +00:00
Matt Jankowski
c0e8e457ab
Eager loading fixes for api/ controllers (#28848) 2024-01-23 11:41:54 +00:00
Matt Jankowski
b0207d7757
Add coverage for Tag.recently_used scope (#28850) 2024-01-23 09:10:11 +00:00
Matt Jankowski
18004bf227
Add Account.matches_uri_prefix scope and use in activitypub/followers_synchronizations controller (#28820) 2024-01-22 13:55:37 +00:00
Matt Jankowski
5fc4ae7c5f
Move privacy policy into markdown file (#28699) 2024-01-19 11:22:23 +00:00
Matt Jankowski
1480573c83
Add Account.auditable scope, fix N+1 in admin/action_logs#index (#28812) 2024-01-19 01:39:30 +00:00
Matt Jankowski
f866413e72
Extract shared tagged statuses method in FeaturedTag (#28805) 2024-01-18 16:14:15 +00:00
Matt Jankowski
d0b3bc23d7
Remove unused matches_domain scopes on Account, DomainAllow, DomainBlock (#28803) 2024-01-18 16:11:04 +00:00
Matt Jankowski
0b853678a4
Add coverage for api/v1/peers/search endpoint and extract controller query to Instance scope (#28796) 2024-01-18 15:57:10 +00:00
Matt Jankowski
9fb9ef418a
Fix Rails/WhereExists cop in User model (#28792) 2024-01-18 13:55:44 +00:00
Matt Jankowski
aaa6f2e930
Group common class_name options in associations (#28779) 2024-01-18 12:29:41 +00:00
Matt Jankowski
da31792ac7
Fix Rails/WhereExists cop in FeaturedTag model (#28791) 2024-01-18 12:22:12 +00:00
Matt Jankowski
89c9a4502d
Fix Rails/WhereExists cop in account/interactions concern (#28789) 2024-01-18 09:36:16 +00:00
Matt Jankowski
1b0cb3b54d
Announcement reactions query spec improvement and refactor (#28768) 2024-01-17 09:18:13 +00:00
Claire
98b5f85f10
Rename and refactor User#confirm! to User#mark_email_as_confirmed! (#28735) 2024-01-15 18:04:58 +00:00
Claire
e621c1c44c
Fix registrations not checking MX records for email domain blocks requiring approval (#28608) 2024-01-15 17:10:57 +00:00
Matt Jankowski
a2f02a0775
Disable Rails/SkipsModelValidations cop (#28712) 2024-01-15 13:46:47 +00:00
Claire
8cb4825c8b
Fix sign-up restrictions based on email addresses not being enforced (#28732) 2024-01-15 11:06:48 +00:00
Matt Jankowski
a90c134850
Move followable by logic to suggestion class (#28710) 2024-01-12 13:09:33 +00:00
Matt Jankowski
543d7890fd
Use normalizes to prepare User values (#28650)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-10 13:36:06 +00:00
Claire
10203bd57a
Clean up Setting model and remove dead code (#28661) 2024-01-09 14:01:53 +00:00
Jean Boussier
1781849884
Inline what remains of the rails-settings-cached gem (#28618)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-09 11:50:21 +00:00
Matt Jankowski
cd4b4d4734
Replace unused by_recent_sign_in scope (#28616) 2024-01-08 15:31:13 +00:00
Matt Jankowski
e677eb164c
Remove unused Announcement#time_range? (#28648) 2024-01-08 15:26:30 +00:00
Matt Jankowski
3e43cd095c
Remove unused scope Announcement.without_muted (#28645) 2024-01-08 15:26:14 +00:00
Matt Jankowski
9322396e58
Use normalizes to prepare Account#username value (#28646) 2024-01-08 13:48:31 +00:00
Matt Jankowski
cd58e37b25
Remove unused DomainBlock#affected_accounts_count method (#28642) 2024-01-08 13:38:52 +00:00
Matt Jankowski
4ccba94489
Remove unused *_silenced_accounts scopes on Status (#28644) 2024-01-08 13:35:53 +00:00
Matt Jankowski
c52a593a30
Remove unused scope User.emailable (#28647) 2024-01-08 13:33:45 +00:00
Matt Jankowski
e827c4692c
Use Arel matches method in CustomEmoji search (#28615) 2024-01-08 13:26:12 +00:00
Matt Jankowski
1bc5a52139
Extract SQL heredoc method for Announcement scopes (#28613) 2024-01-08 11:22:16 +00:00
Matt Jankowski
aa6d07dbd9
Use normalizes to prepare CustomEmoji domain value (#28624) 2024-01-08 11:20:59 +00:00
Matt Jankowski
202951e6d9
Use Arel in_order_of method to generate CASE for DomainBlock.by_severity (#28617) 2024-01-08 11:15:36 +00:00
Matt Jankowski
57f49c8191
Use Arel nulls_first method in ordering CustomEmojiFilter scope (#28614) 2024-01-08 11:09:50 +00:00
Jean Boussier
5a6d533c53
Enable Rails 7.1 Marshalling format (#28609) 2024-01-05 21:57:47 +00:00
Matt Jankowski
12bed81187
Add validation specs to CustomFilter model (#28600) 2024-01-05 15:13:59 +00:00
Claire
dfdadb92e8
Add ability to require approval when users sign up using specific email domains (#28468) 2024-01-04 09:07:05 +00:00
Michael Stanclift
195b89d336
Fix .opus file uploads being misidentified by Paperclip (#28580) 2024-01-03 19:02:53 +00:00
Claire
fcfdeadc04
Fix random NoMethodError errors on cached CustomFilter objects (#28521) 2023-12-29 16:23:07 +00:00
Matt Jankowski
ba5f659bb3
Use shorter attribute query methods in Announcement (#28474) 2023-12-29 10:55:50 +00:00
Matt Jankowski
128c5b7db3
Fix Performance/StringIdentifierArgument cop (#28508) 2023-12-29 10:23:30 +00:00
Claire
2bf84b93d4
Fix media attachment order of remote posts (#28469) 2023-12-22 15:10:39 +00:00
Claire
d29b1cca2e
Fix friends_of_friends sometimes suggesting already-followed accounts (#28433) 2023-12-20 14:35:59 +00:00
Eugen Rochko
b5ac61b2c5
Change algorithm of follow recommendations (#28314)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-12-19 10:59:43 +00:00
Claire
7d9b209fe8
Fix call to inefficient delete_matched cache method in domain blocks (#28374) 2023-12-18 16:14:43 +00:00
Matt Jankowski
1820bad646
Fix Performance/StringIdentifierArgument cop (#28399) 2023-12-18 10:26:09 +00:00
Matt Jankowski
0e5b8fc46b
Fix Style/RedundantReturn cop (#28391) 2023-12-18 09:50:51 +00:00
Matt Jankowski
b1dec09d20
Fix Style/InverseMethods cop (#28377) 2023-12-15 15:52:00 +00:00
Claire
dcc24db793
Fix N+1s because of association preloaders not actually getting called (#28339) 2023-12-13 07:47:32 +00:00
Matt Jankowski
3918dc68c7
Use composite primary key for PreviewCardsStatus model (#28208) 2023-12-07 14:49:05 +00:00
Matt Jankowski
5631f139c1
Fix Lint/SymbolConversion cop (#28175) 2023-12-01 15:53:35 +00:00
Matt Jankowski
d83d01eb1e
Fix Lint/RedundantSafeNavigation cop (#28172) 2023-12-01 15:52:56 +00:00
Matt Jankowski
f70f39dd04
Add explicit dependent: nil to associations (#28169) 2023-12-01 15:52:47 +00:00
Matt Jankowski
440b80b2e7
Model concerns organization into module namespaces (#28149) 2023-12-01 11:00:41 +00:00
Claire
963354978a
Add Account#unavailable? and Account#permanently_unavailable? aliases (#28053) 2023-11-30 15:43:26 +00:00
Matt Jankowski
bb0efe16e6
Remove default_scope from MediaAttachment class (#28043) 2023-11-30 13:30:35 +00:00
Matt Jankowski
e48ecd2929
Remove default_scope from Admin::ActionLog (#28026) 2023-11-29 10:39:59 +00:00
Matt Jankowski
186895fc88
Refactor, lint fix, and bug fix on admin/roles/form partial (#27558) 2023-11-29 10:00:52 +00:00
Claire
3a24754229
Change GIF max matrix size error to explicitly mention GIF files (#27927) 2023-11-24 09:31:28 +00:00
Matt Jankowski
4be12791e6
Remove default_scope from StatusEdit class (#28042) 2023-11-23 09:26:11 +00:00
Eugen Rochko
cdc57c74b7
Fix unsupported time zone or locale preventing sign-up (#28035)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-22 11:38:07 +00:00
Matt Jankowski
d2aacea8da
Reduce .times usage in AccountSearch spec, use constant for default limit (#27946) 2023-11-20 09:08:22 +00:00
ppnplus
2b038b4f89
Added Thai diacritics and tone marks in HASHTAG_INVALID_CHARS_RE (#26576) 2023-11-14 15:33:59 +00:00
Matt Jankowski
b7807f3d84
Use normalizes to prepare Webhook#events value (#27605) 2023-11-13 22:47:44 +00:00
Eugen Rochko
0d14fcebae
Change link previews to keep original URL from the status (#27312) 2023-11-13 09:58:28 +00:00
Matt Jankowski
45770c9306
Fix Performance/MapMethodChain cop (#27744) 2023-11-07 13:01:09 +00:00
Matt Jankowski
bbad5b6456
Remove false positive cop detection (#27457) 2023-11-07 10:44:15 +00:00
Claire
6c52f8286b
Fix posts from force-sensitized accounts being able to trend (#27620) 2023-10-30 22:32:25 +00:00
Claire
93e4cdc31b
Fix hashtag matching pattern matching some URLs (#27584) 2023-10-27 14:04:51 +00:00
Matt Jankowski
12550a6a28
Use Rails.env.local? shorthand method to check env (#27519) 2023-10-26 21:20:41 +00:00
Matt Jankowski
714e3ae5b5
Use Rails 7.1 normalizes feature (#27521) 2023-10-24 10:06:10 +00:00
Matt Jankowski
e93a75f1a1
Rails 7.1 update (#25963) 2023-10-23 17:58:29 +00:00
Claire
8b770ce811
Add warnings to report action logs (#27425) 2023-10-23 14:30:46 +02:00
Claire
bcae744275
Fix some link anchors being recognized as hashtags (#27271) 2023-10-23 14:19:38 +02:00
Matt Jankowski
b0213472df
Validate allowed schemes on preview card URLs (#27485) 2023-10-23 09:50:02 +02:00
Matt Jankowski
63a2a4b074
Fix Performance/DeletePrefix cop (#27448) 2023-10-18 10:32:09 +02:00
Matt Jankowski
08a376cbcb
Fix Style/CombinableLoops cop (#27429) 2023-10-16 16:36:28 +02:00
Claire
340c390849
Fix crash when filtering for “dormant” relationships (#27306) 2023-10-06 12:58:16 +02:00
Matt Jankowski
c676bc91e9
Dont match mention in url query string (#25656)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-03 17:01:45 +02:00
Matt Jankowski
2016c5d912
Fix deprecation warning about rewhere: true being default behavior (Rails 7.1 prep) (#27190) 2023-09-28 16:52:23 +02:00
Matt Jankowski
3060bfa4bd
Extract filename and csv helper methods from Form::Import (#26129) 2023-09-28 16:22:05 +02:00
Claire
686406cc2d
Fix filtering audit log for entries about disabling 2FA (#27186) 2023-09-28 13:41:24 +02:00
Essem
bd810391d6
Properly remove tIME chunk from PNG uploads (#27111) 2023-09-25 19:21:07 +02:00
Claire
1bd7455d81
Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) 2023-09-25 15:06:43 +02:00
Claire
39da3d86f8
Fix ActiveRecord using two connection pools when no replica is defined (#27061) 2023-09-22 16:01:59 +02:00
Claire
e4f5114aaf
Fix obsolete cache key in status cache invalidation logic (#26934) 2023-09-15 19:52:28 +02:00
Eugen Rochko
fc6825055b
Change score half-life for trending posts from 2 hours to 1 hour (#26915) 2023-09-14 09:20:14 +02:00
Robert R George
20666482ef
Added admin api for managing tags (#26872) 2023-09-13 11:22:53 +02:00
Claire
81caafbe84
Fix performances of profile directory (#26842) 2023-09-07 18:55:25 +02:00
Claire
355e3fb529
Simplify Account.by_recent_status and Account.by_recent_sign_in scopes (#26840) 2023-09-07 15:38:11 +02:00
Colette Kerr
8a9d7aeb1e
Change DCT method used for JPEG encoding to float (#26675) 2023-09-07 05:26:25 +02:00
Claire
b83e487502
Fix moderator rights inconsistencies (#26729) 2023-09-06 16:40:19 +02:00
Claire
cab4cbfa5c
Fix “Scoped order is ignored, it's forced to be batch order.” warnings (#26793) 2023-09-05 15:37:23 +02:00
Eugen Rochko
05093266e6
Fix some video encoding failing due to uneven dimensions (#26766) 2023-09-02 09:02:44 +02:00
Claire
16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
Claire
9e26cd5503
Add authorized_fetch server setting in addition to env var (#25798) 2023-09-01 15:41:10 +02:00
Eugen Rochko
ecd76fa413
Fix videos not playing in some browsers due to unsupported color space (#26745) 2023-08-31 17:21:06 +02:00
Claire
9e77ab7db2
Change private statuses index to index without crutches (#26713) 2023-08-29 17:51:13 +02:00
Eugen Rochko
01b87a1632
Change video compression parameters (#26631) 2023-08-28 19:40:08 +02:00
Claire
0cce7fb617
Fix incorrect call to PublicStatusesIndex.import (#26697) 2023-08-28 15:04:57 +02:00
Eugen Rochko
5694e24bbf
Fix unnecessary condition causing seqscan when indexing (#26689) 2023-08-27 22:37:35 +02:00
jsgoldstein
30c191aaa0
Add new public status index (#26344)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-24 16:40:04 +02:00
Daniel M Brasil
f337008819
Fix timeout on invalid set of exclusionary parameters in /api/v1/timelines/public (#26239) 2023-08-23 15:50:23 +02:00
Claire
9ed0c91a37
Add auto-refresh of accounts we get new messages/edits of (#26510) 2023-08-21 16:09:26 +02:00
Claire
ee702e36e5
Change follow recommendation materialized view to be faster in most cases (#26545)
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-08-18 18:20:55 +02:00
Claire
60b9fa641d
Fix cached posts including stale stats (#26409) 2023-08-17 16:11:48 +02:00
Claire
cc4560d95b
Change “privacy and reach” settings so that unchecking boxes always increase privacy and checking them always increase reach (#26508) 2023-08-17 09:13:26 +02:00
Claire
0446394465
Fix “legal” report category not showing up in moderation interface (#26509) 2023-08-16 16:38:33 +02:00
Claire
90ec88d58b
Add support for indexable attribute on remote actors (#26485)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-08-14 18:54:51 +02:00
Claire
fc5ab2dc83
Add privacy tab in profile settings (#26484)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-08-14 18:52:45 +02:00
Claire
2c204d904b
Change DB_REPLICA_* environment variables to REPLICA_DB_* (#26386) 2023-08-08 13:59:40 +02:00
Claire
d5bee37c57
Fix missing cached preview cards attributes (#26343) 2023-08-04 16:13:47 +02:00
Claire
9405e9af58
Fix incorrect model annotation for List#exclusive (#26313) 2023-08-04 09:00:31 +02:00
Claire
3105fef21a
Rename “read” database to “replica” for consistency (#26326) 2023-08-03 16:17:09 +02:00
Christian Schmidt
8da99ffb0d
Add alt text for preview card thumbnails (#26184) 2023-08-03 15:41:51 +02:00
Christian Schmidt
f2257069b2
Fix AVIF attachments (#26264) 2023-08-01 19:34:11 +02:00
Claire
b4e739ff0f
Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-27 16:11:17 +02:00
Eugen Rochko
7bd8ef355c
Add published_at attribute to preview cards (#26153) 2023-07-25 13:40:35 +02:00
Vyr Cossont
394d1f19b1
Add report.updated webhook (#24211) 2023-07-24 17:37:38 +02:00
Eugen Rochko
4d01d1a1ee
Remove 16:9 cropping from web UI (#26132) 2023-07-24 13:46:55 +02:00
Claire
5cbc402687
Fix replica being used even if not explicitly defined (#26074) 2023-07-21 11:30:53 +02:00
Claire
1e3b19230a
Add stricter protocol fields validation for accounts (#25937) 2023-07-20 18:23:48 +02:00
Eugen Rochko
26e522ac55
Fix not actually connecting to the configured replica (#25977) 2023-07-17 08:26:52 +02:00
Matt Jankowski
644c5fddd8
Refactor Status.tagged_with_all for brakeman SQL injection warning (#25941) 2023-07-13 15:52:37 +02:00
Matt Jankowski
ce43ed144c
Rails 7.0 update (#25668) 2023-07-13 09:36:07 +02:00
Matt Jankowski
1ef014802b
Refactor Trends::Query to avoid brakeman sql injection warnings (#25881) 2023-07-12 14:19:20 +02:00
Matt Jankowski
b8b2470cf8
Fix Style/SlicingWithRange cop (#25923) 2023-07-12 10:03:06 +02:00
Eugen Rochko
610cf6c371
Fix trend calculation working on too many items at a time (#25835) 2023-07-08 20:16:48 +02:00
Matt Jankowski
cf33028f35
Admin mailer parameterization (#25759) 2023-07-08 20:03:38 +02:00
Claire
94fbac77e7
Fix processing of media files with unusual names (#25788) 2023-07-07 13:35:22 +02:00
Claire
dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Eugen Rochko
ba06a2f104
Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
Matt Jankowski
50c2a03695
Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Matt Jankowski
683ba5ecb1
Fix rails rewhere deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
jsgoldstein
4581a528f7
Change account search to match by text when opted-in (#25599)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-06-29 13:05:21 +02:00
Claire
602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00