1. 26 Jan, 2022 5 commits
  2. 25 Jan, 2022 5 commits
  3. 24 Jan, 2022 6 commits
  4. 23 Jan, 2022 10 commits
    • Claire's avatar
      Merge pull request #1663 from ClearlyClaire/glitch-soc/merge-upstream · e58e0eb9
      Claire authored
      Merge upstream changes
      e58e0eb9
    • Claire's avatar
      [Glitch] Change `percent` to `rate` in retention metrics API · 9483d0c6
      Claire authored
      Port a6349523
      
       to glitch-soc
      Signed-off-by: default avatarClaire <claire.github-309c@sitedethib.com>
      9483d0c6
    • Claire's avatar
    • Claire's avatar
      Merge branch 'main' into glitch-soc/merge-upstream · 61ef81c5
      Claire authored
      Conflicts:
      - `spec/models/status_spec.rb`:
        Upstream added tests too close to glitch-soc-specific tests.
        Kept both tests.
      61ef81c5
    • Claire's avatar
      Fix error-prone SQL queries (#15828) · 0a120d86
      Claire authored
      * Fix error-prone SQL queries in Account search
      
      While this code seems to not present an actual vulnerability, one could
      easily be introduced by mistake due to how the query is built.
      
      This PR parameterises the `to_tsquery` input to make the query more robust.
      
      * Harden code for Status#tagged_with_all and Status#tagged_with_none
      
      Those two scopes aren't used in a way that could be vulnerable to an SQL
      injection, but keeping them unchanged might be a hazard.
      
      * Remove unneeded spaces surrounding tsquery term
      
      * Please CodeClimate
      
      * Move advanced_search_for SQL template to its own function
      
      This avoids one level of indentation while making clearer that the SQL template
      isn't build from all the dynamic parameters of advanced_search_for.
      
      * Add tests covering tagged_with, tagged_with_all and tagged_with_none
      
      * Rewrite tagged_with_none to avoid multiple joins and make it more robust
      
      * Remove obsolete brakeman warnings
      
      * Revert "Remove unneeded spaces surrounding tsquery term"
      
      The two queries are not strictly equivalent.
      
      This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
      0a120d86
    • Claire's avatar
      a6349523
    • Claire's avatar
      Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288) · bddd9ba3
      Claire authored
      * Remove support for OAUTH_REDIRECT_AT_SIGN_IN
      
      Fixes #15959
      
      Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
      to instead redirect to the external OmniAuth login provider.
      
      However, it did not prevent the log-in form on /about introduced by #10232 from
      appearing, and completely broke with the introduction of #15228.
      
      As I restoring that previous log-in flow without introducing a security
      vulnerability may require extensive care and knowledge of how OmniAuth works,
      this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
      being.
      
      * Add OMNIAUTH_ONLY environment variable to enforce external log-in only
      
      * Disable user registration when OMNIAUTH_ONLY is set to true
      
      * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
      bddd9ba3
    • Claire's avatar
      Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287) · cfa583fa
      Claire authored
      Fixes #15959
      
      Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
      to instead redirect to the external OmniAuth login provider.
      
      However, it did not prevent the log-in form on /about introduced by #10232 from
      appearing, and completely broke with the introduction of #15228.
      
      As I restoring that previous log-in flow without introducing a security
      vulnerability may require extensive care and knowledge of how OmniAuth works,
      this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
      being.
      cfa583fa
    • Claire's avatar
      Remove leftover database columns from Devise::Models::Rememberable (#17191) · 8a07ecd3
      Claire authored
      * Remove leftover database columns from Devise::Models::Rememberable
      
      * Update fix-duplication maintenance script
      
      * Improve errors/warnings in the fix-duplicates maintenance script
      8a07ecd3
    • Claire's avatar
      Remove old duplicate index (#17245) · 96f0b33c
      Claire authored
      Some Mastodon versions (v1.1 and v1.2) had a duplicate index in `db/schema.rb`
      without any migration script creating it. #2224 (included in v1.3) removed the
      duplicate index from the file but did not provide a migration script to remove
      it.
      
      This means that any instance that was installed from v1.1 or v1.2's source code
      has a duplicate index and a corresponding warning in PgHero. Instances set up
      using an earlier or later Mastodon version do not have this issue.
      
      This PR removes the duplicate index if it is present.
      96f0b33c
  5. 22 Jan, 2022 1 commit
  6. 20 Jan, 2022 4 commits
  7. 19 Jan, 2022 9 commits
    • Claire's avatar
      Add content-type to status source in glitch-soc · 4d0383d7
      Claire authored
      4d0383d7
    • Eugen Rochko's avatar
      [Glitch] Add support for editing for published statuses · d4654dc8
      Eugen Rochko authored
      Port front-end changes from 1060666c
      
       to glitch-soc
      Signed-off-by: default avatarClaire <claire.github-309c@sitedethib.com>
      d4654dc8
    • Claire's avatar
      1af4618a
    • Claire's avatar
      Merge branch 'main' into glitch-soc/merge-upstream · fe89554a
      Claire authored
      Conflicts:
      - `app/lib/activitypub/activity/create.rb`:
        Upstream refactored how `Create` activities are handled and how values are
        extracted from `Create`d objects. This conflicted with how glitch-soc
        supported the `directMessage` flag to explicitly distinguish between
        limited and direct messages.
        Ported glitch-soc's changes to latest upstream changes.
      - `app/services/fan_out_on_write_service.rb`:
        Upstream largely refactored that file and changed some of the logic.
        This conflicted with glitch-soc's handling of the direct timeline and
        the options to allow replies and boosts in public feeds.
        Ported those glitch-soc changes on top of latest upstream changes.
      - `app/services/process_mentions_service.rb`:
        Upstream refactored to move mention-related ActivityPub deliveries to
        `ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check
        to not send local-only toots to remote mentioned users.
        Took upstream's version, as the check is not needed anymore, since it is
        performed at the `ActivityPub::DeliveryWorker` call site already.
      - `app/workers/feed_insert_worker.rb`:
        Upstream added support for `update` toot events, while glitch-soc had
        support for an extra timeline support, `direct`.
        Ported upstream changes and extended them to the `direct` timeline.
      
      Additional changes:
      - `app/lib/activitypub/parser/status_parser.rb`:
        Added code to handle the `directMessage` flag and take it into account
        to compute visibility.
      - `app/lib/feed_manager.rb`:
        Extended upstream's support of `update` toot events to glitch-soc's
        `direct` timeline.
      fe89554a
    • Eugen Rochko's avatar
      Fix error when using raw distribution worker (#17334) · 9eb775a9
      Eugen Rochko authored
      Regression from #16697
      9eb775a9
    • Eugen Rochko's avatar
      Fix error when processing poll updates (#17333) · d412a8d1
      Eugen Rochko authored
      Regression from #16697
      d412a8d1
    • Eugen Rochko's avatar
      Add support for editing for published statuses (#16697) · 1060666c
      Eugen Rochko authored
      * Add support for editing for published statuses
      
      * Fix references to stripped-out code
      
      * Various fixes and improvements
      
      * Further fixes and improvements
      
      * Fix updates being potentially sent to unauthorized recipients
      
      * Various fixes and improvements
      
      * Fix wrong words in test
      
      * Fix notifying accounts that were tagged but were not in the audience
      
      * Fix mistake
      1060666c
    • Claire's avatar
      Merge pull request #1662 from ClearlyClaire/glitch-soc/merge-upstream · b209e919
      Claire authored
      Merge upstream changes
      b209e919
    • Claire's avatar
      c42938ae