Commit Graph

14120 Commits

Author SHA1 Message Date
Takeshi Umeda 8323023464
Add guard against DNS rebinding attacks (#16087)
* Add guard against DNS rebinding attacks

* Fix not to apply to test environment
2021-04-21 17:45:58 +02:00
Claire e243092a5a
Add DM icon back on HTML view of DMs (#16086)
Fix regression from #16052
2021-04-21 15:40:00 +02:00
Claire 536892b8ae Merge branch 'main' into glitch-soc/merge-upstream 2021-04-21 13:52:03 +02:00
Takeshi Umeda b1d4f21db0 [Glitch] Fix not to show follow button in global suggestion
Port baed52c2a7 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-04-21 13:50:51 +02:00
Takeshi Umeda 72eac238ba [Glitch] Fix to update suggestion list after dismiss
Port 9bb3341849 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-04-21 13:50:51 +02:00
Claire 8fc0b592cb [Glitch] Add border to 🚲 emoji
Port front-end changes from e78d06eecf to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-04-21 13:50:51 +02:00
Eugen Rochko e6501d5112 [Glitch] Add cold-start follow recommendations
Port front-end changes from f7117646af to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-04-21 13:50:51 +02:00
Claire 0b36e3419d
Fix processing of remote Delete activities (#16084)
* Add tests

* Ensure deleted statuses are marked as such

* Save some redis memory by not storing URIs in delete_upon_arrival values

* Avoid possible race condition when processing incoming Deletes

* Avoid potential duplicate Delete forwards

* Lower lock durations to reduce issues in case of hard crash of the Rails process

* Check for `lock.aquired?` and improve comment

* Refactor RedisLock usage in app/lib/activitypub

* Fix using incorrect or non-existent sender for relaying Deletes
2021-04-21 04:46:09 +02:00
Claire 2c322addf3
Hide floating action button on onboarding page (#16082) 2021-04-20 21:28:01 +02:00
Claire 97da7b7307
Merge pull request #1521 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-04-20 18:06:40 +02:00
Eugen Rochko 7762d3d275
Change follow recommendations to be limited to 20 instead of 40 in web UI (#16077) 2021-04-20 15:07:51 +02:00
Eugen Rochko 23b102f661
Add "recommended" label to activity/peers API toggles in admin UI (#16081) 2021-04-20 13:57:45 +02:00
Claire 4b115d070c Fix the follow recommendation admin page on glitch-soc 2021-04-20 12:22:50 +02:00
Claire e2a2bc9021 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Upstream updated copyright year, we don't mention it so kept our version.
- `app/controllers/admin/dashboard_controller.rb`:
  Not really a conflict, upstream change (removing the spam checker) too close
  to glitch-soc changes. Ported upstream changes.
- `app/models/form/admin_settings.rb`:
  Same.
- `app/services/remove_status_service.rb`:
  Same.
- `app/views/admin/settings/edit.html.haml`:
  Same.
- `config/settings.yml`:
  Same.
- `config/environments/production.rb`:
  Not a real conflict, upstream added a default HTTP header, but we have
  extra headers in glitch-soc.
  Added the header.
2021-04-20 12:17:14 +02:00
Eugen Rochko b5ac17c4b6
Fix newlines not being considered sentence separators in account note (#16079)
Also bullets
2021-04-20 02:34:08 +02:00
dependabot[bot] 18a2589ad3
Bump webpack-assets-manifest from 4.0.4 to 4.0.5 (#16070)
Bumps [webpack-assets-manifest](https://github.com/webdeveric/webpack-assets-manifest) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/webdeveric/webpack-assets-manifest/releases)
- [Commits](https://github.com/webdeveric/webpack-assets-manifest/compare/v4.0.4...v4.0.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:59:20 +02:00
dependabot[bot] 969c8cbcfe
Bump js-yaml from 4.0.0 to 4.1.0 (#16067)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/nodeca/js-yaml/releases)
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.0.0...4.1.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:07:08 +02:00
dependabot[bot] a16c726d6d
Bump aws-sdk-s3 from 1.93.0 to 1.93.1 (#16071)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.93.0 to 1.93.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:06:49 +02:00
dependabot[bot] 4f54602165
Bump mini-css-extract-plugin from 1.4.1 to 1.5.0 (#16061)
Bumps [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/webpack-contrib/mini-css-extract-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/mini-css-extract-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/mini-css-extract-plugin/compare/v1.4.1...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:06:33 +02:00
dependabot[bot] 613b04446e
Bump css-loader from 5.2.1 to 5.2.2 (#16074)
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v5.2.1...v5.2.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:03:39 +02:00
dependabot[bot] eb7813836a
Bump sass from 1.32.8 to 1.32.10 (#16063)
Bumps [sass](https://github.com/sass/dart-sass) from 1.32.8 to 1.32.10.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.32.8...1.32.10)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:03:20 +02:00
dependabot[bot] 01c5922dbc
Bump webpack-bundle-analyzer from 4.4.0 to 4.4.1 (#16073)
Bumps [webpack-bundle-analyzer](https://github.com/webpack-contrib/webpack-bundle-analyzer) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/webpack-contrib/webpack-bundle-analyzer/releases)
- [Changelog](https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/webpack-bundle-analyzer/compare/v4.4.0...v4.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 21:02:24 +02:00
Claire 1efcbb9cfe
Add Message-ID header to outgoing emails (#16076)
* Add Message-ID header to outgoing emails

* Use email domain name from SMTP_FROM_ADDRESS, fallback on WEB_DOMAIN on failure

* Use notifications@localhost as fallback for SMTP_FROM_ADDRESS, do not catch parse errors
2021-04-19 18:41:29 +02:00
dependabot[bot] 5b384d1a26
Bump redis from 3.1.0 to 3.1.1 (#16065)
Bumps [redis](https://github.com/NodeRedis/node-redis) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/NodeRedis/node-redis/releases)
- [Changelog](https://github.com/NodeRedis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NodeRedis/node-redis/compare/v3.1.0...v3.1.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:35:20 +02:00
dependabot[bot] 5a036e1274
Bump ws from 7.4.4 to 7.4.5 (#16072)
Bumps [ws](https://github.com/websockets/ws) from 7.4.4 to 7.4.5.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.4...7.4.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:34:58 +02:00
dependabot[bot] 6ce9f4f403
Bump ssri from 6.0.1 to 6.0.2 (#16075)
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:34:36 +02:00
dependabot[bot] dee0f2e8f0
Bump tty-prompt from 0.23.0 to 0.23.1 (#16066)
Bumps [tty-prompt](https://github.com/piotrmurach/tty-prompt) from 0.23.0 to 0.23.1.
- [Release notes](https://github.com/piotrmurach/tty-prompt/releases)
- [Changelog](https://github.com/piotrmurach/tty-prompt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrmurach/tty-prompt/compare/v0.23.0...v0.23.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:34:09 +02:00
dependabot[bot] 43f42310ae
Bump cld3 from 3.4.1 to 3.4.2 (#16069)
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases)
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.4.1...v3.4.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:33:41 +02:00
dependabot[bot] cf1b874a3e
Bump oj from 3.11.3 to 3.11.5 (#16068)
Bumps [oj](https://github.com/ohler55/oj) from 3.11.3 to 3.11.5.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.11.3...v3.11.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:33:21 +02:00
dependabot[bot] 3b2744eb21
Bump connection_pool from 2.2.3 to 2.2.5 (#16062)
Bumps [connection_pool](https://github.com/mperham/connection_pool) from 2.2.3 to 2.2.5.
- [Release notes](https://github.com/mperham/connection_pool/releases)
- [Changelog](https://github.com/mperham/connection_pool/blob/master/Changes.md)
- [Commits](https://github.com/mperham/connection_pool/compare/v2.2.3...v2.2.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:32:42 +02:00
dependabot[bot] 64688b536a
Bump sidekiq-unique-jobs from 7.0.7 to 7.0.8 (#16064)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 7.0.7 to 7.0.8.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v7.0.7...v7.0.8)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 15:32:19 +02:00
Eugen Rochko bf903dc510
Change onboarding by replacing tutorial with follow recommendations in web UI (#16060) 2021-04-19 14:45:15 +02:00
Eugen Rochko ca3bc1b09f
Refactor StatusReachFinder to handle followers and relays as well (#16051) 2021-04-17 15:41:57 +02:00
Eugen Rochko 6d6000f61f
Fix remote reporters not receiving suspend/unsuspend activities (#16050) 2021-04-17 14:55:46 +02:00
Eugen Rochko 480d7c9478
Fix missing source strings and inconsistent lead text style in admin UI (#16052) 2021-04-17 11:12:49 +02:00
Eugen Rochko b3ceb3dcc4
Add canonical e-mail blocks for suspended accounts (#16049)
Prevent new accounts from being created using the same underlying
e-mail as a suspended account using extensions and period
permutations. Stores e-mails as a SHA256 hash
2021-04-17 03:14:25 +02:00
Eugen Rochko 170e05db12
Fix wrong timestamp_id identifier for accounts table in schema.rb (#16048) 2021-04-16 22:20:32 +02:00
Eugen Rochko dde8739020
Fix reports of already suspended accounts being recorded (#16047) 2021-04-16 22:01:05 +02:00
Takeshi Umeda baed52c2a7
Fix not to show follow button in global suggestion (#16045)
* Fix not to show follow button in global suggestion

* Fix style
2021-04-16 10:06:42 +02:00
Takeshi Umeda 9bb3341849
Fix to update suggestion list after dismiss (#16044)
* Fix to update suggestion list after dismiss

* Change to inline

* Fix style
2021-04-16 10:06:16 +02:00
Eugen Rochko 3b8d085436
Fix app name, website and redirect URIs not having a maximum length (#16042)
Fix app scopes not being validated
2021-04-15 16:28:43 +02:00
Eugen Rochko 3d82a1de05
Change option labels on edit profile page (#16041) 2021-04-15 16:28:20 +02:00
Claire d5edf22d91
Change account ids to snowflake ids (#15844)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2021-04-15 05:24:28 +02:00
Eugen Rochko ce2148c571
Add `policy` param to `POST /api/v1/push/subscriptions` (#16040)
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
2021-04-15 05:00:25 +02:00
Takeshi Umeda c968d22ee9
Fix an error with 'multiple mentions with same username' (#16038) 2021-04-14 15:48:49 +02:00
Claire e78d06eecf
Add border to 🚲 emoji (#16035) 2021-04-13 23:43:51 +02:00
Claire 71f335c2fc
Add HTTP header to explicitly opt out of FLoC by default (#16036)
Fixes #16034
2021-04-13 23:43:41 +02:00
Eugen Rochko bb68a9570e
Bump nsa from git to 0.2.8 (#16033) 2021-04-13 03:45:45 +02:00
dependabot[bot] 4ebded04f6
Bump eslint-plugin-promise from 4.3.1 to 5.1.0 (#16022)
Bumps [eslint-plugin-promise](https://github.com/xjamundx/eslint-plugin-promise) from 4.3.1 to 5.1.0.
- [Release notes](https://github.com/xjamundx/eslint-plugin-promise/releases)
- [Changelog](https://github.com/xjamundx/eslint-plugin-promise/blob/development/CHANGELOG.md)
- [Commits](https://github.com/xjamundx/eslint-plugin-promise/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-13 01:02:57 +09:00
dependabot[bot] 78717bb7b1
Bump css-loader from 5.2.0 to 5.2.1 (#16029)
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v5.2.0...v5.2.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-13 01:01:54 +09:00