Commit Graph

66 Commits (52986f35b87d97b71e99536b01f41f7a77ca5ec6)

Author SHA1 Message Date
Matt Jankowski 95da28d201
Add common `ThreadingHelper` module for specs (#29116) 12 months ago
Matt Jankowski 577520b637
Replace deprecated `Sidekiq::Testing` block style (#29097) 12 months ago
Matt Jankowski 4e08a4892f
Move streaming `around` config into manager class (#28684) 1 year ago
Matt Jankowski 8422b8ded0
Extract capybara config and improve headless_chrome driver config (#28681) 1 year ago
Matt Jankowski 00341c70ff
Use Sidekiq `fake!` instead of `inline!` in specs (#25369) 1 year ago
Claire 6ad0fb5a77
Fix NULL MX handling and tighten DNS resolving specs (#28607) 1 year ago
Matt Jankowski e6e217fedd
Clean up `tagged_with_*` Status specs, fix `RSpec/LetSetup` cop (#28462) 1 year ago
Matt Jankowski 8a3d8c6c14
Remove the `stub_stdout` wrapper around CLI specs (#28340) 1 year ago
Matt Jankowski ad34d33bfd
Formalize some patterns in cli specs (#28255) 1 year ago
Matt Jankowski 973597c6f1
Consolidate configuration of `Sidekiq::Testing.fake!` setup (#28046) 1 year ago
Matt Jankowski 67fd3187b3
Update rspec fixture path config to silence deprecation warning (#28018) 1 year ago
Matt Jankowski e892efbc40
Configure elastic search integration with rspec tag (#27882) 1 year ago
Matt Jankowski 549e8e7baf
Add `email_spec` and speedup/cleanup to `spec/mailers` (#27902) 1 year ago
Matt Jankowski b05575e242
Move RSpec config for streaming/search managers to be near classes (#27761) 1 year ago
Matt Jankowski b06284c572
Fix `RSpec/HookArgument` cop (#27747) 1 year ago
Matt Jankowski f8afa0f614
Remove unused stub json ld context (#25454) 1 year ago
Matt Jankowski 00e92b4038
Add coverage for `CLI::Statuses` command (#25321) 1 year ago
Matt Jankowski abf0e1fa39
Move `SignedReqestHelpers` rspec config to separate file (#25453) 1 year ago
jsgoldstein 4d9186a48c
Add search tests (#26703) 1 year ago
Matt Jankowski 7581b1ff96
Profiling tools configuration improvement (#25383) 2 years ago
Renaud Chaput 4d1b67f664
Add end-to-end (system) tests (#25461) 2 years ago
Matt Jankowski 07933db788
Add coverage for `CLI::Cache` command (#25238) 2 years ago
Matt Jankowski c94bb9ba9a
Disable paperclip processing in specs (#25359) 2 years ago
Matt Jankowski b0104e4c33
Silence output to stdout during cli specs (#25211) 2 years ago
Nick Schonning 1fe04f740a
Enable Rubocop Rails/FilePath (#23854) 2 years ago
Claire 1eb51bd749
Add request specs for caching behavior (#24592) 2 years ago
Matt Jankowski 91a8cd21d8
React component helper specs (#24072) 2 years ago
Claire f45961aa98
Add feature test for OAuth access grant (#24624) 2 years ago
Matt Jankowski 1ed12d5e2f
Add basic search specs for chewy indexes (#24065) 2 years ago
Nick Schonning 8fd3fc404d
Autofix Rubocop Rails/RootPathnameMethods (#23760) 2 years ago
Nick Schonning 84cc805cae
Enable Style/FrozenStringLiteralComment for specs (#23790) 2 years ago
Nick Schonning 81ad6c2e39
Autofix Rubocop Style/StringLiterals (#23695) 2 years ago
Nick Schonning d65b2c1924
Apply Rubocop Style/RedundantConstantBase (#23463) 2 years ago
Nick Schonning 1487fcde93
Apply Rubocop Style/ExpandPathArguments (#23450) 2 years ago
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135)
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
3 years ago
Eugen Rochko ddbe906c25
Fix not updating a status when newer version is fetched manually (#17745) 3 years ago
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
4 years ago
dependabot-preview[bot] 56531d646e
Bump sidekiq from 5.2.7 to 6.0.4 (#11727)
* Bump sidekiq from 5.2.7 to 6.0.0

Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Sidekiq::Logger.logger -> Sidekiq.logger

* Drop support Ruby 2.4

* update

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
5 years ago
Eugen Rochko 5c42f47617
Fix records not being indexed sometimes (#12024)
It's possible that after commit callbacks were not firing when
exceptions occurred in the process. Also, the default Sidekiq
strategy does not push indexing jobs immediately, which is not
necessary and could be part of the issue too.
5 years ago
Moritz Heiber ecf40d09ed Disable Same-Site cookie implementation to fix SSO issues on WebKit browsers (#9819) 6 years ago
ashleyhull-versent f194857ac9 rubocop issues - Cleaning up (#8912)
* cleanup pass

* undo mistakes

* fixed.

* revert
6 years ago
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626)
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
6 years ago
Eugen Rochko cb5b5cb5f7
Slightly reduce RAM usage (#7301)
* No need to re-require sidekiq plugins, they are required via Gemfile

* Add derailed_benchmarks tool, no need to require TTY gems in Gemfile

* Replace ruby-oembed with FetchOEmbedService

Reduce startup by 45382 allocated objects

* Remove preloaded JSON-LD in favour of caching HTTP responses

Reduce boot RAM by about 6 MiB

* Fix tests

* Fix test suite by stubbing out JSON-LD contexts
7 years ago
Akihiko Odaki 9b8a448477 Isolate each specs for cache store (#6450)
The cache store is explicitly used by some specs, but they were not
isolated and therefore not reliable. This fixes the issue by clearing
the cache after each specs.
7 years ago
Yamagishi Kazutoshi 1d92b90be9 Fix force_ssl conditional (#6201) 7 years ago
Naoki Kosaka 8d51ce4290 Fix enforce HTTPS in production. (#6180) 7 years ago
Eugen Rochko 00df69bc89 Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091)
* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions

* Fix tests, smooth migrate from previous session-based identifier
8 years ago
Akihiko Odaki (@fn_aki@pawoo.net) 7d8e3721ae Overwrite old statuses with reblogs in PrecomputeFeedService (#3984) 8 years ago
Eugen Rochko f7301bd5b9 Add overview of active sessions (#3929)
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test
8 years ago
Sorin Davidoi 2211e8d1cd Revocable sessions (#3616)
* feat: Revocable sessions

* fix: Tests using sign_in

* feat: Configuration entry for the maximum number of session activations
8 years ago