Commit Graph

121 Commits (65cea8f89f7c6453e6709f834a39b4552a330743)

Author SHA1 Message Date
Eugen Rochko 796dd57e1b
Change ability to navigate of unconfirmed users (#33209) 3 weeks ago
Matt Jankowski 0ea9d8164b
Remove `body_class_string` helper (#33072) 1 month ago
Matt Jankowski 258dce1256
Add `OpenSSL::SSL::SSLError` to http connection errors wrapper (#32307) 3 months ago
Matt Jankowski e8ec6667bd
Extract wrapper constant for `HTTP::*` error classes (#32285) 3 months ago
Matt Jankowski 5f5373397f
Remove duplicate `omniauth_only?` helper method (#31066) 5 months ago
Matt Jankowski 65e82211cd
Rename `cache_*` methods to `preload_*` in controller concern (#30209) 8 months ago
Matt Jankowski c09b8a7164
Add `Account.without_internal` scope (#29559)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
10 months ago
zunda a30cdfd4d4
Specify 410 for code when responding as json while self-destruction (#29420) 10 months ago
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439) 1 year ago
Claire 9e26cd5503
Add `authorized_fetch` server setting in addition to env var (#25798) 1 year ago
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 1 year ago
Eugen Rochko fdc3ff7c2d
Change notifications API to use a replica (#25874) 1 year ago
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584) 2 years ago
Claire e9a79d46cd
Fix crash when SSO_ACCOUNT_SETTINGS is not defined (#24628) 2 years ago
Matt Jankowski 0a5f0a8b20
Remove instance variables from helper usage (#24203) 2 years ago
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2 years ago
CSDUMMI d75a1e5054
Link to the Identity provider's account settings from the account settings (#24100)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
CSDUMMI 39c7236649
Redirect users to SLO at the IdP after logging them out of Mastodon. (#24020) 2 years ago
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2 years ago
Eugen Rochko 44b2ee3485
Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
3 years ago
Claire d8629e7b86
Add logging of S3-related errors (#16381) 3 years ago
Eugen Rochko 059df83d1d
Fix database serialization failure returning HTTP 500 (#16101)
Database serialization failure occurs when a read-replica is used
and a query takes long enough that rows on the primary database
become unavailable. It should return HTTP 503 as it is temporary.

Re-order rescue definitions according to their status codes
4 years ago
Claire cbd0ee1d07
Update Mastodon to Rails 6.1 (#15910)
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
4 years ago
Justin Tracey c9e8e1739c
replace all instances of "ends_with?" with "end_with?" (#15745)
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
4 years ago
Cecylia Bocovich e79f8dd85c
Onion service related changes to HTTPS handling (#15560)
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
4 years ago
Eugen Rochko 1045549f85
Add stoplight for object storage failures, return HTTP 503 (#13043) 4 years ago
ThibG f55dd193f9
Fix RSS feeds not being cachable (#14368)
* Add tests for some cachable responses

This only covers responses that we should have managed to make cachable
so far. It's not the case of all responses that should be cachable in
the end.

* Fix RSS feeds not being cachable
4 years ago
Eugen Rochko 339ce1c4e9
Add specific rate limits for posting and following (#13172) 5 years ago
Eugen Rochko 49b2f7c0a2
Fix base64-encoded file uploads not being possible (#12748)
Fix #3804, Fix #5776
5 years ago
Eugen Rochko 353c94910b
Fix HTML error pages being returned when JSON is expected (#12713)
Fix #12509
See also #12214
5 years ago
Eugen Rochko 7ee6f51b78
Fix missing error templates for non-HTML requests (#12593) 5 years ago
Yamagishi Kazutoshi afb398b583 Change to always returns html document in error pages (#12214) 5 years ago
Yamagishi Kazutoshi d7268befa8 Add healthcheck endpoint for web (#11770) 5 years ago
Eugen Rochko 22ce4778eb
Fix uncaught parameter missing exceptions and missing error templates (#11702) 5 years ago
Eugen Rochko a8b0bb355d
Fix uncaught 422 and 500 errors (#11590) 5 years ago
Eugen Rochko 6e872c6dab
Fix 422 being returned instead of 404 when POSTing (#11574) 5 years ago
Eugen Rochko 24552b5160
Add whitelist mode (#11291) 5 years ago
Eugen Rochko 964ae8eee5
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.

Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.

After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.

Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
Eugen Rochko c669bb42ba
Add (back) rails-level JSON caching (#11333) 6 years ago
Eugen Rochko bd1545de5e
Change locale detection to run once per session (#8657)
Fix #6462
6 years ago
ThibG 730c4053d6 Add ActivityPub actor representing the entire server (#11321)
* Add support for an instance actor

* Skip username validation for local Application accounts

* Add migration script to create instance actor

* Make Codeclimate happy

* Switch to id -99 for instance actor

* Remove unused `icon` and `image` attributes from instance actor

* Use if/elsif/else instead of return + ternary operator

* Add instance actor to fresh installs

* Use instance actor as instance representative

Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.

* Seed database in test environment

* Fix single-user mode

* Fix tests

* Fix specs to accomodate for an extra `Account`

* Auto-reject follows on instance actor

Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.

* Fix webfinger lookup and serialization for instance actor

* Rename instance actor

* Make it clear in the HTML view that the instance actor should not be blocked

* Raise cache time for instance actor as there's no dynamic content

* Re-use /about/more with a flash message for instance actor profile
6 years ago
ThibG 15ddabf95a Fix caching headers in ActivityPub endpoints (#11331)
* Fix reverse-proxy caching in public fetch mode

* Fix caching in ActivityPub-specific controllers
6 years ago
Eugen Rochko 5bf67ca913
Add ActivityPub secure mode (#11269)
* Add HTTP signature requirement for served ActivityPub resources

* Change `SECURE_MODE` to `AUTHORIZED_FETCH`

* Add 'Signature' to 'Vary' header and improve code style

* Improve code style by adding `public_fetch_mode?` method
6 years ago
Eugen Rochko 63c7fe8e48
Refactor controllers for statuses, accounts, and more (#11249) 6 years ago
Eugen Rochko 6836587117
Fix unnecessary SQL query performed on unauthenticated requests (#11179) 6 years ago
ThibG cac9110533 Cleanup various controllers (#10972)
* Remove skip_session! as it is not supported in Rails 5

* Minor cleanup in StreamEntriesController

* Remove redundant mark_cacheable! calls
6 years ago
Ben Lubar c3d1594576 Reduce server load caused by anonymous viewing. (#9059)
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.
6 years ago
Eugen Rochko 8069fd636b
Remove intermediary arrays when creating hash maps from results (#9291) 6 years ago
Eugen Rochko 795f0107d2
Include preview cards in status entity in REST API (#9120)
* Include preview cards in status entity in REST API

* Display preview card in-stream

* Improve in-stream display of preview cards
6 years ago
Eugen Rochko 2288d50a7b
Add force_login option to OAuth authorize page (#8655)
* Add force_login option to OAuth authorize page

For when a user needs to sign into an app from multiple accounts
on the same server

* When logging out from modal header, redirect back after re-login
6 years ago