Commit Graph

657 Commits (9c39fb52f300c447dce5f279e448edeb0291d002)

Author SHA1 Message Date
Daniel M Brasil ce8b5899ae
Fix POST `/api/v1/admin/domain_allows` returning 200 when no domain is specified (#24958) 2 years ago
Claire 45ba9ada34
Fix race condition when reblogging a status (#25016) 2 years ago
Claire e60414792d
Add polling and automatic redirection to `/start` on email confirmation (#25013) 2 years ago
Daniel M Brasil 433ab0c9a3
Fix uncaught NoMethodError error in `/api/v1/admin/canonical_email_blocks/test` (#24947)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
zunda c0ea33e3fc
Make it possible to upload audio and video to Heroku app (#24866) 2 years ago
Matt Jankowski 6e226f5a32
Fix Rails/ActionOrder cop (#24692) 2 years ago
Claire 1c61869eed
Fix /api/v1/custom_emojis being cached even when unauthenticated API access is disallowed (#24665) 2 years ago
Claire b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662) 2 years ago
Claire 1419f90ef2
Fix some user-independent endpoints potentially reading session cookies (#24650) 2 years ago
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584) 2 years ago
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2 years ago
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2 years ago
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347) 2 years ago
Robert R George 4db8230194
Add trend management to admin API (#24257) 2 years ago
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Matt Jankowski e633b26f4f
Add allow_other_host in redirects which may go outside app (#24252) 2 years ago
Christian Schmidt bd047acc35
Replace `Status#translatable?` with language matrix in separate endpoint (#24037) 2 years ago
Nick Schonning 434770f580
Autofix Rubocop Rails/FindById (#23762) 2 years ago
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2 years ago
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2 years ago
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin (#23703) 2 years ago
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2 years ago
Claire d6930b3847
Add API parameter to safeguard unexpect mentions in new posts (#18350) 2 years ago
Nick Schonning f68bb52556
Apply Rubocop Style/NegatedIfElseCondition (#23451) 2 years ago
Eugen Rochko 21780c0204
Change notifications per page from 15 to 40 in REST API (#23348) 2 years ago
Claire 4b92e59f4f
Add support for editing media description and focus point of already-posted statuses (#20878)
* Add backend support for editing media attachments of existing posts

* Allow editing media attachments of already-posted toots

* Add tests
2 years ago
Claire b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer (#18943)
* Fix /api/v1/admin/trends/tags using wrong serializer

Fix regression from #18641

* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`

* Fix admin trending hashtag component to not link if `id` is unknown
2 years ago
Carl Schwan f33e22ae4c
Allow changing hide_collections setting with the api (#22790)
* Allow changing hide_collections setting with the api

This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers

* Fix the lint issue

* Use normal indent
2 years ago
Claire 8556a649d5
Fix changing domain block severity not undoing individual account effects (#22135)
* Fix changing domain block severity not undoing individual account effects

Fixes #22133

* Add tests
2 years ago
Claire 623d3d2e32
Change CSP directives on API to be tight and concise (#20960) 2 years ago
nametoolong 63b379c2d9
Fix N+1 queries from in NotificationsController (#21202)
Co-authored-by: Nonexistent <nx@example.org>
2 years ago
Francis Murillo f6492a7c4d
Log admin approve and reject account (#22088)
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2 years ago
Claire 69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters (#21988)
Fixes #21965
2 years ago
Claire 51a33ce77a
Fix not being able to follow more than one hashtag (#21285)
Fixes regression from #20860
2 years ago
trwnh 7fdeed5fbc
Make tag following idempotent (#20860) 2 years ago
trwnh e1f819fd78
Fix pagination of followed tags (#20861)
* Fix missing pagination headers on followed tags

* Fix typo
2 years ago
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2 years ago
trwnh b59ce0a60f
Move V2 Filter methods under /api/v2 prefix (#20622)
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2 years ago
Eugen Rochko b31afc6294
Fix error when passing unknown filter param in REST API (#20626)
Fix #19156
2 years ago
Eugen Rochko 167d86d21d
Fix `role_ids` not accepting arrays in admin API (#20625)
Fix #19157
2 years ago
Claire 86f6631d28
Remove dead code and refactor status threading code (#20357)
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2 years ago
Claire 1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits (#20355) 2 years ago
James Tucker 78a6b871fe
Improve performance by avoiding regex construction (#20215)
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2 years ago
Eugen Rochko 0cd0786aef
Revert filtering public timelines by locale by default (#20294) 2 years ago
trwnh 89e1974f30
Make account endorsements idempotent (fix #19045) (#20118)
* Make account endorsements idempotent (fix #19045)

* Accept suggestion to use exists? instead of find_by + nil check

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* fix logic (unless, not if)

* switch to using `find_or_create_by!`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2 years ago
trwnh 68d9dcd425
Fix uncaught 500 error on invalid `replies_policy` (Fix #19097) (#20126) 2 years ago
Claire 4cb2323458
Fix crash in legacy filter creation controller (#19878) 2 years ago
Eugen Rochko 3a41fccc43
Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803)
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2 years ago
Claire c2170991c7
Fix reblogs being discarded after the reblogged status (#19731) 2 years ago
Eugen Rochko 15bae3e0e4
Change post-processing to be deferred only for large media types (#19617) 2 years ago
Eugen Rochko 26478f461c
Remove language filtering from hashtag timelines (#19563) 2 years ago
Eugen Rochko 276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete (#19479)
Fix #19153
2 years ago
Eugen Rochko 5724da0780
Fix language not being saved when editing status (#19543)
Fix #19542
2 years ago
Eugen Rochko 3e18e05330
Fix uncaught error when invalid date is supplied to API (#19480)
Fix #19213
2 years ago
Eugen Rochko 1ae508bf2f
Change unauthenticated search to not support pagination in REST API (#19326)
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2 years ago
Takeshi Umeda 74ead7d106
Change featured tag updates to add/remove activity (#19409)
* Change featured tag updates to add/remove activity

* Fix to check for the existence of feature tag

* Rename service and worker

* Merge AddHashtagSerializer with AddSerializer

* Undo removal of sidekiq_options
2 years ago
Takeshi Umeda b0e3f0312c
Add synchronization of remote featured tags (#19380)
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2 years ago
Eugen Rochko 1bd00036c2
Change about page to be mounted in the web UI (#19345) 2 years ago
Eugen Rochko 45ebdb72ca
Add support for language preferences for trending statuses and links (#18288) 2 years ago
Eugen Rochko a2ba011326
Change privacy policy to be rendered in web UI, add REST API (#19310)
Source string no longer localized, Markdown instead of raw HTML
2 years ago
Eugen Rochko 9f65909f42
Change public timelines to be filtered by current locale by default (#19291)
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2 years ago
Eugen Rochko d2528b26b6
Add server banner to web app, add `GET /api/v2/instance` to REST API (#19294) 2 years ago
Claire cedcece0cc
Fix deleted pinned posts potentially counting towards the pinned posts limit (#19005)
Fixes #18938
2 years ago
Eugen Rochko 0d6b878808
Add user content translations with configurable backends (#19218) 2 years ago
Eugen Rochko 50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2 years ago
Claire 2750a7a0e6
Fix REST API sometimes returning HTML on error (#19135)
Fixes #19115
2 years ago
Eugen Rochko c57907737a
Change search API to be accessible without being logged in (#18963)
But with the resolve option turned off
2 years ago
Eugen Rochko c99c106ef0
Change following and followers API to be accessible without being logged in (#18964) 2 years ago
Eugen Rochko 2a7766dcc9
Add admin API for managing e-mail domain blocks (#19066) 2 years ago
Eugen Rochko c556c3a0d1
Add admin API for managing canonical e-mail blocks (#19067) 2 years ago
Eugen Rochko b399d79545
Add admin API for managing IP blocks (#19065) 2 years ago
Claire 50487db122
Add ability to filter individual posts (#18945)
* Add database table for status-specific filters

* Add REST endpoints, entities and attributes

* Show status filters in /filters interface

* Perform server-side filtering for individual posts filters

* Fix filtering on context mismatch

* Refactor `toServerSideType` by moving it to its own module

* Move loupe and delete icons to their own module

* Add ability to filter individual posts from WebUI

* Replace keyword list by warnings (expired, context mismatch)

* Refactor server-side filtering code

* Add tests
2 years ago
Claire 726931fe4a
Fix /api/v1/tags/:id route constraints (#18854)
The constraint was applied prior to decoding, and rejected anything containing
the '%' character, which would be used for anything with non-ASCII unicode
characters.
3 years ago
Eugen Rochko c3f0621a59
Add ability to follow hashtags (#18809) 3 years ago
Eugen Rochko e7aa2be828
Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
3 years ago
Eugen Rochko 44b2ee3485
Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
3 years ago
Claire 02851848e9
Revamp post filtering system (#18058)
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
3 years ago
Claire 35588d09e2
Add /api/v1/admin/domain_allows (#18668)
- `GET /api/v1/admin/domain_allows` lists allowed domains
- `GET /api/v1/admin/domain_allows/:id` shows one by ID
- `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list
  of allowed domains
- `POST /api/v1/admin/domain_allows` to allow a new domain:
  if that domain is already allowed, the existing DomainAllow will be returned
3 years ago
tateisu 47f2ff617d
use Notification::TYPES for api push subscription alerts (#18709) 3 years ago
Claire 28329ba62f
Add /api/v1/admin/domain_blocks (#18247)
* Add /api/v1/admin/domain_blocks

Fixes #18140

- `GET /api/v1/admin/domain_blocks` lists domain blocks
- `GET /api/v1/admin/domain_blocks/:id` shows one by ID
- `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block
- `POST /api/v1/admin/domain_blocks` to create a new domain block:
  if it conflicts with an existing one, returns an error with
  an attribute `existing_domain_block` with the rendered domain block

* Simplify conflict handling as suggested in review
3 years ago
Eugen Rochko 9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524) 3 years ago
Claire 440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
3 years ago
Claire 9a3be0ad68
Fix error when looking handle with surrounding spaces (#18225) 3 years ago
Claire 66a63d79ea
Fix 500 error when a bookmark or favorite has been reported and deleted (#18174) 3 years ago
0x2019 012537452a
Fix error resposes for `from` search prefix (#17963)
* Fix error responses in `from` search prefix (addresses mastodon/mastodon#17941)

Using unsupported prefixes now reports a 422; searching for posts from an
account the instance is not aware of reports a 404. TODO: The UI for this
on the front end is abysmal.

Searching `from:username@domain` now succeeds when `domain` is the local
domain; searching `from:@username(@domain)?` now works as expected.

* Remove unused methods on new Error classes as they are not being used

Currently when `raise`d there are error messages being supplied, but
this is not actually being used. The associated `raise`s have been
edited accordingly.

* Remove needless comments

* Satisfy rubocop

* Try fixing tests being unable to find AccountFindingConcern methods

* Satisfy rubocop

* Simplify `from` prefix logic

This incorporates @ClearlyClaire's suggestion (see
https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737).

Accepctable account strings in `from:` clauses are more lenient than
before this commit; for example, `from:@user@example.org@asnteo +cat`
will not error, and return posts by @user@example.org containing the
word "cat". This is more consistent with how Mastodon matches mentions
in statuses. In addition, `from` clauses will not be checked for
syntatically invalid usernames or domain names, simply 404ing when
`Account.find_remote!` raises ActiveRecord::NotFound.

New code for this PR that is no longer used has been removed.
3 years ago
Claire 3906dd67ed
Fix extremely rare race condition when deleting a toot or account (#17994) 3 years ago
Eugen Rochko 465ee7792f
Fix pagination header on empty trends responses in REST API (#17986) 3 years ago
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
3 years ago
Eugen Rochko d116cb7733
Fix `GET /api/v1/trends/tags` missing `offset` param in REST API (#17973) 3 years ago
Claire 894956e20c
Fix /api/v1/admin/accounts (#17887)
* Fix /api/v1/admin/accounts

Compatibility was broken since #17009 which changed the underlying filter class
without changing the controller.

This commits restore support for the old parameters.

* Add /api/v2/admin/accounts with the new parameters

* Add tests

* Add missing filter for `silenced` status

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
3 years ago
Eugen Rochko cefa526c6d
Refactor formatter (#17828)
* Refactor formatter

* Move custom emoji pre-rendering logic to view helpers

* Move more methods out of Formatter

* Fix code style issues

* Remove Formatter

* Add inline poll options to RSS feeds

* Remove unused helper method

* Fix code style issues

* Various fixes and improvements

* Fix test
3 years ago
Eugen Rochko e3a2203061
Add offset pagination to trends in REST API (#17872) 3 years ago
Eugen Rochko 67d550830b
Fix locale not being set in REST API (#17847) 3 years ago
Eugen Rochko e6ffbfb5e7
Add `types` param to `GET /api/v1/notifications` in REST API (#17767)
* Add `types` param to `GET /api/v1/notifications` in REST API

* Improve tests
3 years ago
Eugen Rochko bc320d6cec
Fix `POST /api/v1/emails/confirmations` not being available after sign-up (#17743) 3 years ago
Eugen Rochko b2cd34474b
Add rate limit for editing (#17728) 3 years ago
Eugen Rochko 8f6c67bfde
Fix performance of account timelines (#17709)
* Fix performance of account timelines

* Various fixes and improvements

* Fix duplicate results being returned

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix grouping for pinned statuses scope

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Eugen Rochko edf09ec747
Add `/api/v1/accounts/familiar_followers` to REST API (#17700)
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Eugen Rochko 2ea754b861
Fix duplicate notifications being possible after poll expiration (#17697) 3 years ago
Claire ff43e54a49
Allow editing media attachments for scheduled toots (#17690)
Fixes #17676
3 years ago
Eugen Rochko 631e495a79
Change `follow` scope to be covered by `read` and `write` scopes in REST API (#17678)
Deprecate `follow` scope
3 years ago
Eugen Rochko e24b14cc74
Fix leak of existence of otherwise inaccessible statuses in REST API (#17684) 3 years ago
Eugen Rochko 02b8d63fce
Fix report category not being saved in REST API (#17682) 3 years ago
Eugen Rochko 50ea54b3ed
Change authorized applications page (#17656)
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
3 years ago
Eugen Rochko 27965ce5ed
Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
3 years ago
Eugen Rochko 7b816eb5ae
Add notifications for new sign-ups (#16953) 3 years ago
Eugen Rochko 8f03b7a2fb
Add notifications when a reblogged status has been updated (#17404)
* Add notifications when a reblogged status has been updated

* Change wording to say "edit" instead of "update" and add missing controls

* Replace previous update notifications with the most up-to-date one
3 years ago
Eugen Rochko 63002cde03
Add editing for published statuses (#17320)
* Add editing for published statuses

* Fix change of multiple-choice boolean in poll not resetting votes

* Remove the ability to update existing media attachments for now
3 years ago
Eugen Rochko 2f8159baad
Add `category` and `rule_ids` params to `POST /api/v1/reports` (#17492) 3 years ago
Eugen Rochko fd3a45e348
Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
3 years ago
Claire 03d59340da
Fix Sidekiq warnings about JSON serialization (#17381)
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
3 years ago
Claire bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
3 years ago
Eugen Rochko 1060666c58
Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
3 years ago
Eugen Rochko 14f436c457
Add notifications for statuses deleted by moderators (#17204) 3 years ago
Claire d5c9feb7b7
Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
3 years ago
Eugen Rochko 8e84ebf0cb
Remove IP tracking columns from users table (#16409) 3 years ago
Eugen Rochko 7de0ee7aba
Remove Keybase integration (#17045) 3 years ago
Eugen Rochko 6e50134a42
Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
3 years ago
Takeshi Umeda 17f4e457b3
Add remove from followers api (#16864)
* Add followed_by? to account_interactions

* Add RemoveFromFollowersService

* Fix AccountBatch to use RemoveFromFollowersService

* Add remove from followers API
3 years ago
Eugen Rochko 07341e7aa6
Add graphs and retention metrics to admin dashboard (#16829) 3 years ago
Claire d8629e7b86
Add logging of S3-related errors (#16381) 4 years ago
Eugen Rochko 1410dffdf4
Fix e-mail confirmations API not working correctly (#16348)
* Fix e-mail confirmations API not working correctly

* Fix typo
4 years ago
Claire 566fc90913
Add Ruby 3.0 support (#16046)
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0

Also improve the Terrapin monkey-patch for the stderr/stdout issue.

* Fix keyword argument handling throughout the codebase

* Monkey-patch Paperclip to fix keyword arguments handling in validators

* Change validation_extensions to please CodeClimate

* Bump microformats from 4.2.1 to 4.3.1

* Allow Ruby 3.0

* Add Ruby 3.0 test target to CircleCI

* Add test for admin dashboard warnings

* Fix admin dashboard warnings on Ruby 3.0
4 years ago
abcang d0fc69d721
Further improve the media attached status query for accounts (#16106) 4 years ago
abcang 1f47511023
Improve media attached status query (#16105) 4 years ago
Eugen Rochko daccc07dc1
Change auto-following admin-selected accounts, show in recommendations (#16078) 4 years ago
Eugen Rochko ce2148c571
Add `policy` param to `POST /api/v1/push/subscriptions` (#16040)
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
4 years ago
Eugen Rochko f7117646af
Add cold-start follow recommendations (#15945) 4 years ago
Eugen Rochko dd1eb9918a
Add `email` param to `POST /api/v1/emails/confirmations` (#15949)
Allow changing e-mail as long as the account is unconfirmed
4 years ago
Eugen Rochko ee1119208c
Add `POST /api/v1/emails/confirmations` to REST API (#15816)
Only available to the application the user originally signed-up with
4 years ago
Eugen Rochko 9aa37b32c3
Add `details` to error response for `POST /api/v1/accounts` in REST API (#15803) 4 years ago
Eugen Rochko 8331fdf7e0
Add server rules (#15769) 4 years ago
Eugen Rochko e31ed27485
Add `GET /api/v1/accounts/lookup` REST API (#15740) 4 years ago
Eugen Rochko 15ced8728f
Refactor Api::Web::SettingsController (#15717) 4 years ago
abcang 7ab53f221a
Improved performance of notification preloading (#15640)
* Improved performance of notification preloading

* Remove Cacheable from Notification

* Fix test
4 years ago
ThibG 54d4e5252b
Use Rails' index_by where it makes sense (#15542)
* Use Rails' index_by where it makes sense

* Fix tests

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
4 years ago
Levi Bard 11d603101a
Fix muting users with duration via the REST api (#15516) 4 years ago
luigi 087ed84367
Optimize map { ... }.compact calls (#15513)
* Optimize map { ... }.compact

using Enumerable#filter_map, supported since Ruby 2.7

* Add poyfill for Enumerable#filter_map
4 years ago
trwnh 4950e59cdc
Use existing FeaturedTag serializer and delete AccountFeaturedTag serializer (#15415)
* Update featured_tags_controller.rb

* Update featured_tag_serializer.rb

* Update featured_tag_serializer.rb

* Delete account_featured_tag_serializer.rb

* please codeclimate

* please codeclimate
4 years ago
Eugen Rochko 1045549f85
Add stoplight for object storage failures, return HTTP 503 (#13043) 4 years ago
Eugen Rochko 216b85b053
Fix performance on instances list in admin UI (#15282)
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
4 years ago
Takeshi Umeda 44d5c6bc8f
Fix incorrect conditions for suspended accounts in Get API for account featured tags (#15270) 4 years ago
ThibG c43f4cd3bb
Fix not being able to unfavorite toots one has lost access to (#15192)
Fixes #15191
4 years ago
Eugen Rochko 8532429af7
Fix 2FA/sign-in token sessions being valid after password change (#14802)
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
4 years ago
Takeshi Umeda d6fe0c94ca
Add account sensitized (#14361)
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
4 years ago
OSAMU SATO 96761752ec
Add duration parameter to muting. (#13831)
* Adding duration to muting.

* Remove useless checks
4 years ago
Eugen Rochko 5e1364c448
Add IP-based rules (#14963) 4 years ago
Eugen Rochko 8c8bf0289f
Fix not being able to enable status notifications in Web Push API (#14822) 4 years ago
Eugen Rochko 974b1b79ce
Add option to be notified when a followed user posts (#13546)
* Add bell button

Fix #4890

* Remove duplicate type from post-deployment migration

* Fix legacy class type mappings

* Improve query performance with better index

* Fix validation

* Remove redundant index from notifications
4 years ago
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726) 4 years ago