Commit Graph

151 Commits (revert-severed-relationships-feature)

Author SHA1 Message Date
Matt Jankowski f9100743ec
Add `Api::ErrorHandling` concern for api/base controller () 2024-03-14 09:09:47 +00:00
Claire 7efc33b909
Move HTTP Signature parsing code to its own class () 2024-02-07 13:35:37 +00:00
Claire 1726085db5
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
2024-02-01 15:56:46 +01:00
Eugen Rochko b19ae521b7
Add confirmation when redirecting logged-out requests to permalink ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-24 10:49:19 +00:00
Claire 3593ee2e36
Add rate-limit of TOTP authentication attempts at controller level () 2024-01-19 12:19:49 +00:00
Jean Boussier 5a6d533c53
Enable Rails 7.1 Marshalling format () 2024-01-05 21:57:47 +00:00
Claire 092bb8a27a
Fix Mastodon not correctly processing HTTP Signatures with query strings () 2024-01-03 11:29:26 +00:00
Claire 963354978a
Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases () 2023-11-30 15:43:26 +00:00
Matt Jankowski 1f1c75bba5
File cleanup/organization in `controllers/concerns` () 2023-11-30 14:39:41 +00:00
Matt Jankowski 291dc04e67
Remove un-needed `action` and `template` options to `render` in controllers () 2023-11-29 10:38:05 +00:00
Matt Jankowski d562fb8459
Specs for minimal CSP policy in `Api::` controllers () 2023-11-14 14:34:30 +00:00
Ricardo Trindade 33f8c1c5eb
Remove version check from update cache_concern.rb () 2023-10-30 14:04:12 +00:00
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background () 2023-10-23 15:46:21 +00:00
Matt Jankowski d4c2dca874
Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… () 2023-10-12 09:44:20 +02:00
Claire 40ba6e119b
Fix Vary headers not being set on some redirects () 2023-10-05 09:50:08 +02:00
Matt Jankowski 340f1a68be
Simplify instance presenter view access () 2023-09-28 16:52:37 +02:00
CSDUMMI 9a70cac9de
Fix by adding the domain of the current SSO provider to the form-action CSP () 2023-09-12 13:04:51 +02:00
Claire 09ec9c6aa5
Downgrade signature verification debug logging from `warn` to `debug` () 2023-09-06 12:17:22 +02:00
Claire 25bf640629
Add debug logging on signature verification failure () 2023-08-29 10:29:07 +02:00
Claire 8b37dd2c86
Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts () 2023-08-08 15:41:38 +02:00
CSDUMMI 120f5802c0
Add direct link to the Single-Sign On provider if there is only one sign up method available () 2023-08-03 16:43:15 +02:00
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode () 2023-08-02 19:32:48 +02:00
Matt Jankowski 2e1391fdd2
Fix `Naming/MemoizedInstanceVariableName` cop () 2023-07-12 10:08:51 +02:00
Matt Jankowski 5134fc65e2
Fix `Naming/AccessorMethodName` cop () 2023-07-12 10:03:19 +02:00
Eugen Rochko 39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow () 2023-06-13 22:30:40 +02:00
Claire bec6a1cad4
Add hCaptcha support () 2023-05-16 23:27:35 +02:00
Nick Schonning d5a185d721
Autofix Rubocop Style/CaseLikeIf () 2023-05-04 05:51:18 +02:00
Matt Jankowski 668a19a2f3
Fix Performance/DeletePrefix cop () 2023-05-02 21:07:45 +02:00
Claire b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached () 2023-04-26 11:42:47 +02:00
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit () 2023-04-25 16:51:38 +02:00
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API () 2023-04-25 15:41:34 +02:00
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature () 2023-04-23 22:27:24 +02:00
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions () 2023-04-19 16:07:29 +02:00
Matt Jankowski 0663803348
Move link header setting to after_action () 2023-03-26 00:40:01 +01:00
Claire 2626097869
Fix Rails cache namespace being overriden with `v2` for cached statuses () 2023-03-22 15:47:44 +01:00
Jean byroot Boussier 160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 ()
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-17 14:37:30 +01:00
Nick Schonning 25d36b6edd
Autofix Rubocop Style/RedundantArgument () 2023-03-16 10:34:00 +09:00
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules () 2023-02-20 06:58:28 +01:00
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules () 2023-02-20 11:16:40 +09:00
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin () 2023-02-19 07:09:40 +09:00
Nick Schonning a6f77aa28a
Autofix Rubocop Lint/AmbiguousOperatorPrecedence () 2023-02-18 04:30:23 +01:00
Nick Schonning 2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument ()
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
2023-02-08 02:25:20 +01:00
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification ()
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2023-01-18 16:47:56 +01:00
Claire fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists ()
* Change domain block CSV parsing to be more robust and handle more lists

* Add some tests

* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
Claire aefefc74c4
Change referrer-policy to no-referrer application-wide () 2023-01-10 05:18:43 +01:00
Claire 42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts ()
Fixes 
2023-01-05 13:40:27 +01:00
David Vega 1b5d207131
Fix single name variables on controller folder ()
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 17:11:58 +01:00
lenore gilbert c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes ()
* Allow import/export of instance-level domain blocks/allows ()

* Allow import/export of instance-level domain blocks/allows.
Fixes 

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit 94e98864e3)

* Add confirmation page when importing blocked domains ()

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit b91196f4b7)

* Fix authorization check in domain blocks controller

(cherry picked from commit 7527937758)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 9094c2f52c)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 26ff48ee48)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-17 11:05:09 +01:00
Claire 86f6631d28
Remove dead code and refactor status threading code ()
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2022-11-10 22:30:00 +01:00
Eugen Rochko 839f893168
Change public accounts pages to mount the web UI ()
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00