Commit Graph

6144 Commits (a06dda41d04b073a9cc41930a9c80bd91c2111e5)

Author SHA1 Message Date
Claire df68d2eab8 Fix response_to_recipient? CTE 2022-02-02 23:30:15 +01:00
Claire b27f50da5a Fix insufficient sanitization of report comments 2022-02-02 23:30:15 +01:00
Claire e2009ced3a Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 23:30:15 +01:00
Puck Meerburg fe0210074f Compact JSON-LD signed incoming activities 2022-02-02 23:30:15 +01:00
Claire c8dbbd60eb Fix error-prone SQL queries (#15828)
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e.
2022-02-02 23:30:15 +01:00
Claire 6d831fe274
Fix spurious errors when receiving an Add activity for a private post (#17425) 2022-02-02 22:59:34 +01:00
Claire 03f0e98b32 Fix followers synchronization mechanism not working when URI has empty path (#16510)
* Fix followers synchronization mechanism not working when URI has empty path

To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.

Also adds tests and rename them to reflect the proper method names.

* Move url prefix regexp to its own constant
2022-01-31 10:59:00 +01:00
Claire f264cca1d2 Fix filtering DMs from non-followed users (#17042) 2021-11-26 01:22:33 +01:00
Claire 5e4b04de88 Fix handling of recursive toots in WebUI (#17041) 2021-11-26 01:22:27 +01:00
Claire 3c18311d86 Fix error when suspending user with an already-existing canonical email block (#17036)
* Fix error when suspending user with an already-existing canonical email block

Fixes #17033

While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.

A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.

* Add tests
2021-11-26 01:22:10 +01:00
Claire e5113a8cad Fix overflow of long profile fields in admin view (#17010) 2021-11-26 01:21:57 +01:00
Claire 22cd1e6ab5 Fix confusing error when webfinger request returns empty document (#16986)
For some reason, some misconfigured servers return an empty document when
queried over webfinger. Since an empty document does not lead to a parse
error, the error is not caught properly and triggers uncaught exceptions
later on.

This PR fixes that by immediately erroring out with `Webfinger::Error` on
getting an empty response.
2021-11-26 01:21:50 +01:00
Takeshi Umeda 1bcb3daf7e Fix logout link not working in safari (#16574) 2021-11-26 01:21:37 +01:00
Claire 9c610ca0a4 Fix “open” link of media modal not closing modal (#16524) 2021-11-26 01:21:29 +01:00
Claire 77d0297313 Fix replying from modal (#16516)
Fixes #16515

Not using a router object somehow made `this.history` lag behind the real
browser history whenever pushing a new history item in `replyCompose`.

Not using the context-provided router in this case was an oversight made
when porting glitch-soc changes in #16499.
2021-11-26 01:21:21 +01:00
Eugen Rochko 5c47a18c8d Fix login being broken due to inaccurately applied backport fix in 3.4.2
See #16943
2021-11-06 05:17:39 +01:00
Claire 76c2028859 Fix AccountNote not having a maximum length (#16942) 2021-11-06 00:17:05 +01:00
Claire 3251b8eead Fix reviving revoked sessions and invalidating login (#16943)
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:17:05 +01:00
Claire f60bb0784f Fix handling announcements with links (#16941)
Broken since #15827
2021-11-06 00:07:17 +01:00
Claire c3a6f7b941 Fix user email address being banned on self-deletion (#16503)
* Add tests

* Fix user email address being banned on self-deletion

Fixes #16498
2021-11-05 23:46:24 +01:00
Claire 986397b3a2 Improve modal flow and back button handling (#16499)
* Refactor shouldUpdateScroll passing

So far, shouldUpdateScroll has been manually passed down from the very top of
the React component hierarchy even though it is a static function common to
all ScrollContainer instances, so replaced that with a custom class extending
ScrollContainer.

* Generalize “press back to close modal” to any modal and to public pages

* Fix boost confirmation modal closing media modal
2021-11-05 23:46:24 +01:00
Claire c79d4711e9 Change references to tootsuite/mastodon to mastodon/mastodon (#16491)
* Change references to tootsuite/mastodon to mastodon/mastodon

* Remove obsolete test fixture

* Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG

And a few other places
2021-11-05 23:46:24 +01:00
Claire be56033715 Change number_to_human calls to always use 3-digits precision (#16469)
Fixes #16435
2021-11-05 23:46:24 +01:00
Claire 8815e98aa2 Fix pop-in player display when poster has long username or handle (#16468) 2021-11-05 23:46:24 +01:00
Claire 4bc1fde105 Fix anonymous access to outbox not being cached by the reverse proxy (#16458)
* Fix anonymous access to outbox not being cached by the reverse proxy

Up until now, anonymous access to outbox was marked as public, but with a
0 duration for caching, which means remote proxies would only serve from cache
when the server was completely overwhelmed.

Changed that cache duration to one minute, so that repeated anonymous access
to one account's outbox can be appropriately cached.

Also added `Signature` to the `Vary` header in case a page is requested, so
that authenticated fetches are never served from cache (which only contains
public toots).

* Remove Vary: Accept header from webfinger controller

Indeed, we have stopped returning xrd, and only ever return jrd, so the
Accept request header does not matter anymore.

* Cache negative webfinger hits for 3 minutes
2021-11-05 23:46:24 +01:00
Claire 34ab4111a7 Fix WebUI crash when a toot with a playing video gets deleted (#16384)
* Fix WebUI crash when a toot with a playing video gets deleted

* Fix pop-up player not closing the moment a status is deleted
2021-11-05 23:46:24 +01:00
Claire aebcb722aa Fix serialization of followers/following counts when user hides their network (#16418)
* Add tests

* Fix serialization of followers/following counts when user hides their network

Fixes #16382

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-11-05 23:46:24 +01:00
Claire 9a468c895b Fix inefficiencies in auto-linking code (#16506)
The auto-linking code basically rewrote the whole string escaping non-ascii
characters in an inefficient way, and building a full character offset map
between the unescaped and escaped texts before sending the contents to
TwitterText's extractor.

Instead of doing that, this commit changes the TwitterText regexps to include
valid IRI characters in addition to valid URI characters.
2021-11-05 23:46:24 +01:00
Claire e40d5414cc Fix crashes with Microsoft Translate on Microsoft Edge (#16525)
Fixes #16509

Microsoft Edge with translation enabled rewrites the DOM in ways that confuse
react and prevent it from working properly. Wrapping the offending parts in
a span avoids this issue.
2021-11-05 23:46:24 +01:00
Claire 9b34647c9b Fix followers synchronization mechanism not working when URI has empty path (#16744)
Follow-up to #16510, forgot the controller exposing the actual followers…
2021-11-05 23:46:23 +01:00
Eugen Rochko 6b98fd0b4f Fix not being able to suspend accounts that already have a canonical e-mail block (#16455) 2021-11-05 20:34:12 +01:00
Eugen Rochko d5a50e9dfb Add `configuration` attribute to `GET /api/v1/instance` (#16485)
List various values like file size limits and supported mime types
2021-11-05 20:30:02 +01:00
Jeong Arm e1cf8d4d37 Fix statuses order in account's statuses admin page (#16937) 2021-11-05 20:29:22 +01:00
Claire 123a88b6b5 Fix some link previews being incorrectly generated from other prior links (#16885)
* Add tests

* Fix some link previews being incorrectly generated from different prior links

PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can
be guessed from the URL. This caching mechanism is not perfectly correct as
there is no guarantee that all pages from a given domain share the same
OEmbed provider endpoint.

This PR prevents the FetchOEmbedService from caching OEmbed endpoint that
cannot be generalized by replacing a fully-qualified URL from the endpoint's
parameters, greatly reducing the number of incorrect cached generalizations.
2021-11-05 20:28:59 +01:00
Claire e63370db19 Fix scheduled statuses decreasing statuses counts (#16791)
* Add tests

* Fix scheduled statuses decreasing statuses counts

Fixes #16774
2021-11-05 20:28:41 +01:00
Claire 2396c9061a Fix webauthn secure key authentication (#16792)
* Add tests

* Fix webauthn secure key authentication

Fixes #16769
2021-11-05 20:28:33 +01:00
Holger 663b58aaae use relative path for `scope` (#16714)
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
2021-11-05 20:28:27 +01:00
Claire 75441ac63d Fix addressing of remote groups' followers (#16700)
Fixes #16699
2021-11-05 20:28:20 +01:00
Claire 5899fe70b6 Fix processing mentions to domains with non-ascii TLDs (#16689)
Fixes #16602
2021-11-05 20:28:11 +01:00
Claire 2688f18d06 Fix authentication failures after going halfway through a sign-in attempt (#16607)
* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-11-05 20:27:07 +01:00
Claire f51c6cba1f Fix remotely-suspended accounts' toots being merged back into timelines (#16628)
* Fix remotely-suspended accounts' toots being merged back into timelines

* Mark remotely-deleted accounts as remotely suspended
2021-11-05 20:26:59 +01:00
Claire 4f852448e1 Fix crash when encountering invalid account fields (#16598)
* Add test

* Fix crash when encountering invalid account fields
2021-11-05 20:26:51 +01:00
Takeshi Umeda c02d6c46e3 Fix invalid blurhash handling in Create activity (#16583) 2021-11-05 20:26:44 +01:00
Takeshi Umeda 987f945930 Fix when MoveWorker cannot get locale from remote account (#16576) 2021-11-05 20:26:36 +01:00
Claire e62f488be5 Fix newlines in accout notes added by the Move handler (#16415)
* Fix newlines in account notes added by the move handler

* Make MoveWorker more robust
2021-11-05 20:25:04 +01:00
Eugen Rochko 2fba280353
New Crowdin updates (#16288)
* New translations en.yml (Galician)
[ci skip]

* New translations activerecord.en.yml (Galician)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations devise.en.yml (Swedish)
[ci skip]

* New translations doorkeeper.en.yml (Swedish)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations simple_form.en.yml (Dutch)
[ci skip]

* New translations activerecord.en.yml (Dutch)
[ci skip]

* New translations doorkeeper.en.yml (Dutch)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations simple_form.en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Romanian)
[ci skip]

* New translations en.yml (Norwegian Nynorsk)
[ci skip]

* New translations en.yml (Welsh)
[ci skip]

* New translations en.yml (Telugu)
[ci skip]

* New translations en.yml (Malay)
[ci skip]

* New translations en.yml (Hindi)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Estonian)
[ci skip]

* New translations en.yml (Kazakh)
[ci skip]

* New translations en.yml (Croatian)
[ci skip]

* New translations en.yml (Uyghur)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Marathi)
[ci skip]

* New translations en.yml (Bengali)
[ci skip]

* New translations en.yml (Spanish, Mexico)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Tamil)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (Sorani (Kurdish))
[ci skip]

* New translations en.yml (Silesian)
[ci skip]

* New translations en.yml (Taigi)
[ci skip]

* New translations en.yml (Ido)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.yml (Sanskrit)
[ci skip]

* New translations en.yml (Sardinian)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Serbian (Latin))
[ci skip]

* New translations en.yml (Tatar)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Kannada)
[ci skip]

* New translations en.yml (Cornish)
[ci skip]

* New translations en.yml (Sinhala)
[ci skip]

* New translations en.yml (Breton)
[ci skip]

* New translations en.yml (Malayalam)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Armenian)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Hebrew)
[ci skip]

* New translations en.yml (Finnish)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Bulgarian)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Afrikaans)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Georgian)
[ci skip]

* New translations en.yml (Lithuanian)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Serbian (Cyrillic))
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Urdu (Pakistan))
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Albanian)
[ci skip]

* New translations en.yml (Macedonian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Punjabi)
[ci skip]

* New translations en.yml (Norwegian)
[ci skip]

* New translations en.yml (Standard Moroccan Tamazight)
[ci skip]

* Update source file en.yml
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations devise.en.yml (Chinese Simplified)
[ci skip]

* New translations doorkeeper.en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations activerecord.en.yml (Chinese Traditional)
[ci skip]

* New translations devise.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations doorkeeper.en.yml (Chinese Traditional)
[ci skip]

* New translations devise.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.json (Croatian)
[ci skip]

* New translations en.json (Telugu)
[ci skip]

* New translations en.json (Malay)
[ci skip]

* New translations en.json (Hindi)
[ci skip]

* New translations en.json (Latvian)
[ci skip]

* New translations en.json (Estonian)
[ci skip]

* New translations en.json (Kazakh)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Marathi)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Bengali)
[ci skip]

* New translations en.json (Tamil)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.json (Uyghur)
[ci skip]

* New translations en.json (Urdu (Pakistan))
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.json (Silesian)
[ci skip]

* New translations en.json (Taigi)
[ci skip]

* New translations en.json (Ido)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Sanskrit)
[ci skip]

* New translations en.json (Sardinian)
[ci skip]

* New translations en.json (Serbian (Latin))
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.json (Kannada)
[ci skip]

* New translations en.json (Cornish)
[ci skip]

* New translations en.json (Sinhala)
[ci skip]

* New translations en.json (Breton)
[ci skip]

* New translations en.json (Tatar)
[ci skip]

* New translations en.json (Romanian)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Afrikaans)
[ci skip]

* New translations en.json (Bulgarian)
[ci skip]

* New translations en.json (Serbian (Cyrillic))
[ci skip]

* New translations en.json (Macedonian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Slovak)
[ci skip]

* New translations en.json (Punjabi)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.json (Georgian)
[ci skip]

* New translations en.json (Armenian)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Finnish)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.json (Standard Moroccan Tamazight)
[ci skip]

* New translations simple_form.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations activerecord.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations simple_form.en.yml (Scottish Gaelic)
[ci skip]

* New translations doorkeeper.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.json (Scottish Gaelic)
[ci skip]

* New translations devise.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]

* New translations activerecord.en.yml (Spanish, Argentina)
[ci skip]

* New translations doorkeeper.en.yml (Spanish, Argentina)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* i18n-tasks normalize

* yarn manage:translations

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-06-02 21:09:18 +02:00
Eugen Rochko 1410dffdf4
Fix e-mail confirmations API not working correctly (#16348)
* Fix e-mail confirmations API not working correctly

* Fix typo
2021-06-02 21:07:50 +02:00
Claire 526332c545
Fix account deletion sometimes failing because of optimistic locks (#16317)
* Fix account deletion sometimes failing because of optimistic locks

In some rare occasions[1], deleting accounts would fail with a
`StaleObjectError` exception.

Indeed, account deletion manually sets the `AccountStat` values without
handling cases where the optimistic locking on `AccountStat` would fail.

To my knowledge, with the rewrite of account counters in #15913, the
`DeleteAccountService` is now the only place that changes the counters in
a way that is not atomic.

Since in this specific case, we do not care about the previous values of the
account counters, it appears we don't need locking at all for this table
anymore.

[1]: https://discourse.joinmastodon.org/t/account-cant-be-deleted/3602

* Bump MAX_SUPPORTED_VERSION in maintenance script
2021-06-02 17:41:25 +02:00
Claire be8079f637
Fix deprecated slash as division in SASS files (#16347)
Fixes #16293
2021-06-01 23:47:27 +02:00
Eugen Rochko abd7b4636a
Add assets from Twemoji 13.1.0 (#16345)
* Add assets from Twemoji 13.1.0

* Update emoji-mart
2021-06-01 14:35:49 +02:00