Commit graph

8203 commits

Author SHA1 Message Date
Rey Tucker
94f5c714f1 Don't delete periods when validating username uniqueness (#11392) (#11400)
* Check to make sure usernames with '.' cannot be created

* Add test for instance actor account name conflicts

This makes sure that migration 20190715164535_add_instance_actor
won't fail if there's already an account that is named the same
as the domain (minus the .)

* Put the test into the correct context...

* Add another test to split this into two validations

* Don't delete periods when validating username uniqueness (#11392)

The 20190715164535_add_instance_actor migration fails if there's
already a username similar to the domain name, e.g. if you are
'vulpine.club' and have a user named 'vulpineclub', validation
fails.

Upon further review, usernames with periods are dropped by the
regular expression in the Account class, so we don't need to
worry about it here.

Fixes #11392
2019-07-24 14:19:17 +02:00
Yamagishi Kazutoshi
fada60cbe7 Remove modules.localIdentName (#11398) 2019-07-23 15:47:48 +02:00
ThibG
fb1b710e8d Fix scrolling in single-column mode on Chrome (#11395)
Fixes #11389
2019-07-23 15:47:18 +02:00
dependabot-preview[bot]
1955aa9f7d Bump active_model_serializers from 0.10.9 to 0.10.10 (#11311)
* Bump active_model_serializers from 0.10.9 to 0.10.10

Bumps [active_model_serializers](https://github.com/rails-api/active_model_serializers) from 0.10.9 to 0.10.10.
- [Release notes](https://github.com/rails-api/active_model_serializers/releases)
- [Changelog](https://github.com/rails-api/active_model_serializers/blob/v0.10.10/CHANGELOG.md)
- [Commits](https://github.com/rails-api/active_model_serializers/compare/v0.10.9...v0.10.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Add root option to render method
2019-07-23 11:10:42 +02:00
Daigo 3 Dango
cd68714393 List columns within the method (#11377)
To avoid the exception:

NoMethodError: undefined method `perform' for nil:NilClass
.../vendor/bundle/ruby/2.6.0/gems/strong_migrations-0.4.1/lib/strong_migrations/migration.rb:14:in `method_missing'
.../vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.3/lib/active_record/migration.rb:604:in `method_missing'
.../db/migrate/20170918125918_ids_to_bigints.rb:69:in `<class:IdsToBigints>'
.../db/migrate/20170918125918_ids_to_bigints.rb:3:in `<top (required)>'
2019-07-23 11:08:11 +02:00
dependabot-preview[bot]
24367ef906 Bump css-loader from 2.1.1 to 3.1.0 (#11382)
* Bump css-loader from 2.1.1 to 3.1.0

Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 2.1.1 to 3.1.0.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v2.1.1...v3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* localIdentName -> modules.localIdentName
2019-07-23 11:07:47 +02:00
dependabot-preview[bot]
ab3126e7a2 Bump browser from 2.5.3 to 2.6.1 (#11388)
Bumps [browser](https://github.com/fnando/browser) from 2.5.3 to 2.6.1.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v2.5.3...v2.6.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 23:11:01 +09:00
dependabot-preview[bot]
05b8468755 Bump oj from 3.7.12 to 3.8.0 (#11387)
Bumps [oj](https://github.com/ohler55/oj) from 3.7.12 to 3.8.0.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.7.12...v3.8.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 23:07:42 +09:00
dependabot-preview[bot]
e980e19a91 Bump rubocop from 0.72.0 to 0.73.0 (#11384)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.72.0 to 0.73.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.72.0...v0.73.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 23:06:34 +09:00
dependabot-preview[bot]
362fa2dc8a Bump premailer-rails from 1.10.2 to 1.10.3 (#11386)
Bumps [premailer-rails](https://github.com/fphilipe/premailer-rails) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/fphilipe/premailer-rails/releases)
- [Changelog](https://github.com/fphilipe/premailer-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fphilipe/premailer-rails/compare/v1.10.2...v1.10.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 23:05:34 +09:00
dependabot-preview[bot]
b47e3b6cd8 Bump capybara from 3.25.0 to 3.26.0 (#11385)
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.25.0 to 3.26.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/3.25.0...3.26.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 23:04:17 +09:00
Eugen Rochko
964ae8eee5
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.

Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.

After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.

Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
dependabot-preview[bot]
fea903f574 Bump eslint from 5.16.0 to 6.1.0 (#11383)
Bumps [eslint](https://github.com/eslint/eslint) from 5.16.0 to 6.1.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v5.16.0...v6.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 17:37:11 +09:00
dependabot-preview[bot]
e2b3437a84 Bump babel-eslint from 10.0.1 to 10.0.2 (#11381)
Bumps [babel-eslint](https://github.com/babel/babel-eslint) from 10.0.1 to 10.0.2.
- [Release notes](https://github.com/babel/babel-eslint/releases)
- [Commits](https://github.com/babel/babel-eslint/compare/v10.0.1...v10.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 17:36:55 +09:00
dependabot-preview[bot]
44b04358b3 Bump intl-relativeformat from 6.4.2 to 6.4.3 (#11380)
Bumps [intl-relativeformat](https://github.com/formatjs/formatjs) from 6.4.2 to 6.4.3.
- [Release notes](https://github.com/formatjs/formatjs/releases)
- [Commits](https://github.com/formatjs/formatjs/compare/intl-relativeformat@6.4.2...intl-relativeformat@6.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 16:27:44 +09:00
dependabot-preview[bot]
28a60cb04f Bump @clusterws/cws from 0.14.0 to 0.15.0 (#11379)
Bumps @clusterws/cws from 0.14.0 to 0.15.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-22 16:27:16 +09:00
Daigo 3 Dango
00fc17b2ed Bind servers to 0.0.0.0 in Procfile (#11378)
* Bind to 0.0.0.0

* Make Procfile common to main and streaming apps
2019-07-22 06:16:30 +02:00
Eugen Rochko
c669bb42ba
Add (back) rails-level JSON caching (#11333) 2019-07-21 22:32:16 +02:00
ThibG
59fd622adc Fix boost to original audience not working on mobile (#11371) 2019-07-21 18:11:09 +02:00
ThibG
7de8c51873 Play animated custom emoji on hover (#11348)
* Play animated custom emoji on hover in status

* Play animated custom emoji on hover in display names

* Play animated custom emoji on hover in bios/bio fields

* Add support for animation on hover on public pages emojis too

* Fix tests

* Code style cleanup
2019-07-21 18:10:40 +02:00
Eugen Rochko
043d52f785
Fix alerts booleans not being typecast correctly in push subscription (#11343)
* Fix `alerts` booleans not being typecast correctly in push subscription

Fix #10789

* Fix typo
2019-07-21 18:10:07 +02:00
Eugen Rochko
bd1545de5e
Change locale detection to run once per session (#8657)
Fix #6462
2019-07-21 18:08:02 +02:00
Eugen Rochko
bd87e66679
Remove WebSub subscriptions (#11303) 2019-07-21 04:08:00 +02:00
ThibG
4bd58b7f2d Display custom emoji in bio field names (#11350)
Already displayed in public pages, but not WebUI
2019-07-21 03:40:27 +02:00
ysksn
2859790890 Not to create an account if already exist (#11366) 2019-07-21 03:40:08 +02:00
ThibG
c37c1da41e Disallow numeric-only hashtags (#11363)
* Add spec covering numeric-only hashtags

* Fix hashtag regex
2019-07-19 23:22:35 +02:00
ThibG
650459f93c Fix some flash notices/alerts staying on unrelated pages (#11364) 2019-07-19 23:13:21 +02:00
dependabot-preview[bot]
6867a0beb5 Bump strong_migrations from 0.4.0 to 0.4.1 (#11307)
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.4.0...v0.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-20 01:08:02 +09:00
Eugen Rochko
aa22b38fdb
Change single-column mode to scroll the whole page (#11359)
Fix #10840
2019-07-19 09:25:22 +02:00
ThibG
4fa6472523 Fix avatar animation on hover when not logged in (#11349) 2019-07-19 09:18:23 +02:00
koyu
8df0022e66 Added logout to dropdown menu (#11353)
* Added logout to dropdown menu

* Triggering build-and-test with empty commit as it seems it failed due to some internal failure

* Looks fine, ready to review

* Added changes from review

* method can be null without any problems

* Also target can be null
2019-07-19 03:58:46 +02:00
ThibG
fda437a020 Fix sanitizing lists contents (#11354)
* Add test

* Fix code for sanitizing nested lists stripping all tags
2019-07-19 01:44:58 +02:00
ThibG
730c4053d6 Add ActivityPub actor representing the entire server (#11321)
* Add support for an instance actor

* Skip username validation for local Application accounts

* Add migration script to create instance actor

* Make Codeclimate happy

* Switch to id -99 for instance actor

* Remove unused `icon` and `image` attributes from instance actor

* Use if/elsif/else instead of return + ternary operator

* Add instance actor to fresh installs

* Use instance actor as instance representative

Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.

* Seed database in test environment

* Fix single-user mode

* Fix tests

* Fix specs to accomodate for an extra `Account`

* Auto-reject follows on instance actor

Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.

* Fix webfinger lookup and serialization for instance actor

* Rename instance actor

* Make it clear in the HTML view that the instance actor should not be blocked

* Raise cache time for instance actor as there's no dynamic content

* Re-use /about/more with a flash message for instance actor profile
2019-07-19 01:44:42 +02:00
Eugen Rochko
15c7478c55
Change Dockerfile to bind to 0.0.0.0 instead of docker-compose.yml (#11351) 2019-07-18 20:28:05 +02:00
Eugen Rochko
84e988479e
Fix only one middle dot being recognized in hashtags (#11345)
Fix #10934
2019-07-18 03:02:56 +02:00
Eugen Rochko
4906cabc6b
Add aac, m4a, 3gp to allowed audio formats (#11342)
Fix #11186
2019-07-18 03:02:30 +02:00
Eugen Rochko
5bfe1e1f05
Change language detection to include hashtags as words (#11341) 2019-07-18 03:02:15 +02:00
dependabot-preview[bot]
3a6fe657ba Bump rack-attack from 6.0.0 to 6.1.0 (#11313)
Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/kickstarter/rack-attack/releases)
- [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kickstarter/rack-attack/compare/v6.0.0...v6.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-18 01:07:02 +02:00
dependabot-preview[bot]
cbd7748961 Bump rubocop-rails from 2.2.0 to 2.2.1 (#11308)
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.2.0...v2.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-18 01:06:39 +02:00
dependabot-preview[bot]
7cc98eba28 Bump puma from 3.12.1 to 4.0.1 (#11306)
Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 4.0.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.12.1...v4.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-18 01:06:14 +02:00
ThibG
87f4aea52a Fix typo in StatusPolicy (#11344) 2019-07-18 00:48:26 +02:00
ThibG
7e2b6da57f Add setting to disable the anti-spam (#11296)
* Add environment variable to disable the anti-spam

* Move antispam setting to admin settings

* Fix typo

* antispam → spam_check
2019-07-17 21:09:15 +02:00
Eugen Rochko
fccd25cf53
Change terms and privacy policy pages to always be accessible (#11334)
Fix #11328
2019-07-17 19:29:37 +02:00
ThibG
873828ad2d Fix custom CSS controller (#11336) 2019-07-17 17:14:25 +02:00
ThibG
5599caef49 Extend AUTHORIZED_FETCH mode to user blocks as well (#11332)
* Extend AUTHORIZED_FETCH mode to user blocks as well

* Move decision to deny access to StatusPolicy
2019-07-17 01:53:37 +02:00
ThibG
15ddabf95a Fix caching headers in ActivityPub endpoints (#11331)
* Fix reverse-proxy caching in public fetch mode

* Fix caching in ActivityPub-specific controllers
2019-07-17 00:00:39 +02:00
ThibG
91544a6cb5 Remove unused Account#magic_key (#11327) 2019-07-16 14:25:56 +02:00
Daigo 3 Dango
b4c9a860e5 Make puma bind address configurable with BIND env var (#11326) 2019-07-16 06:51:36 +02:00
Eugen Rochko
9b1d3e4acb
Add option to disable real-time updates in web UI (#9984)
Fix #9031
Fix #7913
2019-07-16 06:30:47 +02:00
dependabot-preview[bot]
4562c3cb7e Bump eslint-plugin-jsx-a11y from 6.2.1 to 6.2.3 (#11314)
Bumps [eslint-plugin-jsx-a11y](https://github.com/evcohen/eslint-plugin-jsx-a11y) from 6.2.1 to 6.2.3.
- [Release notes](https://github.com/evcohen/eslint-plugin-jsx-a11y/releases)
- [Changelog](https://github.com/evcohen/eslint-plugin-jsx-a11y/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evcohen/eslint-plugin-jsx-a11y/compare/v6.2.1...v6.2.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-16 01:24:26 +09:00