Commits · 8a74d851d2035cf7adbb605b7e994334152fbfc4 · Tiger Ton / mastodon

05 Nov, 2021 36 commits

Bump version to 3.4.2 · 8a74d851
Eugen Rochko authored 3 years ago

8a74d851
Fix AccountNote not having a maximum length (#16942) · 76c20288
Claire authored 3 years ago

76c20288

Fix reviving revoked sessions and invalidating login (#16943) · 3251b8ee

Claire authored 3 years ago

Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.

3251b8ee

Fix handling announcements with links (#16941) · f60bb078
Claire authored 3 years ago
```
Broken since #15827
```
f60bb078
Fix user email address being banned on self-deletion (#16503) · c3a6f7b9
Claire authored 3 years ago
```
* Add tests

* Fix user email address being banned on self-deletion

Fixes #16498
```
c3a6f7b9

Improve modal flow and back button handling (#16499) · 986397b3

Claire authored 3 years ago

* Refactor shouldUpdateScroll passing

So far, shouldUpdateScroll has been manually passed down from the very top of
the React component hierarchy even though it is a static function common to
all ScrollContainer instances, so replaced that with a custom class extending
ScrollContainer.

* Generalize “press back to close modal” to any modal and to public pages

* Fix boost confirmation modal closing media modal

986397b3

Change references to tootsuite/mastodon to mastodon/mastodon (#16491) · c79d4711

Claire authored 3 years ago

* Change references to tootsuite/mastodon to mastodon/mastodon

* Remove obsolete test fixture

* Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG

And a few other places

c79d4711

Change number_to_human calls to always use 3-digits precision (#16469) · be560337
Claire authored 3 years ago
```
Fixes #16435
```
be560337
Fix pop-in player display when poster has long username or handle (#16468) · 8815e98a
Claire authored 3 years ago

8815e98a

Fix anonymous access to outbox not being cached by the reverse proxy (#16458) · 4bc1fde1

Claire authored 3 years ago

* Fix anonymous access to outbox not being cached by the reverse proxy

Up until now, anonymous access to outbox was marked as public, but with a
0 duration for caching, which means remote proxies would only serve from cache
when the server was completely overwhelmed.

Changed that cache duration to one minute, so that repeated anonymous access
to one account's outbox can be appropriately cached.

Also added `Signature` to the `Vary` header in case a page is requested, so
that authenticated fetches are never served from cache (which only contains
public toots).

* Remove Vary: Accept header from webfinger controller

Indeed, we have stopped returning xrd, and only ever return jrd, so the
Accept request header does not matter anymore.

* Cache negative webfinger hits for 3 minutes

4bc1fde1

Fix WebUI crash when a toot with a playing video gets deleted (#16384) · 34ab4111

Claire authored 3 years ago

* Fix WebUI crash when a toot with a playing video gets deleted

* Fix pop-up player not closing the moment a status is deleted

34ab4111

Fix serialization of followers/following counts when user hides their network (#16418) · aebcb722

Claire authored 3 years ago


* Add tests

* Fix serialization of followers/following counts when user hides their network

Fixes #16382

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

aebcb722

Fix inefficiencies in auto-linking code (#16506) · 9a468c89

Claire authored 3 years ago

The auto-linking code basically rewrote the whole string escaping non-ascii
characters in an inefficient way, and building a full character offset map
between the unescaped and escaped texts before sending the contents to
TwitterText's extractor.

Instead of doing that, this commit changes the TwitterText regexps to include
valid IRI characters in addition to valid URI characters.

9a468c89

Fix tootctl self-destruct not sending Delete activities for recently-suspended accounts (#16688) · a1e5ff04

Claire authored 3 years ago

* Do not block existing users' emails on self-destruct

That is wasteful and unintuitive

* Do not close registrations when running tootctl self-destruct with --dry-run

* Close registrations on self-destruct regardless of known remote accounts

* Fix tootctl self-destruct not sending Deletes for recently-suspended accounts

* Suspend local users even if no remote account is known

* Do not show scary confirmation text if ran with --dry-run

a1e5ff04

Fix crashes with Microsoft Translate on Microsoft Edge (#16525) · e40d5414

Claire authored 3 years ago

Fixes #16509

Microsoft Edge with translation enabled rewrites the DOM in ways that confuse
react and prevent it from working properly. Wrapping the offending parts in
a span avoids this issue.

e40d5414

Fix suspicious sign-in mail text being out of date (#16690) · 40eaa870
Claire authored 3 years ago
```
Fixes #16687
```
40eaa870
Fix some Rails frameworks being unnecessarily loaded (#16725) · 4cc7efcb
Claire authored 3 years ago
```
Saves about 10MiB of memory usage at boot
```
4cc7efcb
Fix followers synchronization mechanism not working when URI has empty path (#16744) · 9b34647c
Claire authored 3 years ago
```
Follow-up to #16510, forgot the controller exposing the actual followers…
```
9b34647c
Fix not being able to suspend accounts that already have a canonical e-mail block (#16455) · 6b98fd0b
Eugen Rochko authored 3 years ago

6b98fd0b
Fix missing on_delete: :cascade for canonical_email_blocks foreign key (#16448) · c7f534ab
Claire authored 3 years ago

c7f534ab
Add `configuration` attribute to `GET /api/v1/instance` (#16485) · d5a50e9d
Eugen Rochko authored 3 years ago
```
List various values like file size limits and supported mime types
```
d5a50e9d
Fix statuses order in account's statuses admin page (#16937) · e1cf8d4d
Jeong Arm authored 3 years ago

e1cf8d4d
Skip blocked domains media on tootctl media refresh (#16914) · f366a23a
Jeong Arm authored 3 years ago

f366a23a

Fix mastodon:setup to take dotenv/docker-compose differences into account (#16896) · aa828aea

Claire authored 3 years ago

In order to work around https://github.com/mastodon/mastodon/issues/16895,
add a warning to .env.production.sample, and change the mastodon:setup rake
task to:
- output a warning if a variable will be interpreted differently by dotenv
  and docker-compose
- ensure the printed config is compatible with docker-compose

aa828aea

Fix some link previews being incorrectly generated from other prior links (#16885) · 123a88b6

Claire authored 3 years ago

* Add tests

* Fix some link previews being incorrectly generated from different prior links

PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can
be guessed from the URL. This caching mechanism is not perfectly correct as
there is no guarantee that all pages from a given domain share the same
OEmbed provider endpoint.

This PR prevents the FetchOEmbedService from caching OEmbed endpoint that
cannot be generalized by replacing a fully-qualified URL from the endpoint's
parameters, greatly reducing the number of incorrect cached generalizations.

123a88b6

Fix scheduled statuses decreasing statuses counts (#16791) · e63370db
Claire authored 3 years ago
```
* Add tests

* Fix scheduled statuses decreasing statuses counts

Fixes #16774
```
e63370db
Fix webauthn secure key authentication (#16792) · 2396c906
Claire authored 3 years ago
```
* Add tests

* Fix webauthn secure key authentication

Fixes #16769
```
2396c906

use relative path for `scope` (#16714) · 663b58aa

Holger authored 3 years ago

Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.

663b58aa

Fix addressing of remote groups' followers (#16700) · 75441ac6
Claire authored 3 years ago
```
Fixes #16699
```
75441ac6
Fix processing mentions to domains with non-ascii TLDs (#16689) · 5899fe70
Claire authored 3 years ago
```
Fixes #16602
```
5899fe70

Fix authentication failures after going halfway through a sign-in attempt (#16607) · 2688f18d

Claire authored 3 years ago

* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious

2688f18d

Fix remotely-suspended accounts' toots being merged back into timelines (#16628) · f51c6cba

Claire authored 3 years ago

* Fix remotely-suspended accounts' toots being merged back into timelines

* Mark remotely-deleted accounts as remotely suspended

f51c6cba

Fix crash when encountering invalid account fields (#16598) · 4f852448
Claire authored 3 years ago
```
* Add test

* Fix crash when encountering invalid account fields
```
4f852448
Fix invalid blurhash handling in Create activity (#16583) · c02d6c46
Takeshi Umeda authored 3 years ago

c02d6c46
Fix when MoveWorker cannot get locale from remote account (#16576) · 987f9459
Takeshi Umeda authored 3 years ago

987f9459
Fix newlines in accout notes added by the Move handler (#16415) · e62f488b
Claire authored 3 years ago
```
* Fix newlines in account notes added by the move handler

* Make MoveWorker more robust
```
e62f488b

03 Jun, 2021 1 commit
- Bump version to 3.4.1 (#16350) · d6486c96
  Eugen Rochko authored 3 years ago
  
  d6486c96
02 Jun, 2021 3 commits

New Crowdin updates (#16288) · 2fba2803

Eugen Rochko authored 3 years ago


* New translations en.yml (Galician)
[ci skip]

* New translations activerecord.en.yml (Galician)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations devise.en.yml (Swedish)
[ci skip]

* New translations doorkeeper.en.yml (Swedish)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations simple_form.en.yml (Dutch)
[ci skip]

* New translations activerecord.en.yml (Dutch)
[ci skip]

* New translations doorkeeper.en.yml (Dutch)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations simple_form.en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Romanian)
[ci skip]

* New translations en.yml (Norwegian Nynorsk)
[ci skip]

* New translations en.yml (Welsh)
[ci skip]

* New translations en.yml (Telugu)
[ci skip]

* New translations en.yml (Malay)
[ci skip]

* New translations en.yml (Hindi)
[ci skip]

* New translations en.yml (Latvian)
[ci skip]

* New translations en.yml (Estonian)
[ci skip]

* New translations en.yml (Kazakh)
[ci skip]

* New translations en.yml (Croatian)
[ci skip]

* New translations en.yml (Uyghur)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Marathi)
[ci skip]

* New translations en.yml (Bengali)
[ci skip]

* New translations en.yml (Spanish, Mexico)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Tamil)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (Sorani (Kurdish))
[ci skip]

* New translations en.yml (Silesian)
[ci skip]

* New translations en.yml (Taigi)
[ci skip]

* New translations en.yml (Ido)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.yml (Sanskrit)
[ci skip]

* New translations en.yml (Sardinian)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Serbian (Latin))
[ci skip]

* New translations en.yml (Tatar)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Kannada)
[ci skip]

* New translations en.yml (Cornish)
[ci skip]

* New translations en.yml (Sinhala)
[ci skip]

* New translations en.yml (Breton)
[ci skip]

* New translations en.yml (Malayalam)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Armenian)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Hebrew)
[ci skip]

* New translations en.yml (Finnish)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Bulgarian)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.yml (Afrikaans)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Georgian)
[ci skip]

* New translations en.yml (Lithuanian)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Serbian (Cyrillic))
[ci skip]

* New translations en.yml (Vietnamese)
[ci skip]

* New translations en.yml (Urdu (Pakistan))
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Albanian)
[ci skip]

* New translations en.yml (Macedonian)
[ci skip]

* New translations en.yml (Slovenian)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Punjabi)
[ci skip]

* New translations en.yml (Norwegian)
[ci skip]

* New translations en.yml (Standard Moroccan Tamazight)
[ci skip]

* Update source file en.yml
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Polish)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations devise.en.yml (Chinese Simplified)
[ci skip]

* New translations doorkeeper.en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations activerecord.en.yml (Chinese Traditional)
[ci skip]

* New translations devise.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations doorkeeper.en.yml (Chinese Traditional)
[ci skip]

* New translations devise.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.json (Croatian)
[ci skip]

* New translations en.json (Telugu)
[ci skip]

* New translations en.json (Malay)
[ci skip]

* New translations en.json (Hindi)
[ci skip]

* New translations en.json (Latvian)
[ci skip]

* New translations en.json (Estonian)
[ci skip]

* New translations en.json (Kazakh)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Marathi)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Bengali)
[ci skip]

* New translations en.json (Tamil)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.json (Uyghur)
[ci skip]

* New translations en.json (Urdu (Pakistan))
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.json (Silesian)
[ci skip]

* New translations en.json (Taigi)
[ci skip]

* New translations en.json (Ido)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Sanskrit)
[ci skip]

* New translations en.json (Sardinian)
[ci skip]

* New translations en.json (Serbian (Latin))
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.json (Kannada)
[ci skip]

* New translations en.json (Cornish)
[ci skip]

* New translations en.json (Sinhala)
[ci skip]

* New translations en.json (Breton)
[ci skip]

* New translations en.json (Tatar)
[ci skip]

* New translations en.json (Romanian)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Afrikaans)
[ci skip]

* New translations en.json (Bulgarian)
[ci skip]

* New translations en.json (Serbian (Cyrillic))
[ci skip]

* New translations en.json (Macedonian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Slovak)
[ci skip]

* New translations en.json (Punjabi)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.json (Georgian)
[ci skip]

* New translations en.json (Armenian)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Finnish)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.json (Standard Moroccan Tamazight)
[ci skip]

* New translations simple_form.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations activerecord.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Scottish Gaelic)
[ci skip]

* New translations simple_form.en.yml (Scottish Gaelic)
[ci skip]

* New translations doorkeeper.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.json (Scottish Gaelic)
[ci skip]

* New translations devise.en.yml (Scottish Gaelic)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]

* New translations activerecord.en.yml (Spanish, Argentina)
[ci skip]

* New translations doorkeeper.en.yml (Spanish, Argentina)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* i18n-tasks normalize

* yarn manage:translations

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

2fba2803

Fix e-mail confirmations API not working correctly (#16348) · 1410dffd
Eugen Rochko authored 3 years ago
```
* Fix e-mail confirmations API not working correctly

* Fix typo
```
1410dffd

Fix migration script not being able to run if it fails midway (#16312) · 11d3c065

Claire authored 3 years ago

* Fix migration script not being able to run if it fails midway

* Fix old migration script

* Fix old migration script

* Refactor CorruptionError

11d3c065