* Revert "Fix image and media loading when using external storage server"
This reverts commit 6cfa0245ca.
* Revert "Change glitch-soc's CSP config to match upstream's closer (#2474)"
This reverts commit d59196e170.
Conflicts:
- `config/initializers/content_security_policy.rb`:
Upstream changed how asset host CSP directives are used, and glitch-soc has
a pretty different CSP file.
It may be worth reconsidering the differences between upstream and glitch-soc
but for now, just port the change.
Conflicts:
- `spec/controllers/api/v1/timelines/tag_controller_spec.rb`:
Glitch-soc had a few extra lines in this file to account for a different
default setting. This file got replaced by
`spec/requests/api/v1/timelines/tag_spec.rb`, into which the glitch-soc
additions were moved too.
Additional changes:
- `spec/requests/api/v1/statuses/sources_spec.rb`:
Add glitch-soc-only attribute `content_type`.
Conflicts:
- `config/environments/production.rb`:
Upstream enforced a code style change and glitch-soc had a few different lines.
Applied upstream's code style to glitch-soc's changes.
Conflicts:
- `config/initializers/cors.rb`:
Upstream refactored this file, and glitch-soc had local changes.
I could not find the rationale for the glitch-soc changes, so I
used upstream's version.
Conflicts:
- `config/initializers/content_security_policy.rb`:
Upstream added some code to add the Identity Provider's sign-in endpoint to
the `form-action` Content Security Policy directive but our version of the
file is pretty different.
Ported the change.
Conflicts:
- `app/models/form/admin_settings.rb`:
Upstream added the notion of overriden settings, while we had extra code for
pseudo-settings (only used to combine flavour and skin in a single select
field).
Ported upstream changes.
- `config/i18n-tasks.yml`:
Upstream added `simple_form.overridden` to `ignore_unused`,
we had `simple_form.glitch_only`.
Added `simple_form.glitch_only` as well.
Conflicts:
- `app/views/settings/preferences/other/show.html.haml`:
Upstream moved some settings, where glitch-soc has an extra setting.
Ported upstream changes, moving the same settings as them.
Conflicts:
- `.rubocop_todo.yml`:
Upstream regenerated this file, glitch-soc had a specific ignore.
- `README.md`:
Upstream updated its README, but glitch-soc has a completely different one.
Kept glitch-soc's README
Conflicts:
- `app/models/account.rb`:
Upstream added new validations close to lines on which glitch-soc had
modified validations to handle custom limits set through environment
variables.
Ported upstream changes.
- `config/initializers/content_security_policy.rb`:
Upstream added `AZURE_ALIAS_HOST`. Glitch-soc's version of the file is
completely different.
Added `AZURE_ALIAS_HOST` to our version of the file.
Conflicts:
- app/controllers/application_controller.rb:
Upstream added an `include` where we had an extra `include` due to
glitch-soc's theming system.
Added upstream's new `include`.
Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
Upstream ran a lint fix on this file, but this file is different in
glitch-soc because the feature was added much earlier.
Ran the lint fix on our own version of the file.
Conflicts:
- `app/serializers/initial_state_serializer.rb`:
Upstream renamed an initial state parameter, where we had extra ones.
Renamed as upstream did.
- `app/workers/feed_insert_worker.rb`:
Upstream wrapped database query in a block, we had extra database
queries because of the DM timeline.
Moved everything in the block.
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
Conflicts:
- `config/webpack/generateLocalePacks.js`:
A dependency update changed how functions are imported.
Also, some linting fixes not applicable to glitch-soc.
Conflicts:
- `.github/dependabot.yml`:
Upstream made changes, but we had removed it.
Discarded upstream changes.
- `.rubocop_todo.yml`:
Upstream regenerated the file, we had some glitch-soc-specific ignores.
- `app/models/account_statuses_filter.rb`:
Minor upstream code style change where glitch-soc had slightly different code
due to handling of local-only posts.
Updated to match upstream's code style.
- `app/models/status.rb`:
Upstream moved ActiveRecord callback definitions, glitch-soc had an extra one.
Moved the definitions as upstream did.
- `app/services/backup_service.rb`:
Upstream rewrote a lot of the backup service, glitch-soc had changes because
of exporting local-only posts.
Took upstream changes and added back code to deal with local-only posts.
- `config/routes.rb`:
Upstream split the file into different files, while glitch-soc had a few
extra routes.
Extra routes added to `config/routes/settings.rb`, `config/routes/api.rb`
and `config/routes/admin.rb`
- `db/schema.rb`:
Upstream has new migrations, while glitch-soc had an extra migration.
Updated the expected serial number to match upstream's.
- `lib/mastodon/version.rb`:
Upstream added support to set version tags from environment variables, while
glitch-soc has an extra `+glitch` tag.
Changed the code to support upstream's feature but prepending a `+glitch`.
- `spec/lib/activitypub/activity/create_spec.rb`:
Minor code style change upstream, while glitch-soc has extra tests due to
`directMessage` handling.
Applied upstream's changes while keeping glitch-soc's extra tests.
- `spec/models/concerns/account_interactions_spec.rb`:
Minor code style change upstream, while glitch-soc has extra tests.
Applied upstream's changes while keeping glitch-soc's extra tests.
Conflicts:
- `app/javascript/styles/mastodon/forms.scss`:
Conflict because we ran eslint autofix on upstream files.
- `config/initializers/content_security_policy.rb`:
Code style changes but we have a different version.
Kept our version.
- `streaming/index.js`:
Upstream fixed a typo close to glitch-soc-only code.
Applied upstream's changes.
Conflicts:
- `.github/dependabot.yml`:
Updated upstream, removed in glitch-soc to disable noise.
Kept removed.
- `CODE_OF_CONDUCT.md`:
Upstream updated to a new version of the covenant, but I have not read it
yet, so kept unchanged.
- `Gemfile.lock`:
Not a real conflict, one upstream dependency updated textually too close to
the glitch-soc only `hcaptcha` dependency.
Applied upstream changes.
- `app/controllers/admin/base_controller.rb`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `app/controllers/application_controller.rb`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `app/controllers/disputes/base_controller.rb`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `app/controllers/relationships_controller.rb`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `app/controllers/statuses_cleanup_controller.rb`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `app/helpers/application_helper.rb`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `app/javascript/mastodon/features/compose/components/compose_form.jsx`:
Upstream added a highlight animation for onboarding, while we changed the
max character limit.
Applied our local changes on top of upstream's new version.
- `app/views/layouts/application.html.haml`:
Minor conflict due to glitch-soc's theming system.
Applied upstream changes.
- `stylelint.config.js`:
Upstream added ignore paths, glitch-soc had extra ignore paths.
Added the same paths as upstream.
* Run rubocop --autocorrect on app/, config/ and lib/, also manually fix some remaining style issues
* Run rubocop --autocorrect-all on db/
* Run rubocop --autocorrect-all on `spec/` and fix remaining issues
Conflicts:
- `README.md`:
Upstream added a link to the roadmap, but we have a completely different README.
Kept ours.
- `app/models/media_attachment.rb`:
Upstream upped media attachment limits.
Updated the default according to upstream's.
- `db/migrate/20180831171112_create_bookmarks.rb`:
Upstream changed the migration compatibility level.
Did so too.
- `config/initializers/content_security_policy.rb`:
Upstream refactored this file but we have a different version.
Kept our version.
- `app/controllers/settings/preferences_controller.rb`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
The file does not directly references individual settings anymore.
Applied upstream changes.
- `app/lib/user_settings_decorator.rb`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
The file got removed entirely.
Removed it as well.
- `app/models/user.rb`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
References to individual settings have been removed from the file.
Removed them as well.
- `app/views/settings/preferences/appearance/show.html.haml`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
Applied upstream's changes and ported ours back.
- `app/views/settings/preferences/notifications/show.html.haml`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
Applied upstream's changes and ported ours back.
- `app/views/settings/preferences/other/show.html.haml`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
Applied upstream's changes and ported ours back.
- `config/settings.yml`:
Upstream completely refactored user settings storage, and glitch-soc has a
different set of settings.
In particular, upstream removed user-specific and unused settings.
Did the same in glitch-soc.
- `spec/controllers/application_controller_spec.rb`:
Conflicts due to glitch-soc's theming system.
Mostly kept our version, as upstream messed up the tests.
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream switched to pushing to both DockerHub and GitHub Container
Repository, while glitch-soc was already pushing to the latter only.
Updated our configuration to be slightly more consistent with upstream's
naming and styling, but kept our behavior.
- `Gemfile.lock`:
Updated dependencies textually too close to glitch-soc only hcaptcha
dependency.
Updated dependencies as upstream did.
- `README.md`:
Upstream updated its README, but we have a completely different one.
Kept our README, though it probably should be reworked at some point.
- `app/views/auth/sessions/two_factor.html.haml`:
Minor style fix upstream that's on a line glitch-soc removed because
of its different theming system.
Kept our file as is.
- `spec/controllers/health_controller_spec.rb`:
This file apparently did not exist upstream, upstream created it with
different contents but it is functionally the same.
Switched to upstream's version of the file.
- `spec/presenters/instance_presenter_spec.rb`:
Upstream changed the specs around `GITHUB_REPOSITORY`, while glitch-soc
had its own code because it's a fork and does not have the same default
source URL.
Took upstream's change, but with glitch-soc's repo as the default case.
- `yarn.lock`:
Upstream dependencies textually too close to a glitch-soc only one.
Updated dependencies as upstream did.
Conflicts:
- `README.md`:
Upstream README has been changed, but we have a completely different one.
Kept our `README.md`.
- `lib/sanitize_ext/sanitize_config.rb`:
Upstream added support for more incoming HTML tags (a large subset of what
glitch-soc accepts).
Change the code style to match upstream's but otherwise do not change our
code.
- `spec/lib/sanitize_config_spec.rb`:
Upstream added support for more incoming HTML tags (a large subset of what
glitch-soc accepts).
Kept our version, since the tests are mostly glitch-soc's, except for cases
which are purposefuly different.
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream updated `docker/build-push-action`, and we a different config
for `docker/metadata-action` so the lines directly above were different,
but it's not a real conflict.
Upgraded `docker/build-push-action` as upstream did.
- `app/javascript/mastodon/features/compose/components/compose_form.js`:
Upstream changed the codestyle near a line we had modified to accommodate
configurable character count.
Kept our change.
Conflicts:
- `README.md`:
Discarded upstream changes: we have our own README
- `app/controllers/follower_accounts_controller.rb`:
Port upstream's minor refactoring
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed how docker images were built, including how
they were cached.
I don't know much about it, so applied upstream's changes.
- `app/controllers/admin/domain_blocks_controller.rb`:
The feature, that was in glitch-soc, got backported upstream.
It also had a few fixes upstream, so those have been ported!
- `app/javascript/packs/admin.js`:
Glitch-soc changes have been backported upstream. As a result,
some code from `app/javascript/core/admin.js` got added upstream.
Kept our version since our shared Javascript already has that feature.
- `app/models/user.rb`:
Upstream added something to distinguish unusable and unusable-because-moved
accounts, while glitch-soc considers moved accounts usable.
Took upstream's code for `functional_or_moved?` and made `functional?`
call it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream cleaned up code style a bit, on a line that we had custom changes
for.
Applied upstream's change while keeping our change.
- `config/initializers/content_security_policy.rb`:
Upstream adopted one CSP directive we already had.
The conflict is because of our files being structurally different, but the
change itself was already part of glitch-soc.
Kept our version.
Conflicts:
- `config/initializers/content_security_policy.rb`:
Our config file is pretty different from upstream.
Upstream changed CSP directive `script-src` to include
`wasm-unsafe-eval` instead of `unsafe-eval`, which we
did not include.
Added `wasm-unsafe-eval` to `script-src` to fix
execution of the OCR web worker.
- `package.json`:
Upstream updated a dependency (`array-includes`) textually
adjacent to a glitch-soc-only dependency (`atrament`).
Updated `array-includes` as upstream did.
Conflicts:
- `app/views/admin/announcements/edit.html.haml`:
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
- `app/views/admin/announcements/new.html.haml`
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
When storing files in S3, paperclip is configured with a Cache-Control header
indicating the file is immutable, however no such header was added when using
OpenStack storage.
Luckily Paperclip's fog integration makes this trivial, with a simple
`fog_file` `Cache-Control` default doing the trick.
Some "S3 Compatible" storage providers (Cloudflare R2 is one such example) don't support setting ACLs on individual uploads with the `x-amz-acl` header, and instead just have a visibility for the whole bucket. To support uploads to such providers without getting unsupported errors back, lets use a black `S3_PERMISSION` env var to indicate that these headers shouldn't be sent.
This is tested as working with Cloudflare R2.
Conflicts:
- `app/controllers/home_controller.rb`:
Upstream made it so `/web` is available to non-logged-in users
and `/` redirects to `/web` instead of `/about`.
Kept our version since glitch-soc's WebUI doesn't have what's
needed yet and I think /about is still a much better landing
page anyway.
- `app/models/form/admin_settings.rb`:
Upstream added new settings, and glitch-soc had an extra setting.
Not really a conflict.
Added upstream's new settings.
- `app/serializers/initial_state_serializer.rb`:
Upstream added a new `server` initial state object.
Not really a conflict.
Merged upstream's changes.
- `app/views/admin/settings/edit.html.haml`:
Upstream added new settings.
Not really a conflict.
Merged upstream's changes.
- `app/workers/scheduler/feed_cleanup_scheduler.rb`:
Upstream refactored that part and removed the file.
Ported our relevant changes into `app/lib/vacuum/feeds_vacuum.rb`
- `config/settings.yml`:
Upstream added new settings.
Not a real conflict.
Added upstream's new settings.
- `.env.production.sample`:
Our sample config file is very different from upstream since it is much more
complete. Upstream added documentation for a few env variables.
Copied the new variables/documentation from upstream.
- `app/lib/feed_manager.rb`:
Upstream added a timeline type (hashtags), while glitch-soc already had an
extra one (direct messages). Not really a conflict but textually close
changes.
Ported upstream's changes.
- `app/models/custom_emoji.rb`:
Upstream upped the custom emoji size limit, while glitch-soc had configurable
limits.
Upped the default limits accordingly.
- `streaming/index.js`:
Upstream reworked how hastags were normalized. Minor conflict due to
glitch-soc's handling of instance-local posts.
Ported upstream's changes.
Conflicts:
- `app/javascript/styles/fonts/montserrat.scss`:
Code style changes upstream, path changes in glitch-soc.
Applied upstream's code style changes.
- `app/javascript/styles/fonts/roboto-mono.scss`:
Code style changes upstream, path changes in glitch-soc.
Applied upstream's code style changes.
- `app/javascript/styles/fonts/roboto.scss`:
Code style changes upstream, path changes in glitch-soc.
Applied upstream's code style changes.
- `app/models/account.rb`:
Textual conflict only caused by glitch-soc using a different value
for character limits in a nearby line.
Applied upstream's changes.
- `app/views/statuses/_simple_status.html.haml`:
Attribute added to a tag modified by glitch-soc.
Added upstream's attributes.
- `yarn.lock`:
Upstream added/updated dependencies close to glitch-soc-only ones.
Updated/added upstream dependencies.
Conflicts:
- `app/javascript/packs/admin.js`:
Conflicts due to glitch-soc's theming system.
Upstream changes have been ported to `app/javascript/core/admin.js`
- `app/models/trends/statuses.rb`:
Minor conflict due to glitch-soc's option to allow CWed toots in trends.
Ported upstream changes.
Conflicts:
- `Gemfile.lock`:
Not a real conflict, just an upstream dependency udpated
textually too close to a glitch-soc-only dependency.
Updated dependencies like upstream.
- `app/controllers/settings/preferences_controller.rb`:
Upstream added settings where we had extra glitch-soc-specific settings.
Added upstream's new settings.
- `app/models/user.rb`:
Upstream added settings where we had extra glitch-soc-specific settings.
Added upstream's new settings.
- `config/i18n-tasks.yml`:
Not a real conflict, just a new upstream line too textually close to
a glitch-soc-only line.
Ported upstream's change.
Conflicts:
- `app/lib/formatter.rb`:
Upstream completely refactored the formatting code and removed that file,
while glitch-soc had code for Markdown and HTML toots.
Took upstream code, glitch-soc changes will be re-implemented on top of the
refactored classes in a later commit.
- `app/models/status.rb`:
Upstream refactored status edit handling and moved code to
`app/models/concerns/status_snapshot_concern.rb`.
Applied glitch-soc's changes to that file.
- `app/serializers/activitypub/note_serializer.rb`:
Not really a conflict, just a line added too close to one modified by
glitch-soc.
Applied upstream changes while keeping the glitch-soc-modified one.
- `app/services/update_status_service.rb`:
Not really a conflict, upstream modified a line adjacent to one added by
glitch-soc.
Applied upstream changes while keeping the glitch-soc line.
- `app/views/statuses/_simple_status.html.haml`:
Upstream refactored formatting, glitch-soc changed the markup slightly.
Applied upstream changes.
- `spec/lib/formatter_spec.rb`:
Upstream completely refactored the formatting code and removed that file,
while glitch-soc had code for Markdown and HTML toots.
Took upstream code, glitch-soc changes will be re-implemented on top of the
refactored classes in a later commit.
Conflicts:
- `app/models/status.rb`:
Upstream updated media and edit-related code textually close to glitch-soc
additions (local-only and content-type).
Ported upstream changes.
- `app/models/status_edit.rb`:
Upstream changes textually close to glitch-soc additions (content-type).
Ported upstream changes.
- `app/serializers/activitypub/note_serializer.rb`:
Upstream changed how media attachments are handled. Not really a conflict,
but textually close to glitch-soc additions (directMessage attribute).
Ported upstream changes.
- `app/services/remove_status_service.rb`:
Upstream changed how media attachments are handled. Not really a conflict,
but textually close to glitch-soc additions (DM timeline).
Ported upstream changes.
- `app/services/update_status_service.rb`:
Upstream fixed an issue with language selection. Not really a conflict,
but textually close to glitch-soc additions (content-type).
Ported upstream changes.
- `db/schema.rb`:
Upstream added columns to the `status_edits` table, the conflict is because
of an additional column (`content-type`) in glitch-soc.
Ported upstream changes.
- `package.json`:
Upstream dependency (express) textually adjacent to a glitch-soc-specific one
(favico.js) got updated.
Updated it as well.
* added OpenID Connect as an SSO option
* minor fixes
* added comments, removed an option that shouldn't be set
* fixed Gemfile.lock
* added newline to end of Gemfile.lock
* removed tab from Gemfile.lock
* remove chomp
* codeclimate changes and small name change to make function's purpose clearer
* codeclimate fix
* added SSO buttons to /about page
* minor refactor
* minor style change
* removed spurious change
* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth
* minor changes
Conflicts:
- `app/controllers/settings/preferences_controller.rb`:
Conflicts due to us having more user settings and upstream dropping
`hide_network` (to replace it with an account attribute, properly migrated).
Dropped `hide_network` like upstream.
- `app/lib/user_settings_decorator.rb`:
Conflicts due to us having more user settings and upstream dropping
`hide_network` (to replace it with an account attribute, properly migrated).
Dropped `hide_network` like upstream.
- `app/models/status.rb`:
Conflict because of slight change in how glitch-soc handles the scope to
filter out local-only posts for anonymous viewers.
Took upstream's changes and re-applied glitch-soc's change.
- `app/models/user.rb`:
Conflicts due to us having more user settings and upstream dropping
`hide_network` (to replace it with an account attribute, properly migrated).
Dropped `hide_network` like upstream.
- `app/views/directories/index.html.haml`:
Conflict because upstream redesigned that page while glitch-soc had a minor
change to support hiding the number of followers.
Ported glitch-soc's change on top of upstream's redesign.
Additional changes:
- `app/models/account_statuses_filter.rb`:
See change to `app/models/status.rb`.
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed the workflow a bit.
Conflict comes from us pushing to ghcr while upstream pushes to dockerhub.
Ported the upstream changes while still pushing to ghcr.
Fixes#15959
Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.
However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.
As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
Conflicts:
- `README.md`:
We have completely different contents. Kept our version.
- `package.json`:
Not a real conflict, just an upstream dependency udpated
textually too close to a glitch-soc-only dependency.
Updated dependencies like upstream.
- `streaming/index.js`:
Conflict due to code style changes on parts that were
modified in glitch-soc to handle local-only toots.
Changed style according to upstream.
Conflicts:
- `.env.production.sample`:
Copied upstream changes.
- `app/controllers/settings/identity_proofs_controller.rb`:
Minor conflict due to glitch-soc's extra “enable_keybase” setting.
Upstream removed keybase support altogether, so did the same.
- `app/controllers/well_known/keybase_proof_config_controller.rb`:
Minor conflict due to glitch-soc's extra “enable_keybase” setting.
Upstream removed keybase support altogether, so did the same.
- `lib/mastodon/statuses_cli.rb`:
Minor conflict due to an optimization that wasn't shared between
the two versions. Copied upstream's version.
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.
We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.
In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
of them
This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.
The auto-linking code basically rewrote the whole string escaping non-ascii
characters in an inefficient way, and building a full character offset map
between the unescaped and escaped texts before sending the contents to
TwitterText's extractor.
Instead of doing that, this commit changes the TwitterText regexps to include
valid IRI characters in addition to valid URI characters.
