Skip to content

Commit

Permalink
Merge branch 'mastodon:main' into Alpha
Browse files Browse the repository at this point in the history
  • Loading branch information
DismalShadowX authored Jun 1, 2024
2 parents e0d781e + d326ad0 commit 0d8fe3f
Show file tree
Hide file tree
Showing 154 changed files with 1,655 additions and 1,392 deletions.
1 change: 1 addition & 0 deletions .devcontainer/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ version: '3'

services:
app:
working_dir: /workspaces/mastodon/
build:
context: .
dockerfile: Dockerfile
Expand Down
2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20.13
20.14
6 changes: 0 additions & 6 deletions .rubocop_todo.yml
Original file line number Diff line number Diff line change
Expand Up @@ -176,12 +176,6 @@ Style/SafeNavigation:
Exclude:
- 'app/models/concerns/account/finder_concern.rb'

# This cop supports unsafe autocorrection (--autocorrect-all).
# Configuration parameters: Mode.
Style/StringConcatenation:
Exclude:
- 'config/initializers/paperclip.rb'

# This cop supports safe autocorrection (--autocorrect).
# Configuration parameters: WordRegex.
# SupportedStyles: percent, brackets
Expand Down
2 changes: 1 addition & 1 deletion .ruby-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.3.1
3.3.2
55 changes: 55 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,61 @@

All notable changes to this project will be documented in this file.

## [4.2.9] - 2024-05-30

### Security

- Update dependencies
- Fix private mention filtering ([GHSA-5fq7-3p3j-9vrf](https://github.com/mastodon/mastodon/security/advisories/GHSA-5fq7-3p3j-9vrf))
- Fix password change endpoint not being rate-limited ([GHSA-q3rg-xx5v-4mxh](https://github.com/mastodon/mastodon/security/advisories/GHSA-q3rg-xx5v-4mxh))
- Add hardening around rate-limit bypass ([GHSA-c2r5-cfqr-c553](https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553))

### Added

- Add rate-limit on OAuth application registration ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/30316))
- Add fallback redirection when getting a webfinger query `WEB_DOMAIN@WEB_DOMAIN` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28592))
- Add `digest` attribute to `Admin::DomainBlock` entity in REST API ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/29092))

### Removed

- Remove superfluous application-level caching in some controllers ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29862))
- Remove aggressive OAuth application vacuuming ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/30316))

### Fixed

- Fix leaking Elasticsearch connections in Sidekiq processes ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30450))
- Fix language of remote posts not being recognized when using unusual casing ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30403))
- Fix off-by-one in `tootctl media` commands ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30306))
- Fix removal of allowed domains (in `LIMITED_FEDERATION_MODE`) not being recorded in the audit log ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/30125))
- Fix not being able to block a subdomain of an already-blocked domain through the API ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30119))
- Fix `Idempotency-Key` being ignored when scheduling a post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30084))
- Fix crash when supplying the `FFMPEG_BINARY` environment variable ([timothyjrogers](https://github.com/mastodon/mastodon/pull/30022))
- Fix improper email address validation ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29838))
- Fix results/query in `api/v1/featured_tags/suggestions` ([mjankowski](https://github.com/mastodon/mastodon/pull/29597))
- Fix unblocking internationalized domain names under certain conditions ([tribela](https://github.com/mastodon/mastodon/pull/29530))
- Fix admin account created by `mastodon:setup` not being auto-approved ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29379))
- Fix reference to non-existent var in CLI maintenance command ([mjankowski](https://github.com/mastodon/mastodon/pull/28363))

## [4.2.8] - 2024-02-23

### Added

- Add hourly task to automatically require approval for new registrations in the absence of moderators ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29318), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/29355))
In order to prevent future abandoned Mastodon servers from being used for spam, harassment and other malicious activity, Mastodon will now automatically switch new user registrations to require moderator approval whenever they are left open and no activity (including non-moderation actions from apps) from any logged-in user with permission to access moderation reports has been detected in a full week.
When this happens, users with the permission to change server settings will receive an email notification.
This feature is disabled when `EMAIL_DOMAIN_ALLOWLIST` is used, and can also be disabled with `DISABLE_AUTOMATIC_SWITCHING_TO_APPROVED_REGISTRATIONS=true`.

### Changed

- Change registrations to be closed by default on new installations ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29280))
If you are running a server and never changed your registrations mode from the default, updating will automatically close your registrations.
Simply re-enable them through the administration interface or using `tootctl settings registrations open` if you want to enable them again.

### Fixed

- Fix processing of remote ActivityPub actors making use of `Link` objects as `Image` `url` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29335))
- Fix link verifications when page size exceeds 1MB ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29358))

## [4.2.7] - 2024-02-16

### Fixed
Expand Down
2 changes: 2 additions & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,8 @@ gem 'rdf-normalize', '~> 0.5'

gem 'private_address_check', '~> 0.5'

gem 'opentelemetry-api', '~> 1.2.5'

group :opentelemetry do
gem 'opentelemetry-exporter-otlp', '~> 0.26.3', require: false
gem 'opentelemetry-instrumentation-active_job', '~> 0.7.1', require: false
Expand Down
17 changes: 9 additions & 8 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ GEM
climate_control (1.2.0)
cocoon (1.2.15)
color_diff (0.1)
concurrent-ruby (1.2.3)
concurrent-ruby (1.3.1)
connection_pool (2.4.1)
cose (1.3.0)
cbor (~> 0.5.9)
Expand Down Expand Up @@ -231,7 +231,7 @@ GEM
tzinfo
excon (0.110.0)
fabrication (2.31.0)
faker (3.3.1)
faker (3.4.1)
i18n (>= 1.8.11, < 2)
faraday (1.10.3)
faraday-em_http (~> 1.0)
Expand Down Expand Up @@ -425,7 +425,7 @@ GEM
mime-types-data (3.2024.0507)
mini_mime (1.1.5)
mini_portile2 (2.8.6)
minitest (5.23.0)
minitest (5.23.1)
msgpack (1.7.2)
multi_json (1.15.0)
multipart-post (2.4.0)
Expand Down Expand Up @@ -579,7 +579,7 @@ GEM
orm_adapter (0.5.0)
ox (2.14.18)
parallel (1.24.0)
parser (3.3.1.0)
parser (3.3.2.0)
ast (~> 2.4.1)
racc
parslet (2.0.0)
Expand All @@ -597,7 +597,7 @@ GEM
net-smtp
premailer (~> 1.7, >= 1.7.9)
private_address_check (0.5.0)
propshaft (0.8.0)
propshaft (0.9.0)
actionpack (>= 7.0.0)
activesupport (>= 7.0.0)
rack
Expand Down Expand Up @@ -726,7 +726,7 @@ GEM
rspec-mocks (~> 3.0)
sidekiq (>= 5, < 8)
rspec-support (3.13.1)
rubocop (1.63.5)
rubocop (1.64.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
Expand Down Expand Up @@ -799,7 +799,7 @@ GEM
thor (>= 0.20, < 3.0)
simple-navigation (4.4.0)
activesupport (>= 2.3.2)
simple_form (5.3.0)
simple_form (5.3.1)
actionpack (>= 5.2)
activemodel (>= 5.2)
simplecov (0.22.0)
Expand Down Expand Up @@ -877,7 +877,7 @@ GEM
webfinger (1.2.0)
activesupport
httpclient (>= 2.4)
webmock (3.23.0)
webmock (3.23.1)
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
Expand Down Expand Up @@ -975,6 +975,7 @@ DEPENDENCIES
omniauth-rails_csrf_protection (~> 1.0)
omniauth-saml (~> 2.0)
omniauth_openid_connect (~> 0.6.1)
opentelemetry-api (~> 1.2.5)
opentelemetry-exporter-otlp (~> 0.26.3)
opentelemetry-instrumentation-active_job (~> 0.7.1)
opentelemetry-instrumentation-active_model_serializers (~> 0.20.1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,4 @@ def pagination_since_id
def records_continue?
@accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
end

def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,4 @@ def pagination_since_id
def records_continue?
@accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
end

def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end
4 changes: 2 additions & 2 deletions app/controllers/api/v1/accounts_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,11 @@ def relationships(**options)
end

def account_ids
Array(accounts_params[:ids]).uniq.map(&:to_i)
Array(accounts_params[:id]).uniq.map(&:to_i)
end

def accounts_params
params.permit(ids: [])
params.permit(id: [])
end

def account_params
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@ class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index

PAGINATION_PARAMS = %i(limit).freeze

def index
authorize :canonical_email_block, :index?
render json: @canonical_email_blocks, each_serializer: REST::Admin::CanonicalEmailBlockSerializer
Expand Down Expand Up @@ -80,8 +78,4 @@ def pagination_collection
def records_continue?
@canonical_email_blocks.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end
6 changes: 0 additions & 6 deletions app/controllers/api/v1/admin/domain_allows_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index

PAGINATION_PARAMS = %i(limit).freeze

def index
authorize :domain_allow, :index?
render json: @domain_allows, each_serializer: REST::Admin::DomainAllowSerializer
Expand Down Expand Up @@ -77,10 +75,6 @@ def records_continue?
@domain_allows.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end

def resource_params
params.permit(:domain)
end
Expand Down
6 changes: 0 additions & 6 deletions app/controllers/api/v1/admin/domain_blocks_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index

PAGINATION_PARAMS = %i(limit).freeze

def index
authorize :domain_block, :index?
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
Expand Down Expand Up @@ -93,10 +91,6 @@ def records_continue?
@domain_blocks.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end

def resource_params
params.permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,6 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index

PAGINATION_PARAMS = %i(
limit
).freeze

def index
authorize :email_domain_block, :index?
render json: @email_domain_blocks, each_serializer: REST::Admin::EmailDomainBlockSerializer
Expand Down Expand Up @@ -73,8 +69,4 @@ def pagination_collection
def records_continue?
@email_domain_blocks.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end
8 changes: 0 additions & 8 deletions app/controllers/api/v1/admin/ip_blocks_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,6 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index

PAGINATION_PARAMS = %i(
limit
).freeze

def index
authorize :ip_block, :index?
render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
Expand Down Expand Up @@ -78,8 +74,4 @@ def pagination_collection
def records_continue?
@ip_blocks.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end
5 changes: 0 additions & 5 deletions app/controllers/api/v1/admin/tags_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ class Api::V1::Admin::TagsController < Api::BaseController
after_action :verify_authorized

LIMIT = 100
PAGINATION_PARAMS = %i(limit).freeze

def index
authorize :tag, :index?
Expand Down Expand Up @@ -59,8 +58,4 @@ def pagination_collection
def records_continue?
@tags.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@ class Api::V1::Admin::Trends::Links::PreviewCardProvidersController < Api::BaseC
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index

PAGINATION_PARAMS = %i(limit).freeze

def index
authorize :preview_card_provider, :index?

Expand Down Expand Up @@ -57,8 +55,4 @@ def pagination_collection
def records_continue?
@providers.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end
4 changes: 0 additions & 4 deletions app/controllers/api/v1/blocks_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,4 @@ def pagination_collection
def records_continue?
paginated_blocks.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
end

def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end
4 changes: 0 additions & 4 deletions app/controllers/api/v1/bookmarks_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,4 @@ def pagination_collection
def records_continue?
results.size == limit_param(DEFAULT_STATUSES_LIMIT)
end

def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end
12 changes: 4 additions & 8 deletions app/controllers/api/v1/conversations_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,15 +38,15 @@ def set_conversation
def paginated_conversations
AccountConversation.where(account: current_account)
.includes(
account: :account_stat,
account: [:account_stat, user: :role],
last_status: [
:media_attachments,
:status_stat,
:tags,
{
preview_cards_status: :preview_card,
active_mentions: [account: :account_stat],
account: :account_stat,
preview_cards_status: { preview_card: { author_account: [:account_stat, user: :role] } },
active_mentions: :account,
account: [:account_stat, user: :role],
},
]
)
Expand All @@ -72,8 +72,4 @@ def pagination_since_id
def records_continue?
@conversations.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,4 @@ def pagination_collection
def records_continue?
@encrypted_messages.size == limit_param(LIMIT)
end

def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
end
Loading

0 comments on commit 0d8fe3f

Please sign in to comment.