From ffb2b8ef8c3c7cd6f57860240378fac8d5964105 Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 01:17:17 +0900 Subject: [PATCH 01/13] Fix button hiding when header title is too long (#6406) --- .../mastodon/components/column_header.js | 4 +--- .../styles/mastodon/components.scss | 19 ++++++------------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/app/javascript/mastodon/components/column_header.js b/app/javascript/mastodon/components/column_header.js index c300db89b9..6b79ec02da 100644 --- a/app/javascript/mastodon/components/column_header.js +++ b/app/javascript/mastodon/components/column_header.js @@ -133,9 +133,7 @@ export default class ColumnHeader extends React.PureComponent {

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index bfca34f4d1..2beb19afff 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -1913,7 +1913,7 @@ font-family: inherit; color: $ui-highlight-color; cursor: pointer; - flex: 0 0 auto; + white-space: nowrap; font-size: 16px; padding: 0 5px 0 0; z-index: 3; @@ -2403,15 +2403,16 @@ overflow: hidden; & > button { - display: flex; - flex: auto; margin: 0; border: none; - padding: 15px; + padding: 15px 0 15px 15px; color: inherit; background: transparent; font: inherit; text-align: left; + text-overflow: ellipsis; + overflow: hidden; + white-space: nowrap; } &.active { @@ -2432,7 +2433,7 @@ .column-header__buttons { height: 48px; display: flex; - margin-left: 0; + margin-left: auto; } .column-header__links .text-btn { @@ -2512,14 +2513,6 @@ } } -.column-header__title { - display: inline-block; - text-overflow: ellipsis; - overflow: hidden; - white-space: nowrap; - flex: 1; -} - .text-btn { display: inline-block; padding: 0; From f4bd51da1e4236fce5d46d76136bb2ef4a0e51ed Mon Sep 17 00:00:00 2001 From: Rob Watson Date: Thu, 1 Feb 2018 16:54:22 +0000 Subject: [PATCH 02/13] Upgrade Paperclip > 5.2.1 (#6404) Mitigation for CVE-2017-0889. https://www.cvedetails.com/cve/CVE-2017-0889/ https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8 --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b116318a7c..b3bd6fcb0d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -215,7 +215,7 @@ GEM httplog (0.99.7) colorize rack - i18n (0.9.1) + i18n (0.9.3) concurrent-ruby (~> 1.0) i18n-tasks (0.9.19) activesupport (>= 4.0.2) @@ -284,7 +284,7 @@ GEM mimemagic (0.3.2) mini_mime (1.0.0) mini_portile2 (2.3.0) - minitest (5.10.3) + minitest (5.11.3) msgpack (1.1.0) multi_json (1.12.2) net-scp (1.2.1) @@ -307,7 +307,7 @@ GEM http (~> 3.0) nokogiri (~> 1.8) ox (2.8.2) - paperclip (5.1.0) + paperclip (5.2.1) activemodel (>= 4.2.0) activesupport (>= 4.2.0) cocaine (~> 0.5.5) From 1afc70c990d4d23e5fac57de9cb579c396a82b5c Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 18:10:18 +0900 Subject: [PATCH 03/13] Fix mistake in cache deletion (#6408) --- spec/models/setting_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/models/setting_spec.rb b/spec/models/setting_spec.rb index e99dfc0d73..bbba5f98d9 100644 --- a/spec/models/setting_spec.rb +++ b/spec/models/setting_spec.rb @@ -52,7 +52,7 @@ RSpec.describe Setting, type: :model do allow(RailsSettings::Settings).to receive(:object).with(key).and_return(object) allow(described_class).to receive(:default_settings).and_return(default_settings) allow_any_instance_of(Settings::ScopedSettings).to receive(:thing_scoped).and_return(records) - Rails.cache.clear(cache_key) + Rails.cache.delete(cache_key) end let(:object) { nil } From 04fef7b8886bb78f3473e143894a521ca578f1db Mon Sep 17 00:00:00 2001 From: Alexander Date: Fri, 2 Feb 2018 10:18:55 +0100 Subject: [PATCH 04/13] pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style --- Gemfile | 3 + Gemfile.lock | 5 ++ app/controllers/application_controller.rb | 5 ++ .../auth/registrations_controller.rb | 5 ++ app/controllers/auth/sessions_controller.rb | 6 +- app/models/user.rb | 69 +++++++++++++++++++ .../unreserved_username_validator.rb | 6 ++ app/views/auth/passwords/edit.html.haml | 18 +++-- app/views/auth/registrations/edit.html.haml | 15 ++-- app/views/auth/sessions/new.html.haml | 5 +- config/initializers/devise.rb | 34 ++++++++- config/locales/simple_form.de.yml | 1 + config/locales/simple_form.en.yml | 1 + ...80109143959_add_remember_token_to_users.rb | 5 ++ db/schema.rb | 3 +- 15 files changed, 164 insertions(+), 17 deletions(-) create mode 100644 db/migrate/20180109143959_add_remember_token_to_users.rb diff --git a/Gemfile b/Gemfile index eaa1d29de6..f3844aca6f 100644 --- a/Gemfile +++ b/Gemfile @@ -30,6 +30,9 @@ gem 'iso-639' gem 'cld3', '~> 3.2.0' gem 'devise', '~> 4.4' gem 'devise-two-factor', '~> 3.0' + +gem 'devise_pam_authenticatable2', '~> 8.0' + gem 'doorkeeper', '~> 4.2' gem 'fast_blank', '~> 1.0' gem 'goldfinger', '~> 2.1' diff --git a/Gemfile.lock b/Gemfile.lock index b3bd6fcb0d..7da9bfe394 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -137,6 +137,9 @@ GEM devise (~> 4.0) railties (< 5.2) rotp (~> 2.0) + devise_pam_authenticatable2 (8.0.1) + devise (>= 4.0.0) + rpam2 (~> 3.0) diff-lcs (1.3) docile (1.1.5) domain_name (0.5.20170404) @@ -420,6 +423,7 @@ GEM actionpack (>= 4.2.0, < 5.3) railties (>= 4.2.0, < 5.3) rotp (2.1.2) + rpam2 (3.1.0) rqrcode (0.10.1) chunky_png (~> 1.0) rspec-core (3.7.0) @@ -570,6 +574,7 @@ DEPENDENCIES climate_control (~> 0.2) devise (~> 4.4) devise-two-factor (~> 3.0) + devise_pam_authenticatable2 (~> 8.0) doorkeeper (~> 4.2) dotenv-rails (~> 2.2) fabrication (~> 2.18) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e1aae0b677..b38a684677 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,6 +14,7 @@ class ApplicationController < ActionController::Base helper_method :current_session helper_method :current_theme helper_method :single_user_mode? + helper_method :use_pam? rescue_from ActionController::RoutingError, with: :not_found rescue_from ActiveRecord::RecordNotFound, with: :not_found @@ -75,6 +76,10 @@ class ApplicationController < ActionController::Base @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.exists? end + def use_pam? + Devise.pam_authentication + end + def current_account @current_account ||= current_user.try(:account) end diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index b8ff4e54f2..417e2b63bd 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -14,6 +14,11 @@ class Auth::RegistrationsController < Devise::RegistrationsController protected + def update_resource(resource, params) + params[:password] = nil if Devise.pam_authentication && resource.encrypted_password.blank? + super + end + def build_resource(hash = nil) super(hash) diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index a5acb6c36f..4fc41b3784 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -28,7 +28,11 @@ class Auth::SessionsController < Devise::SessionsController if session[:otp_user_id] User.find(session[:otp_user_id]) elsif user_params[:email] - User.find_for_authentication(email: user_params[:email]) + if use_pam? && Devise.check_at_sign && user_params[:email].index('@').nil? + User.joins(:account).find_by(accounts: { username: user_params[:email] }) + else + User.find_for_authentication(email: user_params[:email]) + end end end diff --git a/app/models/user.rb b/app/models/user.rb index 40c298b1a2..fa4ebfc717 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -34,6 +34,7 @@ # disabled :boolean default(FALSE), not null # moderator :boolean default(FALSE), not null # invite_id :integer +# remember_token :string # class User < ApplicationRecord @@ -50,6 +51,8 @@ class User < ApplicationRecord devise :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable + devise :pam_authenticatable + belongs_to :account, inverse_of: :user belongs_to :invite, counter_cache: :uses, optional: true accepts_nested_attributes_for :account @@ -84,6 +87,33 @@ class User < ApplicationRecord attr_accessor :invite_code + def pam_conflict(_) + # block pam login tries on traditional account + nil + end + + def pam_conflict? + return false unless Devise.pam_authentication + encrypted_password.present? && is_pam_account? + end + + def pam_get_name + return account.username if account.present? + super + end + + def pam_setup(_attributes) + acc = Account.new(username: pam_get_name) + acc.save!(validate: false) + + self.email = "#{acc.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix + self.confirmed_at = Time.now.utc + self.admin = false + self.account = acc + + acc.destroy! unless save + end + def confirmed? confirmed_at.present? end @@ -213,6 +243,45 @@ class User < ApplicationRecord @invite_code = code end + def password_required? + return false if Devise.pam_authentication + super + end + + def send_reset_password_instructions + return false if encrypted_password.blank? && Devise.pam_authentication + super + end + + def reset_password!(new_password, new_password_confirmation) + return false if encrypted_password.blank? && Devise.pam_authentication + super + end + + def self.pam_get_user(attributes = {}) + if attributes[:email] + resource = + if Devise.check_at_sign && !attributes[:email].index('@') + joins(:account).find_by(accounts: { username: attributes[:email] }) + else + find_by(email: attributes[:email]) + end + + if resource.blank? + resource = new(email: attributes[:email]) + if Devise.check_at_sign && !resource[:email].index('@') + resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" + end + end + resource + end + end + + def self.authenticate_with_pam(attributes = {}) + return nil unless Devise.pam_authentication + super + end + protected def send_devise_notification(notification, *args) diff --git a/app/validators/unreserved_username_validator.rb b/app/validators/unreserved_username_validator.rb index 44ea4359bb..c2311a89ab 100644 --- a/app/validators/unreserved_username_validator.rb +++ b/app/validators/unreserved_username_validator.rb @@ -8,7 +8,13 @@ class UnreservedUsernameValidator < ActiveModel::Validator private + def pam_controlled?(value) + return false unless Devise.pam_authentication && Devise.pam_controlled_service + Rpam2.account(Devise.pam_controlled_service, value).present? + end + def reserved_username?(value) + return true if pam_controlled?(value) return false unless Setting.reserved_usernames Setting.reserved_usernames.include?(value.downcase) end diff --git a/app/views/auth/passwords/edit.html.haml b/app/views/auth/passwords/edit.html.haml index 5ef3de9762..d8fed9e776 100644 --- a/app/views/auth/passwords/edit.html.haml +++ b/app/views/auth/passwords/edit.html.haml @@ -1,14 +1,18 @@ - content_for :page_title do = t('auth.set_new_password') -= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| - = render 'shared/error_messages', object: resource - = f.input :reset_password_token, as: :hidden + = simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| + = render 'shared/error_messages', object: resource - = f.input :password, autofocus: true, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } - = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } + - if use_pam? || current_user.encrypted_password.present? + = f.input :reset_password_token, as: :hidden - .actions - = f.button :button, t('auth.set_new_password'), type: :submit + = f.input :password, autofocus: true, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } + = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } + + .actions + = f.button :button, t('auth.set_new_password'), type: :submit + - else + = t('simple_form.labels.defaults.pam_account') .form-footer= render 'auth/shared/links' diff --git a/app/views/auth/registrations/edit.html.haml b/app/views/auth/registrations/edit.html.haml index 145f5cd9e1..102199f819 100644 --- a/app/views/auth/registrations/edit.html.haml +++ b/app/views/auth/registrations/edit.html.haml @@ -4,13 +4,16 @@ = simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: 'auth_edit' }) do |f| = render 'shared/error_messages', object: resource - = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } - = f.input :password, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } - = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } - = f.input :current_password, placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password'), :autocomplete => 'off' } + - if !use_pam? || current_user.encrypted_password.present? + = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } + = f.input :password, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } + = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } + = f.input :current_password, placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password'), :autocomplete => 'off' } - .actions - = f.button :button, t('generic.save_changes'), type: :submit + .actions + = f.button :button, t('generic.save_changes'), type: :submit + - else + = t('simple_form.labels.defaults.pam_account') %hr/ diff --git a/app/views/auth/sessions/new.html.haml b/app/views/auth/sessions/new.html.haml index a52b0053b3..3edb0d2d4f 100644 --- a/app/views/auth/sessions/new.html.haml +++ b/app/views/auth/sessions/new.html.haml @@ -5,7 +5,10 @@ = render partial: 'shared/og' = simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| - = f.input :email, autofocus: true, placeholder: t('simple_form.labels.defaults.email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } + - if use_pam? + = f.input :email, autofocus: true, placeholder: t('simple_form.labels.defaults.username_or_email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.username_or_email') } + - else + = f.input :email, autofocus: true, placeholder: t('simple_form.labels.defaults.email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } = f.input :password, placeholder: t('simple_form.labels.defaults.password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.password'), :autocomplete => 'off' } .actions diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 07912c28b8..f2f7f1ba33 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -30,6 +30,19 @@ Warden::Manager.before_logout do |_, warden| warden.cookies.delete('_session_id') end +module Devise + mattr_accessor :pam_authentication + @@pam_authentication = false + mattr_accessor :pam_controlled_service + @@pam_controlled_service = nil + + class Strategies::PamAuthenticatable + def valid? + super && ::Devise.pam_authentication + end + end +end + Devise.setup do |config| config.warden do |manager| manager.default_strategies(scope: :user).unshift :two_factor_authenticatable @@ -96,7 +109,7 @@ Devise.setup do |config| # given strategies, for example, `config.http_authenticatable = [:database]` will # enable it only for database authentication. The supported strategies are: # :database = Support basic authentication with authentication key + password - config.http_authenticatable = [:database] + config.http_authenticatable = [:pam, :database] # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true @@ -301,4 +314,23 @@ Devise.setup do |config| # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + # PAM: only look for email field + config.usernamefield = nil + config.emailfield = "email" + + # authentication with pam possible + # if not enabled, all pam settings are ignored + #config.pam_authentication = true + # check if email is actually a username + config.check_at_sign = true + # suffix for email address generation (warning: without pam must provide email in the pam environment) + config.pam_default_suffix = "pam" + # name of the pam service + # pam "auth" section is evaluated + config.pam_default_service = "rpam" + # name of the pam service used for checking if an user can register + # pam "account" section is evaluated + # nil for allowing registration of pam names (not recommended) + config.pam_controlled_service = "rpam" end diff --git a/config/locales/simple_form.de.yml b/config/locales/simple_form.de.yml index 3c5e467a2c..bb78ae21a0 100644 --- a/config/locales/simple_form.de.yml +++ b/config/locales/simple_form.de.yml @@ -53,6 +53,7 @@ de: severity: Gewichtung type: Importtyp username: Profilname + username_or_email: Profilname oder Email interactions: must_be_follower: Benachrichtigungen von Nicht-Folgenden blockieren must_be_following: Benachrichtigungen von Profilen blockieren, denen ich nicht folge diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 143daaa298..c56334d563 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -53,6 +53,7 @@ en: severity: Severity type: Import type username: Username + username_or_email: Username or Email interactions: must_be_follower: Block notifications from non-followers must_be_following: Block notifications from people you don't follow diff --git a/db/migrate/20180109143959_add_remember_token_to_users.rb b/db/migrate/20180109143959_add_remember_token_to_users.rb new file mode 100644 index 0000000000..662905bcbb --- /dev/null +++ b/db/migrate/20180109143959_add_remember_token_to_users.rb @@ -0,0 +1,5 @@ +class AddRememberTokenToUsers < ActiveRecord::Migration[5.1] + def change + add_column :users, :remember_token, :string, null: true + end +end diff --git a/db/schema.rb b/db/schema.rb index d1722fa299..a411de20ff 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180106000232) do +ActiveRecord::Schema.define(version: 20180109143959) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -486,6 +486,7 @@ ActiveRecord::Schema.define(version: 20180106000232) do t.boolean "disabled", default: false, null: false t.boolean "moderator", default: false, null: false t.bigint "invite_id" + t.string "remember_token" t.index ["account_id"], name: "index_users_on_account_id" t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["email"], name: "index_users_on_email", unique: true From 8e4cf6282b8a3bcb100506b27ecaed3e88832681 Mon Sep 17 00:00:00 2001 From: puckipedia Date: Fri, 2 Feb 2018 10:19:59 +0100 Subject: [PATCH 05/13] Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) --- app/controllers/activitypub/outboxes_controller.rb | 4 +++- app/controllers/concerns/signature_authentication.rb | 11 +++++++++++ app/controllers/statuses_controller.rb | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 app/controllers/concerns/signature_authentication.rb diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index 9f97ff6226..a431e35578 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -1,10 +1,12 @@ # frozen_string_literal: true class ActivityPub::OutboxesController < Api::BaseController + include SignatureVerification + before_action :set_account def show - @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) + @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) @statuses = cache_collection(@statuses, Status) render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' diff --git a/app/controllers/concerns/signature_authentication.rb b/app/controllers/concerns/signature_authentication.rb new file mode 100644 index 0000000000..beec932238 --- /dev/null +++ b/app/controllers/concerns/signature_authentication.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module SignatureAuthentication + extend ActiveSupport::Concern + + include SignatureVerification + + def current_account + super || signed_request_account + end +end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 367ea34e78..45226c8d2a 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class StatusesController < ApplicationController + include SignatureAuthentication include Authorization layout 'public' From 0be9a1e3212b0b9918abe1536e51efe2fefa49f1 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 18:22:15 +0900 Subject: [PATCH 06/13] Accept ActivityPub announce from the author of the original note (#6236) --- app/lib/activitypub/activity/announce.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb index abf2b9b80b..c8a3581950 100644 --- a/app/lib/activitypub/activity/announce.rb +++ b/app/lib/activitypub/activity/announce.rb @@ -15,7 +15,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity account: @account, reblog: original_status, uri: @json['id'], - created_at: @options[:override_timestamps] ? nil : @json['published'] + created_at: @options[:override_timestamps] ? nil : @json['published'], + visibility: original_status.visibility ) distribute(status) @@ -35,6 +36,6 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity end def announceable?(status) - status.public_visibility? || status.unlisted_visibility? + status.account_id == @account.id || status.public_visibility? || status.unlisted_visibility? end end From 5da5c65db8557abd7c6be15842189b9d83e85079 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 18:32:21 +0900 Subject: [PATCH 07/13] Unify links container implementation in about pages (#6382) They were redundant, and also had a inconsistency; the button for "other instances" had an icon for the external link in "more" page, but it didn't in the other pages. This unifies the implementation, and the external link icon is now shown in all the about pages. --- app/views/about/_links.html.haml | 16 ++++++++++++++++ app/views/about/more.html.haml | 17 +---------------- app/views/about/show.html.haml | 17 +---------------- app/views/about/terms.html.haml | 14 +------------- 4 files changed, 19 insertions(+), 45 deletions(-) create mode 100644 app/views/about/_links.html.haml diff --git a/app/views/about/_links.html.haml b/app/views/about/_links.html.haml new file mode 100644 index 0000000000..ccf4f08b95 --- /dev/null +++ b/app/views/about/_links.html.haml @@ -0,0 +1,16 @@ +.container.links + .brand + = link_to root_url do + = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' + + %ul.nav + %li + - if user_signed_in? + = link_to t('settings.back'), root_url, class: 'webapp-btn' + - else + = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' + %li= link_to t('about.about_this'), about_more_path + %li + = link_to 'https://joinmastodon.org/' do + = "#{t('about.other_instances')}" + %i.fa.fa-external-link{ style: 'padding-left: 5px;' } diff --git a/app/views/about/more.html.haml b/app/views/about/more.html.haml index b012606ce9..9c9580eac2 100644 --- a/app/views/about/more.html.haml +++ b/app/views/about/more.html.haml @@ -8,22 +8,7 @@ .landing-page .header-wrapper.compact .header - .container.links - .brand - = link_to root_url do - = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' - - %ul.nav - %li - - if user_signed_in? - = link_to t('settings.back'), root_url, class: 'webapp-btn' - - else - = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' - %li= link_to t('about.about_this'), about_more_path - %li - = link_to 'https://joinmastodon.org/' do - = "#{t('about.other_instances')}" - %i.fa.fa-external-link{ style: 'padding-left: 5px;' } + = render 'links' .container.hero .heading diff --git a/app/views/about/show.html.haml b/app/views/about/show.html.haml index f8f90ce243..b7c08479da 100644 --- a/app/views/about/show.html.haml +++ b/app/views/about/show.html.haml @@ -12,22 +12,7 @@ = image_tag asset_pack_path('elephant-fren.png'), alt: '', role: 'presentation', class: 'mascot' .header - .container.links - .brand - = link_to root_url do - = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' - - %ul.nav - %li - - if user_signed_in? - = link_to t('settings.back'), root_url, class: 'webapp-btn' - - else - = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' - %li= link_to t('about.about_this'), about_more_path - %li - = link_to 'https://joinmastodon.org/' do - = "#{t('about.other_instances')}" - %i.fa.fa-external-link{ style: 'padding-left: 5px;' } + = render 'links' .container.hero .floats diff --git a/app/views/about/terms.html.haml b/app/views/about/terms.html.haml index 7004cb0b13..ba780759ce 100644 --- a/app/views/about/terms.html.haml +++ b/app/views/about/terms.html.haml @@ -4,19 +4,7 @@ .landing-page .header-wrapper.compact .header - .container.links - .brand - = link_to root_url do - = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' - - %ul.nav - %li - - if user_signed_in? - = link_to t('settings.back'), root_url, class: 'webapp-btn' - - else - = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' - %li= link_to t('about.about_this'), about_more_path - %li= link_to t('about.other_instances'), 'https://joinmastodon.org/' + = render 'links' .extended-description .container From 77dd9e7d2728fb0f0e52718c3544ef6898af4fff Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 18:32:41 +0900 Subject: [PATCH 08/13] Remove wave from list drawer (#6381) --- app/javascript/mastodon/features/compose/index.js | 2 +- app/javascript/styles/mastodon/components.scss | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/javascript/mastodon/features/compose/index.js b/app/javascript/mastodon/features/compose/index.js index 84e3a2338b..f809bafcf1 100644 --- a/app/javascript/mastodon/features/compose/index.js +++ b/app/javascript/mastodon/features/compose/index.js @@ -91,7 +91,7 @@ export default class Compose extends React.PureComponent {
-
+
{multiColumn &&
} diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 2beb19afff..2b38f7ae4c 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -1766,7 +1766,7 @@ position: absolute; top: 0; left: 0; - background: lighten($ui-base-color, 13%) url('data:image/svg+xml;utf8,') no-repeat bottom / 100% auto; + background: lighten($ui-base-color, 13%); box-sizing: border-box; padding: 0; display: flex; @@ -1779,6 +1779,10 @@ &.darker { background: $ui-base-color; } +} + +.drawer__inner--with-mastodon { + background: lighten($ui-base-color, 13%) url('data:image/svg+xml;utf8,') no-repeat bottom / 100% auto; > .mastodon { background: url('../images/elephant_ui_plane.svg') no-repeat left bottom / contain; From af4082499873f54047050655ee63a2fdc3b53b99 Mon Sep 17 00:00:00 2001 From: Charlotte Fields Date: Fri, 2 Feb 2018 20:45:43 +1100 Subject: [PATCH 09/13] moved save button (#3792) * moved save button * added save back to the bottom * Update show.html.haml --- app/views/settings/preferences/show.html.haml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/views/settings/preferences/show.html.haml b/app/views/settings/preferences/show.html.haml index 69e26a7be2..441e27a681 100644 --- a/app/views/settings/preferences/show.html.haml +++ b/app/views/settings/preferences/show.html.haml @@ -4,6 +4,9 @@ = simple_form_for current_user, url: settings_preferences_path, html: { method: :put } do |f| = render 'shared/error_messages', object: current_user + .actions + = f.button :button, t('generic.save_changes'), type: :submit + %h4= t 'preferences.languages' .fields-group From ac1093256c500f55a6578836c3364d4a8a67ee58 Mon Sep 17 00:00:00 2001 From: ThibG Date: Fri, 2 Feb 2018 10:54:04 +0100 Subject: [PATCH 10/13] Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207) --- app/controllers/stream_entries_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index cc579dbc88..f81856cc6b 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -10,6 +10,7 @@ class StreamEntriesController < ApplicationController before_action :set_stream_entry before_action :set_link_headers before_action :check_account_suspension + before_action :set_cache_headers def show respond_to do |format| @@ -19,6 +20,10 @@ class StreamEntriesController < ApplicationController end format.atom do + unless @stream_entry.hidden? + skip_session! + expires_in 3.minutes, public: true + end render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.entry(@stream_entry, true)) end end From c1efe0aa1d7ab43aa74387df6f1d56a56ec268de Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 19:56:50 +0900 Subject: [PATCH 11/13] Set minimum height for mastodon on drawer (#6142) --- app/javascript/mastodon/features/compose/index.js | 9 +++++++-- app/javascript/styles/mastodon/components.scss | 13 +++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/app/javascript/mastodon/features/compose/index.js b/app/javascript/mastodon/features/compose/index.js index f809bafcf1..138bc4e2ec 100644 --- a/app/javascript/mastodon/features/compose/index.js +++ b/app/javascript/mastodon/features/compose/index.js @@ -12,6 +12,7 @@ import Motion from '../ui/util/optional_motion'; import spring from 'react-motion/lib/spring'; import SearchResultsContainer from './containers/search_results_container'; import { changeComposing } from '../../actions/compose'; +import elephantUIPlane from '../../../images/elephant_ui_plane.svg'; const messages = defineMessages({ start: { id: 'getting_started.heading', defaultMessage: 'Getting started' }, @@ -91,10 +92,14 @@ export default class Compose extends React.PureComponent {
-
+
- {multiColumn &&
} + {multiColumn && ( +
+ +
+ )}
diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 2b38f7ae4c..6359e9d0d0 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -1781,12 +1781,17 @@ } } -.drawer__inner--with-mastodon { +.drawer__inner__mastodon { background: lighten($ui-base-color, 13%) url('data:image/svg+xml;utf8,') no-repeat bottom / 100% auto; + flex: 1; + min-height: 47px; - > .mastodon { - background: url('../images/elephant_ui_plane.svg') no-repeat left bottom / contain; - flex: 1; + > img { + display: block; + object-fit: contain; + object-position: bottom left; + width: 100%; + height: 100%; } } From 7e5c433dfce68dea0af09784753f2f4f3003f2a3 Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 19:57:59 +0900 Subject: [PATCH 12/13] Fix saving of oEmbed image (#6409) --- app/services/fetch_link_card_service.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index d0472a1d7f..3e31a41457 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -91,13 +91,13 @@ class FetchLinkCardService < BaseService case @card.type when 'link' - @card.image = URI.parse(embed.thumbnail_url) if embed.respond_to?(:thumbnail_url) + @card.image_remote_url = embed.thumbnail_url if embed.respond_to?(:thumbnail_url) when 'photo' return false unless embed.respond_to?(:url) - @card.embed_url = embed.url - @card.image = URI.parse(embed.url) - @card.width = embed.width.presence || 0 - @card.height = embed.height.presence || 0 + @card.embed_url = embed.url + @card.image_remote_url = embed.url + @card.width = embed.width.presence || 0 + @card.height = embed.height.presence || 0 when 'video' @card.width = embed.width.presence || 0 @card.height = embed.height.presence || 0 From 33f56811e38bc330de9dcfa6794c29a176a30311 Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 21:31:28 +0900 Subject: [PATCH 13/13] Fix column header button (#6411) --- app/javascript/styles/mastodon/components.scss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 6359e9d0d0..c2c9a040fc 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -2422,6 +2422,7 @@ text-overflow: ellipsis; overflow: hidden; white-space: nowrap; + flex: 1; } &.active { @@ -2442,7 +2443,6 @@ .column-header__buttons { height: 48px; display: flex; - margin-left: auto; } .column-header__links .text-btn {