From ffb2b8ef8c3c7cd6f57860240378fac8d5964105 Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 01:17:17 +0900 Subject: [PATCH 01/13] Fix button hiding when header title is too long (#6406) --- .../mastodon/components/column_header.js | 4 +--- .../styles/mastodon/components.scss | 19 ++++++------------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/app/javascript/mastodon/components/column_header.js b/app/javascript/mastodon/components/column_header.js index c300db89b9d..6b79ec02daa 100644 --- a/app/javascript/mastodon/components/column_header.js +++ b/app/javascript/mastodon/components/column_header.js @@ -133,9 +133,7 @@ export default class ColumnHeader extends React.PureComponent {

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index bfca34f4d1c..2beb19afff0 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -1913,7 +1913,7 @@ font-family: inherit; color: $ui-highlight-color; cursor: pointer; - flex: 0 0 auto; + white-space: nowrap; font-size: 16px; padding: 0 5px 0 0; z-index: 3; @@ -2403,15 +2403,16 @@ overflow: hidden; & > button { - display: flex; - flex: auto; margin: 0; border: none; - padding: 15px; + padding: 15px 0 15px 15px; color: inherit; background: transparent; font: inherit; text-align: left; + text-overflow: ellipsis; + overflow: hidden; + white-space: nowrap; } &.active { @@ -2432,7 +2433,7 @@ .column-header__buttons { height: 48px; display: flex; - margin-left: 0; + margin-left: auto; } .column-header__links .text-btn { @@ -2512,14 +2513,6 @@ } } -.column-header__title { - display: inline-block; - text-overflow: ellipsis; - overflow: hidden; - white-space: nowrap; - flex: 1; -} - .text-btn { display: inline-block; padding: 0; From f4bd51da1e4236fce5d46d76136bb2ef4a0e51ed Mon Sep 17 00:00:00 2001 From: Rob Watson Date: Thu, 1 Feb 2018 16:54:22 +0000 Subject: [PATCH 02/13] Upgrade Paperclip > 5.2.1 (#6404) Mitigation for CVE-2017-0889. https://www.cvedetails.com/cve/CVE-2017-0889/ https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8 --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b116318a7c8..b3bd6fcb0de 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -215,7 +215,7 @@ GEM httplog (0.99.7) colorize rack - i18n (0.9.1) + i18n (0.9.3) concurrent-ruby (~> 1.0) i18n-tasks (0.9.19) activesupport (>= 4.0.2) @@ -284,7 +284,7 @@ GEM mimemagic (0.3.2) mini_mime (1.0.0) mini_portile2 (2.3.0) - minitest (5.10.3) + minitest (5.11.3) msgpack (1.1.0) multi_json (1.12.2) net-scp (1.2.1) @@ -307,7 +307,7 @@ GEM http (~> 3.0) nokogiri (~> 1.8) ox (2.8.2) - paperclip (5.1.0) + paperclip (5.2.1) activemodel (>= 4.2.0) activesupport (>= 4.2.0) cocaine (~> 0.5.5) From 1afc70c990d4d23e5fac57de9cb579c396a82b5c Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 18:10:18 +0900 Subject: [PATCH 03/13] Fix mistake in cache deletion (#6408) --- spec/models/setting_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/models/setting_spec.rb b/spec/models/setting_spec.rb index e99dfc0d736..bbba5f98d9b 100644 --- a/spec/models/setting_spec.rb +++ b/spec/models/setting_spec.rb @@ -52,7 +52,7 @@ RSpec.describe Setting, type: :model do allow(RailsSettings::Settings).to receive(:object).with(key).and_return(object) allow(described_class).to receive(:default_settings).and_return(default_settings) allow_any_instance_of(Settings::ScopedSettings).to receive(:thing_scoped).and_return(records) - Rails.cache.clear(cache_key) + Rails.cache.delete(cache_key) end let(:object) { nil } From 04fef7b8886bb78f3473e143894a521ca578f1db Mon Sep 17 00:00:00 2001 From: Alexander Date: Fri, 2 Feb 2018 10:18:55 +0100 Subject: [PATCH 04/13] pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style --- Gemfile | 3 + Gemfile.lock | 5 ++ app/controllers/application_controller.rb | 5 ++ .../auth/registrations_controller.rb | 5 ++ app/controllers/auth/sessions_controller.rb | 6 +- app/models/user.rb | 69 +++++++++++++++++++ .../unreserved_username_validator.rb | 6 ++ app/views/auth/passwords/edit.html.haml | 18 +++-- app/views/auth/registrations/edit.html.haml | 15 ++-- app/views/auth/sessions/new.html.haml | 5 +- config/initializers/devise.rb | 34 ++++++++- config/locales/simple_form.de.yml | 1 + config/locales/simple_form.en.yml | 1 + ...80109143959_add_remember_token_to_users.rb | 5 ++ db/schema.rb | 3 +- 15 files changed, 164 insertions(+), 17 deletions(-) create mode 100644 db/migrate/20180109143959_add_remember_token_to_users.rb diff --git a/Gemfile b/Gemfile index eaa1d29de68..f3844aca6f7 100644 --- a/Gemfile +++ b/Gemfile @@ -30,6 +30,9 @@ gem 'iso-639' gem 'cld3', '~> 3.2.0' gem 'devise', '~> 4.4' gem 'devise-two-factor', '~> 3.0' + +gem 'devise_pam_authenticatable2', '~> 8.0' + gem 'doorkeeper', '~> 4.2' gem 'fast_blank', '~> 1.0' gem 'goldfinger', '~> 2.1' diff --git a/Gemfile.lock b/Gemfile.lock index b3bd6fcb0de..7da9bfe3942 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -137,6 +137,9 @@ GEM devise (~> 4.0) railties (< 5.2) rotp (~> 2.0) + devise_pam_authenticatable2 (8.0.1) + devise (>= 4.0.0) + rpam2 (~> 3.0) diff-lcs (1.3) docile (1.1.5) domain_name (0.5.20170404) @@ -420,6 +423,7 @@ GEM actionpack (>= 4.2.0, < 5.3) railties (>= 4.2.0, < 5.3) rotp (2.1.2) + rpam2 (3.1.0) rqrcode (0.10.1) chunky_png (~> 1.0) rspec-core (3.7.0) @@ -570,6 +574,7 @@ DEPENDENCIES climate_control (~> 0.2) devise (~> 4.4) devise-two-factor (~> 3.0) + devise_pam_authenticatable2 (~> 8.0) doorkeeper (~> 4.2) dotenv-rails (~> 2.2) fabrication (~> 2.18) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e1aae0b6777..b38a6846777 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,6 +14,7 @@ class ApplicationController < ActionController::Base helper_method :current_session helper_method :current_theme helper_method :single_user_mode? + helper_method :use_pam? rescue_from ActionController::RoutingError, with: :not_found rescue_from ActiveRecord::RecordNotFound, with: :not_found @@ -75,6 +76,10 @@ class ApplicationController < ActionController::Base @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.exists? end + def use_pam? + Devise.pam_authentication + end + def current_account @current_account ||= current_user.try(:account) end diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index b8ff4e54f28..417e2b63bdd 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -14,6 +14,11 @@ class Auth::RegistrationsController < Devise::RegistrationsController protected + def update_resource(resource, params) + params[:password] = nil if Devise.pam_authentication && resource.encrypted_password.blank? + super + end + def build_resource(hash = nil) super(hash) diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index a5acb6c36fa..4fc41b3784e 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -28,7 +28,11 @@ class Auth::SessionsController < Devise::SessionsController if session[:otp_user_id] User.find(session[:otp_user_id]) elsif user_params[:email] - User.find_for_authentication(email: user_params[:email]) + if use_pam? && Devise.check_at_sign && user_params[:email].index('@').nil? + User.joins(:account).find_by(accounts: { username: user_params[:email] }) + else + User.find_for_authentication(email: user_params[:email]) + end end end diff --git a/app/models/user.rb b/app/models/user.rb index 40c298b1a25..fa4ebfc7172 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -34,6 +34,7 @@ # disabled :boolean default(FALSE), not null # moderator :boolean default(FALSE), not null # invite_id :integer +# remember_token :string # class User < ApplicationRecord @@ -50,6 +51,8 @@ class User < ApplicationRecord devise :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable + devise :pam_authenticatable + belongs_to :account, inverse_of: :user belongs_to :invite, counter_cache: :uses, optional: true accepts_nested_attributes_for :account @@ -84,6 +87,33 @@ class User < ApplicationRecord attr_accessor :invite_code + def pam_conflict(_) + # block pam login tries on traditional account + nil + end + + def pam_conflict? + return false unless Devise.pam_authentication + encrypted_password.present? && is_pam_account? + end + + def pam_get_name + return account.username if account.present? + super + end + + def pam_setup(_attributes) + acc = Account.new(username: pam_get_name) + acc.save!(validate: false) + + self.email = "#{acc.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix + self.confirmed_at = Time.now.utc + self.admin = false + self.account = acc + + acc.destroy! unless save + end + def confirmed? confirmed_at.present? end @@ -213,6 +243,45 @@ class User < ApplicationRecord @invite_code = code end + def password_required? + return false if Devise.pam_authentication + super + end + + def send_reset_password_instructions + return false if encrypted_password.blank? && Devise.pam_authentication + super + end + + def reset_password!(new_password, new_password_confirmation) + return false if encrypted_password.blank? && Devise.pam_authentication + super + end + + def self.pam_get_user(attributes = {}) + if attributes[:email] + resource = + if Devise.check_at_sign && !attributes[:email].index('@') + joins(:account).find_by(accounts: { username: attributes[:email] }) + else + find_by(email: attributes[:email]) + end + + if resource.blank? + resource = new(email: attributes[:email]) + if Devise.check_at_sign && !resource[:email].index('@') + resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" + end + end + resource + end + end + + def self.authenticate_with_pam(attributes = {}) + return nil unless Devise.pam_authentication + super + end + protected def send_devise_notification(notification, *args) diff --git a/app/validators/unreserved_username_validator.rb b/app/validators/unreserved_username_validator.rb index 44ea4359bb3..c2311a89abb 100644 --- a/app/validators/unreserved_username_validator.rb +++ b/app/validators/unreserved_username_validator.rb @@ -8,7 +8,13 @@ class UnreservedUsernameValidator < ActiveModel::Validator private + def pam_controlled?(value) + return false unless Devise.pam_authentication && Devise.pam_controlled_service + Rpam2.account(Devise.pam_controlled_service, value).present? + end + def reserved_username?(value) + return true if pam_controlled?(value) return false unless Setting.reserved_usernames Setting.reserved_usernames.include?(value.downcase) end diff --git a/app/views/auth/passwords/edit.html.haml b/app/views/auth/passwords/edit.html.haml index 5ef3de97620..d8fed9e7762 100644 --- a/app/views/auth/passwords/edit.html.haml +++ b/app/views/auth/passwords/edit.html.haml @@ -1,14 +1,18 @@ - content_for :page_title do = t('auth.set_new_password') -= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| - = render 'shared/error_messages', object: resource - = f.input :reset_password_token, as: :hidden + = simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| + = render 'shared/error_messages', object: resource - = f.input :password, autofocus: true, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } - = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } + - if use_pam? || current_user.encrypted_password.present? + = f.input :reset_password_token, as: :hidden - .actions - = f.button :button, t('auth.set_new_password'), type: :submit + = f.input :password, autofocus: true, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } + = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } + + .actions + = f.button :button, t('auth.set_new_password'), type: :submit + - else + = t('simple_form.labels.defaults.pam_account') .form-footer= render 'auth/shared/links' diff --git a/app/views/auth/registrations/edit.html.haml b/app/views/auth/registrations/edit.html.haml index 145f5cd9e1f..102199f8191 100644 --- a/app/views/auth/registrations/edit.html.haml +++ b/app/views/auth/registrations/edit.html.haml @@ -4,13 +4,16 @@ = simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: 'auth_edit' }) do |f| = render 'shared/error_messages', object: resource - = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } - = f.input :password, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } - = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } - = f.input :current_password, placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password'), :autocomplete => 'off' } + - if !use_pam? || current_user.encrypted_password.present? + = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } + = f.input :password, placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' } + = f.input :password_confirmation, placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' } + = f.input :current_password, placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password'), :autocomplete => 'off' } - .actions - = f.button :button, t('generic.save_changes'), type: :submit + .actions + = f.button :button, t('generic.save_changes'), type: :submit + - else + = t('simple_form.labels.defaults.pam_account') %hr/ diff --git a/app/views/auth/sessions/new.html.haml b/app/views/auth/sessions/new.html.haml index a52b0053b39..3edb0d2d4fd 100644 --- a/app/views/auth/sessions/new.html.haml +++ b/app/views/auth/sessions/new.html.haml @@ -5,7 +5,10 @@ = render partial: 'shared/og' = simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| - = f.input :email, autofocus: true, placeholder: t('simple_form.labels.defaults.email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } + - if use_pam? + = f.input :email, autofocus: true, placeholder: t('simple_form.labels.defaults.username_or_email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.username_or_email') } + - else + = f.input :email, autofocus: true, placeholder: t('simple_form.labels.defaults.email'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } = f.input :password, placeholder: t('simple_form.labels.defaults.password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.password'), :autocomplete => 'off' } .actions diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 07912c28b86..f2f7f1ba338 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -30,6 +30,19 @@ Warden::Manager.before_logout do |_, warden| warden.cookies.delete('_session_id') end +module Devise + mattr_accessor :pam_authentication + @@pam_authentication = false + mattr_accessor :pam_controlled_service + @@pam_controlled_service = nil + + class Strategies::PamAuthenticatable + def valid? + super && ::Devise.pam_authentication + end + end +end + Devise.setup do |config| config.warden do |manager| manager.default_strategies(scope: :user).unshift :two_factor_authenticatable @@ -96,7 +109,7 @@ Devise.setup do |config| # given strategies, for example, `config.http_authenticatable = [:database]` will # enable it only for database authentication. The supported strategies are: # :database = Support basic authentication with authentication key + password - config.http_authenticatable = [:database] + config.http_authenticatable = [:pam, :database] # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true @@ -301,4 +314,23 @@ Devise.setup do |config| # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + # PAM: only look for email field + config.usernamefield = nil + config.emailfield = "email" + + # authentication with pam possible + # if not enabled, all pam settings are ignored + #config.pam_authentication = true + # check if email is actually a username + config.check_at_sign = true + # suffix for email address generation (warning: without pam must provide email in the pam environment) + config.pam_default_suffix = "pam" + # name of the pam service + # pam "auth" section is evaluated + config.pam_default_service = "rpam" + # name of the pam service used for checking if an user can register + # pam "account" section is evaluated + # nil for allowing registration of pam names (not recommended) + config.pam_controlled_service = "rpam" end diff --git a/config/locales/simple_form.de.yml b/config/locales/simple_form.de.yml index 3c5e467a2c4..bb78ae21a09 100644 --- a/config/locales/simple_form.de.yml +++ b/config/locales/simple_form.de.yml @@ -53,6 +53,7 @@ de: severity: Gewichtung type: Importtyp username: Profilname + username_or_email: Profilname oder Email interactions: must_be_follower: Benachrichtigungen von Nicht-Folgenden blockieren must_be_following: Benachrichtigungen von Profilen blockieren, denen ich nicht folge diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 143daaa2988..c56334d563a 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -53,6 +53,7 @@ en: severity: Severity type: Import type username: Username + username_or_email: Username or Email interactions: must_be_follower: Block notifications from non-followers must_be_following: Block notifications from people you don't follow diff --git a/db/migrate/20180109143959_add_remember_token_to_users.rb b/db/migrate/20180109143959_add_remember_token_to_users.rb new file mode 100644 index 00000000000..662905bcbb1 --- /dev/null +++ b/db/migrate/20180109143959_add_remember_token_to_users.rb @@ -0,0 +1,5 @@ +class AddRememberTokenToUsers < ActiveRecord::Migration[5.1] + def change + add_column :users, :remember_token, :string, null: true + end +end diff --git a/db/schema.rb b/db/schema.rb index d1722fa2996..a411de20ffa 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180106000232) do +ActiveRecord::Schema.define(version: 20180109143959) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -486,6 +486,7 @@ ActiveRecord::Schema.define(version: 20180106000232) do t.boolean "disabled", default: false, null: false t.boolean "moderator", default: false, null: false t.bigint "invite_id" + t.string "remember_token" t.index ["account_id"], name: "index_users_on_account_id" t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["email"], name: "index_users_on_email", unique: true From 8e4cf6282b8a3bcb100506b27ecaed3e88832681 Mon Sep 17 00:00:00 2001 From: puckipedia Date: Fri, 2 Feb 2018 10:19:59 +0100 Subject: [PATCH 05/13] Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) --- app/controllers/activitypub/outboxes_controller.rb | 4 +++- app/controllers/concerns/signature_authentication.rb | 11 +++++++++++ app/controllers/statuses_controller.rb | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 app/controllers/concerns/signature_authentication.rb diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index 9f97ff6226d..a431e355783 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -1,10 +1,12 @@ # frozen_string_literal: true class ActivityPub::OutboxesController < Api::BaseController + include SignatureVerification + before_action :set_account def show - @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) + @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) @statuses = cache_collection(@statuses, Status) render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' diff --git a/app/controllers/concerns/signature_authentication.rb b/app/controllers/concerns/signature_authentication.rb new file mode 100644 index 00000000000..beec9322381 --- /dev/null +++ b/app/controllers/concerns/signature_authentication.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module SignatureAuthentication + extend ActiveSupport::Concern + + include SignatureVerification + + def current_account + super || signed_request_account + end +end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 367ea34e78d..45226c8d2ae 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class StatusesController < ApplicationController + include SignatureAuthentication include Authorization layout 'public' From 0be9a1e3212b0b9918abe1536e51efe2fefa49f1 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 18:22:15 +0900 Subject: [PATCH 06/13] Accept ActivityPub announce from the author of the original note (#6236) --- app/lib/activitypub/activity/announce.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb index abf2b9b80bd..c8a35819505 100644 --- a/app/lib/activitypub/activity/announce.rb +++ b/app/lib/activitypub/activity/announce.rb @@ -15,7 +15,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity account: @account, reblog: original_status, uri: @json['id'], - created_at: @options[:override_timestamps] ? nil : @json['published'] + created_at: @options[:override_timestamps] ? nil : @json['published'], + visibility: original_status.visibility ) distribute(status) @@ -35,6 +36,6 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity end def announceable?(status) - status.public_visibility? || status.unlisted_visibility? + status.account_id == @account.id || status.public_visibility? || status.unlisted_visibility? end end From 5da5c65db8557abd7c6be15842189b9d83e85079 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 18:32:21 +0900 Subject: [PATCH 07/13] Unify links container implementation in about pages (#6382) They were redundant, and also had a inconsistency; the button for "other instances" had an icon for the external link in "more" page, but it didn't in the other pages. This unifies the implementation, and the external link icon is now shown in all the about pages. --- app/views/about/_links.html.haml | 16 ++++++++++++++++ app/views/about/more.html.haml | 17 +---------------- app/views/about/show.html.haml | 17 +---------------- app/views/about/terms.html.haml | 14 +------------- 4 files changed, 19 insertions(+), 45 deletions(-) create mode 100644 app/views/about/_links.html.haml diff --git a/app/views/about/_links.html.haml b/app/views/about/_links.html.haml new file mode 100644 index 00000000000..ccf4f08b950 --- /dev/null +++ b/app/views/about/_links.html.haml @@ -0,0 +1,16 @@ +.container.links + .brand + = link_to root_url do + = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' + + %ul.nav + %li + - if user_signed_in? + = link_to t('settings.back'), root_url, class: 'webapp-btn' + - else + = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' + %li= link_to t('about.about_this'), about_more_path + %li + = link_to 'https://joinmastodon.org/' do + = "#{t('about.other_instances')}" + %i.fa.fa-external-link{ style: 'padding-left: 5px;' } diff --git a/app/views/about/more.html.haml b/app/views/about/more.html.haml index b012606ce99..9c9580eac24 100644 --- a/app/views/about/more.html.haml +++ b/app/views/about/more.html.haml @@ -8,22 +8,7 @@ .landing-page .header-wrapper.compact .header - .container.links - .brand - = link_to root_url do - = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' - - %ul.nav - %li - - if user_signed_in? - = link_to t('settings.back'), root_url, class: 'webapp-btn' - - else - = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' - %li= link_to t('about.about_this'), about_more_path - %li - = link_to 'https://joinmastodon.org/' do - = "#{t('about.other_instances')}" - %i.fa.fa-external-link{ style: 'padding-left: 5px;' } + = render 'links' .container.hero .heading diff --git a/app/views/about/show.html.haml b/app/views/about/show.html.haml index f8f90ce2431..b7c08479da0 100644 --- a/app/views/about/show.html.haml +++ b/app/views/about/show.html.haml @@ -12,22 +12,7 @@ = image_tag asset_pack_path('elephant-fren.png'), alt: '', role: 'presentation', class: 'mascot' .header - .container.links - .brand - = link_to root_url do - = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' - - %ul.nav - %li - - if user_signed_in? - = link_to t('settings.back'), root_url, class: 'webapp-btn' - - else - = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' - %li= link_to t('about.about_this'), about_more_path - %li - = link_to 'https://joinmastodon.org/' do - = "#{t('about.other_instances')}" - %i.fa.fa-external-link{ style: 'padding-left: 5px;' } + = render 'links' .container.hero .floats diff --git a/app/views/about/terms.html.haml b/app/views/about/terms.html.haml index 7004cb0b13f..ba780759ce7 100644 --- a/app/views/about/terms.html.haml +++ b/app/views/about/terms.html.haml @@ -4,19 +4,7 @@ .landing-page .header-wrapper.compact .header - .container.links - .brand - = link_to root_url do - = image_tag asset_pack_path('logo_full.svg'), alt: 'Mastodon' - - %ul.nav - %li - - if user_signed_in? - = link_to t('settings.back'), root_url, class: 'webapp-btn' - - else - = link_to t('auth.login'), new_user_session_path, class: 'webapp-btn' - %li= link_to t('about.about_this'), about_more_path - %li= link_to t('about.other_instances'), 'https://joinmastodon.org/' + = render 'links' .extended-description .container From 77dd9e7d2728fb0f0e52718c3544ef6898af4fff Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 18:32:41 +0900 Subject: [PATCH 08/13] Remove wave from list drawer (#6381) --- app/javascript/mastodon/features/compose/index.js | 2 +- app/javascript/styles/mastodon/components.scss | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/javascript/mastodon/features/compose/index.js b/app/javascript/mastodon/features/compose/index.js index 84e3a2338bd..f809bafcf13 100644 --- a/app/javascript/mastodon/features/compose/index.js +++ b/app/javascript/mastodon/features/compose/index.js @@ -91,7 +91,7 @@ export default class Compose extends React.PureComponent {
-
+
{multiColumn &&
} diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 2beb19afff0..2b38f7ae4c0 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -1766,7 +1766,7 @@ position: absolute; top: 0; left: 0; - background: lighten($ui-base-color, 13%) url('data:image/svg+xml;utf8,') no-repeat bottom / 100% auto; + background: lighten($ui-base-color, 13%); box-sizing: border-box; padding: 0; display: flex; @@ -1779,6 +1779,10 @@ &.darker { background: $ui-base-color; } +} + +.drawer__inner--with-mastodon { + background: lighten($ui-base-color, 13%) url('data:image/svg+xml;utf8,') no-repeat bottom / 100% auto; > .mastodon { background: url('../images/elephant_ui_plane.svg') no-repeat left bottom / contain; From af4082499873f54047050655ee63a2fdc3b53b99 Mon Sep 17 00:00:00 2001 From: Charlotte Fields Date: Fri, 2 Feb 2018 20:45:43 +1100 Subject: [PATCH 09/13] moved save button (#3792) * moved save button * added save back to the bottom * Update show.html.haml --- app/views/settings/preferences/show.html.haml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/views/settings/preferences/show.html.haml b/app/views/settings/preferences/show.html.haml index 69e26a7be2c..441e27a6819 100644 --- a/app/views/settings/preferences/show.html.haml +++ b/app/views/settings/preferences/show.html.haml @@ -4,6 +4,9 @@ = simple_form_for current_user, url: settings_preferences_path, html: { method: :put } do |f| = render 'shared/error_messages', object: current_user + .actions + = f.button :button, t('generic.save_changes'), type: :submit + %h4= t 'preferences.languages' .fields-group From ac1093256c500f55a6578836c3364d4a8a67ee58 Mon Sep 17 00:00:00 2001 From: ThibG Date: Fri, 2 Feb 2018 10:54:04 +0100 Subject: [PATCH 10/13] Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207) --- app/controllers/stream_entries_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index cc579dbc889..f81856cc6ba 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -10,6 +10,7 @@ class StreamEntriesController < ApplicationController before_action :set_stream_entry before_action :set_link_headers before_action :check_account_suspension + before_action :set_cache_headers def show respond_to do |format| @@ -19,6 +20,10 @@ class StreamEntriesController < ApplicationController end format.atom do + unless @stream_entry.hidden? + skip_session! + expires_in 3.minutes, public: true + end render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.entry(@stream_entry, true)) end end From c1efe0aa1d7ab43aa74387df6f1d56a56ec268de Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 2 Feb 2018 19:56:50 +0900 Subject: [PATCH 11/13] Set minimum height for mastodon on drawer (#6142) --- app/javascript/mastodon/features/compose/index.js | 9 +++++++-- app/javascript/styles/mastodon/components.scss | 13 +++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/app/javascript/mastodon/features/compose/index.js b/app/javascript/mastodon/features/compose/index.js index f809bafcf13..138bc4e2ec7 100644 --- a/app/javascript/mastodon/features/compose/index.js +++ b/app/javascript/mastodon/features/compose/index.js @@ -12,6 +12,7 @@ import Motion from '../ui/util/optional_motion'; import spring from 'react-motion/lib/spring'; import SearchResultsContainer from './containers/search_results_container'; import { changeComposing } from '../../actions/compose'; +import elephantUIPlane from '../../../images/elephant_ui_plane.svg'; const messages = defineMessages({ start: { id: 'getting_started.heading', defaultMessage: 'Getting started' }, @@ -91,10 +92,14 @@ export default class Compose extends React.PureComponent {
-
+
- {multiColumn &&
} + {multiColumn && ( +
+ +
+ )}
diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 2b38f7ae4c0..6359e9d0d0a 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -1781,12 +1781,17 @@ } } -.drawer__inner--with-mastodon { +.drawer__inner__mastodon { background: lighten($ui-base-color, 13%) url('data:image/svg+xml;utf8,') no-repeat bottom / 100% auto; + flex: 1; + min-height: 47px; - > .mastodon { - background: url('../images/elephant_ui_plane.svg') no-repeat left bottom / contain; - flex: 1; + > img { + display: block; + object-fit: contain; + object-position: bottom left; + width: 100%; + height: 100%; } } From 7e5c433dfce68dea0af09784753f2f4f3003f2a3 Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 19:57:59 +0900 Subject: [PATCH 12/13] Fix saving of oEmbed image (#6409) --- app/services/fetch_link_card_service.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index d0472a1d7fb..3e31a414570 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -91,13 +91,13 @@ class FetchLinkCardService < BaseService case @card.type when 'link' - @card.image = URI.parse(embed.thumbnail_url) if embed.respond_to?(:thumbnail_url) + @card.image_remote_url = embed.thumbnail_url if embed.respond_to?(:thumbnail_url) when 'photo' return false unless embed.respond_to?(:url) - @card.embed_url = embed.url - @card.image = URI.parse(embed.url) - @card.width = embed.width.presence || 0 - @card.height = embed.height.presence || 0 + @card.embed_url = embed.url + @card.image_remote_url = embed.url + @card.width = embed.width.presence || 0 + @card.height = embed.height.presence || 0 when 'video' @card.width = embed.width.presence || 0 @card.height = embed.height.presence || 0 From 33f56811e38bc330de9dcfa6794c29a176a30311 Mon Sep 17 00:00:00 2001 From: abcang Date: Fri, 2 Feb 2018 21:31:28 +0900 Subject: [PATCH 13/13] Fix column header button (#6411) --- app/javascript/styles/mastodon/components.scss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 6359e9d0d0a..c2c9a040fc1 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -2422,6 +2422,7 @@ text-overflow: ellipsis; overflow: hidden; white-space: nowrap; + flex: 1; } &.active { @@ -2442,7 +2443,6 @@ .column-header__buttons { height: 48px; display: flex; - margin-left: auto; } .column-header__links .text-btn {