Merge branch 'main' of https://github.com/glitch-soc/mastodon

Merge pull request #1679 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-02-08 09:18:24 -05:00 · 2022-02-06 16:23:57 +01:00 · 2022-02-06 15:34:42 +01:00 · 2022-02-06 15:31:03 +01:00 · 2022-02-05 17:29:54 +01:00 · 2022-02-05 13:24:05 +01:00
11 changed files with 119 additions and 50 deletions
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@ -11,6 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
+      - uses: docker/setup-qemu-action@v1
      - uses: docker/setup-buildx-action@v1
      - uses: docker/login-action@v1
        with:
@ -29,6 +30,7 @@ jobs:
      - uses: docker/build-push-action@v2
        with:
          context: .
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/mastodon:latest
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,10 +5,12 @@ All notable changes to this project will be documented in this file.

 ## [3.4.6] - 2022-02-03
 ### Fixed
+
 - Fix `mastodon:webpush:generate_vapid_key` task requiring a functional environment ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17338))
 - Fix spurious errors when receiving an Add activity for a private post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17425))

 ### Security
+
 - Fix error-prone SQL queries ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/15828))
 - Fix not compacting incoming signed JSON-LD activities ([puckipedia](https://github.com/mastodon/mastodon/pull/17426), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17428)) (CVE-2022-24307)
 - Fix insufficient sanitization of report comments ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17430))
@ -17,10 +19,12 @@ All notable changes to this project will be documented in this file.

 ## [3.4.5] - 2022-01-31
 ### Added
+
 - Add more advanced migration tests ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17393))
 - Add github workflow to build Docker images ([unasuke](https://github.com/mastodon/mastodon/pull/16973), [Gargron](https://github.com/mastodon/mastodon/pull/16980), [Gargron](https://github.com/mastodon/mastodon/pull/17000))

 ### Fixed
+
 - Fix some old migrations failing when skipping releases ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17394))
 - Fix migrations script failing in certain edge cases ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17398))
 - Fix Docker build ([tribela](https://github.com/mastodon/mastodon/pull/17188))
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -106,7 +106,7 @@ GEM
      ffi (~> 1.14)
    bootsnap (1.10.2)
      msgpack (~> 1.2)
-    brakeman (5.2.0)
+    brakeman (5.2.1)
    browser (4.2.0)
    brpoplpush-redis_script (0.1.2)
      concurrent-ruby (~> 1.0, >= 1.0.5)
@ -208,7 +208,7 @@ GEM
      multi_json
    encryptor (3.0.0)
    erubi (1.10.0)
-    et-orbi (1.2.4)
+    et-orbi (1.2.6)
      tzinfo
    excon (0.76.0)
    fabrication (2.24.0)
@ -252,7 +252,7 @@ GEM
      fog-json (>= 1.0)
      ipaddress (>= 0.8)
    formatador (0.2.5)
-    fugit (1.4.5)
+    fugit (1.5.2)
      et-orbi (~> 1.1, >= 1.1.8)
      raabro (~> 1.4)
    fuubar (2.5.1)
@ -554,7 +554,7 @@ GEM
      nokogiri (>= 1.10.5)
      rexml
    ruby2_keywords (0.0.5)
-    rufus-scheduler (3.7.0)
+    rufus-scheduler (3.8.1)
      fugit (~> 1.1, >= 1.1.6)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
@ -572,7 +572,7 @@ GEM
      redis (>= 4.2.0)
    sidekiq-bulk (0.2.0)
      sidekiq
-    sidekiq-scheduler (3.1.0)
+    sidekiq-scheduler (3.1.1)
      e2mmap
      redis (>= 3, < 5)
      rufus-scheduler (~> 3.2)
--- a/app/controllers/admin/relationships_controller.rb
+++ b/app/controllers/admin/relationships_controller.rb
@ -9,7 +9,8 @@ module Admin
    def index
      authorize :account, :index?

-      @accounts = RelationshipFilter.new(@account, filter_params).results.page(params[:page]).per(PER_PAGE)
+      @accounts = RelationshipFilter.new(@account, filter_params).results.includes(:account_stat, user: [:ips, :invite_request]).page(params[:page]).per(PER_PAGE)
+      @form     = Form::AccountBatch.new
    end

    private
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -136,16 +136,6 @@ class ApplicationController < ActionController::Base
    @current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?
  end

-  def current_flavour
-    return Setting.flavour unless Themes.instance.flavours.include? current_user&.setting_flavour
-    current_user.setting_flavour
-  end
-
-  def current_skin
-    return Setting.skin unless Themes.instance.skins_for(current_flavour).include? current_user&.setting_skin
-    current_user.setting_skin
-  end
-
  def respond_with_error(code)
    respond_to do |format|
      format.any do
--- a/app/controllers/concerns/theming_concern.rb
+++ b/app/controllers/concerns/theming_concern.rb
@ -10,6 +10,15 @@ module ThemingConcern

  private

+  def current_flavour
+    [current_user&.setting_flavour, Setting.flavour, 'glitch', 'vanilla'].find { |flavour| Themes.instance.flavours.include?(flavour) }
+  end
+
+  def current_skin
+    skins = Themes.instance.skins_for(current_flavour)
+    [current_user&.setting_skin, Setting.skin, 'default'].find { |skin| skins.include?(skin) }
+  end
+
  def valid_pack_data?(data, pack_name)
    data['pack'].is_a?(Hash) && [String, Hash].any? { |c| data['pack'][pack_name].is_a?(c) }
  end
--- a/app/controllers/instance_actors_controller.rb
+++ b/app/controllers/instance_actors_controller.rb
@ -3,6 +3,7 @@
 class InstanceActorsController < ApplicationController
  include AccountControllerConcern

+  skip_before_action :check_account_confirmation
  skip_around_action :set_locale

  def show
--- a/app/views/admin/relationships/index.html.haml
+++ b/app/views/admin/relationships/index.html.haml
@ -24,16 +24,17 @@

 %hr.spacer/

-.table-wrapper
-  %table.table
-    %thead
-      %tr
-        %th= t('admin.accounts.username')
-        %th= t('admin.accounts.role')
-        %th= t('admin.accounts.most_recent_ip')
-        %th= t('admin.accounts.most_recent_activity')
-        %th
-    %tbody
-      = render partial: 'admin/accounts/account', collection: @accounts
+= form_for(@form, url: batch_admin_accounts_path) do |f|
+  .batch-table
+    .batch-table__toolbar
+      %label.batch-table__toolbar__select.batch-checkbox-all
+        = check_box_tag :batch_checkbox_all, nil, false
+      .batch-table__toolbar__actions
+        = f.button safe_join([fa_icon('lock'), t('admin.accounts.perform_full_suspension')]), name: :suspend, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') }
+    .batch-table__body
+      - if @accounts.empty?
+        = nothing_here 'nothing-here--under-tabs'
+      - else
+        = render partial: 'admin/accounts/account', collection: @accounts, locals: { f: f }

 = paginate @accounts
--- a/package.json
+++ b/package.json
@ -101,7 +101,7 @@
    "font-awesome": "^4.7.0",
    "glob": "^7.2.0",
    "history": "^4.10.1",
-    "http-link-header": "^1.0.3",
+    "http-link-header": "^1.0.4",
    "immutable": "^4.0.0",
    "imports-loader": "^1.2.0",
    "intersection-observer": "^0.12.0",
@ -146,7 +146,7 @@
    "react-swipeable-views": "^0.14.0",
    "react-textarea-autosize": "^8.3.3",
    "react-toggle": "^4.1.2",
-    "redis": "^4.0.2",
+    "redis": "^4.0.3",
    "redux": "^4.1.2",
    "redux-immutable": "^4.0.0",
    "redux-thunk": "^2.4.1",
--- a/spec/controllers/instance_actors_controller_spec.rb
+++ b/spec/controllers/instance_actors_controller_spec.rb
@ -0,0 +1,55 @@
+require 'rails_helper'
+
+RSpec.describe InstanceActorsController, type: :controller do
+  describe 'GET #show' do
+    context 'as JSON' do
+      let(:format) { 'json' }
+
+      shared_examples 'shared behavior' do
+        before do
+          get :show, params: { format: format }
+        end
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns application/activity+json' do
+          expect(response.media_type).to eq 'application/activity+json'
+        end
+
+        it 'does not set cookies' do
+          expect(response.cookies).to be_empty
+          expect(response.headers['Set-Cookies']).to be nil
+        end
+
+        it 'does not set sessions' do
+          expect(session).to be_empty
+        end
+
+        it 'returns public Cache-Control header' do
+          expect(response.headers['Cache-Control']).to include 'public'
+        end
+
+        it 'renders account' do
+          json = body_as_json
+          expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :inbox, :outbox, :url)
+        end
+      end
+
+      before do
+        allow(controller).to receive(:authorized_fetch_mode?).and_return(authorized_fetch_mode)
+      end
+
+      context 'without authorized fetch mode' do
+        let(:authorized_fetch_mode) { false }
+        it_behaves_like 'shared behavior'
+      end
+
+      context 'with authorized fetch mode' do
+        let(:authorized_fetch_mode) { true }
+        it_behaves_like 'shared behavior'
+      end
+    end
+  end
+end
--- a/yarn.lock
+++ b/yarn.lock
@ -1384,32 +1384,37 @@
    "@types/yargs" "^16.0.0"
    chalk "^4.0.0"

-"@node-redis/bloom@^1.0.0":
+"@node-redis/bloom@1.0.1":
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/@node-redis/bloom/-/bloom-1.0.1.tgz#144474a0b7dc4a4b91badea2cfa9538ce0a1854e"
  integrity sha512-mXEBvEIgF4tUzdIN89LiYsbi6//EdpFA7L8M+DHCvePXg+bfHWi+ct5VI6nHUFQE5+ohm/9wmgihCH3HSkeKsw==

-"@node-redis/client@^1.0.2":
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/@node-redis/client/-/client-1.0.2.tgz#7f09fb739675728fbc6e73536f7cd1be99bf7b8f"
-  integrity sha512-C+gkx68pmTnxfV+y4pzasvCH3s4UGHNOAUNhdJxGI27aMdnXNDZct7ffDHBL7bAZSGv9FSwCP5PeYvEIEKGbiA==
+"@node-redis/client@1.0.3":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@node-redis/client/-/client-1.0.3.tgz#ece282b7ee07283d744e6ab1fa72f2d47641402c"
+  integrity sha512-IXNgOG99PHGL3NxN3/e8J8MuX+H08I+OMNmheGmZBXngE0IntaCQwwrd7NzmiHA+zH3SKHiJ+6k3P7t7XYknMw==
  dependencies:
    cluster-key-slot "1.1.0"
    generic-pool "3.8.2"
    redis-parser "3.0.0"
    yallist "4.0.0"

-"@node-redis/json@^1.0.2":
+"@node-redis/graph@1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@node-redis/graph/-/graph-1.0.0.tgz#baf8eaac4a400f86ea04d65ec3d65715fd7951ab"
+  integrity sha512-mRSo8jEGC0cf+Rm7q8mWMKKKqkn6EAnA9IA2S3JvUv/gaWW/73vil7GLNwion2ihTptAm05I9LkepzfIXUKX5g==
+
+"@node-redis/json@1.0.2":
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/@node-redis/json/-/json-1.0.2.tgz#8ad2d0f026698dc1a4238cc3d1eb099a3bee5ab8"
  integrity sha512-qVRgn8WfG46QQ08CghSbY4VhHFgaTY71WjpwRBGEuqGPfWwfRcIf3OqSpR7Q/45X+v3xd8mvYjywqh0wqJ8T+g==

-"@node-redis/search@^1.0.2":
+"@node-redis/search@1.0.2":
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/@node-redis/search/-/search-1.0.2.tgz#8cfc91006ea787df801d41410283e1f59027f818"
  integrity sha512-gWhEeji+kTAvzZeguUNJdMSZNH2c5dv3Bci8Nn2f7VGuf6IvvwuZDSBOuOlirLVgayVuWzAG7EhwaZWK1VDnWQ==

-"@node-redis/time-series@^1.0.1":
+"@node-redis/time-series@1.0.1":
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/@node-redis/time-series/-/time-series-1.0.1.tgz#703149f8fa4f6fff377c61a0873911e7c1ba5cc3"
  integrity sha512-+nTn6EewVj3GlUXPuD3dgheWqo219jTxlo6R+pg24OeVvFHx9aFGGiyOgj3vBPhWUdRZ0xMcujXV5ki4fbLyMw==
@ -5481,10 +5486,10 @@ http-errors@~1.6.2:
    setprototypeof "1.1.0"
    statuses ">= 1.4.0 < 2"

-http-link-header@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/http-link-header/-/http-link-header-1.0.3.tgz#abbc2cdc5e06dd7e196a4983adac08a2d085ec90"
-  integrity sha512-nARK1wSKoBBrtcoESlHBx36c1Ln/gnbNQi1eB6MeTUefJIT3NvUOsV15bClga0k38f0q/kN5xxrGSDS3EFnm9w==
+http-link-header@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/http-link-header/-/http-link-header-1.0.4.tgz#f4efc76c6151ed0ba0d1a2d679798a18854a4a99"
+  integrity sha512-Cnv3Q+FF+35avekdnH/ML8dls++tdnSgrvUIWw0YEszrWeLSuw5Iq1vyCVTb5v0rEUgFTy0x4shxXyrO0MDUzw==

 "http-parser-js@>=0.4.0 <0.4.11":
  version "0.4.10"
@ -9157,16 +9162,17 @@ redis-parser@3.0.0:
  dependencies:
    redis-errors "^1.0.0"

-redis@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/redis/-/redis-4.0.2.tgz#096cf716842731a24f34c7c3a996c143e2b133bb"
-  integrity sha512-Ip1DJ/lwuvtJz9AZ6pl1Bv33fWzk5d3iQpGzsXpi04ErkT4fq0pfGOm4k/p9DHmPGieEIOWvJ9xmIeQMooLybg==
+redis@^4.0.3:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/redis/-/redis-4.0.3.tgz#f60931175de6f5b5727240a08e58a9ed5cf0f9de"
+  integrity sha512-SJMRXvgiQUYN0HaWwWv002J5ZgkhYXOlbLomzcrL3kP42yRNZ8Jx5nvLYhVpgmf10xcDpanFOxxJkphu2eyIFQ==
  dependencies:
-    "@node-redis/bloom" "^1.0.0"
-    "@node-redis/client" "^1.0.2"
-    "@node-redis/json" "^1.0.2"
-    "@node-redis/search" "^1.0.2"
-    "@node-redis/time-series" "^1.0.1"
+    "@node-redis/bloom" "1.0.1"
+    "@node-redis/client" "1.0.3"
+    "@node-redis/graph" "1.0.0"
+    "@node-redis/json" "1.0.2"
+    "@node-redis/search" "1.0.2"
+    "@node-redis/time-series" "1.0.1"

 redux-immutable@^4.0.0:
  version "4.0.0"
Author	SHA1	Message	Date
Izalia Mae	aa894bf286	Merge branch 'main' of https://github.com/glitch-soc/mastodon	2022-02-08 09:18:24 -05:00
Claire	b1983623ae	Merge pull request #1679 from ClearlyClaire/glitch-soc/merge-upstream Merge upstream changes	2022-02-06 16:23:57 +01:00
Claire	aa832d623a	Merge branch 'main' into glitch-soc/merge-upstream Conflicts: - `CHANGELOG.md`: Upstream added newlines. Conflicts are because the CHANGELOG was independently merged from 3.4.6 on last security update. Took upstream's version. - `app/helpers/context_helper.rb`: Conflicts because of extra vocabulary in glitch-soc. The conflicts were actually handled in last security merge. Kept our version.	2022-02-06 15:34:42 +01:00
Claire	92658f0fb0	Fix instance actor not being dereferenceable (#17457 ) * Add tests * Fix instance actor not being dereferenceable * Fix tests * Fix tests for real	2022-02-06 15:31:03 +01:00
potpro	097c4903f1	Update build-image.yml (#17454 )	2022-02-05 17:29:54 +01:00
Claire	24d1ddcc24	Merge pull request #1678 from ClearlyClaire/glitch-soc/fixes/robust-theme-fallback Make theme-selection fall back to default ones if configured is not found	2022-02-05 13:24:05 +01:00
Claire	08f44d1953	Move glitch-soc-specific theming methods to ThemingConcern	2022-02-05 10:58:51 +01:00
Claire	5f48ec9e42	Make theme-selection fall back to default ones if configured is not found	2022-02-05 10:29:27 +01:00
Eugen Rochko	e03e7ac290	Fix error on account relationships page in admin UI (#17444 )	2022-02-05 05:06:34 +01:00
dependabot[bot]	6a649e9131	Bump brakeman from 5.2.0 to 5.2.1 (#17410 ) Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1) --- updated-dependencies: - dependency-name: brakeman dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-02-05 13:03:12 +09:00
dependabot[bot]	bfe5ad5fee	Bump redis from 4.0.2 to 4.0.3 (#17412 ) Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/redis/node-redis/releases) - [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-02-05 13:03:06 +09:00
dependabot[bot]	e001e116da	Bump sidekiq-scheduler from 3.1.0 to 3.1.1 (#17407 ) Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases) - [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: sidekiq-scheduler dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-02-05 13:02:57 +09:00
dependabot[bot]	e0263c7369	Bump http-link-header from 1.0.3 to 1.0.4 (#17414 ) Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4. - [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases) - [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md) - [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4) --- updated-dependencies: - dependency-name: http-link-header dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-02-05 13:02:42 +09:00
Alexandra Catalina	50ab3f3dcb	Update tootsuite/mastodon Docker tag to v3.4.6 (#17436 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2022-02-03 21:29:20 +01:00
Eugen Rochko	3413f1c44b	Forward-port version bump to 3.4.6 (#17434 )	2022-02-03 14:21:38 +01:00
Claire	c8b1e72a4f	Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428 )	2022-02-03 14:09:04 +01:00
Claire	948235592a	Fix response_to_recipient? CTE (#17427 )	2022-02-03 14:07:43 +01:00
Claire	d1ecc323e7	Compact JSON-LD signed incoming activities (#17426 ) Co-authored-by: Puck Meerburg <puck@puck.moe>	2022-02-03 14:07:29 +01:00