From: Thibaut Girka Date: Tue, 9 Jun 2020 08:39:20 +0000 (+0200) Subject: Merge branch 'master' into glitch-soc/merge-upstream X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=12c8ac9e1443d352eca3538ed1558de8ccdd9434;p=mastodon.git Merge branch 'master' into glitch-soc/merge-upstream Conflicts: - `app/controllers/activitypub/collections_controller.rb`: Conflict due to glitch-soc having to take care of local-only pinned toots in that controller. Took upstream's changes and restored the local-only special handling. - `app/controllers/auth/sessions_controller.rb`: Minor conflicts due to the theming system, applied upstream changes, adapted the following two files for glitch-soc's theming system: - `app/controllers/concerns/sign_in_token_authentication_concern.rb` - `app/controllers/concerns/two_factor_authentication_concern.rb` - `app/services/backup_service.rb`: Minor conflict due to glitch-soc having to handle local-only toots specially. Applied upstream changes and restored the local-only special handling. - `app/views/admin/custom_emojis/index.html.haml`: Minor conflict due to the theming system. - `package.json`: Upstream dependency updated, too close to a glitch-soc-only dependency in the file. - `yarn.lock`: Upstream dependency updated, too close to a glitch-soc-only dependency in the file. --- 12c8ac9e1443d352eca3538ed1558de8ccdd9434 diff --cc app/controllers/activitypub/collections_controller.rb index 9ca216e4f,380de54f5..e62fba748 --- a/app/controllers/activitypub/collections_controller.rb +++ b/app/controllers/activitypub/collections_controller.rb @@@ -16,9 -17,25 +17,25 @@@ class ActivityPub::CollectionsControlle private - def set_statuses - @statuses = scope_for_collection - @statuses = cache_collection(@statuses, Status) + def set_items + case params[:id] + when 'featured' + @items = begin + # Because in public fetch mode we cache the response, there would be no + # benefit from performing the check below, since a blocked account or domain + # would likely be served the cache from the reverse proxy anyway + + if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain))) + [] + else - cache_collection(@account.pinned_statuses, Status) ++ cache_collection(@account.pinned_statuses.not_local_only, Status) + end + end + when 'devices' + @items = @account.devices + else + not_found + end end def set_size diff --cc app/controllers/auth/sessions_controller.rb index c36561b86,2415e2ef3..c54f6643a --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@@ -8,8 -8,8 +8,10 @@@ class Auth::SessionsController < Devise skip_before_action :require_no_authentication, only: [:create] skip_before_action :require_functional! + prepend_before_action :set_pack - prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] ++ + include TwoFactorAuthenticationConcern + include SignInTokenAuthenticationConcern before_action :set_instance_presenter, only: [:new] before_action :set_body_classes diff --cc app/controllers/concerns/sign_in_token_authentication_concern.rb index 000000000,a177aacaf..88c009b19 mode 000000,100644..100644 --- a/app/controllers/concerns/sign_in_token_authentication_concern.rb +++ b/app/controllers/concerns/sign_in_token_authentication_concern.rb @@@ -1,0 -1,49 +1,50 @@@ + # frozen_string_literal: true + + module SignInTokenAuthenticationConcern + extend ActiveSupport::Concern + + included do + prepend_before_action :authenticate_with_sign_in_token, if: :sign_in_token_required?, only: [:create] + end + + def sign_in_token_required? + find_user&.suspicious_sign_in?(request.remote_ip) + end + + def valid_sign_in_token_attempt?(user) + Devise.secure_compare(user.sign_in_token, user_params[:sign_in_token_attempt]) + end + + def authenticate_with_sign_in_token + user = self.resource = find_user + + if user_params[:sign_in_token_attempt].present? && session[:attempt_user_id] + authenticate_with_sign_in_token_attempt(user) + elsif user.present? && user.external_or_valid_password?(user_params[:password]) + prompt_for_sign_in_token(user) + end + end + + def authenticate_with_sign_in_token_attempt(user) + if valid_sign_in_token_attempt?(user) + session.delete(:attempt_user_id) + remember_me(user) + sign_in(user) + else + flash.now[:alert] = I18n.t('users.invalid_sign_in_token') + prompt_for_sign_in_token(user) + end + end + + def prompt_for_sign_in_token(user) + if user.sign_in_token_expired? + user.generate_sign_in_token && user.save + UserMailer.sign_in_token(user, request.remote_ip, request.user_agent, Time.now.utc.to_s).deliver_later! + end + + session[:attempt_user_id] = user.id ++ use_pack 'auth' + @body_classes = 'lighter' + render :sign_in_token + end + end diff --cc app/controllers/concerns/two_factor_authentication_concern.rb index 000000000,cdd8d14af..0d9f87455 mode 000000,100644..100644 --- a/app/controllers/concerns/two_factor_authentication_concern.rb +++ b/app/controllers/concerns/two_factor_authentication_concern.rb @@@ -1,0 -1,47 +1,48 @@@ + # frozen_string_literal: true + + module TwoFactorAuthenticationConcern + extend ActiveSupport::Concern + + included do + prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] + end + + def two_factor_enabled? + find_user&.otp_required_for_login? + end + + def valid_otp_attempt?(user) + user.validate_and_consume_otp!(user_params[:otp_attempt]) || + user.invalidate_otp_backup_code!(user_params[:otp_attempt]) + rescue OpenSSL::Cipher::CipherError + false + end + + def authenticate_with_two_factor + user = self.resource = find_user + + if user_params[:otp_attempt].present? && session[:attempt_user_id] + authenticate_with_two_factor_attempt(user) + elsif user.present? && user.external_or_valid_password?(user_params[:password]) + prompt_for_two_factor(user) + end + end + + def authenticate_with_two_factor_attempt(user) + if valid_otp_attempt?(user) + session.delete(:attempt_user_id) + remember_me(user) + sign_in(user) + else + flash.now[:alert] = I18n.t('users.invalid_otp_token') + prompt_for_two_factor(user) + end + end + + def prompt_for_two_factor(user) + session[:attempt_user_id] = user.id ++ use_pack 'auth' + @body_classes = 'lighter' + render :two_factor + end + end diff --cc app/models/user.rb index c8dbd2fd3,306e2d435..a05d98d88 --- a/app/models/user.rb +++ b/app/models/user.rb @@@ -107,14 -109,13 +109,14 @@@ class User < ApplicationRecor has_many :session_activations, dependent: :destroy - delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :delete_modal, - :reduce_motion, :system_font_ui, :noindex, :theme, :display_media, :hide_network, + delegate :auto_play_gif, :default_sensitive, :unfollow_modal, :boost_modal, :favourite_modal, :delete_modal, + :reduce_motion, :system_font_ui, :noindex, :flavour, :skin, :display_media, :hide_network, :hide_followers_count, :expand_spoilers, :default_language, :aggregate_reblogs, :show_application, :advanced_layout, :use_blurhash, :use_pending_items, :trends, :crop_images, + :default_content_type, :system_emoji_font, to: :settings, prefix: :setting, allow_nil: false - attr_reader :invite_code + attr_reader :invite_code, :sign_in_token_attempt attr_writer :external def confirmed? @@@ -168,8 -169,12 +170,12 @@@ true end + def suspicious_sign_in?(ip) + !otp_required_for_login? && current_sign_in_at.present? && current_sign_in_at < 2.weeks.ago && !recent_ip?(ip) + end + def functional? - confirmed? && approved? && !disabled? && !account.suspended? && account.moved_to_account_id.nil? + confirmed? && approved? && !disabled? && !account.suspended? end def unconfirmed_or_pending? diff --cc app/services/backup_service.rb index 989fd6784,6a1575616..749c84736 --- a/app/services/backup_service.rb +++ b/app/services/backup_service.rb @@@ -22,7 -22,7 +22,7 @@@ class BackupService < BaseServic account.statuses.with_includes.reorder(nil).find_in_batches do |statuses| statuses.each do |status| - item = serialize_payload(status, ActivityPub::ActivitySerializer, signer: @account, allow_local_only: true) - item = serialize_payload(ActivityPub::ActivityPresenter.from_status(status), ActivityPub::ActivitySerializer, signer: @account) ++ item = serialize_payload(ActivityPub::ActivityPresenter.from_status(status), ActivityPub::ActivitySerializer, signer: @account, allow_local_only: true) item.delete(:'@context') unless item[:type] == 'Announce' || item[:object][:attachment].blank? diff --cc app/views/admin/custom_emojis/index.html.haml index d3705a36e,c96a1ce00..45cb7bee0 --- a/app/views/admin/custom_emojis/index.html.haml +++ b/app/views/admin/custom_emojis/index.html.haml @@@ -1,8 -1,12 +1,9 @@@ - content_for :page_title do = t('admin.custom_emojis.title') - - content_for :heading_actions do - = link_to t('admin.custom_emojis.upload'), new_admin_custom_emoji_path, class: 'button' -- content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' - + - if can?(:create, :custom_emoji) + - content_for :heading_actions do + = link_to t('admin.custom_emojis.upload'), new_admin_custom_emoji_path, class: 'button' .filters .filter-subset diff --cc package.json index 53937fab4,65be5a041..afb16618f --- a/package.json +++ b/package.json @@@ -73,8 -72,7 +73,8 @@@ "@rails/ujs": "^6.0.3", "array-includes": "^3.1.1", "arrow-key-navigation": "^1.1.0", + "atrament": "0.2.4", - "autoprefixer": "^9.7.6", + "autoprefixer": "^9.8.0", "axios": "^0.19.2", "babel-loader": "^8.1.0", "babel-plugin-lodash": "^3.3.4", @@@ -96,8 -94,7 +96,8 @@@ "escape-html": "^1.0.3", "exif-js": "^2.3.0", "express": "^4.17.1", + "favico.js": "^0.3.10", - "file-loader": "^5.1.0", + "file-loader": "^6.0.0", "font-awesome": "^4.7.0", "glob": "^7.1.6", "history": "^4.10.1", diff --cc yarn.lock index 08dfacf7a,06b9c5b18..d08113ec8 --- a/yarn.lock +++ b/yarn.lock @@@ -1933,18 -2060,13 +2060,18 @@@ atob@^2.1.2 resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9" integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg== +atrament@0.2.4: + version "0.2.4" + resolved "https://registry.yarnpkg.com/atrament/-/atrament-0.2.4.tgz#6f78196edfcd194e568b7c0b9c88201ec371ac66" + integrity sha512-hSA9VwW6COMwvRhSEO4uZweZ91YGOdHqwvslNyrJZG+8mzc4qx/qMsDZBuAeXFeWZO/QKtRjIXguOUy1aNMl3A== + - autoprefixer@^9.7.6: - version "9.7.6" - resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-9.7.6.tgz#63ac5bbc0ce7934e6997207d5bb00d68fa8293a4" - integrity sha512-F7cYpbN7uVVhACZTeeIeealwdGM6wMtfWARVLTy5xmKtgVdBNJvbDRoCK3YO1orcs7gv/KwYlb3iXwu9Ug9BkQ== + autoprefixer@^9.8.0: + version "9.8.0" + resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-9.8.0.tgz#68e2d2bef7ba4c3a65436f662d0a56a741e56511" + integrity sha512-D96ZiIHXbDmU02dBaemyAg53ez+6F5yZmapmgKcjm35yEe1uVDYI8hGW3VYoGRaG290ZFf91YxHrR518vC0u/A== dependencies: - browserslist "^4.11.1" - caniuse-lite "^1.0.30001039" + browserslist "^4.12.0" + caniuse-lite "^1.0.30001061" chalk "^2.4.2" normalize-range "^0.1.2" num2fraction "^1.2.2" @@@ -4494,11 -4621,13 +4626,18 @@@ fast-levenshtein@~2.0.6 resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc= +favico.js@^0.3.10: + version "0.3.10" + resolved "https://registry.yarnpkg.com/favico.js/-/favico.js-0.3.10.tgz#80586e27a117f24a8d51c18a99bdc714d4339301" + integrity sha1-gFhuJ6EX8kqNUcGKmb3HFNQzkwE= + + fastq@^1.6.0: + version "1.8.0" + resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.8.0.tgz#550e1f9f59bbc65fe185cb6a9b4d95357107f481" + integrity sha512-SMIZoZdLh/fgofivvIkmknUXyPnvxRE3DhtZ5Me3Mrsk5gyPL42F0xr51TdRXskBxHfMp+07bcYzfsYEsSQA9Q== + dependencies: + reusify "^1.0.4" + faye-websocket@^0.10.0: version "0.10.0" resolved "https://registry.yarnpkg.com/faye-websocket/-/faye-websocket-0.10.0.tgz#4e492f8d04dfb6f89003507f6edbf2d501e7c6f4"