Browse Source

Merge tag 'v3.1.5'

Mike Barnes 3 weeks ago
parent
commit
45e447c6aa
100 changed files with 834 additions and 569 deletions
  1. 68
    65
      .circleci/config.yml
  2. 1
    1
      .codeclimate.yml
  3. 18
    0
      .dependabot/config.yml
  4. 2
    2
      .env.production.sample
  5. 1
    1
      .gitignore
  6. 2
    2
      .rubocop.yml
  7. 1
    1
      .ruby-version
  8. 147
    0
      CHANGELOG.md
  9. 3
    3
      Dockerfile
  10. 27
    26
      Gemfile
  11. 213
    204
      Gemfile.lock
  12. 3
    3
      README.md
  13. 1
    1
      Vagrantfile
  14. 5
    0
      app/chewy/statuses_index.rb
  15. 1
    1
      app/controllers/account_follow_controller.rb
  16. 10
    10
      app/controllers/accounts_controller.rb
  17. 10
    7
      app/controllers/activitypub/collections_controller.rb
  18. 1
    1
      app/controllers/activitypub/inboxes_controller.rb
  19. 3
    3
      app/controllers/activitypub/outboxes_controller.rb
  20. 15
    6
      app/controllers/activitypub/replies_controller.rb
  21. 12
    2
      app/controllers/admin/action_logs_controller.rb
  22. 25
    3
      app/controllers/admin/email_domain_blocks_controller.rb
  23. 1
    1
      app/controllers/admin/instances_controller.rb
  24. 21
    0
      app/controllers/admin/site_uploads_controller.rb
  25. 3
    3
      app/controllers/admin/warning_presets_controller.rb
  26. 4
    0
      app/controllers/api/base_controller.rb
  27. 2
    4
      app/controllers/api/v1/accounts/follower_accounts_controller.rb
  28. 2
    4
      app/controllers/api/v1/accounts/following_accounts_controller.rb
  29. 0
    2
      app/controllers/api/v1/accounts/identity_proofs_controller.rb
  30. 0
    2
      app/controllers/api/v1/accounts/lists_controller.rb
  31. 0
    2
      app/controllers/api/v1/accounts/pins_controller.rb
  32. 0
    2
      app/controllers/api/v1/accounts/relationships_controller.rb
  33. 0
    2
      app/controllers/api/v1/accounts/search_controller.rb
  34. 0
    2
      app/controllers/api/v1/accounts/statuses_controller.rb
  35. 2
    2
      app/controllers/api/v1/accounts_controller.rb
  36. 0
    2
      app/controllers/api/v1/apps/credentials_controller.rb
  37. 0
    2
      app/controllers/api/v1/blocks_controller.rb
  38. 0
    2
      app/controllers/api/v1/bookmarks_controller.rb
  39. 0
    2
      app/controllers/api/v1/conversations_controller.rb
  40. 0
    2
      app/controllers/api/v1/custom_emojis_controller.rb
  41. 0
    2
      app/controllers/api/v1/domain_blocks_controller.rb
  42. 0
    2
      app/controllers/api/v1/endorsements_controller.rb
  43. 0
    2
      app/controllers/api/v1/favourites_controller.rb
  44. 0
    3
      app/controllers/api/v1/featured_tags/suggestions_controller.rb
  45. 0
    2
      app/controllers/api/v1/filters_controller.rb
  46. 0
    2
      app/controllers/api/v1/instances/activity_controller.rb
  47. 0
    2
      app/controllers/api/v1/instances/peers_controller.rb
  48. 0
    2
      app/controllers/api/v1/instances_controller.rb
  49. 23
    8
      app/controllers/api/v1/media_controller.rb
  50. 0
    2
      app/controllers/api/v1/mutes_controller.rb
  51. 0
    2
      app/controllers/api/v1/notifications_controller.rb
  52. 1
    3
      app/controllers/api/v1/polls/votes_controller.rb
  53. 1
    3
      app/controllers/api/v1/polls_controller.rb
  54. 0
    2
      app/controllers/api/v1/preferences_controller.rb
  55. 6
    5
      app/controllers/api/v1/push/subscriptions_controller.rb
  56. 1
    1
      app/controllers/api/v1/reports_controller.rb
  57. 0
    2
      app/controllers/api/v1/statuses/bookmarks_controller.rb
  58. 0
    2
      app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
  59. 0
    2
      app/controllers/api/v1/statuses/favourites_controller.rb
  60. 1
    4
      app/controllers/api/v1/statuses/mutes_controller.rb
  61. 0
    2
      app/controllers/api/v1/statuses/pins_controller.rb
  62. 0
    2
      app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
  63. 2
    1
      app/controllers/api/v1/statuses/reblogs_controller.rb
  64. 12
    4
      app/controllers/api/v1/statuses_controller.rb
  65. 0
    2
      app/controllers/api/v1/streaming_controller.rb
  66. 0
    2
      app/controllers/api/v1/suggestions_controller.rb
  67. 0
    2
      app/controllers/api/v1/timelines/home_controller.rb
  68. 2
    4
      app/controllers/api/v1/timelines/public_controller.rb
  69. 0
    2
      app/controllers/api/v1/timelines/tag_controller.rb
  70. 0
    2
      app/controllers/api/v1/trends_controller.rb
  71. 12
    0
      app/controllers/api/v2/media_controller.rb
  72. 0
    2
      app/controllers/api/v2/search_controller.rb
  73. 0
    2
      app/controllers/api/web/embeds_controller.rb
  74. 0
    2
      app/controllers/api/web/push_subscriptions_controller.rb
  75. 0
    2
      app/controllers/api/web/settings_controller.rb
  76. 5
    0
      app/controllers/application_controller.rb
  77. 4
    1
      app/controllers/auth/passwords_controller.rb
  78. 7
    1
      app/controllers/auth/registrations_controller.rb
  79. 7
    0
      app/controllers/auth/sessions_controller.rb
  80. 1
    1
      app/controllers/authorize_interactions_controller.rb
  81. 1
    13
      app/controllers/concerns/localized.rb
  82. 15
    1
      app/controllers/concerns/rate_limit_headers.rb
  83. 10
    1
      app/controllers/follower_accounts_controller.rb
  84. 10
    1
      app/controllers/following_accounts_controller.rb
  85. 3
    1
      app/controllers/home_controller.rb
  86. 1
    1
      app/controllers/media_controller.rb
  87. 4
    1
      app/controllers/media_proxy_controller.rb
  88. 1
    1
      app/controllers/remote_interaction_controller.rb
  89. 8
    4
      app/controllers/settings/identity_proofs_controller.rb
  90. 1
    1
      app/controllers/settings/imports_controller.rb
  91. 37
    0
      app/controllers/settings/pictures_controller.rb
  92. 1
    1
      app/controllers/statuses_controller.rb
  93. 7
    2
      app/controllers/tags_controller.rb
  94. 2
    73
      app/helpers/admin/action_logs_helper.rb
  95. 1
    0
      app/helpers/admin/filter_helper.rb
  96. 11
    0
      app/helpers/admin/settings_helper.rb
  97. 3
    3
      app/helpers/home_helper.rb
  98. 10
    0
      app/helpers/settings_helper.rb
  99. 19
    0
      app/helpers/webfinger_helper.rb
  100. 0
    0
      app/javascript/images/logo_transparent_white.svg

+ 68
- 65
.circleci/config.yml View File

@@ -5,11 +5,13 @@ aliases:
5 5
     docker:
6 6
       - image: circleci/ruby:2.7-buster-node
7 7
         environment: &ruby_environment
8
+          BUNDLE_JOBS: 3
9
+          BUNDLE_RETRY: 3
8 10
           BUNDLE_APP_CONFIG: ./.bundle/
11
+          BUNDLE_PATH: ./vendor/bundle/
9 12
           DB_HOST: localhost
10 13
           DB_USER: root
11 14
           RAILS_ENV: test
12
-          PARALLEL_TEST_PROCESSORS: 4
13 15
           ALLOW_NOPAM: true
14 16
           CONTINUOUS_INTEGRATION: true
15 17
           DISABLE_SIMPLECOV: true
@@ -31,9 +33,9 @@ aliases:
31 33
   - &restore_ruby_dependencies
32 34
     restore_cache:
33 35
       keys:
34
-        - v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
35
-        - v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
36
-        - v2-ruby-dependencies-
36
+        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
37
+        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
38
+        - v3-ruby-dependencies-
37 39
 
38 40
   - &install_steps
39 41
     steps:
@@ -41,11 +43,13 @@ aliases:
41 43
       - *attach_workspace
42 44
       - restore_cache:
43 45
           keys:
44
-            - v1-node-dependencies-{{ checksum "yarn.lock" }}
45
-            - v1-node-dependencies-
46
-      - run: yarn install --frozen-lockfile
46
+            - v2-node-dependencies-{{ checksum "yarn.lock" }}
47
+            - v2-node-dependencies-
48
+      - run:
49
+          name: Install yarn dependencies
50
+          command: yarn install --frozen-lockfile
47 51
       - save_cache:
48
-          key: v1-node-dependencies-{{ checksum "yarn.lock" }}
52
+          key: v2-node-dependencies-{{ checksum "yarn.lock" }}
49 53
           paths:
50 54
             - ./node_modules/
51 55
       - *persist_to_workspace
@@ -56,27 +60,28 @@ aliases:
56 60
         command: |
57 61
           sudo apt-get update
58 62
           sudo apt-get install -y libicu-dev libidn11-dev libprotobuf-dev protobuf-compiler
59
-          
60
-          ## TODO: FIX THESE BUSTER DEPENDANCES
61
-          sudo wget http://ftp.au.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u3_amd64.deb
62
-          sudo dpkg -i libicu57_57.1-6+deb9u3_amd64.deb
63
-          sudo wget http://ftp.au.debian.org/debian/pool/main/p/protobuf/libprotobuf10_3.0.0-9_amd64.deb
64
-          sudo dpkg -i libprotobuf10_3.0.0-9_amd64.deb
65 63
 
66 64
   - &install_ruby_dependencies
67 65
       steps:
68 66
         - *attach_workspace
69 67
         - *install_system_dependencies
70
-        - run: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
68
+        - run:
69
+            name: Set Ruby version
70
+            command: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
71 71
         - *restore_ruby_dependencies
72
-        - run: bundle config set clean 'true'
73
-        - run: bundle config set deployment 'true'
74
-        - run: bundle config set with 'pam_authentication'
75
-        - run: bundle config set without 'development production'
76
-        - run: bundle config set frozen 'true'
77
-        - run: bundle install --jobs 16 --retry 3 && bundle clean
72
+        - run:
73
+            name: Set bundler settings
74
+            command: |
75
+              bundle config clean 'true'
76
+              bundle config deployment 'true'
77
+              bundle config with 'pam_authentication'
78
+              bundle config without 'development production'
79
+              bundle config frozen 'true'
80
+        - run:
81
+            name: Install bundler dependencies
82
+            command: bundle check || (bundle install && bundle clean)
78 83
         - save_cache:
79
-            key: v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
84
+            key: v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
80 85
             paths:
81 86
               - ./.bundle/
82 87
               - ./vendor/bundle/
@@ -87,17 +92,26 @@ aliases:
87 92
                 - ./mastodon/vendor/bundle/
88 93
 
89 94
   - &test_steps
95
+      parallelism: 4
90 96
       steps:
91 97
         - *attach_workspace
92 98
         - *install_system_dependencies
93
-        - run: sudo apt-get install -y ffmpeg
94 99
         - run:
95
-            name: Prepare Tests
96
-            command: ./bin/rails parallel:create parallel:load_schema parallel:prepare
100
+            name: Install FFMPEG
101
+            command: sudo apt-get install -y ffmpeg
97 102
         - run:
98
-            name: Run Tests
99
-            command: ./bin/retry bundle exec parallel_test ./spec/ --group-by filesize --type rspec
100
-
103
+            name: Load database schema
104
+            command: ./bin/rails db:create db:schema:load db:seed
105
+        - run:
106
+            name: Run rspec in parallel
107
+            command: |
108
+              bundle exec rspec --profile 10 \
109
+                                --format RspecJunitFormatter \
110
+                                --out test_results/rspec.xml \
111
+                                --format progress \
112
+                                $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
113
+        - store_test_results:
114
+            path: test_results
101 115
 jobs:
102 116
   install:
103 117
     <<: *defaults
@@ -114,19 +128,14 @@ jobs:
114 128
         environment: *ruby_environment
115 129
     <<: *install_ruby_dependencies
116 130
 
117
-  install-ruby2.5:
118
-    <<: *defaults
119
-    docker:
120
-      - image: circleci/ruby:2.5-buster-node
121
-        environment: *ruby_environment
122
-    <<: *install_ruby_dependencies
123
-
124 131
   build:
125 132
     <<: *defaults
126 133
     steps:
127 134
       - *attach_workspace
128 135
       - *install_system_dependencies
129
-      - run: ./bin/rails assets:precompile
136
+      - run:
137
+          name: Precompile assets
138
+          command: ./bin/rails assets:precompile
130 139
       - persist_to_workspace:
131 140
           root: ~/projects/
132 141
           paths:
@@ -138,28 +147,30 @@ jobs:
138 147
     docker:
139 148
       - image: circleci/ruby:2.7-buster-node
140 149
         environment: *ruby_environment
141
-      - image: circleci/postgres:10.6-alpine
150
+      - image: circleci/postgres:12.2
142 151
         environment:
143 152
           POSTGRES_USER: root
153
+          POSTGRES_HOST_AUTH_METHOD: trust
144 154
       - image: circleci/redis:5-alpine
145 155
     steps:
146 156
       - *attach_workspace
147 157
       - *install_system_dependencies
148 158
       - run:
149 159
           name: Create database
150
-          command: ./bin/rails parallel:create
160
+          command: ./bin/rails db:create
151 161
       - run:
152 162
           name: Run migrations
153
-          command: ./bin/rails parallel:migrate
163
+          command: ./bin/rails db:migrate
154 164
 
155 165
   test-ruby2.7:
156 166
     <<: *defaults
157 167
     docker:
158 168
       - image: circleci/ruby:2.7-buster-node
159 169
         environment: *ruby_environment
160
-      - image: circleci/postgres:10.6-alpine
170
+      - image: circleci/postgres:12.2
161 171
         environment:
162 172
           POSTGRES_USER: root
173
+          POSTGRES_HOST_AUTH_METHOD: trust
163 174
       - image: circleci/redis:5-alpine
164 175
     <<: *test_steps
165 176
 
@@ -168,20 +179,10 @@ jobs:
168 179
     docker:
169 180
       - image: circleci/ruby:2.6-buster-node
170 181
         environment: *ruby_environment
171
-      - image: circleci/postgres:10.6-alpine
172
-        environment:
173
-          POSTGRES_USER: root
174
-      - image: circleci/redis:5-alpine
175
-    <<: *test_steps
176
-
177
-  test-ruby2.5:
178
-    <<: *defaults
179
-    docker:
180
-      - image: circleci/ruby:2.5-buster-node
181
-        environment: *ruby_environment
182
-      - image: circleci/postgres:10.6-alpine
182
+      - image: circleci/postgres:12.2
183 183
         environment:
184 184
           POSTGRES_USER: root
185
+          POSTGRES_HOST_AUTH_METHOD: trust
185 186
       - image: circleci/redis:5-alpine
186 187
     <<: *test_steps
187 188
 
@@ -191,17 +192,27 @@ jobs:
191 192
       - image: circleci/node:12-buster
192 193
     steps:
193 194
       - *attach_workspace
194
-      - run: ./bin/retry yarn test:jest
195
+      - run:
196
+          name: Run jest
197
+          command: yarn test:jest
195 198
 
196 199
   check-i18n:
197 200
     <<: *defaults
198 201
     steps:
199 202
       - *attach_workspace
200 203
       - *install_system_dependencies
201
-      - run: bundle exec i18n-tasks check-normalized
202
-      - run: bundle exec i18n-tasks unused -l en
203
-      - run: bundle exec i18n-tasks check-consistent-interpolations
204
-      - run: bundle exec rake repo:check_locales_files
204
+      - run:
205
+          name: Check locale file normalization
206
+          command: bundle exec i18n-tasks check-normalized
207
+      - run:
208
+          name: Check for unused strings
209
+          command: bundle exec i18n-tasks unused -l en
210
+      - run:
211
+          name: Check for wrong string interpolations
212
+          command: bundle exec i18n-tasks check-consistent-interpolations
213
+      - run:
214
+          name: Check that all required locale files exist
215
+          command: bundle exec rake repo:check_locales_files
205 216
 
206 217
 workflows:
207 218
   version: 2
@@ -215,10 +226,6 @@ workflows:
215 226
           requires:
216 227
             - install
217 228
             - install-ruby2.7
218
-      - install-ruby2.5:
219
-          requires:
220
-            - install
221
-            - install-ruby2.7
222 229
       - build:
223 230
           requires:
224 231
             - install-ruby2.7
@@ -233,10 +240,6 @@ workflows:
233 240
           requires:
234 241
             - install-ruby2.6
235 242
             - build
236
-      - test-ruby2.5:
237
-          requires:
238
-            - install-ruby2.5
239
-            - build
240 243
       - test-webui:
241 244
           requires:
242 245
             - install

+ 1
- 1
.codeclimate.yml View File

@@ -30,7 +30,7 @@ plugins:
30 30
     channel: eslint-6
31 31
   rubocop:
32 32
     enabled: true
33
-    channel: rubocop-0-76
33
+    channel: rubocop-0-82
34 34
   sass-lint:
35 35
     enabled: true
36 36
 exclude_patterns:

+ 18
- 0
.dependabot/config.yml View File

@@ -4,7 +4,25 @@ update_configs:
4 4
   - package_manager: "ruby:bundler"
5 5
     directory: "/"
6 6
     update_schedule: "weekly"
7
+    # Supported update schedule: live daily weekly monthly
8
+    version_requirement_updates: "auto"
9
+    # Supported version requirements: auto widen_ranges increase_versions increase_versions_if_necessary
10
+    allowed_updates:
11
+      - match:
12
+          dependency_type: "all"
13
+          # Supported dependency types: all indirect direct production development
14
+          update_type: "all"
15
+          # Supported update types: all security
7 16
 
8 17
   - package_manager: "javascript"
9 18
     directory: "/"
10 19
     update_schedule: "weekly"
20
+    # Supported update schedule: live daily weekly monthly
21
+    version_requirement_updates: "auto"
22
+    # Supported version requirements: auto widen_ranges increase_versions increase_versions_if_necessary
23
+    allowed_updates:
24
+      - match:
25
+          dependency_type: "all"
26
+          # Supported dependency types: all indirect direct production development
27
+          update_type: "all"
28
+          # Supported update types: all security

+ 2
- 2
.env.production.sample View File

@@ -33,7 +33,7 @@ LOCAL_DOMAIN=example.com
33 33
 # ALTERNATE_DOMAINS=example1.com,example2.com
34 34
 
35 35
 # Application secrets
36
-# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
36
+# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web bundle exec rake secret` if you use docker compose)
37 37
 SECRET_KEY_BASE=
38 38
 OTP_SECRET=
39 39
 
@@ -42,7 +42,7 @@ OTP_SECRET=
42 42
 # You should only generate this once per instance. If you later decide to change it, all push subscription will
43 43
 # be invalidated, requiring the users to access the website again to resubscribe.
44 44
 #
45
-# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
45
+# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key` if you use docker compose)
46 46
 #
47 47
 # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
48 48
 VAPID_PRIVATE_KEY=

+ 1
- 1
.gitignore View File

@@ -58,7 +58,7 @@ yarn-error.log
58 58
 yarn-debug.log
59 59
 
60 60
 # Ignore vagrant log files
61
-ubuntu-xenial-16.04-cloudimg-console.log
61
+*-cloudimg-console.log
62 62
 
63 63
 # Ignore Docker option files
64 64
 docker-compose.override.yml

+ 2
- 2
.rubocop.yml View File

@@ -2,7 +2,7 @@ require:
2 2
   - rubocop-rails
3 3
 
4 4
 AllCops:
5
-  TargetRubyVersion: 2.3
5
+  TargetRubyVersion: 2.4
6 6
   Exclude:
7 7
   - 'spec/**/*'
8 8
   - 'db/**/*'
@@ -46,7 +46,7 @@ Metrics/ClassLength:
46 46
 Metrics/CyclomaticComplexity:
47 47
   Max: 25
48 48
 
49
-Metrics/LineLength:
49
+Layout/LineLength:
50 50
   AllowURI: true
51 51
   Enabled: false
52 52
 

+ 1
- 1
.ruby-version View File

@@ -1 +1 @@
1
-2.6.5
1
+2.6.6

+ 147
- 0
CHANGELOG.md View File

@@ -3,6 +3,153 @@ Changelog
3 3
 
4 4
 All notable changes to this project will be documented in this file.
5 5
 
6
+## [v3.1.5] - 2020-07-07
7
+### Security
8
+
9
+- Fix media attachment enumeration ([ThibG](https://github.com/tootsuite/mastodon/pull/14254))
10
+- Change rate limits for various paths ([Gargron](https://github.com/tootsuite/mastodon/pull/14253))
11
+- Fix other sessions not being logged out on password change ([Gargron](https://github.com/tootsuite/mastodon/pull/14252))
12
+
13
+## [v3.1.4] - 2020-05-14
14
+### Added
15
+
16
+- Add `vi` to available locales ([taicv](https://github.com/tootsuite/mastodon/pull/13542))
17
+- Add ability to remove identity proofs from account ([Gargron](https://github.com/tootsuite/mastodon/pull/13682))
18
+- Add ability to exclude local content from federated timeline ([noellabo](https://github.com/tootsuite/mastodon/pull/13504), [noellabo](https://github.com/tootsuite/mastodon/pull/13745))
19
+  - Add `remote` param to `GET /api/v1/timelines/public` REST API
20
+  - Add `public/remote` / `public:remote` variants to streaming API
21
+  - "Remote only" option in federated timeline column settings in web UI
22
+- Add ability to exclude remote content from hashtag timelines in web UI ([noellabo](https://github.com/tootsuite/mastodon/pull/13502))
23
+  - No changes to REST API
24
+  - "Local only" option in hashtag column settings in web UI
25
+- Add Capistrano tasks that reload the services after deploying ([berkes](https://github.com/tootsuite/mastodon/pull/12642))
26
+- Add `invites_enabled` attribute to `GET /api/v1/instance` in REST API ([ThibG](https://github.com/tootsuite/mastodon/pull/13501))
27
+- Add `tootctl emoji export` command ([lfuelling](https://github.com/tootsuite/mastodon/pull/13534))
28
+- Add separate cache directory for non-local uploads ([Gargron](https://github.com/tootsuite/mastodon/pull/12821), [Hanage999](https://github.com/tootsuite/mastodon/pull/13593), [mayaeh](https://github.com/tootsuite/mastodon/pull/13551))
29
+  - Add `tootctl upgrade storage-schema` command to move old non-local uploads to the cache directory
30
+- Add buttons to delete header and avatar from profile settings ([sternenseemann](https://github.com/tootsuite/mastodon/pull/13234))
31
+- Add emoji graphics and shortcodes from Twemoji 12.1.5 ([DeeUnderscore](https://github.com/tootsuite/mastodon/pull/13021))
32
+
33
+### Changed
34
+
35
+- Change error message when trying to migrate to an account that does not have current account set as an alias to be more clear ([TheEvilSkeleton](https://github.com/tootsuite/mastodon/pull/13746))
36
+- Change delivery failure tracking to work with hostnames instead of URLs ([Gargron](https://github.com/tootsuite/mastodon/pull/13437), [noellabo](https://github.com/tootsuite/mastodon/pull/13481), [noellabo](https://github.com/tootsuite/mastodon/pull/13482), [noellabo](https://github.com/tootsuite/mastodon/pull/13535))
37
+- Change Content-Security-Policy to not need unsafe-inline style-src ([ThibG](https://github.com/tootsuite/mastodon/pull/13679), [ThibG](https://github.com/tootsuite/mastodon/pull/13692), [ThibG](https://github.com/tootsuite/mastodon/pull/13576), [ThibG](https://github.com/tootsuite/mastodon/pull/13575), [ThibG](https://github.com/tootsuite/mastodon/pull/13438))
38
+- Change how RSS items are titled and formatted ([ThibG](https://github.com/tootsuite/mastodon/pull/13592), [ykzts](https://github.com/tootsuite/mastodon/pull/13591))
39
+
40
+### Fixed
41
+
42
+- Fix dropdown of muted and followed accounts offering option to hide boosts in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13748))
43
+- Fix "You are already signed in" alert being shown at wrong times ([ThibG](https://github.com/tootsuite/mastodon/pull/13547))
44
+- Fix retrying of failed-to-download media files not actually working ([noellabo](https://github.com/tootsuite/mastodon/pull/13741))
45
+- Fix first poll option not being focused when adding a poll in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13740))
46
+- Fix `sr` locale being selected over `sr-Latn` ([ThibG](https://github.com/tootsuite/mastodon/pull/13693))
47
+- Fix error within error when limiting backtrace to 3 lines ([Gargron](https://github.com/tootsuite/mastodon/pull/13120))
48
+- Fix `tootctl media remove-orphans` crashing on "Import" files ([ThibG](https://github.com/tootsuite/mastodon/pull/13685))
49
+- Fix regression in `tootctl media remove-orphans` ([Gargron](https://github.com/tootsuite/mastodon/pull/13405))
50
+- Fix old unique jobs digests not having been cleaned up ([Gargron](https://github.com/tootsuite/mastodon/pull/13683))
51
+- Fix own following/followers not showing muted users ([ThibG](https://github.com/tootsuite/mastodon/pull/13614))
52
+- Fix list of followed people ignoring sorting on Follows & Followers page  ([taras2358](https://github.com/tootsuite/mastodon/pull/13676))
53
+- Fix wrong pgHero Content-Security-Policy when `CDN_HOST` is set ([ThibG](https://github.com/tootsuite/mastodon/pull/13595))
54
+- Fix needlessly deduplicating usernames on collisions with remote accounts when signing-up through SAML/CAS ([kaiyou](https://github.com/tootsuite/mastodon/pull/13581))
55
+- Fix page incorrectly scrolling when bringing up dropdown menus in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13574))
56
+- Fix messed up z-index when NoScript blocks media/previews in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13449))
57
+- Fix "See what's happening" page showing public instead of local timeline for logged-in users ([ThibG](https://github.com/tootsuite/mastodon/pull/13499))
58
+- Fix not being able to resolve public resources in development environment ([Gargron](https://github.com/tootsuite/mastodon/pull/13505))
59
+- Fix uninformative error message when uploading unsupported image files ([ThibG](https://github.com/tootsuite/mastodon/pull/13540))
60
+- Fix expanded video player issues in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13541), [eai04191](https://github.com/tootsuite/mastodon/pull/13533))
61
+- Fix and refactor keyboard navigation in dropdown menus in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13528))
62
+- Fix uploaded image orientation being messed up in some browsers in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13493))
63
+- Fix actions log crash when displaying updates of deleted announcements in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13489))
64
+- Fix search not working due to proxy settings when using hidden services ([Gargron](https://github.com/tootsuite/mastodon/pull/13488))
65
+- Fix poll refresh button not being debounced in web UI ([rasjonell](https://github.com/tootsuite/mastodon/pull/13485), [ThibG](https://github.com/tootsuite/mastodon/pull/13490))
66
+- Fix confusing error when failing to add an alias to an unknown account ([ThibG](https://github.com/tootsuite/mastodon/pull/13480))
67
+- Fix "Email changed" notification sometimes having wrong e-mail ([ThibG](https://github.com/tootsuite/mastodon/pull/13475))
68
+- Fix varioues issues on the account aliases page ([ThibG](https://github.com/tootsuite/mastodon/pull/13452))
69
+- Fix API footer link in web UI ([bubblineyuri](https://github.com/tootsuite/mastodon/pull/13441))
70
+- Fix pagination of following, followers, follow requests, blocks and mutes lists in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13445))
71
+- Fix styling of polls in JS-less fallback on public pages ([ThibG](https://github.com/tootsuite/mastodon/pull/13436))
72
+- Fix trying to delete already deleted file when post-processing ([Gargron](https://github.com/tootsuite/mastodon/pull/13406))
73
+
74
+### Security
75
+
76
+- Fix Doorkeeper vulnerability that exposed app secret to users who authorized the app and reset secret of the web UI that could have been exposed ([dependabot-preview[bot]](https://github.com/tootsuite/mastodon/pull/13613), [Gargron](https://github.com/tootsuite/mastodon/pull/13688))
77
+  - For apps that self-register on behalf of every individual user (such as most mobile apps), this is a non-issue
78
+  - The issue only affects developers of apps who are shared between multiple users, such as server-side apps like cross-posters
79
+
80
+## [v3.1.3] - 2020-04-05
81
+### Added
82
+
83
+- Add ability to filter audit log in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13381))
84
+- Add titles to warning presets in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13252))
85
+- Add option to include resolved DNS records when blacklisting e-mail domains in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13254))
86
+- Add ability to delete files uploaded for settings in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13192))
87
+- Add sorting by username, creation and last activity in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13076))
88
+- Add explanation as to why unlocked accounts may have follow requests in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13385))
89
+- Add link to bookmarks to dropdown in web UI ([mayaeh](https://github.com/tootsuite/mastodon/pull/13273))
90
+- Add support for links to statuses in announcements to be opened in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13212), [ThibG](https://github.com/tootsuite/mastodon/pull/13250))
91
+- Add tooltips to audio/video player buttons in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13203))
92
+- Add submit button to the top of preferences pages ([guigeekz](https://github.com/tootsuite/mastodon/pull/13068))
93
+- Add specific rate limits for posting, following and reporting ([Gargron](https://github.com/tootsuite/mastodon/pull/13172), [Gargron](https://github.com/tootsuite/mastodon/pull/13390))
94
+  - 300 posts every 3 hours
95
+  - 400 follows or follow requests every 24 hours
96
+  - 400 reports every 24 hours
97
+- Add federation support for the "hide network" preference ([ThibG](https://github.com/tootsuite/mastodon/pull/11673))
98
+- Add `--skip-media-remove` option to `tootctl statuses remove` ([tateisu](https://github.com/tootsuite/mastodon/pull/13080))
99
+
100
+### Changed
101
+
102
+- **Change design of polls in web UI** ([Sasha-Sorokin](https://github.com/tootsuite/mastodon/pull/13257), [ThibG](https://github.com/tootsuite/mastodon/pull/13313))
103
+- Change status click areas in web UI to be bigger ([ariasuni](https://github.com/tootsuite/mastodon/pull/13327))
104
+- **Change `tootctl media remove-orphans` to work for all classes** ([Gargron](https://github.com/tootsuite/mastodon/pull/13316))
105
+- **Change local media attachments to perform heavy processing asynchronously** ([Gargron](https://github.com/tootsuite/mastodon/pull/13210))
106
+- Change video uploads to always be converted to H264/MP4 ([Gargron](https://github.com/tootsuite/mastodon/pull/13220), [ThibG](https://github.com/tootsuite/mastodon/pull/13239), [ThibG](https://github.com/tootsuite/mastodon/pull/13242))
107
+- Change video uploads to enforce certain limits ([Gargron](https://github.com/tootsuite/mastodon/pull/13218))
108
+  - Dimensions smaller than 1920x1200px
109
+  - Frame rate at most 60fps
110
+- Change the tooltip "Toggle visibility" to "Hide media" in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13199))
111
+- Change description of privacy levels to be more intuitive in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13197))
112
+- Change GIF label to be displayed even when autoplay is enabled in web UI ([koyuawsmbrtn](https://github.com/tootsuite/mastodon/pull/13209))
113
+- Change the string "Hide everything from …" to "Block domain …" in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13178), [mayaeh](https://github.com/tootsuite/mastodon/pull/13221))
114
+- Change wording of media display preferences to be more intuitive ([ariasuni](https://github.com/tootsuite/mastodon/pull/13198))
115
+
116
+### Deprecated
117
+
118
+- `POST /api/v1/media` → `POST /api/v2/media` ([Gargron](https://github.com/tootsuite/mastodon/pull/13210))
119
+
120
+### Fixed
121
+
122
+- Fix `tootctl media remove-orphans` ignoring `PAPERCLIP_ROOT_PATH` ([Gargron](https://github.com/tootsuite/mastodon/pull/13375))
123
+- Fix returning results when searching for URL with non-zero offset ([Gargron](https://github.com/tootsuite/mastodon/pull/13377))
124
+- Fix pinning a column in web UI sometimes redirecting out of web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13376))
125
+- Fix background jobs not using locks like they are supposed to ([Gargron](https://github.com/tootsuite/mastodon/pull/13361))
126
+- Fix content warning being unnecessarily cleared when hiding content warning input in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13348))
127
+- Fix "Show more" not switching to "Show less" on public pages ([ThibG](https://github.com/tootsuite/mastodon/pull/13174))
128
+- Fix import overwrite option not being selectable ([noellabo](https://github.com/tootsuite/mastodon/pull/13347))
129
+- Fix wrong color for ellipsis in boost confirmation dialog in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13355))
130
+- Fix unnecessary unfollowing when importing follows with overwrite option ([noellabo](https://github.com/tootsuite/mastodon/pull/13350))
131
+- Fix 404 and 410 API errors being silently discarded in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13279))
132
+- Fix OCR not working on Safari because of unsupported worker-src CSP ([ThibG](https://github.com/tootsuite/mastodon/pull/13323))
133
+- Fix media not being marked sensitive when a content warning is set with no text ([ThibG](https://github.com/tootsuite/mastodon/pull/13277))
134
+- Fix crash after deleting announcements in web UI ([codesections](https://github.com/tootsuite/mastodon/pull/13283), [ThibG](https://github.com/tootsuite/mastodon/pull/13312))
135
+- Fix bookmarks not being searchable ([Kjwon15](https://github.com/tootsuite/mastodon/pull/13271), [noellabo](https://github.com/tootsuite/mastodon/pull/13293))
136
+- Fix reported accounts not being whitelisted from further spam checks when resolving a spam check report ([ThibG](https://github.com/tootsuite/mastodon/pull/13289))
137
+- Fix web UI crash in single-column mode on prehistoric browsers ([ThibG](https://github.com/tootsuite/mastodon/pull/13267))
138
+- Fix some timeouts when searching for URLs ([ThibG](https://github.com/tootsuite/mastodon/pull/13253))
139
+- Fix detailed view of direct messages displaying a 0 boost count in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13244))
140
+- Fix regression in “Edit media” modal in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13243))
141
+- Fix public posts from silenced accounts not being changed to unlisted visibility ([ThibG](https://github.com/tootsuite/mastodon/pull/13096))
142
+- Fix error when searching for URLs that contain the mention syntax ([ThibG](https://github.com/tootsuite/mastodon/pull/13151))
143
+- Fix text area above/right of emoji picker being accidentally clickable in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13148))
144
+- Fix too large announcements not being scrollable in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13211))
145
+- Fix `tootctl media remove-orphans` crashing when encountering invalid media ([ThibG](https://github.com/tootsuite/mastodon/pull/13170))
146
+- Fix installation failing when Redis password contains special characters ([ThibG](https://github.com/tootsuite/mastodon/pull/13156))
147
+- Fix announcements with fully-qualified mentions to local users crashing web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13164))
148
+
149
+### Security
150
+
151
+- Fix re-sending of e-mail confirmation not being rate limited ([Gargron](https://github.com/tootsuite/mastodon/pull/13360))
152
+
6 153
 ## [v3.1.2] - 2020-02-27
7 154
 ### Added
8 155
 

+ 3
- 3
Dockerfile View File

@@ -4,7 +4,7 @@ FROM ubuntu:18.04 as build-dep
4 4
 SHELL ["bash", "-c"]
5 5
 
6 6
 # Install Node v12 (LTS)
7
-ENV NODE_VER="12.14.0"  
7
+ENV NODE_VER="12.16.1"
8 8
 RUN	ARCH= && \
9 9
     dpkgArch="$(dpkg --print-architecture)" && \
10 10
   case "${dpkgArch##*-}" in \
@@ -38,8 +38,8 @@ RUN apt update && \
38 38
 	make -j$(nproc) > /dev/null && \
39 39
 	make install_bin install_include install_lib
40 40
 
41
-# Install ruby
42
-ENV RUBY_VER="2.6.5"
41
+# Install Ruby
42
+ENV RUBY_VER="2.6.6"
43 43
 ENV CPPFLAGS="-I/opt/jemalloc/include"
44 44
 ENV LDFLAGS="-L/opt/jemalloc/lib/"
45 45
 RUN apt update && \

+ 27
- 26
Gemfile View File

@@ -1,12 +1,12 @@
1 1
 # frozen_string_literal: true
2 2
 
3 3
 source 'https://rubygems.org'
4
-ruby '>= 2.4.0', '< 3.0.0'
4
+ruby '>= 2.5.0', '< 3.0.0'
5 5
 
6 6
 gem 'pkg-config', '~> 1.4'
7 7
 
8 8
 gem 'puma', '~> 4.3'
9
-gem 'rails', '~> 5.2.4'
9
+gem 'rails', '~> 5.2.4.2'
10 10
 gem 'sprockets', '~> 3.7.2'
11 11
 gem 'thor', '~> 0.20'
12 12
 gem 'rack', '~> 2.2.2'
@@ -20,7 +20,7 @@ gem 'makara', '~> 0.4'
20 20
 gem 'pghero', '~> 2.4'
21 21
 gem 'dotenv-rails', '~> 2.7'
22 22
 
23
-gem 'aws-sdk-s3', '~> 1.60', require: false
23
+gem 'aws-sdk-s3', '~> 1.64', require: false
24 24
 gem 'fog-core', '<= 2.1.0'
25 25
 gem 'fog-openstack', '~> 0.3', require: false
26 26
 gem 'paperclip', '~> 6.0'
@@ -35,7 +35,7 @@ gem 'browser'
35 35
 gem 'charlock_holmes', '~> 0.7.7'
36 36
 gem 'iso-639'
37 37
 gem 'chewy', '~> 5.1'
38
-gem 'cld3', '~> 3.2.6'
38
+gem 'cld3', '~> 3.3.0'
39 39
 gem 'devise', '~> 4.7'
40 40
 gem 'devise-two-factor', '~> 3.1'
41 41
 
@@ -48,8 +48,8 @@ gem 'omniauth-cas', '~> 1.1'
48 48
 gem 'omniauth-saml', '~> 1.10'
49 49
 gem 'omniauth', '~> 1.9'
50 50
 
51
-gem 'discard', '~> 1.1'
52
-gem 'doorkeeper', '~> 5.2'
51
+gem 'discard', '~> 1.2'
52
+gem 'doorkeeper', '~> 5.4'
53 53
 gem 'fast_blank', '~> 1.0'
54 54
 gem 'fastimage'
55 55
 gem 'goldfinger', '~> 2.1'
@@ -57,25 +57,25 @@ gem 'hiredis', '~> 0.6'
57 57
 gem 'redis-namespace', '~> 1.7'
58 58
 gem 'health_check', git: 'https://github.com/ianheggie/health_check', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
59 59
 gem 'htmlentities', '~> 4.3'
60
-gem 'http', '~> 4.3'
60
+gem 'http', '~> 4.4'
61 61
 gem 'http_accept_language', '~> 2.1'
62 62
 gem 'http_parser.rb', '~> 0.6', git: 'https://github.com/tmm1/http_parser.rb', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2', submodules: true
63 63
 gem 'httplog', '~> 1.4.2'
64 64
 gem 'idn-ruby', require: 'idn'
65
-gem 'kaminari', '~> 1.1'
65
+gem 'kaminari', '~> 1.2'
66 66
 gem 'link_header', '~> 0.0'
67 67
 gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
68 68
 gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
69 69
 gem 'nokogiri', '~> 1.10'
70 70
 gem 'nsa', '~> 0.2'
71 71
 gem 'oj', '~> 3.10'
72
-gem 'ox', '~> 2.12'
72
+gem 'ox', '~> 2.13'
73 73
 gem 'parslet'
74 74
 gem 'parallel', '~> 1.19'
75 75
 gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c'
76 76
 gem 'pundit', '~> 2.1'
77 77
 gem 'premailer-rails'
78
-gem 'rack-attack', '~> 6.2'
78
+gem 'rack-attack', '~> 6.3'
79 79
 gem 'rack-cors', '~> 1.1', require: 'rack/cors'
80 80
 gem 'rails-i18n', '~> 5.1'
81 81
 gem 'rails-settings-cached', '~> 0.6'
@@ -84,7 +84,7 @@ gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
84 84
 gem 'rqrcode', '~> 1.1'
85 85
 gem 'ruby-progressbar', '~> 1.10'
86 86
 gem 'sanitize', '~> 5.1'
87
-gem 'sidekiq', '~> 5.2'
87
+gem 'sidekiq', '~> 6.0'
88 88
 gem 'sidekiq-scheduler', '~> 3.0'
89 89
 gem 'sidekiq-unique-jobs', '~> 6.0'
90 90
 gem 'sidekiq-bulk', '~>0.2.0'
@@ -92,12 +92,12 @@ gem 'simple-navigation', '~> 4.1'
92 92
 gem 'simple_form', '~> 5.0'
93 93
 gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
94 94
 gem 'stoplight', '~> 2.2.0'
95
-gem 'strong_migrations', '~> 0.5'
95
+gem 'strong_migrations', '~> 0.6'
96 96
 gem 'tty-command', '~> 0.9', require: false
97
-gem 'tty-prompt', '~> 0.20', require: false
97
+gem 'tty-prompt', '~> 0.21', require: false
98 98
 gem 'twitter-text', '~> 1.14'
99
-gem 'tzinfo-data', '~> 1.2019'
100
-gem 'webpacker', '~> 4.2'
99
+gem 'tzinfo-data', '~> 1.2020'
100
+gem 'webpacker', '~> 5.1'
101 101
 gem 'webpush'
102 102
 
103 103
 gem 'json-ld'
@@ -108,9 +108,9 @@ group :development, :test do
108 108
   gem 'fabrication', '~> 2.21'
109 109
   gem 'fuubar', '~> 2.5'
110 110
   gem 'i18n-tasks', '~> 0.9', require: false
111
-  gem 'pry-byebug', '~> 3.8'
111
+  gem 'pry-byebug', '~> 3.9'
112 112
   gem 'pry-rails', '~> 0.3'
113
-  gem 'rspec-rails', '~> 3.9'
113
+  gem 'rspec-rails', '~> 4.0'
114 114
 end
115 115
 
116 116
 group :production, :test do
@@ -118,32 +118,33 @@ group :production, :test do
118 118
 end
119 119
 
120 120
 group :test do
121
-  gem 'capybara', '~> 3.31'
121
+  gem 'capybara', '~> 3.32'
122 122
   gem 'climate_control', '~> 0.2'
123
-  gem 'faker', '~> 2.10'
123
+  gem 'faker', '~> 2.11'
124 124
   gem 'microformats', '~> 4.2'
125 125
   gem 'rails-controller-testing', '~> 1.0'
126 126
   gem 'rspec-sidekiq', '~> 3.0'
127 127
   gem 'simplecov', '~> 0.18', require: false
128 128
   gem 'webmock', '~> 3.8'
129
-  gem 'parallel_tests', '~> 2.30'
129
+  gem 'parallel_tests', '~> 2.32'
130
+  gem 'rspec_junit_formatter', '~> 0.4'
130 131
 end
131 132
 
132 133
 group :development do
133 134
   gem 'active_record_query_trace', '~> 1.7'
134
-  gem 'annotate', '~> 3.0'
135
-  gem 'better_errors', '~> 2.5'
135
+  gem 'annotate', '~> 3.1'
136
+  gem 'better_errors', '~> 2.7'
136 137
   gem 'binding_of_caller', '~> 0.7'
137 138
   gem 'bullet', '~> 6.1'
138 139
   gem 'letter_opener', '~> 1.7'
139 140
   gem 'letter_opener_web', '~> 1.4'
140 141
   gem 'memory_profiler'
141
-  gem 'rubocop', '~> 0.79', require: false
142
-  gem 'rubocop-rails', '~> 2.4', require: false
143
-  gem 'brakeman', '~> 4.7', require: false
142
+  gem 'rubocop', '~> 0.82', require: false
143
+  gem 'rubocop-rails', '~> 2.5', require: false
144
+  gem 'brakeman', '~> 4.8', require: false
144 145
   gem 'bundler-audit', '~> 0.6', require: false
145 146
 
146
-  gem 'capistrano', '~> 3.11'
147
+  gem 'capistrano', '~> 3.14'
147 148
   gem 'capistrano-rails', '~> 1.4'
148 149
   gem 'capistrano-rbenv', '~> 2.1'
149 150
   gem 'capistrano-yarn', '~> 2.0'

+ 213
- 204
Gemfile.lock View File

@@ -31,25 +31,25 @@ GIT
31 31
 GEM
32 32
   remote: https://rubygems.org/
33 33
   specs:
34
-    actioncable (5.2.4.1)
35
-      actionpack (= 5.2.4.1)
34
+    actioncable (5.2.4.2)
35
+      actionpack (= 5.2.4.2)
36 36
       nio4r (~> 2.0)
37 37
       websocket-driver (>= 0.6.1)
38
-    actionmailer (5.2.4.1)
39
-      actionpack (= 5.2.4.1)
40
-      actionview (= 5.2.4.1)
41
-      activejob (= 5.2.4.1)
38
+    actionmailer (5.2.4.2)
39
+      actionpack (= 5.2.4.2)
40
+      actionview (= 5.2.4.2)
41
+      activejob (= 5.2.4.2)
42 42
       mail (~> 2.5, >= 2.5.4)
43 43
       rails-dom-testing (~> 2.0)
44
-    actionpack (5.2.4.1)
45
-      actionview (= 5.2.4.1)
46
-      activesupport (= 5.2.4.1)
44
+    actionpack (5.2.4.2)
45
+      actionview (= 5.2.4.2)
46
+      activesupport (= 5.2.4.2)
47 47
       rack (~> 2.0, >= 2.0.8)
48 48
       rack-test (>= 0.6.3)
49 49
       rails-dom-testing (~> 2.0)
50 50
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
51
-    actionview (5.2.4.1)
52
-      activesupport (= 5.2.4.1)
51
+    actionview (5.2.4.2)
52
+      activesupport (= 5.2.4.2)
53 53
       builder (~> 3.1)
54 54
       erubi (~> 1.4)
55 55
       rails-dom-testing (~> 2.0)
@@ -60,20 +60,20 @@ GEM
60 60
       case_transform (>= 0.2)
61 61
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
62 62
     active_record_query_trace (1.7)
63
-    activejob (5.2.4.1)
64
-      activesupport (= 5.2.4.1)
63
+    activejob (5.2.4.2)
64
+      activesupport (= 5.2.4.2)
65 65
       globalid (>= 0.3.6)
66
-    activemodel (5.2.4.1)
67
-      activesupport (= 5.2.4.1)
68
-    activerecord (5.2.4.1)
69
-      activemodel (= 5.2.4.1)
70
-      activesupport (= 5.2.4.1)
66
+    activemodel (5.2.4.2)
67
+      activesupport (= 5.2.4.2)
68
+    activerecord (5.2.4.2)
69
+      activemodel (= 5.2.4.2)
70
+      activesupport (= 5.2.4.2)
71 71
       arel (>= 9.0)
72
-    activestorage (5.2.4.1)
73
-      actionpack (= 5.2.4.1)
74
-      activerecord (= 5.2.4.1)
72
+    activestorage (5.2.4.2)
73
+      actionpack (= 5.2.4.2)
74
+      activerecord (= 5.2.4.2)
75 75
       marcel (~> 0.3.1)
76
-    activesupport (5.2.4.1)
76
+    activesupport (5.2.4.2)
77 77
       concurrent-ruby (~> 1.0, >= 1.0.2)
78 78
       i18n (>= 0.7, < 2)
79 79
       minitest (~> 5.1)
@@ -82,7 +82,7 @@ GEM
82 82
       public_suffix (>= 2.0.2, < 5.0)
83 83
     airbrussh (1.4.0)
84 84
       sshkit (>= 1.6.1, != 1.7.0)
85
-    annotate (3.0.3)
85
+    annotate (3.1.1)
86 86
       activerecord (>= 3.2, < 7.0)
87 87
       rake (>= 10.4, < 14.0)
88 88
     arel (9.0.0)
@@ -91,24 +91,24 @@ GEM
91 91
       encryptor (~> 3.0.0)
92 92
     av (0.9.0)
93 93
       cocaine (~> 0.5.3)
94
-    aws-eventstream (1.0.3)
95
-    aws-partitions (1.261.0)
96
-    aws-sdk-core (3.86.0)
97
-      aws-eventstream (~> 1.0, >= 1.0.2)
94
+    aws-eventstream (1.1.0)
95
+    aws-partitions (1.312.0)
96
+    aws-sdk-core (3.95.0)
97
+      aws-eventstream (~> 1, >= 1.0.2)
98 98
       aws-partitions (~> 1, >= 1.239.0)
99 99
       aws-sigv4 (~> 1.1)
100 100
       jmespath (~> 1.0)
101
-    aws-sdk-kms (1.27.0)
101
+    aws-sdk-kms (1.31.0)
102 102
       aws-sdk-core (~> 3, >= 3.71.0)
103 103
       aws-sigv4 (~> 1.1)
104
-    aws-sdk-s3 (1.60.1)
104
+    aws-sdk-s3 (1.64.0)
105 105
       aws-sdk-core (~> 3, >= 3.83.0)
106 106
       aws-sdk-kms (~> 1)
107 107
       aws-sigv4 (~> 1.1)
108
-    aws-sigv4 (1.1.0)
108
+    aws-sigv4 (1.1.3)
109 109
       aws-eventstream (~> 1.0, >= 1.0.2)
110
-    bcrypt (3.1.12)
111
-    better_errors (2.5.1)
110
+    bcrypt (3.1.13)
111
+    better_errors (2.7.0)
112 112
       coderay (>= 1.0.0)
113 113
       erubi (>= 1.0.0)
114 114
       rack (>= 0.9.0)
@@ -116,10 +116,10 @@ GEM
116 116
       debug_inspector (>= 0.0.1)
117 117
     blurhash (0.1.4)
118 118
       ffi (~> 1.10.0)
119
-    bootsnap (1.4.5)
119
+    bootsnap (1.4.6)
120 120
       msgpack (~> 1.0)
121
-    brakeman (4.7.2)
122
-    browser (3.0.3)
121
+    brakeman (4.8.1)
122
+    browser (4.1.0)
123 123
     builder (3.2.4)
124 124
     bullet (6.1.0)
125 125
       activesupport (>= 3.0.0)
@@ -127,15 +127,14 @@ GEM
127 127
     bundler-audit (0.6.1)
128 128
       bundler (>= 1.2.0, < 3)
129 129
       thor (~> 0.18)
130
-    byebug (11.1.1)
131
-    capistrano (3.11.2)
130
+    byebug (11.1.3)
131
+    capistrano (3.14.0)
132 132
       airbrussh (>= 1.0.0)
133 133
       i18n
134 134
       rake (>= 10.0.0)
135 135
       sshkit (>= 1.9.0)
136
-    capistrano-bundler (1.3.0)
136
+    capistrano-bundler (1.6.0)
137 137
       capistrano (~> 3.1)
138
-      sshkit (~> 1.2)
139 138
     capistrano-rails (1.4.0)
140 139
       capistrano (~> 3.1)
141 140
       capistrano-bundler (~> 1.1)
@@ -144,7 +143,7 @@ GEM
144 143
       sshkit (~> 1.3)
145 144
     capistrano-yarn (2.0.2)
146 145
       capistrano (~> 3.0)
147
-    capybara (3.31.0)
146
+    capybara (3.32.1)
148 147
       addressable
149 148
       mini_mime (>= 0.1.3)
150 149
       nokogiri (~> 1.8)
@@ -160,13 +159,13 @@ GEM
160 159
       elasticsearch (>= 2.0.0)
161 160
       elasticsearch-dsl
162 161
     chunky_png (1.3.11)
163
-    cld3 (3.2.6)
162
+    cld3 (3.3.0)
164 163
       ffi (>= 1.1.0, < 1.12.0)
165 164
     climate_control (0.2.0)
166 165
     cocaine (0.5.8)
167 166
       climate_control (>= 0.0.3, < 1.0)
168 167
     coderay (1.1.2)
169
-    concurrent-ruby (1.1.5)
168
+    concurrent-ruby (1.1.6)
170 169
     connection_pool (2.2.2)
171 170
     crack (0.4.3)
172 171
       safe_yaml (~> 1.0.0)
@@ -190,37 +189,37 @@ GEM
190 189
       devise (>= 4.0.0)
191 190
       rpam2 (~> 4.0)
192 191
     diff-lcs (1.3)
193
-    discard (1.1.0)
192
+    discard (1.2.0)
194 193
       activerecord (>= 4.2, < 7)
195 194
     docile (1.3.2)
196 195
     domain_name (0.5.20190701)
197 196
       unf (>= 0.0.5, < 1.0.0)
198
-    doorkeeper (5.2.3)
197
+    doorkeeper (5.4.0)
199 198
       railties (>= 5)
200 199
     dotenv (2.7.5)
201 200
     dotenv-rails (2.7.5)
202 201
       dotenv (= 2.7.5)
203 202
       railties (>= 3.2, < 6.1)
204 203
     e2mmap (0.1.0)
205
-    elasticsearch (7.3.0)
206
-      elasticsearch-api (= 7.3.0)
207
-      elasticsearch-transport (= 7.3.0)
208
-    elasticsearch-api (7.3.0)
204
+    elasticsearch (7.6.0)
205
+      elasticsearch-api (= 7.6.0)
206
+      elasticsearch-transport (= 7.6.0)
207
+    elasticsearch-api (7.6.0)
209 208
       multi_json
210
-    elasticsearch-dsl (0.1.8)
211
-    elasticsearch-transport (7.3.0)
212
-      faraday
209
+    elasticsearch-dsl (0.1.9)
210
+    elasticsearch-transport (7.6.0)
211
+      faraday (~> 1)
213 212
       multi_json
214 213
     encryptor (3.0.0)
215 214
     equatable (0.6.1)
216 215
     erubi (1.9.0)
217
-    et-orbi (1.1.6)
216
+    et-orbi (1.2.4)
218 217
       tzinfo
219
-    excon (0.71.0)
220
-    fabrication (2.21.0)
221
-    faker (2.10.1)
218
+    excon (0.73.0)
219
+    fabrication (2.21.1)
220
+    faker (2.11.0)
222 221
       i18n (>= 1.6, < 2)
223
-    faraday (1.0.0)
222
+    faraday (1.0.1)
224 223
       multipart-post (>= 1.2, < 3)
225 224
     fast_blank (1.0.0)
226 225
     fastimage (2.1.7)
@@ -241,8 +240,8 @@ GEM
241 240
       fog-json (>= 1.0)
242 241
       ipaddress (>= 0.8)
243 242
     formatador (0.2.5)
244
-    fugit (1.1.6)
245
-      et-orbi (~> 1.1, >= 1.1.6)
243
+    fugit (1.3.5)
244
+      et-orbi (~> 1.1, >= 1.1.8)
246 245
       raabro (~> 1.1)
247 246
     fuubar (2.5.0)
248 247
       rspec-core (~> 3.0)
@@ -265,20 +264,20 @@ GEM
265 264
       railties (>= 4.0.1)
266 265
     hamster (3.0.0)
267 266
       concurrent-ruby (~> 1.0)
268
-    hashdiff (1.0.0)
269
-    hashie (3.6.0)
267
+    hashdiff (1.0.1)
268
+    hashie (4.1.0)
270 269
     highline (2.0.3)
271 270
     hiredis (0.6.3)
272 271
     hkdf (0.3.0)
273 272
     htmlentities (4.3.4)
274
-    http (4.3.0)
273
+    http (4.4.1)
275 274
       addressable (~> 2.3)
276 275
       http-cookie (~> 1.0)
277 276
       http-form_data (~> 2.2)
278 277
       http-parser (~> 1.2.0)
279 278
     http-cookie (1.0.3)
280 279
       domain_name (~> 0.5)
281
-    http-form_data (2.2.0)
280
+    http-form_data (2.3.0)
282 281
     http-parser (1.2.1)
283 282
       ffi-compiler (>= 1.0, < 2.0)
284 283
     http_accept_language (2.1.1)
@@ -287,7 +286,7 @@ GEM
287 286
       rainbow (>= 2.0.0)
288 287
     i18n (1.8.2)
289 288
       concurrent-ruby (~> 1.0)
290
-    i18n-tasks (0.9.30)
289
+    i18n-tasks (0.9.31)
291 290
       activesupport (>= 4.0.2)
292 291
       ast (>= 2.1.0)
293 292
       erubi
@@ -299,37 +298,37 @@ GEM
299 298
       terminal-table (>= 1.5.1)
300 299
     idn-ruby (0.1.0)
301 300
     ipaddress (0.8.3)
302
-    iso-639 (0.2.8)
301
+    iso-639 (0.3.5)
303 302
     jaro_winkler (1.5.4)
304 303
     jmespath (1.4.0)
305 304
     json (2.3.0)
306 305
     json-canonicalization (0.2.0)
307
-    json-ld (3.1.0)
306
+    json-ld (3.1.4)
308 307
       htmlentities (~> 4.3)
309
-      json-canonicalization (~> 0.1)
308
+      json-canonicalization (~> 0.2)
310 309
       link_header (~> 0.0, >= 0.0.8)
311 310
       multi_json (~> 1.14)
312 311
       rack (~> 2.0)
313 312
       rdf (~> 3.1)
314
-    json-ld-preloaded (3.1.0)
313
+    json-ld-preloaded (3.1.2)
315 314
       json-ld (~> 3.1)
316 315
       rdf (~> 3.1)
317 316
     jsonapi-renderer (0.2.2)
318
-    jwt (2.1.0)
319
-    kaminari (1.1.1)
317
+    jwt (2.2.1)
318
+    kaminari (1.2.0)
320 319
       activesupport (>= 4.1.0)
321
-      kaminari-actionview (= 1.1.1)
322
-      kaminari-activerecord (= 1.1.1)
323
-      kaminari-core (= 1.1.1)
324
-    kaminari-actionview (1.1.1)
320
+      kaminari-actionview (= 1.2.0)
321
+      kaminari-activerecord (= 1.2.0)
322
+      kaminari-core (= 1.2.0)
323
+    kaminari-actionview (1.2.0)
325 324
       actionview
326
-      kaminari-core (= 1.1.1)
327
-    kaminari-activerecord (1.1.1)
325
+      kaminari-core (= 1.2.0)
326
+    kaminari-activerecord (1.2.0)
328 327
       activerecord
329
-      kaminari-core (= 1.1.1)
330
-    kaminari-core (1.1.1)
331
-    launchy (2.4.3)
332
-      addressable (~> 2.3)
328
+      kaminari-core (= 1.2.0)
329
+    kaminari-core (1.2.0)
330
+    launchy (2.5.0)
331
+      addressable (~> 2.7)
333 332
     letter_opener (1.7.0)
334 333
       launchy (~> 2.2)
335 334
     letter_opener_web (1.4.0)
@@ -342,7 +341,7 @@ GEM
342 341
       activesupport (>= 4)
343 342
       railties (>= 4)
344 343
       request_store (~> 1.0)
345
-    loofah (2.4.0)
344
+    loofah (2.5.0)
346 345
       crass (~> 1.0.2)
347 346
       nokogiri (>= 1.5.9)
348 347
     mail (2.7.1)
@@ -354,38 +353,38 @@ GEM
354 353
     mario-redis-lock (1.2.1)
355 354
       redis (>= 3.0.5)
356 355
     memory_profiler (0.9.14)
357
-    method_source (0.9.2)
356
+    method_source (1.0.0)
358 357
     microformats (4.2.0)
359 358
       json (~> 2.2)
360 359
       nokogiri (~> 1.10)
361 360
     mime-types (3.3.1)
362 361
       mime-types-data (~> 3.2015)
363
-    mime-types-data (3.2019.1009)
364
-    mimemagic (0.3.3)
362
+    mime-types-data (3.2020.0425)
363
+    mimemagic (0.3.5)
365 364
     mini_mime (1.0.2)
366 365
     mini_portile2 (2.4.0)
367 366
     minitest (5.14.0)
368
-    msgpack (1.3.1)
367
+    msgpack (1.3.3)
369 368
     multi_json (1.14.1)
370 369
     multipart-post (2.1.1)
371 370
     necromancer (0.5.1)
372 371
     net-ldap (0.16.2)
373
-    net-scp (2.0.0)
374
-      net-ssh (>= 2.6.5, < 6.0.0)
375
-    net-ssh (5.2.0)
372
+    net-scp (3.0.0)
373
+      net-ssh (>= 2.6.5, < 7.0.0)
374
+    net-ssh (6.0.2)
376 375
     nio4r (2.5.2)
377
-    nokogiri (1.10.8)
376
+    nokogiri (1.10.9)
378 377
       mini_portile2 (~> 2.4.0)
379
-    nokogumbo (2.0.1)
378
+    nokogumbo (2.0.2)
380 379
       nokogiri (~> 1.8, >= 1.8.4)
381 380
     nsa (0.2.7)
382 381
       activesupport (>= 4.2, < 6)
383 382
       concurrent-ruby (~> 1.0, >= 1.0.2)
384 383
       sidekiq (>= 3.5)
385 384
       statsd-ruby (~> 1.4, >= 1.4.0)
386
-    oj (3.10.1)
387
-    omniauth (1.9.0)
388
-      hashie (>= 3.4.6, < 3.7.0)
385
+    oj (3.10.6)
386
+    omniauth (1.9.1)
387
+      hashie (>= 3.4.6)
389 388
       rack (>= 1.6.2, < 3)
390 389
     omniauth-cas (1.1.1)
391 390
       addressable (~> 2.3)
@@ -395,7 +394,7 @@ GEM
395 394
       omniauth (~> 1.3, >= 1.3.2)
396 395
       ruby-saml (~> 1.7)
397 396
     orm_adapter (0.5.0)
398
-    ox (2.12.1)
397
+    ox (2.13.2)
399 398
     paperclip (6.0.0)
400 399
       activemodel (>= 4.2.0)
401 400
       activesupport (>= 4.2.0)
@@ -406,63 +405,63 @@ GEM
406 405
       av (~> 0.9.0)
407 406
       paperclip (>= 2.5.2)
408 407
     parallel (1.19.1)
409
-    parallel_tests (2.30.1)
408
+    parallel_tests (2.32.0)
410 409
       parallel
411
-    parser (2.7.0.2)
410
+    parser (2.7.1.2)
412 411
       ast (~> 2.4.0)
413
-    parslet (1.8.2)
414
-    pastel (0.7.3)
412
+    parslet (2.0.0)
413
+    pastel (0.7.4)
415 414
       equatable (~> 0.6)
416 415
       tty-color (~> 0.5)
417
-    pg (1.2.2)
418
-    pghero (2.4.1)
416
+    pg (1.2.3)
417
+    pghero (2.4.2)
419 418
       activerecord (>= 5)
420 419
     pkg-config (1.4.1)
421 420
     premailer (1.11.1)
422 421
       addressable
423 422
       css_parser (>= 1.6.0)
424 423
       htmlentities (>= 4.0.0)
425
-    premailer-rails (1.10.3)
424
+    premailer-rails (1.11.1)
426 425
       actionmailer (>= 3)
427 426
       premailer (~> 1.7, >= 1.7.9)
428 427
     private_address_check (0.5.0)
429
-    pry (0.12.2)
430
-      coderay (~> 1.1.0)
431
-      method_source (~> 0.9.0)
432
-    pry-byebug (3.8.0)
428
+    pry (0.13.1)
429
+      coderay (~> 1.1)
430
+      method_source (~> 1.0)
431
+    pry-byebug (3.9.0)
433 432
       byebug (~> 11.0)
434
-      pry (~> 0.10)
433
+      pry (~> 0.13.0)
435 434
     pry-rails (0.3.9)
436 435
       pry (>= 0.10.4)
437
-    public_suffix (4.0.3)
438
-    puma (4.3.1)
436
+    public_suffix (4.0.5)
437
+    puma (4.3.3)
439 438
       nio4r (~> 2.0)
440 439
     pundit (2.1.0)
441 440
       activesupport (>= 3.0.0)
442
-    raabro (1.1.6)
441
+    raabro (1.3.1)
443 442
     rack (2.2.2)
444
-    rack-attack (6.2.2)
443
+    rack-attack (6.3.0)
445 444
       rack (>= 1.0, < 3)
446 445
     rack-cors (1.1.1)
447 446
       rack (>= 2.0.0)
448
-    rack-protection (2.0.7)
447
+    rack-protection (2.0.8.1)
449 448
       rack
450 449
     rack-proxy (0.6.5)
451 450
       rack
452 451
     rack-test (1.1.0)
453 452
       rack (>= 1.0, < 3)
454
-    rails (5.2.4.1)
455
-      actioncable (= 5.2.4.1)
456
-      actionmailer (= 5.2.4.1)
457
-      actionpack (= 5.2.4.1)
458
-      actionview (= 5.2.4.1)
459
-      activejob (= 5.2.4.1)
460
-      activemodel (= 5.2.4.1)
461
-      activerecord (= 5.2.4.1)
462
-      activestorage (= 5.2.4.1)
463
-      activesupport (= 5.2.4.1)
453
+    rails (5.2.4.2)
454
+      actioncable (= 5.2.4.2)
455
+      actionmailer (= 5.2.4.2)
456
+      actionpack (= 5.2.4.2)
457
+      actionview (= 5.2.4.2)
458
+      activejob (= 5.2.4.2)
459
+      activemodel (= 5.2.4.2)
460
+      activerecord (= 5.2.4.2)
461
+      activestorage (= 5.2.4.2)
462
+      activesupport (= 5.2.4.2)
464 463
       bundler (>= 1.3.0)
465
-      railties (= 5.2.4.1)
464
+      railties (= 5.2.4.2)
466 465
       sprockets-rails (>= 2.0.0)
467 466
     rails-controller-testing (1.0.4)
468 467
       actionpack (>= 5.0.1.x)
@@ -478,9 +477,9 @@ GEM
478 477
       railties (>= 5.0, < 6)
479 478
     rails-settings-cached (0.6.6)
480 479
       rails (>= 4.2.0)
481
-    railties (5.2.4.1)
482
-      actionpack (= 5.2.4.1)
483
-      activesupport (= 5.2.4.1)
480
+    railties (5.2.4.2)
481
+      actionpack (= 5.2.4.2)
482
+      activesupport (= 5.2.4.2)
484 483
       method_source
485 484
       rake (>= 0.8.7)
486 485
       thor (>= 0.19.0, < 2.0)
@@ -491,102 +490,110 @@ GEM
491 490
       link_header (~> 0.0, >= 0.0.8)
492 491
     rdf-normalize (0.4.0)
493 492
       rdf (~> 3.1)
494
-    redis (4.1.3)
495
-    redis-actionpack (5.0.2)
496
-      actionpack (>= 4.0, < 6)
497
-      redis-rack (>= 1, < 3)
493
+    redis (4.1.4)
494
+    redis-actionpack (5.2.0)
495
+      actionpack (>= 5, < 7)
496
+      redis-rack (>= 2.1.0, < 3)
498 497
       redis-store (>= 1.1.0, < 2)
499
-    redis-activesupport (5.0.4)
500
-      activesupport (>= 3, < 6)
498
+    redis-activesupport (5.2.0)
499
+      activesupport (>= 3, < 7)
501 500
       redis-store (>= 1.3, < 2)
502 501
     redis-namespace (1.7.0)
503 502
       redis (>= 3.0.4)
504
-    redis-rack (2.0.4)
505
-      rack (>= 1.5, < 3)
503
+    redis-rack (2.1.2)
504
+      rack (>= 2.0.8, < 3)
506 505
       redis-store (>= 1.2, < 2)
507 506
     redis-rails (5.0.2)
508 507
       redis-actionpack (>= 5.0, < 6)
509 508
       redis-activesupport (>= 5.0, < 6)
510 509
       redis-store (>= 1.2, < 2)
511
-    redis-store (1.5.0)
512
-      redis (>= 2.2, < 5)
513
-    regexp_parser (1.6.0)
510
+    redis-store (1.8.2)
511
+      redis (>= 4, < 5)
512
+    regexp_parser (1.7.0)
514 513
     request_store (1.5.0)
515 514
       rack (>= 1.4)
516 515
     responders (3.0.0)
517 516
       actionpack (>= 5.0)
518 517
       railties (>= 5.0)
518
+    rexml (3.2.4)
519 519
     rotp (2.1.2)
520 520
     rpam2 (4.0.2)
521 521
     rqrcode (1.1.2)
522 522
       chunky_png (~> 1.0)
523 523
       rqrcode_core (~> 0.1)
524
-    rqrcode_core (0.1.1)
525
-    rspec-core (3.9.0)
526
-      rspec-support (~> 3.9.0)
527
-    rspec-expectations (3.9.0)
524
+    rqrcode_core (0.1.2)
525
+    rspec-core (3.9.2)
526
+      rspec-support (~> 3.9.3)
527
+    rspec-expectations (3.9.2)
528 528
       diff-lcs (>= 1.2.0, < 2.0)
529 529
       rspec-support (~> 3.9.0)
530
-    rspec-mocks (3.9.0)
530
+    rspec-mocks (3.9.1)
531 531
       diff-lcs (>= 1.2.0, < 2.0)
532 532
       rspec-support (~> 3.9.0)
533
-    rspec-rails (3.9.0)
534
-      actionpack (>= 3.0)
535
-      activesupport (>= 3.0)
536
-      railties (>= 3.0)
537
-      rspec-core (~> 3.9.0)
538
-      rspec-expectations (~> 3.9.0)
539
-      rspec-mocks (~> 3.9.0)
540
-      rspec-support (~> 3.9.0)
533
+    rspec-rails (4.0.0)
534
+      actionpack (>= 4.2)
535
+      activesupport (>= 4.2)
536
+      railties (>= 4.2)
537
+      rspec-core (~> 3.9)
538
+      rspec-expectations (~> 3.9)
539
+      rspec-mocks (~> 3.9)
540
+      rspec-support (~> 3.9)
541 541
     rspec-sidekiq (3.0.3)
542 542
       rspec-core (~> 3.0, >= 3.0.0)
543 543
       sidekiq (>= 2.4.0)
544
-    rspec-support (3.9.0)
545
-    rubocop (0.79.0)
544
+    rspec-support (3.9.3)
545
+    rspec_junit_formatter (0.4.1)
546
+      rspec-core (>= 2, < 4, != 2.12.0)
547
+    rubocop (0.82.0)
546 548
       jaro_winkler (~> 1.5.1)
547 549
       parallel (~> 1.10)
548 550
       parser (>= 2.7.0.1)
549 551
       rainbow (>= 2.2.2, < 4.0)
552
+      rexml
550 553
       ruby-progressbar (~> 1.7)
551
-      unicode-display_width (>= 1.4.0, < 1.7)
552
-    rubocop-rails (2.4.2)
554
+      unicode-display_width (>= 1.4.0, < 2.0)
555
+    rubocop-rails (2.5.2)
556
+      activesupport
553 557
       rack (>= 1.1)
554 558
       rubocop (>= 0.72.0)
555 559
     ruby-progressbar (1.10.1)
556
-    ruby-saml (1.9.0)
560
+    ruby-saml (1.11.0)
557 561
       nokogiri (>= 1.5.10)
558
-    rufus-scheduler (3.5.2)
559
-      fugit (~> 1.1, >= 1.1.5)
562
+    rufus-scheduler (3.6.0)
563
+      fugit (~> 1.1, >= 1.1.6)
560 564
     safe_yaml (1.0.5)
561 565
     sanitize (5.1.0)
562 566
       crass (~> 1.0.2)
563 567
       nokogiri (>= 1.8.0)
564 568
       nokogumbo (~> 2.0)
565
-    sidekiq (5.2.7)
566
-      connection_pool (~> 2.2, >= 2.2.2)
567
-      rack (>= 1.5.0)
568
-      rack-protection (>= 1.5.0)
569
-      redis (>= 3.3.5, < 5)
569
+    semantic_range (2.3.0)
570
+    sidekiq (6.0.7)
571
+      connection_pool (>= 2.2.2)
572
+      rack (~> 2.0)
573
+      rack-protection (>= 2.0.0)
574
+      redis (>= 4.1.0)
570 575
     sidekiq-bulk (0.2.0)
571 576
       sidekiq
572
-    sidekiq-scheduler (3.0.0)
577
+    sidekiq-scheduler (3.0.1)
578
+      e2mmap
573 579
       redis (>= 3, < 5)
574 580
       rufus-scheduler (~> 3.2)
575 581
       sidekiq (>= 3)
582
+      thwait
576 583
       tilt (>= 1.4.0)
577
-    sidekiq-unique-jobs (6.0.18)
584
+    sidekiq-unique-jobs (6.0.21)
578 585
       concurrent-ruby (~> 1.0, >= 1.0.5)
579 586
       sidekiq (>= 4.0, < 7.0)
580 587
       thor (~> 0)
581 588
     simple-navigation (4.1.0)
582 589
       activesupport (>= 2.3.2)
583
-    simple_form (5.0.1)
590
+    simple_form (5.0.2)
584 591
       actionpack (>= 5.0)
585 592
       activemodel (>= 5.0)
586
-    simplecov (0.18.2)
593
+    simplecov (0.18.5)
587 594
       docile (~> 1.1)
588 595
       simplecov-html (~> 0.11)
589
-    simplecov-html (0.12.0)
596
+    simplecov-html (0.12.2)
590 597
     sprockets (3.7.2)
591 598
       concurrent-ruby (~> 1.0)
592 599
       rack (> 1, < 3)
@@ -594,7 +601,7 @@ GEM
594 601
       actionpack (>= 4.0)
595 602
       activesupport (>= 4.0)
596 603
       sprockets (>= 3.0.0)
597
-    sshkit (1.20.0)
604
+    sshkit (1.21.0)
598 605
       net-scp (>= 1.1.2)
599 606
       net-ssh (>= 2.8.0)
600 607
     stackprof (0.2.15)
@@ -602,7 +609,7 @@ GEM
602 609
     stoplight (2.2.0)
603 610
     streamio-ffmpeg (3.0.2)
604 611
       multi_json (~> 1.8)
605
-    strong_migrations (0.5.1)
612
+    strong_migrations (0.6.6)
606 613
       activerecord (>= 5)
607 614
     temple (0.8.2)
608 615
     terminal-table (1.8.0)
@@ -613,11 +620,11 @@ GEM
613 620
     thread_safe (0.3.6)
614 621
     thwait (0.1.0)
615 622
     tilt (2.0.10)
616
-    tty-color (0.5.0)
623
+    tty-color (0.5.1)
617 624
     tty-command (0.9.0)
618 625
       pastel (~> 0.7.0)
619
-    tty-cursor (0.7.0)
620
-    tty-prompt (0.20.0)
626
+    tty-cursor (0.7.1)
627
+    tty-prompt (0.21.0)
621 628
       necromancer (~> 0.5.0)
622 629
       pastel (~> 0.7.0)
623 630
       tty-reader (~> 0.7.0)
@@ -625,28 +632,29 @@ GEM
625 632
       tty-cursor (~> 0.7)
626 633
       tty-screen (~> 0.7)
627 634
       wisper (~> 2.0.0)
628
-    tty-screen (0.7.0)
635
+    tty-screen (0.7.1)
629 636
     twitter-text (1.14.7)
630 637
       unf (~> 0.1.0)
631
-    tzinfo (1.2.6)
638
+    tzinfo (1.2.7)
632 639
       thread_safe (~> 0.1)
633
-    tzinfo-data (1.2019.3)
640
+    tzinfo-data (1.2020.1)
634 641
       tzinfo (>= 1.0.0)
635 642
     unf (0.1.4)
636 643
       unf_ext
637
-    unf_ext (0.0.7.6)
638
-    unicode-display_width (1.6.1)
644
+    unf_ext (0.0.7.7)
645
+    unicode-display_width (1.7.0)
639 646
     uniform_notifier (1.13.0)
640 647
     warden (1.2.8)
641 648
       rack (>= 2.0.6)
642
-    webmock (3.8.0)
649
+    webmock (3.8.3)
643 650
       addressable (>= 2.3.6)
644 651
       crack (>= 0.3.2)
645 652
       hashdiff (>= 0.4.0, < 2.0.0)
646
-    webpacker (4.2.2)
647
-      activesupport (>= 4.2)
653
+    webpacker (5.1.1)
654
+      activesupport (>= 5.2)
648 655
       rack-proxy (>= 0.6.1)
649
-      railties (>= 4.2)
656
+      railties (>= 5.2)
657
+      semantic_range (>= 2.3.0)
650 658
     webpush (0.3.8)
651 659
       hkdf (~> 0.2)
652 660
       jwt (~> 2.0)
@@ -664,36 +672,36 @@ DEPENDENCIES
664 672
   active_model_serializers (~> 0.10)
665 673
   active_record_query_trace (~> 1.7)
666 674
   addressable (~> 2.7)
667
-  annotate (~> 3.0)
668
-  aws-sdk-s3 (~> 1.60)
669
-  better_errors (~> 2.5)
675
+  annotate (~> 3.1)
676
+  aws-sdk-s3 (~> 1.64)
677
+  better_errors (~> 2.7)
670 678
   binding_of_caller (~> 0.7)
671 679
   blurhash (~> 0.1)
672 680
   bootsnap (~> 1.4)
673
-  brakeman (~> 4.7)
681
+  brakeman (~> 4.8)
674 682
   browser
675 683
   bullet (~> 6.1)
676 684
   bundler-audit (~> 0.6)
677
-  capistrano (~> 3.11)
685
+  capistrano (~> 3.14)
678 686
   capistrano-rails (~> 1.4)
679 687
   capistrano-rbenv (~> 2.1)
680 688
   capistrano-yarn (~> 2.0)
681
-  capybara (~> 3.31)
689
+  capybara (~> 3.32)
682 690
   charlock_holmes (~> 0.7.7)
683 691
   chewy (~> 5.1)
684
-  cld3 (~> 3.2.6)
692
+  cld3 (~> 3.3.0)
685 693
   climate_control (~> 0.2)
686 694
   concurrent-ruby
687 695
   connection_pool
688 696
   devise (~> 4.7)
689 697
   devise-two-factor (~> 3.1)
690 698
   devise_pam_authenticatable2 (~> 9.2)
691
-  discard (~> 1.1)
692
-  doorkeeper (~> 5.2)
699
+  discard (~> 1.2)
700
+  doorkeeper (~> 5.4)
693 701
   dotenv-rails (~> 2.7)
694 702
   e2mmap (~> 0.1.0)
695 703
   fabrication (~> 2.21)
696
-  faker (~> 2.10)
704
+  faker (~> 2.11)
697 705
   fast_blank (~> 1.0)
698 706
   fastimage
699 707
   fog-core (<= 2.1.0)
@@ -704,7 +712,7 @@ DEPENDENCIES
704 712
   health_check!
705 713
   hiredis (~> 0.6)
706 714
   htmlentities (~> 4.3)
707
-  http (~> 4.3)
715
+  http (~> 4.4)
708 716
   http_accept_language (~> 2.1)
709 717
   http_parser.rb (~> 0.6)!
710 718
   httplog (~> 1.4.2)
@@ -713,7 +721,7 @@ DEPENDENCIES
713 721
   iso-639
714 722
   json-ld
715 723
   json-ld-preloaded (~> 3.1)
716
-  kaminari (~> 1.1)
724
+  kaminari (~> 1.2)
717 725
   letter_opener (~> 1.7)
718 726
   letter_opener_web (~> 1.4)
719 727
   link_header (~> 0.0)
@@ -731,11 +739,11 @@ DEPENDENCIES
731 739
   omniauth (~> 1.9)
732 740
   omniauth-cas (~> 1.1)
733 741
   omniauth-saml (~> 1.10)
734
-  ox (~> 2.12)
742
+  ox (~> 2.13)
735 743
   paperclip (~> 6.0)
736 744
   paperclip-av-transcoder (~> 0.6)
737 745
   parallel (~> 1.19)
738
-  parallel_tests (~> 2.30)
746
+  parallel_tests (~> 2.32)
739 747
   parslet
740 748
   pg (~> 1.2)
741 749
   pghero (~> 2.4)
@@ -743,14 +751,14 @@ DEPENDENCIES
743 751
   posix-spawn!
744 752
   premailer-rails
745 753
   private_address_check (~> 0.5)
746
-  pry-byebug (~> 3.8)
754
+  pry-byebug (~> 3.9)
747 755
   pry-rails (~> 0.3)
748 756
   puma (~> 4.3)
749 757
   pundit (~> 2.1)
750 758
   rack (~> 2.2.2)
751
-  rack-attack (~> 6.2)
759
+  rack-attack (~> 6.3)
752 760
   rack-cors (~> 1.1)
753
-  rails (~> 5.2.4)
761
+  rails (~> 5.2.4.2)
754 762
   rails-controller-testing (~> 1.0)
755 763
   rails-i18n (~> 5.1)
756 764
   rails-settings-cached (~> 0.6)
@@ -759,13 +767,14 @@ DEPENDENCIES
759 767
   redis-namespace (~> 1.7)
760 768
   redis-rails (~> 5.0)
761 769
   rqrcode (~> 1.1)
762
-  rspec-rails (~> 3.9)
770
+  rspec-rails (~> 4.0)
763 771
   rspec-sidekiq (~> 3.0)
764
-  rubocop (~> 0.79)
765
-  rubocop-rails (~> 2.4)
772
+  rspec_junit_formatter (~> 0.4)
773
+  rubocop (~> 0.82)
774
+  rubocop-rails (~> 2.5)
766 775
   ruby-progressbar (~> 1.10)
767 776
   sanitize (~> 5.1)
768
-  sidekiq (~> 5.2)
777
+  sidekiq (~> 6.0)
769 778
   sidekiq-bulk (~> 0.2.0)
770 779
   sidekiq-scheduler (~> 3.0)
771 780
   sidekiq-unique-jobs (~> 6.0)
@@ -777,13 +786,13 @@ DEPENDENCIES
777 786
   stackprof
778 787
   stoplight (~> 2.2.0)
779 788
   streamio-ffmpeg (~> 3.0)
780
-  strong_migrations (~> 0.5)
789
+  strong_migrations (~> 0.6)
781 790
   thor (~> 0.20)
782 791
   thwait (~> 0.1.0)
783 792
   tty-command (~> 0.9)
784
-  tty-prompt (~> 0.20)
793
+  tty-prompt (~> 0.21)
785 794
   twitter-text (~> 1.14)
786
-  tzinfo-data (~> 1.2019)
795
+  tzinfo-data (~> 1.2020)
787 796
   webmock (~> 3.8)
788
-  webpacker (~> 4.2)
797
+  webpacker (~> 5.1)
789 798
   webpush

+ 3
- 3
README.md View File

@@ -68,8 +68,8 @@ Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Strea
68 68
 **Requirements:**
69 69
 
70 70
 - **PostgreSQL** 9.5+
71
-- **Redis**
72
-- **Ruby** 2.4+
71
+- **Redis** 4+
72
+- **Ruby** 2.5+
73 73
 - **Node.js** 10.13+
74 74
 
75 75
 The repository includes deployment configurations for **Docker and docker-compose**, but also a few specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. The [**stand-alone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
@@ -80,7 +80,7 @@ A **Vagrant** configuration is included for development purposes.
80 80
 
81 81
 Mastodon is **free, open-source software** licensed under **AGPLv3**.
82 82
 
83
-You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Weblate. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
83
+You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
84 84
 
85 85
 **IRC channel**: #mastodon on irc.freenode.net
86 86
 

+ 1
- 1
Vagrantfile View File

@@ -91,7 +91,7 @@ VAGRANTFILE_API_VERSION = "2"
91 91
 
92 92
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
93 93
 
94
-  config.vm.box = "ubuntu/xenial64"
94
+  config.vm.box = "ubuntu/bionic64"
95 95
 
96 96
   config.vm.provider :virtualbox do |vb|
97 97
     vb.name = "mastodon"

+ 5
- 0
app/chewy/statuses_index.rb View File

@@ -47,6 +47,11 @@ class StatusesIndex < Chewy::Index
47 47
       data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
48 48
     end
49 49
 
50
+    crutch :bookmarks do |collection|
51
+      data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
52
+      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
53
+    end
54
+
50 55
     root date_detection: false do
51 56
       field :id, type: 'long'
52 57
       field :account_id, type: 'long'

+ 1
- 1
app/controllers/account_follow_controller.rb View File

@@ -6,7 +6,7 @@ class AccountFollowController < ApplicationController
6 6
   before_action :authenticate_user!
7 7
 
8 8
   def create
9
-    FollowService.new.call(current_user.account, @account.acct)
9
+    FollowService.new.call(current_user.account, @account, with_rate_limit: true)
10 10
     redirect_to account_path(@account)
11 11
   end
12 12
 end

+ 10
- 10
app/controllers/accounts_controller.rb View File

@@ -27,7 +27,7 @@ class AccountsController < ApplicationController
27 27
         end
28 28
 
29 29
         @pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
30
-        @statuses        = filtered_status_page(params)
30
+        @statuses        = filtered_status_page
31 31
         @statuses        = cache_collection(@statuses, Status)
32 32
         @rss_url         = rss_url
33 33
 
@@ -40,7 +40,7 @@ class AccountsController < ApplicationController
40 40
       format.rss do
41 41
         expires_in 1.minute, public: true
42 42
 
43
-        @statuses = filtered_statuses.without_reblogs.without_replies.limit(PAGE_SIZE)
43
+        @statuses = filtered_statuses.without_reblogs.limit(PAGE_SIZE)
44 44
         @statuses = cache_collection(@statuses, Status)
45 45
         render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
46 46
       end
@@ -129,23 +129,23 @@ class AccountsController < ApplicationController
129 129
   end
130 130
 
131 131
   def media_requested?
132
-    request.path.ends_with?('/media') && !tag_requested?
132
+    request.path.split('.').first.ends_with?('/media') && !tag_requested?
133 133
   end
134 134
 
135 135
   def replies_requested?
136
-    request.path.ends_with?('/with_replies') && !tag_requested?
136
+    request.path.split('.').first.ends_with?('/with_replies') && !tag_requested?
137 137
   end
138 138
 
139 139
   def tag_requested?
140 140
     request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
141 141
   end
142 142
 
143
-  def filtered_status_page(params)
144
-    if params[:min_id].present?
145
-      filtered_statuses.paginate_by_min_id(PAGE_SIZE, params[:min_id]).reverse
146
-    else
147
-      filtered_statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id]).to_a
148
-    end
143
+  def filtered_status_page
144
+    filtered_statuses.paginate_by_id(PAGE_SIZE, params_slice(:max_id, :min_id, :since_id))
145
+  end
146
+
147
+  def params_slice(*keys)
148
+    params.slice(*keys).permit(*keys)
149 149
   end
150 150
 
151 151
   def restrict_fields_to

+ 10
- 7
app/controllers/activitypub/collections_controller.rb View File

@@ -24,20 +24,23 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
24 24
   def set_size
25 25
     case params[:id]
26 26
     when 'featured'
27
-      @account.pinned_statuses.count
27
+      @size = @account.pinned_statuses.count
28 28
     else
29
-      raise ActiveRecord::RecordNotFound
29
+      not_found
30 30
     end
31 31
   end
32 32
 
33 33
   def scope_for_collection
34 34
     case params[:id]
35 35
     when 'featured'
36
-      return Status.none if @account.blocking?(signed_request_account)
37
-
38
-      @account.pinned_statuses
39
-    else
40
-      raise ActiveRecord::RecordNotFound
36
+      # Because in public fetch mode we cache the response, there would be no
37
+      # benefit from performing the check below, since a blocked account or domain
38
+      # would likely be served the cache from the reverse proxy anyway
39
+      if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
40
+        Status.none
41
+      else
42
+        @account.pinned_statuses
43
+      end
41 44
     end
42 45
   end
43 46
 

+ 1
- 1
app/controllers/activitypub/inboxes_controller.rb View File

@@ -49,7 +49,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
49 49
       ResolveAccountWorker.perform_async(signed_request_account.acct)
50 50
     end
51 51
 
52
-    DeliveryFailureTracker.track_inverse_success!(signed_request_account)
52
+    DeliveryFailureTracker.reset!(signed_request_account.inbox_url)
53 53
   end
54 54
 
55 55
   def process_payload

+ 3
- 3
app/controllers/activitypub/outboxes_controller.rb View File

@@ -11,7 +11,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
11 11
   before_action :set_cache_headers
12 12
 
13 13
   def show
14
-    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
14
+    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?))
15 15
     render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
16 16
   end
17 17
 
@@ -50,12 +50,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
50 50
     return unless page_requested?
51 51
 
52 52
     @statuses = @account.statuses.permitted_for(@account, signed_request_account)
53
-    @statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id])
53
+    @statuses = @statuses.paginate_by_id(LIMIT, params_slice(:max_id, :min_id, :since_id))
54 54
     @statuses = cache_collection(@statuses, Status)
55 55
   end
56 56
 
57 57
   def page_requested?
58
-    params[:page] == 'true'
58
+    truthy_param?(:page)
59 59
   end
60 60
 
61 61
   def page_params

+ 15
- 6
app/controllers/activitypub/replies_controller.rb View File

@@ -1,7 +1,7 @@
1 1
 # frozen_string_literal: true
2 2
 
3 3
 class ActivityPub::RepliesController < ActivityPub::BaseController
4
-  include SignatureAuthentication
4
+  include SignatureVerification
5 5
   include Authorization
6 6
   include AccountOwnedConcern
7 7
 
@@ -19,15 +19,19 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
19 19
 
20 20
   private
21 21
 
22
+  def pundit_user
23
+    signed_request_account
24
+  end
25
+
22 26
   def set_status
23 27
     @status = @account.statuses.find(params[:status_id])
24 28
     authorize @status, :show?
25 29
   rescue Mastodon::NotPermittedError
26
-    raise ActiveRecord::RecordNotFound
30
+    not_found
27 31
   end
28 32
 
29 33
   def set_replies
30
-    @replies = page_params[:only_other_accounts] ? Status.where.not(account_id: @account.id) : @account.statuses
34
+    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id) : @account.statuses
31 35
     @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
32 36
     @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
33 37
   end
@@ -38,7 +42,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
38 42
       type: :unordered,
39 43
       part_of: account_status_replies_url(@account, @status),
40 44
       next: next_page,
41
-      items: @replies.map { |status| status.local ? status : status.uri }
45
+      items: @replies.map { |status| status.local? ? status : status.uri }
42 46
     )
43 47
 
44 48
     return page if page_requested?
@@ -51,16 +55,21 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
51 55
   end
52 56
 
53 57
   def page_requested?
54
-    params[:page] == 'true'
58
+    truthy_param?(:page)
59
+  end
60
+
61
+  def only_other_accounts?
62
+    truthy_param?(:only_other_accounts)
55 63
   end
56 64
 
57 65
   def next_page
58 66
     only_other_accounts = !(@replies&.last&.account_id == @account.id && @replies.size == DESCENDANTS_LIMIT)
67
+
59 68
     account_status_replies_url(
60 69
       @account,
61 70
       @status,
62 71
       page: true,
63
-      min_id: only_other_accounts && !page_params[:only_other_accounts] ? nil : @replies&.last&.id,
72
+      min_id: only_other_accounts && !only_other_accounts? ? nil : @replies&.last&.id,
64 73
       only_other_accounts: only_other_accounts
65 74
     )
66 75
   end

+ 12
- 2
app/controllers/admin/action_logs_controller.rb View File

@@ -2,8 +2,18 @@
2 2
 
3 3
 module Admin
4 4
   class ActionLogsController < BaseController
5
-    def index
6
-      @action_logs = Admin::ActionLog.page(params[:page])
5
+    before_action :set_action_logs
6
+
7
+    def index; end
8
+
9
+    private
10
+
11
+    def set_action_logs
12
+      @action_logs = Admin::ActionLogFilter.new(filter_params).results.page(params[:page])
13
+    end
14
+
15
+    def filter_params
16
+      params.slice(:page, *Admin::ActionLogFilter::KEYS).permit(:page, *Admin::ActionLogFilter::KEYS)
7 17
     end
8 18
   end
9 19
 end

+ 25
- 3
app/controllers/admin/email_domain_blocks_controller.rb View File

@@ -6,12 +6,12 @@ module Admin
6 6
 
7 7
     def index
8 8
       authorize :email_domain_block, :index?
9
-      @email_domain_blocks = EmailDomainBlock.page(params[:page])
9
+      @email_domain_blocks = EmailDomainBlock.where(parent_id: nil).includes(:children).order(id: :desc).page(params[:page])
10 10
     end
11 11
 
12 12
     def new
13 13
       authorize :email_domain_block, :create?
14
-      @email_domain_block = EmailDomainBlock.new
14
+      @email_domain_block = EmailDomainBlock.new(domain: params[:_domain])
15 15
     end
16 16
 
17 17
     def create
@@ -21,6 +21,28 @@ module Admin
21 21
 
22 22
       if @email_domain_block.save
23 23
         log_action :create, @email_domain_block
24
+
25
+        if @email_domain_block.with_dns_records?
26
+          hostnames = []
27
+          ips       = []
28
+
29
+          Resolv::DNS.open do |dns|
30
+            dns.timeouts = 1
31
+
32
+            hostnames = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
33
+
34
+            ([@email_domain_block.domain] + hostnames).uniq.each do |hostname|
35
+              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
36
+              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::AAAA).to_a.map { |e| e.address.to_s })
37
+            end
38
+          end
39
+
40
+          (hostnames + ips).each do |hostname|
41
+            another_email_domain_block = EmailDomainBlock.new(domain: hostname, parent: @email_domain_block)
42
+            log_action :create, another_email_domain_block if another_email_domain_block.save
43
+          end
44
+        end
45
+
24 46
         redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
25 47
       else
26 48
         render :new
@@ -41,7 +63,7 @@ module Admin
41 63
     end
42 64
 
43 65
     def resource_params
44
-      params.require(:email_domain_block).permit(:domain)
66
+      params.require(:email_domain_block).permit(:domain, :with_dns_records)
45 67
     end
46 68
   end
47 69
 end

+ 1
- 1
app/controllers/admin/instances_controller.rb View File

@@ -19,7 +19,7 @@ module Admin
19 19
       @followers_count = Follow.where(target_account: Account.where(domain: params[:id])).count
20 20
       @reports_count   = Report.where(target_account: Account.where(domain: params[:id])).count
21 21
       @blocks_count    = Block.where(target_account: Account.where(domain: params[:id])).count
22
-      @available       = DeliveryFailureTracker.available?(Account.select(:shared_inbox_url).where(domain: params[:id]).first&.shared_inbox_url)
22
+      @available       = DeliveryFailureTracker.available?(params[:id])
23 23
       @media_storage   = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
24 24
       @private_comment = @domain_block&.private_comment
25 25
       @public_comment  = @domain_block&.public_comment

+ 21
- 0
app/controllers/admin/site_uploads_controller.rb View File

@@ -0,0 +1,21 @@
1
+# frozen_string_literal: true
2
+
3
+module Admin
4
+  class SiteUploadsController < BaseController
5
+    before_action :set_site_upload
6
+
7
+    def destroy
8
+      authorize :settings, :destroy?
9
+
10
+      @site_upload.destroy!
11
+
12
+      redirect_to edit_admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
13
+    end
14
+
15
+    private
16
+
17
+    def set_site_upload
18
+      @site_upload = SiteUpload.find(params[:id])
19
+    end
20
+  end
21
+end

+ 3
- 3
app/controllers/admin/warning_presets_controller.rb View File

@@ -7,7 +7,7 @@ module Admin
7 7
     def index
8 8
       authorize :account_warning_preset, :index?
9 9
 
10
-      @warning_presets = AccountWarningPreset.all
10
+      @warning_presets = AccountWarningPreset.alphabetic
11 11
       @warning_preset  = AccountWarningPreset.new
12 12
     end
13 13
 
@@ -19,7 +19,7 @@ module Admin
19 19
       if @warning_preset.save
20 20
         redirect_to admin_warning_presets_path
21 21
       else
22
-        @warning_presets = AccountWarningPreset.all
22
+        @warning_presets = AccountWarningPreset.alphabetic
23 23
         render :index
24 24
       end
25 25
     end
@@ -52,7 +52,7 @@ module Admin
52 52
     end
53 53
 
54 54
     def warning_preset_params
55
-      params.require(:account_warning_preset).permit(:text)
55
+      params.require(:account_warning_preset).permit(:title, :text)
56 56
     end
57 57
   end
58 58
 end

+ 4
- 0
app/controllers/api/base_controller.rb View File

@@ -44,6 +44,10 @@ class Api::BaseController < ApplicationController
44 44
     render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
45 45
   end
46 46
 
47
+  rescue_from Mastodon::RateLimitExceededError do
48
+    render json: { error: I18n.t('errors.429') }, status: 429
49
+  end
50
+
47 51
   rescue_from ActionController::ParameterMissing do |e|
48 52
     render json: { error: e.to_s }, status: 400
49 53
   end

+ 2
- 4
app/controllers/api/v1/accounts/follower_accounts_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
5 5
   before_action :set_account
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @accounts = load_accounts
12 10
     render json: @accounts, each_serializer: REST::AccountSerializer
@@ -22,12 +20,12 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
22 20
     return [] if hide_results?
23 21
 
24 22
     scope = default_accounts
25
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
23
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
26 24
     scope.merge(paginated_follows).to_a
27 25
   end
28 26
 
29 27
   def hide_results?
30
-    (@account.user_hides_network? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
28
+    (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
31 29
   end
32 30
 
33 31
   def default_accounts

+ 2
- 4
app/controllers/api/v1/accounts/following_accounts_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
5 5
   before_action :set_account
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @accounts = load_accounts
12 10
     render json: @accounts, each_serializer: REST::AccountSerializer
@@ -22,12 +20,12 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
22 20
     return [] if hide_results?
23 21
 
24 22
     scope = default_accounts
25
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
23
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
26 24
     scope.merge(paginated_follows).to_a
27 25
   end
28 26
 
29 27
   def hide_results?
30
-    (@account.user_hides_network? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
28
+    (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
31 29
   end
32 30
 
33 31
   def default_accounts

+ 0
- 2
app/controllers/api/v1/accounts/identity_proofs_controller.rb View File

@@ -4,8 +4,6 @@ class Api::V1::Accounts::IdentityProofsController < Api::BaseController
4 4
   before_action :require_user!
5 5
   before_action :set_account
6 6
 
7
-  respond_to :json
8
-
9 7
   def index
10 8
     @proofs = @account.identity_proofs.active
11 9
     render json: @proofs, each_serializer: REST::IdentityProofSerializer

+ 0
- 2
app/controllers/api/v1/accounts/lists_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::Accounts::ListsController < Api::BaseController
5 5
   before_action :require_user!
6 6
   before_action :set_account
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @lists = @account.lists.where(account: current_account)
12 10
     render json: @lists, each_serializer: REST::ListSerializer

+ 0
- 2
app/controllers/api/v1/accounts/pins_controller.rb View File

@@ -7,8 +7,6 @@ class Api::V1::Accounts::PinsController < Api::BaseController
7 7
   before_action :require_user!
8 8
   before_action :set_account
9 9
 
10
-  respond_to :json
11
-
12 10
   def create
13 11
     AccountPin.create!(account: current_account, target_account: @account)
14 12
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships_presenter

+ 0
- 2
app/controllers/api/v1/accounts/relationships_controller.rb View File

@@ -4,8 +4,6 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
4 4
   before_action -> { doorkeeper_authorize! :read, :'read:follows' }
5 5
   before_action :require_user!
6 6
 
7
-  respond_to :json
8
-
9 7
   def index
10 8
     accounts = Account.where(id: account_ids).select('id')
11 9
     # .where doesn't guarantee that our results are in the same order

+ 0
- 2
app/controllers/api/v1/accounts/search_controller.rb View File

@@ -4,8 +4,6 @@ class Api::V1::Accounts::SearchController < Api::BaseController
4 4
   before_action -> { doorkeeper_authorize! :read, :'read:accounts' }
5 5
   before_action :require_user!
6 6
 
7
-  respond_to :json
8
-
9 7
   def show
10 8
     @accounts = account_search
11 9
     render json: @accounts, each_serializer: REST::AccountSerializer

+ 0
- 2
app/controllers/api/v1/accounts/statuses_controller.rb View File

@@ -6,8 +6,6 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
6 6
 
7 7
   after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
8 8
 
9
-  respond_to :json
10
-
11 9
   def index
12 10
     @statuses = load_statuses
13 11
     render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)

+ 2
- 2
app/controllers/api/v1/accounts_controller.rb View File

@@ -14,7 +14,7 @@ class Api::V1::AccountsController < Api::BaseController
14 14
 
15 15
   skip_before_action :require_authenticated_user!, only: :create
16 16
 
17
-  respond_to :json
17
+  override_rate_limit_headers :follow, family: :follows
18 18
 
19 19
   def show
20 20
     render json: @account, serializer: REST::AccountSerializer
@@ -31,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController
31 31
   end
32 32
 
33 33
   def follow
34
-    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))
34
+    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs), with_rate_limit: true)
35 35
 
36 36
     options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }
37 37
 

+ 0
- 2
app/controllers/api/v1/apps/credentials_controller.rb View File

@@ -3,8 +3,6 @@
3 3
 class Api::V1::Apps::CredentialsController < Api::BaseController
4 4
   before_action -> { doorkeeper_authorize! :read }
5 5
 
6
-  respond_to :json
7
-
8 6
   def show
9 7
     render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key)
10 8
   end

+ 0
- 2
app/controllers/api/v1/blocks_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::BlocksController < Api::BaseController
5 5
   before_action :require_user!
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @accounts = load_accounts
12 10
     render json: @accounts, each_serializer: REST::AccountSerializer

+ 0
- 2
app/controllers/api/v1/bookmarks_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::BookmarksController < Api::BaseController
5 5
   before_action :require_user!
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @statuses = load_statuses
12 10
     render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)

+ 0
- 2
app/controllers/api/v1/conversations_controller.rb View File

@@ -9,8 +9,6 @@ class Api::V1::ConversationsController < Api::BaseController
9 9
   before_action :set_conversation, except: :index
10 10
   after_action :insert_pagination_headers, only: :index
11 11
 
12
-  respond_to :json
13
-
14 12
   def index
15 13
     @conversations = paginated_conversations
16 14
     render json: @conversations, each_serializer: REST::ConversationSerializer

+ 0
- 2
app/controllers/api/v1/custom_emojis_controller.rb View File

@@ -1,8 +1,6 @@
1 1
 # frozen_string_literal: true
2 2
 
3 3
 class Api::V1::CustomEmojisController < Api::BaseController
4
-  respond_to :json
5
-
6 4
   skip_before_action :set_cache_headers
7 5
 
8 6
   def index

+ 0
- 2
app/controllers/api/v1/domain_blocks_controller.rb View File

@@ -8,8 +8,6 @@ class Api::V1::DomainBlocksController < Api::BaseController
8 8
   before_action :require_user!
9 9
   after_action :insert_pagination_headers, only: :show
10 10
 
11
-  respond_to :json
12
-
13 11
   def show
14 12
     @blocks = load_domain_blocks
15 13
     render json: @blocks.map(&:domain)

+ 0
- 2
app/controllers/api/v1/endorsements_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::EndorsementsController < Api::BaseController
5 5
   before_action :require_user!
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @accounts = load_accounts
12 10
     render json: @accounts, each_serializer: REST::AccountSerializer

+ 0
- 2
app/controllers/api/v1/favourites_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::FavouritesController < Api::BaseController
5 5
   before_action :require_user!
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @statuses = load_statuses
12 10
     render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)

+ 0
- 3
app/controllers/api/v1/featured_tags/suggestions_controller.rb View File

@@ -2,12 +2,9 @@
2 2
 
3 3
 class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
4 4
   before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, only: :index
5
-
6 5
   before_action :require_user!
7 6
   before_action :set_most_used_tags, only: :index
8 7
 
9
-  respond_to :json
10
-
11 8
   def index
12 9
     render json: @most_used_tags, each_serializer: REST::TagSerializer
13 10
   end

+ 0
- 2
app/controllers/api/v1/filters_controller.rb View File

@@ -7,8 +7,6 @@ class Api::V1::FiltersController < Api::BaseController
7 7
   before_action :set_filters, only: :index
8 8
   before_action :set_filter, only: [:show, :update, :destroy]
9 9
 
10
-  respond_to :json
11
-
12 10
   def index
13 11
     render json: @filters, each_serializer: REST::FilterSerializer
14 12
   end

+ 0
- 2
app/controllers/api/v1/instances/activity_controller.rb View File

@@ -6,8 +6,6 @@ class Api::V1::Instances::ActivityController < Api::BaseController
6 6
   skip_before_action :set_cache_headers
7 7
   skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
8 8
 
9
-  respond_to :json
10
-
11 9
   def show
12 10
     expires_in 1.day, public: true
13 11
     render_with_cache json: :activity, expires_in: 1.day

+ 0
- 2
app/controllers/api/v1/instances/peers_controller.rb View File

@@ -6,8 +6,6 @@ class Api::V1::Instances::PeersController < Api::BaseController
6 6
   skip_before_action :set_cache_headers
7 7
   skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
8 8
 
9
-  respond_to :json
10
-
11 9
   def index
12 10
     expires_in 1.day, public: true
13 11
     render_with_cache(expires_in: 1.day) { Account.remote.domains }

+ 0
- 2
app/controllers/api/v1/instances_controller.rb View File

@@ -1,8 +1,6 @@
1 1
 # frozen_string_literal: true
2 2
 
3 3
 class Api::V1::InstancesController < Api::BaseController
4
-  respond_to :json
5
-
6 4
   skip_before_action :set_cache_headers
7 5
   skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
8 6
 

+ 23
- 8
app/controllers/api/v1/media_controller.rb View File

@@ -3,27 +3,42 @@
3 3
 class Api::V1::MediaController < Api::BaseController
4 4
   before_action -> { doorkeeper_authorize! :write, :'write:media' }
5 5
   before_action :require_user!
6
-
7
-  respond_to :json
6
+  before_action :set_media_attachment, except: [:create]
7
+  before_action :check_processing, except: [:create]
8 8
 
9 9
   def create
10
-    @media = current_account.media_attachments.create!(media_params)
11
-    render json: @media, serializer: REST::MediaAttachmentSerializer
10
+    @media_attachment = current_account.media_attachments.create!(media_attachment_params)
11
+    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer
12 12
   rescue Paperclip::Errors::NotIdentifiedByImageMagickError
13 13
     render json: file_type_error, status: 422
14 14
   rescue Paperclip::Error
15 15
     render json: processing_error, status: 500
16 16
   end
17 17
 
18
+  def show
19
+    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
20
+  end
21
+
18 22
   def update
19
-    @media = current_account.media_attachments.where(status_id: nil).find(params[:id])
20
-    @media.update!(media_params)
21
-    render json: @media, serializer: REST::MediaAttachmentSerializer
23
+    @media_attachment.update!(media_attachment_params)
24
+    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
22 25
   end
23 26
 
24 27
   private
25 28
 
26
-  def media_params
29
+  def status_code_for_media_attachment
30
+    @media_attachment.not_processed? ? 206 : 200
31
+  end
32
+
33
+  def set_media_attachment
34
+    @media_attachment = current_account.media_attachments.unattached.find(params[:id])
35
+  end
36
+
37
+  def check_processing
38
+    render json: processing_error, status: 422 if @media_attachment.processing_failed?
39
+  end
40
+
41
+  def media_attachment_params
27 42
     params.permit(:file, :description, :focus)
28 43
   end
29 44
 

+ 0
- 2
app/controllers/api/v1/mutes_controller.rb View File

@@ -5,8 +5,6 @@ class Api::V1::MutesController < Api::BaseController
5 5
   before_action :require_user!
6 6
   after_action :insert_pagination_headers
7 7
 
8
-  respond_to :json
9
-
10 8
   def index
11 9
     @accounts = load_accounts
12 10
     render json: @accounts, each_serializer: REST::AccountSerializer

+ 0
- 2
app/controllers/api/v1/notifications_controller.rb View File

@@ -6,8 +6,6 @@ class Api::V1::NotificationsController < Api::BaseController
6 6
   before_action :require_user!
7 7
   after_action :insert_pagination_headers, only: :index
8 8
 
9
-  respond_to :json
10
-
11 9
   DEFAULT_NOTIFICATIONS_LIMIT = 15
12 10
 
13 11
   def index

+ 1
- 3
app/controllers/api/v1/polls/votes_controller.rb View File

@@ -7,8 +7,6 @@ class Api::V1::Polls::VotesController < Api::BaseController
7 7
   before_action :require_user!
8 8
   before_action :set_poll
9 9
 
10
-  respond_to :json
11
-
12 10
   def create
13 11
     VoteService.new.call(current_account, @poll, vote_params[:choices])
14 12
     render json: @poll, serializer: REST::PollSerializer
@@ -20,7 +18,7 @@ class Api::V1::Polls::VotesController < Api::BaseController
20 18
     @poll = Poll.attached.find(params[:poll_id])
21 19
     authorize @poll.status, :show?
22 20
   rescue Mastodon::NotPermittedError
23
-    raise ActiveRecord::RecordNotFound
21
+    not_found
24 22
   end
25 23
 
26 24
   def vote_params

+ 1
- 3
app/controllers/api/v1/polls_controller.rb View File

@@ -7,8 +7,6 @@ class Api::V1::PollsController < Api::BaseController
7 7
   before_action :set_poll
8 8
   before_action :refresh_poll