Merge branch 'master' into feature-webpack

.rubocop.yml

@@ -88,3 +88,4 @@ AllCops:
   - 'Rakefile'
   - 'node_modules/**/*'
   - 'Vagrantfile'
+  - 'vendor/**/*'

Capfile

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'capistrano/setup'
 require 'capistrano/deploy'
 require 'capistrano/scm/git'

Gemfile

@@ -83,7 +83,7 @@ group :development do
   gem 'bullet'
   gem 'letter_opener'
   gem 'letter_opener_web'
-  gem 'rubocop', require: false
+  gem 'rubocop', '0.46.0', require: false
 
   gem 'capistrano', '3.8.0'
   gem 'capistrano-rails'

Gemfile.lock

@@ -380,8 +380,8 @@ GEM
       rspec-core (~> 3.0, >= 3.0.0)
       sidekiq (>= 2.4.0)
     rspec-support (3.5.0)
-    rubocop (0.48.1)
-      parser (>= 2.3.3.1, < 3.0)
+    rubocop (0.46.0)
+      parser (>= 2.3.1.1, < 3.0)
       powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.7)
@@ -520,7 +520,7 @@ DEPENDENCIES
   rqrcode
   rspec-rails
   rspec-sidekiq
-  rubocop
+  rubocop (= 0.46.0)
   ruby-oembed
   sanitize
   sidekiq

app/controllers/admin/confirmations_controller.rb

@@ -2,17 +2,15 @@
 
 module Admin
   class ConfirmationsController < BaseController
-    before_action :set_account
-
     def create
-      @account.user.confirm
+      account_user.confirm
       redirect_to admin_accounts_path
     end
 
     private
 
-    def set_account
-      @account = Account.find(params[:account_id])
+    def account_user
+      Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
     end
   end
 end

app/controllers/admin/domain_blocks_controller.rb

@@ -27,7 +27,7 @@ def show
 
     def destroy
       @domain_block = DomainBlock.find(params[:id])
-      UnblockDomainService.new.call(@domain_block, resource_params[:retroactive])
+      UnblockDomainService.new.call(@domain_block, retroactive_unblock?)
       redirect_to admin_domain_blocks_path, notice: I18n.t('admin.domain_blocks.destroyed_msg')
     end
 
@@ -36,5 +36,9 @@ def destroy
     def resource_params
       params.require(:domain_block).permit(:domain, :severity, :reject_media, :retroactive)
     end
+
+    def retroactive_unblock?
+      resource_params[:retroactive] == '1'
+    end
   end
 end

app/controllers/application_controller.rb

@@ -8,6 +8,7 @@ class ApplicationController < ActionController::Base
   force_ssl if: :https_enabled?
 
   include Localized
+  include UserTrackingConcern
 
   helper_method :current_account
   helper_method :single_user_mode?
@@ -17,7 +18,6 @@ class ApplicationController < ActionController::Base
   rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
 
   before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
-  before_action :set_user_activity
   before_action :check_suspension, if: :user_signed_in?
 
   def raise_not_found
@@ -38,16 +38,6 @@ def require_admin!
     redirect_to root_path unless current_user&.admin?
   end
 
-  def set_user_activity
-    return unless !current_user.nil? && (current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < 24.hours.ago)
-
-    # Mark user as signed-in today
-    current_user.update_tracked_fields(request)
-
-    # If the sign in is after a two week break, we need to regenerate their feed
-    RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago
-  end
-
   def check_suspension
     head 403 if current_user.account.suspended?
   end

app/controllers/authorize_follows_controller.rb

@@ -44,7 +44,7 @@ def account_from_remote_follow
   end
 
   def acct_param_is_url?
-    parsed_uri.path && %w[http https].include?(parsed_uri.scheme)
+    parsed_uri.path && %w(http https).include?(parsed_uri.scheme)
   end
 
   def parsed_uri

app/controllers/concerns/user_tracking_concern.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module UserTrackingConcern
+  extend ActiveSupport::Concern
+
+  REGENERATE_FEED_DAYS = 14
+  UPDATE_SIGN_IN_HOURS = 24
+
+  included do
+    before_action :set_user_activity, if: %i(user_signed_in? user_needs_sign_in_update?)
+  end
+
+  private
+
+  def set_user_activity
+    # Mark as signed-in today
+    current_user.update_tracked_fields!(request)
+
+    # Regenerate feed if needed
+    RegenerationWorker.perform_async(current_user.account_id) if user_needs_feed_update?
+  end
+
+  def user_needs_sign_in_update?
+    current_user.current_sign_in_at.nil? || current_user.current_sign_in_at < UPDATE_SIGN_IN_HOURS.hours.ago
+  end
+
+  def user_needs_feed_update?
+    current_user.last_sign_in_at < REGENERATE_FEED_DAYS.days.ago
+  end
+end

app/controllers/well_known/host_meta_controller.rb

@@ -1,4 +1,4 @@
-  # frozen_string_literal: true
+# frozen_string_literal: true
 
 module WellKnown
   class HostMetaController < ApplicationController

app/helpers/admin/filter_helper.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 module Admin::FilterHelper
-  ACCOUNT_FILTERS = %i[local remote by_domain silenced suspended recent].freeze
-  REPORT_FILTERS = %i[resolved account_id target_account_id].freeze
+  ACCOUNT_FILTERS = %i(local remote by_domain silenced suspended recent).freeze
+  REPORT_FILTERS = %i(resolved account_id target_account_id).freeze
 
   FILTERS = ACCOUNT_FILTERS + REPORT_FILTERS
 

app/lib/sanitize_config.rb

@@ -12,6 +12,13 @@ module Config
         'span' => %w(class),
       },
 
+      add_attributes: {
+        'a' => {
+          'rel' => 'nofollow noopener',
+          'target' => '_blank',
+        },
+      },
+
       protocols: {
         'a' => { 'href' => HTTP_PROTOCOLS },
       }

app/models/account.rb

@@ -87,11 +87,11 @@ def follow!(other_account)
   end
 
   def block!(other_account)
-    block_relationships.where(target_account: other_account).first_or_create!(target_account: other_account)
+    block_relationships.where(target_account: other_account).first_or_create!(target_account: other_account, block: true)
   end
 
   def mute!(other_account)
-    mute_relationships.where(target_account: other_account).first_or_create!(target_account: other_account)
+    mute_relationships.where(target_account: other_account).first_or_create!(target_account: other_account, block: false)
   end
 
   def unfollow!(other_account)

app/services/account_search_service.rb

@@ -63,10 +63,12 @@ def exact_match
   end
 
   def search_results
-    @_search_results ||= if account
-      advanced_search_results
-    else
-      simple_search_results
+    @_search_results ||= begin
+      if account
+        advanced_search_results
+      else
+        simple_search_results
+      end
     end
   end
 

app/services/process_feed_service.rb

@@ -205,7 +205,7 @@ def media_from_xml(parent, xml)
         media = MediaAttachment.where(status: parent, remote_url: link['href']).first_or_initialize(account: parent.account, status: parent, remote_url: link['href'])
         parsed_url = Addressable::URI.parse(link['href']).normalize
 
-        next if !%w[http https].include?(parsed_url.scheme) || parsed_url.host.empty?
+        next if !%w(http https).include?(parsed_url.scheme) || parsed_url.host.empty?
 
         media.save
 

config/initializers/rack_attack.rb

@@ -1,6 +1,13 @@
 # frozen_string_literal: true
 
 class Rack::Attack
+  # Always allow requests from localhost
+  # (blocklist & throttles are skipped)
+  Rack::Attack.safelist('allow from localhost') do |req|
+    # Requests are allowed if the return value is truthy
+    '127.0.0.1' == req.ip || '::1' == req.ip
+  end
+
   # Rate limits for the API
   throttle('api', limit: 300, period: 5.minutes) do |req|
     req.ip if req.path =~ /\A\/api\/v/

db/migrate/20180428000000_create_block_mutes.rb

@@ -0,0 +1,19 @@
+class CreateBlockMutes < ActiveRecord::Migration[5.0]
+  def change
+    create_table "block_mutes", force: :casecade do |t|
+      t.integer  "account_id",        null: false
+      t.integer  "target_account_id", null: false
+      t.boolean  "block",             null: false
+      t.datetime "created_at",        null: false
+      t.datetime "updated_at",        null: false
+    end
+
+    add_column       :blocks, :block, :boolean, null: false
+    execute          "ALTER TABLE blocks ADD CONSTRAINT check_mutes_on_block CHECK(block = TRUE), INHERIT block_mutes"
+    Block.update_all block: true
+
+    add_column       :mutes, :block, :boolean, null: false
+    execute          "ALTER TABLE mutes ADD CONSTRAINT check_mutes_on_block CHECK(block = FALSE), INHERIT block_mutes"
+    Mute.update_all block: false
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170425202925) do
+ActiveRecord::Schema.define(version: 20180428000000) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -54,13 +54,23 @@
     t.index ["username", "domain"], name: "index_accounts_on_username_and_domain", unique: true, using: :btree
   end
 
+  create_table "block_mutes", force: :cascade, id: false do |t|
+    t.integer  "account_id",        null: false
+    t.integer  "target_account_id", null: false
+    t.boolean  "block",             null: false
+    t.datetime "created_at",        null: false
+    t.datetime "updated_at",        null: false
+  end
+
   create_table "blocks", force: :cascade do |t|
     t.integer  "account_id",        null: false
     t.integer  "target_account_id", null: false
+    t.boolean  "block",             null: false
     t.datetime "created_at",        null: false
     t.datetime "updated_at",        null: false
     t.index ["account_id", "target_account_id"], name: "index_blocks_on_account_id_and_target_account_id", unique: true, using: :btree
   end
+  execute   "ALTER TABLE blocks ADD CONSTRAINT check_blocks_on_block CHECK(block = TRUE), INHERIT block_mutes"
 
   create_table "domain_blocks", force: :cascade do |t|
     t.string   "domain",       default: "", null: false
@@ -137,10 +147,12 @@
   create_table "mutes", force: :cascade do |t|
     t.integer  "account_id",        null: false
     t.integer  "target_account_id", null: false
+    t.boolean  "block",             null: false
     t.datetime "created_at",        null: false
     t.datetime "updated_at",        null: false
     t.index ["account_id", "target_account_id"], name: "index_mutes_on_account_id_and_target_account_id", unique: true, using: :btree
   end
+  execute   "ALTER TABLE mutes ADD CONSTRAINT check_mutes_on_block CHECK(block = FALSE), INHERIT block_mutes"
 
   create_table "notifications", force: :cascade do |t|
     t.integer  "account_id"

lib/mastodon/version.rb

@@ -13,7 +13,7 @@ def minor
     end
 
     def patch
-      1
+      2
     end
 
     def pre

lib/tasks/mastodon.rake

@@ -61,7 +61,6 @@ namespace :mastodon do
     desc 'Set unknown attachment type for remote-only attachments'
     task set_unknown: :environment do
       Rails.logger.debug 'Setting unknown attachment type for remote-only attachments...'
-      # rubocop:disable Rails/SkipsModelValidations
       MediaAttachment.where(file_file_name: nil).where.not(type: :unknown).in_batches.update_all(type: :unknown)
       Rails.logger.debug 'Done!'
     end

spec/controllers/admin/confirmations_controller_spec.rb

@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+RSpec.describe Admin::ConfirmationsController, type: :controller do
+  render_views
+
+  before do
+    sign_in Fabricate(:user, admin: true), scope: :user
+  end
+
+  describe 'POST #create' do
+    it 'confirms the user' do
+      account = Fabricate(:account)
+      user = Fabricate(:user, confirmed_at: false, account: account)
+      post :create, params: { account_id: account.id }
+
+      expect(response).to redirect_to(admin_accounts_path)
+      expect(user.reload).to be_confirmed
+    end
+
+    it 'raises an error when there is no account' do
+      post :create, params: { account_id: 'fake' }
+
+      expect(response).to have_http_status(:missing)
+    end
+
+    it 'raises an error when there is no user' do
+      account = Fabricate(:account, user: nil)
+      post :create, params: { account_id: account.id }
+
+      expect(response).to have_http_status(:missing)
+    end
+  end
+end