Merge branch 'beta' into production

* beta:
  Update POT files using the production database
  Update translations from Transifex
  Fix Data::Recording test flakiness
  Remove parallel processing on prove
  Increase default avatar size & remove bg/border
  Add a default editor avatar for display
  Fix regression in medium track count comparison (#2396)
  Update POT files using the production database
  Update translations from Transifex
  MBS-12155: Filter out downvoted tags from JSON WS user-tags/genres (#2385)
  MBS-12161: Expand, not replace, FormHandler Text's validate (#2384)
  Don't follow type tables for incremental sitemaps (#2393)
  MBS-12132: Allow Apple Music music-video links for releases (#2375)
  MBS-12127: Allow batch-changing all blank artist credits (#2364)
  MBS-11986: Block spammer profiles from being seen
  MBS-11986: Block accounts with spammer flag from logging in
  MBS-12128: Split negative and positive user "privileges"
  MBS-11986: New account flag: Spammer
  Delete CODE_OF_CONDUCT.md and use org default (#2390)
  Respond with Bad Request for "invalid session ID" (#2369)
  MBS-12137: Remove Gravatar (#2366)
  Disable broken Amazon cover art lookup
  Bump Flow to 0.169.0
  Fix uninitialized value in string eq warning
  Fix use of uninitialized value in SetCoverArt
  Filter empty string IDs in Data::Edit::load_all
  Fix uninitialized value warning sending email
  Fix undef var warning on user tags page
  Fix warning submitting unlinked artist credits
  Fix track_count warning for medium edits
  Bump cookie to v0.4.1
  Bump shell-quote to v1.7.3
  Bump ShellJS to v0.8.5
  MBS-12121: Actually show parent changes in EditRelationshipType (#2360)
  Remove unneeded Number() cast
  MBS-12164: Use formatCount also on tag cloud numbers
  MBS-12167: Use returnToCurrentPage in UserSubscriptions action (#2383)
  MBS-12159: Add support for Amazon.pl (#2380)
  MBS-12142: Use formatCount also on search result numbers
  Update package.json github URLs to use https
  Revert private to false
  Change private to false
  Bump Flow to 0.168.0
  MBS-12133: Allow % in jazzmusicarchives URLs (#2370)
  MBS-11995: Test error messages in external links editor (#2290)
  MBS-7727: Restrict Soundcloud to only "get the music" rels (#2321)
  Use a valid SPX License expression More information available at https://spdx.org/licenses/
  MBS-10715: Block amzn.to redirect link
  MBS-10716: Block apple.co redirect links
  Use texp where possible
  Use commaOnlyListText where possible
  Use bracketedText where possible
  Use addColonText where possible
  MBS-12049: Convert the edit index page to React
  Convert Edit::Open test to use real data
  Convert Edit::Show test to use real data
  Remove no longer needed tt functions for edit display
  Remove unused import

.circleci/config.yml

@@ -75,7 +75,6 @@ jobs:
               --source pgTAP \
               --source Perl \
               -I lib \
-              -j 9 \
               t/critic.t \
               t/pgtap/* \
               t/pgtap/unused-tags/* \

lib/MusicBrainz/Server.pm

@@ -66,7 +66,6 @@ __PACKAGE__->config(
             'format_wikitext' => \&MusicBrainz::Server::Filters::format_wikitext,
             'format_editnote' => \&MusicBrainz::Server::Filters::format_editnote,
             'locale' => \&MusicBrainz::Server::Filters::locale,
-            'gravatar' => \&MusicBrainz::Server::Filters::gravatar,
             'coverart_https' => \&MusicBrainz::Server::Filters::coverart_https
         },
         RECURSION => 1,
@@ -362,9 +361,11 @@ around dispatch => sub {
     my $unset_beta = (defined $c->req->query_params->{unset_beta} &&
                       $c->req->query_params->{unset_beta} eq '1' &&
                       !DBDefs->IS_BETA);
-    my $beta_redirect = (defined $c->req->cookies->{beta} &&
-                      $c->req->cookies->{beta}->value eq 'on' &&
-                      !DBDefs->IS_BETA);
+    my $beta_cookie = $c->req->cookies->{beta};
+    my $beta_redirect = (defined $beta_cookie &&
+                         defined $beta_cookie->value &&
+                         $beta_cookie->value eq 'on' &&
+                         !DBDefs->IS_BETA);
     if ( $unset_beta ) {
         $c->res->cookies->{beta} = {
             'value' => '',
@@ -678,7 +679,6 @@ sub set_csp_headers {
         q('self'),
         'data:',
         'staticbrainz.org',
-        'gravatar.com',
     );
 
     my @csp_frame_src = ('frame-src', q('self'));

lib/MusicBrainz/Server/Constants.pm

@@ -346,6 +346,7 @@ Readonly our $LOCATION_EDITOR_FLAG          => 256;
 Readonly our $BANNER_EDITOR_FLAG            => 512;
 Readonly our $EDITING_DISABLED_FLAG         => 1024;
 Readonly our $ADDING_NOTES_DISABLED_FLAG    => 2048;
+Readonly our $SPAMMER_FLAG                  => 4096;
 # If you update this, also update root/utility/sanitizedEditor.js
 Readonly our $PUBLIC_PRIVILEGE_FLAGS        => $AUTO_EDITOR_FLAG &
                                                $BOT_FLAG &

lib/MusicBrainz/Server/Controller/Admin.pm

@@ -37,6 +37,7 @@ sub edit_user : Path('/admin/user/edit') Args(1) RequireAuth HiddenOnSlaves Secu
             account_admin           => $user->is_account_admin,
             editing_disabled        => $user->is_editing_disabled,
             adding_notes_disabled   => $user->is_adding_notes_disabled,
+            spammer                 => $user->is_spammer,
             # user profile
             username                => $user->name,
             email                   => $user->email,

lib/MusicBrainz/Server/Controller/Edit.pm

@@ -64,7 +64,11 @@ sub show : Chained('load') PathPart('')
     load_everything_for_edits($c, [ $edit ]);
     $c->form(add_edit_note => 'EditNote');
 
-    $c->stash->{template} = 'edit/index.tt';
+    $c->stash(
+        current_view => 'Node',
+        component_path => 'edit/EditIndex',
+        component_props => {edit => $edit->TO_JSON},
+    );
 }
 
 sub data : Chained('load') RequireAuth

lib/MusicBrainz/Server/Controller/Root.pm

@@ -1,15 +1,18 @@
 package MusicBrainz::Server::Controller::Root;
+use Carp qw( croak );
 use Digest::MD5 qw( md5_hex );
 use Moose;
 use Try::Tiny;
 use List::AllUtils qw( max );
 use Readonly;
+use Scalar::Util qw( blessed );
 use URI::QueryParam;
 
 BEGIN { extends 'Catalyst::Controller' }
 
 # Import MusicBrainz libraries
 use DBDefs;
+use MusicBrainz::Errors qw( capture_exceptions );
 use MusicBrainz::Server::Constants qw( $VARTIST_GID $CONTACT_URL );
 use MusicBrainz::Server::ControllerUtils::SSL qw( ensure_ssl );
 use MusicBrainz::Server::Data::Utils qw( boolean_to_json type_to_model );
@@ -249,7 +252,28 @@ sub begin : Private
     $c->stats->enable(1) if DBDefs->DEVELOPMENT_SERVER;
 
     # Can we automatically login?
-    if (!$c->user) {
+    my $needs_login;
+    capture_exceptions(
+        # This may throw if someone sets an invalid musicbrainz_server_session
+        # cookie.  In that case we'd prefer to respond with Bad Request rather
+        # than Internal Server Error.  The exception is sent to Sentry in any
+        # case.
+        sub { $needs_login = !$c->user },
+        sub {
+            my $error = $_;
+            if (
+                blessed($error) &&
+                $error->isa('Catalyst::Exception') &&
+                $error->message =~ /^Tried to set invalid session ID/
+            ) {
+                $c->stash->{message} = $error->message;
+                $c->detach('/error_400');
+            } else {
+                croak $error;
+            }
+        },
+    );
+    if ($needs_login) {
         $c->forward('/user/cookie_login');
     }
 

lib/MusicBrainz/Server/Controller/Tag.pm

@@ -48,10 +48,10 @@ sub cloud : Path('/tags')
         component_path => 'tag/TagCloud',
         component_props => {
             %{$c->stash->{component_props}},
-            tagMaxCount => $hits ? $cloud->[0]->{count} : 0,
+            tagMaxCount => $hits ? $cloud->[0]->{count} + 0 : 0,
             tags => $hits ? [
                 map +{
-                    count => $_->{count},
+                    count => $_->{count} + 0,
                     tag => to_json_object($_->{tag}),
                 },
                 sort { $a->{tag}->name cmp $b->{tag}->name }

lib/MusicBrainz/Server/Controller/User.pm

@@ -75,8 +75,12 @@ sub _perform_login {
         # Bad username / password combo
         $c->stash( bad_login => 1 );
         return 0;
-    }
-    else {
+    } elsif ( $c->user->is_spammer ) {
+        # Automatically log out spammers and notify of why
+        $c->stash( spammy_login => 1 );
+        $c->logout;
+        return 0;
+    } else {
         if ($c->user->requires_password_reset) {
             $c->response->redirect($c->uri_for_action('/account/change_password', {
                 username => $c->user->name,
@@ -107,7 +111,7 @@ sub serialize_user {
     return {
         deleted => boolean_to_json($user->deleted),
         entityType => 'editor',
-        gravatar => $user->gravatar,
+        avatar => $user->avatar,
         id => 0 + $user->id,
         is_limited => boolean_to_json($user->is_limited),
         name => $user->name,
@@ -171,6 +175,7 @@ sub do_login : Private
             loginForm => $form->TO_JSON,
             isLoginBad => boolean_to_json($c->stash->{bad_login}),
             isLoginRequired => boolean_to_json($c->stash->{required_login} // 1),
+            isSpammer => boolean_to_json($c->stash->{spammy_login}),
             postParameters => ((defined $post_params && scalar(%$post_params)) ? $post_params : undef),
         },
     );

lib/MusicBrainz/Server/CoverArt/Provider/WebService/Amazon.pm

@@ -1,16 +1,11 @@
 package MusicBrainz::Server::CoverArt::Provider::WebService::Amazon;
 use Moose;
 
-use Time::HiRes qw(sleep gettimeofday tv_interval );
 use Net::Amazon::AWSSign;
-use LWP::UserAgent;
 use XML::XPath;
-use MusicBrainz::Server::Log qw( log_info );
 
 use aliased 'MusicBrainz::Server::CoverArt::Amazon' => 'CoverArt';
 
-use MusicBrainz::Server::Log qw( log_error );
-
 extends 'MusicBrainz::Server::CoverArt::Provider';
 
 has '+link_type_name' => (
@@ -44,8 +39,6 @@ has '_store_map' => (
     }
 );
 
-my $last_request_time;
-
 sub _build__aws_signature
 {
     my $public  = DBDefs->AWS_PUBLIC();
@@ -71,28 +64,9 @@ sub parse_asin {
 sub lookup_cover_art
 {
     my ($self, $uri) = @_;
-    my ($store, $asin) = parse_asin($uri);
-    return unless $asin;
 
-    my $end_point = $self->get_store_api($store);
-
-    unless ($end_point) {
-        log_info { "$store does not have a known ECS end point" };
-        return;
-    }
-
-    my $url = "http://$end_point/onca/xml?" .
-                  'Service=AWSECommerceService&' .
-                  'Operation=ItemLookup&' .
-                  "ItemId=$asin&" .
-                  'Version=2011-08-01&' .
-                  'ResponseGroup=Images';
-
-    my $cover_art = $self->_lookup_coverart($url) or return;
-    $cover_art->asin($asin);
-    $cover_art->information_uri($uri);
-
-    return $cover_art;
+    # Amazon cover art support is pending removal
+    return;
 }
 
 sub fallback_meta {
@@ -102,42 +76,6 @@ sub fallback_meta {
     return { amazon_asin => $asin };
 }
 
-sub _lookup_coverart {
-    my ($self, $url) = @_;
-
-    $url .= '&AssociateTag=' . DBDefs->AMAZON_ASSOCIATE_TAG;
-    $url = $self->_aws_signature->addRESTSecret($url);
-
-    # Respect Amazon SLA
-    if ($last_request_time) {
-        my $i = 2 - tv_interval($last_request_time);
-        sleep($i) if $i > 0;
-    }
-    $last_request_time = [ gettimeofday ];
-
-    my $lwp = LWP::UserAgent->new;
-    $lwp->env_proxy;
-    $lwp->timeout(10);
-    $lwp->agent(DBDefs->LWP_USER_AGENT);
-    my $response = $lwp->get($url) or return;
-    if (!$response->is_success) {
-        log_error { "Failed to lookup cover art: $_" } $response->decoded_content;
-        return;
-    }
-    my $xp = XML::XPath->new( xml => $response->decoded_content );
-
-    my $image_url = $xp->find(
-        '/ItemLookupResponse/Items/Item/ImageSets/ImageSet[@Category="primary"]/LargeImage/URL'
-    )->string_value;
-
-    return unless $image_url;
-
-    return CoverArt->new(
-        provider        => $self,
-        image_uri       => $image_url,
-    );
-}
-
 no Moose;
 __PACKAGE__->meta->make_immutable;
 

lib/MusicBrainz/Server/Data/Edit.pm

@@ -13,7 +13,7 @@ use Encode qw( decode );
 use Try::Tiny;
 use List::AllUtils qw( any uniq zip );
 use MusicBrainz::Server::Data::Editor;
-use MusicBrainz::Server::Data::Utils qw( type_to_model );
+use MusicBrainz::Server::Data::Utils qw( non_empty type_to_model );
 use MusicBrainz::Server::EditRegistry;
 use MusicBrainz::Server::Edit::Exceptions;
 use MusicBrainz::Server::Constants qw(
@@ -625,7 +625,7 @@ sub load_all
         while (my ($model, $ids) = each %$edit_references) {
             $objects_to_load->{$model} ||= [];
             if (ref($ids) eq 'ARRAY') {
-                $ids = [ uniq grep { defined } @$ids ];
+                $ids = [ uniq grep { non_empty($_) } @$ids ];
             }
             $ids = Data::OptList::mkopt_hash($ids);
             while (my ($object_id, $extra_models) = each %$ids) {

lib/MusicBrainz/Server/Data/Editor.pm

@@ -150,6 +150,7 @@ sub get_tags
     }
 
     my @tags;
+    $order //= '';
     if ($order eq 'count') {
         @tags = sort { $b->{count} <=> $a->{count} } values %$tags;
     } elsif ($order eq 'countdesc') {
@@ -355,6 +356,10 @@ sub update_profile
 sub update_privileges {
     my ($self, $editor, $values) = @_;
 
+    # Setting Spammer should also block editing and notes
+    $values->{editing_disabled} ||= $values->{spammer};
+    $values->{adding_notes_disabled} ||= $values->{spammer};
+
     my $privs =   ($values->{auto_editor}           // 0) * $AUTO_EDITOR_FLAG
                 + ($values->{bot}                   // 0) * $BOT_FLAG
                 + ($values->{untrusted}             // 0) * $UNTRUSTED_FLAG
@@ -366,7 +371,8 @@ sub update_privileges {
                 + ($values->{mbid_submitter}        // 0) * $MBID_SUBMITTER_FLAG
                 + ($values->{account_admin}         // 0) * $ACCOUNT_ADMIN_FLAG
                 + ($values->{editing_disabled}      // 0) * $EDITING_DISABLED_FLAG
-                + ($values->{adding_notes_disabled} // 0) * $ADDING_NOTES_DISABLED_FLAG;
+                + ($values->{adding_notes_disabled} // 0) * $ADDING_NOTES_DISABLED_FLAG
+                + ($values->{spammer}               // 0) * $SPAMMER_FLAG;
 
     Sql::run_in_transaction(sub {
         $self->sql->do('UPDATE editor SET privs = ? WHERE id = ?', $privs, $editor->id);
@@ -467,20 +473,12 @@ sub load_for_collection {
     return unless $id; # nothing to do
 
     $self->load($collection);
-    my $query = 'SELECT ' . $self->_columns . ', ep.value AS show_gravatar
+    my $query = 'SELECT ' . $self->_columns . '
                  FROM ' . $self->_table . "
                  JOIN editor_collection_collaborator ecc ON editor.id = ecc.editor
-                 LEFT JOIN editor_preference ep ON ep.editor = editor.id AND ep.name = 'show_gravatar'
                  WHERE ecc.collection = $id
                  ORDER BY editor.name, editor.id";
-    my @collaborators = $self->query_to_list($query, undef, sub {
-        my ($model, $row) = @_;
-
-        my $collaborator = $model->_new_from_row($row);
-        $collaborator->preferences->show_gravatar($row->{show_gravatar})
-            if defined $row->{show_gravatar};
-        $collaborator;
-    });
+    my @collaborators = $self->query_to_list($query);
 
     $collection->collaborators(\@collaborators);
 }

lib/MusicBrainz/Server/Data/URL.pm

@@ -21,7 +21,7 @@ my %URL_SPECIALIZATIONS = (
     '45cat'               => qr{^https?://(?:www\.)?45cat\.com/}i,
     '45worlds'            => qr{^https?://(?:www\.)?45worlds\.com/}i,
     'Allmusic'            => qr{^https?://(?:www\.)?allmusic\.com/}i,
-    'AmazonMusic'         => qr{^https:\/\/music\.amazon\.(?:ae|at|com\.au|com\.br|ca|cn|com|de|es|fr|in|it|jp|co\.jp|com\.mx|nl|se|sg|com\.tr|co\.uk)/}i,
+    'AmazonMusic'         => qr{^https:\/\/music\.amazon\.(?:ae|at|com\.au|com\.br|ca|cn|com|de|es|fr|in|it|jp|co\.jp|com\.mx|nl|pl|se|sg|com\.tr|co\.uk)/}i,
     'Animationsong'       => qr{^https?://(?:www\.)?animationsong\.com/}i,
     'AnimeNewsNetwork'    => qr{^https?://(?:www\.)?animenewsnetwork\.com/}i,
     'AnisonGeneration'    => qr{^https?://anison\.info/}i,

lib/MusicBrainz/Server/Edit/ReleaseGroup/SetCoverArt.pm

@@ -92,12 +92,25 @@ sub accept {
 
 sub foreign_keys {
     my ($self) = @_;
+
+    my $data = $self->data;
+    my $old_release_id = $data->{old}{release_id};
+    my $new_release_id = $data->{new}{release_id};
+
+    my $release_fks = {};
+    if (defined $old_release_id) {
+        $release_fks->{$old_release_id} = ['ArtistCredit'];
+    }
+
+    # It doesn't appear that the new release ID can ever be undef, but let's
+    # check it in case we ever allow unsetting the selected artwork.
+    if (defined $new_release_id) {
+        $release_fks->{$new_release_id} = ['ArtistCredit'];
+    }
+
     return {
-        ReleaseGroup => { $self->data->{entity}{id} => [ 'ArtistCredit' ] },
-        Release => {
-            $self->data->{old}{release_id} => [ 'ArtistCredit' ],
-            $self->data->{new}{release_id} => [ 'ArtistCredit' ],
-        }
+        ReleaseGroup => { $data->{entity}{id} => [ 'ArtistCredit' ] },
+        Release => $release_fks,
     };
 }
 

lib/MusicBrainz/Server/Email.pm

@@ -703,7 +703,7 @@ sub _send_email
         ]
     };
 
-    $email->header_set('BCC', undef);
+    $email->header_set('BCC'); # removes the header
 
     if ($email->header('Sender')) {
         my @sender = Email::Address->parse($email->header('Sender'));