Merge branch 'main' into glitch-soc/merge-upstream

Conflicts: - `app/models/status.rb`: Upstream updated media and edit-related code textually close to glitch-soc additions (local-only and content-type). Ported upstream changes. - `app/models/status_edit.rb`: Upstream changes textually close to glitch-soc additions (content-type). Ported upstream changes. - `app/serializers/activitypub/note_serializer.rb`: Upstream changed how media attachments are handled. Not really a conflict, but textually close to glitch-soc additions (directMessage attribute). Ported upstream changes. - `app/services/remove_status_service.rb`: Upstream changed how media attachments are handled. Not really a conflict, but textually close to glitch-soc additions (DM timeline). Ported upstream changes. - `app/services/update_status_service.rb`: Upstream fixed an issue with language selection. Not really a conflict, but textually close to glitch-soc additions (content-type). Ported upstream changes. - `db/schema.rb`: Upstream added columns to the `status_edits` table, the conflict is because of an additional column (`content-type`) in glitch-soc. Ported upstream changes. - `package.json`: Upstream dependency (express) textually adjacent to a glitch-soc-specific one (favico.js) got updated. Updated it as well.
2022-03-10 09:52:45 +01:00
parent 02133866e6 d7fab238a8
commit 24e83246f9
168 changed files with 1826 additions and 728 deletions
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@ -8,7 +8,8 @@ Devise.setup do |config|

  # CAS strategy
  if ENV['CAS_ENABLED'] == 'true'
-    cas_options = options
+    cas_options = {}
+    cas_options[:display_name] = ENV['CAS_DISPLAY_NAME'] || 'cas'
    cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']
    cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST']
    cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT']
@ -36,7 +37,8 @@ Devise.setup do |config|

  # SAML strategy
  if ENV['SAML_ENABLED'] == 'true'
-    saml_options = options
+    saml_options = {}
+    saml_options[:display_name] = ENV['SAML_DISPLAY_NAME'] || 'saml'
    saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']
    saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER']
    saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL'] if ENV['SAML_IDP_SSO_TARGET_URL']
@ -64,4 +66,39 @@ Devise.setup do |config|
    saml_options[:allowed_clock_drift] = ENV['SAML_ALLOWED_CLOCK_DRIFT'] if ENV['SAML_ALLOWED_CLOCK_DRIFT']
    config.omniauth :saml, saml_options
  end
+
+  # OpenID Connect Strategy
+  if ENV['OIDC_ENABLED'] == 'true'
+    oidc_options = {}
+    oidc_options[:display_name] = ENV['OIDC_DISPLAY_NAME'] || 'openid_connect' #OPTIONAL
+    oidc_options[:issuer] = ENV['OIDC_ISSUER'] if ENV['OIDC_ISSUER'] #NEED
+    oidc_options[:discovery] = ENV['OIDC_DISCOVERY'] == 'true' if ENV['OIDC_DISCOVERY'] #OPTIONAL (default: false)
+    oidc_options[:client_auth_method] =  ENV['OIDC_CLIENT_AUTH_METHOD'] if ENV['OIDC_CLIENT_AUTH_METHOD'] #OPTIONAL (default: basic)
+    scope_string = ENV['OIDC_SCOPE'] if ENV['OIDC_SCOPE'] #NEED
+    scopes = scope_string.split(',')
+    oidc_options[:scope] = scopes.map { |x| x.to_sym }
+    oidc_options[:response_type] = ENV['OIDC_RESPONSE_TYPE'] if ENV['OIDC_RESPONSE_TYPE'] #OPTIONAL (default: code)
+    oidc_options[:response_mode] = ENV['OIDC_RESPONSE_MODE'] if ENV['OIDC_RESPONSE_MODE'] #OPTIONAL (default: query)
+    oidc_options[:display] = ENV['OIDC_DISPLAY'] if ENV['OIDC_DISPLAY'] #OPTIONAL (default: page)
+    oidc_options[:prompt] = ENV['OIDC_PROMPT'] if ENV['OIDC_PROMPT'] #OPTIONAL
+    oidc_options[:send_nonce] = ENV['OIDC_SEND_NONCE'] == 'true' if ENV['OIDC_SEND_NONCE'] #OPTIONAL (default: true)
+    oidc_options[:send_scope_to_token_endpoint] = ENV['OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT'] == 'true' if ENV['OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT'] #OPTIONAL (default: true)
+    oidc_options[:post_logout_redirect_uri] = ENV['OIDC_IDP_LOGOUT_REDIRECT_URI'] if ENV['OIDC_IDP_LOGOUT_REDIRECT_URI'] #OPTIONAL
+    oidc_options[:uid_field] = ENV['OIDC_UID_FIELD'] if ENV['OIDC_UID_FIELD'] #NEED
+    oidc_options[:client_options] = {}
+    oidc_options[:client_options][:identifier] = ENV['OIDC_CLIENT_ID'] if ENV['OIDC_CLIENT_ID'] #NEED
+    oidc_options[:client_options][:secret] = ENV['OIDC_CLIENT_SECRET'] if ENV['OIDC_CLIENT_SECRET'] #NEED
+    oidc_options[:client_options][:redirect_uri] = ENV['OIDC_REDIRECT_URI'] if ENV['OIDC_REDIRECT_URI'] #NEED
+    oidc_options[:client_options][:scheme] = ENV['OIDC_HTTP_SCHEME'] if ENV['OIDC_HTTP_SCHEME'] #OPTIONAL (default: https)
+    oidc_options[:client_options][:host] = ENV['OIDC_HOST'] if ENV['OIDC_HOST'] #OPTIONAL
+    oidc_options[:client_options][:port] = ENV['OIDC_PORT'] if ENV['OIDC_PORT'] #OPTIONAL
+    oidc_options[:client_options][:authorization_endpoint] = ENV['OIDC_AUTH_ENDPOINT'] if ENV['OIDC_AUTH_ENDPOINT'] #NEED when discovery != true
+    oidc_options[:client_options][:token_endpoint] = ENV['OIDC_TOKEN_ENDPOINT'] if ENV['OIDC_TOKEN_ENDPOINT'] #NEED when discovery != true
+    oidc_options[:client_options][:userinfo_endpoint] = ENV['OIDC_USER_INFO_ENDPOINT'] if ENV['OIDC_USER_INFO_ENDPOINT'] #NEED when discovery != true
+    oidc_options[:client_options][:jwks_uri] = ENV['OIDC_JWKS_URI'] if ENV['OIDC_JWKS_URI'] #NEED when discovery != true
+    oidc_options[:client_options][:end_session_endpoint] = ENV['OIDC_END_SESSION_ENDPOINT'] if ENV['OIDC_END_SESSION_ENDPOINT'] #OPTIONAL
+    oidc_options[:security] = {}
+    oidc_options[:security][:assume_email_is_verified] = ENV['OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true' #OPTIONAL
+    config.omniauth :openid_connect, oidc_options
+  end
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -450,21 +450,6 @@ en:
      reject_media_hint: Removes locally stored media files and refuses to download any in the future. Irrelevant for suspensions
      reject_reports: Reject reports
      reject_reports_hint: Ignore all reports coming from this domain. Irrelevant for suspensions
-      rejecting_media: rejecting media files
-      rejecting_reports: rejecting reports
-      severity:
-        silence: limited
-        suspend: suspended
-      show:
-        affected_accounts:
-          one: One account in the database affected
-          other: "%{count} accounts in the database affected"
-          zero: No account in the database is affected
-        retroactive:
-          silence: Undo limit of existing affected accounts from this domain
-          suspend: Unsuspend existing affected accounts from this domain
-        title: Undo domain block for %{domain}
-        undo: Undo
      undo: Undo domain block
      view: View domain block
    email_domain_blocks:
@ -495,23 +480,47 @@ en:
      title: Follow recommendations
      unsuppress: Restore follow recommendation
    instances:
+      availability:
+        description_html:
+          one: If delivering to the domain fails <strong>%{count} day</strong> without succeeding, no further delivery attempts will be made unless a delivery <em>from</em> the domain is received.
+          other: If delivering to the domain fails on <strong>%{count} different days</strong> without succeeding, no further delivery attempts will be made unless a delivery <em>from</em> the domain is received.
+        failure_threshold_reached: Failure threshold reached on %{date}.
+        failures_recorded:
+          one: Failed attempt on %{count} day.
+          other: Failed attempts on %{count} different days.
+        no_failures_recorded: No failures on record.
+        title: Availability
      back_to_all: All
      back_to_limited: Limited
      back_to_warning: Warning
      by_domain: Domain
      confirm_purge: Are you sure you want to permanently delete data from this domain?
+      content_policies:
+        comment: Internal note
+        description_html: You can define content policies that will be applied to all accounts from this domain and any of its subdomains.
+        policies:
+          reject_media: Reject media
+          reject_reports: Reject reports
+          silence: Limit
+          suspend: Suspend
+        policy: Policy
+        reason: Public reason
+        title: Content policies
+      dashboard:
+        instance_accounts_dimension: Most followed accounts
+        instance_accounts_measure: stored accounts
+        instance_followers_measure: our followers there
+        instance_follows_measure: their followers here
+        instance_languages_dimension: Top languages
+        instance_media_attachments_measure: stored media attachments
+        instance_reports_measure: reports about them
+        instance_statuses_measure: stored posts
      delivery:
        all: All
        clear: Clear delivery errors
        restart: Restart delivery
        stop: Stop delivery
-        title: Delivery
        unavailable: Unavailable
-        unavailable_message: Delivery unavailable
-        warning: Warning
-        warning_message:
-          one: Delivery failure %{count} day
-          other: Delivery failure %{count} days
      delivery_available: Delivery is available
      delivery_error_days: Delivery error days
      delivery_error_hint: If delivery is not possible for %{count} days, it will be automatically marked as undeliverable.
@ -528,12 +537,14 @@ en:
      private_comment: Private comment
      public_comment: Public comment
      purge: Purge
+      purge_description_html: If you believe this domain is offline for good, you can delete all account records and associated data from this domain from your storage. This may take a while.
      title: Federation
      total_blocked_by_us: Blocked by us
      total_followed_by_them: Followed by them
      total_followed_by_us: Followed by us
      total_reported: Reports about them
      total_storage: Media attachments
+      totals_time_period_hint_html: The totals displayed below include data for all time.
    invites:
      deactivate_all: Deactivate all
      filter:
@ -1640,7 +1651,6 @@ en:
        sensitive: From now on, all your uploaded media files will be marked as sensitive and hidden behind a click-through warning.
        silence: You can still use your account but only people who are already following you will see your posts on this server, and you may be excluded from various discovery features. However, others may still manually follow you.
        suspend: You can no longer use your account, and your profile and other data are no longer accessible. You can still login to request a backup of your data until the data is fully removed in about 30 days, but we will retain some basic data to prevent you from evading the suspension.
-      get_in_touch: If you believe this is an error, you can reply to this e-mail to get in touch with the staff of %{instance}.
      reason: 'Reason:'
      statuses: 'Posts cited:'
      subject:
--- a/config/routes.rb
+++ b/config/routes.rb
@ -194,7 +194,7 @@ Rails.application.routes.draw do
    get '/dashboard', to: 'dashboard#index'

    resources :domain_allows, only: [:new, :create, :show, :destroy]
-    resources :domain_blocks, only: [:new, :create, :show, :destroy, :update, :edit]
+    resources :domain_blocks, only: [:new, :create, :destroy, :update, :edit]

    resources :email_domain_blocks, only: [:index, :new, :create] do
      collection do