Merge branch 'master' into glitch-soc/merge-upstream

Conflicts: - `package.json`: No real conflict, upstream updated a dependency which is textually adjacent to a glitch-soc-specific dependency. Updated it. - `yarn.lock`: No real conflict, upstream updated a dependency which is textually adjacent to a glitch-soc-specific dependency. Updated it.
2020-04-15 17:07:49 +02:00
parent 615073df33 5524258da9
commit 66ad30db48
10 changed files with 221 additions and 154 deletions
--- a/app/models/account_alias.rb
+++ b/app/models/account_alias.rb
@@ -18,6 +18,7 @@ class AccountAlias < ApplicationRecord
  validates :acct, presence: true, domain: { acct: true }
  validates :uri, presence: true
  validates :uri, uniqueness: { scope: :account_id }
+  validate :validate_target_account

  before_validation :set_uri
  after_create :add_to_account
@@ -44,4 +45,12 @@ class AccountAlias < ApplicationRecord
  def remove_from_account
    account.update(also_known_as: account.also_known_as.reject { |x| x == uri })
  end
+
+  def validate_target_account
+    if uri.nil?
+      errors.add(:acct, I18n.t('migrations.errors.not_found'))
+    elsif ActivityPub::TagManager.instance.uri_for(account) == uri
+      errors.add(:acct, I18n.t('migrations.errors.move_to_self'))
+    end
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -98,6 +98,7 @@ class User < ApplicationRecord

  before_validation :sanitize_languages
  before_create :set_approved
+  after_commit :send_pending_devise_notifications

  # This avoids a deprecation warning from Rails 5.1
  # It seems possible that a future release of devise-two-factor will
@@ -307,11 +308,38 @@ class User < ApplicationRecord
  protected

  def send_devise_notification(notification, *args)
-    devise_mailer.send(notification, self, *args).deliver_later
+    # This method can be called in `after_update` and `after_commit` hooks,
+    # but we must make sure the mailer is actually called *after* commit,
+    # otherwise it may work on stale data. To do this, figure out if we are
+    # within a transaction.
+    if ActiveRecord::Base.connection.current_transaction.try(:records)&.include?(self)
+      pending_devise_notifications << [notification, args]
+    else
+      render_and_send_devise_message(notification, *args)
+    end
  end

  private

+  def send_pending_devise_notifications
+    pending_devise_notifications.each do |notification, args|
+      render_and_send_devise_message(notification, *args)
+    end
+
+    # Empty the pending notifications array because the
+    # after_commit hook can be called multiple times which
+    # could cause multiple emails to be sent.
+    pending_devise_notifications.clear
+  end
+
+  def pending_devise_notifications
+    @pending_devise_notifications ||= []
+  end
+
+  def render_and_send_devise_message(notification, *args)
+    devise_mailer.send(notification, self, *args).deliver_later
+  end
+
  def set_approved
    self.approved = open_registrations? || valid_invitation? || external?
  end
--- a/app/views/settings/aliases/index.html.haml
+++ b/app/views/settings/aliases/index.html.haml
@@ -23,7 +23,11 @@
        %th= t('simple_form.labels.account_alias.acct')
        %th
    %tbody
-      - @aliases.each do |account_alias|
+      - if @aliases.empty?
        %tr
-          %td= account_alias.acct
-          %td= table_link_to 'trash', t('aliases.remove'), settings_alias_path(account_alias), data: { method: :delete }
+          %td.muted-hint{ colspan: 2 }= t('aliases.empty')
+      - else
+        - @aliases.each do |account_alias|
+          %tr
+            %td= account_alias.acct
+            %td= table_link_to 'trash', t('aliases.remove'), settings_alias_path(account_alias), data: { method: :delete }
--- a/app/views/user_mailer/email_changed.html.haml
+++ b/app/views/user_mailer/email_changed.html.haml
@@ -38,7 +38,7 @@
                          %table.input{ align: 'center', cellspacing: 0, cellpadding: 0 }
                            %tbody
                              %tr
-                                %td= @resource.try(:unconfirmed_email) ? @resource.unconfirmed_email : @resource.email
+                                %td= @resource.unconfirmed_email

 %table.email-table{ cellspacing: 0, cellpadding: 0 }
  %tbody
--- a/app/views/user_mailer/email_changed.text.erb
+++ b/app/views/user_mailer/email_changed.text.erb
@@ -4,6 +4,6 @@

 <%= t 'devise.mailer.email_changed.explanation' %>

-<%= @resource.try(:unconfirmed_email) ? @resource.unconfirmed_email : @resource.email %>
+<%= @resource.unconfirmed_email %>

 <%= t 'devise.mailer.email_changed.extra' %>