Merge remote-tracking branch 'parent/main' into upstream-20240503

2024-05-03 11:17:22 +09:00 · 2024-05-03 11:17:22 +09:00 · 80789a603a
commit 80789a603a
parent 06917cbe83 4b2054ee57
193 changed files with 1871 additions and 1061 deletions
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -75,6 +75,9 @@ class Account < ApplicationRecord
  MENTION_RE    = %r{(?<![=/[:word:]])@((#{USERNAME_RE})(?:@[[:word:].-]+[[:word:]]+)?)}i
  URL_PREFIX_RE = %r{\Ahttp(s?)://[^/]+}
  USERNAME_ONLY_RE = /\A#{USERNAME_RE}\z/i
+  USERNAME_LENGTH_LIMIT = 30
+  DISPLAY_NAME_LENGTH_LIMIT = 30
+  NOTE_LENGTH_LIMIT = 500

  include Attachmentable # Load prior to Avatar & Header concerns

@ -107,10 +110,10 @@ class Account < ApplicationRecord
  validates :uri, presence: true, unless: :local?, on: :create

  # Local user validations
-  validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: 30 }, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
+  validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: USERNAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
  validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
-  validates :display_name, length: { maximum: 30 }, if: -> { local? && will_save_change_to_display_name? }
-  validates :note, note_length: { maximum: 500 }, if: -> { local? && will_save_change_to_note? }
+  validates :display_name, length: { maximum: DISPLAY_NAME_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_display_name? }
+  validates :note, note_length: { maximum: NOTE_LENGTH_LIMIT }, if: -> { local? && will_save_change_to_note? }
  validates :fields, length: { maximum: DEFAULT_FIELDS_SIZE }, if: -> { local? && will_save_change_to_fields? }
  validates :uri, absence: true, if: :local?, on: :create
  validates :inbox_url, absence: true, if: :local?, on: :create
@ -143,7 +146,6 @@ class Account < ApplicationRecord
  scope :discoverable, -> { searchable.without_silenced.where(discoverable: true).joins(:account_stat) }
  scope :by_recent_status, -> { includes(:account_stat).merge(AccountStat.by_recent_status).references(:account_stat) }
  scope :by_recent_activity, -> { left_joins(:user, :account_stat).order(coalesced_activity_timestamps.desc).order(id: :desc) }
-  scope :popular, -> { order('account_stats.followers_count desc') }
  scope :by_domain_and_subdomains, ->(domain) { where(domain: Instance.by_domain_and_subdomains(domain).select(:domain)) }
  scope :not_excluded_by_account, ->(account) { where.not(id: account.excluded_from_timeline_account_ids) }
  scope :not_domain_blocked_by_account, ->(account) { where(arel_table[:domain].eq(nil).or(arel_table[:domain].not_in(account.excluded_from_timeline_domains))) }
--- a/app/models/application_record.rb
+++ b/app/models/application_record.rb
@ -22,4 +22,10 @@ class ApplicationRecord < ActiveRecord::Base
      value
    end
  end
+
+  # Prevent implicit serialization in ActiveModel::Serializer or other code paths.
+  # This is a hardening step to avoid accidental leaking of attributes.
+  def as_json
+    raise NotImplementedError
+  end
 end
--- a/app/models/concerns/account/associations.rb
+++ b/app/models/concerns/account/associations.rb
@ -81,7 +81,7 @@ module Account::Associations
    has_many :aliases, class_name: 'AccountAlias', dependent: :destroy, inverse_of: :account

    # Hashtags
-    has_and_belongs_to_many :tags
+    has_and_belongs_to_many :tags # rubocop:disable Rails/HasAndBelongsToMany
    has_many :featured_tags, -> { includes(:tag) }, dependent: :destroy, inverse_of: :account

    # Account deletion requests
--- a/app/models/concerns/legacy_otp_secret.rb
+++ b/app/models/concerns/legacy_otp_secret.rb
@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+# TODO: This file is here for legacy support during devise-two-factor upgrade.
+# It should be removed after all records have been migrated.
+
+module LegacyOtpSecret
+  extend ActiveSupport::Concern
+
+  private
+
+  # Decrypt and return the `encrypted_otp_secret` attribute which was used in
+  # prior versions of devise-two-factor
+  # @return [String] The decrypted OTP secret
+  def legacy_otp_secret
+    return nil unless self[:encrypted_otp_secret]
+    return nil unless self.class.otp_secret_encryption_key
+
+    hmac_iterations = 2000 # a default set by the Encryptor gem
+    key = self.class.otp_secret_encryption_key
+    salt = Base64.decode64(encrypted_otp_secret_salt)
+    iv = Base64.decode64(encrypted_otp_secret_iv)
+
+    raw_cipher_text = Base64.decode64(encrypted_otp_secret)
+    # The last 16 bytes of the ciphertext are the authentication tag - we use
+    # Galois Counter Mode which is an authenticated encryption mode
+    cipher_text = raw_cipher_text[0..-17]
+    auth_tag =  raw_cipher_text[-16..-1] # rubocop:disable Style/SlicingWithRange
+
+    # this alrorithm lifted from
+    # https://github.com/attr-encrypted/encryptor/blob/master/lib/encryptor.rb#L54
+
+    # create an OpenSSL object which will decrypt the AES cipher with 256 bit
+    # keys in Galois Counter Mode (GCM). See
+    # https://ruby.github.io/openssl/OpenSSL/Cipher.html
+    cipher = OpenSSL::Cipher.new('aes-256-gcm')
+
+    # tell the cipher we want to decrypt. Symmetric algorithms use a very
+    # similar process for encryption and decryption, hence the same object can
+    # do both.
+    cipher.decrypt
+
+    # Use a Password-Based Key Derivation Function to generate the key actually
+    # used for encryptoin from the key we got as input.
+    cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(key, salt, hmac_iterations, cipher.key_len)
+
+    # set the Initialization Vector (IV)
+    cipher.iv = iv
+
+    # The tag must be set after calling Cipher#decrypt, Cipher#key= and
+    # Cipher#iv=, but before calling Cipher#final. After all decryption is
+    # performed, the tag is verified automatically in the call to Cipher#final.
+    #
+    # If the auth_tag does not verify, then #final will raise OpenSSL::Cipher::CipherError
+    cipher.auth_tag = auth_tag
+
+    # auth_data must be set after auth_tag has been set when decrypting See
+    # http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html#method-i-auth_data-3D
+    # we are not adding any authenticated data but OpenSSL docs say this should
+    # still be called.
+    cipher.auth_data = ''
+
+    # #update is (somewhat confusingly named) the method which actually
+    # performs the decryption on the given chunk of data. Our OTP secret is
+    # short so we only need to call it once.
+    #
+    # It is very important that we call #final because:
+    #
+    # 1. The authentication tag is checked during the call to #final
+    # 2. Block based cipher modes (e.g. CBC) work on fixed size chunks. We need
+    #    to call #final to get it to process the last chunk properly. The output
+    #    of #final should be appended to the decrypted value. This isn't
+    #    required for streaming cipher modes but including it is a best practice
+    #    so that your code will continue to function correctly even if you later
+    #    change to a block cipher mode.
+    cipher.update(cipher_text) + cipher.final
+  end
+end
--- a/app/models/custom_filter.rb
+++ b/app/models/custom_filter.rb
@ -32,6 +32,8 @@ class CustomFilter < ApplicationRecord
    explore
  ).freeze

+  EXPIRATION_DURATIONS = [30.minutes, 1.hour, 6.hours, 12.hours, 1.day, 1.week, 2.weeks, 1.month, 3.months].freeze
+
  include Expireable
  include Redisable

@ -53,10 +55,9 @@ class CustomFilter < ApplicationRecord
  after_commit :invalidate_cache!

  def expires_in
-    return @expires_in if defined?(@expires_in)
    return nil if expires_at.nil?

-    [30.minutes, 1.hour, 6.hours, 12.hours, 1.day, 1.week, 2.weeks, 1.month, 3.months].find { |expires_in| expires_in.from_now >= expires_at }
+    EXPIRATION_DURATIONS.find { |expires_in| expires_in.from_now >= expires_at }
  end

  def irreversible=(value)
--- a/app/models/status.rb
+++ b/app/models/status.rb
@ -109,7 +109,7 @@ class Status < ApplicationRecord
  has_many :local_emoji_reacted, -> { merge(Account.local) }, through: :emoji_reactions, source: :account
  has_many :local_referenced, -> { merge(Account.local) }, through: :referenced_by_statuses, source: :account

-  has_and_belongs_to_many :tags
+  has_and_belongs_to_many :tags # rubocop:disable Rails/HasAndBelongsToMany

  has_one :preview_cards_status, inverse_of: :status, dependent: :delete

@ -136,7 +136,9 @@ class Status < ApplicationRecord
  scope :remote, -> { where(local: false).where.not(uri: nil) }
  scope :local,  -> { where(local: true).or(where(uri: nil)) }
  scope :with_accounts, ->(ids) { where(id: ids).includes(:account) }
-  scope :without_replies, -> { where('statuses.reply = FALSE OR statuses.in_reply_to_account_id = statuses.account_id') }
+  scope :without_replies, -> { not_reply.or(reply_to_account) }
+  scope :not_reply, -> { where(reply: false) }
+  scope :reply_to_account, -> { where(arel_table[:in_reply_to_account_id].eq arel_table[:account_id]) }
  scope :without_reblogs, -> { where(statuses: { reblog_of_id: nil }) }
  scope :with_public_visibility, -> { where(visibility: [:public, :public_unlisted, :login]) }
  scope :with_public_search_visibility, -> { merge(where(visibility: [:public, :public_unlisted, :login]).or(Status.where(searchability: [:public, :public_unlisted]))) }
--- a/app/models/tag.rb
+++ b/app/models/tag.rb
@ -21,8 +21,10 @@

 class Tag < ApplicationRecord
  include Paginable
+  # rubocop:disable Rails/HasAndBelongsToMany
  has_and_belongs_to_many :statuses
  has_and_belongs_to_many :accounts
+  # rubocop:enable Rails/HasAndBelongsToMany

  has_many :passive_relationships, class_name: 'TagFollow', inverse_of: :tag, dependent: :destroy
  has_many :featured_tags, dependent: :destroy, inverse_of: :tag
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -39,6 +39,7 @@
 #  role_id                   :bigint(8)
 #  settings                  :text
 #  time_zone                 :string
+#  otp_secret                :string
 #

 class User < ApplicationRecord
@ -75,6 +76,8 @@ class User < ApplicationRecord
  devise :two_factor_authenticatable,
         otp_secret_encryption_key: Rails.configuration.x.otp_secret

+  include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
+
  devise :two_factor_backupable,
         otp_number_of_backup_codes: 10

@ -134,11 +137,6 @@ class User < ApplicationRecord
  normalizes :time_zone, with: ->(time_zone) { ActiveSupport::TimeZone[time_zone].nil? ? nil : time_zone }
  normalizes :chosen_languages, with: ->(chosen_languages) { chosen_languages.compact_blank.presence }

-  # This avoids a deprecation warning from Rails 5.1
-  # It seems possible that a future release of devise-two-factor will
-  # handle this itself, and this can be removed from our User class.
-  attribute :otp_secret
-
  has_many :session_activations, dependent: :destroy

  delegate :can?, to: :role