We can determine diaspora_handle from a relation with people for the
shareables (posts, photos). So we don't need to store diaspora_handle in
the DB. Also remove tmp_old_id from photos which is not refenrenced anywhere.
Also:
* remove ShareablesFromPerson evil-query
* improve multi-stream and aspect-stream queries
* fix logging for recieve
* don't add last 100 public posts to users streams after sharing
* delete share visibility when shareable is deleted
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:
"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
These are some initial tests, more to come.
It tests some features of Request, StatusMessage, Comment, Like,
Participation, Retraction, SignedRetraction, RelayableRetraction entities
receive process.
Update _index.html.haml
This params broken the pagination of the followers list in tags page
To reproduce try to paginate in
https://joindiaspora.com/tags/diaspora
test for people pagination patch
reducing the per page limit
removing tabs
markdown link to their profile (fixes#2516)
add failing spec for #4160 / #2516
extend the spec a bit more
refactor mention handling in a status message
add method for filtering mentions by aspects
wire mention filtering into the status message model, adapt a few tests to
work properly
cosmetic changes
shorten helper methods
add changelog entry
* Dropped all references to Resque
* Moved all jobs under app/workers since that's the Sidekiq convention
* Renamed Jobs module to Worker to match new location
* Adapted all jobs to Sidekiq
* Replaced all enqueue calls with perform_async
* Dropped Resque hacks from specs and features, replaced with
sidekig/testing in RSpec and sidekig/testing/inline in Cucumber
* Updated scripts to start a Sidekiq server
* Inline Sidekiq sinatra app
* Let Sidekiq create the actual Redis instance
* Workaround already initialized constant warnings in service models
* Resolved ToDo in one job definition by creating proper exception clases
for some errors in receiving posts
* Added sidekiq section to configuration to make it completly
configurable to the user
* Add Sidekiq middleware for clean backtraces
* Delay HttpMulti retry to give offline pods a chance to come back up
* Do not retry on GUID already taken and alike errors
* Be graceful about deleted posts in GatherOEmbedData
This is a fix for public messages, where a malicious pod could spoof a message from someone a user was connected to, as the verified signatures were not checked that the object was also from said sender. This hole only affected public messages, and the private part of code had the correct checks
THX to s-f-s(Stephan Schulz) for reporting and tracking down this issue, and props to Raven24(florian.staudacher@gmx.at) for helping me test the patch
