1. 15 Sep, 2020 3 commits
    • Deimos's avatar
      Fix sidebar background color in fallback themes · 0cbe17f7
      Deimos authored
    • Deimos's avatar
      Add minimal theme support for old browsers · 925278ed
      Deimos authored
      This should allow users with browsers that don't support CSS custom
      properties to still have some minimal theme support. There will be
      various issues with the themes (and that's fine), but it will at least
      set the main colors for their chosen theme.
    • Deimos's avatar
      Fix transparent sidebar for very old browsers · cbf77c1d
      Deimos authored
      With the switch to CSS custom properties for the themes, old browsers
      with no support are ending up with a transparent background on the
      sidebar. This makes the site especially difficult to use on mobile.
      I'm going to do something more extensive to allow browsers with no
      support for custom properties to still get basic theming, but it's
      dependent on a @supports query. For browsers that don't support that
      query either, we need this line to give the sidebar a background.
  2. 14 Sep, 2020 1 commit
  3. 13 Sep, 2020 1 commit
  4. 12 Sep, 2020 2 commits
  5. 11 Sep, 2020 1 commit
    • Deimos's avatar
      Show Exemplary badge on labeled comments · f8f7a964
      Deimos authored
      This starts showing the Exemplary badge to all users again (but only the
      author can see the count still).
      It also changes the "priority" of the .is-comment-exemplary and
      .is-comment-new classes so that the stripe will show the new color when
      a comment is both new and exemplary.
  6. 09 Sep, 2020 3 commits
  7. 07 Sep, 2020 1 commit
    • Deimos's avatar
      Remove remnants of Redis breached-passwords check · 68870119
      Deimos authored
      We've been using pts_lbsearch on the text file for a few weeks now, and
      it's working fine. Checks generally seem to take about 10 ms, and that's
      totally fine for the relatively uncommon events of registrations and
      password changes.
      This removes everything related to the previous Redis-based method,
      which means we no longer need the second Redis server or the ReBloom
  8. 03 Sep, 2020 1 commit
    • Deimos's avatar
      Exclude removed comments from "last comment" link · 62412392
      Deimos authored
      The "last comment posted" link in the sidebar on a topic's comments page
      was still considering removed comments, so if the last comment in a
      topic was removed it would link to that one. That's not very useful for
      anyone, so this excludes removed comments the same way that deleted ones
      were already excluded.
  9. 12 Aug, 2020 1 commit
    • Deimos's avatar
      Use pts_lbsearch to check for breached passwords · 26b1d4dd
      Deimos authored
      This replaces the current method of using a Bloom filter in Redis to
      check for breached passwords with searching the text file directly using
      pts_lbsearch (https://github.com/pts/pts-line-bisect/).
      I'm not removing the Redis-based method yet because I want to test the
      performance of this first, but this is *far* simpler and doesn't have
      the possibility for false positives like the Bloom filter does.
  10. 10 Aug, 2020 2 commits
    • Deimos's avatar
      Add metric to breached-password check · a70cc614
      Deimos authored
    • Deimos's avatar
      Fix bug with trying to unnest non-webargs errors · d61b8488
      Deimos authored
      When a ValidationError comes up for a reason unrelated to webargs (for
      example, if a user tries to set a password that's in the breached list),
      this crashes when trying to unnest it, since it doesn't have the extra
      level that webargs adds.
      This is a bit ugly, but checks to see whether the extra level is there
  11. 05 Aug, 2020 2 commits
    • Deimos's avatar
      Switch user permissions to use an enum · 2e5a2d96
      Deimos authored
      Previously, there wasn't any defined list of which permissions were
      valid or not. You basically had to look through each model's __acl__
      method to see what the possibilities were.
      Using an enum will be less convenient when adding new permissions or
      changing existing ones (since it will require a database migration), but
      it makes it much easier to see what the valid options are, and will
      prevent invalid permissions from being set up in the database.
    • Deimos's avatar
      Rename "post_topic" permission to "topic.post" · a4628343
      Deimos authored
      This permission was a strange exception, with every other permission
      being of a format like "topic.lock", "comment.remove", and so on.
  12. 03 Aug, 2020 2 commits
    • Deimos's avatar
      Add marks to slower tests and don't run by default · 036d46d5
      Deimos authored
      This uses pytest's "markers" system to add markers to two special types
      of tests:
      * webtest - ones that use the WebTest library and are testing the actual
        HTTP app, instead of executing code/functions directly
      * html_validation - ones that are generating HTML output (via webtest)
        and running it through the Nu HTML Checker to validate it.
      The "webtest" marker is added automatically by checking whether a test
      uses either of the webtest fixtures, and the html_validation one is
      currently added manually to the only module that has those tests. In the
      future, we could probably put HTML validation tests in their own folder
      and mark them automatically based on the module's path or something
      This also changes the default arguments for pytest to exclude these two
      marked types of tests, and updates the git hooks so that webtests are
      run pre-commit (but not HTML validation), and all tests are run
      pre-push. Similar to the way we use prospector, this makes it so that
      the very slow tests are only run before pushing.
    • Andrew Shu's avatar
      Install html5validator, validate HTML in tests · 87dce83f
      Andrew Shu authored
      Installs the Nu Html Checker and starts using it to validate the home
      page's HTML: https://validator.github.io/validator/
      Also includes fixes to some lists that were nested in an invalid way.
  13. 02 Aug, 2020 3 commits
    • Andrew Shu's avatar
      Fix HTML- and URL-encoding bugs on homepage · 9ff86bed
      Andrew Shu authored
    • Deimos's avatar
      Set function scope for logged-out webtest fixture · 3026d066
      Deimos authored
      I mistakenly assumed that not setting the cookiejar argument when
      creating a webtest TestApp would mean that no cookies would be retained
      between requests, but that's wrong. If you don't pass a cookiejar, it
      just automatically creates one for you. Because of this, logged-out
      webtests would end up being logged-in after any test logged in.
      This reduces the webtest_loggedout fixture's scope to function-level so
      that it will be re-initiated on every test instead. It also stops
      passing a cookiejar for the logged-in webtest, since that's unnecessary.
    • Deimos's avatar
      Revert "Build HTML Tidy, validate homepage HTML in tests" · 6f272fcd
      Deimos authored
      This reverts commit cb7be838.
      HTML Tidy seems to have various gaps in its validation that we've found
      already, including one that's pretty much a deal-breaker for Tildes's
      HTML: it doesn't think that <menu> is a valid parent for <li>.
      We're looking at alternative validators still.
  14. 01 Aug, 2020 1 commit
    • Andrew Shu's avatar
      Build HTML Tidy, validate homepage HTML in tests · cb7be838
      Andrew Shu authored
      Adds the HTML Tidy library to the dev version, along with the pytidylib
      wrapper for it, and a couple of tests that use it to validate the HTML
      of the home page.
      Includes a fix to the GitLab "Planned features" link that Tidy considers
      invalid because it includes some un-encoded characters.
  15. 31 Jul, 2020 1 commit
    • Deimos's avatar
      Upgrade webargs to 6.1.0 · f41bd1ea
      Deimos authored
      This was not a fun upgrade. webargs made some major changes to its
      approaches in 6.0, which are mostly covered here:
      To keep using it on Tildes, this commit had to make the following
        - Write my own wrapper for use_kwargs that changes some of the default
          behavior. Specifically, we want the location that data is being
          loaded from to default to "query" (the query string) instead of
          webargs' default of "json". We also needed to set the "unknown"
          behavior on every schema to "exclude" so that the schemas would
          ignore any data fields they didn't need, since the default behavior
          is to throw an error, which happens almost everywhere because of
          Intercooler variables and/or multiple use_kwargs calls for different
          subsets of the data.
        - All @pre_load hooks in schemas needed to be rewritten so that they
          weren't modifying data in-place (copy to a new data dict first).
          Because webargs is now passing all data through all schemas,
          modifying in-place could result in an earlier schema modifying data
          that would then be passed in modified form to the later ones.
          Specifically, this caused an issue with tags on posting a new topic,
          where we just wanted to treat the tags as a string, but TopicSchema
          would convert it to a list in @pre_load.
        - use_kwargs on every endpoint using non-query data needed to be
          updated to support the new single-location approach, either replacing
          an existing locations= with location=, or adding location="form",
          since form data was no longer used by default.
        - The code that parsed the errors returned by webargs/Marshmallow
          ValidationErrors needed to update to handle the additional "level"
          in the dict of errors, where errors are now split out by location
          and then field, instead of only by field.
        - A few other minor updates, like always passing a schema object
          instead of a class, and never passing a callable (mostly just for
          simplicity in the wrapper).
  16. 29 Jul, 2020 2 commits
    • Deimos's avatar
      Upgrade prospector to 1.3.0 · 44a86996
      Deimos authored
      I thought this would be a larger task due to so many of the tools
      updating to new versions, but the only thing necessary for this upgrade
      was updating the name of one of the disabled pylint errors.
    • Deimos's avatar
      Update pypi package versions (requirements.txt) · 5c70d8c9
      Deimos authored
      I temporarily pinned two packages that will require more significant
      updates (webargs in requirements and prospector in requirements-dev).
      Other than those, everything seemed to upgrade cleanly, except for an
      issue with mypy that needed a "type: ignore" comment to circumvent.
      Note that there is currently an issue with Salt's pip module being
      unable to handle comments in a requirements file that include "-r", so I
      had to manually edit the two .txt files after using pip-tools to remove
      all lines with "via -r" comments in them. I've commented about this in
      an issue on Salt's repo here:
  17. 25 Jul, 2020 2 commits
    • Deimos's avatar
      Restrict link topic repost check to last 6 months · c31c47d6
      Deimos authored
      Previously, when checking if a link had been posted before, there was no
      restriction on the time limit, so even posts from years ago would come
      up. This restricts it to only the last 6 months, which I think is a
      pretty reasonable time period for reposting.
    • Deimos's avatar
      Fix error from trying to log into no-password user · 6f1377fe
      Deimos authored
      I think someone tried to log into the special internal account named
      "Tildes", which isn't possible (since it has no password), but caused a
  18. 24 Jul, 2020 4 commits
  19. 23 Jul, 2020 1 commit
  20. 21 Jul, 2020 3 commits
    • Deimos's avatar
      Use "outer" sizes for checking dropdown overflow · e84c9053
      Deimos authored
      The "outer" width/height functions also include padding and border. Not
      including these didn't make a noticeable difference for the left/right
      flipping (the omissions almost canceled each other out), but the
      discrepancy is much more noticeable on the top/bottom flipping.
    • Andrew Shu's avatar
      Push dropdown up if it's off bottom of screen/site · ca38cd67
      Andrew Shu authored
      Use bottom: 100% to make sure the menu does not overlap the
      button (as with bottom: 0). If it overlaps the button then
      that interferes with the button click handler.
    • Andrew Shu's avatar
      Remove period chars from search query for multilevel tags · 33f551fb
      Andrew Shu authored
      Tags are stored in the search index as space-separated strings
      with the periods removed. Searches for "parent.child" tags
      were failing because of the period.
      Removing period is okay for now because URL domains are not
      currently indexed for search.
  21. 17 Jul, 2020 1 commit
  22. 15 Jul, 2020 1 commit
  23. 14 Jul, 2020 1 commit