1. 12 Sep, 2020 1 commit
    • Deimos's avatar
      Remove donation goal from Financials page · 8ec4a86e
      Deimos authored
      This is probably just temporary, but I'm going to leave the donation
      goal meter off the sidebar for now, so I don't want the confusing
      section in the middle of the Financials page saying that the goal is $0
      and so on.
  2. 11 Sep, 2020 1 commit
    • Deimos's avatar
      Show Exemplary badge on labeled comments · f8f7a964
      Deimos authored
      This starts showing the Exemplary badge to all users again (but only the
      author can see the count still).
      It also changes the "priority" of the .is-comment-exemplary and
      .is-comment-new classes so that the stripe will show the new color when
      a comment is both new and exemplary.
  3. 09 Sep, 2020 1 commit
  4. 07 Sep, 2020 1 commit
    • Deimos's avatar
      Remove remnants of Redis breached-passwords check · 68870119
      Deimos authored
      We've been using pts_lbsearch on the text file for a few weeks now, and
      it's working fine. Checks generally seem to take about 10 ms, and that's
      totally fine for the relatively uncommon events of registrations and
      password changes.
      This removes everything related to the previous Redis-based method,
      which means we no longer need the second Redis server or the ReBloom
  5. 03 Sep, 2020 1 commit
    • Deimos's avatar
      Exclude removed comments from "last comment" link · 62412392
      Deimos authored
      The "last comment posted" link in the sidebar on a topic's comments page
      was still considering removed comments, so if the last comment in a
      topic was removed it would link to that one. That's not very useful for
      anyone, so this excludes removed comments the same way that deleted ones
      were already excluded.
  6. 12 Aug, 2020 1 commit
    • Deimos's avatar
      Use pts_lbsearch to check for breached passwords · 26b1d4dd
      Deimos authored
      This replaces the current method of using a Bloom filter in Redis to
      check for breached passwords with searching the text file directly using
      pts_lbsearch (https://github.com/pts/pts-line-bisect/).
      I'm not removing the Redis-based method yet because I want to test the
      performance of this first, but this is *far* simpler and doesn't have
      the possibility for false positives like the Bloom filter does.
  7. 10 Aug, 2020 2 commits
    • Deimos's avatar
      Add metric to breached-password check · a70cc614
      Deimos authored
    • Deimos's avatar
      Fix bug with trying to unnest non-webargs errors · d61b8488
      Deimos authored
      When a ValidationError comes up for a reason unrelated to webargs (for
      example, if a user tries to set a password that's in the breached list),
      this crashes when trying to unnest it, since it doesn't have the extra
      level that webargs adds.
      This is a bit ugly, but checks to see whether the extra level is there
  8. 05 Aug, 2020 2 commits
    • Deimos's avatar
      Switch user permissions to use an enum · 2e5a2d96
      Deimos authored
      Previously, there wasn't any defined list of which permissions were
      valid or not. You basically had to look through each model's __acl__
      method to see what the possibilities were.
      Using an enum will be less convenient when adding new permissions or
      changing existing ones (since it will require a database migration), but
      it makes it much easier to see what the valid options are, and will
      prevent invalid permissions from being set up in the database.
    • Deimos's avatar
      Rename "post_topic" permission to "topic.post" · a4628343
      Deimos authored
      This permission was a strange exception, with every other permission
      being of a format like "topic.lock", "comment.remove", and so on.
  9. 03 Aug, 2020 1 commit
  10. 02 Aug, 2020 2 commits
  11. 01 Aug, 2020 1 commit
    • Andrew Shu's avatar
      Build HTML Tidy, validate homepage HTML in tests · cb7be838
      Andrew Shu authored
      Adds the HTML Tidy library to the dev version, along with the pytidylib
      wrapper for it, and a couple of tests that use it to validate the HTML
      of the home page.
      Includes a fix to the GitLab "Planned features" link that Tidy considers
      invalid because it includes some un-encoded characters.
  12. 31 Jul, 2020 1 commit
    • Deimos's avatar
      Upgrade webargs to 6.1.0 · f41bd1ea
      Deimos authored
      This was not a fun upgrade. webargs made some major changes to its
      approaches in 6.0, which are mostly covered here:
      To keep using it on Tildes, this commit had to make the following
        - Write my own wrapper for use_kwargs that changes some of the default
          behavior. Specifically, we want the location that data is being
          loaded from to default to "query" (the query string) instead of
          webargs' default of "json". We also needed to set the "unknown"
          behavior on every schema to "exclude" so that the schemas would
          ignore any data fields they didn't need, since the default behavior
          is to throw an error, which happens almost everywhere because of
          Intercooler variables and/or multiple use_kwargs calls for different
          subsets of the data.
        - All @pre_load hooks in schemas needed to be rewritten so that they
          weren't modifying data in-place (copy to a new data dict first).
          Because webargs is now passing all data through all schemas,
          modifying in-place could result in an earlier schema modifying data
          that would then be passed in modified form to the later ones.
          Specifically, this caused an issue with tags on posting a new topic,
          where we just wanted to treat the tags as a string, but TopicSchema
          would convert it to a list in @pre_load.
        - use_kwargs on every endpoint using non-query data needed to be
          updated to support the new single-location approach, either replacing
          an existing locations= with location=, or adding location="form",
          since form data was no longer used by default.
        - The code that parsed the errors returned by webargs/Marshmallow
          ValidationErrors needed to update to handle the additional "level"
          in the dict of errors, where errors are now split out by location
          and then field, instead of only by field.
        - A few other minor updates, like always passing a schema object
          instead of a class, and never passing a callable (mostly just for
          simplicity in the wrapper).
  13. 25 Jul, 2020 2 commits
    • Deimos's avatar
      Restrict link topic repost check to last 6 months · c31c47d6
      Deimos authored
      Previously, when checking if a link had been posted before, there was no
      restriction on the time limit, so even posts from years ago would come
      up. This restricts it to only the last 6 months, which I think is a
      pretty reasonable time period for reposting.
    • Deimos's avatar
      Fix error from trying to log into no-password user · 6f1377fe
      Deimos authored
      I think someone tried to log into the special internal account named
      "Tildes", which isn't possible (since it has no password), but caused a
  14. 24 Jul, 2020 4 commits
  15. 23 Jul, 2020 1 commit
  16. 21 Jul, 2020 1 commit
    • Andrew Shu's avatar
      Remove period chars from search query for multilevel tags · 33f551fb
      Andrew Shu authored
      Tags are stored in the search index as space-separated strings
      with the periods removed. Searches for "parent.child" tags
      were failing because of the period.
      Removing period is okay for now because URL domains are not
      currently indexed for search.
  17. 17 Jul, 2020 1 commit
  18. 15 Jul, 2020 1 commit
  19. 14 Jul, 2020 1 commit
    • Deimos's avatar
      Remove welcome message sent on registration · a9d312d1
      Deimos authored
      This message is getting pretty outdated now, and should probably be done
      in a different way regardless so that it doesn't need to be in the code,
      especially since forks won't want the same message (or any message).
      A better approach would probably be a consumer or cronjob watching for
      new registrations in the event stream.
  20. 12 Jul, 2020 1 commit
  21. 06 Jul, 2020 2 commits
    • Deimos's avatar
      Hide old-scheduled-topic message if not logged in · 5b1addab
      Deimos authored
    • Deimos's avatar
      Prevent top-level comments in old scheduled topics · c4af5c7d
      Deimos authored
      By default, new top-level comments will only be allowed in the latest
      topic from a particular set of scheduled topics. Replies to existing
      comments in old topics will still be allowed - this is just intended to
      prevent the cases where an old scheduled topic gets bumped back up due
      to a reply and people inadvertently start adding new top-level comments
      to it instead of the latest one.
      This should be the correct behavior for most scheduled topics, but it
      can be disabled for a particular schedule if needed.
  22. 05 Jul, 2020 1 commit
    • Deimos's avatar
      Track latest topic for each schedule · a451b7fb
      Deimos authored
      This adds a new latest_topic_id column to topic_schedule and uses
      triggers on the topics table to keep it correct.
      This isn't really ideal, but it will simplify a few things related to
      scheduled topics by quite a bit. For example, this commit also uses that
      new data to much more easily populate the list of scheduled topics in a
      group's sidebar, which previously required a subquery and windowing.
  23. 19 Jun, 2020 1 commit
    • Deimos's avatar
      Remove comment back-and-forth delay · 96aaf50b
      Deimos authored
      I think overall this is triggering more than I want, and getting in the
      way of perfectly reasonable conversations. I like the idea still, but
      needs adjusting.
  24. 18 Jun, 2020 1 commit
    • Deimos's avatar
      Remove specialized coronavirus views · a66e16d6
      Deimos authored
      Coronavirus topics have slowed down greatly now, with generally only
      about 3 per day, and are almost all restricted to ~health.coronavirus,
      so users can easily find (or avoid) them by just using that group.
  25. 16 Jun, 2020 4 commits
    • Deimos's avatar
      Add metric for back-and-forth warnings · 59b0f24e
      Deimos authored
    • Deimos's avatar
      Replace "whitelist" terminology · 60f47cc3
      Deimos authored
    • Deimos's avatar
      Add a delay to comment back-and-forths · 15ced1a7
      Deimos authored
    • Deimos's avatar
      Use intercooler for comment reply form · 6227f747
      Deimos authored
      Previously, the comment reply form was being created entirely
      client-side by cloning and modifying a <template>. This was nice because
      it meant that a network request wasn't necessary to display the form,
      but it also had downsides.
      For example, if a topic was locked after a user had already loaded the
      page (or their notifications page with a comment from that topic), they
      would still be able to click Reply and type in a comment, and wouldn't
      know that replying wasn't possible until they actually tried to submit
      the comment.
      By switching to using intercooler for this form, we can do server-side
      validation to check permissions before showing the form, and it also
      simplifies some other aspects, such as the warning about replying to an
      old comment, which previously needed a data-js-old-warning-age attribute
      in the HTML, but is now just part of generating the reply form template
  26. 02 Jun, 2020 1 commit
    • Deimos's avatar
      Prioritize showing comment removal over deletion · e1535991
      Deimos authored
      If a comment is removed and then deleted by its author, we should
      continue showing it as removed, since that's the more significant action
      (and the deletion is usually *because* of the removal).
  27. 27 May, 2020 1 commit
    • Deimos's avatar
      Don't post full "backlog" of scheduled topics · e8f8885f
      Deimos authored
      This will probably only ever be relevant in development environments,
      but we don't want the topic scheduler to always post a full backlog of
      scheduled topics when it hasn't run for a while. For example, if a dev
      environment has a daily scheduled topic set up, but the VM is not
      launched for a week, the next time the "post scheduled topics" cronjob
      runs, it will post all 7 of the backlogged topics.
      This commit changes the script so that it advances the schedule to the
      next *future* occurrence, instead of continuing the backlog.
  28. 26 May, 2020 1 commit
    • Deimos's avatar
      TopicQuery: include ignored topics by default · 740f71d3
      Deimos authored
      Previously, TopicQuery was excluding ignored topics by default. However,
      this caused some unexpected issues, such as a crash when someone tried
      to vote on a topic after ignoring it. I think it's more intuitive to
      reverse the logic like this: include the ignored topics by default, and
      only specifically exclude them in the cases where that's necessary.
  29. 22 May, 2020 1 commit