The Cybre.Space fork of Mastodon -- https://github.com/tootsuite/mastodon https://cybre.space
Go to file
ThibG 5524258da9
Fix “Email changed” notification sometimes having wrong e-mail (#13475)
* Fix “Email changed” notification sometimes having wrong e-mail

Fixes #6778

The root of the issue is that `send_devise_notification` was called before
the changes were properly commited to the database, causing the mailer to
pick previous values if running too early.

Devise's documentation provides guidance on how to handle that[1][2], however,
I have found it to not be working, as the following happens, in that order:
- `send_devise_notification` is called for the `email_changed` notification.
  In that case, `changed?` is false and `saved_changes?` is true, so
  if we use the former, we have the same issue.
- the `after_commit` hook is called
- `send_devise_notification` is called for the `confirmation_instructions`
  notification.
  In that case, `changed?` is still false, and `saved_changes?` still true,
  so if we use the latter, that second notification email is simply not
  going to be sent (as we would be queuing the notification *after*
  executing the after_commit hook).

This is because it may be called from either an `after_update` or
`after_commit` hook, the difference not being a call to `save` but the
transaction actually being committed to the database. This may arguably
be a bug in Devise, or Devise's notification.

The proposed workaround is inspired by Devise's documentation but checks
whether a transaction is open to make the call whether to immediately
send the notification or defer it to the `after_commit` hook.

[1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification
[2]: 406915cb78/lib/devise/models/authenticatable.rb (L133-L194)

* Fix cases when sending notifications without changing the model

* Defer sending if and only if in transaction including current record
2020-04-15 16:13:44 +02:00
.circleci Update config.yml (#13379) 2020-04-04 15:52:42 +02:00
.dependabot Increase dependabot dependencies scope from security-only. (#13400) 2020-04-06 09:43:55 +02:00
.github Add config for issue template (#12306) 2019-11-13 22:51:49 +01:00
app Fix “Email changed” notification sometimes having wrong e-mail (#13475) 2020-04-15 16:13:44 +02:00
bin Bump webpacker from 3.5.5 to 4.0.2 (#10277) 2019-03-15 15:05:31 +01:00
config Fix account aliases page (#13452) 2020-04-13 06:41:43 +02:00
db Fix PostgreSQL load when linking in announcements (#13250) 2020-04-05 12:51:22 +02:00
dist Update nginx.conf (#13066) 2020-03-08 16:04:25 +01:00
lib Fix regression in `tootctl media remove-orphans` (#13405) 2020-04-06 14:11:47 +02:00
log Initial commit 2016-02-20 22:53:20 +01:00
nanobox Resync Nanobox files with the 2.9.0 release (#11083) 2019-06-14 14:52:31 +02:00
public Updated Twemoji to 12.1.3 (#12342) 2019-11-11 00:04:24 +02:00
spec Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
streaming minor server-sent events fixes (#12945) 2020-01-24 20:51:33 +01:00
vendor Increase files checked by ESLint (#9705) 2019-01-04 11:28:38 +01:00
.buildpacks Add ffmpeg buildpack for scalingo (#8500) 2018-08-29 01:21:23 +02:00
.codeclimate.yml Update ESLint and RuboCop in Code Climate (#12534) 2019-12-02 18:25:43 +01:00
.dockerignore Add .bundle to .dockerignore (#7895) 2018-06-26 20:33:29 +02:00
.editorconfig Add final newline to locale files (#2890) 2017-05-07 19:55:47 +02:00
.env.nanobox Fix sample SAML_ACS_URL, SAML_ISSUER (#12669) 2019-12-23 18:12:22 +01:00
.env.production.sample Document AUTHORIZED_FETCH mode and WHITELIST_MODE (#12856) 2020-01-23 00:43:54 +01:00
.env.test Bump webpacker from 4.0.7 to 4.2.0 (#12416) 2019-11-20 17:56:11 +01:00
.env.vagrant fix vagrant connection error (#12180) 2019-10-24 22:47:24 +02:00
.eslintignore Increase files checked by ESLint (#9705) 2019-01-04 11:28:38 +01:00
.eslintrc.js Refactor icons in web UI to use Icon component (#9951) 2019-02-01 00:14:05 +01:00
.foreman Replace sprockets/browserify with Webpack (#2617) 2017-05-03 02:04:16 +02:00
.gitattributes Add .gitattributes file to avoid unwanted CRLF (#3954) 2017-06-26 13:15:24 +02:00
.gitignore Add new vagrant log files to .gitignore (#13442) 2020-04-12 13:37:34 +02:00
.haml-lint.yml Added haml-lint and fix warnings (#2773) 2017-05-08 03:35:25 +02:00
.nanoignore Remove Storybook (#4397) 2017-07-27 22:30:27 +02:00
.nvmrc Upgrade .nvmrc to Node.js 12 (#12906) 2020-01-21 12:42:13 +01:00
.profile Add ffmpeg and dependent packages as well as LD_LIBRARY_PATHs (#3276) 2017-05-24 17:57:33 +02:00
.rspec Adding a Mention model, test stubs 2016-02-25 00:17:01 +01:00
.rubocop.yml Update ESLint and RuboCop in Code Climate (#12534) 2019-12-02 18:25:43 +01:00
.ruby-version Update .ruby-version (#13395) 2020-04-05 13:58:43 +02:00
.sass-lint.yml Fix sass-lint config (#10982) 2019-06-06 18:51:46 +02:00
.slugignore Remove Storybook (#4397) 2017-07-27 22:30:27 +02:00
.yarnclean Replace from scss-lint to sass-lint (#10958) 2019-06-04 17:23:18 +02:00
AUTHORS.md Update AUTHORS.md (#12096) 2019-10-07 04:36:32 +02:00
Aptfile Adjust Aptfile for Heroku-18 stack (#8588) 2018-09-09 02:10:58 +02:00
CHANGELOG.md Update CHANGELOG.md (#13397) 2020-04-05 15:18:41 +02:00
CODE_OF_CONDUCT.md Add code of conduct from GitHub generator (#5674) 2017-11-13 17:28:55 +01:00
CONTRIBUTING.md Edit CONTRIBUTING.md (#12401) 2019-11-17 12:25:10 +01:00
Capfile remove capistrano/faster_assets from Capfile (#2737) 2017-05-03 12:14:52 +02:00
Dockerfile [Security] Update Dockerfile for Ruby 2.6.6 (#13393) 2020-04-05 12:52:07 +02:00
Gemfile Bump rubocop-rails from 2.4.2 to 2.5.2 (#13459) 2020-04-13 23:36:57 +09:00
Gemfile.lock Bump regexp_parser from 1.6.0 to 1.7.0 (#13460) 2020-04-13 23:40:22 +09:00
LICENSE Fix #49 - License changed from GPL-2.0 to AGPL-3.0 2016-09-21 23:04:34 +02:00
Procfile Bind servers to 0.0.0.0 in Procfile (#11378) 2019-07-22 06:16:30 +02:00
Procfile.dev Fix Procfile on OS X (#6748) 2018-03-12 03:50:40 +01:00
README.md Fix translation platform to Crowdin (#13443) 2020-04-10 08:24:23 +02:00
Rakefile Initial commit 2016-02-20 22:53:20 +01:00
Vagrantfile Update Vagrant box to Bionic (#13384) 2020-04-04 15:47:48 +02:00
app.json Remove deprecated config from Heroku and Scalingo (#11925) 2019-09-23 12:11:59 +02:00
babel.config.js Remove unnecessary dependencies (#12533) 2019-12-02 13:38:53 +01:00
boxfile.yml Correct the Nanobox deploy hooks for order and context (#12663) 2019-12-22 08:55:27 +01:00
config.ru Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 16:56:29 +01:00
crowdin.yml Update Crowdin configuration file 2019-09-14 11:40:13 +02:00
docker-compose.yml increase the postgres container shm_size from 64mb to 256mb (#13451) 2020-04-12 16:41:54 +02:00
package.json Bump mkdirp from 1.0.3 to 1.0.4 (#13463) 2020-04-13 23:11:52 +09:00
postcss.config.js Increase files checked by ESLint (#9705) 2019-01-04 11:28:38 +01:00
priv-config TOR federation (#7875) 2018-06-26 20:34:12 +02:00
scalingo.json Remove deprecated config from Heroku and Scalingo (#11925) 2019-09-23 12:11:59 +02:00
yarn.lock Bump watchpack from 1.6.0 to 1.6.1 (#13462) 2020-04-14 00:35:20 +09:00

README.md

Mastodon

GitHub release Build Status Code Climate Crowdin Docker Pulls

Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub)!

Click below to learn more in a video:

Screenshot

Navigation

Features

No vendor lock-in: Fully interoperable with any conforming platform

It doesn't have to be Mastodon, whatever implements ActivityPub is part of the social network! Learn more

Real-time, chronological timeline updates

See the updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!

Media attachments like images and short videos

Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos are looped - like vines!

Safety and moderation tools

Private posts, locked accounts, phrase filtering, muting, blocking and all sorts of other features, along with a reporting and moderation system. Learn more

OAuth2 and a straightforward REST API

Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Streaming APIs, resulting in a rich app ecosystem with a lot of choices!

Deployment

Tech stack:

  • Ruby on Rails powers the REST API and other web pages
  • React.js and Redux are used for the dynamic parts of the interface
  • Node.js powers the streaming API

Requirements:

  • PostgreSQL 9.5+
  • Redis 4+
  • Ruby 2.5+
  • Node.js 10.13+

The repository includes deployment configurations for Docker and docker-compose, but also a few specific platforms like Heroku, Scalingo, and Nanobox. The stand-alone installation guide is available in the documentation.

A Vagrant configuration is included for development purposes.

Contributing

Mastodon is free, open-source software licensed under AGPLv3.

You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Crowdin. To get started, take a look at CONTRIBUTING.md. If your contributions are accepted into Mastodon, you can request to be paid through our OpenCollective.

IRC channel: #mastodon on irc.freenode.net

License

Copyright (C) 2016-2020 Eugen Rochko & other Mastodon contributors (see AUTHORS.md)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.