From 5d424f126a25726b926c3ac2ec5bbb60aab3eae5 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:13:27 -0700 Subject: [PATCH 01/10] Add FailedJob garbage collection --- app/Console/Commands/FailedJobGC.php | 49 ++++++++++++++++++++++++++++ app/Console/Kernel.php | 1 + 2 files changed, 50 insertions(+) create mode 100644 app/Console/Commands/FailedJobGC.php diff --git a/app/Console/Commands/FailedJobGC.php b/app/Console/Commands/FailedJobGC.php new file mode 100644 index 000000000..f48d49b84 --- /dev/null +++ b/app/Console/Commands/FailedJobGC.php @@ -0,0 +1,49 @@ +failed_at->lt(now()->subMonth())) { + $job->delete(); + } + } + }); + } +} diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php index 1e3364afc..046890e7a 100644 --- a/app/Console/Kernel.php +++ b/app/Console/Kernel.php @@ -31,6 +31,7 @@ class Kernel extends ConsoleKernel ->hourly(); $schedule->command('horizon:snapshot')->everyFiveMinutes(); $schedule->command('story:gc')->everyFiveMinutes(); + $schedule->command('gc:failedjobs')->daily(); } /** From 2a64f99a29c8844c04e03c0f73d2198a8a9ac256 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:14:42 -0700 Subject: [PATCH 02/10] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d7ee1304e..0fa0cd7c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Added - Added ```BANNED_USERNAMES``` .env var, an optional comma separated string to ban specific usernames from being used ([6cdd64c6](https://github.com/pixelfed/pixelfed/commit/6cdd64c6)) - Added RestrictedAccess middleware for Restricted Mode ([17c1a83d](https://github.com/pixelfed/pixelfed/commit/17c1a83d)) +- Added FailedJob garbage collection ([5d424f12](https://github.com/pixelfed/pixelfed/commit/5d424f12)) ### Fixed - Fixed Story Compose bug affecting postgres instances ([#1918](https://github.com/pixelfed/pixelfed/pull/1918)) From c40cdb6d8a500399f84ca3613fac7d93f8779002 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:18:12 -0700 Subject: [PATCH 03/10] Update FailedJobGC command, change scheduled time to not conflict with daily backups --- app/Console/Kernel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php index 046890e7a..7044d8f60 100644 --- a/app/Console/Kernel.php +++ b/app/Console/Kernel.php @@ -31,7 +31,7 @@ class Kernel extends ConsoleKernel ->hourly(); $schedule->command('horizon:snapshot')->everyFiveMinutes(); $schedule->command('story:gc')->everyFiveMinutes(); - $schedule->command('gc:failedjobs')->daily(); + $schedule->command('gc:failedjobs')->dailyAt(3); } /** From 829c41e16f8d0075dcba719a7cca211392524962 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:37:08 -0700 Subject: [PATCH 04/10] Update password reset ttl, now expires after 24 hours --- app/Console/Commands/PasswordResetGC.php | 48 +++++++++++++++++++ app/Console/Kernel.php | 1 + app/Http/Controllers/AccountController.php | 7 +-- .../views/emails/confirm_email.blade.php | 9 +++- 4 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 app/Console/Commands/PasswordResetGC.php diff --git a/app/Console/Commands/PasswordResetGC.php b/app/Console/Commands/PasswordResetGC.php new file mode 100644 index 000000000..2dbcc35e6 --- /dev/null +++ b/app/Console/Commands/PasswordResetGC.php @@ -0,0 +1,48 @@ +subMinutes(1441)) + ->chunk(50, function($emails) { + foreach($emails as $em) { + $em->delete(); + } + }); + } +} diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php index 7044d8f60..a29ace355 100644 --- a/app/Console/Kernel.php +++ b/app/Console/Kernel.php @@ -32,6 +32,7 @@ class Kernel extends ConsoleKernel $schedule->command('horizon:snapshot')->everyFiveMinutes(); $schedule->command('story:gc')->everyFiveMinutes(); $schedule->command('gc:failedjobs')->dailyAt(3); + $schedule->command('gc:passwordreset')->dailyAt('09:41'); } /** diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index 57301a8b1..37ccbba3f 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -6,6 +6,7 @@ use Auth; use Cache; use Mail; use Illuminate\Support\Facades\Redis; +use Illuminate\Support\Str; use Carbon\Carbon; use App\Mail\ConfirmEmail; use Illuminate\Http\Request; @@ -80,8 +81,8 @@ class AccountController extends Controller EmailVerification::whereUserId(Auth::id())->delete(); $user = User::whereNull('email_verified_at')->find(Auth::id()); - $utoken = str_random(64); - $rtoken = str_random(128); + $utoken = Str::uuid() . Str::random(mt_rand(5,9)); + $rtoken = Str::random(mt_rand(64, 70)); $verify = new EmailVerification(); $verify->user_id = $user->id; @@ -98,7 +99,7 @@ class AccountController extends Controller public function confirmVerifyEmail(Request $request, $userToken, $randomToken) { $verify = EmailVerification::where('user_token', $userToken) - ->where('created_at', '>', now()->subWeeks(2)) + ->where('created_at', '>', now()->subHours(24)) ->where('random_token', $randomToken) ->firstOrFail(); diff --git a/resources/views/emails/confirm_email.blade.php b/resources/views/emails/confirm_email.blade.php index cb521c9b9..2fc98a751 100644 --- a/resources/views/emails/confirm_email.blade.php +++ b/resources/views/emails/confirm_email.blade.php @@ -1,12 +1,17 @@ @component('mail::message') # Email Confirmation -Please confirm your email address. +Hello @{{$verify->user->username}}, please confirm your email address. + +If you did not create this account, please disregard this email. @component('mail::button', ['url' => $verify->url()]) Confirm Email @endcomponent +

This link expires after 24 hours.

+
+ Thanks,
-{{ config('pixelfed.domain.app') }} +{{ config('pixelfed.domain.app') }} @endcomponent From 4e2e64b295cb4cadd7922da121dca7073da00163 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:38:29 -0700 Subject: [PATCH 05/10] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fa0cd7c8..6c4b91417 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ - Updated StoryCompose component, added upload progress page ([2de3c56f](https://github.com/pixelfed/pixelfed/commit/2de3c56f)) - Updated instance config, cleanup and add restricted mode ([3be32597](https://github.com/pixelfed/pixelfed/commit/3be32597)) - Update RelationshipSettings Controller, fixes #1605 ([4d2da2f1](https://github.com/pixelfed/pixelfed/commit/4d2da2f1)) +- Updated password reset, now expires after 24 hours ([829c41e1](https://github.com/pixelfed/pixelfed/commit/829c41e1)) ### Changed From 73249dc2397f3787e8334dcb805ff2cedc5134b3 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:55:57 -0700 Subject: [PATCH 06/10] Update nav layout --- resources/views/layouts/partial/nav.blade.php | 205 +++++++++--------- 1 file changed, 108 insertions(+), 97 deletions(-) diff --git a/resources/views/layouts/partial/nav.blade.php b/resources/views/layouts/partial/nav.blade.php index 1f246f188..b5537b469 100644 --- a/resources/views/layouts/partial/nav.blade.php +++ b/resources/views/layouts/partial/nav.blade.php @@ -1,107 +1,118 @@ - From 25a7d91b7f7178e8b8e9763447f57f557e835ddf Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:56:44 -0700 Subject: [PATCH 07/10] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c4b91417..889350ba7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Added ```BANNED_USERNAMES``` .env var, an optional comma separated string to ban specific usernames from being used ([6cdd64c6](https://github.com/pixelfed/pixelfed/commit/6cdd64c6)) - Added RestrictedAccess middleware for Restricted Mode ([17c1a83d](https://github.com/pixelfed/pixelfed/commit/17c1a83d)) - Added FailedJob garbage collection ([5d424f12](https://github.com/pixelfed/pixelfed/commit/5d424f12)) +- Added Password Reset garbage collection ([829c41e1](https://github.com/pixelfed/pixelfed/commit/829c41e1)) ### Fixed - Fixed Story Compose bug affecting postgres instances ([#1918](https://github.com/pixelfed/pixelfed/pull/1918)) @@ -24,6 +25,7 @@ - Updated instance config, cleanup and add restricted mode ([3be32597](https://github.com/pixelfed/pixelfed/commit/3be32597)) - Update RelationshipSettings Controller, fixes #1605 ([4d2da2f1](https://github.com/pixelfed/pixelfed/commit/4d2da2f1)) - Updated password reset, now expires after 24 hours ([829c41e1](https://github.com/pixelfed/pixelfed/commit/829c41e1)) +- Updated nav layout ([73249dc2](https://github.com/pixelfed/pixelfed/commit/73249dc2)) ### Changed From eaca43a6292205583d3f87e17b24ef2ad5df5419 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 29 Jan 2020 00:00:09 -0700 Subject: [PATCH 08/10] Update views with noscript warnings --- resources/views/profile/show.blade.php | 24 +++++++++--------------- resources/views/status/show.blade.php | 6 ++---- resources/views/timeline/home.blade.php | 6 ++++++ resources/views/timeline/local.blade.php | 12 +++++++----- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/resources/views/profile/show.blade.php b/resources/views/profile/show.blade.php index ec78bf26d..61af9c128 100644 --- a/resources/views/profile/show.blade.php +++ b/resources/views/profile/show.blade.php @@ -11,6 +11,13 @@ @if($profile->website) {{$profile->website}} @endif + + + @endsection @push('meta') @@ -22,20 +29,7 @@ @endif @endpush -@push('styles') - -@endpush +@push('scripts') + -@push('scripts') - - - @endpush diff --git a/resources/views/status/show.blade.php b/resources/views/status/show.blade.php index a68839d51..73bf82309 100644 --- a/resources/views/status/show.blade.php +++ b/resources/views/status/show.blade.php @@ -2,10 +2,8 @@ @section('content')