From 023e62294e0371d79e343ecd1fbc059ff84f654e Mon Sep 17 00:00:00 2001 From: Hugh Rundle Date: Sat, 30 Nov 2024 15:54:37 +1100 Subject: [PATCH 1/6] Prevent invite requests from blocked domains Prevents form submission when requesting an email invite using an address from a blocked domain. Fixes #3366 --- bookwyrm/forms/landing.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bookwyrm/forms/landing.py b/bookwyrm/forms/landing.py index 831d1d539..4f5b3223f 100644 --- a/bookwyrm/forms/landing.py +++ b/bookwyrm/forms/landing.py @@ -64,6 +64,10 @@ class InviteRequestForm(CustomForm): if email and models.User.objects.filter(email=email).exists(): self.add_error("email", _("A user with this email already exists.")) + email_domain = email.split("@")[-1] + if email and models.EmailBlocklist.objects.filter(domain=email_domain).exists(): + self.add_error("email", _("This email address cannot be registered.")) + class Meta: model = models.InviteRequest fields = ["email", "answer"] From 305ef9195b3e2e187f7de5394a1d302df314849e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 18:58:00 +0000 Subject: [PATCH 2/6] Bump django from 4.2.16 to 4.2.17 Bumps [django](https://github.com/django/django) from 4.2.16 to 4.2.17. - [Commits](https://github.com/django/django/compare/4.2.16...4.2.17) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f6018a652..eb0967e00 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ boto3==1.34.74 bw-file-resubmit==0.6.0rc2 celery==5.3.6 colorthief==0.2.1 -Django==4.2.16 +Django==4.2.17 django-celery-beat==2.6.0 django-compressor==4.4 django-csp==3.8 From 609b7f58c832bc19550630449b2044221399e321 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Fri, 10 Jan 2025 18:01:48 -0800 Subject: [PATCH 3/6] Alters get_description code for inventaire queries --- bookwyrm/connectors/inventaire.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bookwyrm/connectors/inventaire.py b/bookwyrm/connectors/inventaire.py index 249f6b9ca..69524b222 100644 --- a/bookwyrm/connectors/inventaire.py +++ b/bookwyrm/connectors/inventaire.py @@ -222,9 +222,10 @@ class Connector(AbstractConnector): def get_description(self, links: JsonDict) -> str: """grab an extracted excerpt from wikipedia""" link = links.get("enwiki") - if not link: + if not link or not link.get("title"): return "" - url = f"{self.base_url}/api/data?action=wp-extract&lang=en&title={link}" + title = link.get("title") + url = f"{self.base_url}/api/data?action=wp-extract&lang=en&title={title}" try: data = get_data(url) except ConnectorException: From d9d614b3bce07267fe46b5314b5528b5179ddcac Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Fri, 10 Jan 2025 18:11:57 -0800 Subject: [PATCH 4/6] Updates test string for inventaire --- bookwyrm/tests/connectors/test_inventaire_connector.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bookwyrm/tests/connectors/test_inventaire_connector.py b/bookwyrm/tests/connectors/test_inventaire_connector.py index 7844f3919..1cd88195f 100644 --- a/bookwyrm/tests/connectors/test_inventaire_connector.py +++ b/bookwyrm/tests/connectors/test_inventaire_connector.py @@ -273,7 +273,9 @@ class Inventaire(TestCase): json={"extract": "hi hi"}, ) - extract = self.connector.get_description({"enwiki": "test_path"}) + extract = self.connector.get_description( + {"enwiki": {"title": "test_path", "badges": "hello"}} + ) self.assertEqual(extract, "hi hi") def test_remote_id_from_model(self): From 4138a2b6aaef16d0988489274f7979e8f1ca8447 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Thu, 13 Feb 2025 18:39:40 -0800 Subject: [PATCH 5/6] GitHub emailed me to say we need to use a later ubuntu version for these --- .github/workflows/lint-frontend.yaml | 2 +- .github/workflows/prettier.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-frontend.yaml b/.github/workflows/lint-frontend.yaml index b0322f371..68142b946 100644 --- a/.github/workflows/lint-frontend.yaml +++ b/.github/workflows/lint-frontend.yaml @@ -15,7 +15,7 @@ on: jobs: lint: name: Lint with stylelint and ESLint. - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it. diff --git a/.github/workflows/prettier.yaml b/.github/workflows/prettier.yaml index 9c05c7476..df56cafb0 100644 --- a/.github/workflows/prettier.yaml +++ b/.github/workflows/prettier.yaml @@ -10,7 +10,7 @@ on: jobs: lint: name: Lint with Prettier - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it. From 924f377e4edb3fdb97c84148b343f894341fa3fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 03:14:17 +0000 Subject: [PATCH 6/6] Bump django from 4.2.17 to 4.2.18 Bumps [django](https://github.com/django/django) from 4.2.17 to 4.2.18. - [Commits](https://github.com/django/django/compare/4.2.17...4.2.18) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index eb0967e00..bf338efe7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ boto3==1.34.74 bw-file-resubmit==0.6.0rc2 celery==5.3.6 colorthief==0.2.1 -Django==4.2.17 +Django==4.2.18 django-celery-beat==2.6.0 django-compressor==4.4 django-csp==3.8