The parameter isn't used by any sr.ht service and is functionally
redundant as there is Validation::required().
The if block which sets default values is also fixed. Prior to this
commit, it would only set default values for keys that did not exist in
the incoming request. For things like logging in, this was incorrect
behavior.
Some request forms contain keys with empty values. For instance, logging
in from https://meta.sr.ht will generate a request containing the
"return_to" key with a value of "". Similarly, registering without
providing a PGP key generates a request containing the "pgp-key" key
with a value of "".
In such cases, calls to Validation::optional() do not behave as
expected. Since "" != None, the first two top-level if blocks are
immediately skipped in Validation::optional(), even though the second
block is where any default values are set.
In the case of logging in, this results in users being redirected to ""
instead of the specified "/". Luckily, redirecting to "" is apparently
the same as redirecting to "/", so nothing catastrophic happens.
However, this clearly is an unintended side-effect, and not desired
behavior.
Previously the sanitizer attributes dictionary was created by updating
the desired whitelist with `bleach.sanitizer.ALLOWED_ATTRIBUTES` which
is (at the time of this writing):
{'a': ['href', 'title'], 'abbr': ['title'], 'acronym': ['title']}
By updating the whitelist dictionary with a duplicated key (`a`), the
whitelist value is overwritten.
Instead, build a new dictionary by merging the two dictionaries with a
preference for the whitelisted values. To accommodate the overwrite
behavior the whitelist is expanded to include those default values.
The AbstractOAuthService.lookup_user function is used to fetch users
either from the local database or from meta.sr.ht, and the
implementation creates an Internal auth token for the requested
username. If that user does not exist, this previously tripped an
assertion failure in this code. This case now raises a 404 error, and
the assertion is made more specific.
- Switch to `inherit` for font-size to allow the achor to change as the
font-size of the anchor changes
- Switch to relative spacing so that the position change also adjusts
with header text size.
- Remove margin rule that appeared to be causing issues aligning the
header properly.