AO3 News

Post Header

2018-12-28 05:41:41 -0500

We've updated the code that powers our login system to use the Rails Devise gem and fixed several unrelated bugs. Special thanks to Riley Avron for his first code contribution!


  • Coders: Ariana, Elz, james_, Lee, redsummernight, Riley Avron, Sarken, Tal, ticking instant, Wendy Randquist (Littlelines)
  • Code reviewers: james_, redsummernight, Sarken, Scott, ticking instant
  • Testers: Ariana, Enigel, GoldenFalls, Lady Oscar, MagnusIsMyRock, mumble, redsummernight, Sammie Louise, Sarken, ticking instant



  • [AO3-2839] - We are now using the Devise gem for all our authentication needs. \o/ You shouldn't notice any differences when creating an account, logging in, or navigating the site as a guest; however, we did change a few small things:
    • You can now log in using either your username or your email address.
    • If you forget your password, we will now email you a link you can use to create a new password, instead of sending you a temporary password.
    • If you change your password, you'll get logged out everywhere, e.g. both your laptop and your phone, and will need to sign in again. This can be helpful if you forgot to sign out of your account on a public computer, since you can make sure you're signed out everywhere by changing your password on whatever device you're on.
  • [AO3-5589] - Due to changes in the way passwords are sanitized, you will need to reset your password if it previously contained the < or > character. (You can continue to use < and > in your password; it just needs to be updated for our new system.)
  • [AO3-5590] - After the initial Devise update, we noticed queries to look up users by email or username became noticeably slower. We changed them to use the appropriate database indices and they are faster now.

Works & Comments

  • [AO3-5541] - We automatically delete drafts that are older than a month; however, there was an issue that led to empty ghost drafts haunting the error logs and creating problems for the tag wranglers. We rewrote the deletion process to make sure old drafts are properly disposed of.
  • [AO3-5529] - Works on the "Works in Collections" page were no longer ordered in chronological order, making one's latest unrevealed or anonymous works harder to find. We've nudged them back into the correct order now.
  • [AO3-5560] - We've ensured that comments on a hidden work can't be accessed or edited anymore, even when the link to the specific comment or comment page is known.
  • [AO3-5561] - While we were at it, we made sure the same is true for works in unrevealed collections.
  • [AO3-2378] - After fixing non-Latin word counts for new works in an earlier deploy, we've now applied the fix to all existing works as well, so word counts on Chinese and Japanese works, for example, should be much more accurate now.
  • [AO3-5571] - To prevent duplicates during an Open Doors mass import, there's a check for existing external bookmarks. However, it crashed when the archivist also had AO3 works bookmarked, so we fixed that.
  • [AO3-5559] - It was previously possible to include the class attribute when using HTML in a bookmarker's note or comment. This was unnecessary, since user-created work skins aren't applied to those areas, but could also be used for mischievous purposes to change the appearance of one's comment using our site CSS. We've now made sure that the class attribute can only be used in the body and notes of a work.
  • [AO3-5238] - We don't allow certain characters in CSS classes used for work skins, but the summary field must have missed the memo. It now checks for permissable class names when HTML is entered.

Misc. Fixes

  • [AO3-5313] - The title of the Session Expired page used to be "Auth Error Error". We changed it to have only one "Error".
  • [AO3-5438] - The email sent when one of your prompts in a Prompt Meme was claimed had a rogue "%>" after the work title; we hunted it down and removed it.

Tests & Infrastructure

  • [AO3-5530] - Before our big database upgrade to allow for 4-byte Unicode characters on the Archive 😍🤩🤭, we added an automated test to account for the possible new content.
  • [AO3-5566] - We added tests for previewing a work while adding it to a collection.
  • [AO3-5570] - We are now running Elasticsearch 6.5.2, up from 6.2.4. \o/
  • [AO3-5563] - We updated the Rack gem to 2.0.6 to keep things secure.
  • [AO3-5562] - We've started using a service that will automatically submit pull requests for gem security updates.
  • [AO3-5554] - We fixed the name and syntax of the Ruby version file in our project.
  • [AO3-5586], [AO3-5588] - We updated our deploy script to reflect the changes to our server set up.