Commit graph

1374 commits

Author SHA1 Message Date
Eugen Rochko e5c0b16735
Add progress indicator to sign-up flow () 2023-04-16 07:01:24 +02:00
Matt Jankowski d193bc8c5c
Remove unused methods in 2FA OTP Auth Controller () 2023-04-07 14:13:53 +02:00
Claire 9d08b81193
Fix user archive takeouts when using OpenStack Swift () 2023-04-05 19:31:49 +02:00
Claire 280fa3b2c0
Fix invalid/expired invites being processed on sign-up () 2023-03-31 21:42:28 +02:00
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support () 2023-03-27 17:07:37 +02:00
Matt Jankowski 0663803348
Move link header setting to after_action () 2023-03-26 00:40:01 +01:00
Matt Jankowski e633b26f4f
Add allow_other_host in redirects which may go outside app () 2023-03-26 00:38:32 +01:00
Claire 2626097869
Fix Rails cache namespace being overriden with v2 for cached statuses () 2023-03-22 15:47:44 +01:00
Matt Jankowski 7bef11630d
Remove references to non-existent actions () 2023-03-20 20:03:44 +01:00
Jean byroot Boussier 160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 ()
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-17 14:37:30 +01:00
CSDUMMI d75a1e5054
Link to the Identity provider's account settings from the account settings ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-17 10:09:01 +01:00
Eugen Rochko 75e5a6e437
Change user backups to use expiring URLs for download when possible () 2023-03-16 22:46:52 +01:00
Christian Schmidt bd047acc35
Replace Status#translatable? with language matrix in separate endpoint () 2023-03-16 11:07:24 +01:00
Nick Schonning 25d36b6edd
Autofix Rubocop Style/RedundantArgument () 2023-03-16 10:34:00 +09:00
Claire a232a1feb8
Fix misleading error code when receiving invalid WebAuthn credentials () 2023-03-15 04:15:20 +01:00
CSDUMMI 39c7236649
Redirect users to SLO at the IdP after logging them out of Mastodon. () 2023-03-15 03:52:40 +01:00
CSDUMMI d258ec8e3b
Prefer the stored location as after_sign_in_path in Omniauth Callback Controller () 2023-03-13 00:06:27 +01:00
Claire f8bb4d0d6b
Fix server error when failing to follow back followers from /relationships () 2023-03-03 20:36:18 +01:00
Claire c2a046ded1
Fix “Remove all followers from the selected domains” being more destructive than it claims () 2023-03-03 20:25:15 +01:00
Nick Schonning 434770f580
Autofix Rubocop Rails/FindById () 2023-02-21 10:21:48 +09:00
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules () 2023-02-20 06:58:28 +01:00
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules () 2023-02-20 11:16:40 +09:00
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin () 2023-02-19 07:09:40 +09:00
Nick Schonning c38bd17657
Autofix Rubocop Style/TrailingCommaInArguments () 2023-02-18 12:39:58 +01:00
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier () 2023-02-18 12:37:47 +01:00
Nick Schonning a6f77aa28a
Autofix Rubocop Lint/AmbiguousOperatorPrecedence () 2023-02-18 04:30:23 +01:00
Claire d6930b3847
Add API parameter to safeguard unexpect mentions in new posts () 2023-02-13 16:36:29 +01:00
Claire 832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections () 2023-02-08 17:57:25 +01:00
Nick Schonning f68bb52556
Apply Rubocop Style/NegatedIfElseCondition () 2023-02-08 07:07:36 +01:00
Nick Schonning 2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument ()
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
2023-02-08 02:25:20 +01:00
Claire 20a479ff7c
Change POST /settings/applications/:id to regenerate token on scopes change ()
Fixes 
2023-02-02 12:03:49 +01:00
Eugen Rochko 21780c0204
Change notifications per page from 15 to 40 in REST API () 2023-02-01 11:23:54 +01:00
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification ()
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2023-01-18 16:47:56 +01:00
Claire 343e1fe8e9
Add confirmation screen when handling reports ()
* Add confirmation screen on moderation actions

* Add flash notice when a report has been processed

* Refactor tests

* Add tests
2023-01-18 16:40:09 +01:00
Claire 4b92e59f4f
Add support for editing media description and focus point of already-posted statuses ()
* Add backend support for editing media attachments of existing posts

* Allow editing media attachments of already-posted toots

* Add tests
2023-01-18 16:33:55 +01:00
Claire b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer ()
* Fix /api/v1/admin/trends/tags using wrong serializer

Fix regression from 

* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`

* Fix admin trending hashtag component to not link if `id` is unknown
2023-01-18 16:28:18 +01:00
Claire fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists ()
* Change domain block CSV parsing to be more robust and handle more lists

* Add some tests

* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
Carl Schwan f33e22ae4c
Allow changing hide_collections setting with the api ()
* Allow changing hide_collections setting with the api

This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers

* Fix the lint issue

* Use normal indent
2023-01-13 16:40:21 +01:00
Claire aefefc74c4
Change referrer-policy to no-referrer application-wide () 2023-01-10 05:18:43 +01:00
Claire 18d00055f4
Add dropdown menu item to open admin interface for remote domains ()
* Allow /admin/instances/:domain to handle IDNs

* Add dropdown menu item to open admin interface for remote domains
2023-01-05 14:03:46 +01:00
Claire 42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts ()
Fixes 
2023-01-05 13:40:27 +01:00
Claire 8556a649d5
Fix changing domain block severity not undoing individual account effects ()
* Fix changing domain block severity not undoing individual account effects

Fixes 

* Add tests
2022-12-15 17:45:02 +01:00
David Vega 1b5d207131
Fix single name variables on controller folder ()
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 17:11:58 +01:00
Claire 623d3d2e32
Change CSP directives on API to be tight and concise () 2022-12-15 16:40:32 +01:00
nametoolong 63b379c2d9
Fix N+1 queries from in NotificationsController ()
Co-authored-by: Nonexistent <nx@example.org>
2022-12-15 16:18:20 +01:00
Effy Elden 441cac758f
Allow adding relays while secure mode & limited federation mode are enabled () 2022-12-15 15:56:05 +01:00
Francis Murillo 5fb1c3e934
Revoke all authorized applications on password reset ()
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Francis Murillo f6492a7c4d
Log admin approve and reject account ()
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2022-12-07 00:25:18 +01:00
Claire 69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters ()
Fixes 
2022-12-07 00:10:53 +01:00
Claire 68d1df8bc3
Fix some performance issues with /admin/instances ()
/admin/instances?availability=failing remains wholly unefficient
2022-12-01 10:32:10 +01:00
Claire 51a33ce77a
Fix not being able to follow more than one hashtag ()
Fixes regression from 
2022-11-21 10:35:09 +01:00
Claire 48e136605a
Fix form-action CSP directive for external login () 2022-11-17 22:59:07 +01:00
Claire 4ae97a2e4c
Fix OAuth flow being broken by recent CSP change () 2022-11-17 21:31:52 +01:00
lenore gilbert c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes ()
* Allow import/export of instance-level domain blocks/allows ()

* Allow import/export of instance-level domain blocks/allows.
Fixes 

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit 94e98864e39c010635e839fea984f2b4893bef1a)

* Add confirmation page when importing blocked domains ()

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit b91196f4b73fff91997b8077619ae25b6d04a59e)

* Fix authorization check in domain blocks controller

(cherry picked from commit 75279377583c6e2aa04cc8d7380c593979630b38)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 9094c2f52c24e1c00b594e7c11cd00e4a07eb431)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 26ff48ee48a5c03a2a4b0bd03fd322529e6bd960)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-17 11:05:09 +01:00
Claire cbb0153bd0
Fix invalid/empty RSS feed link on account pages ()
Fixes 
2022-11-17 10:58:33 +01:00
trwnh 7fdeed5fbc
Make tag following idempotent () 2022-11-17 10:55:59 +01:00
Claire 00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users ()
Fixes 
2022-11-17 10:55:23 +01:00
trwnh e1f819fd78
Fix pagination of followed tags ()
* Fix missing pagination headers on followed tags

* Fix typo
2022-11-17 10:54:10 +01:00
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations ()
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2022-11-16 04:56:30 +01:00
trwnh b59ce0a60f
Move V2 Filter methods under /api/v2 prefix ()
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2022-11-14 08:34:07 +01:00
Eugen Rochko b31afc6294
Fix error when passing unknown filter param in REST API ()
Fix 
2022-11-14 08:06:06 +01:00
Eugen Rochko 167d86d21d
Fix role_ids not accepting arrays in admin API ()
Fix 
2022-11-14 06:56:15 +01:00
Claire 86f6631d28
Remove dead code and refactor status threading code ()
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2022-11-10 22:30:00 +01:00
Claire 1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits () 2022-11-10 21:06:08 +01:00
James Tucker 78a6b871fe
Improve performance by avoiding regex construction ()
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2022-11-10 05:49:30 +01:00
Eugen Rochko 0cd0786aef
Revert filtering public timelines by locale by default () 2022-11-10 05:34:42 +01:00
trwnh 89e1974f30
Make account endorsements idempotent (fix ) ()
* Make account endorsements idempotent (fix )

* Accept suggestion to use exists? instead of find_by + nil check

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* fix logic (unless, not if)

* switch to using `find_or_create_by!`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-11-08 16:39:15 +01:00
trwnh 68d9dcd425
Fix uncaught 500 error on invalid replies_policy (Fix ) () 2022-11-08 16:37:28 +01:00
Claire 1e1289b024
Fix crash when external auth provider has no display_name set ()
Fixes 
2022-11-07 15:43:24 +01:00
Claire 4cb2323458
Fix crash in legacy filter creation controller () 2022-11-07 03:38:53 +01:00
Eugen Rochko 3a41fccc43
Change AUTHORIZED_FETCH to not block unauthenticated REST API access ()
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2022-11-05 22:56:03 +01:00
Claire c2170991c7
Fix reblogs being discarded after the reblogged status () 2022-11-04 16:31:44 +01:00
Claire 125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails ()
Fixes 
2022-11-02 18:50:21 +01:00
Eugen Rochko 15bae3e0e4
Change post-processing to be deferred only for large media types () 2022-11-01 15:27:58 +01:00
Claire bb1ef11c30
Change featured hashtag deletion to be done synchronously () 2022-10-31 16:31:44 +01:00
Eugen Rochko 26478f461c
Remove language filtering from hashtag timelines () 2022-10-30 21:29:23 +01:00
Claire a529d6d93e
Fix invites ()
Fixes 

Fix regression from 
2022-10-30 19:04:39 +01:00
Eugen Rochko 276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete ()
Fix 
2022-10-30 02:43:57 +02:00
Eugen Rochko 5724da0780
Fix language not being saved when editing status ()
Fix 
2022-10-30 02:43:27 +02:00
Eugen Rochko 3e18e05330
Fix uncaught error when invalid date is supplied to API ()
Fix 
2022-10-27 14:30:52 +02:00
Eugen Rochko f8ca3bb2a1
Add ability to view previous edits of a status in admin UI ()
* Add ability to view previous edits of a status in admin UI

* Change moderator access to posts to be controlled by a separate policy
2022-10-26 13:42:29 +02:00
Eugen Rochko 1ae508bf2f
Change unauthenticated search to not support pagination in REST API ()
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2022-10-26 12:10:02 +02:00
Eugen Rochko 487d81fb92
Fix IP blocks not having a unique index () 2022-10-25 21:43:44 +02:00
Yamagishi Kazutoshi 45d3b32488
Fix Settings::FeaturedTagsController ()
Regression from 
2022-10-22 23:14:58 +02:00
Takeshi Umeda 74ead7d106
Change featured tag updates to add/remove activity ()
* Change featured tag updates to add/remove activity

* Fix to check for the existence of feature tag

* Rename service and worker

* Merge AddHashtagSerializer with AddSerializer

* Undo removal of sidekiq_options
2022-10-22 18:30:55 +02:00
Eugen Rochko 7c152acb2c
Change settings area to be separated into categories in admin UI ()
And update all descriptions
2022-10-22 11:44:41 +02:00
Eugen Rochko 839f893168
Change public accounts pages to mount the web UI ()
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Takeshi Umeda b0e3f0312c
Add synchronization of remote featured tags ()
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27b104ded2df6bb5665132dc24dab09c.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2022-10-20 09:15:52 +02:00
prplecake c618d3a0a5
Make "No $entity selected" errors more accurate ()
Previously all controllers would use the single "No accounts changed as
none were selected" message. This commit changes them to read "tags",
"posts", "emojis", etc. where necessary.
2022-10-15 00:20:54 +02:00
Eugen Rochko 1bd00036c2
Change about page to be mounted in the web UI () 2022-10-13 14:42:37 +02:00
Eugen Rochko 45ebdb72ca
Add support for language preferences for trending statuses and links () 2022-10-08 16:45:40 +02:00
Eugen Rochko a2ba011326
Change privacy policy to be rendered in web UI, add REST API ()
Source string no longer localized, Markdown instead of raw HTML
2022-10-08 06:01:11 +02:00
Eugen Rochko 93f340a4bf
Remove setting that disables account deletes () 2022-10-06 10:16:47 +02:00
Eugen Rochko 62782babd0
Change public statuses pages to mount the web UI () 2022-10-06 02:26:34 +02:00
Eugen Rochko 58d5b28cb0
Remove previous landing page () 2022-10-06 02:19:45 +02:00
Eugen Rochko 679274465b
Add server rules to sign-up flow () 2022-10-05 18:57:33 +02:00
Eugen Rochko 9f65909f42
Change public timelines to be filtered by current locale by default ()
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2022-10-05 03:48:06 +02:00
Eugen Rochko d2528b26b6
Add server banner to web app, add GET /api/v2/instance to REST API () 2022-10-05 03:47:56 +02:00
Claire cedcece0cc
Fix deleted pinned posts potentially counting towards the pinned posts limit ()
Fixes 
2022-10-05 00:16:40 +02:00