Commit Graph

1144 Commits

Author SHA1 Message Date
Thibaut Girka edd5441112 Merge branch 'master' into glitch-soc/merge-upstream 2019-03-22 13:05:17 +01:00
ThibG 2361917944 Mark the 410 gone response for suspended accounts as cachable (#10339)
This will help a great deal with #9377 when a caching reverse proxy is
configured.
2019-03-21 23:33:18 +01:00
Thibaut Girka cbf1d711ba Merge branch 'master' into glitch-soc/merge-upstream 2019-03-20 17:32:39 +01:00
ThibG 66d9452092 Do not try fetching keys of unknown accounts on a Delete from them (#10326) 2019-03-20 17:20:16 +01:00
Thibaut Girka 1d6152f440 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- config/locales/en.yml
  Conflict caused by the glitch-soc-specific “flavour” string being too close
  to the newly introduced “identity_proofs” string. Just included both.
2019-03-20 13:54:00 +01:00
ThibG 1217185cfa Do not distribute Delete when rejecting unapproved accounts (#10321) 2019-03-19 16:33:30 +01:00
Eugen Rochko 9c4cbdbafb
Add Keybase integration (#10297)
* create account_identity_proofs table

* add endpoint for keybase to check local proofs

* add async task to update validity and liveness of proofs from keybase

* first pass keybase proof CRUD

* second pass keybase proof creation

* clean up proof list and add badges

* add avatar url to keybase api

* Always highlight the “Identity Proofs” navigation item when interacting with proofs.

* Update translations.

* Add profile URL.

* Reorder proofs.

* Add proofs to bio.

* Update settings/identity_proofs front-end.

* Use `link_to`.

* Only encode query params if they exist.

URLs without params had a trailing `?`.

* Only show live proofs.

* change valid to active in proof list and update liveness before displaying

* minor fixes

* add keybase config at well-known path

* extremely naive feature flagging off the identity proof UI

* fixes for rubocop

* make identity proofs page resilient to potential keybase issues

* normalize i18n

* tweaks for brakeman

* remove two unused translations

* cleanup and add more localizations

* make keybase_contacts an admin setting

* fix ExternalProofService my_domain

* use Addressable::URI in identity proofs

* use active model serializer for keybase proof config

* more cleanup of keybase proof config

* rename proof is_valid and is_live to proof_valid and proof_live

* cleanup

* assorted tweaks for more robust communication with keybase

* Clean up

* Small fixes

* Display verified identity identically to verified links

* Clean up unused CSS

* Add caching for Keybase avatar URLs

* Remove keybase_contacts setting
2019-03-18 21:00:55 +01:00
Thibaut Girka 291012ec0c Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/accounts_controller.rb
- app/controllers/follower_accounts_controller.rb
- app/controllers/statuses_controller.rb

All conflicts caused by the additional `use_pack` used for glitch-soc's theming
system.
2019-03-18 18:03:27 +01:00
Eugen Rochko b8e4c85e69
Add dormant filter to relationship manager, rename other filters (#10308)
Rename "abandoned" to "moved", and "active" to "primary"
2019-03-18 03:53:17 +01:00
Ben Lubar c3d1594576 Reduce server load caused by anonymous viewing. (#9059)
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.
2019-03-17 15:39:25 +01:00
Thibaut Girka 8e5d72dba8 Fix relationships controller/view wrt. glitch-soc theming engine 2019-03-16 14:26:14 +01:00
Thibaut Girka 4df3b7cb06 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/settings/follower_domains_controller.rb
  Removed upstream. Did the same here. Maybe we should not have?
- config/locales/en.yml
  Upstream removed the “Authorized followers” page and associated
  translations. This is too close in the file to our glitch-soc-specific
  “flavour” string. No actual conflict.
- config/locales/ja.yml
  Same as above.
- config/locales/pl.yml
  Same as above.
- config/navigation.rb
  No real conflict. New route added too close to the glitch-soc-specific
  “flavours” one.
- config/webpack/configuration.js
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- config/webpack/loaders/babel.js
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
  The contents of this file have been moved to package.json.
- config/webpack/shared.js
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- config/webpacker.yml
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- jest.config.js
  The contents of this file have been moved to package.json.
- package.json
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
- yarn.lock
  Upstream refactored the webpack(er) configuration quite a bit.
  Tried to keep up.
2019-03-16 14:14:20 +01:00
Eugen Rochko 1c113fd72d
Add relationship manager UI (#10268) 2019-03-16 11:23:22 +01:00
Eugen Rochko ba84b6d4d7
Add `visibility` param to reblog REST API (#9851)
Use async worker for creating reblog notification to improve performance
2019-03-15 04:36:41 +01:00
Eugen Rochko d94e21f933
Add a preferences API so apps can share basic behaviours (#10109) 2019-03-15 02:39:20 +01:00
Thibaut Girka 07eb31eeac Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/views/admin/settings/edit.html.haml:
  Conflict due to how the theming settings change.
2019-03-14 17:17:20 +01:00
Eugen Rochko 51e154f5e8
Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
Eugen Rochko bbb9ff0e84 [Glitch] Redesign landing page
Port 65fffeac3f to glitch-soc
2019-03-13 15:53:00 +01:00
Thibaut Girka 02062aab55 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/about_controller.rb
- app/controllers/tags_controller.rb
- app/views/about/show.html.haml
- spec/views/about/show.html.haml_spec.rb
2019-03-13 15:16:02 +01:00
Eugen Rochko 06663fcf87
Fix `tagged` param not being normalized before querying tags (#10249) 2019-03-13 13:02:13 +01:00
Eugen Rochko 65fffeac3f
Redesign landing page (#10232) 2019-03-12 17:34:00 +01:00
Thibaut Girka 89bee860cd Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/services/post_status_service.rb
  Small conflict due to handling of instance-local toots.
  A subsequent change is required to ensure instance-local polls are not leaked
  through Update.
2019-03-11 11:23:50 +01:00
ThibG 5506b9406d Avoid race conditions when creating backups (#10234)
Under load, multiple backups for a single user could be planned, which
is very expensive.
2019-03-11 00:50:31 +01:00
Thibaut Girka f513317ba2 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/models/status.rb
- db/schema.rb

Both conflicts are caused by us having extra database columns.
2019-03-05 19:23:16 +01:00
Eugen Rochko 230a012f00
Add polls (#10111)
* Add polls

Fix #1629

* Add tests

* Fixes

* Change API for creating polls

* Use name instead of content for votes

* Remove poll validation for remote polls

* Add polls to public pages

* When updating the poll, update options just in case they were changed

* Fix public pages showing both poll and other media
2019-03-03 22:18:23 +01:00
Thibaut Girka 2267eee356 Merge branch 'master' into glitch-soc/merge-upstream 2019-02-28 21:35:53 +01:00
ThibG d8498b3983 Give the `replies` collection an identifier and enable pagination (#10128) 2019-02-28 18:16:34 +01:00
Thibaut Girka 0158937fc2 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- Dockerfile
  Took upstream version and reverted f13ebd02c9.
  Hopefuly it's not needed anymore.
- app/controllers/api/v1/search_controller.rb
  The conflict was due to us raising the number of results returned.
  Upstream raised it further, so took it.
- config/locales/de.yml
  Took upstream changes to theme translation strings.
- config/locales/gl.yml
  Took upstream changes to theme translation strings.
- config/locales/nl.yml
  Took upstream changes to theme translation strings.
- config/locales/sk.yml
  Took upstream changes to theme translation strings.
2019-02-26 17:04:44 +01:00
abcang a5e7ada62f Improve account media query (#10121) 2019-02-26 15:23:24 +01:00
Eugen Rochko e7f20cc43f
Add type, limit, offset, min_id, max_id, account_id to search API (#10091)
* Add type, limit, offset, min_id, max_id, account_id to search API

Fix #8939

* Make the offset work on accounts and hashtags search as well

* Assure brakeman we are not doing mass assignment here

* Do not allow paginating unless a type is chosen

* Fix search query and index id field on statuses instead of created_at
2019-02-26 15:21:36 +01:00
Hinaloe d7ad42a888 Randomize emoji filename (#10090) 2019-02-22 16:52:04 +01:00
ThibG 738c034213 Do not error out when performing admin actions on no statuses (#10094)
Same as #8220 but for reports
2019-02-21 19:36:48 +01:00
Thibaut Girka ff0576cc2b Merge branch 'master' into glitch-soc/merge-upstream 2019-02-19 20:18:40 +01:00
ThibG 6840a77711 Add domain search/filter to the "Federation" (/admin/instances) page (#10071) 2019-02-18 14:59:19 +01:00
Thibaut Girka 369a475a70 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/serializers/rest/instance_serializer.rb
- app/views/layouts/error.html.haml
- public/oops.png
  Took our version (same as upstream but without the things that only
  make sense in an animation).

Additional changes:
- app/javascript/flavours/vanilla/theme.yml
  Include upstream's javascript in error pages.
2019-02-17 12:26:55 +01:00
Eugen Rochko cc84a407f4
Add vapid_key to the application entity in the REST API (#10058)
Fix #8785
2019-02-16 05:27:05 +01:00
Thibaut Girka 06cc04fd23 Merge branch 'master' into glitch-soc/merge-upstream 2019-02-15 18:02:45 +01:00
ThibG 67215692fc Save IP address used for sign-up, not only sign-in (#10026)
Fixes #9995
2019-02-12 22:24:14 +01:00
Thibaut Girka bf94a43496 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/oauth/authorized_applications_controller.rb
  Two changes too close to each other
- app/controllers/settings/sessions_controller.rb
- app/lib/user_settings_decorator.rb
  Two changes too close to each other
- app/models/media_attachment.rb
  New changes too close to glitch-soc only changes.
- app/models/user.rb
  Two changes too close to each other.
- app/services/remove_status_service.rb
  Kept direct timeline code which had been removed upstream.
- app/views/settings/preferences/show.html.haml
  Two changes too close to each other.
- config/locales/en.yml
  Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/ja.yml
  Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/pl.yml
  Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/simple_form.en.yml
  Introduction of a new string too close to glitch-soc-only's “skin”
- config/locales/simple_form.pl.yml
  Introduction of a new string too close to glitch-soc-only's “skin”
- config/settings.yml
  Reverted upstream's decision of enabling posting application by default.
2019-02-10 21:10:09 +01:00
Takeshi Umeda 5bffb53a76 Fix it as tagged_request of accounts_controller is not addressable_uri (#9976) 2019-02-05 15:11:11 +01:00
Eugen Rochko 2557cb2f95
Fix pinned statuses being shown in a featured hashtag (#9971) 2019-02-05 00:27:18 +01:00
rinsuki 88f35f339d Fix authorized applications list page design (#9969) 2019-02-04 22:25:42 +01:00
Eugen Rochko 364f2ff9aa
Add featured hashtags to profiles (#9755)
* Add hashtag filter to profiles

GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag

* Display featured hashtags on public profile

* Use separate model for featured tags

* Update featured hashtag counters on-write

* Limit featured tags to 10
2019-02-04 04:25:59 +01:00
ThibG ed30110618 Make displaying application used to toot opt-in (#9897)
* Make storing and displaying application used to toot opt-in

* Revert to storing application info, and display it to the author via API
2019-02-02 19:18:15 +01:00
Thibaut Girka 05415fa5d3 Make storing and displaying application used to toot opt-in 2019-01-27 13:56:41 +01:00
Thibaut Girka 9dfbcf941e Merge branch 'master' into glitch-soc/merge-upstream 2019-01-20 16:49:23 +01:00
Eugen Rochko 6b91da97bb
Fix directory showing tags that have no currently eligible accounts (#9872) 2019-01-20 12:56:53 +01:00
Thibaut Girka 5e0cf92fd1 Merge branch 'master' into glitch-soc/merge-upstream
No conflicts.
2019-01-19 18:28:37 +01:00
Eugen Rochko 32daecffef
Fix REST API showing non-public reblogs for a given status (#9850) 2019-01-18 20:58:00 +01:00
Eugen Rochko bc642ac24b
Redesign public hashtag page to use a masonry layout (#9822) 2019-01-16 19:47:46 +01:00
Thibaut Girka a2a64ecd3e Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- .eslintrc.yml
  Removed, as upstream removed it.
- app/controllers/admin/statuses_controller.rb
  Minor code cleanup when porting one of our features.
- app/models/account.rb
  Note length validation has changed upstream.
  We now use upstream's validation (dropped legacy glitch-soc
  account metadata stuff) but with configurable limit.
- app/services/post_status_service.rb
  Upstream has added support for scheduled toots, refactoring
  the code a bit. Adapted our changes to this refactoring.
- app/views/stream_entries/_detailed_status.html.haml
  Not a real conflict, changes too close.
- app/views/stream_entries/_simple_status.html.haml
  Not a real conflict, changes too close.
2019-01-10 21:00:30 +01:00
Eugen Rochko 1c6588accc
Redesign admin instances area (#9645) 2019-01-08 13:39:49 +01:00
ThibG 28b482874a Improvements to signature verification (#9667)
* Refactor signature verification a bit

* Rescue signature verification if recorded public key is invalid

Fixes #8822

* Always re-fetch AP signing key when HTTP Signature verification fails

But when the account is not marked as stale, avoid fetching collections and
media, and avoid webfinger round-trip.

* Apply stoplight to key/account update as well as initial key retrieval
2019-01-07 21:45:13 +01:00
Eugen Rochko 5654535728
Change remote interaction dialog to use specific actions (#9743)
* Change remote interaction dialog to use specific actions

Instead of just "interact", use different strings based on whether
it's a reply, reblog or favourite. Add explanation why the step
is necessary in the first place

* Remove obsolete strings
2019-01-07 15:36:26 +01:00
Eugen Rochko 43c61bca60
Add locale param to sign-up API (#9747)
Fix #9627
2019-01-07 14:50:20 +01:00
Eugen Rochko 5dbe186585
Add cache to custom emojis API (#9732)
Fix #9729
2019-01-06 23:52:58 +01:00
Eugen Rochko a49d43d112
Add scheduled statuses (#9706)
Fix #340
2019-01-05 12:43:28 +01:00
ThibG 6f9a7bd02c Add quick links to the admin interface in the WebUI (#8545)
* Allow to show a specific status in the admin interface

* Let the front-end know the current account is a moderator

* Add admin links to status and account menus

If the current logged-in user is an admin, add quick links to the admin
interface in account and toot dropdown menu. Suggestion by @ashkitten

* Use @statuses.first instead of @statuses[0]
2019-01-04 13:10:43 +01:00
Eugen Rochko 82ef5c0461
Fix list of local followers showing remote followers in admin UI (#9700) 2019-01-03 06:40:16 +01:00
Thibaut Girka 571d219bb9 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts manually resolved:
- app/services/post_status_service.rb
- config/locales/simple_form.pl.yml
- config/routes.rb
- config/webpack/loaders/sass.js
- config/webpack/shared.js
- package.json
- yarn.lock
2019-01-02 15:36:53 +01:00
Eugen Rochko 7fc7437d05
Add CSV export for lists and domain blocks (#9677)
Fix #6893
Fix #9268
2019-01-01 13:44:04 +01:00
Eugen Rochko 6e49907ecf
Improve admin UI for account view (#9643) 2018-12-28 03:38:41 +01:00
chr v1.x c3465f699e Add local followers page to admin account UI (#9610)
* Add local followers page to admin account UI

For moderation, I often find myself wondering who, locally, is following
a remote user. Currently, to see this, I have to go back to the web UI,
paste in their full handle, click their profile, and go to the
"Followers" tab (plus, this information is incidental, and if mastodon
ever decides to resolve all of the follower information, there will be
no place local followers are shown). This PR adds a new page which is
accessible via the "following" count on the admin's account view
page, which shows the local followers. (It has filter parameters for
account location to indicate that only local followers are shown, and
leave room for expansion if mastodon ever decides to store the entire
remote follow list).

* Normalize en.yml
2018-12-27 13:15:39 +01:00
Eugen Rochko ee1ba59692
Add exclude_reblogs option to account statuses API (#9640)
Fix #9606
2018-12-27 03:42:35 +01:00
Eugen Rochko 9b8c7a9aad
Redirect to reports overview instead of report after account action (#9639) 2018-12-27 03:42:29 +01:00
ThibG 4423999609 Fix account unsilencing and unsuspension (#9637)
Fix regression from 3c033c4352
2018-12-26 19:16:15 +01:00
Eugen Rochko 17cd91c777
Fix signature verification stoplight triggering on non-timeout errors (#9617) 2018-12-26 19:15:43 +01:00
Thibaut Girka f349fe2159 Fix account unsilencing and unsuspension
Fix regression from 3c033c4352
2018-12-26 19:13:54 +01:00
Takeshi Umeda bf70e5cfda Add error message with invalid email confirmation (#9625) 2018-12-25 19:35:26 +01:00
Eugen Rochko 5d2fc6de32
Add REST API for creating an account (#9572)
* Add REST API for creating an account

The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.

The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.

The method is rate-limited by IP to 5 requests per 30 minutes.

* Redirect users back to app from confirmation if they were created with an app

* Add tests

* Return 403 on the method if registrations are not open

* Require agreement param to be true in the API when creating an account
2018-12-24 19:12:38 +01:00
Thibaut Girka 3e686beaea Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- config/routes.rb
  Upstream changed some admin routes, conflict was because of an added :show
  action for statuses on our side. Kept it.
2018-12-23 11:28:28 +01:00
ThibG e25947db4a Sanitize and sandbox toot embeds (#9552) 2018-12-23 02:16:35 +01:00
Eugen Rochko 59e333385b
Show 40 profiles per directory page instead of 30 (#9609)
To better align with the list of hashtags
2018-12-22 23:31:23 +01:00
Eugen Rochko 3c033c4352
Add moderation warnings (#9519)
* Add moderation warnings

Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.

Additionally, there are warning presets you can configure to save
time when performing the above.

* Use Account#local_username_and_domain
2018-12-22 20:02:09 +01:00
Thibaut Girka bd23288a52 Add a per-user setting to hide followers count
This is only available if the instance-wide setting isn't set and allows
people to hide their own followers count. This does not hide others' to
them.
2018-12-20 14:51:12 +01:00
Thibaut Girka a1c56fcef1 Add admin setting to disable followers count 2018-12-20 14:51:12 +01:00
Thibaut Girka 0cd367e295 Refactor followers_accounts_controller 2018-12-20 14:51:12 +01:00
Eugen Rochko 108b2139cd
Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)
Fix #7087

The same data is available over the ActivityPub outbox, RSS, and Atom, so
there is little benefit to keeping it limited in this method.
2018-12-20 01:30:43 +01:00
Thibaut Girka 034ffc079e Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/admin/base_controller.rb
  Some refactoring made upstream, no real conflict.
- app/javascript/mastodon/features/compose/components/compose_form.js
  Updated using upstream's code but using maxChars instead of the
  hardcoded length of 500 characters per toot.
- app/javascript/styles/mastodon/components.scss
  Upstream redesigned the onboarding modal. Not sure why we had a
  conflict there.
2018-12-18 16:55:15 +01:00
jomo 2c1a6f746f fix CSP / X-Frame-Options for media embeds (#9558) 2018-12-18 16:40:30 +01:00
ysksn 3281df0df1 Move #set_user to Admin::BaseController (#9470)
* Move #set_user to Admin::BaseController

* Rename Admin::TwoFactorAuthenticationsController

from `#set_user` to `#set_target_user` .
2018-12-17 11:40:51 +01:00
Eugen Rochko 087e118971
Remove "most popular" tab from profile directory, add responsive design (#9539)
* Remove "most popular" tab from profile directory, add responsive design

* Remove unused translations
2018-12-17 03:14:28 +01:00
Thibaut Girka 65e994b29b Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/directories_controller.rb
- app/controllers/settings/applications_controller.rb
- app/controllers/settings/base_controller.rb
- app/controllers/settings/deletes_controller.rb
- app/controllers/settings/exports_controller.rb
- app/controllers/settings/follower_domains_controller.rb
- app/controllers/settings/imports_controller.rb
- app/controllers/settings/migrations_controller.rb
- app/controllers/settings/notifications_controller.rb
- app/controllers/settings/preferences_controller.rb
- app/controllers/settings/sessions_controller.rb
- app/controllers/settings/two_factor_authentication/confirmations_controller.rb
- app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
- app/controllers/settings/two_factor_authentications_controller.rb

Conflicts were due to some refactoring already made in glitch-soc
when introducing flavours.
2018-12-15 10:45:53 +01:00
ysksn b048926e67 Create Settings::BaseController (#9507)
Define `Settings::BaseController#set_body_classes` so that sub classes
inherit `Settings::BaseController` don't need to define
`#set_body_classes` agein.
2018-12-12 22:32:13 +01:00
ThibG cf6ee4ff24 Add admin ability to remove an user's header image (#9495)
* Fix markup in admin/accounts/:id table for avatar

* Add admin ability to remove an user's header image
2018-12-11 19:28:03 +01:00
ThibG 720daa8143 Add instance-wide setting to disable profile directory (#9497)
* Add instance-wide setting to disable profile directory

Fixes #9496

When the profile directory is disabled:
- The “discoverable” setting is hidden from users
- The “profile directory” link is not shown on public pages
- /explore returns 404

* Move Setting.profile_directory check to a before_action filter
2018-12-11 19:18:29 +01:00
ysksn ed24bb2c3e Add specs for activitypub collections controller (#9484)
* Add specs for ActivityPub::CollectionsController#show

* Raise ActiveRecord::RecordNotFound

Raising ActiveRecord::NotFound raises NameError: uninitialized constant
ActiveRecord::NotFound.
2018-12-10 21:39:25 +01:00
ysksn 189a6b17fb Remove RemoteAccountControllerConcern never used (#9482) 2018-12-10 21:38:01 +01:00
ysksn 361818e931 Fix Admin::TagsController#unhide (#9481) 2018-12-10 21:37:38 +01:00
Thibaut Girka 4f59d1efd7 Fix directory controller in glitch-soc 2018-12-09 16:08:10 +01:00
Thibaut Girka e7f1bfdc2d Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/javascript/packs/public.js
- app/models/user.rb
- config/settings.yml
- db/schema.rb

Moved public.js changes to settings.js.
2018-12-09 16:08:04 +01:00
ThibG 81bda7d67c Add setting to not aggregate reblogs (#9248)
* Add setting to not aggregate reblogs

Fixes #9222

* Handle cases where user is nil in add_to_home and add_to_list

* Add hint for setting_aggregate_reblogs option

* Reword setting_aggregate_reblogs label
2018-12-09 13:03:01 +01:00
Eugen Rochko 73be8f38c1
Add profile directory (#9427)
Fix #5578
2018-12-06 17:36:11 +01:00
Thibaut Girka 1df392819d Merge branch 'master' into glitch-soc/merge-upstream 2018-12-06 12:44:38 +01:00
ThibG e88c6a5c3c Fix thread depth computation in statuses_controller (#9426)
* Add test that should currently fail

* Fix depth computation (will still fail if statuses have been filtered out)

* Fix handling of broken threads
2018-12-05 02:12:29 +01:00
Thibaut Girka 06c7fb8015 Add backend support to read and update list-specific show_replies settings 2018-11-28 14:46:07 +01:00
Thibaut Girka f8e07ca5cd Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/models/status.rb

Resolved by taking both changes (not a real conflict, just changes too close
to each other).
2018-11-27 13:23:02 +01:00
Eugen Rochko 73faadad28
Redesign admin accounts index (#9340)
* Improve overview of accounts in admin UI

- Display suspended status, role, last activity and IP prominently
- Default to showing local accounts
- Default to not showing suspended accounts

* Remove unused strings

* Fix tests

* Allow filtering accounts by IP mask
2018-11-26 15:53:27 +01:00
Eugen Rochko d6b9a62e0a
Extract counters from accounts table to account_stats table (#9295) 2018-11-19 00:43:52 +01:00
Eugen Rochko 8069fd636b
Remove intermediary arrays when creating hash maps from results (#9291) 2018-11-16 15:02:18 +01:00
Thibaut Girka 759750801e Exclude local-only toots from atom feeds 2018-11-13 18:55:57 +01:00
Thibaut Girka 9201398507 Merge branch 'master' into glitch-soc/merge-upstream 2018-11-09 14:56:31 +01:00
Eugen Rochko 4615512285
Reduce connect timeout limit and limit signature failures by source IP (#9236)
* Reduce connect timeout from 10s to 1s

* Limit failing signature verifications per source IP
2018-11-08 21:35:58 +01:00
Eugen Rochko 6d59dfa15d
Optimize the process of following someone (#9220)
* Eliminate extra accounts select query from FollowService

* Optimistically update follow state in web UI and hide loading bar

Fix #6205

* Asynchronize NotifyService in FollowService

And fix failing test

* Skip Webfinger resolve routine when called from FollowService if possible

If an account is ActivityPub, then webfinger re-resolving is not necessary
when called from FollowService. Improve options of ResolveAccountService
2018-11-08 21:05:42 +01:00
Thibaut Girka 36dab188fd Merge branch 'master' into glitch-soc/merge-upstream 2018-11-06 15:22:44 +01:00
James Kiesel 4c03e05a4e Allow joining several hashtags in a single column (#8904)
* Nascent tag menu on frontend

* Hook up frontend to search

* Tag intersection backend first pass

* Update yarnlock

* WIP

* Fix for tags not searching correctly

* Make radio buttons function

* Simplify radio buttons with modeOption

* Better naming

* Rearrange options

* Add all/any/none functionality on backend

* Small PR cleanup

* Move to service from scope

* Small cleanup, add proper service tests

* Don't use send with user input :D

* Set appropriate column header

* Handle auto updating timeline

* Fix up toggle function

* Use tag value correctly

* A bit more correct to use 'self' rather than 'all' in status scope

* Fix some style issues

* Fix more code style issues

* Style select dropdown more better

* Only use to_id'ed value to ensure no SQL injection

* Revamp frontend to allow for multiple selects

* Update backend / col header to account for more flexible tagging

* Update brakeman ignore

* Codeclimate suggestions

* Fix presenter tag_url

* Implement initial PR feedback

* Handle additional tag streaming

* CodeClimate tweak
2018-11-05 18:53:25 +01:00
Thibaut Girka 1c448d6474 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/auth/sessions_controller.rb

Upstream reverted something we partially reverted already.
Reverted the rest to match upstream.
2018-10-30 17:52:08 +01:00
Eugen Rochko 5c8e7f0e1d
Revert "feat(auth/session_controller): Send Clear-Site-Data when logging out (8627)" (#9161)
This reverts commit 10680f93e7.
2018-10-30 16:25:54 +01:00
Thibaut Girka b00f60f1d3 Merge branch 'master' into glitch-soc/merge-upstream 2018-10-28 08:37:49 +01:00
Eugen Rochko 795f0107d2
Include preview cards in status entity in REST API (#9120)
* Include preview cards in status entity in REST API

* Display preview card in-stream

* Improve in-stream display of preview cards
2018-10-28 06:35:03 +01:00
Thibaut Girka c13cfeac09 Merge branch 'master' into glitch-soc/merge-upstream 2018-10-27 18:54:26 +02:00
ThibG 215e649391 Fix styling in /auth/edit (#9117) 2018-10-26 22:49:17 +02:00
Thibaut Girka 5bb8563f6c Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/admin/base_controller.rb
- app/controllers/filters_controller.rb
- app/controllers/invites_controller.rb
- app/controllers/settings/deletes_controller.rb
- app/controllers/settings/exports_controller.rb
- app/controllers/settings/follower_domains_controller.rb
- app/controllers/settings/migrations_controller.rb
- app/controllers/settings/notifications_controller.rb
- app/controllers/settings/preferences_controller.rb
- app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
- app/javascript/packs/public.js
- app/views/settings/profiles/show.html.haml

Conflicts were mostly due to the addition of body classes to the settings page,
this was caused by rejecting upstream changes for most of those files and
modifying Settings::BaseController instead.

Another cause of conflicts was the deletion of client-side checking of
display name / bio length, this was modified in app/javascript/core/settings.js
instead.
2018-10-26 20:41:43 +02:00
Eugen Rochko d4cf963749
Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)
Fix #9091
2018-10-25 18:12:22 +02:00
Yamagishi Kazutoshi e8ffecbd36 Set @body_classes to admin layout (#9081) 2018-10-25 00:10:01 +02:00
Thibaut Girka dcded13a99 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- .github/ISSUE_TEMPLATE/bug_report.md
  Took our version.
- CONTRIBUTING.md
  Updated the embedded copy of upstream's version.
- README.md
  Took our version.
- app/policies/status_policy.rb
  Not a real conflict, took code from both.
- app/views/layouts/embedded.html.haml
  Added upstream's changes (dns-prefetch) and fixed
  `%body.embed`
- app/views/settings/preferences/show.html.haml
  Reverted some of upstream changes, as we have a
  page dedicated for flavours and skins.
- config/initializers/content_security_policy.rb
  Kept our version of the CSP.
- config/initializers/doorkeeper.rb
  Not a real conflict, took code from both.
2018-10-22 17:51:38 +02:00
Eugen Rochko fd5285658f
Add option to block reports from domain (#8830) 2018-10-20 08:02:44 +02:00
Eugen Rochko 9486f0ca77
Add "disable" button to report screen (#9024)
* Add "disable" button to report screen

* i18n-tasks remove-unused
2018-10-20 02:39:39 +02:00
Eugen Rochko a38a452481
Add unread indicator to conversations (#9009) 2018-10-19 01:47:29 +02:00
Thibaut Girka 3d5d899094 Allow selecting both default flavour and theme
Fixes #672
2018-10-12 19:06:35 +02:00
Eugen Rochko fac529975b Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 07:00:41 +02:00
Eugen Rochko 21ad21cb50
Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 00:15:55 +02:00
ThibG 2d27c11061 Set Content-Security-Policy rules through RoR's config (#8957)
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
2018-10-11 20:35:46 +02:00
Thibaut Girka d17844e6d1 Merge branch 'master' into glitch-soc/merge-upstream 2018-10-08 13:51:33 +02:00
Eugen Rochko a00ce8c92c
Remove dead code (#8919)
SignatureVerification#matches_time_window? is not called anywhere.
2018-10-08 04:48:54 +02:00
ashleyhull-versent 2dba313100 Replace SVG asset with Custom mascot (#8766) 2018-10-08 00:20:45 +02:00
Eugen Rochko 774ac47373
Add conversations API (#8832)
* Add conversations API

* Add web UI for conversations

* Add test for conversations API

* Add tests for ConversationAccount

* Improve web UI

* Rename ConversationAccount to AccountConversation

* Remove conversations on block and mute

* Change last_status_id to be a denormalization of status_ids

* Add optimistic locking
2018-10-07 23:44:58 +02:00
Thibaut Girka 611740ce81 Merge branch 'master' into glitch-soc/merge-upstream 2018-10-07 19:47:56 +02:00
ThibG 25744d43b0 Ensure only toots from the reported users are reported (#8916) 2018-10-07 19:45:40 +02:00
Thibaut Girka 00fcdebed7 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	db/migrate/20170716191202_add_hide_notifications_to_mute.rb
	spec/controllers/application_controller_spec.rb

Took our version, upstream changes were only minor style linting.
2018-10-05 15:23:57 +02:00
Eugen Rochko e645ae9561
Change admin accounts default sort to most recent (#8813) 2018-10-04 16:05:38 +02:00
Thibaut Girka c91d9b7389 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/lib/user_settings_decorator.rb
	app/models/user.rb
	app/serializers/initial_state_serializer.rb
	app/views/stream_entries/_simple_status.html.haml
	config/locales/simple_form.en.yml
	config/locales/simple_form.ja.yml
	config/locales/simple_form.pl.yml
	config/routes.rb
2018-10-01 12:43:20 +02:00
Eugen Rochko f0fff3eb10
Support min_id-based pagination in REST API (#8736)
* Allow min_id pagination in Feed#get

* Add min_id pagination to home and list timeline APIs

* Add min_id pagination to account statuses, public and tag APIs

* Remove unused stub in reports API

* Use min_id pagination in notifications, favourites, and fix order

* Fix HomeFeed#from_database not using paginate_by_id
2018-09-28 02:23:45 +02:00
ふぁぼ原 f7a6f9489d Add a new preference to always hide all media (#8569) 2018-09-25 05:09:35 +02:00
Yamagishi Kazutoshi 86f138ed16 Cache instance info (#8765) 2018-09-24 16:15:49 +02:00
Matt Sweetman 1889526e23 Add user preference to always expand toots marked with content warnings (#8762) 2018-09-24 05:44:01 +02:00
Thibaut Girka 91bef4759f Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	Vagrantfile
	app/javascript/packs/public.js
	app/views/admin/settings/edit.html.haml
	app/views/settings/preferences/show.html.haml
	app/views/settings/profiles/show.html.haml
	config/locales/es.yml
	config/locales/simple_form.en.yml
	config/webpack/configuration.js
	config/webpack/loaders/babel.js
	package.json
	yarn.lock

Split new additions to app/javascript/packs/public.js to
app/javascript/core/settings.js
2018-09-19 21:46:01 +02:00
luzpaz 40dd19be37 Misc. typos (#8694)
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-14 00:53:09 +02:00
Thibaut Girka f1214f00d9 Do not clear local storage on log out 2018-09-11 17:00:22 +02:00
Thibaut Girka cd99255698 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/controllers/oauth/authorizations_controller.rb

Just two changes being too close to one another.
Took both.
2018-09-11 16:51:26 +02:00
Eugen Rochko 2288d50a7b
Add force_login option to OAuth authorize page (#8655)
* Add force_login option to OAuth authorize page

For when a user needs to sign into an app from multiple accounts
on the same server

* When logging out from modal header, redirect back after re-login
2018-09-09 04:10:44 +02:00
Sorin Davidoi 10680f93e7 feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627)
Will clear the browser's cache, cookies and storage.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
https://w3c.github.io/webappsec-clear-site-data/
2018-09-07 05:42:16 +02:00
Thibaut Girka 7ea4c793d6 Allow to show a specific status in the admin interface 2018-09-03 18:19:11 +02:00
Thibaut Girka 6c233a04a0 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	README.md

Discarded upstream changes to the README, kept our version.
2018-09-03 14:33:06 +02:00
Eugen Rochko 075e162319
Whitelist report notification param in Settings::NotificationsController (#8560)
Bug in #8559
2018-09-02 02:05:32 +02:00
Eugen Rochko c593d6df9c
Add preference for report notification e-mails, skip for duplicates (#8559)
If an unresolved report for the same target account already exists,
no new notification is generated
2018-09-02 00:11:58 +02:00
Thibaut Girka 6f75a9001f Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/views/stream_entries/_simple_status.html.haml
- config/locales/nl.yml

Deleted unused translation strings (themes) and adapted minor changes to
_simple_status.html.haml
2018-08-31 19:10:57 +02:00
ThibG 0b62585748 Self-notify on accepting follow requests (#8541) 2018-08-31 15:17:31 +02:00
Renato "Lond" Cerqueira 11658d8653 Add animate custom emoji param to embed pages (#8507)
* Add animate custom emoji param to embed pages

* Rename param, use it for avatars and gifs

* Fix issues pointed by codeclimate and breaking test

* Ignore brakeman warning
2018-08-30 23:14:01 +02:00
Thibaut Girka 53b7bb9d04 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/controllers/api/v1/mutes_controller.rb
	config/locales/simple_form.pl.yml
2018-08-27 18:09:28 +02:00