Fix#2196 - Respond with 201 when Salmon accepted, 400 when unverified
Fix#2629 - Correctly handle confirm_domain? for local accounts
Unify rules for extracting author acct from XML, prefer <email>, fall back
to <name> + <uri> (see also #2017, #2172)
* Add coverage for create with empty acct value
* Add coverage for create with webfinger failure
* Add coverage for create with webfinger providing bad values
* Add coverage for create when webfinger is good
* Add coverage for session[:remote_follow] having data
* Simplify how remote follow pulls acct from session
* Remote follow behaves more like model
* Move the discovery portions of remote follow out of controller
* Check for suspended accounts
* Naive approached to timeline filtering
* Convert allowed_languages into a db column
* Allow users to choose languages to see statuses in
* Style list items as two columns
* Add a hint to explain language filtering preference
* Add coverage for admin/confirmations controller
* Coverage for statuses controller show action
* Add coverage for admin/domain_blocks controller
* Add coverage for settings/profiles#update
* OEmbed support for PreviewCard
* Improve ProviderDiscovery code failure treatment
* Do not crawl links if there is a content warning, since those
don't display a link card anyway
* Reset db schema
* Fresh migrate
* Fix rubocop style issues
Fix#1681 - return existing access token when applicable instead of creating new
* Fix test
* Extract http client to helper
* Improve oembed controller
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden.
Warden::Manager can be found in rake middleware. It is outside of the controller.
In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager
delegates request to failure_app to generate response and flash[:alert] after catching it.
Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only
inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
* Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes.
* Fix code style and test failures for OutboxController.
* Attempt to fix CI errors.
duplicates. Web UI regenerates UUID for that header every time the compose
form is changed or successfully submitted
Also, fix Farsi i18n overwriting the English one
* Fix#2119 - Whenever about to send a HTTP request, normalize the URI
* Add test for IDN request in FetchLinkCardService
* Perform IDN normalization on domains before they are stored in the DB
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers
* Authorized followers controller, stub for bulk action
* Soft block in the background
* Add simple test for new controller
* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
* Clean up collapsible components
* Expose user Outboxes and AS2 representations of statuses
* Save work thus far.
* Fix bad merge.
* Save my work
* Clean up pagination.
* First test working.
* Add tests.
* Add Forbidden error template.
* Revert yarn.lock changes.
* Fix code style deviations and use localized instead of hardcoded English text.
* Shows confirmed status in list.
* Adds ability to confirm users in admin UI.
* Added new english translations.
* Addresses feedback from #2245.
* More feedback.
The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.
* Add spec coverage for settings/two_factor_auth area
* extract setup method for qr code
* Move otp required check to before action
* Merge method only used once
* Remove duplicate view
* Consolidate creation of @codes for backup
* Move settings/2fq#recovery_codes to settings/recovery_codes#create
* Rename settings/two_factor_auth#disable to #destroy
* Add coverage for the otp required path on 2fa#show
* Clean up the recovery codes list styles
* Move settings/two_factor_auth to settings/two_factor_authentication
* Reorganize the settings two factor auth area
Updated to use a flow like:
- settings/two_factor_authentication goes to a #show view which has a button
either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
codes
- that create action shares a view with a recovery codes controller which can be
used separately to reset codes if needed
* Add render_views for admin/settings spec
* Add coverage for admin/settings#update
* Add coverage for admin/settings typecasting open_registrations setting
* Simplify how admin/settings finds the value for updating
* Rely on activerecord to not update a value that hasnt changed
* Add coverage for non-existent setting
* Use a constant for boolean settings
* Add routing specs for accounts followers and following actions
* Use more restful route naming for public account follow pages
Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index
Adds routing spec to ensure prior URLs are preserved.
* Add a ReportFilter class
* Add reports and targeted_reports relationships to Account
* Use ReportFilter from admin/reports controller
* Link to admin/reports filtered views from admin account show view
* Add indexes to reports.account_id and reports.target_account_id
* Remove unused method #set_counters_maps from api controller
* Remove unused method #set_account_counters_maps from api controller
* Remove unused method Account#followers_domains
* Remove unused User.prolific scope
* Add mastodon:users:admins task to list all admin emails
* Use interpolated query style in Account.triadic_closures
* Coverage for Account.triadic_closures
This change includes:
- Improve the spec coverage for incoming request to the webfinger action
- For requests without an accept header (ie, what a browser might look like),
return a JSON response.
- For requests with an explicit format of xml or json, return that format.
- For requests using an accept header, return that format.
Also adds failing spec showing webfinger does not return xml, which covers the
issue described in: https://github.com/tootsuite/mastodon/issues/1983
Matt Jankowski