Commit Graph

1023 Commits

Author SHA1 Message Date
ThibG
44680c46ed Ensure single user is a local user (fixes #8154) (#8157) 2018-08-11 11:53:10 +02:00
Thibaut Girka
e5a603206d Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/controllers/accounts_controller.rb
	app/javascript/mastodon/locales/pl.json
	app/views/about/more.html.haml

Conflicts in `accounts_controller.rb` resolved by taking upstream's
version + our `use_pack`.

Conflicts in `pl.json` resolved by taking upstream's changes.

Conflicts in `aboute/more.html.haml` resolved by taking upstream's changes.
2018-08-10 16:22:31 +02:00
Thibaut Girka
90b492143d Introduce OAuth scopes for bookmarks 2018-08-10 15:26:52 +02:00
Eugen Rochko
0dcc1950d1
Update /terms and /about/more to use public layout (#8142) 2018-08-09 12:58:20 +02:00
Eugen Rochko
f2404de871
Public profile endorsements (accounts picked by profile owner) (#8146) 2018-08-09 09:56:53 +02:00
Thibaut Girka
bf1d3ae3b8 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	config/settings.yml
2018-08-01 22:20:25 +02:00
Yamagishi Kazutoshi
4da03a298a Do not show pinned toots when min_id is set (#8111) 2018-08-01 17:57:02 +02:00
Thibaut Girka
c1c514ca70 Merge branch 'master' into glitch-soc/merge-upstream
Manually-resolved conflicts:
	.circleci/config.yml
	app/controllers/accounts_controller.rb
	app/controllers/auth/passwords_controller.rb
	app/controllers/statuses_controller.rb
	app/javascript/packs/public.js
	app/models/media_attachment.rb
	app/views/stream_entries/_content_spoiler.html.haml
	app/views/stream_entries/_media.html.haml
	config/locales/en.yml
	config/locales/ja.yml
	config/locales/pl.yml
	lib/mastodon/version.rb

Some content from app/javascript/packs/public.js has been split to
app/javascript/core/settings.js.

Translation strings for glitch-soc's keyword mutes were dropped.

Everything else was mostly “take both”.
2018-08-01 00:18:13 +02:00
Eugen Rochko
cc56f2230a
Add separate setting for sidebar text (site_short_description) (#8107)
* Add separate setting for sidebar text (site_short_description)

* Fix tests
2018-07-31 18:59:34 +02:00
Eugen Rochko
60df87f6f0
Compensate for scrollbar disappearing when media modal visible (#8100)
* Compensate for scrollbar disappearing when media modal visible

Make auth pages backgrounds lighter

* Fix typo
2018-07-31 01:14:33 +02:00
Eugen Rochko
79a1f667c5 Order invites by recent first (#8091)
Fix #8085
2018-07-28 17:15:17 -04:00
Eugen Rochko
bb71538bb5
Redesign public profiles and toots (#8068) 2018-07-28 19:25:33 +02:00
Thibaut Girka
7dbed4dab9 Merge branch 'master' into glitch-soc/merge-upstream 2018-07-17 22:05:25 +02:00
Eugen Rochko
0d13e30ad2
Display trending hashtags on admin dashboard (#8038) 2018-07-16 19:21:27 +02:00
Thibaut Girka
f26f1145ac Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	Dockerfile
	app/javascript/packs/common.js
	config/webpack/loaders/sass.js
	config/webpack/shared.js
	db/schema.rb
	package.json
	yarn.lock

A lot of the conflicts come from updating webpack.

Even though upstream deleted app/javascript/packs/common.js, I kept
glitch-soc's version as it unifies JS/CSS packs behavior across flavours.

Ported glitch changes to webpack 4.x
2018-07-16 14:50:42 +02:00
Eugen Rochko
04587116bd
Fix typo in Admin::DashboardController#index 2018-07-16 01:58:10 +02:00
Eugen Rochko
2354b10eb5
Add admin dashboard (#8029) 2018-07-16 01:11:53 +02:00
Eugen Rochko
e55dce3176
Add federation relay support (#7998)
* Add federation relay support

* Add admin UI for managing relays

* Include actor on relay-related activities

* Fix i18n
2018-07-13 02:16:06 +02:00
Thibaut Girka
ddfcedcfe4 Merge branch 'master' into glitch-soc/merge-upstream 2018-07-12 19:26:20 +02:00
mayaeh
401559c376 Fix whole-word selection and i18n: Add Japanese translation for Whole-word (#8004)
* Add Japanese translation for "Whole word" and add it's description.

* Fix to enable "Whole-word" selection.
2018-07-12 17:58:26 +02:00
Thibaut Girka
402da8065c Migrate glitch-soc keyword mutes to Mastodon's
Completely remove glitch-soc's Keyword Mutes, migrate
existing database records to CustomFilters.

Handling of client-side filters is still not implemented
in the glitch-soc front-end.
2018-07-09 19:19:23 +02:00
Thibaut Girka
ee41947e9d Set appropriate assets pack for the keyword filter page 2018-07-09 19:19:23 +02:00
Thibaut Girka
d392020da6 Merge branch 'master' into glitch-soc/tentative-merge
Conflicts:
	README.md
	app/controllers/statuses_controller.rb
	app/lib/feed_manager.rb
	config/navigation.rb
	spec/lib/feed_manager_spec.rb

Conflicts were resolved by taking both versions for each change.
This means the two filter systems (glitch-soc's keyword mutes and tootsuite's
custom filters) are in place, which will be changed in a follow-up commit.
2018-07-09 07:13:59 +02:00
ThibG
1ca4e51eb3 Add option to not consider word boundaries when processing keyword filtering (#7975)
* Add option to not consider word boundaries when filtering phrases

* Add a few tests for keyword/phrase filtering
2018-07-09 02:22:09 +02:00
Eugen Rochko
6b9e03e002
Add API method to remove a suggestion (#7978)
DELETE /api/v1/suggestions/:account_id

When blocking, remove suggestion from both sides. Muting not affected,
since muting is supposed to be invisible to the target.
2018-07-07 21:09:54 +02:00
Eugen Rochko
9804ec3a6d
Fix missing irreversible in filters API, expires_in param (#7976) 2018-07-07 18:51:45 +02:00
Eugen Rochko
f89c595ea0
Add admin setting to enable OG previews for sensitive media (#7962) 2018-07-06 02:15:56 +02:00
Eugen Rochko
baff4a7ce0
If signed in, redirect autofollow invite to profile page (#7956)
Fix #7944
2018-07-05 20:57:35 +02:00
Eugen Rochko
1f6ed4f86a
Add more granular OAuth scopes (#7929)
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
2018-07-05 18:31:35 +02:00
Eugen Rochko
da8fe8079e
Re-add follow recommendations API (#7918)
* Re-add follow recommendations API

    GET /api/v1/suggestions

Removed in 8efa081f21 due to Neo4J
dependency. The algorithm uses triadic closures, takes into account
suspensions, blocks, mutes, domain blocks, excludes locked and moved
accounts, and prefers more recently updated accounts.

* Track interactions with people you don't follow

Replying to, favouriting and reblogging someone you're not following
will make them show up in follow recommendations. The interactions
have different weights:

- Replying is 1
- Favouriting is 10 (decidedly positive interaction, but private)
- Reblogging is 20

Following them, muting or blocking will remove them from the list,
obviously.

* Remove triadic closures, ensure potential friendships are trimmed
2018-07-03 01:47:56 +02:00
Eugen Rochko
2092d5c0ad
Improve embeds (#7919)
* Make embeds cacheable by reverse proxy

* Make follow button on embeds open remote follow modal

Instead of web+mastodon://, also, turn the button blue, and add a
sign up prompt to the remote follow modal
2018-07-01 04:12:34 +02:00
Marty McGuire
8fea9cc311 Typo in signature verification failure logging (#7916)
`@signature_verification_failure_reason` is used in most places but`@signed_verification_failure_reason` appears in two places. Likely those errors are not returned.
2018-06-30 13:11:38 +02:00
Eugen Rochko
cdb101340a
Keyword/phrase filtering (#7905)
* Add keyword filtering

    GET|POST       /api/v1/filters
    GET|PUT|DELETE /api/v1/filters/:id

- Irreversible filters can drop toots from home or notifications
- Other filters can hide toots through the client app
- Filters use a phrase valid in particular contexts, expiration

* Make sure expired filters don't get applied client-side

* Add missing API methods

* Remove "regex filter" from column settings

* Add tests

* Add test for FeedManager

* Add CustomFilter test

* Add UI for managing filters

* Add streaming API event to allow syncing filters

* Fix tests
2018-06-29 15:34:36 +02:00
Thibaut Girka
4b0f27ba78 Merge branch 'master' into glitch-soc/merge-upstream 2018-06-24 14:32:22 +02:00
Shuhei Kitagawa
23955d956e Add tests for remote_unfollows_controller (#7879) 2018-06-24 19:55:55 +09:00
Thibaut Girka
0c3a337e04 Fix confirmations_controller 2018-06-21 23:48:54 +02:00
Thibaut Girka
ab5f450700 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/models/user.rb

Resolved by adding :default_language to user settings fields
2018-06-21 20:49:57 +02:00
Shuhei Kitagawa
7f59206944 Replace bypass option with bypass_sign_in (#7867) 2018-06-21 10:41:49 +09:00
Eugen Rochko
a58ec29631
Allow selecting default posting language instead of auto-detect (#7828)
* Allow selecting default posting language instead of auto-detect

* Enable default language setting in credentials API

* Fix form saving
2018-06-17 18:57:31 +02:00
Eugen Rochko
7eec279c7f
Change language opt-out to language opt-in (#7823)
* Switch filtered_languages to chosen_languages

* Adjust interface

* Remove unused translations
2018-06-17 13:54:02 +02:00
Thibaut Girka
db200226b8 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/javascript/mastodon/initial_state.js
	db/schema.rb

Upstream added a new field to initial_state.
Not too sure about what happened with db/schema.rb though…
2018-06-15 20:51:39 +02:00
Eugen Rochko
ca85658975
Add autofollow option to invites (#7805)
* Add autofollow option to invites

* Trigger CodeClimate rebuild
2018-06-15 18:00:23 +02:00
David Yip
5cff053944
Merge branch 'master' into 454-allow-keyword-mutes-to-skip-mentions 2018-06-12 18:13:30 -05:00
David Yip
e931cf656d
Merge remote-tracking branch 'glitchsoc/master' into 454-allow-keyword-mutes-to-skip-mentions
Conflicts:
 	app/models/glitch/keyword_mute.rb
2018-06-12 16:39:30 -05:00
Jenkins
4d8d1fa129 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-06-12 13:17:21 +00:00
Shuhei Kitagawa
7086aa598b Add tests for intents_controller (#7763) 2018-06-09 22:47:50 +02:00
Eugen Rochko
10f51c9886
Fix domain hiding logic (#7765)
* Send rejections to followers when user hides domain they're on

* Use account domain blocks for "authorized followers" action

Replace soft-blocking (block & unblock) behaviour with follow rejection

* Split sync and async work of account domain blocking

Do not create domain block when removing followers by domain, that
is probably unexpected from the user's perspective.

* Adjust confirmation message for domain block

* yarn manage:translations
2018-06-09 22:46:54 +02:00
David Yip
97d2df77aa
Add apply-to-mentions option to keyword mute UI. #454. 2018-06-04 02:51:28 -05:00
David Yip
c55263027a
Merge remote-tracking branch 'origin/master' into gs-master 2018-06-03 19:44:05 -05:00
Eugen Rochko
0deb9fa6b9
Remove trending hashtags (#7711)
* Delete trends_controller.rb

* Update routes.rb

* Update trending_tags.rb

* Update index.js

* Update index.js

* Update search_results.js

* Update async-components.js

* Update index.js

* Delete trends.js

* Delete trends.js

* Delete trends_container.js

* Delete trends.js

* Update search_results.js

* Update search_results_container.js
2018-06-04 02:18:18 +02:00
Thibaut Girka
c087738270 Merge branch 'master' into glitch-soc/merge-upstream 2018-05-29 13:52:26 +02:00
Eugen Rochko
8bb74e50be
Add GET /api/v2/search which returns rich tag objects, adjust web UI (#7661) 2018-05-29 02:01:24 +02:00
tateisu
b87a1229c7 optimize direct timeline (#7614)
* optimize direct timeline

* fix typo in class name

* change filter condition for direct timeline

* fix codestyle issue

* revoke index_accounts_not_silenced because direct timeline does not use it.

* revoke index_accounts_not_silenced because direct timeline does not use it.

* fix rspec test condition.

* fix rspec test condition.

* fix rspec test condition.

* revoke adding column and partial index

* (direct timeline) move merging logic to model

* fix pagination parameter

* add method arguments that switches return array of status or cache_ids

* fix order by

* returns ActiveRecord.Relation in default behavor

* fix codestyle issue
2018-05-28 11:04:06 +02:00
Eugen Rochko
9bd23dc4e5
Track trending tags (#7638)
* Track trending tags

- Half-life of 1 day
- Historical usage in daily buckets (last 7 days stored)
- GET /api/v1/trends

Fix #271

* Add trends to web UI

* Don't render compose form on search route, adjust search results header

* Disqualify tag from trends if it's in disallowed hashtags setting

* Count distinct accounts using tag, ignore silenced accounts
2018-05-27 21:45:30 +02:00
Thibaut Girka
659b8a12ec Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	config/locales/ca.yml
	config/locales/nl.yml
	config/locales/oc.yml
	config/locales/pt-BR.yml

Resolved conflicts by removing upstream-specific changes
2018-05-27 13:20:15 +02:00
Eugen Rochko
ebf2fef029
Catch ActionController::UnknownFormat and return HTTP 406 (#7621)
An error like that should not appear in production error log.
2018-05-26 01:09:30 +02:00
Thibaut Girka
e0ef89c73f Merge branch 'master' into glitch-soc/merge-upstream 2018-05-23 16:05:19 +02:00
Eugen Rochko
4d81809f36
Yeah, it was supposed to be #create? 2018-05-22 20:05:24 +02:00
Eugen Rochko
36e47a31e3
Enforce order on authorized applications page (#7587)
Fix #7586
2018-05-22 14:44:53 +02:00
Thibaut Girka
a4c9bda771 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	app/javascript/styles/mastodon-light.scss
	config/locales/en.yml
	config/locales/fr.yml
	config/locales/simple_form.pl.yml
	config/themes.yml

Conflicts resolved by deleting config/themes.yml,
marking app/javascript/styles/mastodon-light.scss as added,
and taking all new translation strings, not removing anything from
them.
2018-05-21 16:40:02 +02:00
Eugen Rochko
05f8c375a2
Remove small pagination limit from context API (#7564)
Fix #7557
2018-05-21 12:43:05 +02:00
Thibaut Girka
b481e4fac1 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	config/locales/simple_form.ja.yml
2018-05-19 22:41:10 +02:00
Eugen Rochko
8378b72eba
Ensure push subscription is immediately removed when application is revoked (#7548)
* Ensure push subscription is immediately removed when application is revoked

* When token is revoked from app, unsubscribe too
2018-05-19 21:05:08 +02:00
David Yip
e0eebba461
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
 	app/controllers/follower_accounts_controller.rb
 	app/controllers/following_accounts_controller.rb
 	app/controllers/settings/preferences_controller.rb
 	app/lib/user_settings_decorator.rb
 	app/models/user.rb
 	config/locales/simple_form.en.yml
2018-05-18 08:47:10 -05:00
Eugen Rochko
1e02dc8715
Add preference to hide following/followers lists (#7532)
* Add preference to hide following/followers lists

- Public pages
- ActivityPub collections (does not return pages but does give total)
- REST API (unless it's your own) (does not federate)

Fix #6901

* Add preference

* Add delegation

* Fix issue

* Fix issue
2018-05-18 02:26:51 +02:00
Jenkins
2636a23092 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-05-17 11:17:21 +00:00
Eugen Rochko
7293b9fc61
Ensure unfilled fields are shown when errors are shown (#7523)
Fix #7486
2018-05-17 13:00:56 +02:00
Eugen Rochko
dfb6907e08
HTTP signatures spec no longer requires algorithms field (#7525)
Fix #7520
2018-05-17 04:03:28 +02:00
Thibaut Girka
78ac246b87 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
	Gemfile

Solved conflicts by using upstream's line for posix-spawn
2018-05-16 21:52:38 +02:00
Akihiko Odaki
77cd6b5096 Do not use permitted_for scope when querying pinned statuses (#7510)
permitted_for scope is slow when combined with pinned status scope.
Fortunately permitted_for scope can safely be removed because a pinned
status is always public.
2018-05-16 12:30:14 +02:00
Akihiko Odaki
55fd55714a Raise Mastodon::RaceConditionError if Redis lock failed (#7511)
An explicit error allows user agents to know the error and Sidekiq to
retry.
2018-05-16 12:29:45 +02:00
Thibaut Girka
ba7ee67498 Merge branch 'master' into glitch-soc/merge 2018-05-14 20:51:50 +02:00
Eugen Rochko
416f644505
Fix 404 for GET /api/v1/push/subscription (#7472)
My bad...
2018-05-13 21:45:18 +02:00
Eugen Rochko
97e43ec5f0
Add GET /api/v1/push/subscription REST API (#7471)
* Add Api::V1::Push::SubscriptionsController#show

* Add to routes
2018-05-13 21:07:31 +02:00
Thibaut Girka
45fce0e496 Merge branch 'master' into glitch-soc/merge
Conflicts:
	app/controllers/invites_controller.rb
	app/serializers/initial_state_serializer.rb
	config/locales/ko.yml
2018-05-11 18:12:42 +02:00
ThibG
352bae8c3e Update session activation time (fixes #5605) (#7408) 2018-05-11 13:20:58 +02:00
Shuhei Kitagawa
50491e0d92 Add tests for invites controller (#7441)
* Add tests for invites controller

* Small refactoring and fix for invites controller
2018-05-11 13:14:33 +02:00
Eugen Rochko
b4fb766b23
Add REST API for Web Push Notifications subscriptions (#7445)
- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
2018-05-11 11:49:12 +02:00
Thibaut Girka
1c9c0167b7 Merge branch 'master' into glitch-soc/master
Conflicts:
	app/models/account.rb
	app/views/accounts/_header.html.haml
2018-05-10 00:03:28 +02:00
Eugen Rochko
42cd363542
Bot nameplates (#7391)
* Store actor type in database

* Add bot nameplate to web UI, add setting to preferences, API, AP
Fix #7365

* Fix code style issues
2018-05-07 09:31:07 +02:00
abcang
db012b57c2 Fix distribute_add_activity and distribute_remove_activity (#7393) 2018-05-07 09:30:18 +02:00
Shuhei Kitagawa
bd10a7e480 Add resend confirmation for admin (#7378)
* Add confirmations_controller#resend

* Add tests for confirmations_controller#resend

* Add translations
2018-05-06 10:59:03 +02:00
Eugen Rochko
c7d1a2e400
Improve admin UI for accounts (#7360)
* Improve design of account statuses admin UI (consistent with reports)

* Make account moderation notes look consistent with report notes

* i18n-tasks remove-unused

* Fix code style issues

* Fix tests
2018-05-05 23:06:29 +02:00
David Yip
7600067a30
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	app/controllers/follower_accounts_controller.rb
 	app/controllers/following_accounts_controller.rb
    	db/schema.rb
2018-05-04 14:16:30 -05:00
Jenkins
cb62935c0b Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-05-04 18:17:32 +00:00
ThibG
d1aef17f9a Do not render first page of following and followers collections unless explicitly asked to (#7357) 2018-05-04 20:17:01 +02:00
Eugen Rochko
2c1f7b2ece
Better pagination for ActivityPub outbox (#7356) 2018-05-04 19:19:11 +02:00
David Yip
c816701550
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	.travis.yml
 	Gemfile.lock
 	README.md
 	app/controllers/settings/follower_domains_controller.rb
 	app/controllers/statuses_controller.rb
 	app/javascript/mastodon/locales/ja.json
 	app/lib/feed_manager.rb
 	app/models/media_attachment.rb
 	app/models/mute.rb
 	app/models/status.rb
 	app/services/mute_service.rb
 	app/views/home/index.html.haml
 	app/views/stream_entries/_simple_status.html.haml
 	config/locales/ca.yml
 	config/locales/en.yml
 	config/locales/es.yml
 	config/locales/fr.yml
 	config/locales/nl.yml
 	config/locales/pl.yml
 	config/locales/pt-BR.yml
 	config/themes.yml
2018-05-03 17:23:44 -05:00
Eugen Rochko
cb5b5cb5f7
Slightly reduce RAM usage (#7301)
* No need to re-require sidekiq plugins, they are required via Gemfile

* Add derailed_benchmarks tool, no need to require TTY gems in Gemfile

* Replace ruby-oembed with FetchOEmbedService

Reduce startup by 45382 allocated objects

* Remove preloaded JSON-LD in favour of caching HTTP responses

Reduce boot RAM by about 6 MiB

* Fix tests

* Fix test suite by stubbing out JSON-LD contexts
2018-05-02 18:58:48 +02:00
Eugen Rochko
cae933510c
Allow updating bio fields via PUT /api/v1/accounts/update_credentials (#7288)
Add raw bio fields to the source attribute on GET /api/v1/accounts/verify_credentials
2018-05-02 15:57:37 +02:00
Eugen Rochko
f62ee1ddb0
Disable API access when login is disabled (#7289) 2018-04-30 09:13:14 +02:00
Eugen Rochko
54f34d3f2a
Return HTTP 410 for suspended accounts in GET /api/v1/accounts/:id (#7287)
Fix #7243
2018-04-30 09:12:36 +02:00
Eugen Rochko
da61352fab
Fix "Show more" URL on paginated threads for remote statuses (#7285)
* Fix URL of "Show more" link in paginated threads (ancestors side)

Increase item limits in threads

Fix #7268

* Fix "Show more" link in paginated threads (descendants side)
2018-04-30 01:59:42 +02:00
Eugen Rochko
9d4710ed00
Add RSS feeds for end-users (#7259)
* Add RSS feed for accounts

* Add RSS feeds for hashtags

* Fix code style issues

* Fix code style issues
2018-04-25 02:10:02 +02:00
Akihiko Odaki
1258efa882 Paginate descendant statuses in public page (#7148) 2018-04-23 19:27:35 +02:00
Yamagishi Kazutoshi
87e3f0a41d Fix spec for sr-Latn (#7203) 2018-04-20 18:14:31 +02:00
Eugen Rochko
a9c440637c
Improve report layout (#7188)
* Use table for statuses in report

* Display reported account and reporter in the same table

* Split accounts and general report info into two tables again

* Redesign report statuses table, notes, merge notes and action log

* Remove unused translations

* Fix code style issue

* Fix code style issue

* Fix code style issue
2018-04-20 02:28:48 +02:00
David Yip
16d5217502
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	app/controllers/home_controller.rb
 	app/controllers/stream_entries_controller.rb
 	app/javascript/mastodon/locales/ja.json
 	app/javascript/mastodon/locales/pl.json
2018-04-18 18:48:12 -05:00
Kaito Sinclaire
156b916caf Direct messages column (#4514)
* Added a timeline for Direct statuses
* Lists all Direct statuses you've sent and received
* Displayed in Getting Started
* Streaming server support for direct TL

* Changes to match other timelines in 2.0
2018-04-18 13:09:06 +02:00
abcang
897199910f Improve web api protect (#6343) 2018-04-17 15:23:46 +02:00
Eugen Rochko
aab5581c43
Set Referrer-Policy to origin in web UI and public pages of private toots (#7162)
Fix #7115
2018-04-17 13:51:01 +02:00
Akihiko Odaki
a1049e9380 Redirect to account status page for page of status stream entry (#7104)
Commit 519119f657 missed a change for
stream entry page. Instead of duplicating the change, redirect to account
status page. It would also help crawlers (of search engines, for example)
to understand a stream entry URL and its corresponding status URL points
to the same page.
2018-04-16 10:04:31 +02:00
David Yip
813da6788e
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	db/schema.rb
2018-04-14 09:12:50 -05:00
Eugen Rochko
78ed4ab75f
Add bio fields (#6645)
* Add bio fields

- Fix #3211
- Fix #232
- Fix #121

* Display bio fields in web UI

* Fix output of links and missing fields

* Federate bio fields over ActivityPub as PropertyValue

* Improve how the fields are stored, add to Edit profile form

* Add rel=me to links in fields

Fix #121
2018-04-14 12:41:08 +02:00
David Yip
d66192f21c
Merge remote-tracking branch 'glitchsoc/master' into gs-master
Conflicts:
 	db/schema.rb
2018-04-14 03:50:31 -05:00
David Yip
b7804028c2
Merge pull request #419 from ThibG/glitch-soc/features/bookmarks
Bookmarks
2018-04-13 16:38:15 -05:00
David Yip
ed490b781f
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	Gemfile.lock
 	config/application.rb
2018-04-13 16:36:46 -05:00
Yamagishi Kazutoshi
50529cbceb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
David Yip
a817f084ea
Merge remote-tracking branch 'tootsuite/master'
Conflicts:
 	app/controllers/statuses_controller.rb
2018-04-12 03:30:57 -05:00
Thibaut Girka
50eb8f1f61 Add backend support for bookmarks
Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.
2018-04-11 20:40:29 +02:00
Akihiko Odaki
519119f657 Paginate ancestor statuses in public page (#7102)
This also limits the statuses returned by API, but pagination is not
implemented in Web API yet. I still expect it brings user experience
better than making a user wait to fetch all ancestor statuses and flooding
the column with them.
2018-04-11 12:35:09 +02:00
Jenkins
33c2bbdda7 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-04-11 00:50:09 +00:00
Emelia Smith
d9b62e34da Feature: Improve reports ui (#7032)
* Further improvements to Reports UI

- Clean up notes display
- Clean up add new note form
- Simplify controller
- Allow reopening a report with a note
- Show created at date for reports
- Fix report details table formatting

* Show history of report using Admin::ActionLog beneath the report

* Fix incorrect log message when reopening a report

* Implement fetching of all ActionLog items that could be related to the report

* Ensure adding a report_note updates the report's updated_at

* Limit Report History to actions that happened between the report being created and the report being resolved

* Fix linting issues

* Improve report history builder

Thanks @gargron for the improvements
2018-04-10 20:27:59 +02:00
Emelia Smith
219a4423d8 Feature: Allow staff to change user emails (#7074)
* Admin: Show unconfirmed email address on account page

* Admin: Allow staff to change user email addresses

* ActionLog: On change_email, log current email address and new unconfirmed email address
2018-04-10 09:16:06 +02:00
David Yip
67e77f230e
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	app/serializers/initial_state_serializer.rb

The glitch flavour isn't yet pulling custom emoji data on its own (see
https://github.com/tootsuite/mastodon/pull/7047).  Once that gets into
the glitch flavour, we can eliminate the custom_emojis load.
2018-04-08 19:05:02 -05:00
Levi Bard
cd0eaa349c Enable updating additional account information from user preferences via rest api (#6789)
* Enable updating additional account information from user preferences via rest api
Resolves #6553

* Pacify rubocop

* Decoerce incoming settings in UserSettingsDecorator

* Create user preferences hash directly from incoming credentials instead of going through ActionController::Parameters

* Clean up user preferences update

* Use ActiveModel::Type::Boolean instead of manually checking stringified number equivalence
2018-04-08 13:43:10 +02:00
ThibG
1364e9e4ae Fix follow/unfollow buttons on public profile (fixes #7036) (#7040)
* Fix follow/unfollow buttons on public profile

- Present non-logged users with web+mastodon:// URLs for remote accounts
- Present logged-in users with appropriate links (authorize_follows and
  remote_unfollows) for remote accounts

* Do not cache rendered cards if user is logged in
2018-04-08 13:40:22 +02:00
Alda Marteau-Hardi
b65eb00c53 Prevent admins and moderators eavesdropping in private and direct toots (#7067)
Fix #6986
2018-04-07 21:33:01 +02:00
Jenkins
6611100480 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-04-03 19:17:20 +00:00
Emelia Smith
2e59751823 Improve require_admin! and require_staff! filters (#7018)
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
2018-04-03 13:07:32 +02:00
Emelia Smith
e85cffb236 Feature: Report improvements (#6967) (#7000)
* Implement Assignment of Reports (#6967)

* Change translation of admin.report.comment.label to "Report Comment" for clarity

As we'll soon add the ability for reports to have comments on them, this clarification makes sense.

* Implement notes for Reports

This enables moderators to leave comments about a report whilst they work on it

* Fix display of report moderation notes

* Allow reports to be reopened / marked as unresolved

* Redirect to reports listing upon resolution of report

* Implement "resolve with note" functionality

* Add inverse relationship for report notes

* Remove additional database querying when loading report notes

* Fix tests for reports

* Fix localisations for report notes / reports
2018-04-02 22:04:14 +02:00
Emelia Smith
e7a1716701 Implement the ability for an Administrator or Moderator to remove an account avatar (#6998) 2018-04-02 13:45:07 +02:00
David Yip
eb39db7f93
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts:
 	app/javascript/mastodon/locales/en.json
 	app/javascript/mastodon/locales/ja.json
 	app/javascript/mastodon/locales/pl.json
 	app/views/accounts/_header.html.haml
2018-04-01 20:24:50 -05:00
Eugen Rochko
33513753b9
Fix unpermitted parameters warning when generating pagination URLs (#6995) 2018-04-02 02:09:50 +02:00
beatrix
01bad04efd
Merge pull request #408 from ThibG/glitch-soc/fixes/admin-js
Add “public” pack to admin controller, as it is included in upstream …
2018-03-30 14:50:19 -04:00
Thibaut Girka
b305e7452a Add “public” pack to admin controller, as it is included in upstream admin layout
Fixes CW unfolding in moderation
2018-03-30 18:16:47 +02:00
Thibaut Girka
167a2ecde0 Fix migration page style 2018-03-30 15:26:12 +02:00
Jenkins
f2a9a13b32 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-03-18 16:17:15 +00:00
Eugen Rochko
39f27b6cf3
If DEFAULT_LOCALE is set, enforce it instead of HTTP request locale (#6817)
Fix #6784
2018-03-18 16:57:04 +01:00
Jenkins
a0724cd742 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-03-11 09:17:21 +00:00
abcang
37b043d447 Improve performance of account_media_status_ids (#6729) 2018-03-10 17:44:26 +01:00
Jenkins
447d7e6127 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-03-09 00:17:17 +00:00
Eugen Rochko
a29d409e20
If login redirects to omniauth, redirect logout to root_path (#6694)
Fix #6670
2018-03-08 11:18:26 +01:00
Akihiko Odaki
a38dbd9c8a Redirect from Web tag timeline to public tag timeline if not signed in (#6633)
This is also implemented in Pawoo:
ceafdbd1bb
2018-03-05 19:29:36 +01:00
Akihiko Odaki
51d760960c Set the default locale in config (#6580)
Previously the default locale was set by Localized concern for controllers,
but it was not enforced for mailers.

config is enforced throughout the application and an appropriate place to
set the default locale.
2018-03-04 09:21:35 +01:00
Eugen Rochko
9110db41c5
Federate pinned statuses over ActivityPub (#6610)
* Federate pinned statuses over ActivityPub

* Display pinned toots in web UI

Fix #6117

* Fix migration

* Fix tests

* Update outbox_serializer.rb

* Update remove_serializer.rb

* Update add_serializer.rb

* Update fetch_featured_collection_service.rb
2018-03-04 09:19:11 +01:00
David Yip
1b8fcd4df5
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
 	README.md
 	app/controllers/follower_accounts_controller.rb
 	app/controllers/following_accounts_controller.rb
 	app/serializers/rest/instance_serializer.rb
 	app/views/stream_entries/_simple_status.html.haml
 	config/locales/simple_form.ja.yml
2018-03-02 21:46:44 -06:00
Eugen Rochko
68218d97c8
Add only_media param to public and hashtag timelines API (#6576) 2018-03-01 03:21:21 +01:00
Eugen Rochko
fce8464077
Ensure that boolean params in the API are parsed for truthiness (#6575)
Use Rails smart boolean cast to account for values such as "f",
"0", "false", etc. Previously, if a param was present in the request,
it would count as true.
2018-03-01 02:47:59 +01:00
Eugen Rochko
47bdb9b33b
Fix #942: Seamless LDAP login (#6556) 2018-02-28 19:04:53 +01:00
Eugen Rochko
41a01bec23
Federated reports (#6570)
* Fix #2176: Federated reports

* UI for federated reports

* Add spec for ActivityPub Flag handler

* Add spec for ReportService
2018-02-28 06:54:55 +01:00
Eugen Rochko
18513a978a
Improve public account cards (#6559)
- Add follow/unfollow/remote follow buttons
- Format the bio properly
- Always show username@domain, even for local accounts
2018-02-26 16:18:41 +01:00
Ian McCowan
c33931b613 Fix prev/next links on public profile page (#6497)
* Fix prev/next links on public profile page

* Don't make pagination urls if no available statuses

* Fix empty check method

* Put left chevron before prev page link

* Add scope for pagination "starting at" a given id

* Status pagination try 2:

s/prev/older and s/next/newer
"older" on left, "newer" on right
Use new scope for "newer" link
Extract magic 20 page size to constant
Remove max_id from feed pagination as it's not respected

* Reinstate max_id for accounts atom stream

* normalize
2018-02-26 03:31:28 +01:00
imncls
3afc6174f5
Fix data export page error 2018-02-24 00:29:26 +09:00
imncls
bb6988a7ac
Merge branch 'master' of https://github.com/tootsuite/mastodon
# Conflicts:
#	app/controllers/settings/exports_controller.rb
#	app/models/media_attachment.rb
#	app/models/status.rb
#	app/views/about/show.html.haml
#	docker_entrypoint.sh
#	spec/views/about/show.html.haml_spec.rb
2018-02-23 23:28:31 +09:00
Ghislain Loaec
e668180044 New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540) 2018-02-23 01:16:17 +01:00
Eugen Rochko
c71aa468b5
Redesign landing page (again) (#6486)
* Redesign landing page (again)

* Move login form in small version to the right column

* Display closed registrations message

* Add site setting for the hero image

* Fix test

* Increase spacing, maximum width, change call to action section
2018-02-22 01:03:48 +01:00
Eugen Rochko
d8bc64bb09
Fix #6526: Only store redirect location if not in JSON format (#6528) 2018-02-22 00:51:30 +01:00
Eugen Rochko
90f12f2e5a
Focal points (#6520)
* Add focus param to media API, center thumbnails on focus point

* Add UI for setting a focal point

* Improve focal point icon on upload item

* Use focal point in upload preview

* Add focalPoint property to ActivityPub

* Don't show focal point button for non-image attachments
2018-02-22 00:35:46 +01:00
Eugen Rochko
4bc625166e
Fix bug in relationships API introduced by #6482 (#6527)
It was merge when it needed to be deep_merge. And added some tests
2018-02-21 23:22:12 +01:00
Eugen Rochko
61ed133fea
Account archive download (#6460)
* Fix #201: Account archive download

* Export actor and private key in the archive

* Optimize BackupService

- Add conversation to cached associations of status, because
  somehow it was forgotten and is source of N+1 queries
- Explicitly call GC between batches of records being fetched
  (Model class allocations are the worst offender)
- Stream media files into the tar in 1MB chunks
  (Do not allocate media file (up to 8MB) as string into memory)
- Use #bytesize instead of #size to calculate file size for JSON
  (Fix FileOverflow error)
- Segment media into subfolders by status ID because apparently
  GIF-to-MP4 media are all named "media.mp4" for some reason

* Keep uniquely generated filename in Paperclip::GifTranscoder

* Ensure dumped files do not overwrite each other by maintaing directory partitions

* Give tar archives a good name

* Add scheduler to remove week-old backups

* Fix code style issue
2018-02-21 23:21:32 +01:00
Jenkins
1445ba1703 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-02-19 15:17:14 +00:00
Konrad Pozniak
bb26cdda24 add parameter locked to /api/v1/update_credentials (#6506) 2018-02-18 22:57:53 +01:00
David Yip
3d033a4687
Merge remote-tracking branch 'tootsuite/master' into merge-upstream
Conflicts:
	Gemfile
	config/locales/simple_form.pl.yml
2018-02-17 00:02:37 -06:00
Eugen Rochko
9dbae6e8a1
Save video metadata and improve video OpenGraph tags (#6481)
* Save metadata from video attachments, put correct dimensions into OG tags

* Add twitter:player for videos

* Fix code style and test
2018-02-16 07:22:20 +01:00
David Yip
020b40efdb
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
	.travis.yml
	app/lib/user_settings_decorator.rb
	app/models/user.rb
	app/serializers/initial_state_serializer.rb
	app/views/stream_entries/_detailed_status.html.haml
	app/views/stream_entries/_simple_status.html.haml
	config/locales/simple_form.en.yml
2018-02-09 09:25:53 -06:00
Eugen Rochko
76f3d5d16b
Add preference to always display sensitive media (#6448) 2018-02-09 00:26:57 +01:00
Jenkins
5ba2c300d8 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-02-08 23:17:14 +00:00
abcang
cf32f7da5c Fix response of signature_verification_failure_reason (#6441) 2018-02-08 05:00:45 +01:00
David Yip
a6fb1c58ee
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
	.env.production.sample
	app/controllers/auth/confirmations_controller.rb
	db/schema.rb
2018-02-04 16:36:19 -06:00
abcang
3f35d43222 Exclude nil from relationships array (#6427) 2018-02-04 12:32:10 +01:00
Renato "Lond" Cerqueira
4e4f1b0dcb Add option to show only local toots in timeline preview (#6292)
* Add option to show only local toots in timeline preview
Right know, toots from all the known fediverse are shown in the main
page of an instance. That however doesn't reflect the instance itself.
With this option the admin may choose to display only local toots so
that users checking the instance get a better idea of internal
conversations.

* Fix issues pointed by codeclimate and eslint

* Add default message for community timeline

* Update pl.yml
2018-02-04 06:00:10 +01:00
Eugen Rochko
26f21fd5a0
CAS + SAML authentication feature (#6425)
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
2018-02-04 05:42:13 +01:00
David Yip
4c1fd9a19c
Merge remote-tracking branch 'tootsuite/master' into merge-upstream
Conflicts:
      app/javascript/styles/mastodon/components.scss
2018-02-02 08:39:52 -06:00
ThibG
ac1093256c Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207) 2018-02-02 10:54:04 +01:00
puckipedia
8e4cf6282b Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) 2018-02-02 10:19:59 +01:00
Alexander
04fef7b888 pam authentication (#5303)
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
2018-02-02 10:18:55 +01:00
Jenkins
0e10667fbe Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-24 19:17:11 +00:00
Eugen Rochko
1cc44cba81
Fix #6331 (#6341)
UserTrackingConcern is circumvented by SessionsController#create
because it calls warden, which calls the User#update_tracked_fields!
method directly. Move returning user logic to that method.
2018-01-23 20:52:30 +01:00
Akihiko Odaki
613e7c7521 Rename ResolveRemoteAccountService to ResolveAccountService (#6327)
The service used to be named ResolveRemoteAccountService resolves local
accounts as well.
2018-01-22 14:25:09 +01:00
David Yip
1253279feb
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
	app/controllers/settings/two_factor_authentication/confirmations_controller.rb
2018-01-21 13:36:10 -06:00
Aboobacker MK
112b1fa265 Redirect to 2FA creation page when otp_secret is not available (#6314) 2018-01-21 13:21:28 +01:00
David Yip
2ca965c704
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
	app/javascript/styles/mastodon/components.scss
	app/javascript/styles/mastodon/modal.scss
2018-01-19 15:22:10 -06:00
Eugen Rochko
9b3b40df66
Fix regeneration marker not expiring (#6290)
* Fix regeneration key not getting expired

* Add rake task to remove old regeneration markers
2018-01-18 20:29:56 +01:00
David Yip
201e82686f
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts:
      app/javascript/styles/mastodon/components.scss
2018-01-17 18:37:09 -06:00
Eugen Rochko
7badad7797
Fix home regeneration (#6251)
* Fix regeneration marker not being removed after completion

* Return HTTP 206 from /api/v1/timelines/home if regeneration in progress
Prioritize RegenerationWorker by putting it into default queue

* Display loading indicator and poll home timeline while it regenerates

* Add graphic to regeneration message

* Make "not found" indicator consistent with home regeneration
2018-01-17 23:56:03 +01:00
Jenkins
aa2bf07281 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-17 16:17:10 +00:00
りんすき
fbe7756da6 implement web share target (#6278)
* web share target

* fix

* fix
2018-01-17 17:08:10 +01:00
Jenkins
0c7dc6c781 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-15 06:17:15 +00:00
Patrick Figel
537d2939b1 Suppress CSRF token warnings (#6240)
CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.

This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
2018-01-15 06:51:23 +01:00
David Yip
395e64e858
Thank you, Officer Murphy 2018-01-10 12:10:43 -06:00
David Yip
514db316f7
The flavour parameter is unused, so omit it (#317) 2018-01-10 12:09:42 -06:00
David Yip
6fcb870d96
Allow for user object to be empty. Fixes #317.
If a flavour has only one skin, the skin selector will be omitted.  This
omits the user[setting_skin] field, and because that's the only
user[...] field on the page, the entire user object will not be present
in the request handler's params object.

This commit accounts for that scenario by avoiding params.require(:user)
and instead picking out what we need from the params hash.
2018-01-10 12:09:42 -06:00
Jenkins
7c719c567c Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-09 05:17:13 +00:00
nightpool
c235711ffe Refactor /api/web APIs to use the centralized axios instance (#6223)
Also adds the ability to decouple the centralized axios logic from the
state dispatcher
2018-01-08 20:01:33 +01:00
Jenkins
f839ac694c Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-08 10:17:15 +00:00
Eugen Rochko
dbda87c31f
Revert #5772 (#6221) 2018-01-08 10:57:52 +01:00
David Yip
f7c4d4464b
Merge remote-tracking branch 'personal/merge/tootsuite/master' into gs-master 2018-01-07 13:30:52 -06:00
David Yip
70c99a9f34
Use error pack when rendering error pages. Fixes #305. 2018-01-07 13:30:17 -06:00
Jenkins
c2e1bfd9ae Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-07 15:17:13 +00:00
Yamagishi Kazutoshi
1d92b90be9 Fix force_ssl conditional (#6201) 2018-01-07 15:19:23 +01:00
Yamagishi Kazutoshi
da809f9eec Fix unintended cache (#6214) 2018-01-07 15:12:59 +01:00
David Yip
5083311d64
Merge remote-tracking branch 'ykzts/fix-unintended-cache' into gs-master 2018-01-07 00:32:24 -06:00
Yamagishi Kazutoshi
2af307bce4 Fix unintended cache 2018-01-07 14:59:12 +09:00
Jenkins
f6adb409fd Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-05 22:17:12 +00:00
TheKinrar
95bd85d9e8 Represent numbers by strings in instance activity API (#6198)
Fixes #6197.
2018-01-05 22:38:33 +01:00
Jenkins
c69a23ae46 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-04 23:17:11 +00:00
ThibG
3bee0996c5 Make sure private toots remain private and do not end up in HTTP caches (#6175) 2018-01-04 14:39:38 +01:00
Eugen Rochko
c10f4bdb03
Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00
Jenkins
fc884d015a Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-03 20:17:13 +00:00