* Add option to block direct messages from people you don't follow
Fix#5326
* If the DM responds to a toot by recipient, allow it through
* i18n: Update Polish translation (for #5669) (#5673)
* Add moderator role and add pundit policies for admin actions
* Add rake task for turning user into mod and revoking it again
* Fix handling of unauthorized exception
* Deliver new report e-mails to staff, not just admins
* Add promote/demote to admin UI, hide some actions conditionally
* Fix unused i18n
* Show the local couterpart of emoji when it exists in admin/custom_emojis
* Fix indentation
* Fix error
* Add class table-action-link to Overwrite link
* Make it enable to overwrite emojis
* Make Code Climate happy
Glitch::KeywordMute's name is inferred as glitch_keyword_mutes, and in
templates this turns into e.g. settings/glitch/keyword_mutes. Going
along with this convention means a lot of file movement, though, and for
a UI that's as temporary and awkward as this one I think it's less
effort to slap a bunch of as: options everywhere.
We'll do the Right Thing when we build out the API and frontend UI.
This should eventually be accessible via the API and the web frontend,
but I find it easier to set up an editing interface using Rails
templates and the like. We can always take it out if it turns out we
don't need it.
* Swedish file added
* Swedish file added
* Swedish file updated
* Swedish languagefile added
* Add Swedish translation
* Add Swedish translation
* Started the Swedish translation
* Added Swedish lang settings
* Updating Swedish language
* Updating Swedish language
* Updating Swedish language
* Updating Swedish language
* Updating Swedish language
* Updating Swedish language
* Swedish language completed and added
* Swedish language Simple_form added
* Swedish language Divise added
* Swedish language doorkeeper added
* Swedish language - now all file complete
* Add option to reduce motion
* Use HOC to wrap all Motion calls
* fix case-sensitive issue
* Avoid updating too frequently
* Get rid of unnecessary change to _simple_status.html.haml
- 500.html generated with admin-set default locale if set
- Error page `<title>` includes Mastodon site title
- 500 title changed to "This page is not
correct" (ref: <https://www.youtube.com/watch?v=2VCAP_seh1A>)
- 500 content appended with "on our end" to make clear it's
not user's fault
* Add emoji autosuggest
Some credit goes to glitch-soc/mastodon#149
* Remove server-side shortcode->unicode conversion
* Insert shortcode when suggestion is custom emoji
* Remove remnant of server-side emojis
* Update style of autosuggestions
* Fix wrong emoji filenames generated in autosuggest item
* Do not lazy load emoji picker, as that no longer works
* Fix custom emoji autosuggest
* Fix multiple "Custom" categories getting added to emoji index, only add once
* Add support for selecting a theme
* Fix codeclimate issues
* Look up site default style if current user is not available due to e.g. not being logged in
* Remove outdated comment in common.js
* Address requested changes in themes PR
* Fix codeclimate issues
* Explicitly check current_account in application controller and only check theme availability if non-nil
* codeclimate
* explicit precedence with &&
* Fix code style in application_controller according to @nightpool's suggestion, use default style in embedded.html.haml
* codeclimate: indentation + return
* Custom emoji
- In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />`
- In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }`
- In REST API: Status object includes `emojis` array (`shortcode`, `url`)
- Domain blocks with reject media stop emojis
- Emoji file up to 50KB
- Web UI handles custom emojis
- Static pages render custom emojis as `<img />` tags
Side effects:
- Undo #4500 optimization, as I needed to modify it to restore
shortcode handling in emojify()
- Formatter#plaintext should now make sure stripped out line-breaks
and paragraphs are replaced with newlines
* Fix emoji at the start not being converted
* So Spanish. Much changes. Wow.
* Some little fixes
* Updated es.yml, and fixed some ortographical errors
* Some little changes to simple_form.es.yml
* Yeah, so much translations
* Spanish e-mail messages
* Remove unused message
* zh-*: transition from "like" back to "fav"
This commit reverts the translation for the yellow-star "fav" button
back to "fav" in Chinese. Some ambuiguity between "like" and "fav" is
deliberately used in zh-TW/HK by using the existing phrase "最爱"
(favorite (adj.), lit. love-most) instead of "收藏" (favourite (v.),
"collect") in some instances.
Fixes#3511.
* zh-*: apply suggestions for PR #4557
* zh-cn: de-monetize ya account
In Chinese two separate characters, 账 and 帐, can be used to spell the
word for account (账/帐户). However, the one with a 贝 on the left is
evolved from the latter specifically for monetary purposes. Since
people usually can't figure out which one to use, it might be a good
idea to use the original not-so-money one.
* zh-*: complete jsx translation
* Adjust landing pages 2
Fix styles of terms page
Remove action buttons from timeline in about page
Adjust styles of short description
Adjust form inputs
Set autocomplete off for username and email box in registration form. Remove line breakings.
* Revert removing action buttons
* Redesign video player
* Use new video player on static public pages too
* Use media gallery component on static public pages too
* Pause video when hiding it
* Full-screen sizing on WebKit
* Add aria labels to video player buttons
* Display link card on public status page
* Fix fullscreen from modal sizing issue
* Remove contain: strict property to fix fullscreen from columns
This PR adds section for protocol specific information, then always show
both of OStatus and ActivityPub. Specifically, this will help admins to
check PuSH subscription status and unsubscribe manually, even `protocol`
has been changed.
This also includes below changes:
* Add `overflow: hidden` to prevent float leaking
* Add missing fields for ActivityPub
When a new user confirms their e-mail, bootstrap their home timeline
by automatically following a set of accounts. By default, all local
admin accounts (that are unlocked). Can be customized by new admin
setting (comma-separated usernames, local and unlocked only)
* Fix language filter codes
CLD3 returns BCP-47 language identifier, filter settings expect
identifiers in the ISO 639-1 format. Convert between formats,
and exclude duplicate languages from filter choices (zh-CN->zh)
* Fix zh name
* Adjust status embeds
Adjust styles of embed code. Adjust styles of embed pages. Fix overflow of embed-modal.
* Remove trailing whitespace
* Using width from the variable
- Use statuses controller for embeds instead of stream entries controller
- Prefer /@:username/:id/embed URL for embeds
- Use /@:username as author_url in OEmbed
- Add follow link to embeds which opens web intent in new window
- Use redis cache in development
- Cache entire embed
* Add code for creating/managing apps to settings section
* Add specs for app changes
* Fix controller spec
* Fix view file I pasted over by mistake
* Add locale strings. Add 'my apps' to nav
* Add Client ID/Secret to App page. Add some visual separation
* Fix rubocop warnings
* Fix embarrassing typo
I lost an `end` statement while fixing a merge conflict.
* Add code for creating/managing apps to settings section
- Add specs for app changes
- Add locale strings. Add 'my apps' to nav
- Add Client ID/Secret to App page. Add some visual separation
- Fix some bugs/warnings
* Update to match code standards
* Trigger notification
* Add warning about not sharing API secrets
* Tweak spec a bit
* Cleanup fixture creation by using let!
* Remove unused key
* Add foreign key for application<->user
* Add protocol field
* Switch protocol specific information according to active protocol
* Hide PuSH subscription related buttons if ActivityPub is active
* Allow domain blocks to reject media without silencing or suspending
* Fix typo
* Hide 'Reject media' button when superfluous, instead of disabling it
* Properly hide 'reject media' checkbox on page load if needed
This may happen when resubmitting the domain block form after an error.
* Don't ask whether undoing a media-only block should be retroactive
* Rename :media_only block to :noop
* Display :noop block as None in frontend, allow blocks that do nothing
* Remove 'coding' line auto-added by emacs
* Improve webfinger templates and make tests more flexible
* Clean up AS2 representation of actor
* Refactor outbox
* Create activities representation
* Add representations of followers/following collections, do not redirect /users/:username route if format is empty
* Remove unused translations
* ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better
URL/URI generation
* Add ActivityPub::TagManager#to
* Represent all attachments as Document instead of Image/Video specifically
(Because for remote ones we may not know for sure)
Add mentions and hashtags representation to AP notes
* Add AP-resolvable hashtag URIs
* Use ActiveModelSerializers for ActivityPub
* Clean up unused translations
* Separate route for object and activity
* Adjust cc/to matrices
* Add to/cc to activities, ensure announce activity embeds target status and
not the wrapper status, add "id" to all collections
* chore(yarn): Install babel-plugin-preval as development dependency
* feat(babel): Add preval as a plugin
* feat(emojione_light): Prevaled module what tree-shaked emojione
* refactor(emoji): Use emojione_light
* feat: Preload emojione_picker bundle
* fix(emojione_light): Do not use Object.entries
* fix(emojify): Update tests
* chore(emojione_light): Remove silly ascii art
* First lame pass at adding optional git commit hash display on /about/more page.
Currently, this is implemented by checking for the existence of a file called CURRENT_RELEASE in the home directory of the user running Mastodon. If the file exists, its contents are added.
I've modified my update process to include the following before precompiling assets:
git log -1 | head -n 1 | cut -d " " -f2 > ~/CURRENT_RELEASE
That puts the current commit hash into the file ~/CURRENT_RELEASE, but you figured that out because you're a smart cookie.
As I am quite sure this is a horrible methodology for implementing this, I look forward to any improvements you have to offer!
* Updated to handle instances that share a user - the CURRENT_RELEASE file now lives in the instance's base directory.
This also requires modifying the update hook to `git log -1 | head -n 1 | cut -d " " -f2 > CURRENT_RELEASE`
* Redesign the landing page, mount public timeline on it
* Adjust the standalone mounted component to the lacking of router
* Adjust auth layout pages to new design
* Fix tests
* Standalone public timeline polling every 5 seconds
* Remove now obsolete translations
* Add responsive design for new landing page
* Address reviews
* Add floating clouds behind frontpage form
* Use access token from public page when available
* Fix mentions and hashtags links, cursor on status content in standalone mode
* Add footer link to source code
* Fix errors on pages that don't embed the component, use classnames
* Fix tests
* Change anonymous autoPlayGif default to false
* When gif autoplay is disabled, hover to play
* Add option to hide the timeline preview
* Slightly improve alt layout
* Add elephant friend to new frontpage
* Display "back to mastodon" in place of "login" when logged in on frontpage
* Change polling time to 3s
* Added a success page to remote following
Includes follow-through links to web (the old redirect target) and back to the remote user's profile
* Use Account.new in spec instead of a fake with only id
(fixes spec)
* Fabricate(:account) over Account.new
* Remove self from the success text
(and all HTML with it)
* Changement de « Changement de mot de passe » en « Sécurité »
* Suppression de « (Two-factor auth) »
Change la valeur de la chaîne « two_factor_authentication » de « Identification à deux facteurs (Two-factor auth) » à « Identification à deux facteurs ».
La traduction anglaise entre parathentèse était redondante et gênait la lecture.
Change the value of the "two_factor_authentication" from "Identification à deux facteurs (Two-factor auth)" to "Identification à deux facteurs".
The English translation in brackets was superflous and was getting in the way of the reader.
* Remplace « ' » par « ’ »
Retire de la traduction les apostrophes droites « ' » (U+0027) au profit des apostrophes typographiques « ’ » (U+2019).
En typographie française, les apostrophes typographiques sont utilisées à la place des apostrophes droites. La traduction était jusqu’ici incohérente et utilisait les deux.
Remove from the translation all the vertical apostrophes (U+0027) in favor of the curly ones (U+2019).
In French typography, typographic apostrophes are used instead of vertical ones. The translation was incoherent and used both.
* Remplace « ... » par « … »
Remplace les séries de trois points par le caractère dédié « … » (U+2026).
Replace all the series of three dots by the dedicated character "…" (U+2026).
* Mise à jour
Crée config/locales/activerecord.fr.yml, ajoute de nouvelles chaînes et met à jour certains textes.
Les compteurs de caractères pour le pseudonyme et la biographie devrait maintenant pouvoir fonctionner même quand l’interface est en français.
Create config/locales/activerecord.fr.yml, add new strings et update some textes.
The caracters counters for the username and the biography should now work even when the interface is in French.
* Remplace « A » par « À »
Remplace « A » par « À » aux endroits où le mot est mal orthographié.
Replace "A" by "À" when the wrong word is used.
* Ajout d’espaces insécables
Ajoute des espaces insécables suivant les régles nécessaires en typographie française.
Add non-breaking spaces following rules of French typography.
* Remplace « certain » par « certain·e »
Harmonise la traduction en remplaçant « certain » par sa forme épicène.
Harmonize the translation by replacing "certain" (sure) by its epicene form.
* Corrige un angliscisme
Remplace « adresse e-mail » par « adresse électronique ».
Replace "adresse e-mail" (e-mail address) by "adresse électronique" (electronic address).
* add a system_font_ui setting on the server
* Plug the system_font_ui on the front-end
* add EN/FR locales for the new setting
* put Roboto after all other fonts
* remove trailing whitespace so CodeClimate is happy
* fix user_spec.rb
* correctly write user_spect this time
* slightly better way of adding the classes
* add comments to the system-font stack for clarification
* use .system-font for the class instead
* don't use multiple lines for comments
* remove trailing whitespace
* use the classnames module for consistency
* use `mastodon-font-sans-serif` instead of Roboto directly
* Use instance name in "password changed" mail
instead of "Mastodon".
Fixes tootsuite#2620.
* Use instance name in password reset mail
instead of "Mastodon".
* Fix#3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation
* Restore recovery code re-generation
* Improve display of some 2FA elements
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
* Add form for account deletion
* If avatar or header are gone from source, remove them
* Add option to have SuspendAccountService remove user record, add tests
* Exclude suspended accounts from search
- Use plaintext
- Strip out URLs
- Strip out mentions
- Strip out hashtags
- Strip out whitespace from "overall" count
- Consistent between JS and Ruby
This implementation is a bit smaller and still has the following benefits:
* No need of app/javascript/packs/custom.js
For custom stylesheet, it typically has only
"require('../styles/custom.scss')" and is redundant.
* No need to extract vendor stylesheet to another asset
Extracting vendor stylesheet could be forgotten by developers who do not
use custom stylesheet.
* Remove trailing whitespace in i18n mailers
* Use query methods instead of #present? on AR attributes
* Delegate Status#account_domain method
* Delegate Mention #account_username and #account_acct methods
* Set delete_modal preference to true by default
* Does not show confirmation modal if delete_modal is false
* Add ja translation for preference setting page
* Fix#2922 - Load stylesheet from "custom.css" entrypoint when present
This is pretty much the same way it worked as before, albeit with
having to create app/javascript/packs/custom.js with
require('../styles/custom.scss') (or whatever you want really), which
will be a blank slate for you to import whatever you want
* Remove old assets directory
* Extract font-awesome into common.css and always load it
- Increase coverage to exercise all parts of each action
- Move into namespace to share common code
- Misc refactor of each action for smaller methods, simpler code
* Only load Intl data for current language
* Extract common chunk only from application.js and public.js
* Generate locale packs, avoid caching on window object
* Persian translation update
* Persian translation update: new files
* Persian translation update
* activerecord.fa.yml language code
* Persian translation update
* fix indent
* Add buttons to block and unblock domain
* Relationship API now returns "domain_blocking" status for accounts,
rename "block entire domain" to "hide entire domain", fix unblocking domain,
do not block notifications from domain-blocked-but-followed people, do
not send Salmons to domain blocked users
* Add test
* Personal domain blocks shouldn't affect Salmon after all, since in this
direction of communication the control is very thin when it comes to
public stuff. Best stay consistent and not affect federation in this way
* Ignore followers and follow request from domain blocked folks,
ensure account domain blocks are not created for empty domain,
and avoid duplicates in validation
* Purge followers when blocking domain (without soft-blocks, since they
are useless here)
* Add tests, fix local timeline being empty when having any domain blocks
* Create common chunk rather than vendor chunk
vendor chunk is a set of modules provided by external vendors, but now we
can have a chunk as a set of modules shared by multiple entry points,
which could be more efficent than having vendor chunk.
* Start rails-ujs in common.js
This is used by /settings/two_factor_authentication.
* Add <ostatus:conversation /> tag to Atom input/output
Only uses ref attribute (not href) because href would be
the alternate link that's always included also.
Creates new conversation for every non-reply status. Carries
over conversation for every reply. Keeps remote URIs verbatim,
generates local URIs on the fly like the rest of them.
* Conversation muting - prevents notifications that reference a conversation
(including replies, favourites, reblogs) from being created. API endpoints
/api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute
Currently no way to tell when a status/conversation is muted, so the web UI
only has a "disable notifications" button, doesn't work as a toggle
* Display "Dismiss notifications" on all statuses in notifications column, not just own
* Add "muted" as a boolean attribute on statuses JSON
For now always false on contained reblogs, since it's only relevant for
statuses returned from the notifications endpoint, which are not nested
Remove "Disable notifications" from detailed status view, since it's
only relevant in the notifications column
* Up max class length
* Remove pending test for conversation mute
* Add tests, clean up
* Rename to "mute conversation" and "unmute conversation"
* Raise validation error when trying to mute/unmute status without conversation
* Fix regressions from #2683
Properly format spoiler text HTML, while keeping old logic for blankness intact
Process hashtags and mentions in spoiler text
Format spoiler text for Atom
Change "show more" toggle into a button instead of anchor
Fix style regression on dropdowns for detailed statuses
* Fix lint issue
* Convert spoiler text to plaintext in desktop notifications
* services: scan spoiler_text for hashtags (#699)
* views: link hashtags from spoiler_texts
This covers linking hashtags from within the spoiler
text on the server-generated pages.
* services: fix string concat going into hashtag RE
Cleaner Ruby syntax, may handle immutable strings better
* Updated Thai language
* locale: remove unused translation in Thai
* locale: add Thai to settings menu and application
* locale: fix activerecord.th.yml format
* Add Turkish yml file
* Add translation files for Turkish
* Deleted click_to_edit key and val
Deleted click_to_edit: Düzenlemek için ilgili ayara tıklayınız line
* follow the instructions for registering the language as stated on the Tootsuite's docs.
* Added translation strings from latest master
Adding ‏ characters to many strings that are misdirected in the interface.
A tiny grammar fix
Updates of Hebrew strings to v1.3.1
Hebrew translation of the mailer templates.
Fix strings and a missing comma.
Just discovered two string keys were updated. this should lay Travis' mind to rest at last.
Remove mentions before counting characters to decide RTL ratio
Fixes for PR #2573
updated strings for latest master
Undo RTL counting, moved out to another branch for future consideration...
* Update zh-CN translations.
* Update doorkeeper.zh-CN.yml
* Follow @Artoria2e5 's change advices.
* forget mail for text format ......
* fix some changes
* mail's html version ......
* https://github.com/tootsuite/mastodon/pull/2699#pullrequestreview-35982283
* a space.....
* delete some unused keys
* Replace browserify with webpack
* Add react-intl-translations-manager
* Do not minify in development, add offline-plugin for ServiceWorker background cache updates
* Adjust tests and dependencies
* Fix production deployments
* Fix tests
* More optimizations
* Improve travis cache for npm stuff
* Re-run travis
* Add back support for custom.scss as before
* Remove offline-plugin and babili
* Fix issue with Immutable.List().unshift(...values) not working as expected
* Make travis load schema instead of running all migrations in sequence
* Fix missing React import in WarningContainer. Optimize rendering performance by using ImmutablePureComponent instead of
React.PureComponent. ImmutablePureComponent uses Immutable.is() to compare props. Replace dynamic callback bindings in
<UI />
* Add react definitions to places that use JSX
* Add Procfile.dev for running rails, webpack and streaming API at the same time
* follow the instructions for registering the language as stated on the Tootsuite's docs.
* Added translation strings from latest master
Adding ‏ characters to many strings that are misdirected in the interface.
A tiny grammar fix
Updates of Hebrew strings to v1.3.1
Hebrew translation of the mailer templates.
Fix strings and a missing comma.
Just discovered two string keys were updated. this should lay Travis' mind to rest at last.
Remove mentions before counting characters to decide RTL ratio
Fixes for PR #2573
updated strings for latest master
Undo RTL counting, moved out to another branch for future consideration...
* Added Italian Translation of the following files:
Changes to be committed:
new file: app/views/user_mailer/confirmation_instructions.it.html.erb
new file: app/views/user_mailer/confirmation_instructions.it.text.erb
new file: app/views/user_mailer/password_change.it.html.erb
new file: app/views/user_mailer/password_change.it.text.erb
new file: app/views/user_mailer/reset_password_instructions.it.html.erb
new file: app/views/user_mailer/reset_password_instructions.it.text.erb
* Added italian translation
Changes to be committed:
new file: config/locales/activerecord.it.yml
* Naive approached to timeline filtering
* Convert allowed_languages into a db column
* Allow users to choose languages to see statuses in
* Style list items as two columns
* Add a hint to explain language filtering preference
* Add render_views in more places
* Delegate methods from account to user with allow nil true, so that admin accounts show view renders when missing a user
* Use actual account instances in authorize follow controller spec
In #2505, the authorize_follow views were renamed to
authorize_follows. This change was not applied in the show view
of admin/reports, which causes a 500 when reports are viewed.
* OEmbed support for PreviewCard
* Improve ProviderDiscovery code failure treatment
* Do not crawl links if there is a content warning, since those
don't display a link card anyway
* Reset db schema
* Fresh migrate
* Fix rubocop style issues
Fix#1681 - return existing access token when applicable instead of creating new
* Fix test
* Extract http client to helper
* Improve oembed controller
* Fix syntax error
* Remove two_factor_auth.warning (appears obsolete)
* Add missing strings in ru.yml
A lot of new strings translated, especially for the newly added admin section
* Update Russian translation
* Fix merge conflicts
Redid Works by @rkarabut
* Fixes#1985
- add migration AddMediaAttachmentMeta, which add meta field to media_attachments
- before saving attachment, set file meta if needed
- add meta in api
* add spec
* align the “size” format for image and video
* fix code climate
* fixes media_attachment_spec.rb
* Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes.
* Fix code style and test failures for OutboxController.
* Attempt to fix CI errors.
* Add failing spec for oauth/authorized_applications controller
* Use explicit reference to flashes partial from admin layout
Because some of the controllers which use the admin layout do not inherit from
application controller, this partial is not in their view path.
* Expose media attachments on reported statuses directly
* Comment out unused bulk report checkbox. Add title to report comment for viewing full comment. Add 'contents' column, with icons and numerical indicators to show the number of referenced statuses and media attachments in the report
* Link account name on authorize_follow card back to account
* Add localisation string for report_contents
* Show new admin accounts card partial on report view. Apply simple_format to report comment so newlines are preserved.
* Add new admin accounts card partial, for display quick useful admin stats (e.g. report history, moderation status).
* Fix localized variable
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers
* Authorized followers controller, stub for bulk action
* Soft block in the background
* Add simple test for new controller
* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
* Clean up collapsible components
* Expose user Outboxes and AS2 representations of statuses
* Save work thus far.
* Fix bad merge.
* Save my work
* Clean up pagination.
* First test working.
* Add tests.
* Add Forbidden error template.
* Revert yarn.lock changes.
* Fix code style deviations and use localized instead of hardcoded English text.
* Shows confirmed status in list.
* Adds ability to confirm users in admin UI.
* Added new english translations.
* Addresses feedback from #2245.
* More feedback.
* Add spec coverage for settings/two_factor_auth area
* extract setup method for qr code
* Move otp required check to before action
* Merge method only used once
* Remove duplicate view
* Consolidate creation of @codes for backup
* Move settings/2fq#recovery_codes to settings/recovery_codes#create
* Rename settings/two_factor_auth#disable to #destroy
* Add coverage for the otp required path on 2fa#show
* Clean up the recovery codes list styles
* Move settings/two_factor_auth to settings/two_factor_authentication
* Reorganize the settings two factor auth area
Updated to use a flow like:
- settings/two_factor_authentication goes to a #show view which has a button
either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
codes
- that create action shares a view with a recovery codes controller which can be
used separately to reset codes if needed
ysksn