Commit Graph

852 Commits (b1a219552e935d0c988e1f20b9fdceeb042d2c2d)

Author SHA1 Message Date
Eugen Rochko d21251f8fe
Remove unused assets (#18541) 2022-05-27 20:05:34 +02:00
Yamagishi Kazutoshi e925b06721
Fix languages dropdown on light theme (#18460) 2022-05-19 19:26:19 +02:00
Eugen Rochko 0cdb077570
Add language dropdown to compose in web UI (#18420) 2022-05-16 11:18:35 +02:00
Eugen Rochko b4d373a3df
Add `limited` attribute to accounts in REST API and a warning in web UI (#18344) 2022-05-10 09:44:35 +02:00
Claire 5a448d0d71
Fix floating action button obscuring last element (#18332)
Fixes #18331

Add some padding below the last element of scrollable lists when the FAB is
shown in order for users to always be able to fully see the last element.
2022-05-06 21:40:49 +02:00
Eugen Rochko 7e244879fe
Change "Conversations" back to "Direct messages" and add warning in web UI (#18289)
Partially reverts #18146
2022-05-03 09:09:09 +02:00
Eugen Rochko a8e27ac4d1
Fix being able to scroll away from the loading bar in web UI (#18170) 2022-04-29 00:15:27 +02:00
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00
Claire 2de5128e66
Fix regression of status colors in actions modal in web UI (#17903)
Fixes #17900

Regression in #17844 (#17851 restored the code in the wrong place…)
2022-03-29 22:55:37 +02:00
Eugen Rochko 2de44d3e47
Fix regression of status colors in actions modal in web UI (#17851)
Regression in #17844
2022-03-22 18:20:08 +01:00
Eugen Rochko d5df9d4797
Fix wrong position of fade-out element in account card in web UI (#17846) 2022-03-22 11:58:13 +01:00
Eugen Rochko 4e9855e09a
Add hint about missing media attachment description in web UI (#17845) 2022-03-22 09:48:12 +01:00
Eugen Rochko 69f9dc4f4e
Fix color of show more link in report dialog in web UI (#17844) 2022-03-22 06:08:05 +01:00
Claire 64d2988d18
Fix edit history dropdown and modal in light theme (#17740)
Fixes #17739
2022-03-10 17:59:23 +01:00
Claire 29ee3c61a3
Fix report dialog being illegible using mastodon-light theme (#17734)
Fixes #17726
2022-03-10 00:11:15 +01:00
Eugen Rochko 9f2791eb64
Add polls and media attachments to edit comparison modal in web UI (#17727) 2022-03-09 21:15:24 +01:00
Eugen Rochko bd53dd5210
Change design of federation pages in admin UI (#17704)
* Change design of federation pages in admin UI

* Fix query performance in instance media attachments measure

* Fix reblogs being included in instance languages dimension
2022-03-09 08:52:32 +01:00
Eugen Rochko dba4be1038
Change appearance of account cards in web UI (#17689)
* Change appearance of account cards in web UI

* Various fixes and improvements

* Various fixes and improvements
2022-03-07 11:38:52 +01:00
Josh Soref b5329e0035
Spelling (#17705)
* spelling: account

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: affiliated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: appearance

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: autosuggest

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: cacheable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: component

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: conversations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: domain.example

Clarify what's distinct and use RFC friendly domain space.

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: environment

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: exceeds

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: functional

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: inefficiency

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: not

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: notifications

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: occurring

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: position

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: progress

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: promotable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: reblogging

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: repetitive

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: resolve

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: saturated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: similar

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: strategies

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: success

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: targeting

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: thumbnails

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unauthorized

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unsensitizes

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: validations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: various

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2022-03-06 22:51:40 +01:00
Claire c0c4b5718d
Change visual separation of applications in authorized apps list (#17686) 2022-03-02 20:28:25 +01:00
Eugen Rochko 25d3dc4373
Add ability to mark statuses as sensitive from reports in admin UI (#17668)
* Add ability to mark statuses as sensitive from reports in admin UI

* Allow mark as sensitive action on statuses with preview cards
2022-03-01 22:20:29 +01:00
Eugen Rochko 50ea54b3ed
Change authorized applications page (#17656)
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
2022-03-01 16:48:58 +01:00
Claire 57814a98a9
Fix remote reports with comments revealing remote reporter (#17652)
* Display username rather than display name in report comment

For consistency with report notes and appeals

* Fix remote reports with comments revealing remote reporter

* Display instance name in placeholder

* Make instance name in report comment a link to the federation admin page

* Normalize i18n file
2022-02-26 21:14:12 +01:00
Claire 255748dff4
Fix media modal footer's “external link” not being a link (#17561) 2022-02-25 01:20:41 +01:00
Eugen Rochko d4592bbfcd
Add explore page to web UI (#17123)
* Add explore page to web UI

* Fix not removing loaded statuses from trends on mute/block action
2022-02-25 00:34:33 +01:00
Eugen Rochko 27965ce5ed
Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko a9a43de6d1
Change report modal to include category selection in web UI (#17565)
* Change report modal to include category selection in web UI

* Various fixes and improvements

- Change thank you text to be different based on category
- Change starting headline to be different for account and status reports
- Change toggle components to have a checkmark when checked
- Fix report dialog being cut off on small screens
- Fix thank you screen offering mute or block if already muted or blocked
- Refactor toggle components in report dialog into one component

* Change wording on final screen

* Change checkboxes to be square when multiple options are possible
2022-02-23 20:03:46 +01:00
Eugen Rochko 51e67f3243
Fix link colors in report and strike details (#17616) 2022-02-22 15:27:25 +01:00
Eugen Rochko 8338826963
Fix wrong styles on strike page (#17615) 2022-02-22 06:20:04 +01:00
Claire 00b45b967e
Fix edge case where settings/admin page sidebar would be incorrectly hidden (#17580) 2022-02-16 21:44:19 +01:00
Eugen Rochko 564efd0651
Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko bbd3474416
Fix privacy policy link not being visible on small screens (#17533)
Fix #17482
2022-02-13 02:52:34 +01:00
Eugen Rochko e848d281d5
Fix layout of the report page on smaller screens in admin UI (#17523)
Fix #17491
2022-02-12 01:08:23 +01:00
Eugen Rochko d0fcf07436
Change actions in reports to require only one click (#17487) 2022-02-11 21:51:57 +01:00
Eugen Rochko fd3a45e348
Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Eugen Rochko 1060666c58
Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Eugen Rochko 14f436c457
Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire 40f202c1e5
Change list title input styling (#17092) 2021-12-17 23:00:05 +01:00
Eugen Rochko 0fb9536d38
Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
Claire 1630807ee2
Fix color of hashtag column settings inputs (#17058)
Fixes #17057
2021-11-26 22:09:11 +01:00
Eugen Rochko 7de0ee7aba
Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Eugen Rochko 6e50134a42
Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Claire db32835338
Fix overflow of long profile fields in admin view (#17010) 2021-11-19 18:22:49 +01:00
Claire 6159020617
Fix background-color of emoji-mart selector (#17011)
Reverts part of #16907 to fix hardcoded color
2021-11-19 18:21:37 +01:00
Mashiro 2b6a25c609
Add lazy load to emoji-mart (#16907)
* perf: lazyload emoji-mart!

* Bump lazyload
2021-11-18 22:01:31 +01:00
Mashiro b58d32cfe2
Enhance dashboard styles (#16884)
* Display sparkline graph on Chrome

* Heatmap auto overflow

* Change grid columns number on small screen

* Please codeclimate bot

* Remove graph height
2021-10-21 06:24:34 +02:00
Jeong Arm 3ec8e04b3b
Add font-display to display text before loading (#16330) 2021-10-14 21:04:26 +02:00
Eugen Rochko 07341e7aa6
Add graphs and retention metrics to admin dashboard (#16829) 2021-10-14 20:44:59 +02:00
Mélanie Chauvel 900481b7fa
Improve hover and focus style in columns settings (#16222)
* Make focus visible on switches and text buttons in columns settings

* Make hover/focus visible on left/right arrows in columns settings

Use same style as for station action bar (reply/boost/fav/etc.)

* Tab first to “Pin/Unpin” before left/right arrows in columns settings
2021-10-01 00:55:51 +02:00
Claire aaf24d3093
Fix download button color in audio player (#16572)
Fixes #16571
2021-08-11 17:48:55 +02:00
Jeong Arm 6e0ab6814f
Fix trends layout (#16570) 2021-08-05 13:05:32 +02:00
Claire 1381e0e1d9
Fix pop-in player display when poster has long username or handle (#16468) 2021-07-05 19:16:06 +02:00
Claire 9e5a1daa9b
Fix styling of boost button in media modal not reflecting ability to boost (#16387) 2021-06-25 04:45:30 +02:00
Eugen Rochko d174d12c83
Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
Claire be8079f637
Fix deprecated slash as division in SASS files (#16347)
Fixes #16293
2021-06-01 23:47:27 +02:00
Eugen Rochko abd7b4636a
Add assets from Twemoji 13.1.0 (#16345)
* Add assets from Twemoji 13.1.0

* Update emoji-mart
2021-06-01 14:35:49 +02:00
Zero King 028ba13eb3
Remove duplicate CSS properties (#16278) 2021-05-19 23:51:52 +02:00
Zero King 689974b1ed
Remove duplicate CSS property of margin (#16277) 2021-05-18 20:13:44 +02:00
Claire 4f747d9f83
Fix follow recommendations UI in advanced layout (#16215) 2021-05-11 21:16:24 +02:00
Mélanie Chauvel 0464240f19
Fix dialog close button (#16219)
* Fix dialog close button being white on almost white

* Make dialog close button slightly bigger
2021-05-11 21:15:57 +02:00
Eugen Rochko 2c77d97e0d
Add joined date to profiles in web UI (#16169) 2021-05-07 14:33:19 +02:00
Eugen Rochko 8d75bd002d
Add empty state message for follow recommendations in web UI (#16161) 2021-05-05 23:57:29 +02:00
Eugen Rochko bf903dc510
Change onboarding by replacing tutorial with follow recommendations in web UI (#16060) 2021-04-19 14:45:15 +02:00
Eugen Rochko 487e37d6d4
Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Marcin Mikołajczak f8e50eaea3
Add transition to media modal background (#15843)
* Add transition to media modal background

* use reduceMotion

* Move background color transition into css

Signed-off-by: marcin mikołajczak <me@mkljczk.pl>
2021-03-24 13:51:32 +01:00
Claire 5d48402be1
Fixing the hero widget (#15926)
* Removing last-child padding conflicts with light theme in hero widget

* Add missing background color to widget

* Reset widget.scss to default

* Hope this works

Co-authored-by: koyu <me@koyu.space>
2021-03-19 20:23:32 +01:00
Eugen Rochko 8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Jeong Arm d499bb031f
Use custom mascot on static share page (#15687)
* Use custom mascot on static share page

* Use full_asset_url
2021-02-11 02:18:56 +01:00
Claire 07b46cb332
Add dropdown for boost privacy in boost confirmation modal (#15704)
* Various dropdown code quality fixes

* Prepare support for privacy selection in boost modal

* Add dropdown for boost privacy in boost confirmation modal
2021-02-11 00:53:12 +01:00
Takeshi Umeda e38874dcf7
Fix getting-started footer in single column mode not being clickable in Safari (#15496) 2021-01-05 19:57:32 +01:00
Takeshi Umeda 3f4b0dfd47
Fix logo button style more (#15458) 2020-12-30 23:18:39 +01:00
Takeshi Umeda ba748a83f2
Fix logo button style (#15428)
* Fix bell button rtl style

* Remove size and style props from button component

* Fix logo button style

* Update jest snapshot
2020-12-26 23:50:34 +01:00
ThibG b08d2d4f78
Fix media modal buttons not showing up on mobile (#15417)
Fixes #15374

When the pop-out player was introduced, it had tweaks for the mobile
view, but it's now disabled in mobile mode and the styling was reused
for modals, causing the footer to be hidden on mobile without a good
reason.

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-23 19:55:23 +01:00
ThibG 47c6c54d31
Fix styling issue on /about when server admin has a long username (#15357)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 09:43:33 +01:00
Eugen Rochko 941ff04b03
Fix styles for RTL languages and the light theme (#15356) 2020-12-18 08:47:36 +01:00
ThibG 79efcf8aad
Change notification permission handling (#15176)
* Change notification permission handling

- allow changing individual alert settings even if permission is not explicitly
  enabled (asks for permission on toggle)
- persist permission request banner dismissal across sessions through settings

* Add additional, more discrete message to grant permissions

* Change permission granting button design according to reviews

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15 18:43:54 +01:00
Eugen Rochko 1f564051b6
Change RTL detection to rely on unicode-bidi paragraph by paragraph (#14573) 2020-12-15 12:56:43 +01:00
ThibG 47e507fa61
Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
Eugen Rochko 1e89e2ed98
Change media modals look in web UI (#15217)
- Change overlay background to match color of viewed image
- Add interactive reply/boost/favourite buttons to footer of modal
- Change ugly "View context" link to button among the action bar
2020-11-27 03:24:11 +01:00
Eugen Rochko 272566043a
Remove fade-in animation from modals in web UI (#15199) 2020-11-21 23:54:36 +01:00
Takeshi Umeda 148ce97e21
Add interrelationship icon (#15149)
* Add interrelationship icon

* Fix arrow for rtl

* Fix to predefined color
2020-11-12 17:43:12 +01:00
Eugen Rochko 4790a126be
Add button to dismiss desktop notifications permissions banner (#15141) 2020-11-11 05:36:29 +01:00
Eugen Rochko 3134691948
Add support for reversible suspensions through ActivityPub (#14989) 2020-11-08 00:28:39 +01:00
Mashiro 6a2db10f76
Add expand/compress image button on image view box (#15068)
* add zoom image button

* enhance zoom algorithm & add translation

* code structure

* code structure

* code structure

* enhance grab performance

* rm useless state

* fix behavior on Firefox & scroll lock & horizontal scroll with mousewheel

* remove scroll lock on MouseWheelEvent

* code structure

* enhance algorithm and code structure

* rm Gemfile.lock from tree

* codeclimate

* fix a stupid mistake
2020-11-02 21:16:38 +01:00
mayaeh 2ae751f19d
Fix width of content text fluctuating over time (#15055) 2020-10-27 13:34:02 +01:00
Mélanie Chauvel 1d07f51039
Make visibility icon clickable as part of the time of a toot (#15053)
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
2020-10-27 03:00:47 +01:00
Mélanie Chauvel a5afbb62d2
Make click area of video/audio player buttons bigger in WebUI (#15049) 2020-10-27 02:58:47 +01:00
Eugen Rochko a69ca29473
Change how missing desktop notifications permission is displayed (#14985)
Add missing controls for new notification type
2020-10-15 16:24:47 +02:00
OSAMU SATO 96761752ec
Add duration parameter to muting. (#13831)
* Adding duration to muting.

* Remove useless checks
2020-10-13 01:01:14 +02:00
ThibG f54ca3d08e
Fix browser notification permission request logic (#13543)
* Add notification permission handling code

* Request notification permission when enabling any notification setting

* Add badge to notification settings when permissions insufficient

* Disable alerts by default, requesting permission and enable them on onboarding
2020-10-13 00:37:21 +02:00
Eugen Rochko a549415868
Fix regressions in icon buttons in web UI (#14915) 2020-10-04 15:02:36 +02:00
Eugen Rochko d88a79b456
Add pop-out player for audio/video in web UI (#14870)
Fix #11160
2020-09-28 13:29:43 +02:00
ThibG ff89025979
Add unread notification markers (#14818)
* Add unread notification markers

Fixes #14804

* Allow IntersectionObserverArticle's children to be updated
2020-09-26 20:57:07 +02:00
Eugen Rochko 974b1b79ce
Add option to be notified when a followed user posts (#13546)
* Add bell button

Fix #4890

* Remove duplicate type from post-deployment migration

* Fix legacy class type mappings

* Improve query performance with better index

* Fix validation

* Remove redundant index from notifications
2020-09-18 17:26:45 +02:00
Eugen Rochko bbcbf12215
Fix unreadable placeholder text color in high contrast theme in web UI (#14803)
Fix #14717
2020-09-15 09:24:24 +02:00
Takeshi Umeda 272aa4a109
Fix direct visibility style for light theme (#14727) 2020-09-04 08:49:56 +02:00
ThibG 79305428a7
Add configuration option to filter replies in lists (#9205)
* Add database support for list show-reply preferences

* Add backend support to read and update list-specific show_replies settings

* Add basic UI to set list replies setting

* Add specs for list replies policy

* Switch "cycling" reply policy link to a set of radio inputs

* Capitalize replies_policy strings

* Change radio button design to be consistent with that of the directory explorer
2020-09-01 13:31:28 +02:00
Eugen Rochko 1c308af84c
Change own direct-visibility statuses to be in the home feed again (#14711)
And remove highlighting in web UI

Full circle from #8940
2020-09-01 13:30:42 +02:00
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00