Commit Graph

326 Commits (6df63465b9b4ae409cad2303ec2476c6c479284c)

Author SHA1 Message Date
Eugen 5d710b1139 Make file attachment on MediaAttachment optional (#1865)
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
2017-04-16 12:51:30 +02:00
alpaca-tc 00392d3c63 ActiveRecord::NotFound is not defined (#1864) 2017-04-15 21:17:59 +02:00
Marcin Cieślak 1c8477eab2 Give SINGLE_USER a chance to register (#1820)
An attempt to open a brand new Mastodon instance configured
as SINGLE_USER_MODE=true will cause an exception.

Enable temporary registration if we have no users in the database

Fixes #1817
2017-04-15 16:46:27 +02:00
Matt Jankowski 6670e6d33f Add password reset for users from admin accounts area (#1841) 2017-04-15 16:44:59 +02:00
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Joachim Viide ef879a8839 Send initial state in a <script type="application/json"> tag (#1806) 2017-04-15 02:32:42 +02:00
ThibG a9529d3b4b Allow running mastodon on a different domain as the one used for identifying users (#1267)
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Matt Jankowski f5cd138323 Improve i18n chooser (#1804)
* Add locale spec with failing locale plus region check

* Use a more accurate locale when supplied by browser headers

Previously we were using a matching option which would use the first locale
available which matched the locale portion, even if a region was specified.

This changes to first try to find an exact match, and then fall back to the
region, and then fall back to the  default.

* Clean up default_locale method
2017-04-15 01:12:39 +02:00
Matt Jankowski 8b74aa4217 Admin reports controller improvements (#1714)
* Simplify admin/reports controller filtering for index

* Rename parameter to resolved

* Fix issue where reports view could not access filter_link_to

* Add coverage for admin/reports controller

* DRY up resolution of related reports for target account

* Clean up admin/reports routes

* Add Report#statuses method

* DRY up current account action taken params

* Rubocop styles
2017-04-14 11:10:28 +02:00
Matt Jankowski 137100dcf3 Clean up well-known routes/controllers (#1649)
* Add request spec for host meta route returning xml

* Add routing spec for xrd routes

* Update well-known routes

* Move webfinger and host-meta actions to their own controllers
2017-04-13 13:09:07 +02:00
Matt Jankowski 3a9eb81a80 Admin accounts controller cleanup (#1664)
* Remove unused account_params method in admin/accounts controller

* Introduce AccountFilter to find accounts

* Use AccountFilter in admin/accounts controller

* Use more restful routes admin silence and suspension area

* Add admin/silences and admin/suspensions controllers
2017-04-13 13:04:23 +02:00
Matt Jankowski 0e39cc6a35 Settings export refactor (#1646)
* Refactor Export to take an account and know about the export types

* Use Export instance in settings/exports#show
2017-04-13 13:02:02 +02:00
Matt Jankowski c44a700252 Quick best practice cleanup of views/helpers (#1546)
* Remove trailing whitespace

* Use query methods instead of explicit .blank? checks
2017-04-12 18:24:18 +02:00
Matt Jankowski aa90798386 Webfinger resource to extract username from resource string (#1607)
* Add WebfingerResource class to extract usernames

* Use WebfingerResource in xrd#webfinger
2017-04-12 18:22:38 +02:00
Matt Jankowski 7f0a865b05 Allow import/export of mutes list (#1541)
* Allow export of mutes list

* Allow importing of mutes list

* Refactor to use Settings::Exports::BaseController and DRY up exports code
2017-04-12 18:20:44 +02:00
Matt Jankowski dd1ae3b109 Simplify the way the embed view is created (#1590)
* Add coverage for embedded status view

* Refactor embed view to eliminate @external_links variable
2017-04-12 16:12:42 +02:00
Matt Jankowski b352a8e5d4 Default to json type for webfinger requests (#1583) 2017-04-12 16:03:37 +02:00
Matt Jankowski 3ddd936b03 Refactor exports controller (#1567)
* Add basic coverage for settings/exports controller

* Remove unused @account variable from settings/exports controller

* Add coverage for download export actions

* Remove deprecated `render :text` in favor of `send_data` for csv downloads

* Add model to handle exports

* Use Export class in settings/exports controller

* Simplify settings/exports controller methods

* Move settings/export to more restful routes
2017-04-11 22:00:43 +02:00
Eugen Rochko 2a7602cad4 Merge branch 'master' of https://github.com/blackle/mastodon into blackle-master 2017-04-11 20:43:56 +02:00
blackle 06444bf050 Allow user to disable the boost confirm dialog in preferences 2017-04-11 10:10:16 -04:00
Matt Jankowski 4ada50985a Pagination improvements (#1445)
* Replace will_paginate with kaminari

* Use #page instead of #paginate in controllers

* Replace will_paginate.page_gap with pagination.truncate in i18n

* Customize kaminari views to match prior styles

* Set kaminari options to match prior behavior

* Replace will_paginate with paginate in views
2017-04-11 01:11:41 +02:00
Eugen 2810013b93 API param to exclude notification types from response (#1341)
* Add exclude_types param to /api/v1/notifications

* Exclude notification types in web UI through exclude_types in the API
2017-04-10 23:45:29 +02:00
Matt Jankowski 0687ab8ae3 Clean up generation of account webfinger string (#1477)
* Consolidate webfinger string creation under Account#to_webfinger_s

* Introduce Account#local_username_and_domain for consolidation
2017-04-10 22:58:06 +02:00
Matt Jankowski dbe9f33fdc Admin base controller (#1465)
* Add Admin::BaseController to wrap admin area

Extracts the setting of the `admin` layout and verifying that users are admins
to a common base class for the admin/ controllers.

* Add basic coverage for admin/reports and admin/settings controllers
2017-04-10 21:27:03 +02:00
Eugen 93db265be7 Do not store last visited URL from API controllers (#1330)
Sign-in redirects you back to last visited URL, but in case of API requests,
this sometimes redirected users to an API URL that, of course, greeted them
with an {"error":"The access token is invalid"}
2017-04-09 22:21:52 +02:00
Eugen 15d442cf9d Fix /api/v1/accounts/update_credentials tests (#1357) 2017-04-09 20:23:14 +02:00
David Authier f0bd439486 Use HTTP Accept-Language to detect locale (#1166)
* Use HTTP Accept-Language to detect locale

* Fix gem order to comply with codeclimate

* Sort gem to comply with rubocop

* I18n.default_locale fallback when there is no accept-language header
2017-04-09 18:40:24 +02:00
David Celis d4fe6cd2bf Allow users to update their Account in the API (#1179)
* Allow users to update their Account in the API

It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.

Signed-off-by: David Celis <me@davidcel.is>

* Add /api/v1/accounts/update_credentials to the API docs

Signed-off-by: David Celis <me@davidcel.is>
2017-04-09 18:33:40 +02:00
Matt Jankowski e5282e4ec0 Clean up about page (#1282)
* Add InstancePresenter to expose site details

* Clean up about controller, use instance presenter
2017-04-09 14:47:25 +02:00
Eugen b89f007862 Make public timelines API not require user context/app credentials (#1291)
* Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public
Fix #1156 - respect query params when generating pagination links in API

* Apply pagination fix to more APIs
2017-04-08 23:39:31 +02:00
Eugen 9acdb166e8 Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled (#1278)
* Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled
TOTP secret is not shown again after 2FA is enabled

* Clean up
2017-04-08 22:20:08 +02:00
Eugen Rochko 4b621188ad Fix #1165 - before_action was called before protect_from_forgery 2017-04-08 02:30:50 +02:00
Eugen Rochko e3a3422a65 Allow setting of default language through config
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
2017-04-07 12:40:26 +02:00
Eugen 6d6a429af8 Rewrite Atom generation from stream entries to use Ox instead of Nokogiri (#1124)
* Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder

StreamEntry is now limited to only statuses, which allows some optimization. Removed
extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper
used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer
and PubSubHubbub::DistributionWorker

PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker
instead.

All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri

* All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account
2017-04-07 05:56:56 +02:00
Drew DeVault f7e35d90db Remote follow improvements
This stores the @username@instance you provide in your session and
reuses it the next time you remote follow someone from this instance.
2017-04-04 20:52:31 -04:00
Eugen Rochko 5f54981846 New admin setting: open/close registrations, with custom message, from the admin UI 2017-04-04 15:28:12 +02:00
Eugen Rochko b510a56c0c Only call regeneration worker after first login after a 14 day break 2017-04-04 02:00:10 +02:00
Eugen Rochko 4c53af64f0 Fix ActionController::Parameters in API issue 2017-04-04 01:33:34 +02:00
Eugen Rochko 68f829e11c Add basic logging of who resolved report 2017-04-03 19:35:00 +02:00
Eugen Rochko 71458dc6df When taking action on a report (silence/suspend), it dismisses all other
reports for that user automatically
2017-04-03 19:19:54 +02:00
Eugen Rochko b7c1b12367 Make default admin UI page reports. Add admin UI for creating a domain block 2017-04-03 18:55:06 +02:00
Eugen Rochko 2d07cb5771 Catching rack timeout from rails doesn't work 2017-04-02 21:12:18 +02:00
Eugen Rochko 5b12624847 Add proper error page for request timeouts 2017-04-02 19:43:44 +02:00
Eugen Rochko 4b7dca4713 Fix wording "show reblogs" -> "show boosts", order reports chronologically in
admin UI
2017-04-02 16:45:49 +02:00
Eugen Rochko 433cb198fa Fix landing page sign up form ignoring username field 2017-04-02 04:13:22 +02:00
Eugen Rochko e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 2017-03-30 19:42:33 +02:00
Eugen Rochko de22c202f5 Add counter caches for a large performance increase on API requests 2017-03-30 15:06:59 +02:00
Eugen Rochko 1c6b02f936 Fix #690 - Webfinger should handle new shortform profile URLs now (nice) 2017-03-28 11:25:43 +02:00
Eugen Rochko d6ed2eb512 Prettier account and stream entry URLs 2017-03-22 19:55:14 +01:00
Eugen Rochko 05cf086766 New API method: /api/v1/search
Returns accounts, statuses, hashtags arrays
2017-03-22 02:32:27 +01:00