Commit Graph

85 Commits (86d1dcc97a805312afcadd3df4bb48e4182ad171)

Author SHA1 Message Date
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
ThibG 31f0bcf804 Refresh webfinger (#1323)
* Refresh local info for remote accounts when webfinger returns new values

It only refreshes account info if one of the URLs or the public-key changes,
in which cases it refreshes the full info, re-downloading the feeds from that
user.

Some special handling should probably be done when the public key changes,
but I have been unable to find any use for it in Mastodon yet.

* Re-fetch remote users we aren't subscribed to.

This might induce performance issues, we might want to only do that for users
we explicitly attempted to subscribe but failed to.

* Refactor changes

* Do not refresh existing remote account details more than once a day

* Avoid re-fetching webfinger info in tests unless otherwise specified
2017-04-15 03:16:05 +02:00
Eugen Rochko 31597fd377 Low-hanging fruit of query optimization, these indices were missing 2017-04-07 00:04:38 +02:00
Eugen Rochko cfe91ac984 Add index on mentions status_id 2017-04-05 13:32:57 +02:00
Eugen Rochko 68f829e11c Add basic logging of who resolved report 2017-04-03 19:35:00 +02:00
Eugen Rochko e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 2017-03-30 19:42:33 +02:00
Eugen Rochko 03fb6c16ec Fix up null values on latest migration, add notes 2017-03-30 16:06:27 +02:00
Eugen Rochko 87513b31e0 Do NOT try to update the new fields from the migration. Takes too long on a live DB
Needs to be a separate task with no locking
2017-03-30 15:50:34 +02:00
Eugen Rochko de22c202f5 Add counter caches for a large performance increase on API requests 2017-03-30 15:06:59 +02:00
Eugen Rochko 5aa3df017b Fix full-text search query quotation, improve tag search performance with an index,
add ability to open status by URL from search (fix #53)
2017-03-22 17:36:34 +01:00
Eugen Rochko 22e06a4077 Upgrade status IDs to bigint 2017-03-22 15:46:58 +01:00
Eugen Rochko 1b09c3cb17 More efficient single account retrieval (0.9ms vs 50ms before) 2017-03-22 03:21:38 +01:00
Eugen Rochko 2816b1bf8e Federate header images, fix open-uri http->https redirection error 2017-03-18 22:51:20 +01:00
Eugen Rochko ad0d82d3ce Make account search blazing fast and rank followers/followees higher in the results 2017-03-17 20:48:14 +01:00
Eugen Rochko caf5b8e975 Fix #431 - convert gif to webm during upload. Web UI treats them like it did
before. In the API, attachments now can be either image, video or gifv. Gifv
is to be treated like images in terms of behaviour, but are videos by file
type.
2017-03-04 23:02:24 +01:00
Eugen Rochko 6b81d10030 Add digest e-mails 2017-03-04 00:00:48 +01:00
Kit Redgrave 442fdbfc53 Mute button progress so far. WIP, doesn't entirely work correctly. 2017-03-01 22:31:21 -06:00
Eugen Rochko a1e96ae94f Add foreign key to prevent reblogs of non-existent (after race conditions) statuses from happening
Fix issue with detailed status view not supporting unreblogging/unfavouriting
2017-02-17 02:33:10 +01:00
Eugen Rochko 3b81baaaaf Adding POST /api/v1/reports API, and a UI for submitting reports 2017-02-14 20:59:26 +01:00
Eugen Rochko 6331ed16e5 Fix #614 - extra reply-boolean on statuses to account for cases when replied-to
status is not in the system at time of distribution; fix #607 - reset privacy
settings to defaults when cancelling replies
2017-02-09 20:25:39 +01:00
Eugen Rochko 920ba5fc4e Fix #61 - Add list of blocked users to the UI; clean up failed push notifications API
Try to fix Travis CI setup
2017-02-05 19:18:11 +01:00
Eugen Rochko 3f075c7794 API for apps to register for push notifications 2017-01-29 01:30:32 +01:00
Eugen Rochko 1992575d57 Fix #569 - seeds.rb 2017-01-29 00:12:27 +01:00
Eugen Rochko ba192f12e3 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko cc5c1e5feb Removed accidental n+1 query from notifications, updated some deps,
improved how "show more" link looks
2017-01-26 14:52:07 +01:00
Effy Elden 198ea2522e Seed a default, confirmed, admin account on development environments 2017-01-26 19:22:00 +11:00
Eugen Rochko 0430f7c0fa Fix spoiler_text not having "not null" constraint 2017-01-25 15:24:19 +01:00
Eugen Rochko 51a7047367 Fix order of migrations 2017-01-25 15:01:00 +01:00
Eugen Rochko 999cde94a6 Instead of using spoiler boolean and spoiler_text, simply check for non-blank spoiler_text
Federate spoiler_text using warning attribute on <content /> instead of a <category term="spoiler" />
Clean up schema file from accidental development migrations
2017-01-25 01:29:16 +01:00
blackle bf0f6eb62d Implement a click-to-view spoiler system 2017-01-23 21:07:40 -05:00
Eugen Rochko 434cf8237e Optional domain block attribute that prevents media attachments from being downloaded 2017-01-23 21:36:08 +01:00
Eugen Rochko 6d98a73180 Domain blocks now have varying severity - auto-suspend vs auto-silence 2017-01-23 17:38:38 +01:00
Eugen Rochko f0de621e76 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 2017-01-20 01:00:14 +01:00
Effy Elden d6bc0e8db4 Add tracking of OAuth app that posted a status, extend OAuth apps to have optional website field, add application details to API, show application name and website on detailed status views. Resolves #11 2017-01-15 08:58:50 +11:00
Eugen Rochko c01dd089ff Adding about/more page with extended information that can be set up by an admin 2017-01-13 20:16:38 +01:00
Eugen Rochko 2939e9898b Extend rails-settings-cached to merge db-saved hash values with defaults 2017-01-13 02:42:22 +01:00
Eugen Rochko b11fdc3ae3 Migrate from ledermann/rails-settings to rails-settings-cached which allows global settings
with YAML-defined defaults. Add admin page for editing global settings. Add "site_description"
setting that would show as a paragraph on the frontpage
2017-01-12 20:46:24 +01:00
Eugen Rochko 75f80bef10 Persist UI settings, add missing localizations for German 2017-01-09 14:00:55 +01:00
Eugen Rochko 7b9f8766e8 Fix #416 - Generate random unique 14-byte (19 characters) shortcodes
for local attachments, use them in URLs. Check status privacy
before redirecting to actual file.
2017-01-06 00:29:12 +01:00
Eugen Rochko e2c2fefc36 Add illustration to getting started column 2016-12-27 23:30:11 +01:00
Eugen Rochko b891a81008 Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko 2d2154ba75 Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users 2016-12-22 21:34:19 +01:00
Eugen Rochko 80e02b90e4 Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
2016-12-21 20:04:13 +01:00
Eugen Rochko 39cc9fde8a Add account suspension 2016-12-05 22:59:30 +01:00
Eugen Rochko 565cd95bca Keep timelines in the UI trimmed when possible 2016-12-03 21:04:57 +01:00
Eugen Rochko b14b5e3b44 Improve notification model 2016-12-03 20:04:19 +01:00
Eugen Rochko 816284d739 Fix #248 - Reload all accounts when fetching from cache 2016-12-03 18:21:26 +01:00
Eugen Rochko 165498f110 Make data migration more merciful 2016-12-02 15:09:44 +01:00
Eugen Rochko 3114e55c7a Fix #323 - self-replies to appear in public timelines again 2016-12-02 14:33:20 +01:00
Eugen Rochko 14bd46946d Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
2016-11-30 21:34:59 +01:00