Commit Graph

84 Commits (07ea1aa6fe23d8b8a7db6fcf9fe0303c287b89f4)

Author SHA1 Message Date
David Yip ea1c58f6d8 Set packs on 2FA-related pages. Fixes #271.
Specifically, this commit:

- changes S::TFA::{Confirmations,RecoveryCodes}Controller to derive from
  S::BaseController, because this gives us the necessary actions and
  packs
- prepends set_pack to Auth::SessionsController's action chain so that
  it takes effect in time for render :two_factor
2017-12-20 03:15:54 -06:00
Jenkins 601f0fe4a3 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2017-12-15 01:17:12 +00:00
Eugen Rochko ef8fc3542b Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026) 2017-12-14 21:35:30 +01:00
kibigo! 901c08a999 Moved flavour UI into own prefs tab 2017-12-10 20:32:27 -08:00
cwm 41bbfeec7c add initial components based off of tootsuite pr #1507 2017-12-09 10:26:22 -06:00
David Yip 63c41247ff Prepend check_enabled_deletion to Settings::DeletesController (#229)
The specs for Settings::DeletesController include an example that
sets Settings.open_deletion to false and expects the "if deletion is not
available, redirect to root" logic to run.  However, this spec does not
set up a user, which means that the spec (intentionally or otherwise)
expects this redirection to work with unauthenticated access.

We should preserve that behavior.  To do so, we prepend the deletion
check to the action chain set up by Settings::BaseController, so that
said check occurs before the authenticate_user! check.
2017-12-06 16:19:43 -06:00
kibigo! fd7be49523 Various fixes 2017-12-04 21:58:10 -08:00
David Yip 1221e3075d Merge branch 'gs-master' into glitch-theme 2017-12-04 11:07:01 -06:00
kibigo! 36b9f4df56 Skins support 2017-11-30 19:29:47 -08:00
David Yip a1d9c68198 Merge remote-tracking branch 'origin/master' into gs-master 2017-11-28 11:45:13 -06:00
nullkal 35e3791ba4 Fix account migration feature (#5837)
* Make removable account migration

* Fix error during update of account migration setting

* Add notice when update account migration setting
2017-11-28 14:31:23 +01:00
David Yip bc10a0dced Merge remote-tracking branch 'tootsuite/master' 2017-11-27 22:33:26 -06:00
Eugen Rochko 55d9abcceb Add UI for setting up account migration (#5832) 2017-11-27 22:47:06 +01:00
kibigo! 8aeda4f064 Finalized theme loading and stuff 2017-11-20 22:13:37 -08:00
Surinna Curtis 02ae609d9a Merge tootsuite/master at ab48f2b239 2017-11-16 01:21:16 -06:00
Eugen Rochko 80873c1134 Add option to block direct messages from people you don't follow (#5669)
* Add option to block direct messages from people you don't follow

Fix #5326

* If the DM responds to a toot by recipient, allow it through

* i18n: Update Polish translation (for #5669) (#5673)
2017-11-14 21:12:57 +01:00
David Yip 53c2ea1a86 Assume Glitch::KeywordMute#destroy! works and error out if it doesn't.
There's nothing useful we can display if the destroy action messes up,
so might as well assert it does and complain loudly if it doesn't.
2017-10-24 18:56:57 -05:00
David Yip 2da4eca986 Use edit template for displaying errors in update. 2017-10-24 18:56:44 -05:00
David Yip 156ebf53f6 Use current_account from ApplicationController.
This avoids copy-pasting definitions of set_account.
2017-10-22 01:02:52 -05:00
David Yip 74141adca1 Move KeywordMute into Glitch namespace.
There are two motivations for this:

1. It looks like we're going to add other features that require
   server-side storage (e.g. user notes).

2. Namespacing glitchsoc modifications is a good idea anyway: even if we
   do not end up doing (1), if upstream introduces a keyword-mute feature
   that also uses a "KeywordMute" model, we can avoid some merge
   conflicts this way and work on the more interesting task of
   choosing which implementation to use.
2017-10-21 14:54:36 -05:00
David Yip e3f5ec2652 Fill in create, edit, update, and destroy for keyword mutes interface.
Also add a destroy-all action, which can be useful if you're flushing an
old list entirely to start a new one.
2017-10-21 14:54:36 -05:00
David Yip 018657a0e0 Spike out index and new views for keyword mutes controller. 2017-10-21 14:54:36 -05:00
David Yip ebfec40698 Set up /settings/keyword_mutes. #164.
This should eventually be accessible via the API and the web frontend,
but I find it easier to set up an editing interface using Rails
templates and the like.  We can always take it out if it turns out we
don't need it.
2017-10-21 14:54:36 -05:00
Nolan Lawson a54c272a1f Add option to reduce motion (#5393)
* Add option to reduce motion

* Use HOC to wrap all Motion calls

* fix case-sensitive issue

* Avoid updating too frequently

* Get rid of unnecessary change to _simple_status.html.haml
2017-10-16 09:36:15 +02:00
Yamagishi Kazutoshi 6bd4e3bf97 Separate notifications preferences from general preferences (#4447)
* Separate notifications preferences from general preferences

* Refine settings/notifications/show

* remove preferences.notifications
2017-10-04 10:22:52 +02:00
Akihiko Odaki 51f48c8960 Fix order of paginated accounts in FollowerDomainsController and spec (#3357)
* Fix order of paginated accounts in FollowerDomainsController

Unordered pagination could result in unexpected behavior.

* Cover Settings::FollowerDomainsController more
2017-09-30 23:06:09 +02:00
Andrew b4842ef0b9 Add support for multiple themes (#4959)
* Add support for selecting a theme

* Fix codeclimate issues

* Look up site default style if current user is not available due to e.g. not being logged in

* Remove outdated comment in common.js

* Address requested changes in themes PR

* Fix codeclimate issues

* Explicitly check current_account in application controller and only check theme availability if non-nil

* codeclimate

* explicit precedence with &&

* Fix code style in application_controller according to @nightpool's suggestion, use default style in embedded.html.haml

* codeclimate: indentation + return
2017-09-19 16:36:23 +02:00
masarakki d8f136cb8b authorize-follow-requests-after-unlocking (#4658) 2017-08-26 12:40:03 +02:00
nullkal da85aff49c Use checkboxes for application scope setting (#4671) 2017-08-23 15:16:20 +02:00
Eugen Rochko b13501268f Fix up the applications area (#4664)
- Section it into "Development" area
- Improve UI of application form, index, and details
2017-08-23 00:59:35 +02:00
Colin Mitchell 63b98318c5 Application prefs section (#2758)
* Add code for creating/managing apps to settings section

* Add specs for app changes

* Fix controller spec

* Fix view file I pasted over by mistake

* Add locale strings. Add 'my apps' to nav

* Add Client ID/Secret to App page. Add some visual separation

* Fix rubocop warnings

* Fix embarrassing typo

I lost an `end` statement while fixing a merge conflict.

* Add code for creating/managing apps to settings section

- Add specs for app changes
- Add locale strings. Add 'my apps' to nav
- Add Client ID/Secret to App page. Add some visual separation
- Fix some bugs/warnings

* Update to match code standards

* Trigger notification

* Add warning about not sharing API secrets

* Tweak spec a bit

* Cleanup fixture creation by using let!

* Remove unused key

* Add foreign key for application<->user
2017-08-22 18:33:57 +02:00
Eugen Rochko 5516767c75 ActivityPub delivery (#4566)
* Deliver ActivityPub Like

* Deliver ActivityPub Undo-Like

* Deliver ActivityPub Create/Announce activities

* Deliver ActivityPub creates from mentions

* Deliver ActivityPub Block/Undo-Block

* Deliver ActivityPub Accept/Reject-Follow

* Deliver ActivityPub Undo-Follow

* Deliver ActivityPub Follow

* Deliver ActivityPub Delete activities

Incidentally fix #889

* Adjust BatchedRemoveStatusService for ActivityPub

* Add tests for ActivityPub workers

* Add tests for FollowService

* Add tests for FavouriteService, UnfollowService and PostStatusService

* Add tests for ReblogService, BlockService, UnblockService, ProcessMentionsService

* Add tests for AuthorizeFollowService, RejectFollowService, RemoveStatusService

* Add tests for BatchedRemoveStatusService

* Deliver updates to a local account to ActivityPub followers

* Minor adjustments
2017-08-13 00:44:41 +02:00
Eugen Rochko 84b40ce9a7 Fix #4026 - Accept backup codes for disabling 2FA (#4382) 2017-07-26 23:36:33 +02:00
Yamagishi Kazutoshi 9392d10250 Add feature to revoke sessions (#4259) 2017-07-19 04:59:04 +02:00
Yamagishi Kazutoshi 87bb16a236 Add unfollow modal (optional) (#4246)
* Add unfollow modal

* unfollowing someone

* remove unnecessary prop
2017-07-18 17:14:43 +02:00
Eugen Rochko 7d8fd050eb Add option to opt out of search engines on public profile/status pages (#4199) 2017-07-14 16:41:02 +02:00
Yamagishi Kazutoshi 865f5170a8 Add setting a always mark media as sensitive (#4136) 2017-07-10 14:00:32 +02:00
Damien Erambert 387de88e2f Add a setting allowing the use of system's default font in Web UI (#4033)
* add a system_font_ui setting on the server

* Plug the system_font_ui on the front-end

* add EN/FR locales for the new setting

* put Roboto after all other fonts

* remove trailing whitespace so CodeClimate is happy

* fix user_spec.rb

* correctly write user_spect this time

* slightly better way of adding the classes

* add comments to the system-font stack for clarification

* use .system-font for the class instead

* don't use multiple lines for comments

* remove trailing whitespace

* use the classnames module for consistency

* use `mastodon-font-sans-serif` instead of Roboto directly
2017-07-06 22:39:56 +02:00
Eugen Rochko b90a44b6d0 Fix #3910 - Require OTP authentication to disable 2FA (#3935)
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation

* Restore recovery code re-generation

* Improve display of some 2FA elements
2017-06-25 23:51:46 +02:00
masarakki d947978192 setting-for-account-deletable (#3852) 2017-06-19 15:12:31 +02:00
Eugen Rochko c883e96d95 Fix account delete form not accepting password, update suspended (#3745)
account before removing content for quicker feedback to end-users
2017-06-14 20:30:12 +02:00
Eugen Rochko 1c7e2ddd65 Account deletion (#3728)
* Add form for account deletion

* If avatar or header are gone from source, remove them

* Add option to have SuspendAccountService remove user record, add tests

* Exclude suspended accounts from search
2017-06-14 18:01:27 +02:00
takayamaki aa6740c21b change sidekiq queueing to bulk push (#3536) 2017-06-04 00:11:15 +02:00
Matt Jankowski 18c81c74e5 Remove exports/base controller in favor of shared concern (#3444) 2017-05-30 19:06:01 +02:00
Atsushi Yamamoto 4547e3585a Add preference setting for delete toot modal (#3368)
* Set delete_modal preference to true by default
* Does not show confirmation modal if delete_modal is false
* Add ja translation for preference setting page
2017-05-29 17:56:13 +02:00
Tomonori Murakami 323eeb096c Fix locale bug when change it on preferences (#3223) (#3232) 2017-05-22 17:58:41 +02:00
Matt Jankowski 1122249e51 Filter languages with opt out (#3175)
* Remove allowed_languages and add filtered_languages

* Use filtered_languages instead of allowed_languages
2017-05-20 17:32:44 +02:00
Matt Jankowski c44ef23e50 Filter on allowed user language preferences (#2361)
* Naive approached to timeline filtering

* Convert allowed_languages into a db column

* Allow users to choose languages to see statuses in

* Style list items as two columns

* Add a hint to explain language filtering preference
2017-05-01 17:42:13 +02:00
Eugen f89e26bdd5 Followers-only post federation (#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
2017-04-24 00:38:37 +02:00
Matt Jankowski 502eef6f8d 2FA controller cleanup (#2296)
* Add spec coverage for settings/two_factor_auth area

* extract setup method for qr code

* Move otp required check to before action

* Merge method only used once

* Remove duplicate view

* Consolidate creation of @codes for backup

* Move settings/2fq#recovery_codes to settings/recovery_codes#create

* Rename settings/two_factor_auth#disable to #destroy

* Add coverage for the otp required path on 2fa#show

* Clean up the recovery codes list styles

* Move settings/two_factor_auth to settings/two_factor_authentication

* Reorganize the settings two factor auth area

Updated to use a flow like:

- settings/two_factor_authentication goes to a #show view which has a button
  either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
  codes
- that create action shares a view with a recovery codes controller which can be
  used separately to reset codes if needed
2017-04-22 04:23:17 +02:00