Commit Graph

59 Commits (29ddd0cdf792e64f945ede83dbdefad94d49cacd)

Author SHA1 Message Date
Eugen Rochko 2dbf6bc5ad Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
ThibG 3b7373ed4c Fix end-user-facing uses of inline CSS (#13438)
* Move some inline styles to CSS files

* Move default_account_display_name span to fix useless tags with duplicate id

* Change handling of public pages spoiler text from inline CSS to dataset attribute

* Use the `dir` HTML attribute instead of inline CSS

* Move status action bar inline CSS to CSS file

* Hide logo resources from CSS file, not inline CSS

Fixes #11601

* Move translation prompt styling from inline CSS to CSS file

* Move “invited by” styling on registration form from inline to CSS file

* Use the progress tag to display poll results in JS fallback

* Fix poll results JS-less fallback when the user has voted for an option

* Change account public page “moved” notice to use img tags instead of inline CSS

* Move OTP hint inline CSS to SCSS file

* Hide JS-less fallback vote progressbars from accessibility tools

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-28 10:16:55 +02:00
ThibG d5a71bf924 Fix invite request input not being shown on sign-up error if left empty (#13089)
If the “Why do you want to join?” textarea is left empty and the entered params
do not validate, the textarea isn't shown again, unlike other fields.

This commit fixes that by populating an empty `UserInviteRequest` when needed.
2020-02-16 12:38:22 +01:00
Eugen Rochko f5c71a6cd2 Add (back) option to set redirect notice on account without moving followers (#11994)
Fix #11913
2019-09-29 05:03:19 +02:00
Eugen Rochko a2d3728c36 Add account migration UI (#11846)
Fix #10736

- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
2019-09-19 20:58:19 +02:00
Eugen Rochko 1781358bd9 Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
Eugen Rochko 7ef93513f7 Change account deletion page to have better explanations (#11753)
Fix deletion of unconfirmed account not freeing up the username

Add prefill of logged-in user's email in the reconfirmation form
2019-09-04 04:13:54 +02:00
Eugen Rochko feeecba886 Change OpenGraph description on sign-up page to reflect invite (#11744) 2019-09-03 04:56:54 +02:00
Eugen Rochko 825dc3ca22 Add whitelist mode (#11291) 2019-07-30 11:10:46 +02:00
Eugen Rochko 6be7b414e2 Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.

Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.

After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.

Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
Eugen Rochko 72f3242a59 Fix sign up button not saying sign up when invite is used (#10623)
Fix #10616
2019-04-23 04:39:21 +02:00
Eugen Rochko 7eb05b8724 Add "why do you want to join" field to invite requests (#10524)
* Add "why do you want to join" field to invite requests

Fix #10512

* Remove unused translations

* Fix broken registrations when no invite request text is submitted
2019-04-09 23:06:30 +09:00
Eugen Rochko 73fb7bfa0f Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
mayaeh 6d9f63dba6 Change the password form order (#9267)
* Change order of password.

* Update Japanese translation for "Show thread".

* Separate the translation PR.
2018-11-16 11:18:43 +01:00
Eugen Rochko e242688a74 Fix td instead of th in sessions table header (#9162)
Fix #9130
2018-10-30 17:00:34 +01:00
Eugen Rochko d3105031f8 Redesign forms, verify link ownership with rel="me" (#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
Eugen Rochko 0c6c9b733a When registrations closed, link "Sign up" to joinmastodon.org (#8395)
Fix #8393
2018-08-23 19:11:41 +02:00
Eugen Rochko 13df3889f0 Redesign public profiles and toots (#8068) 2018-07-28 19:25:33 +02:00
Eugen Rochko 907694df6a Add autofollow option to invites (#7805)
* Add autofollow option to invites

* Trigger CodeClimate rebuild
2018-06-15 18:00:23 +02:00
Eugen Rochko 14393f29ef Add contact e-mail hint to 2FA login form (#7376) 2018-05-06 10:52:36 +02:00
Sylvhem 18d4e03e6b Add headings to the security settings page (#6661)
* Changes the headings' rank of the security settings section

This commit changes the existing headings' rank of the security settings section from level 6 to level 4.

* Renames the auth.change_password string into auth.security

The "Security" preferences' section used to be called "Change password". When it was renamed, the string name wasn't changed.
This commits changes auth.change_password to auth.security.

* Adds a heading to the password change form

There was previously no heading for the part of the "Security" page that contain the password change form.
This commit adds a rank 4 heading to this section and reintroduces an "auth.change_password" string to be used inside it.

* Removes useless HR elements

The various sections of the "Security" settings page were previously separated by HR elements.
Now that there is proper headings, they're not required anymore.

* Updates CSS

This commit updates CSS in such a way that the same style is applied to all the H4 elements of the settings.

* Correct a mistake

A character went missing on one of the previous commits, broking the CSS.
This new commit fixes it.
2018-03-07 01:39:40 +01:00
Eugen Rochko 87ac87a73a Fix #6611: Typo in change password template (#6616) 2018-03-04 10:00:24 +01:00
Eugen Rochko 9721b7746a Fix #942: Seamless LDAP login (#6556) 2018-02-28 19:04:53 +01:00
ThibG d12bff875e Fix password recovery (#6459)
* Fix password recovery

* Use “resource” instead of “current_user”
2018-02-10 17:09:44 +01:00
Eugen Rochko 5322013f25 CAS + SAML authentication feature (#6425)
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
2018-02-04 05:42:13 +01:00
Alexander 23ce0c86da pam authentication (#5303)
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
2018-02-02 10:18:55 +01:00
Jeong Arm 73b6f2ebe9 Handle sessions that can't be translated (#6245)
* Handle sessions that can't be translated

This commit fixes #6165.

* Fix typo
2018-01-12 02:44:28 +01:00
Eugen Rochko bc8c951083 Add consumable invites (#5814)
* Add consumable invites

* Add UI for generating invite codes

* Add tests

* Display max uses and expiration in invites table, delete invite

* Remove unused column and redundant validator

- Default follows not used, probably bad idea
- InviteCodeValidator is redundant because RegistrationsController
  checks invite code validity

* Add admin setting to disable invites

* Add admin UI for invites, configurable role for invite creation

- Admin UI that lists everyone's invites, always available
- Admin setting min_invite_role to control who can invite people
- Non-admin invite UI only visible if users are allowed to

* Do not remove invites from database, expire them instantly
2017-11-27 16:07:59 +01:00
takayamaki cfab4a7ce4 sign_in and sign_up views present og meta infos (#5308) 2017-10-11 00:52:25 +02:00
Lynx Kotoura b5ec3346fa Adjust landing pages 2 (#4967)
* Adjust landing pages 2

Fix styles of terms page
Remove action buttons from timeline in about page
Adjust styles of short description
Adjust form inputs
Set autocomplete off for username and email box in registration form. Remove line breakings.

* Revert removing action buttons
2017-09-16 18:39:11 +02:00
Lynx Kotoura c268118e5b Scrollable tables in settings pages (#4857)
* Scrollable tables in settings pages

* Add space before curly brace
2017-09-09 02:26:58 +02:00
Lynx Kotoura f13b1b67f5 Adjust settings pages (#4765)
* views: Adjust heading positions

* Adjust settings pages

Adjust label. Adjust tables. Adjust admin/reports/* pages. Fix 2FA QR code style for narrow devices. Widen several pages. Increase contrast.

* Remove trailing whitespace
2017-09-02 15:49:28 +02:00
Lynx Kotoura b7482e4a9f Fix autocomplete option in haml files (#4438)
* Fix autocomplete in two_factor.html.haml

* Fix autocomplete in registrations edit.html.haml

* Fix autocomplete in passwords edit.html.haml

* Fix autocomplete in _registration.html.haml

* Fix autocomplete in new.html.haml

* Fix autocomplete in show.html.haml

* Add autocomplete option to sessions new.html.haml

* Add autocomplete option to 2FA new.html.haml

* Add autocomplete option to 2FA show.html.haml
2017-07-29 14:20:31 +02:00
Eugen Rochko 043dfdb474 Fix current session not being displayed in sessions list (#4424) 2017-07-28 15:30:06 +02:00
Yamagishi Kazutoshi 9392d10250 Add feature to revoke sessions (#4259) 2017-07-19 04:59:04 +02:00
Eugen Rochko 49026e27e8 Redesign the landing page, mount public timeline on it (#4122)
* Redesign the landing page, mount public timeline on it

* Adjust the standalone mounted component to the lacking of router

* Adjust auth layout pages to new design

* Fix tests

* Standalone public timeline polling every 5 seconds

* Remove now obsolete translations

* Add responsive design for new landing page

* Address reviews

* Add floating clouds behind frontpage form

* Use access token from public page when available

* Fix mentions and hashtags links, cursor on status content in standalone mode

* Add footer link to source code

* Fix errors on pages that don't embed the component, use classnames

* Fix tests

* Change anonymous autoPlayGif default to false

* When gif autoplay is disabled, hover to play

* Add option to hide the timeline preview

* Slightly improve alt layout

* Add elephant friend to new frontpage

* Display "back to mastodon" in place of "login" when logged in on frontpage

* Change polling time to 3s
2017-07-11 15:27:59 +02:00
Yamagishi Kazutoshi 5829ad0799 Add fa-fw class to user agent icon (#4047) 2017-07-03 11:04:35 +02:00
Eugen Rochko c465c5b3a8 Add overview of active sessions (#3929)
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test
2017-06-25 16:54:30 +02:00
masarakki d947978192 setting-for-account-deletable (#3852) 2017-06-19 15:12:31 +02:00
Eugen Rochko 1c7e2ddd65 Account deletion (#3728)
* Add form for account deletion

* If avatar or header are gone from source, remove them

* Add option to have SuspendAccountService remove user record, add tests

* Exclude suspended accounts from search
2017-06-14 18:01:27 +02:00
alpaca-tc f6a167b30e Render translated view (#3093) 2017-05-17 15:36:56 +02:00
yhirano cf1f65bf58 Added haml-lint and fix warnings (#2773)
* add haml_lint to Gemfile

* add .haml-lint.yml

* fix warnings of haml_lint
2017-05-08 03:35:25 +02:00
Patrick Figel 15b393201e Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Daijiro Wachi 16204ba91f Use input type `number` for Two-factor code (#1683) 2017-04-13 13:13:17 +02:00
Eugen Rochko c58da52e9f Split 2FA login into two prompts 2017-01-28 20:43:38 +01:00
Eugen Rochko 557de8e24c Update settings to re-use admin layout, one big navigation tree, improve settings forms 2017-01-28 03:56:10 +01:00
Eugen Rochko 9b8670c939 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko 0e0b4f9e59 i18n for devise mailer too 2016-11-16 18:25:21 +01:00
Eugen Rochko 1b61e404b4 Localizations for most server-side strings 2016-11-16 00:55:33 +01:00
Eugen Rochko 0e956910c3 Adding some localizations 2016-11-15 23:02:57 +01:00