Commit Graph

170 Commits (64502e72468ed9c5c35fcaaa4706fd4ab5c7cb38)

Author SHA1 Message Date
Rose b54c639482 Fix style for hashes (#20518)
* Fix style for hashes

Make the style for hashes consistent.

* New style

More consistency
2022-11-17 11:05:39 +01:00
Claire 18c710be23 Add password autocomplete hints (#20071)
Fixes #20067

Our password autocomplete hints were “off” but that does not prevent current
browsers from trying to autocomplete them anyway, so use `current-password` and
`new-password` so they don't put a newly-generated password in a password
confirmation prompt, or the old password for a password renewal prompt.
2022-11-08 03:53:06 +01:00
Eugen Rochko 317383f397 Revert "Remove preference to aggregate reblogs in home/list feeds (#18112)" (#19463)
This reverts commit dd5b90e4f2.
2022-10-26 09:10:18 +02:00
Takeshi Umeda f4e4bf44aa Fix featured tag display name in setting (#19404) 2022-10-21 13:22:02 +02:00
Eugen Rochko 1fdfebc745 Fix error on migration page (#19386) 2022-10-18 19:01:59 +02:00
Eugen Rochko ce7d058a91 Remove setting that disables account deletes (#17683) 2022-10-06 10:16:47 +02:00
Eugen Rochko c04359a63b Change path of privacy policy page (#19249) 2022-09-29 06:22:12 +02:00
Eugen Rochko dd5b90e4f2 Remove preference to aggregate reblogs in home/list feeds (#18112) 2022-08-25 23:38:36 +02:00
Eugen Rochko 7300beadd9 Remove digest e-mails (#17985)
* Remove digest e-mails

* Remove digest-related code
2022-08-25 23:38:22 +02:00
Eugen Rochko 38d04135bf Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
2022-07-13 15:03:28 +02:00
Eugen Rochko e164d6a687 Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
2022-07-05 02:41:40 +02:00
Eugen Rochko 4ba66d256a Change e-mail notifications to only be sent when recipient is offline (#17984)
* Change e-mail notifications to only be sent when recipient is offline

Change the default for follow and mention notifications back on

* Add preference to always send e-mail notifications

* Change wording
2022-04-08 18:03:31 +02:00
Eugen Rochko 43c6f1da0f Fix IDN domains not being rendered correctly in a few left-over places (#17848) 2022-03-22 10:07:11 +01:00
Eugen Rochko e3d3b4ae21 Add `/api/v1/accounts/familiar_followers` to REST API (#17700)
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07 09:36:47 +01:00
Eugen Rochko 82f8d19424 Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko 6732217dd0 Change languages to be listed under standard instead of native name in admin UI (#17485) 2022-02-09 04:15:38 +01:00
Eugen Rochko a44cc7931a Remove language detection through cld3 (#17478)
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Eugen Rochko 4375813ea7 Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Claire 8965ccd208 Fix “discoverable” account setting being tied to profile directory (#16637) 2021-08-20 16:11:58 +02:00
Claire 77aea4f85f Change number_to_human calls to always use 3-digits precision (#16469)
Fixes #16435
2021-07-07 21:13:08 +02:00
Claire 9008d0312c Add full user agent in tooltips for login activities (#16428)
Also adds timestamp in HTML itself to not rely on javascript
2021-06-23 16:42:23 +02:00
Eugen Rochko 2067b0bf34 Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
Filipe Rodrigues bbed5ea557 Fix reference to non-existing translation in the exports page. (#15894)
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.

This issue was introduced in commit dcd86204 (PR #14956).

(h/t @meqif for helping with figuring out the bug)
2021-03-15 02:17:29 +01:00
ThibG 8e79bac43d Add import/export feature for bookmarks (#14956)
* Add ability to export bookmarks

* Add support for importing bookmarks

* Add bookmark import tests

* Add bookmarks export test
2020-11-19 17:48:13 +01:00
Eugen Rochko 79f71206de Add subresource integrity for JS and CSS assets (#15096)
Fix #2744
2020-11-06 11:56:31 +01:00
ThibG 79b2d30a19 Add option to disable swiping motions across the WebUI (#13885)
Fixes #13882
2020-09-30 19:31:03 +02:00
abcang e8c39853ad Changed tag most_used to recently_used (#14760) 2020-09-07 17:47:41 +02:00
santiagorodriguez96 f142983484 Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
Eugen Rochko fc7cad8b2d Add ability to remove identity proofs from account (#13682)
Fix #12613
2020-05-10 11:21:10 +02:00
ThibG 3b7373ed4c Fix end-user-facing uses of inline CSS (#13438)
* Move some inline styles to CSS files

* Move default_account_display_name span to fix useless tags with duplicate id

* Change handling of public pages spoiler text from inline CSS to dataset attribute

* Use the `dir` HTML attribute instead of inline CSS

* Move status action bar inline CSS to CSS file

* Hide logo resources from CSS file, not inline CSS

Fixes #11601

* Move translation prompt styling from inline CSS to CSS file

* Move “invited by” styling on registration form from inline to CSS file

* Use the progress tag to display poll results in JS fallback

* Fix poll results JS-less fallback when the user has voted for an option

* Change account public page “moved” notice to use img tags instead of inline CSS

* Move OTP hint inline CSS to SCSS file

* Hide JS-less fallback vote progressbars from accessibility tools

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-28 10:16:55 +02:00
sternenseemann 674005c08e Allow users to delete their header and avatar (#13234)
This is achieved by sending a DELETE request to
/settings/profile/pictures/{avatar,header} via a link that is part of
the upload form's hint of the respective picture.
2020-04-20 14:03:03 +02:00
ThibG dedac235bc Fix account aliases page (#13452)
* Fix error not being displayed when adding an account alias, add error for self-references

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

* Add “You have no aliases.” note in confusing empty aliases table

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-04-13 06:41:43 +02:00
guigeekz eb525ef602 Add submit button to the top of preferences pages (#13068)
* Move submit button to the top of the edit page

* Duplicate save button on long form

* Fix click submit on profile spec
2020-03-08 16:04:03 +01:00
Eugen Rochko 9ebfb23e87 Various fixes and improvements (#12878)
* Fix unused role routes being generated

* Remove unused JavaScript code

* Refactor filters code to be DRYer

* Fix `.count == 0` comparisons to `.empty?` in views

* Fix filters in views
2020-01-20 15:55:03 +01:00
Sasha Sorokin 03f81f7118 Use heading actions and placeholders in settings (#12801)
This commit:

- Refactors centered text blocks currently used for placeholders
  for empty tables and puts styles for it in separate class -
  .centered-text, simply aliasing text-align: center. Which is
  furtherly used in this commit.

- Improves applications settings page to use heading actions, moving
  "New application" button there, and displaying placeholder "You
  have no applications" in place of empty table.

- Improves custom emoji settings page to use heading action
  for "Upload" button, making it more easily accessible without
  need to scroll through all of the emojis.

- Improves email domain blocks settings page, moving "Add new" to the
  heading actions and using placeholder "No e-mail domains currently
  blacklisted" instead of showing empty table.
2020-01-11 02:14:45 +01:00
Sasha Sorokin dd8d0c7d9d Add translation project promotion link (#12736)
This commit adds promotional notice on appearance settings about
translation project if any other locale than English is used. It
allows users to learn and contribute translations to Mastodon.

Step ahead, in this commit one unusual string is added - link to a
guide. By default it refers to Crowdin project itself, but if any of
Mastodon localization teams established their own guide, they can
refer it. Or, if Crowdin supports localized domain for language, it
can also be put there (e.g. https://fr.crowdin.com/...).
2019-12-31 22:15:05 +01:00
Sasha Sorokin ecd71339db Use different strings on exports page (#12569)
Currently the page re-uses strings from other contexts which doesn't fit
very well - strings incorrectly lowercase-d and pluralized, when they
don't need to be, because it's a table.

This commit changes page to re-use accounts.posts_tab_heading for toots,
and admin.accounts for "Following" and "Follows". This all should look
more aesthetically pleasing.
2019-12-19 12:47:55 +01:00
Sasha Sorokin 2b592001b2 Use codeblock for native redirect URI (#12570)
This commit changes how doorkeeper.applications.help.native_redirect_uri
string is being formatted to use <code> tag for native_redirect_uri
placeholder. This makes the URI look more distinguishable.
2019-12-09 04:30:58 +01:00
mayaeh 08693d09ca Fix notifications label (#12517)
* Fix translations not being displayed

* ran `yarn manage:translations en`
2019-12-02 13:39:53 +01:00
Sasha Sorokin 67e19f7977 Improve notifications page (#12497)
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
2019-11-29 17:03:06 +01:00
Faye Duxovni 6bca6dbc2d Add setting for whether to crop images in unexpanded toots (#12126) 2019-10-24 22:51:41 +02:00
Eugen Rochko f5c71a6cd2 Add (back) option to set redirect notice on account without moving followers (#11994)
Fix #11913
2019-09-29 05:03:19 +02:00
Eugen Rochko a2d3728c36 Add account migration UI (#11846)
Fix #10736

- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
2019-09-19 20:58:19 +02:00
Eugen Rochko 1781358bd9 Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
Eugen Rochko 8904a4eb36 Fix TOTP codes not being filtered from logs during enabling/disabling (#11877)
Not a serious issue because they are meaningless past single use
2019-09-18 02:48:40 +02:00
Eugen Rochko 8eb0d880cb Fix 2FA challenge and password challenge for non-database users (#11831)
* Fix 2FA challenge not appearing for non-database users

Fix #11685

* Fix account deletion not working when using external login

Fix #11691
2019-09-15 21:08:39 +02:00
Eugen Rochko 7ef93513f7 Change account deletion page to have better explanations (#11753)
Fix deletion of unconfirmed account not freeing up the username

Add prefill of logged-in user's email in the reconfirmation form
2019-09-04 04:13:54 +02:00
Eugen Rochko 79922ae20f Add profile directory to web UI (#11688)
* Add profile directory to web UI

* Add a line of bio to the directory
2019-08-30 00:14:36 +02:00
Eugen Rochko 8e76c759c1 Add explanation to featured hashtags page and profile (#11586) 2019-08-17 18:07:52 +02:00
Eugen Rochko 191392e5c3 Add trends UI with admin and user settings (#11502) 2019-08-06 17:57:52 +02:00