Commit Graph

1216 Commits (9d3d3d7ab16c77041009df6634da99fb6742f68d)

Author SHA1 Message Date
Eugen Rochko 6732217dd0 Change languages to be listed under standard instead of native name in admin UI (#17485) 2022-02-09 04:15:38 +01:00
Eugen Rochko a44cc7931a Remove language detection through cld3 (#17478)
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Eugen Rochko d979087a98 Fix localization of cold-start follow recommendations (#17479) 2022-02-08 01:53:49 +01:00
Eugen Rochko 25d1195a04 Fix error on account relationships page in admin UI (#17444) 2022-02-05 05:06:34 +01:00
Claire 06f653972a Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire 68a9057420 Add post edited notice in admin and public UIs (#17335)
* Add edited toot flag on public pages

* Add toot edit flag to admin pages
2022-01-20 13:37:31 +01:00
Eugen Rochko 2fb76550a9 Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Eugen Rochko 7b3972c270 Remove IP tracking columns from users table (#16409) 2022-01-16 13:23:50 +01:00
Claire d8da1689c1 Add ability for admins to delete canonical email blocks (#16644)
* Add admin option to remove canonical email blocks from a deleted account

* Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17 23:02:14 +01:00
Claire 44c8b6ff2f Add ability to purge undeliverable domains from admin interface (#16686)
* Add ability to purge undeliverable domains from admin interface

* Add tests
2021-12-17 23:01:21 +01:00
Eugen Rochko 7bf5924339 Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
Eugen Rochko 4375813ea7 Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Eugen Rochko 6c1d78b277 Fix error on trending hashtags/links pages in admin UI due to missing constant (#17044) 2021-11-26 01:12:39 +01:00
Eugen Rochko ad73becf3e Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Eugen Rochko cad446611c Add graphs and retention metrics to admin dashboard (#16829) 2021-10-14 20:44:59 +02:00
Claire 4080a8ec33 Stop setting a shortcode to newly-created media attachments (#16730)
* Stop setting a shortcode to newly-created media attachments

The WebUI has stopped using the “short media URL” in ages. This isn't used
anywhere except for mail notifications.

Deprecating it would allow us to eventually get rid of at least a database
column and corruption-prone index, as well as a controller.

* Fix tests
2021-09-13 18:59:37 +02:00
Claire 8965ccd208 Fix “discoverable” account setting being tied to profile directory (#16637) 2021-08-20 16:11:58 +02:00
Claire 1fcf310c60 Add feature to automatically delete old toots (#16529)
* Add account statuses cleanup policy model

* Record last inspected toot to delete to speed up successive calls to statuses_to_delete

* Add service to cleanup a given account's statuses within a budget

* Add worker to go through account policies and delete old toots

* Fix last inspected status id logic

All existing statuses older or equal to last inspected status id must be
kept by the current policy. This is an invariant that must be kept so that
resuming deletion from the last inspected status remains sound.

* Add tests

* Refactor scheduler and add tests

* Add user interface

* Add support for discriminating based on boosts/favs

* Add UI support for min_reblogs and min_favs, rework UI

* Address first round of review comments

* Replace Snowflake#id_at_start with with_random parameter

* Add tests

* Add tests for StatusesCleanupController

* Rework settings page

* Adjust load-avoiding mechanisms

* Please CodeClimate
2021-08-09 23:11:50 +02:00
Eugen Rochko 2bc9e256cc Add ability to filter reports by origin of target account (#16487) 2021-07-11 11:01:38 +02:00
Eugen Rochko 34dd743b58 Add ability to skip sign-in token authentication for specific users (#16427)
Remove "active within last two weeks" exception for sign in token requirement

Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00
Claire 77aea4f85f Change number_to_human calls to always use 3-digits precision (#16469)
Fixes #16435
2021-07-07 21:13:08 +02:00
David Sterry b4d598b554 Fix #16407 (#16432) 2021-06-27 22:31:28 +02:00
Claire 9008d0312c Add full user agent in tooltips for login activities (#16428)
Also adds timestamp in HTML itself to not rely on javascript
2021-06-23 16:42:23 +02:00
Eugen Rochko 2067b0bf34 Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
Eugen Rochko 91819606f9 Change trending hashtags to be affected be reblogs (#16164)
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending

Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots

Remove references to hashtags in profile directory from the code
and the admin UI
2021-05-07 14:33:43 +02:00
Claire 86f5fad111 Add Ruby 3.0 support (#16046)
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0

Also improve the Terrapin monkey-patch for the stderr/stdout issue.

* Fix keyword argument handling throughout the codebase

* Monkey-patch Paperclip to fix keyword arguments handling in validators

* Change validation_extensions to please CodeClimate

* Bump microformats from 4.2.1 to 4.3.1

* Allow Ruby 3.0

* Add Ruby 3.0 test target to CircleCI

* Add test for admin dashboard warnings

* Fix admin dashboard warnings on Ruby 3.0
2021-05-06 14:22:54 +02:00
Takeshi Umeda c958bc7297 Add management of delivery availability in Federation settings (#15771)
* Add management of delivery availavility in Federation settings

* fix translate

* Remove useless object creation

* Fix DeepSource issue

* Add shortcut for all

* Fix DeepSource(skipcq)

* Change 'remove' to 'clear'

* Fix style

* Change class method name (exhausted_deliveries_key_by)
2021-05-05 23:39:02 +02:00
Eugen Rochko 5b255015f5 Fix error when trying to render component for media without meta (#16112) 2021-05-05 21:16:55 +02:00
Eugen Rochko f5d59b3979 Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
Eugen Rochko 92cf2a4187 Add "recommended" label to activity/peers API toggles in admin UI (#16081) 2021-04-20 13:57:45 +02:00
Eugen Rochko 6d78b064e3 Fix missing source strings and inconsistent lead text style in admin UI (#16052) 2021-04-17 11:12:49 +02:00
Eugen Rochko 92b2d926bf Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
Eugen Rochko 2e8a673376 Remove spam check and dependency on nilsimsa gem (#16011) 2021-04-11 11:22:50 +02:00
Claire 55babb90ac Fix SVG files not being correctly included in templates (#16001)
In Rails 6.1, raw file inclusion in templates have to be explicitly marked as
HTML-safe, otherwise it's rendered as text.
2021-04-05 13:05:49 +02:00
Eugen Rochko 19df881320 Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Claire d27331e99a Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire eee8cedfd4 Fix custom CSS when CDN_HOST is set (#15927) 2021-03-19 20:23:08 +01:00
Filipe Rodrigues bbed5ea557 Fix reference to non-existing translation in the exports page. (#15894)
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.

This issue was introduced in commit dcd86204 (PR #14956).

(h/t @meqif for helping with figuring out the bug)
2021-03-15 02:17:29 +01:00
Claire f05b0ab58a Fix not being able to change world filter expiration back to “Never” (#15858)
Fixes #15849
2021-03-12 05:25:50 +01:00
Claire 6451cfcd83 Fix some ignored brakeman warnings (#15829) 2021-03-07 07:06:56 +01:00
Claire 37d5bae34f Add inline description of moderation actions in moderation interface (#15792) 2021-02-24 16:53:16 +01:00
Claire 6ff52096d7 Fix server rules not being displayed if extended server discription isn't set (#15778) 2021-02-22 18:26:24 +01:00
Eugen Rochko 4930e71ae7 Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Jeong Arm b2572f0b29 Use custom mascot on static share page (#15687)
* Use custom mascot on static share page

* Use full_asset_url
2021-02-11 02:18:56 +01:00
ThibG c9d9e96e75 Fix Google Translate breaking web interface (#15610)
- marks the page as a whole as untranslatable
- still marks user text as translatable

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-21 14:29:54 +01:00
Takeshi Umeda e90b31f176 Fix expand video on public page (#15469) 2020-12-30 23:18:11 +01:00
Eugen Rochko 46b249ece6 Fix missing description on enable bootstrap timeline accounts toggle in admin UI (#15367) 2020-12-19 00:19:15 +01:00
Eugen Rochko 816df80b86 Add option to obfuscate domain name in public list of domain blocks (#15355)
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
2020-12-18 08:30:41 +01:00
ThibG 02bd1060d8 Fix admins being able to suspend their instance actor (#14567)
* Fix admin being able to suspend their own instance account

* Add text about the instance's own actor in admin view

* Change instance actor notice from flash message to template

* Do not list local instance actor in account moderation list
2020-12-15 17:23:58 +01:00
Eugen Rochko 812f2bdb8f Change RTL detection to rely on unicode-bidi paragraph by paragraph (#14573) 2020-12-15 12:56:43 +01:00
Mashiro 9129058192 Add "invite request content" display in user account admin page (#15265)
* feat: display `invite_request_text` in admin's user account page

* fix: move invite_request to the bottom of accounts page

* fix: remove time display, remove formate, change code terminology

* fix: remove escape
2020-12-15 06:28:14 +01:00
ThibG 3debd888a6 Add indication to admin UI of whether a report has been forwarded (#13237)
* Add indication to admin UI of whether a report has been forwarded

* Rework how forwarded status is displayed

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15 04:30:15 +01:00
ThibG 64eaaff345 Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
Eugen Rochko df8874b24e Fix performance on instances list in admin UI (#15282)
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
2020-12-14 09:06:34 +01:00
Eugen Rochko c2ff16b1ed Change number format on about page from full to shortened (#15327) 2020-12-14 05:09:14 +01:00
ThibG e1ef5f3b31 Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
ThibG b62b44a0e1 Change public thread view to hide "Show thread" link (#15266)
Fixes #15262
2020-12-02 21:21:44 +01:00
Eugen Rochko a217a14b58 Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228) 2020-11-28 05:17:53 +01:00
ThibG 8e79bac43d Add import/export feature for bookmarks (#14956)
* Add ability to export bookmarks

* Add support for importing bookmarks

* Add bookmark import tests

* Add bookmarks export test
2020-11-19 17:48:13 +01:00
Takeshi Umeda f0a79a9fa8 Add interrelationship icon (#15149)
* Add interrelationship icon

* Fix arrow for rtl

* Fix to predefined color
2020-11-12 17:43:12 +01:00
Takeshi Umeda 1dde6183a3 Add follow selected followers button (#15148)
* Add follow selected followers button

* Fix unused variable

* Fix i18n normalize
2020-11-12 16:58:00 +01:00
Eugen Rochko 79f71206de Add subresource integrity for JS and CSS assets (#15096)
Fix #2744
2020-11-06 11:56:31 +01:00
Mélanie Chauvel 87042c99ee Display “Show newer” and “Show older” instead of “Show more” in public pages (#15052) 2020-11-04 21:15:45 +01:00
Takeshi Umeda 385c2eac6f Add account sensitized (#14361)
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
2020-11-04 20:45:01 +01:00
Mélanie Chauvel f7eae6d264 Make visibility icon clickable as part of the time of a toot (#15053)
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
2020-10-27 03:00:47 +01:00
ThibG ce87767572 Change how CDN_HOST is passed down to make assets build reproducible (#14381)
* Change how CDN_HOST is passed down to make assets build reproducible

* Change webpacker/webpack configuration to dynamically load publicPath based on meta header

* Fix embedded layout missing the cdn-host meta header
2020-10-13 01:19:35 +02:00
Eugen Rochko da4c730c47 Add IP-based rules (#14963) 2020-10-12 16:33:49 +02:00
Eugen Rochko adaf3f7b7a Remove dependency on goldfinger gem (#14919)
There are edge cases where requests to certain hosts timeout when
using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
that we no longer need to support OStatus servers, webfinger logic
is so simple that there is no point encapsulating it in a gem, so
we can just use our own Request class. With that, we benefit from
more robust timeout code and IPv4/IPv6 resolution.

Fix #14091
2020-10-08 00:34:57 +02:00
Eugen Rochko 5c10211bcd Fix regressions in icon buttons in web UI (#14915) 2020-10-04 15:02:36 +02:00
ThibG 79b2d30a19 Add option to disable swiping motions across the WebUI (#13885)
Fixes #13882
2020-09-30 19:31:03 +02:00
Jeremy Rose 4b59090add add og:published_time to opengraph meta tags (#14865) 2020-09-24 23:32:13 +02:00
Takeshi Umeda 218ea2dedb Fix method of the DELETE DATA button (#14855) 2020-09-21 20:37:19 +02:00
Eugen Rochko e514304a76 Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
Eugen Rochko 403aeeb7e0 Refactor settings controllers (#14767)
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
2020-09-11 20:56:35 +02:00
abcang e8c39853ad Changed tag most_used to recently_used (#14760) 2020-09-07 17:47:41 +02:00
santiagorodriguez96 f142983484 Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
ThibG 9a6ec27a87 Fix client-side form validation not accepting handles with uppercase letters (#14599) 2020-08-19 19:00:47 +02:00
ThibG 191fc742e9 Fix hardcoded non-breaking space in public view (#14568) 2020-08-13 12:04:28 +02:00
ThibG ef710bbff6 Add client-side validation in password change forms (#14564)
* Fix client-side username validation at registration

It used the Account::USERNAME_RE regexp which is for *remote* users,
local user validation is stricter. Also take into account max username length.

* Add client-side form validation for password change

* Add client-side form validation to dedicated registration form

Previous changes only applied to the /about page, not the dedicated form on
/auth
2020-08-12 12:11:15 +02:00
ThibG 22aba16386 Add HTML form validation for the registration form (#14560)
* Add HTML-level validation of username in sign-up form

* Make required fields with incorrect values more visible

* Enable HTML form validation for the registration form

* Mark agreement checkbox as required client-side

* Add minimum length to password

* Add client-side password confirmation validation
2020-08-11 23:09:13 +02:00
ThibG be88d4f851 Fix audio/video player not using CDN_HOST in media paths on public pages (#14486) 2020-08-02 19:03:10 +02:00
Eugen Rochko 7438f56da3 Fix videos on public pages not using custom thumbnails (#14273) 2020-07-09 12:53:16 +02:00
ThibG aa7142b9e2 Fix hashtag column options styling (#14247)
* Enable nonces for stylesheets

* Pass nonce to react-select
2020-07-07 01:33:38 +02:00
Eugen Rochko 8517a5fdb4 Add color extraction for audio thumbnails (#14209) 2020-07-05 18:28:25 +02:00
ThibG 9e14647df8 Fix lock icon not being shown when locking account in profile settings (#14190) 2020-07-01 13:51:50 +02:00
Eugen Rochko a3ce01a102 Add customizable thumbnails for audio and video attachments (#14145)
- Change audio files to not be stripped of metadata
- Automatically extract cover art from audio if it exists
- Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
- Add `icon` to represent it in attachments in ActivityPub
- Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
- Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-29 13:56:55 +02:00
Mélanie Chauvel 2fca9d3715 Improve appearence consistency of settings pages (#13938)
* Fix header button changing header size in settings pages

* Make form buttons look more like a part of the form in settings pages

- Put buttons closer, using same distance as between inputs
- Make buton font size a bit smaller to blend a bit more
- Add the class button to button tags for consisent styling
2020-06-26 00:36:30 +02:00
Takeshi Umeda 1aed75c2d0 Add a visibility icon to status (#14123)
* Add a visibility icon to status

* Change to using the icon element

* Fix RTL

* Add a public globe
2020-06-25 22:43:59 +02:00
Eugen Rochko 12ac904a33 Fix various issues around OpenGraph representation of media (#14133)
- Fix audio attachments not being represented in OpenGraph tags
- Fix audio being represented as "1 image" in OpenGraph descriptions
- Fix video metadata being overwritten by paperclip-av-transcoder
- Fix embedded player not using Mastodon's UI
- Fix audio/video progress bars not moving smoothly
- Fix audio/video buffered bars not displaying correctly
2020-06-25 01:33:01 +02:00
Mélanie Chauvel a617a8394b Improve wording and add titles on moderated servers section in /about/more (#13930) 2020-06-09 10:28:02 +02:00
Eugen Rochko 2dbf6bc5ad Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
ThibG eda9bb35f1 Hide sensitive preview cards with blurhash (#13985)
* Use preview card blurhash in WebUI

* Handle sensitive preview cards
2020-06-06 17:41:56 +02:00
ThibG 8b552d6f0c Fix unpermitted operations on custom emojis leading to cryptic errors (#13951)
* Display appropriate error when performing unpermitted operation on custom emoji

Fixes #13897

* Remove links to custom emoji actions not performable by moderators
2020-06-05 15:23:27 +02:00
Mélanie Chauvel 8579befd58 Put “Add new domain block” button on /admin/instances in header (#13934) 2020-06-03 20:19:14 +02:00
ThibG e93c08ab96 Fix some account avatars on public pages having incorrect size (#13692)
* Fix some account avatars on public pages having incorrect size

* Remove outdated and overridden width and height attributes

* Remove more hardcoded width/height attributes
2020-05-13 21:20:34 +02:00
Eugen Rochko fc7cad8b2d Add ability to remove identity proofs from account (#13682)
Fix #12613
2020-05-10 11:21:10 +02:00
ThibG b20d0db1eb Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
2020-05-08 21:22:57 +02:00
ThibG 20ffc12cda Fix use of inline CSS in public pages (#13576)
Change `account_link_to` to use an image tag rather than some
inline CSS. Dropped the `size` parameter in the process, but it wasn't
used for anything except the default value of 36px.

Dropped CSS rules that were always overriden, and defaulted to 36px width
and height instead.
2020-05-03 22:04:18 +02:00
ThibG a30829deee Fix admin-facing uses of inline CSS (#13575)
* Move .back-button inline styles to CSS file

All occurrences of the back-button CSS class used the same inline
CSS rules, so moved them over to the CSS file

* Fix “Add new domain block” button using inline CSS

* Replace common pattern of inline-styled button boxes by a CSS class

In particular, switching from `float: left/right` to a flexbox with
`justify-content: space-between`. This implied changing the order of
a few HTML tags and adding an empty `div` in one case.

Also removed a `margin-bottom` rule that wasn't needed due to the
margins of surrounding elements.

* Move account admin view inline CSS to CSS file
2020-04-28 19:39:16 +02:00
ThibG 3b7373ed4c Fix end-user-facing uses of inline CSS (#13438)
* Move some inline styles to CSS files

* Move default_account_display_name span to fix useless tags with duplicate id

* Change handling of public pages spoiler text from inline CSS to dataset attribute

* Use the `dir` HTML attribute instead of inline CSS

* Move status action bar inline CSS to CSS file

* Hide logo resources from CSS file, not inline CSS

Fixes #11601

* Move translation prompt styling from inline CSS to CSS file

* Move “invited by” styling on registration form from inline to CSS file

* Use the progress tag to display poll results in JS fallback

* Fix poll results JS-less fallback when the user has voted for an option

* Change account public page “moved” notice to use img tags instead of inline CSS

* Move OTP hint inline CSS to SCSS file

* Hide JS-less fallback vote progressbars from accessibility tools

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-28 10:16:55 +02:00
ThibG 207c5ab2a3 Fix /public showing public instead of community timeline for logged-in users (#13499) 2020-04-28 09:43:45 +02:00
sternenseemann 674005c08e Allow users to delete their header and avatar (#13234)
This is achieved by sending a DELETE request to
/settings/profile/pictures/{avatar,header} via a link that is part of
the upload form's hint of the respective picture.
2020-04-20 14:03:03 +02:00
Takeshi Umeda f5606cdab4 Add local only to hashtag timeline (#13502) 2020-04-18 21:52:39 +02:00
Eugen Rochko 2d3219549b Change delivery failure tracking to work with hostnames instead of URLs (#13437) 2020-04-15 20:33:24 +02:00
ThibG add34dd132 Fix “Email changed” notification sometimes having wrong e-mail (#13475)
* Fix “Email changed” notification sometimes having wrong e-mail

Fixes #6778

The root of the issue is that `send_devise_notification` was called before
the changes were properly commited to the database, causing the mailer to
pick previous values if running too early.

Devise's documentation provides guidance on how to handle that[1][2], however,
I have found it to not be working, as the following happens, in that order:
- `send_devise_notification` is called for the `email_changed` notification.
  In that case, `changed?` is false and `saved_changes?` is true, so
  if we use the former, we have the same issue.
- the `after_commit` hook is called
- `send_devise_notification` is called for the `confirmation_instructions`
  notification.
  In that case, `changed?` is still false, and `saved_changes?` still true,
  so if we use the latter, that second notification email is simply not
  going to be sent (as we would be queuing the notification *after*
  executing the after_commit hook).

This is because it may be called from either an `after_update` or
`after_commit` hook, the difference not being a call to `save` but the
transaction actually being committed to the database. This may arguably
be a bug in Devise, or Devise's notification.

The proposed workaround is inspired by Devise's documentation but checks
whether a transaction is open to make the call whether to immediately
send the notification or defer it to the `after_commit` hook.

[1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification
[2]: 406915cb78/lib/devise/models/authenticatable.rb (L133-L194)

* Fix cases when sending notifications without changing the model

* Defer sending if and only if in transaction including current record
2020-04-15 16:13:44 +02:00
ThibG dedac235bc Fix account aliases page (#13452)
* Fix error not being displayed when adding an account alias, add error for self-references

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

* Add “You have no aliases.” note in confusing empty aliases table

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-04-13 06:41:43 +02:00
Leonie a1cc7b361c Fix API footer link in Web UI (#13441)
Co-authored-by: koyu <me@koyu.spac>
2020-04-12 13:38:14 +02:00
ThibG b746bda60e Fix styling of polls in JS-less fallback on public pages (#13436) 2020-04-07 18:21:58 +02:00
Eugen Rochko 6932e0e2af Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
Sasha Sorokin abbc0c6a87 Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.

Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
2020-04-02 17:10:55 +02:00
Eugen Rochko 9ced8b6dd5 Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12 22:35:20 +01:00
Eugen Rochko da9d81c4ac Add titles to warning presets in admin UI (#13252) 2020-03-12 17:57:59 +01:00
guigeekz eb525ef602 Add submit button to the top of preferences pages (#13068)
* Move submit button to the top of the edit page

* Duplicate save button on long form

* Fix click submit on profile spec
2020-03-08 16:04:03 +01:00
ThibG cb93be3b88 Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads

* Refactor and move links into hints

* Fix i18n tests

* Fix HTML output of site_upload_delete_hint
2020-03-08 16:00:24 +01:00
ThibG 49f5db61bc Add sorting by username, creation and last activity in moderation view (#13076)
* Add ability to order accounts in moderation view

* Display last status date in “Most recent activity” for remote users
2020-03-08 15:39:13 +01:00
Eugen Rochko a4668d994b Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
ThibG d7da2bba02 Fix misleading error when attempting to re-send a pending follow request (#13133)
Fixes #13131
2020-02-24 21:19:19 +01:00
ThibG e2b6503921 Fix account's bio not being shown if there are no proofs/fields in admin UI (#13075) 2020-02-17 16:38:59 +01:00
ThibG d5a71bf924 Fix invite request input not being shown on sign-up error if left empty (#13089)
If the “Why do you want to join?” textarea is left empty and the entered params
do not validate, the textarea isn't shown again, unlike other fields.

This commit fixes that by populating an empty `UserInviteRequest` when needed.
2020-02-16 12:38:22 +01:00
Eugen Rochko 9c2d10cd0c Fix punycode being rendered instead of unicode in some places (#13030) 2020-02-03 18:44:54 +01:00
Sasha Sorokin 864c9a2141 Add "Show thread" button to public profiles (#13000)
This adds "Show thread" button to the status view which is used in
profiles. The logic to display the button is mimicking logic in
web app available at app/javascript/mastodon/components/status.js#L439.

* The little change in components CSS required to remove enforced
  underline for all links on public pages on our button.
2020-01-29 17:35:54 +01:00
Eugen Rochko 6c643bed6a Fix design of announcements in admin UI (#12989) 2020-01-28 02:21:00 +01:00
Eugen Rochko 9fb8165712 Add publish/unpublish controls to announcements in admin UI (#12967) 2020-01-27 11:05:33 +01:00
ThibG d9cdd58423 Change last_status_at to be a date, not datetime (#12966)
* Return last_status_at as date, not datetime

* Fix relative timestamp for dates when delay is inferior to 1 day

* Also fix public directory

* Fix error when last_status_at isn't set
2020-01-26 23:13:48 +01:00
Eugen Rochko 36b1dd934d Fix relationships page not showing results in admin UI (#12934)
Follow-up to #12927
2020-01-24 00:20:23 +01:00
Eugen Rochko f95fd62bac Add announcements (#12662)
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
Eugen Rochko 67172aa4f9 Change followers page to relationships page in admin UI (#12927)
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
2020-01-23 20:33:20 +01:00
ThibG 243c5118f1 Fix duplicate “description” meta tag on accounts public pages (#12923)
Fixes #12920
2020-01-22 16:26:23 +01:00
Eugen Rochko 9a9eb0f3d4 Fix not all of account's active IPs showing up in admin UI (#12909) 2020-01-20 18:00:54 +01:00
ThibG 4a6e4aa83e Fix admin interface crashing when listing boosts with non-video media attachments (#12907)
Fix regression introduced by #12879
2020-01-20 17:39:14 +01:00
Eugen Rochko 9ebfb23e87 Various fixes and improvements (#12878)
* Fix unused role routes being generated

* Remove unused JavaScript code

* Refactor filters code to be DRYer

* Fix `.count == 0` comparisons to `.empty?` in views

* Fix filters in views
2020-01-20 15:55:03 +01:00
Eugen Rochko e499b6ad7e Change reported media attachments to always be hidden in admin UI (#12879)
Also:

- Fix Mastodon logo not showing up in status embeds
- Fix blurhash not being used in status embeds
- Fix blurhash not being used in admin UI
- Fix autoplay param not working correctly on status embeds
2020-01-18 19:50:43 +01:00
Sasha Sorokin 03f81f7118 Use heading actions and placeholders in settings (#12801)
This commit:

- Refactors centered text blocks currently used for placeholders
  for empty tables and puts styles for it in separate class -
  .centered-text, simply aliasing text-align: center. Which is
  furtherly used in this commit.

- Improves applications settings page to use heading actions, moving
  "New application" button there, and displaying placeholder "You
  have no applications" in place of empty table.

- Improves custom emoji settings page to use heading action
  for "Upload" button, making it more easily accessible without
  need to scroll through all of the emojis.

- Improves email domain blocks settings page, moving "Add new" to the
  heading actions and using placeholder "No e-mail domains currently
  blacklisted" instead of showing empty table.
2020-01-11 02:14:45 +01:00
Sasha Sorokin fc0a089800 Rename page_heading_actions variable (#12799)
Current name - page_heading_actions is long and hard to remember,
this commit shortens it to just heading_actions, which is way more
easier to remember and write, it's logical too.
2020-01-10 01:10:17 +01:00
Sasha Sorokin b5426b4e9a Little improvements to filters settings page (#12793)
When you have many filters, it may be hard for you to reach the button
to create yet another one. This commit moves creation button to the
heading, leaving the page just for the list.

On the other hand, when there are no filters, page looks kind of
strange with the empty table. So text stating obvious fact that user
has no filters was added in this commit too.

Closes #11020
Closes #12790
2020-01-07 10:41:19 +01:00
Eugen Rochko 9a1f8c34b0 Fix cache digesting log noise on status embeds (#12750) 2020-01-03 05:00:17 +01:00
Sasha Sorokin dd8d0c7d9d Add translation project promotion link (#12736)
This commit adds promotional notice on appearance settings about
translation project if any other locale than English is used. It
allows users to learn and contribute translations to Mastodon.

Step ahead, in this commit one unusual string is added - link to a
guide. By default it refers to Crowdin project itself, but if any of
Mastodon localization teams established their own guide, they can
refer it. Or, if Crowdin supports localized domain for language, it
can also be put there (e.g. https://fr.crowdin.com/...).
2019-12-31 22:15:05 +01:00
ThibG 1919ddbe6f Fix batch actions on non-pending tags in admin interface (#12537)
- Allow batch actions on unreviewed tags
- Hide checkboxes when batch actions aren't available
2019-12-29 05:41:26 +01:00
Sasha Sorokin ecd71339db Use different strings on exports page (#12569)
Currently the page re-uses strings from other contexts which doesn't fit
very well - strings incorrectly lowercase-d and pluralized, when they
don't need to be, because it's a table.

This commit changes page to re-use accounts.posts_tab_heading for toots,
and admin.accounts for "Following" and "Follows". This all should look
more aesthetically pleasing.
2019-12-19 12:47:55 +01:00
Alice Gaudon a285b3c63c Admin setting to disable default follows (#12566) 2019-12-16 23:55:50 +01:00
Sasha Sorokin 65b17826c9 Improve report page structure (#12615)
* Move resolved button to the heading

This is one of the commits on improving overall reports page structure.
It changes where resolved button is located, moving it to the heading,
right next to the "Report #n" header, so-called "hot-place" to look at.

To accomplish this we have to declare one more content variable, change
admin dashboard template to respect it and CSS files for minor styling,
so buttons are inlined and centrally aligned according to the heading.

* Move actions buttons below the report table

I believe that actions to react on report should not be located at the
top of the page, instead they should be either after the table or
reporter's comment. This is just a logical sign that you should not
react to the report without reading all the details first.
2019-12-16 23:55:16 +01:00
Sasha Sorokin 1cc1840170 Avoid using pluralize on moderation pages (#12589)
Pluralize function from Rails framework does not work with other
languages than English, moreover it does not even work properly with
English [1]. Not that the latest applies to this context, it's just
a sign that we best to avoid this function, especially when there are
more reliable ways.

This commit changes how reports pages generated in order to avoid usage
of pluralize function, replacing it with default translation function,
called with given counter. On top of that, we have to make strings
pluralizable, so have to change locale files.

[1]: https://medium.com/@anna7/b3927de2ca8e#6a60
2019-12-12 19:50:23 +01:00
Sasha Sorokin 2b592001b2 Use codeblock for native redirect URI (#12570)
This commit changes how doorkeeper.applications.help.native_redirect_uri
string is being formatted to use <code> tag for native_redirect_uri
placeholder. This makes the URI look more distinguishable.
2019-12-09 04:30:58 +01:00
mayaeh 08693d09ca Fix notifications label (#12517)
* Fix translations not being displayed

* ran `yarn manage:translations en`
2019-12-02 13:39:53 +01:00
ThibG 64f7474899 Link to reports targetting instance in admin view (#12513) 2019-12-01 19:03:43 +01:00
Sasha Sorokin 33696a4b44 Split relationships page strings (#12502)
Before this moment relationships managing page was using strings from
other context - from counters, but in order for translators to be able
to translate it relatively to the page, it must use separate strings.

I've split the strings for "Following" and "Followers" and put them to
"relationships" keyset in localization file. This should solve this
issue.

Fixes #10863
2019-12-01 07:08:40 +01:00
ThibG 4b0a6d79dd Add ability to filter reports by target account domain (#12154)
* Add ability to filter reports by target account domain

* Reword by_target_domain label
2019-11-30 19:53:58 +01:00
Sasha Sorokin 67e19f7977 Improve notifications page (#12497)
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
2019-11-29 17:03:06 +01:00
ThibG d1eebde0ff Fix blur behind closed registration message (#12442)
* Fix closed registration message blur

* Adjust overlay margins to account for blur

Fixes #12425
2019-11-22 15:56:59 +01:00
Yamagishi Kazutoshi fdda54272d Change message of public timeline for local only (#12224) 2019-10-27 12:45:33 +01:00