Thibaut Girka
c060523dc2
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/controllers/home_controller.rb
- app/controllers/shares_controller.rb
- app/javascript/packs/public.js
- app/models/status.rb
- app/serializers/initial_state_serializer.rb
- app/views/home/index.html.haml
- app/views/layouts/public.html.haml
- app/views/public_timelines/show.html.haml
- app/views/shares/show.html.haml
- app/views/tags/show.html.haml
- config/initializers/content_security_policy.rb
- config/locales/en.yml
- config/webpack/shared.js
- package.json
2019-08-19 21:49:35 +02:00
Eugen Rochko
dde2c17e12
Fix uncaught 422 and 500 errors ( #11590 )
2019-08-18 18:04:18 +02:00
Eugen Rochko
88ef061da1
Fix 422 being returned instead of 404 when POSTing ( #11574 )
2019-08-16 02:08:35 +02:00
Thibaut Girka
4973ba2d1f
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/controllers/directories_controller.rb
- package.json
- yarn.lock
2019-07-30 12:22:33 +02:00
Eugen Rochko
825dc3ca22
Add whitelist mode ( #11291 )
2019-07-30 11:10:46 +02:00
Thibaut Girka
579ccb0bb9
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/controllers/application_controller.rb
- app/controllers/auth/confirmations_controller.rb
- app/controllers/auth/sessions_controller.rb
- app/controllers/settings/deletes_controller.rb
- app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
2019-07-23 10:51:07 +02:00
Eugen Rochko
6be7b414e2
Change unconfirmed user login behaviour ( #11375 )
...
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
Eugen Rochko
79b9eee938
Add (back) rails-level JSON caching ( #11333 )
2019-07-21 22:32:16 +02:00
Eugen Rochko
2b4fa0d6fa
Change locale detection to run once per session ( #8657 )
...
Fix #6462
2019-07-21 18:08:02 +02:00
Thibaut Girka
eecce7e59b
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- Gemfile.lock
- app/controllers/accounts_controller.rb
- app/controllers/admin/dashboard_controller.rb
- app/controllers/follower_accounts_controller.rb
- app/controllers/following_accounts_controller.rb
- app/controllers/remote_follow_controller.rb
- app/controllers/stream_entries_controller.rb
- app/controllers/tags_controller.rb
- app/javascript/packs/public.js
- app/lib/sanitize_config.rb
- app/models/account.rb
- app/models/form/admin_settings.rb
- app/models/media_attachment.rb
- app/models/stream_entry.rb
- app/models/user.rb
- app/serializers/initial_state_serializer.rb
- app/services/batched_remove_status_service.rb
- app/services/post_status_service.rb
- app/services/process_mentions_service.rb
- app/services/reblog_service.rb
- app/services/remove_status_service.rb
- app/views/admin/settings/edit.html.haml
- config/locales/simple_form.pl.yml
- config/settings.yml
- docker-compose.yml
2019-07-19 18:26:49 +02:00
ThibG
c2126e3f98
Add ActivityPub actor representing the entire server ( #11321 )
...
* Add support for an instance actor
* Skip username validation for local Application accounts
* Add migration script to create instance actor
* Make Codeclimate happy
* Switch to id -99 for instance actor
* Remove unused `icon` and `image` attributes from instance actor
* Use if/elsif/else instead of return + ternary operator
* Add instance actor to fresh installs
* Use instance actor as instance representative
Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.
* Seed database in test environment
* Fix single-user mode
* Fix tests
* Fix specs to accomodate for an extra `Account`
* Auto-reject follows on instance actor
Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.
* Fix webfinger lookup and serialization for instance actor
* Rename instance actor
* Make it clear in the HTML view that the instance actor should not be blocked
* Raise cache time for instance actor as there's no dynamic content
* Re-use /about/more with a flash message for instance actor profile
2019-07-19 01:44:42 +02:00
ThibG
a4b1083795
Fix caching headers in ActivityPub endpoints ( #11331 )
...
* Fix reverse-proxy caching in public fetch mode
* Fix caching in ActivityPub-specific controllers
2019-07-17 00:00:39 +02:00
Eugen Rochko
39719ae981
Add ActivityPub secure mode ( #11269 )
...
* Add HTTP signature requirement for served ActivityPub resources
* Change `SECURE_MODE` to `AUTHORIZED_FETCH`
* Add 'Signature' to 'Vary' header and improve code style
* Improve code style by adding `public_fetch_mode?` method
2019-07-11 20:11:09 +02:00
Eugen Rochko
56f0203c66
Refactor controllers for statuses, accounts, and more ( #11249 )
2019-07-08 12:03:45 +02:00
Thibaut Girka
acbed64f3d
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/controllers/settings/preferences_controller.rb
- app/lib/user_settings_decorator.rb
- app/models/user.rb
- config/locales/simple_form.en.yml
2019-06-26 23:19:22 +02:00
Eugen Rochko
8ed78f0b85
Fix unnecessary SQL query performed on unauthenticated requests ( #11179 )
2019-06-25 20:18:15 +02:00
Thibaut Girka
00552d2f79
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/controllers/statuses_controller.rb
- app/controllers/stream_entries_controller.rb
2019-06-07 17:00:36 +02:00
ThibG
806c2f8102
Cleanup various controllers ( #10972 )
...
* Remove skip_session! as it is not supported in Rails 5
* Minor cleanup in StreamEntriesController
* Remove redundant mark_cacheable! calls
2019-06-05 14:02:59 +02:00
Thibaut Girka
365de06816
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/controllers/accounts_controller.rb
- app/controllers/follower_accounts_controller.rb
- app/controllers/statuses_controller.rb
All conflicts caused by the additional `use_pack` used for glitch-soc's theming
system.
2019-03-18 18:03:27 +01:00
Ben Lubar
591c26dc97
Reduce server load caused by anonymous viewing. ( #9059 )
...
Do not start a session if the current user is not logged in for public-facing pages.
Mark pages that don't care about sessions as publicly cacheable.
Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.
Fixes #9035 .
2019-03-17 15:39:25 +01:00
Thibaut Girka
478abe3a58
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
- app/models/status.rb
Resolved by taking both changes (not a real conflict, just changes too close
to each other).
2018-11-27 13:23:02 +01:00
Eugen Rochko
7a939f7cfc
Remove intermediary arrays when creating hash maps from results ( #9291 )
2018-11-16 15:02:18 +01:00
Thibaut Girka
c954f89bdd
Merge branch 'master' into glitch-soc/merge-upstream
2018-10-28 08:37:49 +01:00
Eugen Rochko
cf2ab9c394
Include preview cards in status entity in REST API ( #9120 )
...
* Include preview cards in status entity in REST API
* Display preview card in-stream
* Improve in-stream display of preview cards
2018-10-28 06:35:03 +01:00
Thibaut Girka
4dd208f482
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
app/controllers/oauth/authorizations_controller.rb
Just two changes being too close to one another.
Took both.
2018-09-11 16:51:26 +02:00
Eugen Rochko
72a8ca84e0
Add force_login option to OAuth authorize page ( #8655 )
...
* Add force_login option to OAuth authorize page
For when a user needs to sign into an app from multiple accounts
on the same server
* When logging out from modal header, redirect back after re-login
2018-09-09 04:10:44 +02:00
Thibaut Girka
69212ed0ad
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
app/controllers/application_controller.rb
Changed instance theme selection by instance flavour selection.
2018-08-24 15:10:34 +02:00
Eugen Rochko
413a28499d
Allow mods to disable login, improve message when login disabled ( #8329 )
...
* Allow moderators to disable/enable login
* Instead of rejecting login, show forbidden error when login disabled
Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.
* Fix tests
2018-08-23 23:26:29 +02:00
Jakub Mendyk
289b4f2838
Add ability to change an instance default theme from the administration panel ( #7092 ) ( #8381 )
...
* Add default_settings class method to ScopedSettings
ScopedSettings was extended to use value of unscoped setting instead of
only using defaults set in config/settings.yml for selected settings.
This adds possibility for admins to set default values of users' settings,
for example default theme (as requested in #7092 ).
* Add ability to change an instance default theme
Closes #7092
2018-08-23 14:17:35 +02:00
Thibaut Girka
98dccee657
Merge branch 'master' into glitch-soc/master
...
Conflicts:
config/routes.rb
Added the “endorsements” route from upstream.
2018-08-21 18:24:48 +02:00
abcang
af2122bcf9
Unuse ActiveRecord::Base#cache_key ( #8185 )
...
* Unuse ActiveRecord::Base#cache_key
* Enable cache_versioning
* Call cache_collection
2018-08-19 15:52:38 +02:00
Thibaut Girka
3dc4f8e2ca
Merge branch 'master' into glitch-soc/merge-upstream
...
Conflicts:
config/locales/ca.yml
config/locales/nl.yml
config/locales/oc.yml
config/locales/pt-BR.yml
Resolved conflicts by removing upstream-specific changes
2018-05-27 13:20:15 +02:00
Eugen Rochko
83b124d54b
Catch ActionController::UnknownFormat and return HTTP 406 ( #7621 )
...
An error like that should not appear in production error log.
2018-05-26 01:09:30 +02:00
Thibaut Girka
d0b753db6b
Merge branch 'master' into glitch-soc/merge
...
Conflicts:
app/controllers/invites_controller.rb
app/serializers/initial_state_serializer.rb
config/locales/ko.yml
2018-05-11 18:12:42 +02:00
ThibG
6222c7def7
Update session activation time ( fixes #5605 ) ( #7408 )
2018-05-11 13:20:58 +02:00
Jenkins
62ce70f28c
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-04-03 19:17:20 +00:00
Emelia Smith
078aa8b5ae
Improve require_admin! and require_staff! filters ( #7018 )
...
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
2018-04-03 13:07:32 +02:00
David Yip
c08c971dd3
Merge remote-tracking branch 'origin/master' into merge-upstream
...
Conflicts:
README.md
app/controllers/follower_accounts_controller.rb
app/controllers/following_accounts_controller.rb
app/serializers/rest/instance_serializer.rb
app/views/stream_entries/_simple_status.html.haml
config/locales/simple_form.ja.yml
2018-03-02 21:46:44 -06:00
Eugen Rochko
9721b7746a
Fix #942 : Seamless LDAP login ( #6556 )
2018-02-28 19:04:53 +01:00
imncls
c0aabbec0f
Merge branch 'master' of https://github.com/tootsuite/mastodon
...
# Conflicts:
# app/controllers/settings/exports_controller.rb
# app/models/media_attachment.rb
# app/models/status.rb
# app/views/about/show.html.haml
# docker_entrypoint.sh
# spec/views/about/show.html.haml_spec.rb
2018-02-23 23:28:31 +09:00
Eugen Rochko
eb5b1b45d9
Fix #6526 : Only store redirect location if not in JSON format ( #6528 )
2018-02-22 00:51:30 +01:00
David Yip
6d1023b2e9
Merge remote-tracking branch 'tootsuite/master' into merge-upstream
...
Conflicts:
app/javascript/styles/mastodon/components.scss
2018-02-02 08:39:52 -06:00
Alexander
23ce0c86da
pam authentication ( #5303 )
...
* add pam support, without extra column
* bugfixes for pam login
* document options
* fix code style
* fix codestyle
* fix tests
* don't call remember_me without password
* fix codestyle
* improve checks for pam usage (should fix tests)
* fix remember_me part 1
* add remember_token column because :rememberable requires either a password or this column.
* migrate db for remember_token
* move pam_authentication to the right place, fix logic bug in edit.html.haml
* fix tests
* fix pam authentication, improve username lookup, add comment
* valid? is sometimes not honored, return nil instead trying to authenticate with pam
* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests
* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user
* codeconvention fixes
* code convention fixes
* fix idention
* update dependency, explicit conflict check
* fix disabled password updates if in pam mode
* fix check password if password is present, fix templates
* block registration if account is maintained by pam
* Revert "block registration if account is maintained by pam"
This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.
* fix identation error introduced by rebase
* block usernames maintained by pam
* document pam settings better
* fix code style
2018-02-02 10:18:55 +01:00
David Yip
22286ee6cd
Merge remote-tracking branch 'personal/merge/tootsuite/master' into gs-master
2018-01-07 13:30:52 -06:00
David Yip
9e5b431655
Use error pack when rendering error pages. Fixes #305 .
2018-01-07 13:30:17 -06:00
Jenkins
8704a190c0
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-01-07 15:17:13 +00:00
Yamagishi Kazutoshi
c89bb8ae40
Fix force_ssl conditional ( #6201 )
2018-01-07 15:19:23 +01:00
Yamagishi Kazutoshi
63c17a66b8
Fix unintended cache ( #6214 )
2018-01-07 15:12:59 +01:00
David Yip
a37e295901
Merge remote-tracking branch 'ykzts/fix-unintended-cache' into gs-master
2018-01-07 00:32:24 -06:00
Yamagishi Kazutoshi
4f24f54739
Fix unintended cache
2018-01-07 14:59:12 +09:00