e13d2edd47
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
1 year ago
ce8b5899ae
Fix POST `/api/v1/admin/domain_allows` returning 200 when no domain is specified ( #24958 )
1 year ago
36a77748b4
Order sessions by most-recent to least-recently updated ( #25005 )
1 year ago
45ba9ada34
Fix race condition when reblogging a status ( #25016 )
1 year ago
bec6a1cad4
Add hCaptcha support ( #25019 )
1 year ago
e60414792d
Add polling and automatic redirection to `/start` on email confirmation ( #25013 )
1 year ago
433ab0c9a3
Fix uncaught NoMethodError error in `/api/v1/admin/canonical_email_blocks/test` ( #24947 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
1 year ago
c0ea33e3fc
Make it possible to upload audio and video to Heroku app ( #24866 )
1 year ago
569b39256b
Bump rubocop-rails 2.19.1 with update .rubocop_todo.yml ( #24469 )
1 year ago
d5a185d721
Autofix Rubocop Style/CaseLikeIf ( #23756 )
1 year ago
08fb9d300a
Spec coverage for settings/preferences/* controllers ( #24825 )
1 year ago
668a19a2f3
Fix Performance/DeletePrefix cop ( #24796 )
1 year ago
f1c1dd0118
Rename `with_lock` to `with_redis_lock` to avoid confusion with ActiveRecord's method ( #24741 )
1 year ago
9189e90ff2
Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ( #23600 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
1 year ago
32a030dd74
Rewrite import feature ( #21054 )
1 year ago
6e226f5a32
Fix Rails/ActionOrder cop ( #24692 )
1 year ago
faa336e3f7
Change logged-out WebUI HTML pages to be cached for a few seconds ( #24708 )
1 year ago
1c61869eed
Fix /api/v1/custom_emojis being cached even when unauthenticated API access is disallowed ( #24665 )
1 year ago
b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached ( #24662 )
1 year ago
62ab7506d6
Fix /actor needlessly reading session cookie and varying on Signature ( #24664 )
1 year ago
1419f90ef2
Fix some user-independent endpoints potentially reading session cookies ( #24650 )
1 year ago
276c39361b
Fix anonymous visitors getting a session cookie on first visit ( #24584 )
1 year ago
6084461cd0
Change unauthenticated responses to be cached in REST API ( #24348 )
1 year ago
e9a79d46cd
Fix crash when SSO_ACCOUNT_SETTINGS is not defined ( #24628 )
1 year ago
0a5f0a8b20
Remove instance variables from helper usage ( #24203 )
1 year ago
58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature ( #24604 )
1 year ago
e98c86050a
Refactor `Cache-Control` and `Vary` definitions ( #24347 )
1 year ago
4db8230194
Add trend management to admin API ( #24257 )
1 year ago
e5c0b16735
Add progress indicator to sign-up flow ( #24545 )
1 year ago
d193bc8c5c
Remove unused methods in 2FA OTP Auth Controller ( #24220 )
1 year ago
9d08b81193
Fix user archive takeouts when using OpenStack Swift ( #24431 )
1 year ago
280fa3b2c0
Fix invalid/expired invites being processed on sign-up ( #24337 )
1 year ago
a9b5598c97
Change user settings to be stored in a more optimal way ( #23630 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2 years ago
0663803348
Move link header setting to after_action ( #24251 )
2 years ago
e633b26f4f
Add allow_other_host in redirects which may go outside app ( #24252 )
2 years ago
2626097869
Fix Rails cache namespace being overriden with `v2` for cached statuses ( #24202 )
2 years ago
7bef11630d
Remove references to non-existent actions ( #24183 )
2 years ago
160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 ( #24142 )
...
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2 years ago
d75a1e5054
Link to the Identity provider's account settings from the account settings ( #24100 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
75e5a6e437
Change user backups to use expiring URLs for download when possible ( #24136 )
2 years ago
bd047acc35
Replace `Status#translatable?` with language matrix in separate endpoint ( #24037 )
2 years ago
25d36b6edd
Autofix Rubocop Style/RedundantArgument ( #23798 )
2 years ago
a232a1feb8
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2 years ago
39c7236649
Redirect users to SLO at the IdP after logging them out of Mastodon. ( #24020 )
2 years ago
d258ec8e3b
Prefer the stored location as after_sign_in_path in Omniauth Callback Controller ( #24073 )
2 years ago
f8bb4d0d6b
Fix server error when failing to follow back followers from `/relationships` ( #23787 )
2 years ago
c2a046ded1
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2 years ago
434770f580
Autofix Rubocop Rails/FindById ( #23762 )
2 years ago
717683d1c3
Autofix Rubocop remaining Layout rules ( #23679 )
2 years ago
aef0051fd0
Enable Rubocop HTTP status rules ( #23717 )
2 years ago
2177daeae9
Autofix Rubocop Style/RedundantBegin ( #23703 )
2 years ago
c38bd17657
Autofix Rubocop Style/TrailingCommaInArguments ( #23694 )
2 years ago
e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier ( #23697 )
2 years ago
a6f77aa28a
Autofix Rubocop Lint/AmbiguousOperatorPrecedence ( #23681 )
2 years ago
d6930b3847
Add API parameter to safeguard unexpect mentions in new posts ( #18350 )
2 years ago
832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections ( #23460 )
2 years ago
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition ( #23451 )
2 years ago
2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument ( #23443 )
...
* Apply Rubocop Performance/RedundantSplitRegexpArgument
* Update app/controllers/concerns/signature_verification.rb
2 years ago
20a479ff7c
Change `POST /settings/applications/:id` to regenerate token on scopes change ( #23359 )
...
Fixes #23096
2 years ago
21780c0204
Change notifications per page from 15 to 40 in REST API ( #23348 )
2 years ago
68dcbcb7bf
Add more specific error messages to HTTP signature verification ( #21617 )
...
* Return specific error on failure to parse Date header
* Add error message when preferredUsername is not set
* Change error report to be JSON and include more details
* Change error report to differentiate unknown account and failed refresh
* Add tests
2 years ago
343e1fe8e9
Add confirmation screen when handling reports ( #22375 )
...
* Add confirmation screen on moderation actions
* Add flash notice when a report has been processed
* Refactor tests
* Add tests
2 years ago
4b92e59f4f
Add support for editing media description and focus point of already-posted statuses ( #20878 )
...
* Add backend support for editing media attachments of existing posts
* Allow editing media attachments of already-posted toots
* Add tests
2 years ago
b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer ( #18943 )
...
* Fix /api/v1/admin/trends/tags using wrong serializer
Fix regression from #18641
* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`
* Fix admin trending hashtag component to not link if `id` is unknown
2 years ago
fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists ( #21470 )
...
* Change domain block CSV parsing to be more robust and handle more lists
* Add some tests
* Improve domain block import validation and reporting
2 years ago
f33e22ae4c
Allow changing hide_collections setting with the api ( #22790 )
...
* Allow changing hide_collections setting with the api
This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers
* Fix the lint issue
* Use normal indent
2 years ago
aefefc74c4
Change referrer-policy to no-referrer application-wide ( #23014 )
2 years ago
18d00055f4
Add dropdown menu item to open admin interface for remote domains ( #21895 )
...
* Allow /admin/instances/:domain to handle IDNs
* Add dropdown menu item to open admin interface for remote domains
2 years ago
42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts ( #22497 )
...
Fixes #22262
2 years ago
8556a649d5
Fix changing domain block severity not undoing individual account effects ( #22135 )
...
* Fix changing domain block severity not undoing individual account effects
Fixes #22133
* Add tests
2 years ago
1b5d207131
Fix single name variables on controller folder ( #20092 )
...
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
623d3d2e32
Change CSP directives on API to be tight and concise ( #20960 )
2 years ago
63b379c2d9
Fix N+1 queries from in NotificationsController ( #21202 )
...
Co-authored-by: Nonexistent <nx@example.org>
2 years ago
441cac758f
Allow adding relays while secure mode & limited federation mode are enabled ( #22324 )
2 years ago
5fb1c3e934
Revoke all authorized applications on password reset ( #21325 )
...
* Clear sessions on password change
* Rename User::clear_sessions to revoke_access for a clearer meaning
* Add reset paassword controller test
* Use User.find instead of User.find_for_authentication for reset password test
* Use redirect and render for better test meaning in reset password
Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
f6492a7c4d
Log admin approve and reject account ( #22088 )
...
* Log admin approve and reject account
* Add unit tests for approve and reject logging
2 years ago
69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters ( #21988 )
...
Fixes #21965
2 years ago
68d1df8bc3
Fix some performance issues with /admin/instances ( #21907 )
...
/admin/instances?availability=failing remains wholly unefficient
2 years ago
51a33ce77a
Fix not being able to follow more than one hashtag ( #21285 )
...
Fixes regression from #20860
2 years ago
48e136605a
Fix form-action CSP directive for external login ( #20962 )
2 years ago
4ae97a2e4c
Fix OAuth flow being broken by recent CSP change ( #20958 )
2 years ago
c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes ( #20597 )
...
* Allow import/export of instance-level domain blocks/allows (#1754 )
* Allow import/export of instance-level domain blocks/allows.
Fixes #15095
* Pacify circleci
* Address simple code review feedback
* Add headers to exported CSV
* Extract common import/export functionality to
AdminExportControllerConcern
* Add additional fields to instance-blocked domain export
* Address review feedback
* Split instance domain block/allow import/export into separate pages/controllers
* Address code review feedback
* Pacify DeepSource
* Work around Paperclip::HasAttachmentFile for Rails 6
* Fix deprecated API warning in export tests
* Remove after_commit workaround
(cherry picked from commit 94e98864e3#1773 )
* Move glitch-soc-specific strings to glitch-soc-specific locale files
* Add confirmation page when importing blocked domains
(cherry picked from commit b91196f4b775279377589094c2f52c26ff48ee48
2 years ago
cbb0153bd0
Fix invalid/empty RSS feed link on account pages ( #20772 )
...
Fixes #20770
2 years ago
7fdeed5fbc
Make tag following idempotent ( #20860 )
2 years ago
00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users ( #20774 )
...
Fixes #20550
2 years ago
e1f819fd78
Fix pagination of followed tags ( #20861 )
...
* Fix missing pagination headers on followed tags
* Fix typo
2 years ago
4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations ( #20608 )
...
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)
2 years ago
b59ce0a60f
Move V2 Filter methods under /api/v2 prefix ( #20622 )
...
* Move V2 Filter methods under /api/v2 prefix
* move over the tests too
2 years ago
b31afc6294
Fix error when passing unknown filter param in REST API ( #20626 )
...
Fix #19156
2 years ago
167d86d21d
Fix `role_ids` not accepting arrays in admin API ( #20625 )
...
Fix #19157
2 years ago
86f6631d28
Remove dead code and refactor status threading code ( #20357 )
...
* Remove dead code
* Remove unneeded/broken parameters and refactor descendant computation
2 years ago
1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits ( #20355 )
2 years ago
78a6b871fe
Improve performance by avoiding regex construction ( #20215 )
...
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2 years ago
0cd0786aef
Revert filtering public timelines by locale by default ( #20294 )
2 years ago
89e1974f30
Make account endorsements idempotent ( fix #19045 ) ( #20118 )
...
* Make account endorsements idempotent (fix #19045 )
* Accept suggestion to use exists? instead of find_by + nil check
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* fix logic (unless, not if)
* switch to using `find_or_create_by!`
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2 years ago
68d9dcd425
Fix uncaught 500 error on invalid `replies_policy` ( Fix #19097 ) ( #20126 )
2 years ago
1e1289b024
Fix crash when external auth provider has no display_name set ( #19962 )
...
Fixes #19913
2 years ago
4cb2323458
Fix crash in legacy filter creation controller ( #19878 )
2 years ago
3a41fccc43
Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access ( #19803 )
...
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2 years ago
c2170991c7
Fix reblogs being discarded after the reblogged status ( #19731 )
2 years ago
125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails ( #19674 )
...
Fixes #19593
2 years ago
15bae3e0e4
Change post-processing to be deferred only for large media types ( #19617 )
2 years ago
bb1ef11c30
Change featured hashtag deletion to be done synchronously ( #19590 )
2 years ago
26478f461c
Remove language filtering from hashtag timelines ( #19563 )
2 years ago
a529d6d93e
Fix invites ( #19560 )
...
Fixes #19507
Fix regression from #19296
2 years ago
276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete ( #19479 )
...
Fix #19153
2 years ago
5724da0780
Fix language not being saved when editing status ( #19543 )
...
Fix #19542
2 years ago
3e18e05330
Fix uncaught error when invalid date is supplied to API ( #19480 )
...
Fix #19213
2 years ago
f8ca3bb2a1
Add ability to view previous edits of a status in admin UI ( #19462 )
...
* Add ability to view previous edits of a status in admin UI
* Change moderator access to posts to be controlled by a separate policy
2 years ago
1ae508bf2f
Change unauthenticated search to not support pagination in REST API ( #19326 )
...
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2 years ago
487d81fb92
Fix IP blocks not having a unique index ( #19456 )
2 years ago
45d3b32488
Fix `Settings::FeaturedTagsController` ( #19418 )
...
Regression from #19409
2 years ago
74ead7d106
Change featured tag updates to add/remove activity ( #19409 )
...
* Change featured tag updates to add/remove activity
* Fix to check for the existence of feature tag
* Rename service and worker
* Merge AddHashtagSerializer with AddSerializer
* Undo removal of sidekiq_options
2 years ago
7c152acb2c
Change settings area to be separated into categories in admin UI ( #19407 )
...
And update all descriptions
2 years ago
839f893168
Change public accounts pages to mount the web UI ( #19319 )
...
* Change public accounts pages to mount the web UI
* Fix handling of remote usernames in routes
- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict
* Fix missing `multiColumn` prop
* Fix failing test
* Use `discoverable` attribute to control indexing directives
* Fix `<ColumnLoading />` not using `multiColumn`
* Add `noindex` to accounts in REST API
* Change noindex directive to not be rendered by default before a route is mounted
* Add loading indicator for detailed status in web UI
* Fix missing indicator appearing while account is loading in web UI
2 years ago
b0e3f0312c
Add synchronization of remote featured tags ( #19380 )
...
* Add LIMIT of featured tag to instance API response
* Add featured_tags_collection_url to Account
* Add synchronization of remote featured tags
* Deliver update activity when updating featured tag
* Remove featured_tags_collection_url
* Revert "Add featured_tags_collection_url to Account"
This reverts commit cff349fc27b104ded2df6bb5665132dc24dab09c.
* Add hashtag sync from featured collections
* Fix tag name normalize
* Add target option to fetch featured collection
* Refactor fetch_featured_tags_collection_service
* Add LIMIT of featured tag to v1/instance API response
2 years ago
c618d3a0a5
Make "No $entity selected" errors more accurate ( #19356 )
...
Previously all controllers would use the single "No accounts changed as
none were selected" message. This commit changes them to read "tags",
"posts", "emojis", etc. where necessary.
2 years ago
1bd00036c2
Change about page to be mounted in the web UI ( #19345 )
2 years ago
45ebdb72ca
Add support for language preferences for trending statuses and links ( #18288 )
2 years ago
a2ba011326
Change privacy policy to be rendered in web UI, add REST API ( #19310 )
...
Source string no longer localized, Markdown instead of raw HTML
2 years ago
93f340a4bf
Remove setting that disables account deletes ( #17683 )
2 years ago
62782babd0
Change public statuses pages to mount the web UI ( #19301 )
2 years ago
58d5b28cb0
Remove previous landing page ( #19300 )
2 years ago
679274465b
Add server rules to sign-up flow ( #19296 )
2 years ago
9f65909f42
Change public timelines to be filtered by current locale by default ( #19291 )
...
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2 years ago
d2528b26b6
Add server banner to web app, add `GET /api/v2/instance` to REST API ( #19294 )
2 years ago
cedcece0cc
Fix deleted pinned posts potentially counting towards the pinned posts limit ( #19005 )
...
Fixes #18938
2 years ago
02ba9cfa35
Remove code for rendering public and hashtag timelines outside the web UI ( #19257 )
2 years ago
36f4c32a38
Change path of privacy policy page ( #19249 )
2 years ago
43b5d5e38d
Add logged-out access to the web UI ( #18961 )
2 years ago
0d6b878808
Add user content translations with configurable backends ( #19218 )
2 years ago
8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors ( #19212 )
...
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService
ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account
* Refactor SignatureVerification to allow non-Account actors
* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService
* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors
* Refactor inbound ActivityPub payload processing to accept non-Account actors
* Refactor inbound ActivityPub processing to accept activities relayed through non-Account
* Refactor how Account key URIs are built
* Refactor Request and drop unused key_id_format parameter
* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2 years ago
84aff598ea
Fix typo in SignatureVerification ( #19209 )
...
Fix regression from #15605
2 years ago
50948b46aa
Add ability to filter followed accounts' posts by language ( #19095 )
2 years ago
1145dbd327
Improve error reporting and logging when processing remote accounts ( #15605 )
...
* Add a more descriptive PrivateNetworkAddressError exception class
* Remove unnecessary exception class to rescue clause
* Remove unnecessary include to JsonLdHelper
* Give more neutral error message when too many webfinger redirects
* Remove unnecessary guard condition
* Rework how “ActivityPub::FetchRemoteAccountService” handles errors
Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).
* Rework how “ActivityPub::FetchRemoteKeyService” handles errors
Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).
* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error
* Add suppress_errors option to ResolveAccountService
Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.
* Return more precise error when failing to fetch account signing AP payloads
* Add tests
* Fixes
* Refactor error handling a bit
* Fix various issues
* Add specific error when provided Digest is not 256 bits of base64-encoded data
* Please CodeClimate
* Improve webfinger error reporting
2 years ago
2750a7a0e6
Fix REST API sometimes returning HTML on error ( #19135 )
...
Fixes #19115
2 years ago
c57907737a
Change search API to be accessible without being logged in ( #18963 )
...
But with the resolve option turned off
2 years ago
c99c106ef0
Change following and followers API to be accessible without being logged in ( #18964 )
2 years ago
2a7766dcc9
Add admin API for managing e-mail domain blocks ( #19066 )
2 years ago
c556c3a0d1
Add admin API for managing canonical e-mail blocks ( #19067 )
2 years ago
b399d79545
Add admin API for managing IP blocks ( #19065 )
2 years ago
0b3e4fd5de
Remove digest e-mails ( #17985 )
...
* Remove digest e-mails
* Remove digest-related code
2 years ago
5b0e8cc92b
Add ability to select all accounts matching search for batch actions ( #19053 )
2 years ago
0396acf39e
Add audit log entries for user roles ( #19040 )
...
* Refactor audit log schema
* Add audit log entries for user roles
2 years ago
50487db122
Add ability to filter individual posts ( #18945 )
...
* Add database table for status-specific filters
* Add REST endpoints, entities and attributes
* Show status filters in /filters interface
* Perform server-side filtering for individual posts filters
* Fix filtering on context mismatch
* Refactor `toServerSideType` by moving it to its own module
* Move loupe and delete icons to their own module
* Add ability to filter individual posts from WebUI
* Replace keyword list by warnings (expired, context mismatch)
* Refactor server-side filtering code
* Add tests
2 years ago
d83faa1a89
Add ability to block sign-ups from IP ( #19037 )
2 years ago
726931fe4a
Fix /api/v1/tags/:id route constraints ( #18854 )
...
The constraint was applied prior to decoding, and rejected anything containing
the '%' character, which would be used for anything with non-ASCII unicode
characters.
2 years ago
c3f0621a59
Add ability to follow hashtags ( #18809 )
2 years ago
e7aa2be828
Change how hashtags are normalized ( #18795 )
...
* Change how hashtags are normalized
* Fix tests
2 years ago
Claire
Daniel M Brasil
Frankie Roberto
zunda
Nick Schonning
Matt Jankowski
Eugen Rochko
Robert R George
Jean byroot Boussier
CSDUMMI
Christian Schmidt
Carl Schwan
David Vega
nametoolong
Effy Elden
Francis Murillo
lenore gilbert
trwnh
Daniel Axtens
James Tucker
Yamagishi Kazutoshi
Takeshi Umeda
prplecake