Commit graph

818 commits

Author SHA1 Message Date
Eugen Rochko
88a85f2574 Change icons of features on admin dashboard to remove bias (#10366)
Red crosses implied that it was bad/unexpected that certain features
were not enabled. In reality, they are options, so showing a green
or grey power-off icon is more appropriate.

Add status of timeline preview as well

Fix sample accounts changing too frequently due to wrong query

Sample accounts are intended to be sorted by popularity
2019-03-26 01:24:19 +01:00
Eugen Rochko
c21bdc81d3 Add validations to admin settings (#10348)
* Add validations to admin settings

- Validate correct HTML markup
- Validate presence of contact username & e-mail
- Validate that all usernames are valid
- Validate that enums have expected values

* Fix code style issue

* Fix tests
2019-03-23 14:07:04 +01:00
ThibG
c967088621 Mark the 410 gone response for suspended accounts as cachable (#10339)
This will help a great deal with #9377 when a caching reverse proxy is
configured.
2019-03-21 23:33:18 +01:00
ThibG
11c3ceb56e Do not try fetching keys of unknown accounts on a Delete from them (#10326) 2019-03-20 17:20:16 +01:00
ThibG
e9fc1e8ccb Do not distribute Delete when rejecting unapproved accounts (#10321) 2019-03-19 16:33:30 +01:00
Eugen Rochko
a3c41f3532 Add Keybase integration (#10297)
* create account_identity_proofs table

* add endpoint for keybase to check local proofs

* add async task to update validity and liveness of proofs from keybase

* first pass keybase proof CRUD

* second pass keybase proof creation

* clean up proof list and add badges

* add avatar url to keybase api

* Always highlight the “Identity Proofs” navigation item when interacting with proofs.

* Update translations.

* Add profile URL.

* Reorder proofs.

* Add proofs to bio.

* Update settings/identity_proofs front-end.

* Use `link_to`.

* Only encode query params if they exist.

URLs without params had a trailing `?`.

* Only show live proofs.

* change valid to active in proof list and update liveness before displaying

* minor fixes

* add keybase config at well-known path

* extremely naive feature flagging off the identity proof UI

* fixes for rubocop

* make identity proofs page resilient to potential keybase issues

* normalize i18n

* tweaks for brakeman

* remove two unused translations

* cleanup and add more localizations

* make keybase_contacts an admin setting

* fix ExternalProofService my_domain

* use Addressable::URI in identity proofs

* use active model serializer for keybase proof config

* more cleanup of keybase proof config

* rename proof is_valid and is_live to proof_valid and proof_live

* cleanup

* assorted tweaks for more robust communication with keybase

* Clean up

* Small fixes

* Display verified identity identically to verified links

* Clean up unused CSS

* Add caching for Keybase avatar URLs

* Remove keybase_contacts setting
2019-03-18 21:00:55 +01:00
Eugen Rochko
b1e0164848 Add dormant filter to relationship manager, rename other filters (#10308)
Rename "abandoned" to "moved", and "active" to "primary"
2019-03-18 03:53:17 +01:00
Ben Lubar
591c26dc97 Reduce server load caused by anonymous viewing. (#9059)
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.
2019-03-17 15:39:25 +01:00
Eugen Rochko
4fa2d55d4e Add relationship manager UI (#10268) 2019-03-16 11:23:22 +01:00
Eugen Rochko
1279d85ff4 Add visibility param to reblog REST API (#9851)
Use async worker for creating reblog notification to improve performance
2019-03-15 04:36:41 +01:00
Eugen Rochko
e1130e461e Add a preferences API so apps can share basic behaviours (#10109) 2019-03-15 02:39:20 +01:00
Eugen Rochko
73fb7bfa0f Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
Eugen Rochko
5ff943716e Fix tagged param not being normalized before querying tags (#10249) 2019-03-13 13:02:13 +01:00
Eugen Rochko
56822606f4 Redesign landing page (#10232) 2019-03-12 17:34:00 +01:00
ThibG
cdf5a7f854 Avoid race conditions when creating backups (#10234)
Under load, multiple backups for a single user could be planned, which
is very expensive.
2019-03-11 00:50:31 +01:00
Eugen Rochko
4a3acdc916 Add polls (#10111)
* Add polls

Fix #1629

* Add tests

* Fixes

* Change API for creating polls

* Use name instead of content for votes

* Remove poll validation for remote polls

* Add polls to public pages

* When updating the poll, update options just in case they were changed

* Fix public pages showing both poll and other media
2019-03-03 22:18:23 +01:00
ThibG
892327c686 Give the replies collection an identifier and enable pagination (#10128) 2019-02-28 18:16:34 +01:00
abcang
affb8b1de9 Improve account media query (#10121) 2019-02-26 15:23:24 +01:00
Eugen Rochko
693f2353bc Add type, limit, offset, min_id, max_id, account_id to search API (#10091)
* Add type, limit, offset, min_id, max_id, account_id to search API

Fix #8939

* Make the offset work on accounts and hashtags search as well

* Assure brakeman we are not doing mass assignment here

* Do not allow paginating unless a type is chosen

* Fix search query and index id field on statuses instead of created_at
2019-02-26 15:21:36 +01:00
Hinaloe
7517957a91 Randomize emoji filename (#10090) 2019-02-22 16:52:04 +01:00
ThibG
abfa8617f3 Do not error out when performing admin actions on no statuses (#10094)
Same as #8220 but for reports
2019-02-21 19:36:48 +01:00
ThibG
9b7de13928 Add domain search/filter to the "Federation" (/admin/instances) page (#10071) 2019-02-18 14:59:19 +01:00
Eugen Rochko
99f902f224 Add vapid_key to the application entity in the REST API (#10058)
Fix #8785
2019-02-16 05:27:05 +01:00
ThibG
a60f90b078 Save IP address used for sign-up, not only sign-in (#10026)
Fixes #9995
2019-02-12 22:24:14 +01:00
Takeshi Umeda
3d54d631a4 Fix it as tagged_request of accounts_controller is not addressable_uri (#9976) 2019-02-05 15:11:11 +01:00
Eugen Rochko
06a8ca8937 Fix pinned statuses being shown in a featured hashtag (#9971) 2019-02-05 00:27:18 +01:00
rinsuki
d280cc15be Fix authorized applications list page design (#9969) 2019-02-04 22:25:42 +01:00
Eugen Rochko
d2d4d38f22 Add featured hashtags to profiles (#9755)
* Add hashtag filter to profiles

GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag

* Display featured hashtags on public profile

* Use separate model for featured tags

* Update featured hashtag counters on-write

* Limit featured tags to 10
2019-02-04 04:25:59 +01:00
ThibG
dfb101cd45 Make displaying application used to toot opt-in (#9897)
* Make storing and displaying application used to toot opt-in

* Revert to storing application info, and display it to the author via API
2019-02-02 19:18:15 +01:00
Eugen Rochko
f77529ca00 Fix directory showing tags that have no currently eligible accounts (#9872) 2019-01-20 12:56:53 +01:00
Eugen Rochko
83fdb7b4f4 Fix REST API showing non-public reblogs for a given status (#9850) 2019-01-18 20:58:00 +01:00
Eugen Rochko
380b246728 Redesign public hashtag page to use a masonry layout (#9822) 2019-01-16 19:47:46 +01:00
Eugen Rochko
f2ec1803cb Redesign admin instances area (#9645) 2019-01-08 13:39:49 +01:00
ThibG
e60999c3c5 Improvements to signature verification (#9667)
* Refactor signature verification a bit

* Rescue signature verification if recorded public key is invalid

Fixes #8822

* Always re-fetch AP signing key when HTTP Signature verification fails

But when the account is not marked as stale, avoid fetching collections and
media, and avoid webfinger round-trip.

* Apply stoplight to key/account update as well as initial key retrieval
2019-01-07 21:45:13 +01:00
Eugen Rochko
defe248b1c Change remote interaction dialog to use specific actions (#9743)
* Change remote interaction dialog to use specific actions

Instead of just "interact", use different strings based on whether
it's a reply, reblog or favourite. Add explanation why the step
is necessary in the first place

* Remove obsolete strings
2019-01-07 15:36:26 +01:00
Eugen Rochko
d62a2a69e4 Add locale param to sign-up API (#9747)
Fix #9627
2019-01-07 14:50:20 +01:00
Eugen Rochko
f6940286f5 Add cache to custom emojis API (#9732)
Fix #9729
2019-01-06 23:52:58 +01:00
Eugen Rochko
ae1aaa3b8a Add scheduled statuses (#9706)
Fix #340
2019-01-05 12:43:28 +01:00
ThibG
631a91cbc0 Add quick links to the admin interface in the WebUI (#8545)
* Allow to show a specific status in the admin interface

* Let the front-end know the current account is a moderator

* Add admin links to status and account menus

If the current logged-in user is an admin, add quick links to the admin
interface in account and toot dropdown menu. Suggestion by @ashkitten

* Use @statuses.first instead of @statuses[0]
2019-01-04 13:10:43 +01:00
Eugen Rochko
93f560423b Fix list of local followers showing remote followers in admin UI (#9700) 2019-01-03 06:40:16 +01:00
Eugen Rochko
9244a06846 Add CSV export for lists and domain blocks (#9677)
Fix #6893
Fix #9268
2019-01-01 13:44:04 +01:00
Eugen Rochko
8958e58bd4 Improve admin UI for account view (#9643) 2018-12-28 03:38:41 +01:00
chr v1.x
b659f51c43 Add local followers page to admin account UI (#9610)
* Add local followers page to admin account UI

For moderation, I often find myself wondering who, locally, is following
a remote user. Currently, to see this, I have to go back to the web UI,
paste in their full handle, click their profile, and go to the
"Followers" tab (plus, this information is incidental, and if mastodon
ever decides to resolve all of the follower information, there will be
no place local followers are shown). This PR adds a new page which is
accessible via the "following" count on the admin's account view
page, which shows the local followers. (It has filter parameters for
account location to indicate that only local followers are shown, and
leave room for expansion if mastodon ever decides to store the entire
remote follow list).

* Normalize en.yml
2018-12-27 13:15:39 +01:00
Eugen Rochko
d70d8321d3 Add exclude_reblogs option to account statuses API (#9640)
Fix #9606
2018-12-27 03:42:35 +01:00
Eugen Rochko
7c2340443e Redirect to reports overview instead of report after account action (#9639) 2018-12-27 03:42:29 +01:00
ThibG
d75e32caa3 Fix account unsilencing and unsuspension (#9637)
Fix regression from 2e0d617b8b
2018-12-26 19:16:15 +01:00
Eugen Rochko
e5ebd4df78 Fix signature verification stoplight triggering on non-timeout errors (#9617) 2018-12-26 19:15:43 +01:00
Takeshi Umeda
9f74c2b877 Add error message with invalid email confirmation (#9625) 2018-12-25 19:35:26 +01:00
Eugen Rochko
bbf9f4f93b Add REST API for creating an account (#9572)
* Add REST API for creating an account

The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.

The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.

The method is rate-limited by IP to 5 requests per 30 minutes.

* Redirect users back to app from confirmation if they were created with an app

* Add tests

* Return 403 on the method if registrations are not open

* Require agreement param to be true in the API when creating an account
2018-12-24 19:12:38 +01:00
ThibG
4bf67e9cd0 Sanitize and sandbox toot embeds (#9552) 2018-12-23 02:16:35 +01:00