Commit graph

122 commits

Author SHA1 Message Date
Mashiro
a14f8b5418 Change autocomplete type of password input box (#17702)
* Change autocomplete type of password input box

* Update _registration.html.haml
2022-03-05 05:57:50 +01:00
Claire
102e3df7ca Redesign /about when already logged in (#17348)
* Redesign /about when already logged in

* Fix sign up form still showing when OMNIAUTH_ONLY is set

* Fix tests

* Change wording based on suggestions

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-03-03 16:14:44 +01:00
Claire
06f653972a Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire
77aea4f85f Change number_to_human calls to always use 3-digits precision (#16469)
Fixes #16435
2021-07-07 21:13:08 +02:00
Claire
6ff52096d7 Fix server rules not being displayed if extended server discription isn't set (#15778) 2021-02-22 18:26:24 +01:00
Eugen Rochko
4930e71ae7 Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Eugen Rochko
816df80b86 Add option to obfuscate domain name in public list of domain blocks (#15355)
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
2020-12-18 08:30:41 +01:00
ThibG
64eaaff345 Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
Eugen Rochko
c2ff16b1ed Change number format on about page from full to shortened (#15327) 2020-12-14 05:09:14 +01:00
ThibG
e1ef5f3b31 Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
Eugen Rochko
79f71206de Add subresource integrity for JS and CSS assets (#15096)
Fix #2744
2020-11-06 11:56:31 +01:00
ThibG
9a6ec27a87 Fix client-side form validation not accepting handles with uppercase letters (#14599) 2020-08-19 19:00:47 +02:00
ThibG
ef710bbff6 Add client-side validation in password change forms (#14564)
* Fix client-side username validation at registration

It used the Account::USERNAME_RE regexp which is for *remote* users,
local user validation is stricter. Also take into account max username length.

* Add client-side form validation for password change

* Add client-side form validation to dedicated registration form

Previous changes only applied to the /about page, not the dedicated form on
/auth
2020-08-12 12:11:15 +02:00
ThibG
22aba16386 Add HTML form validation for the registration form (#14560)
* Add HTML-level validation of username in sign-up form

* Make required fields with incorrect values more visible

* Enable HTML form validation for the registration form

* Mark agreement checkbox as required client-side

* Add minimum length to password

* Add client-side password confirmation validation
2020-08-11 23:09:13 +02:00
Mélanie Chauvel
a617a8394b Improve wording and add titles on moderated servers section in /about/more (#13930) 2020-06-09 10:28:02 +02:00
ThibG
e93c08ab96 Fix some account avatars on public pages having incorrect size (#13692)
* Fix some account avatars on public pages having incorrect size

* Remove outdated and overridden width and height attributes

* Remove more hardcoded width/height attributes
2020-05-13 21:20:34 +02:00
ThibG
3b7373ed4c Fix end-user-facing uses of inline CSS (#13438)
* Move some inline styles to CSS files

* Move default_account_display_name span to fix useless tags with duplicate id

* Change handling of public pages spoiler text from inline CSS to dataset attribute

* Use the `dir` HTML attribute instead of inline CSS

* Move status action bar inline CSS to CSS file

* Hide logo resources from CSS file, not inline CSS

Fixes #11601

* Move translation prompt styling from inline CSS to CSS file

* Move “invited by” styling on registration form from inline to CSS file

* Use the progress tag to display poll results in JS fallback

* Fix poll results JS-less fallback when the user has voted for an option

* Change account public page “moved” notice to use img tags instead of inline CSS

* Move OTP hint inline CSS to SCSS file

* Hide JS-less fallback vote progressbars from accessibility tools

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-28 10:16:55 +02:00
ThibG
d1eebde0ff Fix blur behind closed registration message (#12442)
* Fix closed registration message blur

* Adjust overlay margins to account for blur

Fixes #12425
2019-11-22 15:56:59 +01:00
BSKY
483cf4d52a Add noopener and/or noreferrer (#12202) 2019-10-24 22:44:42 +02:00
Eugen Rochko
ca8172ee02 Remove fallback to long description on sidebar and meta description (#12119)
Fix #12114
2019-10-08 22:08:55 +02:00
Eugen Rochko
8811f37949 Fix long domain block descriptions breaking table layout (#12029) 2019-10-01 04:54:29 +02:00
Eugen Rochko
7b7c50f124 Fix public list of domain blocks being too verbose on about page (#11967) 2019-09-29 16:23:01 +02:00
Eugen Rochko
84c3ceecb7 Fix "reason" prefix being shown with no reason for public blocks (#11908) 2019-09-21 20:01:02 +02:00
Eugen Rochko
61442032a2 Add table of contents to about page (#11885)
Move public domain blocks information to about page
2019-09-19 11:09:05 +02:00
ThibG
3c1c9f8a8e Fix duplicate HTML ids in /about (#11803)
Fixes #11329
2019-09-10 20:55:23 +02:00
ThibG
867b9f3e9c Add public blocks to /about/blocks (#11298)
* Add automatic blocklist display in /about/blocks

Inspired by https://github.com/Gargron/mastodon.social-misc

* Add admin option to set who can see instance blocks

* Normalize locales files

* Rename “Sandbox” to “Silence” for consistency

* Disable /about/blocks when in whitelist mode

* Optionally display rationale for domain blocks

* Only display domain blocks that have user-facing limitations, and order them

* Redesign table of blocked domains to better handle long domain names and rationales

* Change domain blocks ordering now that rationales aren't displayed right away

* Only show explanation for block severities actually in use

* Reword instance block explanations and add disclaimer for public fetch mode
2019-08-19 11:35:48 +02:00
ThibG
c2126e3f98 Add ActivityPub actor representing the entire server (#11321)
* Add support for an instance actor

* Skip username validation for local Application accounts

* Add migration script to create instance actor

* Make Codeclimate happy

* Switch to id -99 for instance actor

* Remove unused `icon` and `image` attributes from instance actor

* Use if/elsif/else instead of return + ternary operator

* Add instance actor to fresh installs

* Use instance actor as instance representative

Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.

* Seed database in test environment

* Fix single-user mode

* Fix tests

* Fix specs to accomodate for an extra `Account`

* Auto-reject follows on instance actor

Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.

* Fix webfinger lookup and serialization for instance actor

* Rename instance actor

* Make it clear in the HTML view that the instance actor should not be blocked

* Raise cache time for instance actor as there's no dynamic content

* Re-use /about/more with a flash message for instance actor profile
2019-07-19 01:44:42 +02:00
Eugen Rochko
73e610790e Change full logo to use primary text color of the given theme (#10994)
* Change full logo to use primary text color of the given theme

* Fix colors of public layout header in light theme
2019-06-08 15:30:06 +02:00
Eugen Rochko
7eb05b8724 Add "why do you want to join" field to invite requests (#10524)
* Add "why do you want to join" field to invite requests

Fix #10512

* Remove unused translations

* Fix broken registrations when no invite request text is submitted
2019-04-09 23:06:30 +09:00
koyu
61e11b1572 Don't autofocus registration form (#10356) 2019-03-24 05:00:02 +01:00
Eugen Rochko
b4c64dcccc Add custom closed registrations message to landing page when set (#10347) 2019-03-23 02:24:01 +01:00
ThibG
01cdd74013 Do not show timeline preview or directory widgets if they are disabled (#10284) 2019-03-19 05:48:17 +01:00
Yamagishi Kazutoshi
e0e72c90b6 Bump webpacker from 3.5.5 to 4.0.2 (#10277)
Bumps [webpacker](https://github.com/rails/webpacker) from 3.5.5 to 4.0.2.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v3.5.5...v4.0.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2019-03-15 15:05:31 +01:00
Eugen Rochko
73fb7bfa0f Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
Eugen Rochko
56822606f4 Redesign landing page (#10232) 2019-03-12 17:34:00 +01:00
Aditoo17
caa40e9d9b Change joinmastodon.org to joinmastodon.org/#getting-started for sign up on another server (#10224) 2019-03-09 17:07:59 +01:00
ashleyhull-versent
ea57aca5e1 Replace SVG asset with Custom mascot (#8766) 2018-10-08 00:20:45 +02:00
Eugen Rochko
ad0670fe87 Revert Font Awesome 5 upgrade (#8810)
* Revert "Fix some icon names changed by the Font Awesome 5. (#8796)"

This reverts commit c8a1e945d9.

* Revert "Migrate to font-awesome 5.0. (#8799)"

This reverts commit ae20afbc80.

* Revert "Fix some icons names, unavailable in fontawesome5 (free license). (#8792)"

This reverts commit 30b1bb0704.

* Revert "Update the icon name changed by the Font Awesome 5. (#8776)"

This reverts commit 84bcf89764.

* Revert "Add bot icon to bot avatars and migrate to newer version of Font Awesome (#8484)"

This reverts commit cc784f3c16.
2018-09-28 02:11:14 +02:00
Naoki Kosaka
ae20afbc80 Migrate to font-awesome 5.0. (#8799) 2018-09-27 17:08:56 +02:00
Eugen Rochko
d3105031f8 Redesign forms, verify link ownership with rel="me" (#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
jacob
a934c4cee6 add several missing alt tags (#8708)
* add several missing alt tags

* remove alt text from mascot images
2018-09-17 18:02:17 +02:00
M Somerville
e42c06ec01 Allow use of plurals on about page stats. (#8363) 2018-08-22 19:42:47 +02:00
Eugen Rochko
0dcd212735 Adjust responsive design for /about/more and /terms (#8158)
Follow-up to #8142
2018-08-10 06:43:02 +02:00
Eugen Rochko
9e8366d4cb Update /terms and /about/more to use public layout (#8142) 2018-08-09 12:58:20 +02:00
Yamagishi Kazutoshi
c1427f90f6 Show media modal on public timeline (#7413) 2018-05-08 13:33:09 +02:00
Eugen Rochko
4055ce490c Enable custom emojis in profiles (notes, field values, display names) (#7374)
Follow-up to #6124
2018-05-06 11:48:51 +02:00
Eugen Rochko
0cdf4567c7 Fix missing "Administered by" when timeline preview disabled (#7161) 2018-04-17 13:51:14 +02:00
Eugen Rochko
7f1e924fa9 Add contact account to landing page ("Administered by") (#6984) 2018-04-04 01:11:26 +02:00
Eugen Rochko
aef3f2775e Fix #6757: Adjust RTL styles for landing page (#6768) 2018-03-13 08:14:08 +01:00
Eugen Rochko
83384e5390 Add missing meta description to profiles, some other SEO stuff (#6706)
- Add missing meta description to profiles
- Add canonical rel link to landing page
- Remove linebreaks from title tags
- Add username to profile title
- Add toots/following/followers to profile description tags
- Add next/prev rel links to profiles
- Do not index follower/following variants of profiles
2018-03-09 00:35:07 +01:00