me/glitchier-soc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
6205 commits 2 branches 0 tags 429 MiB
Commit graph

771 commits

Author SHA1 Message Date
Konrad Pozniak
fa710fd496 add parameter locked to /api/v1/update_credentials (#6506) 2018-02-18 22:57:53 +01:00
David Yip
596deb050b Merge remote-tracking branch 'tootsuite/master' into merge-upstream 
Conflicts:
	Gemfile
	config/locales/simple_form.pl.yml
 2018-02-17 00:02:37 -06:00
Eugen Rochko
9b7490cede Save video metadata and improve video OpenGraph tags (#6481) 
* Save metadata from video attachments, put correct dimensions into OG tags

* Add twitter:player for videos

* Fix code style and test
 2018-02-16 07:22:20 +01:00
David Yip
799b205766 Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
	.travis.yml
	app/lib/user_settings_decorator.rb
	app/models/user.rb
	app/serializers/initial_state_serializer.rb
	app/views/stream_entries/_detailed_status.html.haml
	app/views/stream_entries/_simple_status.html.haml
	config/locales/simple_form.en.yml
 2018-02-09 09:25:53 -06:00
Eugen Rochko
219b28e172 Add preference to always display sensitive media (#6448) 2018-02-09 00:26:57 +01:00
Jenkins
777559fa5f Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-02-08 23:17:14 +00:00
abcang
1f2aa77758 Fix response of signature_verification_failure_reason (#6441) 2018-02-08 05:00:45 +01:00
David Yip
4f8122a98c Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
	.env.production.sample
	app/controllers/auth/confirmations_controller.rb
	db/schema.rb
 2018-02-04 16:36:19 -06:00
abcang
6e12cb4524 Exclude nil from relationships array (#6427) 2018-02-04 12:32:10 +01:00
Renato "Lond" Cerqueira
6528c0c101 Add option to show only local toots in timeline preview (#6292) 
* Add option to show only local toots in timeline preview
Right know, toots from all the known fediverse are shown in the main
page of an instance. That however doesn't reflect the instance itself.
With this option the admin may choose to display only local toots so
that users checking the instance get a better idea of internal
conversations.

* Fix issues pointed by codeclimate and eslint

* Add default message for community timeline

* Update pl.yml
 2018-02-04 06:00:10 +01:00
Eugen Rochko
5322013f25 CAS + SAML authentication feature (#6425) 
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
 2018-02-04 05:42:13 +01:00
David Yip
6d1023b2e9 Merge remote-tracking branch 'tootsuite/master' into merge-upstream 
Conflicts:
      app/javascript/styles/mastodon/components.scss
 2018-02-02 08:39:52 -06:00
ThibG
f7651c3449 Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207) 2018-02-02 10:54:04 +01:00
puckipedia
081ba8fc90 Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) 2018-02-02 10:19:59 +01:00
Alexander
23ce0c86da pam authentication (#5303) 
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
 2018-02-02 10:18:55 +01:00
Jenkins
3cd4a0804b Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-24 19:17:11 +00:00
Eugen Rochko
f378280e49 Fix #6331 (#6341) 
UserTrackingConcern is circumvented by SessionsController#create
because it calls warden, which calls the User#update_tracked_fields!
method directly. Move returning user logic to that method.
 2018-01-23 20:52:30 +01:00
Akihiko Odaki
b5162e2aff Rename ResolveRemoteAccountService to ResolveAccountService (#6327) 
The service used to be named ResolveRemoteAccountService resolves local
accounts as well.
 2018-01-22 14:25:09 +01:00
David Yip
a95ca95b7b Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
	app/controllers/settings/two_factor_authentication/confirmations_controller.rb
 2018-01-21 13:36:10 -06:00
Aboobacker MK
a1979b50c9 Redirect to 2FA creation page when otp_secret is not available (#6314) 2018-01-21 13:21:28 +01:00
David Yip
d45ebe26dc Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
	app/javascript/styles/mastodon/components.scss
	app/javascript/styles/mastodon/modal.scss
 2018-01-19 15:22:10 -06:00
Eugen Rochko
92df0bba59 Fix regeneration marker not expiring (#6290) 
* Fix regeneration key not getting expired

* Add rake task to remove old regeneration markers
 2018-01-18 20:29:56 +01:00
David Yip
b1155460ba Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
      app/javascript/styles/mastodon/components.scss
 2018-01-17 18:37:09 -06:00
Eugen Rochko
9cfbbbce1f Fix home regeneration (#6251) 
* Fix regeneration marker not being removed after completion

* Return HTTP 206 from /api/v1/timelines/home if regeneration in progress
Prioritize RegenerationWorker by putting it into default queue

* Display loading indicator and poll home timeline while it regenerates

* Add graphic to regeneration message

* Make "not found" indicator consistent with home regeneration
 2018-01-17 23:56:03 +01:00
Jenkins
8c41fb4acc Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-17 16:17:10 +00:00
りんすき
1827d142ee implement web share target (#6278) 
* web share target

* fix

* fix
 2018-01-17 17:08:10 +01:00
Jenkins
6e821c4273 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-15 06:17:15 +00:00
Patrick Figel
2a27afc656 Suppress CSRF token warnings (#6240) 
CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.

This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
 2018-01-15 06:51:23 +01:00
David Yip
53854707ce Thank you, Officer Murphy 2018-01-10 12:10:43 -06:00
David Yip
ec1199404c The flavour parameter is unused, so omit it (#317) 2018-01-10 12:09:42 -06:00
David Yip
28e652d35d Allow for user object to be empty. Fixes #317. 
If a flavour has only one skin, the skin selector will be omitted.  This
omits the user[setting_skin] field, and because that's the only
user[...] field on the page, the entire user object will not be present
in the request handler's params object.

This commit accounts for that scenario by avoiding params.require(:user)
and instead picking out what we need from the params hash.
 2018-01-10 12:09:42 -06:00
Jenkins
f9a0b246e5 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-09 05:17:13 +00:00
nightpool
eac9039a63 Refactor /api/web APIs to use the centralized axios instance (#6223) 
Also adds the ability to decouple the centralized axios logic from the
state dispatcher
 2018-01-08 20:01:33 +01:00
Jenkins
1f469edac1 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-08 10:17:15 +00:00
Eugen Rochko
c8f0be1d6d Revert #5772 (#6221) 2018-01-08 10:57:52 +01:00
David Yip
22286ee6cd Merge remote-tracking branch 'personal/merge/tootsuite/master' into gs-master 2018-01-07 13:30:52 -06:00
David Yip
9e5b431655 Use error pack when rendering error pages. Fixes #305. 2018-01-07 13:30:17 -06:00
Jenkins
8704a190c0 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-07 15:17:13 +00:00
Yamagishi Kazutoshi
c89bb8ae40 Fix force_ssl conditional (#6201) 2018-01-07 15:19:23 +01:00
Yamagishi Kazutoshi
63c17a66b8 Fix unintended cache (#6214) 2018-01-07 15:12:59 +01:00
David Yip
a37e295901 Merge remote-tracking branch 'ykzts/fix-unintended-cache' into gs-master 2018-01-07 00:32:24 -06:00
Yamagishi Kazutoshi
4f24f54739 Fix unintended cache 2018-01-07 14:59:12 +09:00
Jenkins
86007e913d Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-05 22:17:12 +00:00
TheKinrar
3491c5e145 Represent numbers by strings in instance activity API (#6198) 
Fixes #6197.
 2018-01-05 22:38:33 +01:00
Jenkins
796a39a283 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-04 23:17:11 +00:00
ThibG
662fa866ee Make sure private toots remain private and do not end up in HTTP caches (#6175) 2018-01-04 14:39:38 +01:00
Eugen Rochko
f2d71eae4b Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00
Jenkins
a7b8cb9493 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-03 20:17:13 +00:00
Akihiko Odaki
7a0479c830 Allow to dereference Follow object for ActivityPub (#5772) 
* Allow to dereference Follow object for ActivityPub

* Accept IRI as object representation for Accept activity
 2018-01-03 18:08:57 +01:00
Jenkins
b42e6973a1 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2018-01-03 04:17:11 +00:00
ThibG
308ff05149 Allow HTTP caching of json view of public statuses (#6115) 
* Allow HTTP caching of json view of public statuses

HTML views are not cached as they can contain private statuses as well

* Disable session cookies for ActivityPub json rendering of public toots
 2018-01-03 04:57:57 +01:00
Patrick Figel
3c20cfd734 Add confirmation step for email changes (#6071) 
* Add confirmation step for email changes

This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.

Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.

Fixes #3871

* Add review fixes
 2018-01-02 16:55:00 +01:00
David Yip
ed572490c1 Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
	app/controllers/authorize_follows_controller.rb
	app/javascript/styles/mastodon/components.scss
 2018-01-02 00:11:41 -06:00
Akihiko Odaki
616b6867a0 Show mastodon on modal (#6129) 2018-01-02 05:07:56 +01:00
David Yip
01f91695f5 Merge remote-tracking branch 'origin/master' into merge-upstream 
Conflicts:
	app/controllers/auth/confirmations_controller.rb
 2017-12-30 17:20:07 -06:00
beatrix
d9c2806048 keep the same filters and page when doing custom emojo stuff (fixes #6112) (#6114) 2017-12-30 02:43:43 +01:00
Eugen Rochko
9427823d5c Add more instance stats APIs (#6125) 
* Add GET /api/v1/instance/peers API to reveal known domains

* Add GET /api/v1/instance/activity API

* Make new APIs disableable, exclude private statuses from activity stats

* Fix code style issue

* Fix week timestamps
 2017-12-29 19:52:04 +01:00
ThibG
3df85a843c Make host_meta/webfinger replies cacheable (fixes #6100) (#6101) 
* Make host_meta/webfinger replies cacheable (fixes #6100)

Drop common code for handling users and sessions as webfinger queries
are very basic, public APIs.

Also explicitly mark results as cacheable with “expires_in”.

* Add “Vary: Accept” header for caching since content-negociation is used
 2017-12-27 18:21:12 +01:00
David Yip
ea1c58f6d8 Set packs on 2FA-related pages. Fixes #271. 
Specifically, this commit:

- changes S::TFA::{Confirmations,RecoveryCodes}Controller to derive from
  S::BaseController, because this gives us the necessary actions and
  packs
- prepends set_pack to Auth::SessionsController's action chain so that
  it takes effect in time for render :two_factor
 2017-12-20 03:15:54 -06:00
David Yip
d53f727653 Merge branch 'gs-master' into prevent-local-only-federation 
Conflicts:
	db/schema.rb
 2017-12-15 12:20:56 -06:00
Jenkins
601f0fe4a3 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2017-12-15 01:17:12 +00:00
Eugen Rochko
ef8fc3542b Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026) 2017-12-14 21:35:30 +01:00
Jenkins
1366e96a02 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2017-12-13 18:17:16 +00:00
Eugen Rochko
d6088c5308 Add filters to admin UI for custom emojis (#6003) 2017-12-13 13:28:31 +01:00
Eugen Rochko
aea3d0814b Clean up admin UI for accounts (#6004) 
* Add staff filter to admin UI for accounts, remove obsolete columns

* Only display OStatus section in admin UI for accounts when OStatus data
 2017-12-13 12:15:10 +01:00
David Yip
a56c9ac5dc Merge remote-tracking branch 'tootsuite/master' into merge-upstream 2017-12-12 02:54:13 -06:00
Eugen Rochko
7f286d1af0 Fix #5953 - Add GET /api/v1/accounts/:id/lists (#5983) 2017-12-12 03:55:39 +01:00
cwm
690cd248b1 change pack to 'auth' 2017-12-11 18:14:41 -06:00
cwm
7e8c87e443 load pack 2017-12-11 17:54:40 -06:00
Erin
eb0660f6ef move outbox filtering to Status#permitted_for (as per @ekiru) 2017-12-11 15:28:04 -06:00
beatrix
af0031fe1b Merge pull request #254 from glitch-soc/new-theme-ux 
New flavour/skin UX
 2017-12-11 09:36:14 -05:00
Eugen Rochko
31fe0d067b Apply a 25x rate limit by IP even to authenticated requests (#5948) 2017-12-11 15:32:29 +01:00
David Yip
b1f803d360 Add missing set_pack def/filter in OAuth::AuthorizedApplicationsController. 2017-12-11 00:17:30 -06:00
kibigo!
901c08a999 Moved flavour UI into own prefs tab 2017-12-10 20:32:27 -08:00
Erin
3d1bef760d filter local-only toots from AP outboxes 2017-12-10 19:07:43 -06:00
Erin
b463321c6f filter local-only statuses from public pages 2017-12-10 17:23:01 -06:00
cwm
34630e00cb pulled master, moved locale entry to new location 2017-12-10 15:22:15 -06:00
kibigo!
99e8710095 Javascript intl8n flavour support 2017-12-10 11:08:04 -08:00
abcang
cef07895a9 Remove unused function (#5950) 2017-12-09 23:37:31 +01:00
cwm
41bbfeec7c add initial components based off of tootsuite pr #1507 2017-12-09 10:26:22 -06:00
Eugen Rochko
87af0bf6cf Rate limit by user instead of IP when API user is authenticated (#5923) 
* Fix #668 - Rate limit by user instead of IP when API user is authenticated

* Fix code style issue

* Use request decorator provided by Doorkeeper
 2017-12-09 14:20:02 +01:00
abcang
7fc5cf7a12 Keep WebPush settings (#5879) 2017-12-09 02:31:37 +01:00
Eugen Rochko
f16141ebac Limit users to 50 lists, remove pagination from lists API (#5933) 2017-12-09 01:32:29 +01:00
kibigo!
5758a12491 Skins shouldn't apply to fallback flavours 2017-12-07 14:49:54 -08:00
kibigo!
41f9a4d4e4 Fix common packs when other pack also there 2017-12-06 15:34:19 -08:00
David Yip
6a5ba9d129 Use settings pack for InvitesController (#229) 2017-12-06 17:20:04 -06:00
beatrix
f0b37f92a9 Merge pull request #229 from glitch-soc/glitch-theme 
Advanced Next-Level Flavours And Skins For Mastodon™
 2017-12-06 17:44:07 -05:00
David Yip
63c41247ff Prepend check_enabled_deletion to Settings::DeletesController (#229) 
The specs for Settings::DeletesController include an example that
sets Settings.open_deletion to false and expects the "if deletion is not
available, redirect to root" logic to run.  However, this spec does not
set up a user, which means that the spec (intentionally or otherwise)
expects this redirection to work with unauthenticated access.

We should preserve that behavior.  To do so, we prepend the deletion
check to the action chain set up by Settings::BaseController, so that
said check occurs before the authenticate_user! check.
 2017-12-06 16:19:43 -06:00
Jenkins
a3a7b6a848 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2017-12-06 20:17:13 +00:00
Yamagishi Kazutoshi
fba46b6072 Using double splat operator (#5859) 2017-12-06 11:41:57 +01:00
Eugen Rochko
b037fbf9f4 Remove rabl dependency (#5894) 
* Remove rabl dependency

* Replicate old Oj configuration
 2017-12-06 15:04:49 +09:00
Eugen Rochko
1e7f022fa2 Add list of lists component to web UI (#5811) 
* Add list of lists component to web UI

* Add list adding

* Add list removing

* List editor modal

* Add API account search limited by following=true relation

* Rework list editor modal

* Remove mandatory pagination of GET /api/v1/lists/:id/accounts

* Adjust search input placeholder

* Fix rspec (#5890)

* i18n: (zh-CN) Add missing translations for #5811 (#5891)

* i18n: (zh-CN) yarn manage:translations -- zh-CN

* i18n: (zh-CN) Add missing translations for #5811

* Fix some issues

- Display loading/missing state for list timelines
- Order lists alphabetically in overview
- Fix async list editor reset
- Redirect to /lists after deleting unpinned list
- Redirect to / after pinning a list

* Remove dead list columns when a list is deleted or fetch returns 404
 2017-12-05 23:02:27 +01:00
kibigo!
fd7be49523 Various fixes 2017-12-04 21:58:10 -08:00
David Yip
1221e3075d Merge branch 'gs-master' into glitch-theme 2017-12-04 11:07:01 -06:00
kibigo!
882055afd0 Rename themes -> flavours ? ? 2017-12-03 23:26:40 -08:00
kibigo!
cc70ca9b76 Fixed typos 2017-12-03 22:30:45 -08:00
Jenkins
822dea26c3 Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master 2017-12-02 14:17:11 +00:00
Yamagishi Kazutoshi
1447ef1d44 Add invite filter (#5862) 2017-12-01 16:40:02 +01:00
Yamagishi Kazutoshi
7f0a01a20c Fix invites form path (#5861) 2017-12-01 12:26:57 +01:00
kibigo!
36b9f4df56 Skins support 2017-11-30 19:29:47 -08:00