Commit graph

1452 commits

Author SHA1 Message Date
ThibG
4e292c23d6 Fix not being able to unbookmark toots when blocked by their author (#14604)
* Fix not being able to unbookmark toots when blocked by their author

* Add tests
2020-08-19 19:02:06 +02:00
Thibaut Girka
c32625495f Merge branch 'master' into glitch-soc/merge-upstream 2020-08-13 22:17:29 +02:00
ThibG
8baad22f68 Improve email address validation (#14565)
* Increase DNS timeout from 1 second to 5 seconds for MX check

1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.

* Add more precise error messages for invalid e-mail addresses
2020-08-12 12:40:25 +02:00
Thibaut Girka
c4985a699d Fix embedded player
(broken because I forgot to adapt it to glitch-soc's theming system)
2020-08-12 00:00:42 +02:00
Thibaut Girka
48bb51075b Fix local-only toots not being returned by the local TL API
Fixes #1389
2020-07-25 13:25:58 +02:00
Thibaut Girka
714a3fcb3b Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/mastodon/actions/compose.js`:
  Not a “real” conflict, but change too close to a change we made to
  fix the vanilla WebUI locally pushing authored local-only toots in the
  public TL view.
2020-07-22 13:38:17 +02:00
ThibG
7792bab1cd Fix RSS feeds not being cachable (#14368)
* Add tests for some cachable responses

This only covers responses that we should have managed to make cachable
so far. It's not the case of all responses that should be cachable in
the end.

* Fix RSS feeds not being cachable
2020-07-22 11:44:02 +02:00
Ariel
ac1a3386bd Fix/14021 behaviour on add or remove toots (#14212)
* Add toot send by current user at local state after send a new toot

Related to #14021

* Decrement toot counter at profile when remove a toot

Related to #14021

* Remove semicolon at end of line
2020-07-19 17:04:02 +02:00
Thibaut Girka
654fd69903 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `config/routes.rb`:
  Upstream disabled E2EE routes, which we did earlier, but slightly
  differently. Took upstream's version.
2020-07-15 15:32:40 +02:00
ThibG
c9fbf47a23 Fix being unable to unboost when blocked by their author (#14308)
Fixes #14307
2020-07-15 14:43:19 +02:00
abcang
aca93fa882 Fix rubocop warning (#14288)
* Fix rubocop warning

* use limit variable

* use ContextCreatingMethods option
2020-07-14 19:05:07 +02:00
ThibG
12a7717e66 Merge pull request #1372 from ThibG/glitch-soc/fixes/local-only-public-option
Add option to show local-only toots in public timeline
2020-07-07 19:58:12 +02:00
Thibaut Girka
c2347f6cf6 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `package.json`:
  Not really a conflict, just some glitch-soc-specific dependency
  too close to an upstream-updated one.
2020-07-07 15:58:45 +02:00
Eugen Rochko
0edde9d6c8 Fix media attachments enumeration (#14254)
* Fix media attachment enumeration

* Switch media_attachments id to snowflake ids

Co-authored-by: Thibaut Girka <thib@sitedethib.com>
2020-07-07 15:26:51 +02:00
Eugen Rochko
a79c5e5e63 Fix other sessions not being logged out on password change (#14252)
While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the `authenticate_user!` method
2020-07-07 15:26:31 +02:00
Thibaut Girka
edd7bd26f6 Add UI option to show local-only toots in public timeline 2020-07-06 21:12:06 +02:00
Thibaut Girka
2a2af880b8 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `.env.production.sample`:
  Upstream deleted it, I decided to keep it.
- `package.json`:
  Upstream updated a dependency textually too close to wavesurfer.js
  which has been deleted from upstream but is kept in glitch-soc for now.
2020-06-30 23:00:20 +02:00
ThibG
3afc7977b1 Add user notes on accounts (#14148)
* Add UserNote model

* Add UI for user notes

* Put comment in relationships entity

* Add API to create user notes

* Copy user notes to new account when receiving a Move activity

* Address some of the review remarks

* Replace modal by inline edition

* Please CodeClimate

* Button design changes

* Change design again

* Cancel note edition when pressing Escape

* Fixes

* Tweak design again

* Move “Add note” item, and allow users to add notes to themselves

* Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
2020-06-30 19:19:50 +02:00
Eugen Rochko
a3ce01a102 Add customizable thumbnails for audio and video attachments (#14145)
- Change audio files to not be stripped of metadata
- Automatically extract cover art from audio if it exists
- Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
- Add `icon` to represent it in attachments in ActivityPub
- Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
- Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-29 13:56:55 +02:00
Thibaut Girka
c1eb60642b Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/concerns/sign_in_token_authentication_concern.rb`:
  Conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/controllers/concerns/two_factor_authentication_concern.rb`:
  Conflict due to glitch-soc's theming system.
  Ported upstream changes.
2020-06-24 15:33:41 +02:00
fuyu
ad1dfea4fa Fix not working I18n on 2FA and Sign in token page (#14087) 2020-06-20 13:30:13 +02:00
ThibG
6a3e2b0fe5 Fix functional user requirements in whitelist mode (#14093)
Fixes #14092
2020-06-19 19:18:47 +02:00
Thibaut Girka
83dc54c487 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/activitypub/collections_controller.rb`:
  Conflict due to glitch-soc having to take care of local-only
  pinned toots in that controller.
  Took upstream's changes and restored the local-only special
  handling.
- `app/controllers/auth/sessions_controller.rb`:
  Minor conflicts due to the theming system, applied upstream
  changes, adapted the following two files for glitch-soc's
  theming system:
  - `app/controllers/concerns/sign_in_token_authentication_concern.rb`
  - `app/controllers/concerns/two_factor_authentication_concern.rb`
- `app/services/backup_service.rb`:
  Minor conflict due to glitch-soc having to handle local-only
  toots specially. Applied upstream changes and restored
  the local-only special handling.
- `app/views/admin/custom_emojis/index.html.haml`:
  Minor conflict due to the theming system.
- `package.json`:
  Upstream dependency updated, too close to a glitch-soc-only
  dependency in the file.
- `yarn.lock`:
  Upstream dependency updated, too close to a glitch-soc-only
  dependency in the file.
2020-06-09 10:39:20 +02:00
Eugen Rochko
2dbf6bc5ad Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
Takeshi Umeda
654c13ecfb Add limit parameter to rss (#13743) 2020-06-09 00:18:47 +02:00
ThibG
8b552d6f0c Fix unpermitted operations on custom emojis leading to cryptic errors (#13951)
* Display appropriate error when performing unpermitted operation on custom emoji

Fixes #13897

* Remove links to custom emoji actions not performable by moderators
2020-06-05 15:23:27 +02:00
Eugen Rochko
9de5c70980 Fix wrong route helper in encrypted messages controller (#13952)
And add `created_at` to encrypted message serializer
2020-06-03 20:32:15 +02:00
ThibG
8d57f6c4b4 Fix account redirect confirmation message talking about moved followers (#13950)
Fixes #13949
2020-06-03 20:18:19 +02:00
Eugen Rochko
b864e78db8 Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
Thibaut Girka
ac9b14d93b Hide local-only pinned toots from public profiles
Fixes #1336

This also fixes federating pinned toots when some of them are local-only.

Public profiles will not show public toots, whether you are logged in
or not (this is consistent with local-only toots that are not pinned).
2020-05-31 17:20:15 +02:00
Thibaut Girka
365ccfb96a Merge branch 'master' into glitch-soc/merge-upstream 2020-05-20 18:22:42 +02:00
ThibG
60bb6ac6f4 Fix webfinger returning wrong status code on malformed or missing param (#13759)
Fixes #13757
2020-05-14 23:28:06 +02:00
Thibaut Girka
4853a87df8 Merge branch 'master' into glitch-soc/merge-upstream 2020-05-13 22:11:49 +02:00
ThibG
f48e191e8e Fix sr locale being selected over sr-Latn (#13693)
* Fix sr locale being selected over sr-Latn

* Update tests
2020-05-11 01:09:21 +02:00
Thibaut Girka
4e4e5316c1 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Not a real conflict, just a glitch-soc-only dependency too close to a
  dependency that got updated upstream. Updated as well.
- `app/models/status.rb`:
  Not a real conflict, just a change too close to glitch-soc-changed code
  for optionally showing boosts in public timelines.
  Applied upstream changes.
- `app/views/layouts/application.html.haml`:
  Upstream a new, static CSS file, conflict due to glitch-soc's theming
  system, include the file regardless of the theme.
- `config/initializers/content_security_policy.rb`:
  Upstream dropped 'unsafe-inline' from the 'style-src' directive, but
  both files are very different. Removed 'unsafe-inline' as well.
2020-05-10 16:19:56 +02:00
Eugen Rochko
fc7cad8b2d Add ability to remove identity proofs from account (#13682)
Fix #12613
2020-05-10 11:21:10 +02:00
Takeshi Umeda
861661100c Add remote only to public timeline (#13504)
* Add remote only to public timeline

* Fix code style
2020-05-10 10:36:18 +02:00
ThibG
e9227d8c10 Remove confusing “You are already signed in.” flash message (#13547)
When attempting to access the log-in page while already logged in,
Devise's `require_no_authentication` kicks in and sets a flash
message “You are already signed in.”

In almost all cases, this also causes a redirect to /web, which
does not display or clear flash messages, thus leaving the message
to a potentially much later date, like for instance, accessing
/preferences several minutes after being redirected to /web.
2020-05-10 10:16:39 +02:00
ThibG
5479d33843 Fix own following/followers not showing muted users (#13614)
Fixes #13612
2020-05-08 20:36:34 +02:00
Eugen Rochko
e80d4479c7 Add more ActivityPub controller tests (#13590) 2020-05-03 22:19:24 +02:00
Thibaut Girka
dfa13deaa1 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/statuses_controller.rb`:
  Upstream disabled the embed controller for reblogs.
  Not a real conflict, but glitch-soc has an extra line to deal
  with its theming system.
  Ported upstream changes.
- `app/javascript/packs/public.js`:
  Upstream made changes to get rid of most inline CSS, this changes
  javascript for public pages, which in glitch are split between
  different files. Ported those changes.
- `app/models/status.rb`:
  Upstream changed the block check in `Status#permitted_for` to
  include domain-block checks. Not a real conflict with glitch-soc,
  but our scope is slightly different, as our scope for
  unauthenticated access do not include instance-local toots.
  Ported upstream changes.
- `app/serializers/rest/instance_serializer.rb`:
  Not a real conflict, upstream added a new field to the instance
  serializer, the conflict is one line above since we added more of
  that.
  Ported upstream changes.
- `app/views/settings/profiles/show.html.haml`:
  Upstream got rid of most inline CSS and moved hidden elements
  to data attributes in the process, in fields were we have
  different values.
  Ported upstream changes while keeping our glitch-specific
  values.
- `app/views/statuses/_simple_status.html.haml`:
  Upstream got rid of inline CSS on an HAML line we treat
  differently, stripping empty text nodes.
  Ported upstream changes to the style attribute, keeping
  the empty text node stripping behavior.
2020-05-03 21:23:49 +02:00
Eugen Rochko
0ca06d0ba9 Add more tests for ActivityPub controllers (#13585) 2020-05-03 16:30:36 +02:00
Thibaut Girka
4c125214de Merge branch 'master' into glitch-soc/merge-upstream 2020-04-20 16:45:40 +02:00
sternenseemann
674005c08e Allow users to delete their header and avatar (#13234)
This is achieved by sending a DELETE request to
/settings/profile/pictures/{avatar,header} via a link that is part of
the upload form's hint of the respective picture.
2020-04-20 14:03:03 +02:00
Takeshi Umeda
f5606cdab4 Add local only to hashtag timeline (#13502) 2020-04-18 21:52:39 +02:00
Thibaut Girka
43a9ed3de8 Merge branch 'master' into glitch-soc/merge-upstream 2020-04-17 20:16:24 +02:00
Eugen Rochko
2d3219549b Change delivery failure tracking to work with hostnames instead of URLs (#13437) 2020-04-15 20:33:24 +02:00
Thibaut Girka
c13682bc0d Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/packs/public.js`:
  Upstream modified code that we split between multiple files due
  to glitch-soc's theming system.
  Ported those changes.
2020-04-05 18:32:06 +02:00
Eugen Rochko
50fa554899 Add rate limit for reporting (#13390) 2020-04-05 14:40:08 +02:00
Thibaut Girka
d5b5225614 Merge branch 'master' into glitch-soc/merge-upstream 2020-04-04 21:47:37 +02:00
Eugen Rochko
6932e0e2af Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
Thibaut Girka
631dacf1d7 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/mastodon/features/compose/components/poll_form.js`:
  Upstream bumped poll option character limit, but we already had
  a higher one, kept ours.
- `app/validators/poll_validator.rb`:
  Upstream bumped poll option character limit, but we already had
  a higher one, kept ours.
- `config/initializers/content_security_policy.rb`:
  Upstream added a rule, the way we compute ours is different, but
  that added rule has been ported.
- `package.json`:
  No real conflict, dependency update. Performed the same update.
- `yarn.lock`:
  No real conflict, dependency update. Performed the same update.
2020-04-02 20:32:00 +02:00
Takeshi Umeda
1c2a286244 Fix ImportsController param to permit :mode (#13347) 2020-03-31 12:43:42 +02:00
ThibG
1a993f9675 Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI

Fixes #13278

* Return more appropriate error when user replies to a deleted toot

* Please CodeClimate

* Fix 404/410 errors on fetching account timelines & identity proofs

* Refactor error handling

* Move error message string to statuses.errors
2020-03-28 17:59:45 +01:00
Thibaut Girka
99fc46d023 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Our README.md files are completely different. Discarded upstream changes.
- `app/javascript/core/admin.js`:
  Updating rails-ujs, no real conflict, but a comment to close to changed
  code. Various glitch-soc-only files have been updated to match those changes,
  though.
- `package.json`:
  No real conflict, just an additional dependency in glitch-soc that was too
  close to something updated upstream. Took upstream's changes.
2020-03-22 16:10:44 +01:00
Eugen Rochko
9ced8b6dd5 Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12 22:35:20 +01:00
Eugen Rochko
da9d81c4ac Add titles to warning presets in admin UI (#13252) 2020-03-12 17:57:59 +01:00
ThibG
cd7c22da32 Add federation support for the "hide network" preference (#11673)
* Change ActivityPub follower/following collections to not link first page

* Add support for hiding followers and following of remote users

* Switch to using a single `hide_collections` column

* Address code style remarks
2020-03-09 00:10:29 +01:00
Eugen Rochko
f459919552 Change local media attachments to perform heavy processing asynchronously (#13210)
Fix #9106
2020-03-08 23:56:18 +01:00
Thibaut Girka
0fd3f87ea2 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
  Conflict due to upstream adding a new parameter (with_rate_limit),
  too close to glitch-soc's own additional parameter (content_type).
  Added upstream's parameter.
- `app/services/post_status_service.rb`:
  Conflict due to upstream adding a new parameter (rate_limit),
  too close to glitch-soc's own additional parameter (content_type).
  Added upstream's parameter.
- `app/views/settings/preferences/appearance/show.html.haml`:
  Conflict due to us not exposing theme settings here (as we have
  a different flavour/skin menu).
  Took upstream change, while still not exposing theme settings.
- `config/webpack/shared.js`:
  Coding style fixes for a part we have rewritten.
  Discarded upstream changes.
2020-03-08 19:38:53 +01:00
ThibG
cb93be3b88 Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads

* Refactor and move links into hints

* Fix i18n tests

* Fix HTML output of site_upload_delete_hint
2020-03-08 16:00:24 +01:00
Eugen Rochko
a4668d994b Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
Eugen Rochko
9619521459 Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
Thibaut Girka
07adbc487b Merge branch 'master' into glitch-soc/merge-upstream 2020-02-27 12:37:15 +01:00
Eugen Rochko
e0db9f37f5 Fix leak of arbitrary statuses through unfavourite action in REST API (#13161) 2020-02-27 12:32:54 +01:00
Thibaut Girka
ea391ce8a1 Merge branch 'master' into glitch-soc/merge-upstream 2020-02-25 14:28:13 +01:00
ThibG
c004399975 Fix dismissing an announcement twice raising an obscure error (#13124) 2020-02-24 22:21:40 +01:00
Thibaut Girka
8e8cce20c7 Merge branch 'master' into glitch-soc/merge-upstream 2020-02-19 23:04:18 +01:00
ThibG
8e8d9b3727 Fix account JSON/RSS not being cacheable due to wrong mime type comparison (#13116)
`request.format` is not a symbol but a `Mime::Type`, so the condition actually
never matched, and a session was created even for those requests, preventing
caching.
2020-02-19 22:31:53 +01:00
ThibG
ddd9bad7f1 Fix sign-ups without checked user agreement being accepted through the web form (#13088)
* Fix user agreement not being verified

* Fix tests

* Fix up agreement field being dismissed
2020-02-16 12:56:53 +01:00
Thibaut Girka
b89d5a7408 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile`:
  We updated httplog in a separate commit.
  Took upstream's change which updated it further.
- `Gemfile.lock`:
  We updated httplog in a separate commit.
  Took upstream's change which updated it further.
- `app/lib/sanitize_config.rb`:
  Upstream added better unsupported link stripping,
  while we had different sanitizing configs.
  Took only upstream's link stripping code.
- `config/locales/simple_form.pl.yml`:
  Strings unused in glitch-soc had been removed from
  glitch-soc, reintroduced them even if they are not
  useful, to reduce the risk of later merge conflicts.
2020-02-09 12:15:55 +01:00
Eugen Rochko
f1317633b5 Fix unfiltered params error when generating ActivityPub tag pagination (#13049) 2020-02-08 17:29:40 +01:00
Eugen Rochko
bf4fb26b9d Fix malformed HTML causing uncaught error (#13042)
Fix OEmbed preview API leaking existence of private statuses (see #12930)
2020-02-07 15:24:22 +01:00
Thibaut Girka
ba1a34ca89 Merge branch 'master' into glitch-soc/merge-upstream 2020-02-06 21:36:38 +01:00
Eugen Rochko
5c4b1db54a Change signature verification to ignore signatures with invalid host (#13033)
Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched

Fix #13011
2020-02-03 17:48:23 +01:00
Thibaut Girka
e76a010414 Merge branch 'master' into glitch-soc/merge-upstream 2020-02-03 09:22:58 +01:00
ThibG
99cf92a3cf Change how unread announcements are handled (#13020)
* Change meaning of /api/v1/announcements/:id/dismiss to mark an announcement as read

* Change how unread announcements are counted in UI

* Add unread marker to announcements and mark announcements as unread as they are displayed

* Fixups
2020-02-03 01:53:09 +01:00
Thibaut Girka
9604766a18 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/serializers/rest/account_serializer.rb`:
  Upstream added code too close to glitch-soc-specific followers-hiding code.
  Ported upstream changes.
2020-01-27 15:46:50 +01:00
Eugen Rochko
9fb8165712 Add publish/unpublish controls to announcements in admin UI (#12967) 2020-01-27 11:05:33 +01:00
Eugen Rochko
dd68e44cfa Add streaming API updates for announcements being modified or deleted (#12963)
Change `all_day` to be a visual client-side cue only

Publish immediately if `scheduled_at` is in the past

Add `published_at` and `updated_at` to announcements JSON
2020-01-26 20:07:26 +01:00
Thibaut Girka
a8e43875a5 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/statuses_controller.rb`:
  Minor conflict due to theming system
2020-01-24 14:37:06 +01:00
Eugen Rochko
669f1f5e7f Fix OEmbed leaking information about existence of non-public statuses (#12930) 2020-01-24 00:20:51 +01:00
Eugen Rochko
e4aa4a1c28 Fix password change/reset not immediately invalidating other sessions (#12928)
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.

This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
2020-01-24 00:20:38 +01:00
Eugen Rochko
36b1dd934d Fix relationships page not showing results in admin UI (#12934)
Follow-up to #12927
2020-01-24 00:20:23 +01:00
Eugen Rochko
f95fd62bac Add announcements (#12662)
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
Eugen Rochko
67172aa4f9 Change followers page to relationships page in admin UI (#12927)
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
2020-01-23 20:33:20 +01:00
Thibaut Girka
6719b9daa5 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/packs/public.js`:
  Upstream removed an unused function in code that has
  been refactored a bit. Removed that function in the corresponding
  places.
2020-01-20 18:31:11 +01:00
Eugen Rochko
9ebfb23e87 Various fixes and improvements (#12878)
* Fix unused role routes being generated

* Remove unused JavaScript code

* Refactor filters code to be DRYer

* Fix `.count == 0` comparisons to `.empty?` in views

* Fix filters in views
2020-01-20 15:55:03 +01:00
Thibaut Girka
1f7e7594db Merge branch 'master' into glitch-soc/master
Conflicts:
- `README.md`:
  We have different README files. Discarded upstream changes.
- `app/views/layouts/admin.html.haml`:
  Conflict due to glitch-soc theming system.
  Adapted upstream changes.
- `app/views/layouts/embedded.html.haml`:
  Conflict due to glitch-soc theming system.
  Adapted upstream changes.
- `yarn.lock`:
  No real conflict, glitch-specific dependency too close to
  an updated one. Adapted upstream change.
2020-01-20 15:00:22 +01:00
Eugen Rochko
61320da638 Fix access to OEmbed endpoint in secure mode (#12864) 2020-01-14 08:52:32 +01:00
Thibaut Girka
2591cedcad Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/application_controller.rb`:
  Conflict due to theming system.
- `app/controllers/oauth/authorizations_controller.rb`:
  Conflict due to theming system.
2020-01-04 23:04:42 +01:00
Eugen Rochko
413cb7e861 Fix base64-encoded file uploads not being possible (#12748)
Fix #3804, Fix #5776
2020-01-04 01:54:07 +01:00
Eugen Rochko
e066de9a3c Fix missing authentication call in filters controller (#12746) 2020-01-03 05:29:08 +01:00
Eugen Rochko
91422d35ed Fix uncaught unknown format errors in host meta controller (#12747) 2020-01-03 05:28:56 +01:00
ThibG
f0cca7a79f Hide blocked users from more places (#12733)
* Hide blocked, muted, and blocked-by users from toot favourite lists

* Hide blocked, muted, and blocked-by users from toot reblog lists

* Hide blocked, muted, and blocked-by users from followers/following (API)

* Fix tests

* Hide blocked, muted, and blocked-by users from followers/following on public pages
2019-12-31 00:55:32 +01:00
Eugen Rochko
c3ef5d7628 Fix error when fetching followers/following from REST API when user has network hidden (#12716)
Fix #12510
2019-12-31 00:54:38 +01:00
ThibG
6b20921c88 Remove unused AccountRelationshipsPresenter call in public pages (#12734)
Those were used to show a “follow” or “unfollow” button on account grid on
public pages, but that got removed a while ago.
2019-12-30 19:13:02 +01:00
Eugen Rochko
49b6881379 Fix settings pages being cacheable by the browser (#12714)
Fix #12255
2019-12-30 04:38:30 +01:00
Eugen Rochko
7cca47919f Fix HTML error pages being returned when JSON is expected (#12713)
Fix #12509
See also #12214
2019-12-30 04:38:18 +01:00
Thibaut Girka
e859334b33 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/application_controller.rb
  Minor conflict due to glitch-soc's theming system
2019-12-12 15:40:06 +01:00
Eugen Rochko
af95252d4c Fix missing error templates for non-HTML requests (#12593) 2019-12-10 07:39:54 +01:00
Thibaut Girka
2cc60e8b09 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- package.json
  Not really a conflict, caused by an additional dependency in glitch-soc.
- yarn.lock
  Not really a conflict, caused by an additional dependency in glitch-soc.
2019-12-07 12:28:59 +01:00
Eugen Rochko
2eda06b768 Fix generic HTTP 500 error on duplicate records (#12563)
Fix #12551
Fix #12547
2019-12-06 22:40:06 +01:00
ThibG
60d26cabf0 Add follow_request notification type (#12198)
* Add follow_request notification type

The notification type already existed in the backend but was never pushed
to the front-end. This also means translation strings were also available
for the backend, from the notification mailer.

Unlike other notification types, these are off by default, to match what
I remember of Gargron's view on the topic: that follow requests should not
clutter notifications and should instead be reviewed at the user's own
leisure in the dedicated column.

Since follow requests have their own column, I've deemed it unnecessary to
add a specific tab for them in the notification quick filter.

* Show follow request link in single-column if there are pending requests, even if account isn't locked

* Push follow requests from notifications to the follow_requests list

* Offer to accept or reject follow request from the notification

* Redesign follow request notification
2019-12-01 17:25:29 +01:00
Thibaut Girka
93167b3665 Merge branch 'master' into glitch-soc/merge-upstream 2019-12-01 12:12:42 +01:00
ThibG
4b0a6d79dd Add ability to filter reports by target account domain (#12154)
* Add ability to filter reports by target account domain

* Reword by_target_domain label
2019-11-30 19:53:58 +01:00
Thibaut Girka
e48f63787d Merge branch 'master' into glitch-soc/merge-upstream 2019-11-30 17:29:44 +01:00
Eugen Rochko
5761622a1e Fix proofs API being inaccessible in secure mode (#12495) 2019-11-28 04:07:49 +01:00
Thibaut Girka
a96375d2ef Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- README.md
  discarded upstream changes
- app/controllers/api/v1/bookmarks_controller.rb
  finally merged upstream, some code style fixes
  and slightly changed pagination code
- app/controllers/application_controller.rb
  changed upstream to always return HTML error pages
  slight conflict caused by theming code
- app/models/bookmark.rb
  finally merged upstream, no real conflict
- spec/controllers/api/v1/bookmarks_controller_spec.rb
  finally merged upstream, slightly changed pagination code
2019-11-20 15:36:09 +01:00
Gomasy
d13e680f74 Support min_id-based pagination for bookmarks (#12381)
* Support min_id-based pagination for bookmarks

* Fix spec
2019-11-17 17:09:41 +01:00
Jennifer Glauche
0aae35e310 make it not return http 400 when passing and empty source argument (#12259)
* make it not return http 400 when passing and empty source argument

* create a spec for the empty source hash bug

* compact checks for nil, empty? parameters

* use nil.blank? instead checking for nil
2019-11-16 19:02:09 +01:00
ThibG
517c1cd062 Add bookmarks (#7107)
* Add backend support for bookmarks

Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.

* Add spec for bookmark endpoints

* Add front-end support for bookmarks

* Introduce OAuth scopes for bookmarks

* Add bookmarks to archive takeout

* Fix migration

* Coding style fixes

* Fix rebase issue

* Update bookmarked_statuses to latest UI changes

* Update bookmark actions to properly reflect status changes in state

* Add bookmarks item to single-column layout

* Make active bookmarks red
2019-11-13 23:02:10 +01:00
Yamagishi Kazutoshi
2ede35e843 Change to always returns html document in error pages (#12214) 2019-11-13 22:53:05 +01:00
Thibaut Girka
e76f4056e5 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- README.md
- app/helpers/statuses_helper.rb
  Upstream moved account helpers to their own file, we had extra
  helpers there, moved too.
- app/lib/sanitize_config.rb
- app/models/user.rb
- app/serializers/initial_state_serializer.rb
- config/locales/simple_form.en.yml
- spec/lib/sanitize_config_spec.rb
2019-10-27 12:14:01 +01:00
Faye Duxovni
6bca6dbc2d Add setting for whether to crop images in unexpanded toots (#12126) 2019-10-24 22:51:41 +02:00
ThibG
795144fbbb Fix incoming federation in whitelist mode (#12185)
… posting to the AP inbox required a logged-in local user…
2019-10-24 22:45:35 +02:00
Thibaut Girka
9506d9cafc Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- README.md
- app/javascript/styles/mastodon/components.scss
  conflicts caused by image URLs being different
- app/models/status.rb
  as_home_timeline removed, kept glitch-soc-only as_direct_timeline
- app/views/statuses/_simple_status.html.haml
- config/locales/en.yml
  some strings were changed upstream
- spec/models/status_spec.rb
  as_home_timeline removed, kept glitch-soc-only as_direct_timeline
2019-10-10 17:26:08 +02:00
Thibaut Girka
026da037a3 Ensure pack is set when rendering OTP prompt
Fixes #1230
2019-10-10 17:08:00 +02:00
Eugen Rochko
2e07a901c5 Fix attachment not being re-downloaded even if file is not stored (#12125)
Change the behaviour of remotable concern. Previously, it would skip
downloading an attachment if the stored remote URL is identical to
the new one. Now it would not be skipped if the attachment is not
actually currently stored by Paperclip.
2019-10-09 07:10:46 +02:00
Eugen Rochko
6b96a6dd15 Fix GET /api/v1/instance REST APIs being unavailable in secure mode (#12089) 2019-10-06 22:11:29 +02:00
Eugen Rochko
c453888616 Fix performance of home feed regeneration (#12084)
Fetching statuses from all followed accounts at once takes too long
within Postgres. Fetching them one by one and merging in Ruby
could be a lot less resource-intensive

Because the query for dynamically fetching the home timeline is so
heavy, we can no longer offer it when the home timeline is missing
2019-10-06 22:11:17 +02:00
Thibaut Girka
07abea7ba8 Merge tag 'v3.0.0' into glitch-soc/merge-upstream 2019-10-04 19:49:43 +02:00
Eugen Rochko
059287ad08 Add reason param to POST /api/v1/accounts REST API (#12064)
For approval-required registrations mode
2019-10-03 17:50:59 +02:00
Thibaut Girka
c2d6ef1b64 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/models/media_attachment.rb
  Upstream raised max image size from 8MB to 10MB while our limit is
  configurable. Raised the default to 10MB.
2019-10-03 11:10:12 +02:00
ThibG
be13fc919c Fix RSS caching (but disable localization) (#12054) 2019-10-02 18:30:33 +02:00
Eugen Rochko
28c19c66ba Fix featured hashtag URL being interpreted as media or with_replies (#12048)
Fix #12034
2019-10-02 04:53:17 +02:00
Thibaut Girka
0359df2c9a Fix new user confirmation page styling 2019-10-01 13:48:47 +02:00
Thibaut Girka
a1d016556a glitch-soc theme engine fixes for the challenges controller 2019-09-30 13:37:13 +02:00
Thibaut Girka
cc94c90bf1 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- Gemfile
- Gemfile.lock
- app/controllers/about_controller.rb
- app/controllers/auth/sessions_controller.rb
2019-09-30 12:23:57 +02:00
Eugen Rochko
51a72a802f Add a nodeinfo endpoint (#12002)
* Add nodeinfo endpoint

* dont commit stuff from my local dev

* consistant naming since we implimented 2.1 schema

* Add some additional node info stuff

* Add nodeinfo endpoint

* dont commit stuff from my local dev

* consistant naming since we implimented 2.1 schema

* expanding this to include federation info

* codeclimate feedback

* CC feedback

* using activeserializers seems like a good idea...

* get rid of draft 2.1 version

* Reimplement 2.1, also fix metaData -> metadata

* Fix metaData -> metadata here too

* Fix nodeinfo 2.1 tests

* Implement cache for monthly user aggregate

* Useless

* Remove ostatus from the list of supported protocols

* Fix nodeinfo's open_registration reading obsolete setting variable

* Only serialize domain blocks with user-facing limitations

* Do not needlessly list noop severity in nodeinfo

* Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone

* Enable caching for nodeinfo endpoints

* Fix rendering nodeinfo

* CodeClimate fixes

* Please CodeClimate

* Change InstancePresenter#active_user_count_months for clarity

* Refactor NodeInfoSerializer#metadata

* Remove nodeinfo 2.1 support as the schema doesn't exist

* Clean-up
2019-09-29 21:31:51 +02:00
Eugen Rochko
ae03161ad9 Fix account migration not affecting followers on origin server (#11980) 2019-09-29 16:23:13 +02:00
Eugen Rochko
f5c71a6cd2 Add (back) option to set redirect notice on account without moving followers (#11994)
Fix #11913
2019-09-29 05:03:19 +02:00
Eugen Rochko
561b0509c3 Fix redirecting non-functional accounts on public pages (#11978)
Fix #11969
2019-09-28 01:33:27 +02:00
Eugen Rochko
66d3e13777 Add exclude_unreviewed param to GET /api/v2/search REST API (#11977)
Make it so normal search returns even unreviewed matches, but
autosuggestions do not.

Fix #11960
2019-09-28 01:02:21 +02:00
ThibG
70990720c5 Change silences to always require approval on follow (#11975)
* Change silenced accounts to require approval on follow

* Also require approval for follows by people explicitly muted by target accounts

* Do not auto-accept silenced or muted accounts when switching from locked to unlocked

* Add `follow_requests_count` to verify_credentials

* Show “Follow requests” menu item if needed even if account is locked

* Add tests

* Correctly reflect that follow requests weren't auto-accepted when local account is silenced

* Accept follow requests from user-muted accounts to avoid leaking mutes
2019-09-27 21:13:51 +02:00
abcang
4c0da93bc7 Improve status pin query (#11972) 2019-09-27 15:23:30 +02:00
Eugen Rochko
67796a267d Fix relays UI being available in whitelist/secure mode (#11963)
Fix relays UI referencing relay that is not functional
2019-09-27 02:13:34 +02:00
Eugen Rochko
3773115066 Fix authentication before 2FA challenge (#11943)
Regression from #11831
2019-09-24 04:35:36 +02:00
Takeshi Umeda
45fe523a18 Addition of update activity distribution by alias, minor correction (#11905)
* Addition of update activity distribution by alias, minor correction

* Distribute Update activity after adding alias
* Add uniqueness verification to alias uri
* accept acct starting with @

* fix double-quoted to single-quoted
2019-09-21 09:11:21 +02:00
Takeshi Umeda
74e4abcebc Fixed an error in the aliases template of the aliases controller (#11902) 2019-09-21 02:59:37 +02:00
Eugen Rochko
a2d3728c36 Add account migration UI (#11846)
Fix #10736

- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
2019-09-19 20:58:19 +02:00
Eugen Rochko
61442032a2 Add table of contents to about page (#11885)
Move public domain blocks information to about page
2019-09-19 11:09:05 +02:00
Thibaut Girka
4837d6275a Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/auth/sessions_controller.rb
  Minor conflict due to glitch-soc's theming code
2019-09-18 17:25:56 +02:00
Eugen Rochko
1781358bd9 Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
Eugen Rochko
8904a4eb36 Fix TOTP codes not being filtered from logs during enabling/disabling (#11877)
Not a serious issue because they are meaningless past single use
2019-09-18 02:48:40 +02:00
Eugen Rochko
ae443cb6ea Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 14:58:02 +02:00
mayaeh
566e85716f Add search and sort functions to hashtag admin UI (#11829)
* Add search and sort functions to hashtag admin UI

* Move scope processing from tags_controller to tag_filter

* Fix based on method naming conventions

* Fixed not to get 500 errors for invalid requests
2019-09-16 14:27:29 +02:00
Eugen Rochko
8eb0d880cb Fix 2FA challenge and password challenge for non-database users (#11831)
* Fix 2FA challenge not appearing for non-database users

Fix #11685

* Fix account deletion not working when using external login

Fix #11691
2019-09-15 21:08:39 +02:00
Thibaut Girka
2e38d889a3 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- Gemfile
- app/controllers/api/v1/search_controller.rb
  Conflict because we changed the number of default results to be
  configurable
- app/lib/settings/scoped_settings.rb
  Addition of a new “noindex” site-wide setting,
  conflict due to our change of the two other site-wide settings
  (default flavour and skin instead of theme)
- spec/controllers/application_controller_spec.rb
  Addition of a new “noindex” site-wide setting,
  conflict due to our change of the two other site-wide settings
  (default flavour and skin instead of theme)
2019-09-13 18:13:43 +02:00
Eugen Rochko
8824964836 Remove deprecated GET /api/v1/search API (#11823)
Use `GET /api/v2/search` instead
2019-09-13 16:11:13 +02:00