Patrick Figel
df4ff9a8e1
Add recovery code support for two-factor auth ( #1773 )
...
* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes #563 and fixes #987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Les Orchard
7609593e48
Add REDIS_DB env variable to configure Redis database ( #1366 )
2017-04-15 02:21:13 +02:00
ThibG
a9529d3b4b
Allow running mastodon on a different domain as the one used for identifying users ( #1267 )
...
* Allow running mastodon on a different domain as the one used for identifying users
* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing
* Compare to web_domain instead of local_domain when dealing with feeds/API
* Correctly identify mentions to local accounts
Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Valentin Lorentz
5ab0ffc6c8
Custom Paperclip path. ( #778 )
...
* Custom Paperclip path.
* Document PAPERCLIP_ROOT.
* Add PAPERCLIP_ROOT_URL (and rename PAPERCLIP_ROOT to PAPERCLIP_ROOT_PATH).
2017-04-15 02:07:21 +02:00
Yusuke Abe
169c68a739
Add filename extension to paperclip ( #1718 )
2017-04-13 21:52:56 +02:00
Matt Jankowski
c44a700252
Quick best practice cleanup of views/helpers ( #1546 )
...
* Remove trailing whitespace
* Use query methods instead of explicit .blank? checks
2017-04-12 18:24:18 +02:00
Yann GUERN
a85d4473aa
Avoid user enumeration with devise paranoid mode ( #1527 )
2017-04-11 14:21:15 +02:00
Matt Jankowski
4ada50985a
Pagination improvements ( #1445 )
...
* Replace will_paginate with kaminari
* Use #page instead of #paginate in controllers
* Replace will_paginate.page_gap with pagination.truncate in i18n
* Customize kaminari views to match prior styles
* Set kaminari options to match prior behavior
* Replace will_paginate with paginate in views
2017-04-11 01:11:41 +02:00
Matt Jankowski
64dbde0dbf
Version bumps for ruby and misc gems ( #1159 )
...
* Update rspec-rails to version 3.5.2
* Update addressable to version 2.5.1
* Update autoprefixer-rails to version 6.7.7.1
* Update bullet to version 5.5.1
* Update domain_name to version 0.5.20170404
* Update letter_opener_web to version 1.3.1
* Upate redis-rails to version 5.0.2
* Update active_record_query_trace to version 1.5.4
* Update capistrano-rails to version 1.2.3
* Update dotenv-rails to version 2.2.0
* Update pg to version 0.20.0
* Update tilt to version 2.0.7
* Update warden to version 1.2.7
* Update tins to version 1.13.2
* Update terminal-table to version 1.7.3
* Update oj to version 2.18.5
* Update simplecov to version 0.14.1
* Update uglifier to version 3.1.13
* Update hashdiff to version 0.3.2
* Update webmock to version 2.3.2
* Update devise to version 4.2.1
* Use ruby version 2.4.1
* Update sass to version 3.4.23
* Update puma to version 3.8.2
* Update will_paginate to version 3.1.5
* Update font-awesome-rails to version 4.7.0.1
* Update fuubar to version 2.2.0
* Update pry-rails to version 0.3.6
* Update simple-navigation to version 4.0.5
* Update rubocop to version 0.48.1
* Update doorkeeper to version 4.2.5
* Update faker to version 1.7.3
* Update aws-sdk to version 2.9.5
* Update fabrication to version 2.16.1
* Update hamlit-rails to version 0.2.0
* Update http to version 2.2.1
* Update httplog to version 0.99.2
* Update sidekiq to version 4.2.10
* Update rspec-sidekiq to version 3.0.0
* Update pghero to version 1.6.4
* Update rack-cors to version 0.4.1
* Update i18n-tasks to version 0.9.13
* Update ruby-oembed to version 0.12.0
* Update jquery-rails to version 4.3.1
* Update simple_form to version 3.4.0
* Update react-rails to version 1.11.0
* Update aws-sdk to version 2.9.6
* Update sidekiq-unique-jobs to version 5.0.0
* Update uglifier to version 3.2.0
2017-04-10 22:47:41 +02:00
Eugen Rochko
29ffe1cad3
Make sure Rabl is using Oj
2017-04-05 19:29:30 +02:00
Pete Keen
e9a6da6bc7
[ #817 ] Add email whitelist
...
This adds the ability to filter user signup with a whitelist
instead of or in addition to a blacklist.
Fixes #817
2017-04-04 11:20:15 -04:00
Eugen Rochko
5b12624847
Add proper error page for request timeouts
2017-04-02 19:43:44 +02:00
leopku
c46843c65c
🔧 S3 protocol from ENV
...
add support for reading S3 protocol from ENV
also add S3_HOSTNAME in .env.production.sample
2017-03-23 15:44:55 +08:00
Eugen Rochko
2816b1bf8e
Federate header images, fix open-uri http->https redirection error
2017-03-18 22:51:20 +01:00
Eugen Rochko
02349b3269
Obfuscate filenames better, double rate limits
2017-03-14 15:59:21 +01:00
Eugen Rochko
1fb3e8988b
Revert earlier fix due to new bug reports
2017-03-06 02:25:41 +01:00
Eugen Rochko
ebc01bf0f6
Make the paperclip filename interpolator smarter about the :original style
...
If an :original gets converted into another format, it would get saved as
original_filename *anyway*, so generating the extension is pointless and
yields bad results for when you change the style definition later. This way,
old gifs will still have correct URLs
2017-03-05 23:03:49 +01:00
Eugen Rochko
138d21aea8
Update service timeout setting from 15s to 90s
2017-02-13 20:42:02 +01:00
Eugen
9d5fb49cd8
Merge pull request #603 from evanminto/activitypub-account
...
Expose ActivityStreams 2.0 representation of accounts
2017-02-07 02:08:40 +01:00
Evan Minto
94e213c6c1
Reuse existing controller and route
2017-02-06 01:19:26 -08:00
Eugen Rochko
ccb8ac8573
Make the streaming API also handle websockets (because trying to get the browser EventSource interface to
...
work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead
of ActionCable like before. This means that if you are upgrading, you should set that up beforehand.
2017-02-04 00:34:31 +01:00
Eugen Rochko
f4bc9620a9
Update settings to re-use admin layout, one big navigation tree, improve settings forms
2017-01-28 03:56:10 +01:00
Eugen Rochko
76e970c856
Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled)
...
Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit
2017-01-27 20:35:16 +01:00
Eugen Rochko
ba192f12e3
Added optional two-factor authentication
2017-01-27 20:35:16 +01:00
Eugen Rochko
f6a5977f0b
Fix key names in statsd
2017-01-26 19:46:52 +01:00
Eugen Rochko
d567f21d4f
Improve StatsD instrumentation
2017-01-26 19:08:05 +01:00
Eugen Rochko
7329fbd8a4
Fix up timeout, improve contrast on "show more", add responsive style
...
for extremely wide monitors
2017-01-26 18:48:56 +01:00
Eugen
956da43e19
Fix error
2017-01-22 23:07:31 +01:00
Eugen Rochko
61aee0006e
Override Rack::Request to use the same trusted proxy settings as Rails
2017-01-22 21:01:28 +01:00
Eugen Rochko
f0de621e76
Fix #463 - Fetch and display previews of URLs using OpenGraph tags
2017-01-20 01:00:14 +01:00
Eugen Rochko
306eb6e9c9
Add optional StatsD performance tracking
2017-01-18 23:44:29 +01:00
Effy Elden
ab4f5f5da5
Add Heroku deployment support
2017-01-17 22:00:03 +11:00
Effy Elden
a097dd489b
Change default S3 ACL string used by Paperclip from 'public' (which is invalid) to 'public-read'
2017-01-15 20:58:46 +11:00
Eugen Rochko
2e71bb031b
Fix Paperclip timeout setting. Fix bug introduced in #437
2017-01-08 19:12:54 +01:00
Eugen Rochko
7ddec6e7c3
Add read timeout to paperclip when it's downloading remote images
2017-01-07 15:43:56 +01:00
Eugen Rochko
b891a81008
Follow call on locked account creates follow request instead
...
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko
6d71044c85
Don't use rack timeout in any but production environments
2016-12-21 19:10:40 +01:00
Eugen Rochko
6de079a5af
Removing external hub completely, fix #333 fixing digit-only hashtags,
...
removing web app capability from non-webapp pages
2016-12-18 12:24:37 +01:00
Eugen Rochko
8b93f45f3d
Fix paperclip config
2016-12-07 17:19:29 +01:00
Eugen Rochko
f114bc7bb7
Update Paperclip config to allow plugging in Minio instead of AWS
2016-12-07 16:59:18 +01:00
Eugen Rochko
1357c1cb3d
Add single user mode
2016-12-06 17:19:26 +01:00
Eugen Rochko
b362de2232
Adding configurable e-mail blacklist
2016-12-04 19:07:02 +01:00
Eugen Rochko
f763e844e8
Do not use expiring links after all
2016-12-04 13:02:43 +01:00
Eugen Rochko
80c44ed9c1
Do not autoplay videos, display play button instead. Use expiring links when using S3. Do not keep originals
...
for avatars/headers, resize avatars down to 120x120 instead of 300x300. Set cache headers on S3 stuff, also
make it private (aka only accessible via expiring links to prevent hotlinking)
2016-12-04 12:28:10 +01:00
Eugen Rochko
290ffb63cd
Fix cloudfront config
2016-12-03 22:12:22 +01:00
Eugen Rochko
d3bd10dfe4
Add Cloudfront support
2016-12-03 22:08:15 +01:00
Eugen Rochko
5973ca3d11
Upgrade Paperclip to 5, AWS-SDK to 2, do not generate medium/small versions of avatars
2016-11-29 14:20:15 +01:00
Eugen Rochko
cc70f28f19
Adding rack timeout of 30sec, PuSH jobs moved to push queue so they
...
can be processed separately
2016-11-29 02:07:14 +01:00
Eugen Rochko
c0555f2db6
Don't rate-limit PuSH endpoints
2016-11-29 00:44:11 +01:00
Eugen Rochko
4e351baf88
Fix URLs in inline-rendered XML
2016-11-29 00:26:01 +01:00
Eugen
41ef277da3
Fix URLs in ApplicationController.renderer
2016-11-28 21:21:05 +01:00
Eugen Rochko
dda9ac9222
Fix reset date format when rate limited
2016-11-25 18:20:47 +01:00
Eugen Rochko
8efa081f21
Remove Neo4J
2016-11-24 23:46:27 +01:00
Eugen Rochko
8e34bed7cc
Mini Profiler not working well, remove it
2016-11-24 19:59:11 +01:00
Eugen Rochko
fc90d38893
Moving some counter queries out of subqueries in the API
2016-11-22 22:59:54 +01:00
Eugen Rochko
116ab27e08
i18n for devise mailer too
2016-11-16 18:25:21 +01:00
Eugen Rochko
546c4718e7
Localizations for most server-side strings
2016-11-16 00:55:33 +01:00
Eugen Rochko
fdc17bea58
Fix rubocop issues, introduce usage of frozen literal to improve performance
2016-11-15 16:56:29 +01:00
Eugen Rochko
86574ea524
Adding Emoji One
2016-11-08 21:46:29 +01:00
Eugen Rochko
2f21f4cc01
Fix region setting for AWS gem
2016-11-08 18:55:46 +01:00
Eugen Rochko
dbe00a4156
Improved configuration from ENV, cleaned up timeline filter methods
...
to be more readable, add extra logging to process feed service
2016-11-07 23:20:52 +01:00
Eugen Rochko
b835f4aa1c
Fix insecure S3 URLs
2016-11-06 20:59:06 +01:00
Eugen Rochko
d14967e1c8
Fix URL configuration when S3 is enabled
2016-11-06 20:43:16 +01:00
Eugen Rochko
45230c56ab
Improve S3 config
2016-11-06 18:55:20 +01:00
Eugen Rochko
3ab193bc3f
Adding optional S3, fail-mastodon
2016-11-06 18:35:46 +01:00
Eugen Rochko
9467b900a2
Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY,
...
add permissive CORS to API controllers
2016-11-02 12:58:15 +01:00
Eugen Rochko
720d1f8f3d
Restrict access to oauth/applications to admins only
2016-10-23 12:08:52 +02:00
Eugen Rochko
a9e40a3d80
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
...
to the API
2016-10-22 19:39:44 +02:00
Eugen Rochko
43df35213e
Improving all forms
2016-10-18 16:37:15 +02:00
Eugen Rochko
d5e086a47b
Adding application/jrd+json webfinger resource
2016-10-18 02:54:49 +02:00
Eugen Rochko
e21a3fe0cd
Adding sync of follow relationships to Neo4J, accounts/suggestions API
2016-10-14 23:10:07 +02:00
Eugen Rochko
3554d638b3
Fix #72 - add follow/unfollow button to public profiles
2016-10-06 21:27:58 +02:00
Eugen Rochko
f06f295890
Fix doorkeeper skip_authorization
2016-10-02 22:55:09 +02:00
Eugen Rochko
4909bbf415
Add logging for outgoing http requests
2016-10-02 14:58:06 +02:00
Eugen Rochko
492224b93f
Allow non-https redirect URIs for OAuth apps (AndStatus seems to require this)
2016-09-30 22:40:31 +02:00
Eugen Rochko
7e14eefc81
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app
...
registration API
2016-09-26 23:56:53 +02:00
Eugen Rochko
3b56350121
Fix #6 - Rate limit GET reqs to 300/5min, POST to 100/5min
2016-09-24 13:53:54 +02:00
Eugen Rochko
1022d682dc
Normalized data in Redux, fix for asset URLs when rendered outside request
2016-09-04 14:04:26 +02:00
Eugen Rochko
92afd29650
The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
...
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko
44e57f64dd
Improving statuses, adding a composer drawer, which doesn't work yet
2016-08-25 19:52:55 +02:00
Eugen Rochko
bc0692d75b
Removing mini-profiler that doesn't work, formatting timelines a bit better
2016-08-24 19:23:37 +02:00
Eugen Rochko
68c93f8b85
Final fix for ActionCable origin issues
2016-08-18 18:51:50 +02:00
Eugen Rochko
8985f8e66c
Fixing more configuration issues with ActionCable
2016-08-18 18:39:35 +02:00
Eugen Rochko
5a8c149f6b
Fix ActionCable origin checking
2016-08-18 18:08:25 +02:00
Eugen Rochko
6426819b6f
Fix tests
2016-08-18 17:22:44 +02:00
Eugen Rochko
6deb9f966e
Live timelines using ActionCable
2016-08-18 15:49:51 +02:00
Eugen Rochko
10ba09f546
Upgrade to Rails 5.0.0.1
2016-08-17 17:58:00 +02:00
Eugen Rochko
85b00d19b8
Moving Salmon notifications to background processing, fixing mini-profiler
...
behaviour with Turbolinks enabled, optimizing Rabl for production
2016-03-26 13:42:10 +01:00
Eugen Rochko
5764d52b04
Fix Sidekiq pooling issues. Remove API docs from homepage, replace with
...
a basic home timeline
2016-03-25 16:10:14 +01:00
Eugen Rochko
318886287b
Fixing some stuff for Turbolinks, adding gzip on top, fixing a n+1 query
2016-03-25 15:09:40 +01:00
Eugen Rochko
36f3da3cde
Adjust down the number of Sidekiq threads to 5 (default of 25 is way too high)
2016-03-25 14:20:31 +01:00
Eugen Rochko
e24bfbde1a
Fixing FanOutOnWriteService, fixing Sidekiq not having enough DB connections
...
in the pool, adding a throttle of 60rpm per IP, adding mini profiler, adding
admin status to users
2016-03-25 14:12:24 +01:00
Eugen Rochko
42dcb0d4cb
Adding Sidekiq for background processing (firstly just of mailers)
2016-03-25 02:50:48 +01:00
Eugen Rochko
b640f35621
Writing out more tests, fixed some bugs
2016-03-20 13:03:06 +01:00
Eugen Rochko
e2b846f630
Adding letter opener for development and Rack::Attack for future rate limiting implementations
2016-03-19 14:57:30 +01:00
Eugen Rochko
9cb690c706
Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up
2016-03-16 18:29:52 +01:00
Eugen Rochko
2c374cd97c
Adding e-mail configuration
2016-03-16 12:13:40 +01:00
Eugen Rochko
6fec8afc3f
Bind oauth applications to users
2016-03-14 17:49:13 +01:00
Eugen Rochko
3441361568
Adding simple_form, adding profile settings, header image
2016-03-12 20:47:22 +01:00
Eugen Rochko
1aa477ac2f
Customized more doorkeeper views, only logged in users can create oauth apps
2016-03-12 19:46:06 +01:00