0
0
Fork 0
mirror of https://github.com/lunaisnotaboy/mastodon.git synced 2025-01-09 14:07:10 +00:00
Commit graph

1182 commits

Author SHA1 Message Date
Eugen Rochko 465ee7792f
Fix pagination header on empty trends responses in REST API () 2022-04-07 18:06:15 +02:00
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in () 2022-04-06 20:58:12 +02:00
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token ()
Fixes 

Since , the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
Eugen Rochko d116cb7733
Fix GET /api/v1/trends/tags missing offset param in REST API () 2022-04-06 20:56:57 +02:00
Claire 894956e20c
Fix /api/v1/admin/accounts ()
* Fix /api/v1/admin/accounts

Compatibility was broken since  which changed the underlying filter class
without changing the controller.

This commits restore support for the old parameters.

* Add /api/v2/admin/accounts with the new parameters

* Add tests

* Add missing filter for `silenced` status

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-03-28 23:57:38 +02:00
Eugen Rochko cefa526c6d
Refactor formatter ()
* Refactor formatter

* Move custom emoji pre-rendering logic to view helpers

* Move more methods out of Formatter

* Fix code style issues

* Remove Formatter

* Add inline poll options to RSS feeds

* Remove unused helper method

* Fix code style issues

* Various fixes and improvements

* Fix test
2022-03-26 02:53:34 +01:00
Eugen Rochko e3a2203061
Add offset pagination to trends in REST API () 2022-03-26 00:26:50 +01:00
Eugen Rochko 67d550830b
Fix locale not being set in REST API () 2022-03-22 12:29:04 +01:00
Eugen Rochko e6ffbfb5e7
Add types param to GET /api/v1/notifications in REST API ()
* Add `types` param to `GET /api/v1/notifications` in REST API

* Improve tests
2022-03-15 04:11:29 +01:00
Eugen Rochko bc320d6cec
Fix POST /api/v1/emails/confirmations not being available after sign-up () 2022-03-12 04:14:25 +01:00
Eugen Rochko b2cd34474b
Add rate limit for editing () 2022-03-09 20:06:51 +01:00
chandrn7 a6ed6845c9
Allow login through OpenID Connect ()
* added OpenID Connect as an SSO option

* minor fixes

* added comments, removed an option that shouldn't be set

* fixed Gemfile.lock

* added newline to end of Gemfile.lock

* removed tab from Gemfile.lock

* remove chomp

* codeclimate changes and small name change to make function's purpose clearer

* codeclimate fix

* added SSO buttons to /about page

* minor refactor

* minor style change

* removed spurious change

* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth

* minor changes
2022-03-09 12:07:35 +01:00
Eugen Rochko bd53dd5210
Change design of federation pages in admin UI ()
* Change design of federation pages in admin UI

* Fix query performance in instance media attachments measure

* Fix reblogs being included in instance languages dimension
2022-03-09 08:52:32 +01:00
Eugen Rochko 8f6c67bfde
Fix performance of account timelines ()
* Fix performance of account timelines

* Various fixes and improvements

* Fix duplicate results being returned

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix grouping for pinned statuses scope

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-08 09:14:39 +01:00
Eugen Rochko edf09ec747
Add /api/v1/accounts/familiar_followers to REST API ()
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07 09:36:47 +01:00
Eugen Rochko 2ea754b861
Fix duplicate notifications being possible after poll expiration () 2022-03-04 01:06:33 +01:00
Claire ff43e54a49
Allow editing media attachments for scheduled toots ()
Fixes 
2022-03-03 16:13:58 +01:00
Eugen Rochko 631e495a79
Change follow scope to be covered by read and write scopes in REST API ()
Deprecate `follow` scope
2022-03-03 16:13:40 +01:00
Eugen Rochko e24b14cc74
Fix leak of existence of otherwise inaccessible statuses in REST API () 2022-03-02 18:57:26 +01:00
Eugen Rochko 02b8d63fce
Fix report category not being saved in REST API () 2022-03-02 18:57:08 +01:00
Eugen Rochko 25d3dc4373
Add ability to mark statuses as sensitive from reports in admin UI ()
* Add ability to mark statuses as sensitive from reports in admin UI

* Allow mark as sensitive action on statuses with preview cards
2022-03-01 22:20:29 +01:00
Claire 14919fe11e
Change old moderation strikes to be displayed in a separate page ()
* Change old moderation strikes to be displayed in a separate page

Fixes 

This changes the moderation strikes displayed on `/auth/edit` to be those from
the past 3 months, and make all moderation strikes targeting the current user
available in `/disputes`.

* Add short description of what the strikes page is for

* Move link to list of strikes to “Account status” instead of navigation item

* Normalize i18n file

* Fix layout and styling of strikes link

* Revert highlights_on regexp

* Reintroduce account status summary

- this way, “Account status” is never empty
- account status is not necessarily bound to strikes, or recent strikes
2022-03-01 19:37:47 +01:00
Eugen Rochko 50ea54b3ed
Change authorized applications page ()
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
2022-03-01 16:48:58 +01:00
Claire 6aef76b5cd
Fix error when a MX is shared across blocked domains () 2022-02-26 17:26:28 +01:00
Eugen Rochko 27965ce5ed
Add trending statuses ()
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko a29a982eaa
Change e-mail domain blocks to block IPs dynamically ()
* Change e-mail domain blocks to block IPs dynamically

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-24 17:28:23 +01:00
Eugen Rochko 7b816eb5ae
Add notifications for new sign-ups () 2022-02-23 16:45:22 +01:00
dependabot[bot] 2e89067d21
Bump pundit from 2.1.1 to 2.2.0 ()
* Bump pundit from 2.1.1 to 2.2.0

Bumps [pundit](https://github.com/varvet/pundit) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/varvet/pundit/releases)
- [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/compare/v2.1.1...v2.2.0)

---
updated-dependencies:
- dependency-name: pundit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* `include Pundit` is deprecated

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-19 13:30:06 +09:00
Eugen Rochko de448ab1b5
Change global locale param to lang to avoid conflicts () 2022-02-19 03:12:28 +01:00
Claire ac99f586bb
Fix issues when attempting to appeal an old strike ()
* Display an error when an appeal could not be submitted

* Do not offer users to appeal old strikes

* Fix 500 error when trying to appeal a strike that is too old

* Avoid using an extra translatable string
2022-02-16 22:29:48 +01:00
Eugen Rochko 564efd0651
Add appeals ()
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Claire 7396a254c1
Fix empty batch statuses selection causing a 500 error ()
* Fix empty batch statuses selection causing a 500 error

* Simplify current_params
2022-02-12 19:52:17 +01:00
Eugen Rochko 8f03b7a2fb
Add notifications when a reblogged status has been updated ()
* Add notifications when a reblogged status has been updated

* Change wording to say "edit" instead of "update" and add missing controls

* Replace previous update notifications with the most up-to-date one
2022-02-11 22:20:19 +01:00
Eugen Rochko d0fcf07436
Change actions in reports to require only one click () 2022-02-11 21:51:57 +01:00
Eugen Rochko 63002cde03
Add editing for published statuses ()
* Add editing for published statuses

* Fix change of multiple-choice boolean in poll not resetting votes

* Remove the ability to update existing media attachments for now
2022-02-10 00:15:30 +01:00
Eugen Rochko 2f8159baad
Add category and rule_ids params to POST /api/v1/reports () 2022-02-10 00:10:16 +01:00
Eugen Rochko fd3a45e348
Add edit history to web UI ()
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Eugen Rochko 85b86fe28c
Add global locale param ()
- Remove the session-based locale stickyness
2022-02-08 02:34:56 +01:00
Claire 73a782391c
Fix replies collection incorrectly looping ()
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
2022-02-07 17:06:43 +01:00
Claire 92658f0fb0
Fix instance actor not being dereferenceable ()
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
2022-02-06 15:31:03 +01:00
Eugen Rochko e03e7ac290
Fix error on account relationships page in admin UI () 2022-02-05 05:06:34 +01:00
Claire f5639e1cbe
Change public profile pages to be disabled for unconfirmed users ()
Fixes 

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
2022-01-28 14:24:37 +01:00
Claire 03d59340da
Fix Sidekiq warnings about JSON serialization ()
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
2022-01-28 00:43:56 +01:00
Claire bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in ()
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes 

Introduced in , OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by  from
appearing, and completely broke with the introduction of .

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire cfa583fa71
Remove support for OAUTH_REDIRECT_AT_SIGN_IN ()
Fixes 

Introduced in , OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by  from
appearing, and completely broke with the introduction of .

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2022-01-23 15:50:41 +01:00
Eugen Rochko 1060666c58
Add support for editing for published statuses ()
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Eugen Rochko 14f436c457
Add notifications for statuses deleted by moderators () 2022-01-17 09:41:33 +01:00
Claire d5c9feb7b7
Add support for private pinned posts ()
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Eugen Rochko 8e84ebf0cb
Remove IP tracking columns from users table () 2022-01-16 13:23:50 +01:00
Claire 76761d5fc0
Add ability for admins to delete canonical email blocks ()
* Add admin option to remove canonical email blocks from a deleted account

* Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17 23:02:14 +01:00