aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,207 Commits
142 Branches
269 Tags
993 MiB
i18n/crowdin/translations
renovate/eslint-(non-major)
renovate/sanitize-7.x
renovate/yarn-monorepo
renovate/postcss-preset-env-10.x-lockfile
renovate/bufferutil-4.x-lockfile
renovate/docker.io-ruby-3.x
renovate/ox-2.x-lockfile
renovate/rubocop-(non-major)
renovate/nokogiri-1.x-lockfile
renovate/rack-test-2.x-lockfile
renovate/pino-9.x-lockfile
renovate/csv-3.x-lockfile
main
feat/fasp
renovate/definitelytyped-types-(non-major)
features/numeric-identifiers
renovate/omniauth-packages
renovate/major-react-monorepo
fixes/notification-trailing-groups
renovate/reduxjs-toolkit-2.x-lockfile
renovate/webpush-digest
feature-streaming-profile
renovate/formatjs-monorepo
feature-starter-packs
refactor-status-content-typescript
renovate/glob-11.x
renovate/react-test-renderer-19.x
fixes/embed-requestAnimationFrame
renovate/immutable-5.x
stable-4.3
stable-4.1
stable-4.2
renovate/net-http-0.x
renovate/major-formatjs-monorepo
features/lock-icon-on-hover-card
renovate/typescript-5.x-lockfile
feature-language-dropdown-warning
feature-admin-report-forward
feature-reports-batch-actions
fix-admin-dashboard-slow
fix-future-date-trend
redesign/content-warning-filters-4.3
fixes/filtered-follows
remove/trendable-provider-attribution
activitypub/summary-over-name
build-stable-nightly
fixes/notification-excerpt-paragraph
fixes/mastodon-setup-task-redis
fixes/out-of-order-private-posts
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
cleanup/remove-old-notifications
fixes/detect-missing-indexes2
cleanup/simplify-css
feature-post-layout
features/media-description-in-embedded-status
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
fixes/thread-resolve-worker-skip_fetching
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
v4.3.1
v4.3.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '13e049d772'
${ noResults }
Commit Graph

853 Commits (13e049d7729425ade92a6800357bfd6224a722b8)

Author SHA1 Message Date
takayamaki 33976c8ecc fix: Execute PAM authentication tests on CircleCI (#9029) 
and use 'if' option of context block
 6 years ago
Eugen Rochko d5bfba3262
Do not test PAM authentication by default (#9027) 
* Do not test PAM authentication by default

* Disable PAM tests if PAM is not enabled
 6 years ago
Eugen Rochko ddd30f331c
Improve support for aspects/circles (#8950) 
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
 6 years ago
Eugen Rochko 21ad21cb50
Improve signature verification safeguards (#8959) 
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
 6 years ago
ashleyhull-versent f194857ac9 rubocop issues - Cleaning up (#8912) 
* cleanup pass

* undo mistakes

* fixed.

* revert
 6 years ago
ashleyhull-versent 2dba313100 Replace SVG asset with Custom mascot (#8766) 6 years ago
Eugen Rochko 774ac47373
Add conversations API (#8832) 
* Add conversations API

* Add web UI for conversations

* Add test for conversations API

* Add tests for ConversationAccount

* Improve web UI

* Rename ConversationAccount to AccountConversation

* Remove conversations on block and mute

* Change last_status_id to be a denormalization of status_ids

* Add optimistic locking
 6 years ago
Jeong Arm 144d73730d Leave unknown language as nil if account is remote (#8861) 
* Force use language detector if account is remote

* Set unknown remote toot's language as nil
 6 years ago
aus-social 0a4739c732 lint pass 2 (#8878) 
* Code quality pass

* Typofix

* Update applications_controller_spec.rb

* Update applications_controller_spec.rb
 6 years ago
Eugen Rochko a46ab86adf
Limit the number of people that can be followed from one account (#8807) 
Configurable soft limit of 7,500, and above that, configurable
ratio of 1.1 * followers, controlled by:

- MAX_FOLLOWS_THRESHOLD
- MAX_FOLLOWS_RATIO

Fix #2311
 6 years ago
Eugen Rochko e645ae9561
Change admin accounts default sort to most recent (#8813) 6 years ago
Eugen Rochko 7fe137d2f7
Fix link verification for remote accounts (#8868) 6 years ago
aus-social 1f98eae1cf Lint pass (#8876) 6 years ago
Eugen Rochko f0fff3eb10
Support min_id-based pagination in REST API (#8736) 
* Allow min_id pagination in Feed#get

* Add min_id pagination to home and list timeline APIs

* Add min_id pagination to account statuses, public and tag APIs

* Remove unused stub in reports API

* Use min_id pagination in notifications, favourites, and fix order

* Fix HomeFeed#from_database not using paginate_by_id
 6 years ago
Eugen Rochko 3d7f68c273
Revert Font Awesome 5 upgrade (#8810) 
* Revert "Fix some icon names changed by the Font Awesome 5. (#8796)"

This reverts commit 3f9ec3de82.

* Revert "Migrate to font-awesome 5.0. (#8799)"

This reverts commit 8bae14591b.

* Revert "Fix some icons names, unavailable in fontawesome5 (free license). (#8792)"

This reverts commit b9c727a945.

* Revert "Update the icon name changed by the Font Awesome 5. (#8776)"

This reverts commit 17af4d27da.

* Revert "Add bot icon to bot avatars and migrate to newer version of Font Awesome (#8484)"

This reverts commit 4b794e134d.
 6 years ago
Naoki Kosaka 8bae14591b Migrate to font-awesome 5.0. (#8799) 6 years ago
ThibG c39183cc62 Refactor active_nav_class for use with multiple paths (#8757) 6 years ago
Eugen Rochko f92f1ee80a
Support link verification with redirects (#8735) 
(e.g. URL shortener)
 6 years ago
Yamagishi Kazutoshi 3da1cc7d5e Fix failed profile verification when rel attribute including values other than me (#8733) 6 years ago
Eugen Rochko f4d549d300
Redesign forms, verify link ownership with rel="me" (#8703) 
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
 6 years ago
luzpaz 40dd19be37 Misc. typos (#8694) 
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
 6 years ago
Eugen Rochko 2288d50a7b
Add force_login option to OAuth authorize page (#8655) 
* Add force_login option to OAuth authorize page

For when a user needs to sign into an app from multiple accounts
on the same server

* When logging out from modal header, redirect back after re-login
 6 years ago
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626) 
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
 6 years ago
Eugen Rochko c593d6df9c
Add preference for report notification e-mails, skip for duplicates (#8559) 
If an unresolved report for the same target account already exists,
no new notification is generated
 6 years ago
Renato "Lond" Cerqueira fe56d26f7b Fix autoplay issue with spoiler tag (#8540) 
Add tests to avoid similar issues in the future
 6 years ago
Renato "Lond" Cerqueira 11658d8653 Add animate custom emoji param to embed pages (#8507) 
* Add animate custom emoji param to embed pages

* Rename param, use it for avatars and gifs

* Fix issues pointed by codeclimate and breaking test

* Ignore brakeman warning
 6 years ago
Renato "Lond" Cerqueira 5b2b493a90 Fix nil host in remotable (#8508) 
Host can be nil in urls like
'https:https://example.com/path/file.png'
 6 years ago
sundevour 4bfd786550 formatter spec fixes & clarification (#8481) 
updates some "context" and "it" lines to have clearer explanations
updates "context" lines to properly describe function input, and "it" lines to describe results
 6 years ago
Eugen Rochko 5e1767173f
Display pending message on admin relays UI (#8494) 
* Add missing specs for relay accept/reject

* Display pending message on admin relays UI
 6 years ago
Jakub Mendyk f3a12ddfd0 Make Api::V1::MutesController paginate properly (#8472) 
Fixes #8463
 6 years ago
Eugen Rochko 22e46ebad8
Add theme identifier to body classes for easier custom CSS styling (#8439) 
Add forgotten custom CSS admin setting strings
 6 years ago
Eugen Rochko 2f34b747b3
Allow mods to disable login, improve message when login disabled (#8329) 
* Allow moderators to disable/enable login

* Instead of rejecting login, show forbidden error when login disabled

Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.

* Fix tests
 6 years ago
Jakub Mendyk 6cb3514d64 Add ability to change an instance default theme from the administration panel (#7092) (#8381) 
* Add default_settings class method to ScopedSettings

ScopedSettings was extended to use value of unscoped setting instead of
only using defaults set in config/settings.yml for selected settings.
This adds possibility for admins to set default values of users' settings,
for example default theme (as requested in #7092).

* Add ability to change an instance default theme

Closes #7092
 6 years ago
Eugen Rochko 802cf6a4c5
Improve federated ID validation (#8372) 
* Fix URI not being sufficiently validated with prefetched JSON

* Add additional id validation to OStatus documents, when possible
 6 years ago
masarakki 4bdab203ac exclude-other-silenced-accounts (#7528) 6 years ago
Eugen Rochko 2374a00c10
Add confirmation step to account suspensions (#8353) 
* Add confirmation page for suspensions

* Suspension confirmation closes reports, linked from report UI

* Fix tests
 6 years ago
Eugen Rochko 6226aa83d7
Increase reach of Delete->Actor activities (#8305) 
Fix #7316
 6 years ago
Eugen Rochko d010816ba8
Fix error when trying to update counters for statuses that are gone (#8251) 6 years ago
Eugen Rochko 78fa926ed5
Add remote interaction dialog for toots (#8202) 
* Add remote interaction dialog for toots

* Change AuthorizeFollow into AuthorizeInteraction, support statuses

* Update brakeman.ignore

* Adjust how interaction buttons are display on public pages

* Fix tests
 6 years ago
ThibG 59f7f4c923 Implement Undo { Accept { Follow } } (fixes #8234) (#8245) 
* Add Follow#revoke_request!

* Implement Undo { Accept { Follow } } (fixes #8234)
 6 years ago
ThibG af912fb308 Allow accessing local private/DM messages by URL (#8196) 
* Allow accessing local private/DM messages by URL

(Provided the user pasting the URL is authorized to see the toot, obviously)

* Fix SearchServiceSpec tests
 6 years ago
Eugen Rochko aaac14b8ad
Show exact number of followers/statuses on export page/in tooltip (#8199) 
* Show exact number of followers/statuses on export page/in tooltip

* Fix tests
 6 years ago
Eugen Rochko 8e111b753a
Move status counters to separate table, count replies (#8104) 
* Move status counters to separate table, count replies

* Migration to remove old counter columns from statuses table

* Fix schema file
 6 years ago
S.H 2aeeffc3ec Update Rails (#8141) 
* Update Rails

* fix Update Rails
 6 years ago
Eugen Rochko 0dcc1950d1
Update /terms and /about/more to use public layout (#8142) 6 years ago
Eugen Rochko f2404de871
Public profile endorsements (accounts picked by profile owner) (#8146) 6 years ago
Eugen Rochko cc56f2230a
Add separate setting for sidebar text (site_short_description) (#8107) 
* Add separate setting for sidebar text (site_short_description)

* Fix tests
 7 years ago
Eugen Rochko 60df87f6f0
Compensate for scrollbar disappearing when media modal visible (#8100) 
* Compensate for scrollbar disappearing when media modal visible

Make auth pages backgrounds lighter

* Fix typo
 7 years ago
Eugen Rochko e7e577dd6e
Enforce username format for remote users, too (#8102) 
Initially I thought there might be valid reasons for remote users to
have a different, unpredicted username format. However, I now realize
such a difference would be unusable and unexpected within Mastodon.

Fix #8058
 7 years ago
Eugen Rochko bb71538bb5
Redesign public profiles and toots (#8068) 7 years ago