Commit Graph

1541 Commits (1b839d2cbab2acf6730c73ee7250c4f436cf8489)

Author SHA1 Message Date
Claire b4e739ff0f
Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2 years ago
Matt Jankowski 50ff3d3342
Coverage for `Auth::OmniauthCallbacks` controller (#26147) 2 years ago
Claire b629e21515
Fix unexpected redirection to /explore after sign-in (#26143) 2 years ago
Christian Schmidt 4c18928a93
Wrong count in response when removing favourite/reblog (#24365)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire 943f27f437
Remove unfollowed hashtag posts from home feed (#26028) 2 years ago
Claire 41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 2 years ago
Eugen Rochko 8d0c69529a
Change markers API to use a replica (#25851) 2 years ago
Eugen Rochko fdc3ff7c2d
Change notifications API to use a replica (#25874) 2 years ago
Matt Jankowski 2e1391fdd2
Fix `Naming/MemoizedInstanceVariableName` cop (#25928) 2 years ago
Matt Jankowski 5134fc65e2
Fix `Naming/AccessorMethodName` cop (#25924) 2 years ago
Claire c27b82a437
Add `forward_to_domains` parameter to `POST /api/v1/reports` (#25866) 2 years ago
Kurtis Rainbolt-Greene e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter (#25693)
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
2 years ago
Daniel M Brasil 383c00819c
Fix `/api/v2/search` not working with following query param (#25681) 2 years ago
Claire e6a8faae81
Add users index on unconfirmed_email (#25672) 2 years ago
Claire 180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2 years ago
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in `/api/v1/emails/check_confirmation` (#25595) 2 years ago
Matt Jankowski 683ba5ecb1
Fix rails `rewhere` deprecation warning in directories api controller (#25625) 2 years ago
Claire 1d622c8033
Add POST /api/v1/conversations/:id/unread (#25509) 2 years ago
Claire a5b6f6da80
Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2 years ago
Claire 602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2 years ago
Claire fd23f50243
Fix wrong view being displayed when a webhook fails validation (#25464) 2 years ago
Daniel M Brasil b9bc9d0bda
Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) 2 years ago
Eugen Rochko f20698000f
Fix always redirecting to onboarding in web UI (#25396) 2 years ago
Claire ec59166844
Fix ArgumentError when loading newer Private Mentions (#25399) 2 years ago
Eugen Rochko bca649ba79
Change edit profile page (#25413) 2 years ago
Eugen Rochko 39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow (#25395) 2 years ago
Eugen Rochko 6637ef7852
Add unsubscribe link to e-mails (#25378) 2 years ago
Eugen Rochko 4c9406bdb0
Add time zone preference (#25342) 2 years ago
Matt Jankowski 75e299f440
Remove unused `redis_info` method Admin::Dashboard (#25345) 2 years ago
Eugen Rochko 4eda233e09
Add webhook templating (#23289)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Darius Kazemi bacb674921
Add exclusive lists (#22048)
Co-authored-by: Liam Cooke <liam@liamcooke.com>
Co-authored-by: John Holdun <john@johnholdun.com>
Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Lina Reyne <git@lina.pizza>
Co-authored-by: Lina <20880695+necropolina@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Matt Jankowski 0daf78f903
Add `allow_other_host: true` to backups controller (#25266) 2 years ago
Claire 8884d1ece0
Add support for importing lists (#25203) 2 years ago
Claire e9385e93e9
Add a confirmation screen when suspending a domain (#25144) 2 years ago
Claire 2b45fecde1
Fix multiple N+1s in ConversationsController (#25134) 2 years ago
Claire 9017df7178
Remove dead code in Api::V1::FeaturedTagsController (#25073) 2 years ago
Claire fea0830614
Remove invalid X-Frame-Options: ALLOWALL (#25070) 2 years ago
Daniel M Brasil 785e650ab4
Fix uncaught TypeError in POST `/api/v1/featured_tags` (#25072)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Daniel M Brasil 45d98959ac
Fix uncaught NoMethodError in POST `/api/v1/featured_tags` (#25063) 2 years ago
Claire e13d2edd47
Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2 years ago
Daniel M Brasil ce8b5899ae
Fix POST `/api/v1/admin/domain_allows` returning 200 when no domain is specified (#24958) 2 years ago
Frankie Roberto 36a77748b4
Order sessions by most-recent to least-recently updated (#25005) 2 years ago
Claire 45ba9ada34
Fix race condition when reblogging a status (#25016) 2 years ago
Claire bec6a1cad4
Add hCaptcha support (#25019) 2 years ago
Claire e60414792d
Add polling and automatic redirection to `/start` on email confirmation (#25013) 2 years ago
Daniel M Brasil 433ab0c9a3
Fix uncaught NoMethodError error in `/api/v1/admin/canonical_email_blocks/test` (#24947)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
zunda c0ea33e3fc
Make it possible to upload audio and video to Heroku app (#24866) 2 years ago
Nick Schonning 569b39256b
Bump rubocop-rails 2.19.1 with update .rubocop_todo.yml (#24469) 2 years ago
Nick Schonning d5a185d721
Autofix Rubocop Style/CaseLikeIf (#23756) 2 years ago
Matt Jankowski 08fb9d300a
Spec coverage for settings/preferences/* controllers (#24825) 2 years ago
Matt Jankowski 668a19a2f3
Fix Performance/DeletePrefix cop (#24796) 2 years ago
Matt Jankowski f1c1dd0118
Rename `with_lock` to `with_redis_lock` to avoid confusion with ActiveRecord's method (#24741) 2 years ago
Claire 9189e90ff2
Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2 years ago
Claire 32a030dd74
Rewrite import feature (#21054) 2 years ago
Matt Jankowski 6e226f5a32
Fix Rails/ActionOrder cop (#24692) 2 years ago
Claire faa336e3f7
Change logged-out WebUI HTML pages to be cached for a few seconds (#24708) 2 years ago
Claire 1c61869eed
Fix /api/v1/custom_emojis being cached even when unauthenticated API access is disallowed (#24665) 2 years ago
Claire b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662) 2 years ago
Claire 62ab7506d6
Fix /actor needlessly reading session cookie and varying on Signature (#24664) 2 years ago
Claire 1419f90ef2
Fix some user-independent endpoints potentially reading session cookies (#24650) 2 years ago
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584) 2 years ago
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2 years ago
Claire e9a79d46cd
Fix crash when SSO_ACCOUNT_SETTINGS is not defined (#24628) 2 years ago
Matt Jankowski 0a5f0a8b20
Remove instance variables from helper usage (#24203) 2 years ago
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2 years ago
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347) 2 years ago
Robert R George 4db8230194
Add trend management to admin API (#24257) 2 years ago
Eugen Rochko e5c0b16735
Add progress indicator to sign-up flow (#24545) 2 years ago
Matt Jankowski d193bc8c5c
Remove unused methods in 2FA OTP Auth Controller (#24220) 2 years ago
Claire 9d08b81193
Fix user archive takeouts when using OpenStack Swift (#24431) 2 years ago
Claire 280fa3b2c0
Fix invalid/expired invites being processed on sign-up (#24337) 2 years ago
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2 years ago
Matt Jankowski 0663803348
Move link header setting to after_action (#24251) 2 years ago
Matt Jankowski e633b26f4f
Add allow_other_host in redirects which may go outside app (#24252) 2 years ago
Claire 2626097869
Fix Rails cache namespace being overriden with `v2` for cached statuses (#24202) 2 years ago
Matt Jankowski 7bef11630d
Remove references to non-existent actions (#24183) 2 years ago
Jean byroot Boussier 160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2 years ago
CSDUMMI d75a1e5054
Link to the Identity provider's account settings from the account settings (#24100)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Eugen Rochko 75e5a6e437
Change user backups to use expiring URLs for download when possible (#24136) 2 years ago
Christian Schmidt bd047acc35
Replace `Status#translatable?` with language matrix in separate endpoint (#24037) 2 years ago
Nick Schonning 25d36b6edd
Autofix Rubocop Style/RedundantArgument (#23798) 2 years ago
Claire a232a1feb8
Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2 years ago
CSDUMMI 39c7236649
Redirect users to SLO at the IdP after logging them out of Mastodon. (#24020) 2 years ago
CSDUMMI d258ec8e3b
Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073) 2 years ago
Claire f8bb4d0d6b
Fix server error when failing to follow back followers from `/relationships` (#23787) 2 years ago
Claire c2a046ded1
Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2 years ago
Nick Schonning 434770f580
Autofix Rubocop Rails/FindById (#23762) 2 years ago
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2 years ago
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2 years ago
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin (#23703) 2 years ago
Nick Schonning c38bd17657
Autofix Rubocop Style/TrailingCommaInArguments (#23694) 2 years ago
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2 years ago
Nick Schonning a6f77aa28a
Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#23681) 2 years ago
Claire d6930b3847
Add API parameter to safeguard unexpect mentions in new posts (#18350) 2 years ago
Claire 832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections (#23460) 2 years ago
Nick Schonning f68bb52556
Apply Rubocop Style/NegatedIfElseCondition (#23451) 2 years ago
Nick Schonning 2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument (#23443)
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
2 years ago
Claire 20a479ff7c
Change `POST /settings/applications/:id` to regenerate token on scopes change (#23359)
Fixes #23096
2 years ago
Eugen Rochko 21780c0204
Change notifications per page from 15 to 40 in REST API (#23348) 2 years ago
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification (#21617)
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2 years ago
Claire 343e1fe8e9
Add confirmation screen when handling reports (#22375)
* Add confirmation screen on moderation actions

* Add flash notice when a report has been processed

* Refactor tests

* Add tests
2 years ago
Claire 4b92e59f4f
Add support for editing media description and focus point of already-posted statuses (#20878)
* Add backend support for editing media attachments of existing posts

* Allow editing media attachments of already-posted toots

* Add tests
2 years ago
Claire b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer (#18943)
* Fix /api/v1/admin/trends/tags using wrong serializer

Fix regression from #18641

* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`

* Fix admin trending hashtag component to not link if `id` is unknown
2 years ago
Claire fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists (#21470)
* Change domain block CSV parsing to be more robust and handle more lists

* Add some tests

* Improve domain block import validation and reporting
2 years ago
Carl Schwan f33e22ae4c
Allow changing hide_collections setting with the api (#22790)
* Allow changing hide_collections setting with the api

This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers

* Fix the lint issue

* Use normal indent
2 years ago
Claire aefefc74c4
Change referrer-policy to no-referrer application-wide (#23014) 2 years ago
Claire 18d00055f4
Add dropdown menu item to open admin interface for remote domains (#21895)
* Allow /admin/instances/:domain to handle IDNs

* Add dropdown menu item to open admin interface for remote domains
2 years ago
Claire 42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts (#22497)
Fixes #22262
2 years ago
Claire 8556a649d5
Fix changing domain block severity not undoing individual account effects (#22135)
* Fix changing domain block severity not undoing individual account effects

Fixes #22133

* Add tests
2 years ago
David Vega 1b5d207131
Fix single name variables on controller folder (#20092)
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
Claire 623d3d2e32
Change CSP directives on API to be tight and concise (#20960) 2 years ago
nametoolong 63b379c2d9
Fix N+1 queries from in NotificationsController (#21202)
Co-authored-by: Nonexistent <nx@example.org>
2 years ago
Effy Elden 441cac758f
Allow adding relays while secure mode & limited federation mode are enabled (#22324) 2 years ago
Francis Murillo 5fb1c3e934
Revoke all authorized applications on password reset (#21325)
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
Francis Murillo f6492a7c4d
Log admin approve and reject account (#22088)
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2 years ago
Claire 69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters (#21988)
Fixes #21965
2 years ago
Claire 68d1df8bc3
Fix some performance issues with /admin/instances (#21907)
/admin/instances?availability=failing remains wholly unefficient
2 years ago
Claire 51a33ce77a
Fix not being able to follow more than one hashtag (#21285)
Fixes regression from #20860
2 years ago
Claire 48e136605a
Fix form-action CSP directive for external login (#20962) 2 years ago
Claire 4ae97a2e4c
Fix OAuth flow being broken by recent CSP change (#20958) 2 years ago
lenore gilbert c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597)
* Allow import/export of instance-level domain blocks/allows (#1754)

* Allow import/export of instance-level domain blocks/allows.
Fixes #15095

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit 94e98864e3)

* Add confirmation page when importing blocked domains (#1773)

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit b91196f4b7)

* Fix authorization check in domain blocks controller

(cherry picked from commit 7527937758)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 9094c2f52c)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 26ff48ee48)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire cbb0153bd0
Fix invalid/empty RSS feed link on account pages (#20772)
Fixes #20770
2 years ago
trwnh 7fdeed5fbc
Make tag following idempotent (#20860) 2 years ago
Claire 00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users (#20774)
Fixes #20550
2 years ago
trwnh e1f819fd78
Fix pagination of followed tags (#20861)
* Fix missing pagination headers on followed tags

* Fix typo
2 years ago
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2 years ago
trwnh b59ce0a60f
Move V2 Filter methods under /api/v2 prefix (#20622)
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2 years ago
Eugen Rochko b31afc6294
Fix error when passing unknown filter param in REST API (#20626)
Fix #19156
2 years ago
Eugen Rochko 167d86d21d
Fix `role_ids` not accepting arrays in admin API (#20625)
Fix #19157
2 years ago
Claire 86f6631d28
Remove dead code and refactor status threading code (#20357)
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2 years ago
Claire 1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits (#20355) 2 years ago
James Tucker 78a6b871fe
Improve performance by avoiding regex construction (#20215)
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2 years ago
Eugen Rochko 0cd0786aef
Revert filtering public timelines by locale by default (#20294) 2 years ago
trwnh 89e1974f30
Make account endorsements idempotent (fix #19045) (#20118)
* Make account endorsements idempotent (fix #19045)

* Accept suggestion to use exists? instead of find_by + nil check

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* fix logic (unless, not if)

* switch to using `find_or_create_by!`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2 years ago
trwnh 68d9dcd425
Fix uncaught 500 error on invalid `replies_policy` (Fix #19097) (#20126) 2 years ago
Claire 1e1289b024
Fix crash when external auth provider has no display_name set (#19962)
Fixes #19913
2 years ago
Claire 4cb2323458
Fix crash in legacy filter creation controller (#19878) 2 years ago
Eugen Rochko 3a41fccc43
Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803)
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2 years ago
Claire c2170991c7
Fix reblogs being discarded after the reblogged status (#19731) 2 years ago
Claire 125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails (#19674)
Fixes #19593
2 years ago
Eugen Rochko 15bae3e0e4
Change post-processing to be deferred only for large media types (#19617) 2 years ago
Claire bb1ef11c30
Change featured hashtag deletion to be done synchronously (#19590) 2 years ago
Eugen Rochko 26478f461c
Remove language filtering from hashtag timelines (#19563) 2 years ago
Claire a529d6d93e
Fix invites (#19560)
Fixes #19507

Fix regression from #19296
2 years ago
Eugen Rochko 276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete (#19479)
Fix #19153
2 years ago
Eugen Rochko 5724da0780
Fix language not being saved when editing status (#19543)
Fix #19542
2 years ago
Eugen Rochko 3e18e05330
Fix uncaught error when invalid date is supplied to API (#19480)
Fix #19213
2 years ago
Eugen Rochko f8ca3bb2a1
Add ability to view previous edits of a status in admin UI (#19462)
* Add ability to view previous edits of a status in admin UI

* Change moderator access to posts to be controlled by a separate policy
2 years ago
Eugen Rochko 1ae508bf2f
Change unauthenticated search to not support pagination in REST API (#19326)
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2 years ago
Eugen Rochko 487d81fb92
Fix IP blocks not having a unique index (#19456) 2 years ago
Yamagishi Kazutoshi 45d3b32488
Fix `Settings::FeaturedTagsController` (#19418)
Regression from #19409
2 years ago
Takeshi Umeda 74ead7d106
Change featured tag updates to add/remove activity (#19409)
* Change featured tag updates to add/remove activity

* Fix to check for the existence of feature tag

* Rename service and worker

* Merge AddHashtagSerializer with AddSerializer

* Undo removal of sidekiq_options
2 years ago
Eugen Rochko 7c152acb2c
Change settings area to be separated into categories in admin UI (#19407)
And update all descriptions
2 years ago
Eugen Rochko 839f893168
Change public accounts pages to mount the web UI (#19319)
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2 years ago
Takeshi Umeda b0e3f0312c
Add synchronization of remote featured tags (#19380)
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2 years ago
prplecake c618d3a0a5
Make "No $entity selected" errors more accurate (#19356)
Previously all controllers would use the single "No accounts changed as
none were selected" message. This commit changes them to read "tags",
"posts", "emojis", etc. where necessary.
2 years ago
Eugen Rochko 1bd00036c2
Change about page to be mounted in the web UI (#19345) 2 years ago
Eugen Rochko 45ebdb72ca
Add support for language preferences for trending statuses and links (#18288) 2 years ago
Eugen Rochko a2ba011326
Change privacy policy to be rendered in web UI, add REST API (#19310)
Source string no longer localized, Markdown instead of raw HTML
2 years ago
Eugen Rochko 93f340a4bf
Remove setting that disables account deletes (#17683) 2 years ago
Eugen Rochko 62782babd0
Change public statuses pages to mount the web UI (#19301) 2 years ago
Eugen Rochko 58d5b28cb0
Remove previous landing page (#19300) 2 years ago
Eugen Rochko 679274465b
Add server rules to sign-up flow (#19296) 2 years ago
Eugen Rochko 9f65909f42
Change public timelines to be filtered by current locale by default (#19291)
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2 years ago
Eugen Rochko d2528b26b6
Add server banner to web app, add `GET /api/v2/instance` to REST API (#19294) 2 years ago
Claire cedcece0cc
Fix deleted pinned posts potentially counting towards the pinned posts limit (#19005)
Fixes #18938
2 years ago
Eugen Rochko 02ba9cfa35
Remove code for rendering public and hashtag timelines outside the web UI (#19257) 2 years ago
Eugen Rochko 36f4c32a38
Change path of privacy policy page (#19249) 2 years ago
Eugen Rochko 43b5d5e38d
Add logged-out access to the web UI (#18961) 2 years ago
Eugen Rochko 0d6b878808
Add user content translations with configurable backends (#19218) 2 years ago
Claire 8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors (#19212)
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account

* Refactor SignatureVerification to allow non-Account actors

* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors

* Refactor inbound ActivityPub payload processing to accept non-Account actors

* Refactor inbound ActivityPub processing to accept activities relayed through non-Account

* Refactor how Account key URIs are built

* Refactor Request and drop unused key_id_format parameter

* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2 years ago
Claire 84aff598ea
Fix typo in SignatureVerification (#19209)
Fix regression from #15605
2 years ago
Eugen Rochko 50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2 years ago
Claire 1145dbd327
Improve error reporting and logging when processing remote accounts (#15605)
* Add a more descriptive PrivateNetworkAddressError exception class

* Remove unnecessary exception class to rescue clause

* Remove unnecessary include to JsonLdHelper

* Give more neutral error message when too many webfinger redirects

* Remove unnecessary guard condition

* Rework how “ActivityPub::FetchRemoteAccountService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).

* Rework how “ActivityPub::FetchRemoteKeyService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).

* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error

* Add suppress_errors option to ResolveAccountService

Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.

* Return more precise error when failing to fetch account signing AP payloads

* Add tests

* Fixes

* Refactor error handling a bit

* Fix various issues

* Add specific error when provided Digest is not 256 bits of base64-encoded data

* Please CodeClimate

* Improve webfinger error reporting
2 years ago
Claire 2750a7a0e6
Fix REST API sometimes returning HTML on error (#19135)
Fixes #19115
2 years ago
Eugen Rochko c57907737a
Change search API to be accessible without being logged in (#18963)
But with the resolve option turned off
2 years ago
Eugen Rochko c99c106ef0
Change following and followers API to be accessible without being logged in (#18964) 2 years ago
Eugen Rochko 2a7766dcc9
Add admin API for managing e-mail domain blocks (#19066) 2 years ago
Eugen Rochko c556c3a0d1
Add admin API for managing canonical e-mail blocks (#19067) 2 years ago
Eugen Rochko b399d79545
Add admin API for managing IP blocks (#19065) 2 years ago
Eugen Rochko 0b3e4fd5de
Remove digest e-mails (#17985)
* Remove digest e-mails

* Remove digest-related code
2 years ago
Eugen Rochko 5b0e8cc92b
Add ability to select all accounts matching search for batch actions (#19053) 2 years ago
Eugen Rochko 0396acf39e
Add audit log entries for user roles (#19040)
* Refactor audit log schema

* Add audit log entries for user roles
2 years ago
Claire 50487db122
Add ability to filter individual posts (#18945)
* Add database table for status-specific filters

* Add REST endpoints, entities and attributes

* Show status filters in /filters interface

* Perform server-side filtering for individual posts filters

* Fix filtering on context mismatch

* Refactor `toServerSideType` by moving it to its own module

* Move loupe and delete icons to their own module

* Add ability to filter individual posts from WebUI

* Replace keyword list by warnings (expired, context mismatch)

* Refactor server-side filtering code

* Add tests
2 years ago
Eugen Rochko d83faa1a89
Add ability to block sign-ups from IP (#19037) 2 years ago
Claire 726931fe4a
Fix /api/v1/tags/:id route constraints (#18854)
The constraint was applied prior to decoding, and rejected anything containing
the '%' character, which would be used for anything with non-ASCII unicode
characters.
3 years ago
Eugen Rochko c3f0621a59
Add ability to follow hashtags (#18809) 3 years ago
Eugen Rochko e7aa2be828
Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
3 years ago
Eugen Rochko 44b2ee3485
Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
3 years ago
Claire 02851848e9
Revamp post filtering system (#18058)
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
3 years ago
Claire 35588d09e2
Add /api/v1/admin/domain_allows (#18668)
- `GET /api/v1/admin/domain_allows` lists allowed domains
- `GET /api/v1/admin/domain_allows/:id` shows one by ID
- `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list
  of allowed domains
- `POST /api/v1/admin/domain_allows` to allow a new domain:
  if that domain is already allowed, the existing DomainAllow will be returned
3 years ago
tateisu 47f2ff617d
use Notification::TYPES for api push subscription alerts (#18709) 3 years ago
Claire 327eed0076
Fix suspicious sign-in mails never being sent (#18599)
* Add tests

* Fix suspicious sign-in mails never being sent
3 years ago
Eugen Rochko a2871cd747
Add administrative webhooks (#18510)
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
3 years ago
Claire 28329ba62f
Add /api/v1/admin/domain_blocks (#18247)
* Add /api/v1/admin/domain_blocks

Fixes #18140

- `GET /api/v1/admin/domain_blocks` lists domain blocks
- `GET /api/v1/admin/domain_blocks/:id` shows one by ID
- `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block
- `POST /api/v1/admin/domain_blocks` to create a new domain block:
  if it conflicts with an existing one, returns an error with
  an attribute `existing_domain_block` with the rendered domain block

* Simplify conflict handling as suggested in review
3 years ago
Eugen Rochko 9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524) 3 years ago
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without `Location` header (#18523) 3 years ago
Claire 440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
3 years ago
Eugen Rochko 6cf57c6765
Refactor how Redis locks are created (#18400)
* Refactor how Redis locks are created

* Fix autorelease duration on account deletion lock
3 years ago