Commit Graph

1206 Commits (b21aa828039610ef1750eff2291821b95da76896)

Author SHA1 Message Date
Eugen Rochko d83faa1a89
Add ability to block sign-ups from IP ()
Claire 726931fe4a
Fix /api/v1/tags/:id route constraints ()
The constraint was applied prior to decoding, and rejected anything containing
the '%' character, which would be used for anything with non-ASCII unicode
characters.
Eugen Rochko c3f0621a59
Add ability to follow hashtags ()
Eugen Rochko e7aa2be828
Change how hashtags are normalized ()
* Change how hashtags are normalized

* Fix tests
Eugen Rochko 44b2ee3485
Add customizable user roles ()
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
Claire 02851848e9
Revamp post filtering system ()
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
Claire 35588d09e2
Add /api/v1/admin/domain_allows ()
- `GET /api/v1/admin/domain_allows` lists allowed domains
- `GET /api/v1/admin/domain_allows/:id` shows one by ID
- `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list
  of allowed domains
- `POST /api/v1/admin/domain_allows` to allow a new domain:
  if that domain is already allowed, the existing DomainAllow will be returned
tateisu 47f2ff617d
use Notification::TYPES for api push subscription alerts ()
Claire 327eed0076
Fix suspicious sign-in mails never being sent ()
* Add tests

* Fix suspicious sign-in mails never being sent
Eugen Rochko a2871cd747
Add administrative webhooks ()
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
Claire 28329ba62f
Add /api/v1/admin/domain_blocks ()
* Add /api/v1/admin/domain_blocks

Fixes 

- `GET /api/v1/admin/domain_blocks` lists domain blocks
- `GET /api/v1/admin/domain_blocks/:id` shows one by ID
- `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block
- `POST /api/v1/admin/domain_blocks` to create a new domain block:
  if it conflicts with an existing one, returns an error with
  an attribute `existing_domain_block` with the rendered domain block

* Simplify conflict handling as suggested in review
Eugen Rochko 9f81b9f29a
Fix suspended users being able to access APIs that don't require a user ()
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without `Location` header ()
Claire 440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API ()
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
Eugen Rochko 6cf57c6765
Refactor how Redis locks are created ()
* Refactor how Redis locks are created

* Fix autorelease duration on account deletion lock
Eugen Rochko 2b8dc58b7f
Change RSS feeds ()
* Change RSS feeds

- Use date and time for titles instead of ellipsized text
- Use full content in body, even when there is a content warning
- Use media extensions

* Change feed icons and add width and height attributes to custom emojis

* Fix custom emoji animate on hover breaking

* Fix tests
Claire 9a3be0ad68
Fix error when looking handle with surrounding spaces ()
Eugen Rochko 33f3818d66
Fix double render error when authorizing interaction ()
Eugen Rochko 5a48bf1085
Fix error when trying to revoke OAuth token without supplying a token ()
Claire 66a63d79ea
Fix 500 error when a bookmark or favorite has been reported and deleted ()
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads ()
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
0x2019 012537452a
Fix error resposes for `from` search prefix ()
* Fix error responses in `from` search prefix (addresses )

Using unsupported prefixes now reports a 422; searching for posts from an
account the instance is not aware of reports a 404. TODO: The UI for this
on the front end is abysmal.

Searching `from:username@domain` now succeeds when `domain` is the local
domain; searching `from:@username(@domain)?` now works as expected.

* Remove unused methods on new Error classes as they are not being used

Currently when `raise`d there are error messages being supplied, but
this is not actually being used. The associated `raise`s have been
edited accordingly.

* Remove needless comments

* Satisfy rubocop

* Try fixing tests being unable to find AccountFindingConcern methods

* Satisfy rubocop

* Simplify `from` prefix logic

This incorporates @ClearlyClaire's suggestion (see
https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737).

Accepctable account strings in `from:` clauses are more lenient than
before this commit; for example, `from:@user@example.org@asnteo +cat`
will not error, and return posts by @user@example.org containing the
word "cat". This is more consistent with how Mastodon matches mentions
in statuses. In addition, `from` clauses will not be checked for
syntatically invalid usernames or domain names, simply 404ing when
`Account.find_remote!` raises ActiveRecord::NotFound.

New code for this PR that is no longer used has been removed.
Claire 3906dd67ed
Fix extremely rare race condition when deleting a toot or account ()
Eugen Rochko 8e20e16cf0
Change e-mail notifications to only be sent when recipient is offline ()
* Change e-mail notifications to only be sent when recipient is offline

Change the default for follow and mention notifications back on

* Add preference to always send e-mail notifications

* Change wording
Eugen Rochko 465ee7792f
Fix pagination header on empty trends responses in REST API ()
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in ()
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token ()
Fixes 

Since , the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
Eugen Rochko d116cb7733
Fix `GET /api/v1/trends/tags` missing `offset` param in REST API ()
Claire 894956e20c
Fix /api/v1/admin/accounts ()
* Fix /api/v1/admin/accounts

Compatibility was broken since  which changed the underlying filter class
without changing the controller.

This commits restore support for the old parameters.

* Add /api/v2/admin/accounts with the new parameters

* Add tests

* Add missing filter for `silenced` status

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Eugen Rochko cefa526c6d
Refactor formatter ()
* Refactor formatter

* Move custom emoji pre-rendering logic to view helpers

* Move more methods out of Formatter

* Fix code style issues

* Remove Formatter

* Add inline poll options to RSS feeds

* Remove unused helper method

* Fix code style issues

* Various fixes and improvements

* Fix test
Eugen Rochko e3a2203061
Add offset pagination to trends in REST API ()
Eugen Rochko 67d550830b
Fix locale not being set in REST API ()
Eugen Rochko e6ffbfb5e7
Add `types` param to `GET /api/v1/notifications` in REST API ()
* Add `types` param to `GET /api/v1/notifications` in REST API

* Improve tests
Eugen Rochko bc320d6cec
Fix `POST /api/v1/emails/confirmations` not being available after sign-up ()
Eugen Rochko b2cd34474b
Add rate limit for editing ()
chandrn7 a6ed6845c9
Allow login through OpenID Connect ()
* added OpenID Connect as an SSO option

* minor fixes

* added comments, removed an option that shouldn't be set

* fixed Gemfile.lock

* added newline to end of Gemfile.lock

* removed tab from Gemfile.lock

* remove chomp

* codeclimate changes and small name change to make function's purpose clearer

* codeclimate fix

* added SSO buttons to /about page

* minor refactor

* minor style change

* removed spurious change

* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth

* minor changes
Eugen Rochko bd53dd5210
Change design of federation pages in admin UI ()
* Change design of federation pages in admin UI

* Fix query performance in instance media attachments measure

* Fix reblogs being included in instance languages dimension
Eugen Rochko 8f6c67bfde
Fix performance of account timelines ()
* Fix performance of account timelines

* Various fixes and improvements

* Fix duplicate results being returned

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix grouping for pinned statuses scope

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Eugen Rochko edf09ec747
Add `/api/v1/accounts/familiar_followers` to REST API ()
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Eugen Rochko 2ea754b861
Fix duplicate notifications being possible after poll expiration ()
Claire ff43e54a49
Allow editing media attachments for scheduled toots ()
Fixes 
Eugen Rochko 631e495a79
Change `follow` scope to be covered by `read` and `write` scopes in REST API ()
Deprecate `follow` scope
Eugen Rochko e24b14cc74
Fix leak of existence of otherwise inaccessible statuses in REST API ()
Eugen Rochko 02b8d63fce
Fix report category not being saved in REST API ()
Eugen Rochko 25d3dc4373
Add ability to mark statuses as sensitive from reports in admin UI ()
* Add ability to mark statuses as sensitive from reports in admin UI

* Allow mark as sensitive action on statuses with preview cards
Claire 14919fe11e
Change old moderation strikes to be displayed in a separate page ()
* Change old moderation strikes to be displayed in a separate page

Fixes 

This changes the moderation strikes displayed on `/auth/edit` to be those from
the past 3 months, and make all moderation strikes targeting the current user
available in `/disputes`.

* Add short description of what the strikes page is for

* Move link to list of strikes to “Account status” instead of navigation item

* Normalize i18n file

* Fix layout and styling of strikes link

* Revert highlights_on regexp

* Reintroduce account status summary

- this way, “Account status” is never empty
- account status is not necessarily bound to strikes, or recent strikes
Eugen Rochko 50ea54b3ed
Change authorized applications page ()
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
Claire 6aef76b5cd
Fix error when a MX is shared across blocked domains ()
Eugen Rochko 27965ce5ed
Add trending statuses ()
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
Eugen Rochko a29a982eaa
Change e-mail domain blocks to block IPs dynamically ()
* Change e-mail domain blocks to block IPs dynamically

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>