Commit Graph

1606 Commits (d58173e45bf0fdf5a6015d40eb88c313a3d99e5c)

Author SHA1 Message Date
Claire 25bf640629
Add debug logging on signature verification failure (#26637) 1 year ago
Lukas Martini a7d96e6aff
Improve error messages when DeepL quota is exceeded (#26704) 1 year ago
jsgoldstein 30c191aaa0
Add new public status index (#26344)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
1 year ago
Claire 191d302b7f
Refactor `Api::V1::ProfilesController` into two separate controllers (#26573) 1 year ago
Daniel M Brasil d24a87ce4f
Add ability to delete avatar or header picture via the API (#25124)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
1 year ago
Claire cc4560d95b
Change “privacy and reach” settings so that unchecking boxes always increase privacy and checking them always increase reach (#26508) 1 year ago
Claire fc5ab2dc83
Add privacy tab in profile settings (#26484)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
1 year ago
Claire b12d75ef4f
Fix blocking subdomains of an already-blocked domain (#26392) 1 year ago
Claire 8b37dd2c86
Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388) 1 year ago
CSDUMMI 120f5802c0
Add direct link to the Single-Sign On provider if there is only one sign up method available (#26083) 1 year ago
Daniel M Brasil 3a4d3e9d4b
Add `GET /api/v1/instance/languages` to REST API (#24443)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
1 year ago
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 1 year ago
Christian Schmidt ca342d4838
Add List-Unsubscribe email header (#26085) 1 year ago
Claire 6c39125761
Change /api/v1/peers/search to be case-insensitive when using Elasticsearch (#26268) 1 year ago
Misty De Méo 12a6cf569e
Storage: add :azure to remaining callers (#26080) 1 year ago
Claire b4e739ff0f
Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
1 year ago
Matt Jankowski 50ff3d3342
Coverage for `Auth::OmniauthCallbacks` controller (#26147) 1 year ago
Claire b629e21515
Fix unexpected redirection to /explore after sign-in (#26143) 1 year ago
Christian Schmidt 4c18928a93
Wrong count in response when removing favourite/reblog (#24365)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
1 year ago
Claire 943f27f437
Remove unfollowed hashtag posts from home feed (#26028) 1 year ago
Claire 41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 1 year ago
Eugen Rochko 8d0c69529a
Change markers API to use a replica (#25851) 1 year ago
Eugen Rochko fdc3ff7c2d
Change notifications API to use a replica (#25874) 1 year ago
Matt Jankowski 2e1391fdd2
Fix `Naming/MemoizedInstanceVariableName` cop (#25928) 1 year ago
Matt Jankowski 5134fc65e2
Fix `Naming/AccessorMethodName` cop (#25924) 1 year ago
Claire c27b82a437
Add `forward_to_domains` parameter to `POST /api/v1/reports` (#25866) 1 year ago
Kurtis Rainbolt-Greene e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter (#25693)
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
1 year ago
Daniel M Brasil 383c00819c
Fix `/api/v2/search` not working with following query param (#25681) 2 years ago
Claire e6a8faae81
Add users index on unconfirmed_email (#25672) 2 years ago
Claire 180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2 years ago
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in `/api/v1/emails/check_confirmation` (#25595) 2 years ago
Matt Jankowski 683ba5ecb1
Fix rails `rewhere` deprecation warning in directories api controller (#25625) 2 years ago
Claire 1d622c8033
Add POST /api/v1/conversations/:id/unread (#25509) 2 years ago
Claire a5b6f6da80
Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2 years ago
Claire 602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2 years ago
Claire fd23f50243
Fix wrong view being displayed when a webhook fails validation (#25464) 2 years ago
Daniel M Brasil b9bc9d0bda
Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) 2 years ago
Eugen Rochko f20698000f
Fix always redirecting to onboarding in web UI (#25396) 2 years ago
Claire ec59166844
Fix ArgumentError when loading newer Private Mentions (#25399) 2 years ago
Eugen Rochko bca649ba79
Change edit profile page (#25413) 2 years ago
Eugen Rochko 39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow (#25395) 2 years ago
Eugen Rochko 6637ef7852
Add unsubscribe link to e-mails (#25378) 2 years ago
Eugen Rochko 4c9406bdb0
Add time zone preference (#25342) 2 years ago
Matt Jankowski 75e299f440
Remove unused `redis_info` method Admin::Dashboard (#25345) 2 years ago
Eugen Rochko 4eda233e09
Add webhook templating (#23289)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Darius Kazemi bacb674921
Add exclusive lists (#22048)
Co-authored-by: Liam Cooke <liam@liamcooke.com>
Co-authored-by: John Holdun <john@johnholdun.com>
Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Lina Reyne <git@lina.pizza>
Co-authored-by: Lina <20880695+necropolina@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Matt Jankowski 0daf78f903
Add `allow_other_host: true` to backups controller (#25266) 2 years ago
Claire 8884d1ece0
Add support for importing lists (#25203) 2 years ago
Claire e9385e93e9
Add a confirmation screen when suspending a domain (#25144) 2 years ago
Claire 2b45fecde1
Fix multiple N+1s in ConversationsController (#25134) 2 years ago
Claire 9017df7178
Remove dead code in Api::V1::FeaturedTagsController (#25073) 2 years ago
Claire fea0830614
Remove invalid X-Frame-Options: ALLOWALL (#25070) 2 years ago
Daniel M Brasil 785e650ab4
Fix uncaught TypeError in POST `/api/v1/featured_tags` (#25072)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Daniel M Brasil 45d98959ac
Fix uncaught NoMethodError in POST `/api/v1/featured_tags` (#25063) 2 years ago
Claire e13d2edd47
Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2 years ago
Daniel M Brasil ce8b5899ae
Fix POST `/api/v1/admin/domain_allows` returning 200 when no domain is specified (#24958) 2 years ago
Frankie Roberto 36a77748b4
Order sessions by most-recent to least-recently updated (#25005) 2 years ago
Claire 45ba9ada34
Fix race condition when reblogging a status (#25016) 2 years ago
Claire bec6a1cad4
Add hCaptcha support (#25019) 2 years ago
Claire e60414792d
Add polling and automatic redirection to `/start` on email confirmation (#25013) 2 years ago
Daniel M Brasil 433ab0c9a3
Fix uncaught NoMethodError error in `/api/v1/admin/canonical_email_blocks/test` (#24947)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
zunda c0ea33e3fc
Make it possible to upload audio and video to Heroku app (#24866) 2 years ago
Nick Schonning 569b39256b
Bump rubocop-rails 2.19.1 with update .rubocop_todo.yml (#24469) 2 years ago
Nick Schonning d5a185d721
Autofix Rubocop Style/CaseLikeIf (#23756) 2 years ago
Matt Jankowski 08fb9d300a
Spec coverage for settings/preferences/* controllers (#24825) 2 years ago
Matt Jankowski 668a19a2f3
Fix Performance/DeletePrefix cop (#24796) 2 years ago
Matt Jankowski f1c1dd0118
Rename `with_lock` to `with_redis_lock` to avoid confusion with ActiveRecord's method (#24741) 2 years ago
Claire 9189e90ff2
Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2 years ago
Claire 32a030dd74
Rewrite import feature (#21054) 2 years ago
Matt Jankowski 6e226f5a32
Fix Rails/ActionOrder cop (#24692) 2 years ago
Claire faa336e3f7
Change logged-out WebUI HTML pages to be cached for a few seconds (#24708) 2 years ago
Claire 1c61869eed
Fix /api/v1/custom_emojis being cached even when unauthenticated API access is disallowed (#24665) 2 years ago
Claire b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662) 2 years ago
Claire 62ab7506d6
Fix /actor needlessly reading session cookie and varying on Signature (#24664) 2 years ago
Claire 1419f90ef2
Fix some user-independent endpoints potentially reading session cookies (#24650) 2 years ago
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584) 2 years ago
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2 years ago
Claire e9a79d46cd
Fix crash when SSO_ACCOUNT_SETTINGS is not defined (#24628) 2 years ago
Matt Jankowski 0a5f0a8b20
Remove instance variables from helper usage (#24203) 2 years ago
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2 years ago
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347) 2 years ago
Robert R George 4db8230194
Add trend management to admin API (#24257) 2 years ago
Eugen Rochko e5c0b16735
Add progress indicator to sign-up flow (#24545) 2 years ago
Matt Jankowski d193bc8c5c
Remove unused methods in 2FA OTP Auth Controller (#24220) 2 years ago
Claire 9d08b81193
Fix user archive takeouts when using OpenStack Swift (#24431) 2 years ago
Claire 280fa3b2c0
Fix invalid/expired invites being processed on sign-up (#24337) 2 years ago
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2 years ago
Matt Jankowski 0663803348
Move link header setting to after_action (#24251) 2 years ago
Matt Jankowski e633b26f4f
Add allow_other_host in redirects which may go outside app (#24252) 2 years ago
Claire 2626097869
Fix Rails cache namespace being overriden with `v2` for cached statuses (#24202) 2 years ago
Matt Jankowski 7bef11630d
Remove references to non-existent actions (#24183) 2 years ago
Jean byroot Boussier 160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2 years ago
CSDUMMI d75a1e5054
Link to the Identity provider's account settings from the account settings (#24100)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Eugen Rochko 75e5a6e437
Change user backups to use expiring URLs for download when possible (#24136) 2 years ago
Christian Schmidt bd047acc35
Replace `Status#translatable?` with language matrix in separate endpoint (#24037) 2 years ago
Nick Schonning 25d36b6edd
Autofix Rubocop Style/RedundantArgument (#23798) 2 years ago
Claire a232a1feb8
Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2 years ago
CSDUMMI 39c7236649
Redirect users to SLO at the IdP after logging them out of Mastodon. (#24020) 2 years ago
CSDUMMI d258ec8e3b
Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073) 2 years ago
Claire f8bb4d0d6b
Fix server error when failing to follow back followers from `/relationships` (#23787) 2 years ago
Claire c2a046ded1
Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2 years ago
Nick Schonning 434770f580
Autofix Rubocop Rails/FindById (#23762) 2 years ago
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2 years ago
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2 years ago
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin (#23703) 2 years ago
Nick Schonning c38bd17657
Autofix Rubocop Style/TrailingCommaInArguments (#23694) 2 years ago
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2 years ago
Nick Schonning a6f77aa28a
Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#23681) 2 years ago
Claire d6930b3847
Add API parameter to safeguard unexpect mentions in new posts (#18350) 2 years ago
Claire 832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections (#23460) 2 years ago
Nick Schonning f68bb52556
Apply Rubocop Style/NegatedIfElseCondition (#23451) 2 years ago
Nick Schonning 2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument (#23443)
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
2 years ago
Claire 20a479ff7c
Change `POST /settings/applications/:id` to regenerate token on scopes change (#23359)
Fixes #23096
2 years ago
Eugen Rochko 21780c0204
Change notifications per page from 15 to 40 in REST API (#23348) 2 years ago
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification (#21617)
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2 years ago
Claire 343e1fe8e9
Add confirmation screen when handling reports (#22375)
* Add confirmation screen on moderation actions

* Add flash notice when a report has been processed

* Refactor tests

* Add tests
2 years ago
Claire 4b92e59f4f
Add support for editing media description and focus point of already-posted statuses (#20878)
* Add backend support for editing media attachments of existing posts

* Allow editing media attachments of already-posted toots

* Add tests
2 years ago
Claire b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer (#18943)
* Fix /api/v1/admin/trends/tags using wrong serializer

Fix regression from #18641

* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`

* Fix admin trending hashtag component to not link if `id` is unknown
2 years ago
Claire fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists (#21470)
* Change domain block CSV parsing to be more robust and handle more lists

* Add some tests

* Improve domain block import validation and reporting
2 years ago
Carl Schwan f33e22ae4c
Allow changing hide_collections setting with the api (#22790)
* Allow changing hide_collections setting with the api

This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers

* Fix the lint issue

* Use normal indent
2 years ago
Claire aefefc74c4
Change referrer-policy to no-referrer application-wide (#23014) 2 years ago
Claire 18d00055f4
Add dropdown menu item to open admin interface for remote domains (#21895)
* Allow /admin/instances/:domain to handle IDNs

* Add dropdown menu item to open admin interface for remote domains
2 years ago
Claire 42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts (#22497)
Fixes #22262
2 years ago
Claire 8556a649d5
Fix changing domain block severity not undoing individual account effects (#22135)
* Fix changing domain block severity not undoing individual account effects

Fixes #22133

* Add tests
2 years ago
David Vega 1b5d207131
Fix single name variables on controller folder (#20092)
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
Claire 623d3d2e32
Change CSP directives on API to be tight and concise (#20960) 2 years ago
nametoolong 63b379c2d9
Fix N+1 queries from in NotificationsController (#21202)
Co-authored-by: Nonexistent <nx@example.org>
2 years ago
Effy Elden 441cac758f
Allow adding relays while secure mode & limited federation mode are enabled (#22324) 2 years ago
Francis Murillo 5fb1c3e934
Revoke all authorized applications on password reset (#21325)
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
Francis Murillo f6492a7c4d
Log admin approve and reject account (#22088)
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2 years ago
Claire 69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters (#21988)
Fixes #21965
2 years ago
Claire 68d1df8bc3
Fix some performance issues with /admin/instances (#21907)
/admin/instances?availability=failing remains wholly unefficient
2 years ago
Claire 51a33ce77a
Fix not being able to follow more than one hashtag (#21285)
Fixes regression from #20860
2 years ago
Claire 48e136605a
Fix form-action CSP directive for external login (#20962) 2 years ago
Claire 4ae97a2e4c
Fix OAuth flow being broken by recent CSP change (#20958) 2 years ago
lenore gilbert c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597)
* Allow import/export of instance-level domain blocks/allows (#1754)

* Allow import/export of instance-level domain blocks/allows.
Fixes #15095

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit 94e98864e3)

* Add confirmation page when importing blocked domains (#1773)

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit b91196f4b7)

* Fix authorization check in domain blocks controller

(cherry picked from commit 7527937758)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 9094c2f52c)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 26ff48ee48)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire cbb0153bd0
Fix invalid/empty RSS feed link on account pages (#20772)
Fixes #20770
2 years ago
trwnh 7fdeed5fbc
Make tag following idempotent (#20860) 2 years ago
Claire 00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users (#20774)
Fixes #20550
2 years ago
trwnh e1f819fd78
Fix pagination of followed tags (#20861)
* Fix missing pagination headers on followed tags

* Fix typo
2 years ago
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2 years ago
trwnh b59ce0a60f
Move V2 Filter methods under /api/v2 prefix (#20622)
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2 years ago
Eugen Rochko b31afc6294
Fix error when passing unknown filter param in REST API (#20626)
Fix #19156
2 years ago
Eugen Rochko 167d86d21d
Fix `role_ids` not accepting arrays in admin API (#20625)
Fix #19157
2 years ago
Claire 86f6631d28
Remove dead code and refactor status threading code (#20357)
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2 years ago
Claire 1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits (#20355) 2 years ago
James Tucker 78a6b871fe
Improve performance by avoiding regex construction (#20215)
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2 years ago
Eugen Rochko 0cd0786aef
Revert filtering public timelines by locale by default (#20294) 2 years ago
trwnh 89e1974f30
Make account endorsements idempotent (fix #19045) (#20118)
* Make account endorsements idempotent (fix #19045)

* Accept suggestion to use exists? instead of find_by + nil check

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* fix logic (unless, not if)

* switch to using `find_or_create_by!`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2 years ago
trwnh 68d9dcd425
Fix uncaught 500 error on invalid `replies_policy` (Fix #19097) (#20126) 2 years ago
Claire 1e1289b024
Fix crash when external auth provider has no display_name set (#19962)
Fixes #19913
2 years ago
Claire 4cb2323458
Fix crash in legacy filter creation controller (#19878) 2 years ago
Eugen Rochko 3a41fccc43
Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803)
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2 years ago
Claire c2170991c7
Fix reblogs being discarded after the reblogged status (#19731) 2 years ago
Claire 125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails (#19674)
Fixes #19593
2 years ago
Eugen Rochko 15bae3e0e4
Change post-processing to be deferred only for large media types (#19617) 2 years ago
Claire bb1ef11c30
Change featured hashtag deletion to be done synchronously (#19590) 2 years ago
Eugen Rochko 26478f461c
Remove language filtering from hashtag timelines (#19563) 2 years ago
Claire a529d6d93e
Fix invites (#19560)
Fixes #19507

Fix regression from #19296
2 years ago
Eugen Rochko 276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete (#19479)
Fix #19153
2 years ago
Eugen Rochko 5724da0780
Fix language not being saved when editing status (#19543)
Fix #19542
2 years ago
Eugen Rochko 3e18e05330
Fix uncaught error when invalid date is supplied to API (#19480)
Fix #19213
2 years ago
Eugen Rochko f8ca3bb2a1
Add ability to view previous edits of a status in admin UI (#19462)
* Add ability to view previous edits of a status in admin UI

* Change moderator access to posts to be controlled by a separate policy
2 years ago
Eugen Rochko 1ae508bf2f
Change unauthenticated search to not support pagination in REST API (#19326)
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2 years ago
Eugen Rochko 487d81fb92
Fix IP blocks not having a unique index (#19456) 2 years ago
Yamagishi Kazutoshi 45d3b32488
Fix `Settings::FeaturedTagsController` (#19418)
Regression from #19409
2 years ago
Takeshi Umeda 74ead7d106
Change featured tag updates to add/remove activity (#19409)
* Change featured tag updates to add/remove activity

* Fix to check for the existence of feature tag

* Rename service and worker

* Merge AddHashtagSerializer with AddSerializer

* Undo removal of sidekiq_options
2 years ago
Eugen Rochko 7c152acb2c
Change settings area to be separated into categories in admin UI (#19407)
And update all descriptions
2 years ago
Eugen Rochko 839f893168
Change public accounts pages to mount the web UI (#19319)
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2 years ago
Takeshi Umeda b0e3f0312c
Add synchronization of remote featured tags (#19380)
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2 years ago
prplecake c618d3a0a5
Make "No $entity selected" errors more accurate (#19356)
Previously all controllers would use the single "No accounts changed as
none were selected" message. This commit changes them to read "tags",
"posts", "emojis", etc. where necessary.
2 years ago
Eugen Rochko 1bd00036c2
Change about page to be mounted in the web UI (#19345) 2 years ago
Eugen Rochko 45ebdb72ca
Add support for language preferences for trending statuses and links (#18288) 2 years ago
Eugen Rochko a2ba011326
Change privacy policy to be rendered in web UI, add REST API (#19310)
Source string no longer localized, Markdown instead of raw HTML
2 years ago
Eugen Rochko 93f340a4bf
Remove setting that disables account deletes (#17683) 2 years ago
Eugen Rochko 62782babd0
Change public statuses pages to mount the web UI (#19301) 2 years ago
Eugen Rochko 58d5b28cb0
Remove previous landing page (#19300) 2 years ago
Eugen Rochko 679274465b
Add server rules to sign-up flow (#19296) 2 years ago
Eugen Rochko 9f65909f42
Change public timelines to be filtered by current locale by default (#19291)
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2 years ago
Eugen Rochko d2528b26b6
Add server banner to web app, add `GET /api/v2/instance` to REST API (#19294) 2 years ago
Claire cedcece0cc
Fix deleted pinned posts potentially counting towards the pinned posts limit (#19005)
Fixes #18938
2 years ago
Eugen Rochko 02ba9cfa35
Remove code for rendering public and hashtag timelines outside the web UI (#19257) 2 years ago
Eugen Rochko 36f4c32a38
Change path of privacy policy page (#19249) 2 years ago
Eugen Rochko 43b5d5e38d
Add logged-out access to the web UI (#18961) 2 years ago
Eugen Rochko 0d6b878808
Add user content translations with configurable backends (#19218) 2 years ago
Claire 8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors (#19212)
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account

* Refactor SignatureVerification to allow non-Account actors

* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors

* Refactor inbound ActivityPub payload processing to accept non-Account actors

* Refactor inbound ActivityPub processing to accept activities relayed through non-Account

* Refactor how Account key URIs are built

* Refactor Request and drop unused key_id_format parameter

* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2 years ago
Claire 84aff598ea
Fix typo in SignatureVerification (#19209)
Fix regression from #15605
2 years ago
Eugen Rochko 50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2 years ago
Claire 1145dbd327
Improve error reporting and logging when processing remote accounts (#15605)
* Add a more descriptive PrivateNetworkAddressError exception class

* Remove unnecessary exception class to rescue clause

* Remove unnecessary include to JsonLdHelper

* Give more neutral error message when too many webfinger redirects

* Remove unnecessary guard condition

* Rework how “ActivityPub::FetchRemoteAccountService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).

* Rework how “ActivityPub::FetchRemoteKeyService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).

* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error

* Add suppress_errors option to ResolveAccountService

Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.

* Return more precise error when failing to fetch account signing AP payloads

* Add tests

* Fixes

* Refactor error handling a bit

* Fix various issues

* Add specific error when provided Digest is not 256 bits of base64-encoded data

* Please CodeClimate

* Improve webfinger error reporting
2 years ago
Claire 2750a7a0e6
Fix REST API sometimes returning HTML on error (#19135)
Fixes #19115
2 years ago
Eugen Rochko c57907737a
Change search API to be accessible without being logged in (#18963)
But with the resolve option turned off
2 years ago
Eugen Rochko c99c106ef0
Change following and followers API to be accessible without being logged in (#18964) 2 years ago
Eugen Rochko 2a7766dcc9
Add admin API for managing e-mail domain blocks (#19066) 2 years ago
Eugen Rochko c556c3a0d1
Add admin API for managing canonical e-mail blocks (#19067) 2 years ago
Eugen Rochko b399d79545
Add admin API for managing IP blocks (#19065) 2 years ago
Eugen Rochko 0b3e4fd5de
Remove digest e-mails (#17985)
* Remove digest e-mails

* Remove digest-related code
2 years ago
Eugen Rochko 5b0e8cc92b
Add ability to select all accounts matching search for batch actions (#19053) 2 years ago
Eugen Rochko 0396acf39e
Add audit log entries for user roles (#19040)
* Refactor audit log schema

* Add audit log entries for user roles
2 years ago
Claire 50487db122
Add ability to filter individual posts (#18945)
* Add database table for status-specific filters

* Add REST endpoints, entities and attributes

* Show status filters in /filters interface

* Perform server-side filtering for individual posts filters

* Fix filtering on context mismatch

* Refactor `toServerSideType` by moving it to its own module

* Move loupe and delete icons to their own module

* Add ability to filter individual posts from WebUI

* Replace keyword list by warnings (expired, context mismatch)

* Refactor server-side filtering code

* Add tests
2 years ago
Eugen Rochko d83faa1a89
Add ability to block sign-ups from IP (#19037) 2 years ago
Claire 726931fe4a
Fix /api/v1/tags/:id route constraints (#18854)
The constraint was applied prior to decoding, and rejected anything containing
the '%' character, which would be used for anything with non-ASCII unicode
characters.
2 years ago
Eugen Rochko c3f0621a59
Add ability to follow hashtags (#18809) 2 years ago
Eugen Rochko e7aa2be828
Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
2 years ago
Eugen Rochko 44b2ee3485
Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
3 years ago
Claire 02851848e9
Revamp post filtering system (#18058)
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
3 years ago
Claire 35588d09e2
Add /api/v1/admin/domain_allows (#18668)
- `GET /api/v1/admin/domain_allows` lists allowed domains
- `GET /api/v1/admin/domain_allows/:id` shows one by ID
- `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list
  of allowed domains
- `POST /api/v1/admin/domain_allows` to allow a new domain:
  if that domain is already allowed, the existing DomainAllow will be returned
3 years ago
tateisu 47f2ff617d
use Notification::TYPES for api push subscription alerts (#18709) 3 years ago
Claire 327eed0076
Fix suspicious sign-in mails never being sent (#18599)
* Add tests

* Fix suspicious sign-in mails never being sent
3 years ago
Eugen Rochko a2871cd747
Add administrative webhooks (#18510)
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
3 years ago
Claire 28329ba62f
Add /api/v1/admin/domain_blocks (#18247)
* Add /api/v1/admin/domain_blocks

Fixes #18140

- `GET /api/v1/admin/domain_blocks` lists domain blocks
- `GET /api/v1/admin/domain_blocks/:id` shows one by ID
- `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block
- `POST /api/v1/admin/domain_blocks` to create a new domain block:
  if it conflicts with an existing one, returns an error with
  an attribute `existing_domain_block` with the rendered domain block

* Simplify conflict handling as suggested in review
3 years ago
Eugen Rochko 9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524) 3 years ago
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without `Location` header (#18523) 3 years ago
Claire 440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
3 years ago
Eugen Rochko 6cf57c6765
Refactor how Redis locks are created (#18400)
* Refactor how Redis locks are created

* Fix autorelease duration on account deletion lock
3 years ago
Eugen Rochko 2b8dc58b7f
Change RSS feeds (#18356)
* Change RSS feeds

- Use date and time for titles instead of ellipsized text
- Use full content in body, even when there is a content warning
- Use media extensions

* Change feed icons and add width and height attributes to custom emojis

* Fix custom emoji animate on hover breaking

* Fix tests
3 years ago
Claire 9a3be0ad68
Fix error when looking handle with surrounding spaces (#18225) 3 years ago
Eugen Rochko 33f3818d66
Fix double render error when authorizing interaction (#18203) 3 years ago
Eugen Rochko 5a48bf1085
Fix error when trying to revoke OAuth token without supplying a token (#18205) 3 years ago
Claire 66a63d79ea
Fix 500 error when a bookmark or favorite has been reported and deleted (#18174) 3 years ago
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135)
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
3 years ago
0x2019 012537452a
Fix error resposes for `from` search prefix (#17963)
* Fix error responses in `from` search prefix (addresses mastodon/mastodon#17941)

Using unsupported prefixes now reports a 422; searching for posts from an
account the instance is not aware of reports a 404. TODO: The UI for this
on the front end is abysmal.

Searching `from:username@domain` now succeeds when `domain` is the local
domain; searching `from:@username(@domain)?` now works as expected.

* Remove unused methods on new Error classes as they are not being used

Currently when `raise`d there are error messages being supplied, but
this is not actually being used. The associated `raise`s have been
edited accordingly.

* Remove needless comments

* Satisfy rubocop

* Try fixing tests being unable to find AccountFindingConcern methods

* Satisfy rubocop

* Simplify `from` prefix logic

This incorporates @ClearlyClaire's suggestion (see
https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737).

Accepctable account strings in `from:` clauses are more lenient than
before this commit; for example, `from:@user@example.org@asnteo +cat`
will not error, and return posts by @user@example.org containing the
word "cat". This is more consistent with how Mastodon matches mentions
in statuses. In addition, `from` clauses will not be checked for
syntatically invalid usernames or domain names, simply 404ing when
`Account.find_remote!` raises ActiveRecord::NotFound.

New code for this PR that is no longer used has been removed.
3 years ago
Claire 3906dd67ed
Fix extremely rare race condition when deleting a toot or account (#17994) 3 years ago
Eugen Rochko 8e20e16cf0
Change e-mail notifications to only be sent when recipient is offline (#17984)
* Change e-mail notifications to only be sent when recipient is offline

Change the default for follow and mention notifications back on

* Add preference to always send e-mail notifications

* Change wording
3 years ago
Eugen Rochko 465ee7792f
Fix pagination header on empty trends responses in REST API (#17986) 3 years ago
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 3 years ago
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
3 years ago
Eugen Rochko d116cb7733
Fix `GET /api/v1/trends/tags` missing `offset` param in REST API (#17973) 3 years ago
Claire 894956e20c
Fix /api/v1/admin/accounts (#17887)
* Fix /api/v1/admin/accounts

Compatibility was broken since #17009 which changed the underlying filter class
without changing the controller.

This commits restore support for the old parameters.

* Add /api/v2/admin/accounts with the new parameters

* Add tests

* Add missing filter for `silenced` status

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
3 years ago
Eugen Rochko cefa526c6d
Refactor formatter (#17828)
* Refactor formatter

* Move custom emoji pre-rendering logic to view helpers

* Move more methods out of Formatter

* Fix code style issues

* Remove Formatter

* Add inline poll options to RSS feeds

* Remove unused helper method

* Fix code style issues

* Various fixes and improvements

* Fix test
3 years ago
Eugen Rochko e3a2203061
Add offset pagination to trends in REST API (#17872) 3 years ago
Eugen Rochko 67d550830b
Fix locale not being set in REST API (#17847) 3 years ago
Eugen Rochko e6ffbfb5e7
Add `types` param to `GET /api/v1/notifications` in REST API (#17767)
* Add `types` param to `GET /api/v1/notifications` in REST API

* Improve tests
3 years ago
Eugen Rochko bc320d6cec
Fix `POST /api/v1/emails/confirmations` not being available after sign-up (#17743) 3 years ago
Eugen Rochko b2cd34474b
Add rate limit for editing (#17728) 3 years ago
chandrn7 a6ed6845c9
Allow login through OpenID Connect (#16221)
* added OpenID Connect as an SSO option

* minor fixes

* added comments, removed an option that shouldn't be set

* fixed Gemfile.lock

* added newline to end of Gemfile.lock

* removed tab from Gemfile.lock

* remove chomp

* codeclimate changes and small name change to make function's purpose clearer

* codeclimate fix

* added SSO buttons to /about page

* minor refactor

* minor style change

* removed spurious change

* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth

* minor changes
3 years ago
Eugen Rochko bd53dd5210
Change design of federation pages in admin UI (#17704)
* Change design of federation pages in admin UI

* Fix query performance in instance media attachments measure

* Fix reblogs being included in instance languages dimension
3 years ago
Eugen Rochko 8f6c67bfde
Fix performance of account timelines (#17709)
* Fix performance of account timelines

* Various fixes and improvements

* Fix duplicate results being returned

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix grouping for pinned statuses scope

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Eugen Rochko edf09ec747
Add `/api/v1/accounts/familiar_followers` to REST API (#17700)
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
3 years ago
Eugen Rochko 2ea754b861
Fix duplicate notifications being possible after poll expiration (#17697) 3 years ago
Claire ff43e54a49
Allow editing media attachments for scheduled toots (#17690)
Fixes #17676
3 years ago
Eugen Rochko 631e495a79
Change `follow` scope to be covered by `read` and `write` scopes in REST API (#17678)
Deprecate `follow` scope
3 years ago
Eugen Rochko e24b14cc74
Fix leak of existence of otherwise inaccessible statuses in REST API (#17684) 3 years ago
Eugen Rochko 02b8d63fce
Fix report category not being saved in REST API (#17682) 3 years ago
Eugen Rochko 25d3dc4373
Add ability to mark statuses as sensitive from reports in admin UI (#17668)
* Add ability to mark statuses as sensitive from reports in admin UI

* Allow mark as sensitive action on statuses with preview cards
3 years ago
Claire 14919fe11e
Change old moderation strikes to be displayed in a separate page (#17566)
* Change old moderation strikes to be displayed in a separate page

Fixes #17552

This changes the moderation strikes displayed on `/auth/edit` to be those from
the past 3 months, and make all moderation strikes targeting the current user
available in `/disputes`.

* Add short description of what the strikes page is for

* Move link to list of strikes to “Account status” instead of navigation item

* Normalize i18n file

* Fix layout and styling of strikes link

* Revert highlights_on regexp

* Reintroduce account status summary

- this way, “Account status” is never empty
- account status is not necessarily bound to strikes, or recent strikes
3 years ago
Eugen Rochko 50ea54b3ed
Change authorized applications page (#17656)
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
3 years ago
Claire 6aef76b5cd
Fix error when a MX is shared across blocked domains (#17650) 3 years ago
Eugen Rochko 27965ce5ed
Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
3 years ago
Eugen Rochko a29a982eaa
Change e-mail domain blocks to block IPs dynamically (#17635)
* Change e-mail domain blocks to block IPs dynamically

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
3 years ago