aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gh-readonly-queue/main/pr-34523-ffc853c08694cc5f1ec37e42da9a00e9e6ede0ba
features/ingest-quote-post-policies
main
feature-audio-player-redesign
renovate/node-22.x
ruby-vite-add-sri
vitest
MAS-80-ruby-vite
features/mismatching-es-analysis-settings
renovate/reduxjs-toolkit-2.x-lockfile
renovate/major-react-monorepo
refactor-contexts-reducer
features/translatable-rules
feature-feature-hashtags-api
fix-feature-post-web
feature-feature-hashtags-web
features/quote-reject
renovate/aws-sdk-s3-1.x-lockfile
MAS-80-webpack-to-vite
fix-account-search-space
feat/fasp_data_sharing
echo/mas-352-followers-you-know-on-profiles
stable-4.1
stable-4.2
refactor-action-bar-types
features/numeric-identifiers
renovate/express-5.x
renovate/glob-11.x
stable-4.3
remove-rails-delegate
fixes/followers-synchronization-double-check
debug/ghost-followers-synchronization
feature-streaming-profile
feature-starter-packs
fixes/account-note
fixes/recheck-suspensions
refactor-accounts-map
feat/fasp_trends
feat/fasp_account_search
updates/vips
features/split-in-app-notif
refactor/modal-stack
tests/media-description-modal
fixes/out-of-order-private-posts
fixes/thread-resolve-worker-skip_fetching
renovate/immutable-5.x
renovate/react-test-renderer-19.x
replace-oj-with-json
refactor-status-content-typescript
fixes/embed-requestAnimationFrame
features/lock-icon-on-hover-card
feature-admin-report-forward
feature-reports-batch-actions
fix-admin-dashboard-slow
fix-future-date-trend
redesign/content-warning-filters-4.3
fixes/filtered-follows
remove/trendable-provider-attribution
activitypub/summary-over-name
build-stable-nightly
fixes/notification-excerpt-paragraph
fixes/mastodon-setup-task-redis
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
fixes/detect-missing-indexes2
cleanup/simplify-css
feature-post-layout
features/media-description-in-embedded-status
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.18
v4.2.19
v4.2.2
v4.2.20
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3c726924c9'
${ noResults }
mastodon/app/models
History
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466) 
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
 		5 years ago
..
admin Add ability to filter audit log in admin UI (#13381) 5 years ago
concerns Fix movie width and frame_rate returning nil (#14357) 5 years ago
form Cache result of SQL (#14534) 5 years ago
web Bump doorkeeper from 5.3.3 to 5.4.0 (#13733) 5 years ago
account.rb Add E2EE API (#13820) 5 years ago
account_alias.rb Fix confusing error when failing to add an alias to an unknown account (#13480) 5 years ago
account_conversation.rb Change Redis#exists calls to Redis#exists? to avoid deprecation warning (#14191) 5 years ago
account_domain_block.rb Fix crash when saving invalid domain name (#11528) 6 years ago
account_filter.rb Add sorting by username, creation and last activity in moderation view (#13076) 5 years ago
account_identity_proof.rb Fix Keybase verification using wrong domain for remote accounts (#10547) 6 years ago
account_migration.rb Add (back) option to set redirect notice on account without moving followers (#11994) 6 years ago
account_moderation_note.rb Update dependencies for Ruby (2018-04-23) (#7237) 7 years ago
account_note.rb Add user notes on accounts (#14148) 5 years ago
account_pin.rb Add API endpoint to list featured accounts (fixes #8315) (#8317) 7 years ago
account_stat.rb Fix account counters being overwritten by parallel writes (#12045) 6 years ago
account_tag_stat.rb Add profile directory (#9427) 6 years ago
account_warning.rb Add moderation warnings (#9519) 6 years ago
account_warning_preset.rb Add titles to warning presets in admin UI (#13252) 5 years ago
admin.rb Add logging of admin actions (#5757) 8 years ago
announcement.rb Change delivery failure tracking to work with hostnames instead of URLs (#13437) 5 years ago
announcement_filter.rb Add announcements (#12662) 5 years ago
announcement_mute.rb Add announcements (#12662) 5 years ago
announcement_reaction.rb Add announcements (#12662) 5 years ago
application_record.rb Fix records not being indexed sometimes (#12024) 6 years ago
backup.rb Add announcements (#12662) 5 years ago
block.rb Store URIs of follows, follow requests and blocks for ActivityPub (#7160) 7 years ago
bookmark.rb Add announcements (#12662) 5 years ago
context.rb Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 8 years ago
conversation.rb Revert "Remove conversation URI (#11423)" (#11424) 6 years ago
conversation_mute.rb Update dependencies for Ruby (2018-04-23) (#7237) 7 years ago
custom_emoji.rb Add separate cache directory for non-local uploads (#12821) 5 years ago
custom_emoji_category.rb Add batch actions and categories to admin UI for custom emojis (#11793) 6 years ago
custom_emoji_filter.rb Various fixes and improvements (#12878) 5 years ago
custom_filter.rb Add “account timeline” filter category (#12918) 5 years ago
device.rb Add E2EE API (#13820) 5 years ago
domain_allow.rb Fix crash when saving invalid domain name (#11528) 6 years ago
domain_block.rb Fix admin page crashing when trying to block an invalid domain name (#13884) 5 years ago
email_domain_block.rb Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254) 5 years ago
encrypted_message.rb Change Redis#exists calls to Redis#exists? to avoid deprecation warning (#14191) 5 years ago
export.rb Export and import show_reblogs together with following list (#10495) 6 years ago
favourite.rb Fix records not being indexed sometimes (#12024) 6 years ago
featured_tag.rb Fix featured tags not finding the right tag on save (#11504) 6 years ago
feed.rb Fix non-numbers being passed to Redis and causing an error (#11697) 6 years ago
follow.rb Add specific rate limits for posting and following (#13172) 5 years ago
follow_request.rb Add specific rate limits for posting and following (#13172) 5 years ago
home_feed.rb Change Redis#exists calls to Redis#exists? to avoid deprecation warning (#14191) 5 years ago
identity.rb Change identities id column to a bigint (#9371) 6 years ago
import.rb Fix csv upload (#13835) 5 years ago
instance.rb Add whitelist mode (#11291) 6 years ago
instance_filter.rb Various fixes and improvements (#12878) 5 years ago
invite.rb Add invite comments (#10465) 6 years ago
invite_filter.rb Various fixes and improvements (#12878) 5 years ago
list.rb Update dependencies for Ruby (2018-04-23) (#7237) 7 years ago
list_account.rb Add abilityto add oneself to lists (#12271) 6 years ago
list_feed.rb Lists (#5703) 8 years ago
marker.rb Add timeline read markers API (#11762) 6 years ago
media_attachment.rb Fix movie width and frame_rate returning nil (#14357) 5 years ago
mention.rb Improve support for aspects/circles (#8950) 7 years ago
message_franking.rb Add E2EE API (#13820) 5 years ago
mute.rb Update dependencies for Ruby (2018-04-23) (#7237) 7 years ago
notification.rb Add follow_request notification type (#12198) 5 years ago
one_time_key.rb Add E2EE API (#13820) 5 years ago
poll.rb Only normalize local polls (#12515) 5 years ago
poll_vote.rb Add optimistic lock to avoid race conditions when handling votes (#10196) 6 years ago
preview_card.rb Add blurhash to preview cards (#13984) 5 years ago
relationship_filter.rb Fix followings list order | Issue #13538 (#13676) 5 years ago
relay.rb Fix enable/disable relay failures (#13535) 5 years ago
remote_follow.rb Refactor monkey-patching of Goldfinger (#12561) 5 years ago
report.rb Add rate limit for reporting (#13390) 5 years ago
report_filter.rb Various fixes and improvements (#12878) 5 years ago
report_note.rb Fix scope latest of ReportNote (#9630) 6 years ago
scheduled_status.rb Fix deleting a scheduled status immediately deleting media attachments (#9728) 6 years ago
search.rb Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 8 years ago
session_activation.rb Update dependencies for Ruby (2018-04-23) (#7237) 7 years ago
setting.rb Remove intermediary arrays when creating hash maps from results (#9291) 7 years ago
site_upload.rb Improvements to image upload validation and creation (#10431) 6 years ago
status.rb Fix searchable status without explicitly mentioning it (#13829) 5 years ago
status_pin.rb Update dependencies for Ruby (2018-04-23) (#7237) 7 years ago
status_stat.rb Reset status cache when status_stat or media_attachment updates (#9119) 7 years ago
system_key.rb Add E2EE API (#13820) 5 years ago
tag.rb Fixes featured hashtag setting page erroring out instead of rejecting invalid tags (#12436) 5 years ago
tag_filter.rb Various fixes and improvements (#12878) 5 years ago
tombstone.rb Record deleted(by mod) status to prevent re-appear (#10732) 6 years ago
trending_tags.rb Fix admin setting to auto-approve hashtags not affecting query (#12130) 6 years ago
unavailable_domain.rb Change delivery failure tracking to work with hostnames instead of URLs (#13437) 5 years ago
user.rb Add WebAuthn as an alternative 2FA method (#14466) 5 years ago
user_invite_request.rb Add "why do you want to join" field to invite requests (#10524) 6 years ago
web.rb Add extended about page stub 8 years ago
webauthn_credential.rb Add WebAuthn as an alternative 2FA method (#14466) 5 years ago