Commit graph

538 commits

Author SHA1 Message Date
Eugen Rochko 619fad6cf8
Remove spam check and dependency on nilsimsa gem (#16011) 2021-04-11 11:22:50 +02:00
Eugen Rochko 487e37d6d4
Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Claire 59f94593d0
Add warning in admin dashboard if some required queues are not handled (#15954) 2021-03-26 18:22:54 +01:00
Claire 876840e9ef
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire d023eefbcc
Fix push notification title for polls (#15931) 2021-03-19 23:47:31 +01:00
Claire 0ff4264c3e
Add missing push notification title for polls (#15929) 2021-03-19 20:22:49 +01:00
Marcin Mikołajczak 8fa11b0e83
Add missing en.notification_mailer.status.subject (#15564)
* Add missing `en.notification_mailer.status.subject`

* Update en.yml
2021-03-19 17:15:59 +01:00
Eugen Rochko 9aa37b32c3
Add details to error response for POST /api/v1/accounts in REST API (#15803) 2021-03-01 04:59:13 +01:00
Eugen Rochko 8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Eugen Rochko 59343ef4d1
Fix missing description on enable bootstrap timeline accounts toggle in admin UI (#15367) 2020-12-19 00:19:15 +01:00
ThibG 1a02882244
Reword invite text settings in admin views for consistency (#15358)
For consistency with #15265

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 09:57:54 +01:00
Eugen Rochko eb35be0431
Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
Eugen Rochko 8a95867693
Add option to obfuscate domain name in public list of domain blocks (#15355)
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
2020-12-18 08:30:41 +01:00
ThibG 8357969559
Fix admins being able to suspend their instance actor (#14567)
* Fix admin being able to suspend their own instance account

* Add text about the instance's own actor in admin view

* Change instance actor notice from flash message to template

* Do not list local instance actor in account moderation list
2020-12-15 17:23:58 +01:00
Mashiro 75d2762fdf
Add "invite request content" display in user account admin page (#15265)
* feat: display `invite_request_text` in admin's user account page

* fix: move invite_request to the bottom of accounts page

* fix: remove time display, remove formate, change code terminology

* fix: remove escape
2020-12-15 06:28:14 +01:00
ThibG 1390cc194b
Add indication to admin UI of whether a report has been forwarded (#13237)
* Add indication to admin UI of whether a report has been forwarded

* Rework how forwarded status is displayed

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15 04:30:15 +01:00
ThibG 47e507fa61
Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
Eugen Rochko 216b85b053
Fix performance on instances list in admin UI (#15282)
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
2020-12-14 09:06:34 +01:00
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
ThibG 96c1e71329
Add import/export feature for bookmarks (#14956)
* Add ability to export bookmarks

* Add support for importing bookmarks

* Add bookmark import tests

* Add bookmarks export test
2020-11-19 17:48:13 +01:00
Takeshi Umeda 2b1a6e734f
Add follow selected followers button (#15148)
* Add follow selected followers button

* Fix unused variable

* Fix i18n normalize
2020-11-12 16:58:00 +01:00
Mélanie Chauvel bb13276e53
Precise that home timeline filters also apply to lists (#15139) 2020-11-11 01:18:42 +01:00
Mélanie Chauvel 68d4b2b83e
Display “Show newer” and “Show older” instead of “Show more” in public pages (#15052) 2020-11-04 21:15:45 +01:00
Takeshi Umeda d6fe0c94ca
Add account sensitized (#14361)
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
2020-11-04 20:45:01 +01:00
Eugen Rochko 5e1364c448
Add IP-based rules (#14963) 2020-10-12 16:33:49 +02:00
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
ThibG 8d217d7231
Improve email address validation (#14565)
* Increase DNS timeout from 1 second to 5 seconds for MX check

1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.

* Add more precise error messages for invalid e-mail addresses
2020-08-12 12:40:25 +02:00
Eugen Rochko c158dda796
New Crowdin updates (#14197)
* New translations devise.en.yml (Uyghur)
[ci skip]

* New translations doorkeeper.en.yml (Uyghur)
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.yml (Sorani (Kurdish))
[ci skip]

* New translations simple_form.en.yml (Sorani (Kurdish))
[ci skip]

* New translations activerecord.en.yml (Sorani (Kurdish))
[ci skip]

* New translations devise.en.yml (Sorani (Kurdish))
[ci skip]

* New translations doorkeeper.en.yml (Sorani (Kurdish))
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Croatian)
[ci skip]

* New translations en.json (Marathi)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Bengali)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Hindi)
[ci skip]

* New translations en.json (Latvian)
[ci skip]

* New translations en.json (Estonian)
[ci skip]

* New translations en.json (Kazakh)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Urdu (Pakistan))
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.json (Icelandic)
[ci skip]

* New translations en.json (Tamil)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Indonesian)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Ido)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Serbian (Latin))
[ci skip]

* New translations en.json (Uyghur)
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.json (Taigi)
[ci skip]

* New translations en.json (Silesian)
[ci skip]

* New translations en.json (Malay)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Telugu)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.json (Kannada)
[ci skip]

* New translations en.json (Breton)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Bulgarian)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Czech)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations en.json (Danish)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (Finnish)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Sardinian)
[ci skip]

* New translations en.json (Romanian)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.json (Ukrainian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (Slovak)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Polish)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.json (Turkish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Serbian (Cyrillic))
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Armenian)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Macedonian)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Georgian)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations simple_form.en.yml (Dutch)
[ci skip]

* New translations simple_form.en.yml (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.json (Icelandic)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Indonesian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Tamil)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Bengali)
[ci skip]

* New translations en.json (Marathi)
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* New translations en.json (Serbian (Cyrillic))
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Turkish)
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.json (Urdu (Pakistan))
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Telugu)
[ci skip]

* New translations en.json (Breton)
[ci skip]

* New translations en.json (Kannada)
[ci skip]

* New translations en.json (Uyghur)
[ci skip]

* New translations en.json (Croatian)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Kazakh)
[ci skip]

* New translations en.json (Estonian)
[ci skip]

* New translations en.json (Latvian)
[ci skip]

* New translations en.json (Hindi)
[ci skip]

* New translations en.json (Malay)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Bulgarian)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Czech)
[ci skip]

* New translations en.json (Danish)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.json (Romanian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.json (Slovak)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Ukrainian)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Macedonian)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Polish)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Armenian)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Finnish)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Georgian)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Ido)
[ci skip]

* New translations en.json (Taigi)
[ci skip]

* New translations en.json (Silesian)
[ci skip]

* New translations en.json (Sardinian)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Serbian (Latin))
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* i18n-tasks normalize

* yarn manage:translations
2020-07-10 20:57:21 +02:00
ThibG a80fd8c79b
Change the about.instance_actor_flash to be single-line (#14200)
Some translations of that string are single-line, which somehow seems to make
Crowdin issue a blank newline at the end of those translations.

This, in turns, leads to different results when running “i18n-tasks normalize”
depending on the version of libyaml installed, making the CI fail if it
runs a different version than whoever ran “i18n-tasks normalize”.

Since there is no real reason for that source string to be multi-line (it is
only displayed in HTML, without replacing newlines by <br/> tags),
attempt to fix Crowdin export by making the source string single-line.
2020-07-03 03:06:08 +02:00
ThibG 35cedc922c
Change move handler to carry blocks over (#14144)
* Change move handler to carry blocks and mutes over

When user A blocks user B and B moves to a new account C, make A block C
accordingly.

Note that it only works if A's instance is aware of the Move, that is,
if B is on A's instance or has followers there.

* Also notify instances with known people blocking you when moving

* Add automatic account notes when blocking/muting an account that had no note
2020-07-01 13:51:15 +02:00
ThibG 65506bac3f
Add user notes on accounts (#14148)
* Add UserNote model

* Add UI for user notes

* Put comment in relationships entity

* Add API to create user notes

* Copy user notes to new account when receiving a Move activity

* Address some of the review remarks

* Replace modal by inline edition

* Please CodeClimate

* Button design changes

* Change design again

* Cancel note edition when pressing Escape

* Fixes

* Tweak design again

* Move “Add note” item, and allow users to add notes to themselves

* Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
2020-06-30 19:19:50 +02:00
Eugen Rochko 8c04e37b03
Remove the terms blacklist and whitelist from UX (#14149)
Localization strings:

- "Whitelist mode" -> "Limited federation mode"
- "Blacklist e-mail domain" -> "Block e-mail domain"
- "Whitelist domain" -> "Allow domain for federation"

...And so on

Environment variables (backwards-compatible):

- `WHITELIST_MODE` -> `LIMITED_FEDERATION_MODE`
- `EMAIL_DOMAIN_BLACKLIST` -> `EMAIL_DOMAIN_DENYLIST`
- `EMAIL_DOMAIN_WHITELIST` -> `EMAIL_DOMAIN_ALLOWLIST`

tootctl:

- `tootctl domains purge --whitelist-mode` -> `tootctl domains purge --limited-federation-mode`

Removed badly maintained and no longer relevant .env.production.sample file
2020-06-27 20:20:11 +02:00
Eugen Rochko 662a49dc3f
Fix various issues around OpenGraph representation of media (#14133)
- Fix audio attachments not being represented in OpenGraph tags
- Fix audio being represented as "1 image" in OpenGraph descriptions
- Fix video metadata being overwritten by paperclip-av-transcoder
- Fix embedded player not using Mastodon's UI
- Fix audio/video progress bars not moving smoothly
- Fix audio/video buffered bars not displaying correctly
2020-06-25 01:33:01 +02:00
Mélanie Chauvel ac3c83ef6f
Improve wording and add titles on moderated servers section in /about/more (#13930) 2020-06-09 10:28:02 +02:00
Eugen Rochko 72a7cfaa39
Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
ThibG bf6745b9c3
Fix unpermitted operations on custom emojis leading to cryptic errors (#13951)
* Display appropriate error when performing unpermitted operation on custom emoji

Fixes #13897

* Remove links to custom emoji actions not performable by moderators
2020-06-05 15:23:27 +02:00
ThibG bf94934623
Fix account redirect confirmation message talking about moved followers (#13950)
Fixes #13949
2020-06-03 20:18:19 +02:00
Eugen Rochko 5d8398c8b8
Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
TheMainOne be1e2594fb
Clarified "missing_also_known_as" (#13746)
Fixes the confusion mentioned in https://github.com/tootsuite/mastodon/issues/12216. Suggestion of this fix provided by https://github.com/tootsuite/mastodon/issues/12216#issuecomment-564918757.
2020-05-12 21:38:24 +02:00
Eugen Rochko 8be4c2ba21
Add ability to remove identity proofs from account (#13682)
Fix #12613
2020-05-10 11:21:10 +02:00
ThibG f7e011919e
Fix account aliases page (#13452)
* Fix error not being displayed when adding an account alias, add error for self-references

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

* Add “You have no aliases.” note in confusing empty aliases table

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-04-13 06:41:43 +02:00
Eugen Rochko f65568f1d4
Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
ThibG 0d117c106a
Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI

Fixes #13278

* Return more appropriate error when user replies to a deleted toot

* Please CodeClimate

* Fix 404/410 errors on fetching account timelines & identity proofs

* Refactor error handling

* Move error message string to statuses.errors
2020-03-28 17:59:45 +01:00
Eugen Rochko bea0bb39d6
Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12 22:35:20 +01:00
Eugen Rochko f556f79b77
Add titles to warning presets in admin UI (#13252) 2020-03-12 17:57:59 +01:00
Eugen Rochko 9660aa4543
Change local media attachments to perform heavy processing asynchronously (#13210)
Fix #9106
2020-03-08 23:56:18 +01:00
ThibG 2423d2f677
Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads

* Refactor and move links into hints

* Fix i18n tests

* Fix HTML output of site_upload_delete_hint
2020-03-08 16:00:24 +01:00
Eugen Rochko 339ce1c4e9
Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
ThibG cf4fe6caef
Fix misleading error when attempting to re-send a pending follow request (#13133)
Fixes #13131
2020-02-24 21:19:19 +01:00
ThibG aeb6efbb03
Fix typo in about page (#13038) 2020-02-03 23:29:42 +01:00
Sasha Sorokin 50cd73e5d7
Add "Show thread" button to public profiles (#13000)
This adds "Show thread" button to the status view which is used in
profiles. The logic to display the button is mimicking logic in
web app available at app/javascript/mastodon/components/status.js#L439.

* The little change in components CSS required to remove enforced
  underline for all links on public pages on our button.
2020-01-29 17:35:54 +01:00
Eugen Rochko 305abc9e05
Fix design of announcements in admin UI (#12989) 2020-01-28 02:21:00 +01:00
Eugen Rochko 663ea84b08
Add publish/unpublish controls to announcements in admin UI (#12967) 2020-01-27 11:05:33 +01:00
Eugen Rochko f816da9c64
Add limit of 8 different reaction types per announcement (#12950) 2020-01-25 05:23:33 +01:00
koyu dd4738a3f2 Mac is now known as macOS (#12935) 2020-01-24 00:21:13 +01:00
Eugen Rochko f52c988e12
Add announcements (#12662)
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
ThibG 43daeccccb Add “account timeline” filter category (#12918)
* Add “account timeline” filter category

Previously, no filter category applied to account timelines.

* Rename “Account timelines” into “Profiles”
2020-01-23 21:32:00 +01:00
Eugen Rochko c0006a004d
Change followers page to relationships page in admin UI (#12927)
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
2020-01-23 20:33:20 +01:00
ThibG d386d89179 Fix invalid votes from the API being accepted (#12601)
* Fix invalid votes from the API being accepted

Fixes #12556

- Ensure `choice` is an integer instead of silently converting to 0
- Ensure `choice` corresponds to an actual choice of the poll

* Please CodeClimate
2020-01-12 14:17:03 +01:00
koyu 5b9f01aec0 Fix spelling mistake (#12817) 2020-01-11 11:32:25 +09:00
Sasha Sorokin 36426ed4ad Use heading actions and placeholders in settings (#12801)
This commit:

- Refactors centered text blocks currently used for placeholders
  for empty tables and puts styles for it in separate class -
  .centered-text, simply aliasing text-align: center. Which is
  furtherly used in this commit.

- Improves applications settings page to use heading actions, moving
  "New application" button there, and displaying placeholder "You
  have no applications" in place of empty table.

- Improves custom emoji settings page to use heading action
  for "Upload" button, making it more easily accessible without
  need to scroll through all of the emojis.

- Improves email domain blocks settings page, moving "Add new" to the
  heading actions and using placeholder "No e-mail domains currently
  blacklisted" instead of showing empty table.
2020-01-11 02:14:45 +01:00
Sasha Sorokin 345dd93310 Little improvements to filters settings page (#12793)
When you have many filters, it may be hard for you to reach the button
to create yet another one. This commit moves creation button to the
heading, leaving the page just for the list.

On the other hand, when there are no filters, page looks kind of
strange with the empty table. So text stating obvious fact that user
has no filters was added in this commit too.

Closes #11020
Closes #12790
2020-01-07 10:41:19 +01:00
Sasha Sorokin 9edab7afaf Add translation project promotion link (#12736)
This commit adds promotional notice on appearance settings about
translation project if any other locale than English is used. It
allows users to learn and contribute translations to Mastodon.

Step ahead, in this commit one unusual string is added - link to a
guide. By default it refers to Crowdin project itself, but if any of
Mastodon localization teams established their own guide, they can
refer it. Or, if Crowdin supports localized domain for language, it
can also be put there (e.g. https://fr.crowdin.com/...).
2019-12-31 22:15:05 +01:00
Sasha Sorokin 902c6bed5a Use different strings on exports page (#12569)
Currently the page re-uses strings from other contexts which doesn't fit
very well - strings incorrectly lowercase-d and pluralized, when they
don't need to be, because it's a table.

This commit changes page to re-use accounts.posts_tab_heading for toots,
and admin.accounts for "Following" and "Follows". This all should look
more aesthetically pleasing.
2019-12-19 12:47:55 +01:00
ThibG fb9137752a Remove unused translatable strings (#12643)
* Remove unused “salmon_url” string

* Remove more unused translatable strings

The following strings all used to be on the admin account page
but aren't used anymore: profile_url, outbox_url, followers_url, feed_url
2019-12-18 16:56:39 +01:00
Alice Gaudon 668f698077 Admin setting to disable default follows (#12566) 2019-12-16 23:55:50 +01:00
Sasha Sorokin d5b7a4b116 Avoid using pluralize on moderation pages (#12589)
Pluralize function from Rails framework does not work with other
languages than English, moreover it does not even work properly with
English [1]. Not that the latest applies to this context, it's just
a sign that we best to avoid this function, especially when there are
more reliable ways.

This commit changes how reports pages generated in order to avoid usage
of pluralize function, replacing it with default translation function,
called with given counter. On top of that, we have to make strings
pluralizable, so have to change locale files.

[1]: https://medium.com/@anna7/b3927de2ca8e#6a60
2019-12-12 19:50:23 +01:00
Takeshi Umeda f43f1e0184 Add basic support for group actors (#12071)
* Show badge on group actor in WebUI

* Do not notify in case of  by following group actor

* If you mention group actor, also mention group actor followers

* Relax characters that can be used in username (same as Application)

* Revert "Relax characters that can be used in username (same as Application)"

This reverts commit 7e10a137b8.

* Delete display_name method
2019-12-04 20:36:33 +01:00
Sasha Sorokin c8d82ef3c3 Split relationships page strings (#12502)
Before this moment relationships managing page was using strings from
other context - from counters, but in order for translators to be able
to translate it relatively to the page, it must use separate strings.

I've split the strings for "Following" and "Followers" and put them to
"relationships" keyset in localization file. This should solve this
issue.

Fixes #10863
2019-12-01 07:08:40 +01:00
ThibG d8f96028c5 Add ability to filter reports by target account domain (#12154)
* Add ability to filter reports by target account domain

* Reword by_target_domain label
2019-11-30 19:53:58 +01:00
Sasha Sorokin fd45f5bbaa Improve notifications page (#12497)
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
2019-11-29 17:03:06 +01:00
ThibG a2014830c2 Fix broken admin audit log in whitelist mode (#12303) 2019-11-11 00:05:15 +02:00
Yamagishi Kazutoshi 7512f3a3e0 Change message of public timeline for local only (#12224) 2019-10-27 12:45:33 +01:00
Faye Duxovni 48f75b86ae Add setting for whether to crop images in unexpanded toots (#12126) 2019-10-24 22:51:41 +02:00
ThibG 15c192ce40 Add link to search for users connected from the same IP address (#12157)
* Add link to search for users connected from the same IP address

Fixes #11949

* Fix missing cell in admin account view table
2019-10-24 22:49:26 +02:00
Eugen Rochko aa509a3d8a
Fix auto-report string saying the account has been auto-silenced (#12142) 2019-10-10 18:47:24 +02:00
Eugen Rochko b5f7e12817
Remove auto-silence behaviour from spam check (#12117)
Fix #12113
2019-10-09 07:11:23 +02:00
Eugen Rochko c8bcf5cbfd
Add admin setting to auto-approve hashtags (#12122)
Change inaccurate labels on other admin settings
2019-10-09 00:30:15 +02:00
Eugen Rochko 19cdc62765
Remove fallback to long description on sidebar and meta description (#12119)
Fix #12114
2019-10-08 22:08:55 +02:00
Eugen Rochko 740c9cb3ee
Remove invite comments from UI (#12068)
Due to UX confusion and insufficient time to fix it
2019-10-03 22:37:13 +02:00
mayaeh b258583d2b Fix hashtag link to directory in AdminUI (#12005)
* Fixed not to generate link if no user used hashtag in directory

* Added missing translation for AdminUI custom emojis

* run yarn manage:translations en
2019-10-01 01:20:22 +02:00
ThibG 3babf8464b Add voters count support (#11917)
* Add voters count to polls

* Add ActivityPub serialization and parsing of voters count

* Add support for voters count in WebUI

* Move incrementation of voters count out of redis lock

* Reword “voters” to “people”
2019-09-29 22:58:01 +02:00
Eugen Rochko bd9685f798
Fix public list of domain blocks being too verbose on about page (#11967) 2019-09-29 16:23:01 +02:00
Eugen Rochko 163ed91af3
Add (back) option to set redirect notice on account without moving followers (#11994)
Fix #11913
2019-09-29 05:03:19 +02:00
mayaeh 05ad7d606c Add translation strings for AdminUI custom emojis (#11970) 2019-09-27 03:07:19 +02:00
Eugen Rochko add4d4118c
Fix relays UI being available in whitelist/secure mode (#11963)
Fix relays UI referencing relay that is not functional
2019-09-27 02:13:34 +02:00
Eugen Rochko 3ed94dcc1a
Add account migration UI (#11846)
Fix #10736

- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
2019-09-19 20:58:19 +02:00
Eugen Rochko d930eb88b6
Add table of contents to about page (#11885)
Move public domain blocks information to about page
2019-09-19 11:09:05 +02:00
Eugen Rochko e1066cd431
Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
mayaeh ef0d22f232 Add search and sort functions to hashtag admin UI (#11829)
* Add search and sort functions to hashtag admin UI

* Move scope processing from tags_controller to tag_filter

* Fix based on method naming conventions

* Fixed not to get 500 errors for invalid requests
2019-09-16 14:27:29 +02:00
Eugen Rochko c707ef49d9
Fix 2FA challenge and password challenge for non-database users (#11831)
* Fix 2FA challenge not appearing for non-database users

Fix #11685

* Fix account deletion not working when using external login

Fix #11691
2019-09-15 21:08:39 +02:00
Tao Bror Bojlén 4fe127664b add admin setting for default search engine indexing (fix #11750) (#11804) 2019-09-11 08:44:58 +02:00
Eugen Rochko 1110ea1a91
Add batch actions and categories to admin UI for custom emojis (#11793) 2019-09-09 22:44:17 +02:00
Eugen Rochko 261e52268c
Add batch approve/reject for pending hashtags in admin UI (#11791) 2019-09-09 12:50:09 +02:00
Eugen Rochko 43f56f1291
Change account deletion page to have better explanations (#11753)
Fix deletion of unconfirmed account not freeing up the username

Add prefill of logged-in user's email in the reconfirmation form
2019-09-04 04:13:54 +02:00
Eugen Rochko 3221f998dd
Change OpenGraph description on sign-up page to reflect invite (#11744) 2019-09-03 04:56:54 +02:00
mayaeh 1f22b8197c Integrate translation strings for the Profile Directory. (#11722)
Run `yarn manage:translations en`
2019-09-02 18:12:27 +02:00
Eugen Rochko 22ce4778eb
Fix uncaught parameter missing exceptions and missing error templates (#11702) 2019-08-30 01:34:47 +02:00
Eugen Rochko cb447b28c4
Add profile directory to web UI (#11688)
* Add profile directory to web UI

* Add a line of bio to the directory
2019-08-30 00:14:36 +02:00
Eugen Rochko 73ca0bb925
Add option to include reported statuses in warning e-mail (#11639) 2019-08-23 22:37:23 +02:00
Eugen Rochko 282ea17078
Add soft delete for statuses for instant deletes through API (#11623)
* Add soft delete for statuses to allow them to appear instant

* Allow reporting soft-deleted statuses and show them in the admin UI

* Change index for getting an account's statuses
2019-08-22 21:55:56 +02:00
ThibG 9b6a5ed109 Add public blocks to /about/blocks (#11298)
* Add automatic blocklist display in /about/blocks

Inspired by https://github.com/Gargron/mastodon.social-misc

* Add admin option to set who can see instance blocks

* Normalize locales files

* Rename “Sandbox” to “Silence” for consistency

* Disable /about/blocks when in whitelist mode

* Optionally display rationale for domain blocks

* Only display domain blocks that have user-facing limitations, and order them

* Redesign table of blocked domains to better handle long domain names and rationales

* Change domain blocks ordering now that rationales aren't displayed right away

* Only show explanation for block severities actually in use

* Reword instance block explanations and add disclaimer for public fetch mode
2019-08-19 11:35:48 +02:00
Eugen Rochko c6b4b923e6
Add trends to public pages sidebar (#11594) 2019-08-18 14:55:32 +02:00
Eugen Rochko b348c9b0db
Add explanation to featured hashtags page and profile (#11586) 2019-08-17 18:07:52 +02:00
Eugen Rochko 7a1f8a58df
Fix crash when saving invalid domain name (#11528)
Fix #7629
2019-08-08 23:04:19 +02:00
Eugen Rochko 3a6b6c63f2
Add breakdown of usage by source to admin UI for hashtags (#11517)
Allows determining where the majority of posts in a hashtag come
from on a given day at a glance.
2019-08-07 20:20:39 +02:00
ThibG bced70469a Add domain block notes (#11515)
* Add database columns for adding notes to domain blocks/restrctions

* Add admin UI to set private and public comments when blocking a domain

* Add text for private and public comments on domain blocks

* Show domain block comments in admin UI

* Add comments to the domain block undo page

* Make UnblockDomainService more robust regarding upgraded domain blocks

* Allow editing domain blocks

* Rename button from “undo domain block” to “view domain block” in account admin UI

* Change test to unsilence silenced users from upgraded blocks
2019-08-07 20:20:23 +02:00
Eugen Rochko 94c54997cf
Fix trending tags returning less items than requested sometimes (#11513)
Add better sorting defaults to the hashtags admin UI

Add "not reviewed" filter to hashtags admin UI
2019-08-07 17:08:30 +02:00
Eugen Rochko 7a737c79cc
Add number of pending accounts and pending hashtags to admin dashboard (#11514) 2019-08-07 16:13:34 +02:00
Eugen Rochko ac33f1aedd
Fix account tags not being saved correctly (#11507)
* Fix account tags not being saved correctly

Regression from f371b32

Fix Tag#discoverable not returning tags where listable is nil instead of true

Add notice when saving hashtags in admin UI

Change public hashtag and directory pages to return 404 for forbidden tags

* Remove unused locale string
2019-08-07 10:01:55 +02:00
Eugen Rochko dd38c280a5
Fix admin dashboard missing latest features (#11505)
Fix redis-namespace deprecation warning about administrative commands
2019-08-06 19:40:06 +02:00
Eugen Rochko 9072fe5ab6
Add trends UI with admin and user settings (#11502) 2019-08-06 17:57:52 +02:00
Eugen Rochko 115dab78f1
Change admin UI for hashtags and add back whitelisted trends (#11490)
Fix #271

Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.

When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.

The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.

The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
2019-08-05 19:54:29 +02:00
Eugen Rochko 24552b5160
Add whitelist mode (#11291) 2019-07-30 11:10:46 +02:00
Eugen Rochko 964ae8eee5
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.

Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.

After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.

Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
ThibG 730c4053d6 Add ActivityPub actor representing the entire server (#11321)
* Add support for an instance actor

* Skip username validation for local Application accounts

* Add migration script to create instance actor

* Make Codeclimate happy

* Switch to id -99 for instance actor

* Remove unused `icon` and `image` attributes from instance actor

* Use if/elsif/else instead of return + ternary operator

* Add instance actor to fresh installs

* Use instance actor as instance representative

Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.

* Seed database in test environment

* Fix single-user mode

* Fix tests

* Fix specs to accomodate for an extra `Account`

* Auto-reject follows on instance actor

Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.

* Fix webfinger lookup and serialization for instance actor

* Rename instance actor

* Make it clear in the HTML view that the instance actor should not be blocked

* Raise cache time for instance actor as there's no dynamic content

* Re-use /about/more with a flash message for instance actor profile
2019-07-19 01:44:42 +02:00
ThibG 7e2b6da57f Add setting to disable the anti-spam (#11296)
* Add environment variable to disable the anti-spam

* Move antispam setting to admin settings

* Fix typo

* antispam → spam_check
2019-07-17 21:09:15 +02:00
Eugen Rochko 6ff67be0f6
Add a spam check (#11217)
* Add a spam check

* Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance

* Add more tests

* Add exemption when the message is a reply to something that mentions the sender

* Use Nilsimsa Compare Value instead of Levenshtein distance

* Use MD5 for messages shorter than 10 characters

* Add message to automated report, do not add non-public statuses to
automated report, add trust level to accounts and make unsilencing
raise the trust level to prevent repeated spam checks on that account

* Expire spam check data after 3 months

* Add support for local statuses, reduce expiration to 1 week, always create a report

* Add content warnings to the spam check and exempt empty statuses

* Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check

* Add all matched statuses into automatic report
2019-07-13 16:45:50 +02:00
Eugen Rochko ef15246397
Remove unused remote unfollow controller (#11250) 2019-07-08 12:04:06 +02:00
Eugen Rochko 23aeef52cc
Remove Salmon and PubSubHubbub (#11205)
* Remove Salmon and PubSubHubbub endpoints

* Add error when trying to follow OStatus accounts

* Fix new accounts not being created in ResolveAccountService
2019-07-06 23:26:16 +02:00
Eugen Rochko 1db4117030
Change preferences page into appearance, notifications, and other (#10977) 2019-06-07 03:39:24 +02:00
Eugen Rochko a60364ca7d
Add waiting time to list of pending accounts in admin UI (#10985) 2019-06-07 03:24:10 +02:00
ThibG 14f6ce2885 Record account suspend/silence time and keep track of domain blocks (#10660)
* Record account suspend/silence time and keep track of domain blocks

* Also unblock users who were suspended/silenced before dates were recorded

* Add tests

* Keep track of suspending date for users suspended through the CLI

* Show accurate number of accounts that would be affected by unsuspending an instance

* Change migration to set silenced_at and suspended_at

* Revert "Also unblock users who were suspended/silenced before dates were recorded"

This reverts commit a015c65d2d.

* Switch from using suspended and silenced to suspended_at and silenced_at

* Add post-deployment migration script to remove `suspended` and `silenced` columns

* Use Account#silence! and Account#suspend! instead of updating the underlying property

* Add silenced_at and suspended_at migration to post-migration

* Change account fabricator to translate suspended and silenced attributes

* Minor fixes

* Make unblocking domains always retroactive
2019-05-14 19:05:02 +02:00
ThibG 011b032300 Provide a link to existing domain block when trying to block an already-blocked domain (#10663)
* When trying to block an already-blocked domain, provide a link to the block

* Fix styling for links in flash messages

* Allow blocks to be upgraded but not downgraded
2019-05-03 20:36:36 +02:00
mayaeh 9e2a1f1838 i18n: Update Japanese translations (#10536)
* run i18n-tasks add-missing

* Update Japanese translations.
2019-04-10 17:36:45 +02:00
Eugen Rochko 9b0d8f74cb
Change the groupings of menu items in settings navigation (#10533)
* Change the groupings of menu items in settings navigation

Fix #10307

* Remove unused translations
2019-04-10 03:47:11 +02:00
Eugen Rochko 8b69a66380 Add "why do you want to join" field to invite requests (#10524)
* Add "why do you want to join" field to invite requests

Fix #10512

* Remove unused translations

* Fix broken registrations when no invite request text is submitted
2019-04-09 23:06:30 +09:00
ThibG 5247ea4efd Fix batch actions not working on pending accounts (#10508) 2019-04-08 18:35:41 +02:00
mayaeh a265696991 i18n: Update Japanese translations (#10494)
* Update Japanese translations

* Update Japanese translations.
2019-04-08 09:16:14 +09:00
Eugen Rochko 67b3b62b98
Improve blocked view of profiles (#10491)
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)"

This reverts commit 120544067f.

* Revert "Hide blocking accounts from blocked users (#10442)"

This reverts commit 62bafa20a1.

* Improve blocked view of profiles

- Change "You are blocked" to "Profile unavailable"
- Hide following/followers in API when blocked
- Disable follow button and show "Profile unavailable" on public profile as well
2019-04-07 04:59:13 +02:00
Eugen Rochko e1d0390e29
Add batch actions for approving and rejecting pending accounts (#10469) 2019-04-06 17:53:45 +02:00
mayaeh abdf225353 i18n: Update Japanese translations (#10427)
* Update Japanese translations.

run yarn manage:translations && i18n-tasks add-missing

* Update Japanese translations.

* Fix mistake

* Change to be concise.
2019-04-01 05:50:05 +02:00
Alex Gessner 69141dca26 squashed identity proof updates (#10375) 2019-03-28 18:01:09 +01:00
Eugen Rochko 08ec7435ce
Add order options to relationship manager UI (#10404) 2019-03-28 02:16:01 +01:00
ThibG 0c46bd11aa Fix HTML validation (#10354)
* Fix HTML validation

* Report first HTML error instead on validation error
2019-03-26 17:33:26 +01:00
Eugen Rochko e117964325
Change icons of features on admin dashboard to remove bias (#10366)
Red crosses implied that it was bad/unexpected that certain features
were not enabled. In reality, they are options, so showing a green
or grey power-off icon is more appropriate.

Add status of timeline preview as well

Fix sample accounts changing too frequently due to wrong query

Sample accounts are intended to be sorted by popularity
2019-03-26 01:24:19 +01:00
Jeong Arm 9ec98893f4 Change settings description (#10312)
- site_description is no longer visible on front page
- short_description is not fallback to site_description
2019-03-23 16:11:58 +01:00
Eugen Rochko 555c4e11ba
Add validations to admin settings (#10348)
* Add validations to admin settings

- Validate correct HTML markup
- Validate presence of contact username & e-mail
- Validate that all usernames are valid
- Validate that enums have expected values

* Fix code style issue

* Fix tests
2019-03-23 14:07:04 +01:00
Eugen Rochko 9c4cbdbafb
Add Keybase integration (#10297)
* create account_identity_proofs table

* add endpoint for keybase to check local proofs

* add async task to update validity and liveness of proofs from keybase

* first pass keybase proof CRUD

* second pass keybase proof creation

* clean up proof list and add badges

* add avatar url to keybase api

* Always highlight the “Identity Proofs” navigation item when interacting with proofs.

* Update translations.

* Add profile URL.

* Reorder proofs.

* Add proofs to bio.

* Update settings/identity_proofs front-end.

* Use `link_to`.

* Only encode query params if they exist.

URLs without params had a trailing `?`.

* Only show live proofs.

* change valid to active in proof list and update liveness before displaying

* minor fixes

* add keybase config at well-known path

* extremely naive feature flagging off the identity proof UI

* fixes for rubocop

* make identity proofs page resilient to potential keybase issues

* normalize i18n

* tweaks for brakeman

* remove two unused translations

* cleanup and add more localizations

* make keybase_contacts an admin setting

* fix ExternalProofService my_domain

* use Addressable::URI in identity proofs

* use active model serializer for keybase proof config

* more cleanup of keybase proof config

* rename proof is_valid and is_live to proof_valid and proof_live

* cleanup

* assorted tweaks for more robust communication with keybase

* Clean up

* Small fixes

* Display verified identity identically to verified links

* Clean up unused CSS

* Add caching for Keybase avatar URLs

* Remove keybase_contacts setting
2019-03-18 21:00:55 +01:00
Eugen Rochko b8e4c85e69
Add dormant filter to relationship manager, rename other filters (#10308)
Rename "abandoned" to "moved", and "active" to "primary"
2019-03-18 03:53:17 +01:00
Eugen Rochko 1c113fd72d
Add relationship manager UI (#10268) 2019-03-16 11:23:22 +01:00
Eugen Rochko 51e154f5e8
Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
Eugen Rochko 65fffeac3f
Redesign landing page (#10232) 2019-03-12 17:34:00 +01:00
Eugen Rochko 5996be994d
Fix poll validation issues (#10186)
- Fix missing interpolation argument in PollValidator
- Fix PollValidator rejecting exact allowed min/max durations
2019-03-06 04:54:11 +01:00
ThibG 3de71887d8 Add non-JS fallback for polls on public pages (#10155) 2019-03-04 18:03:12 +01:00
Eugen Rochko 230a012f00
Add polls (#10111)
* Add polls

Fix #1629

* Add tests

* Fixes

* Change API for creating polls

* Use name instead of content for votes

* Remove poll validation for remote polls

* Add polls to public pages

* When updating the poll, update options just in case they were changed

* Fix public pages showing both poll and other media
2019-03-03 22:18:23 +01:00
ThibG 6840a77711 Add domain search/filter to the "Federation" (/admin/instances) page (#10071) 2019-02-18 14:59:19 +01:00
mayaeh 46e806cd2f Rename from instance to server. (#9938) 2019-02-05 19:11:24 +01:00
Eugen Rochko 364f2ff9aa
Add featured hashtags to profiles (#9755)
* Add hashtag filter to profiles

GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag

* Display featured hashtags on public profile

* Use separate model for featured tags

* Update featured hashtag counters on-write

* Limit featured tags to 10
2019-02-04 04:25:59 +01:00
Eugen Rochko d14c276e58
Add option to overwrite imported data (#9962)
* Add option to overwrite imported data

Fix #7465

* Add import for domain blocks
2019-02-03 03:59:51 +01:00
Eugen Rochko ad8c71c985
Fix link color in high-contrast theme, add underlines (#9949)
Improve sorting of default themes in the dropdown
2019-02-01 00:15:38 +01:00
Marek Ľach 0167659f5f Distinguish error messaging for mystyped URLs and deleted accounts (#9957) 2019-02-01 00:07:08 +01:00
Eugen Rochko a492a9bcd3
Add information about how to opt-in to the directory on the directory (#9834)
Fix #9833
2019-01-18 10:25:44 +01:00
Eugen Rochko 1c6588accc
Redesign admin instances area (#9645) 2019-01-08 13:39:49 +01:00
Eugen Rochko 5654535728
Change remote interaction dialog to use specific actions (#9743)
* Change remote interaction dialog to use specific actions

Instead of just "interact", use different strings based on whether
it's a reply, reblog or favourite. Add explanation why the step
is necessary in the first place

* Remove obsolete strings
2019-01-07 15:36:26 +01:00
Eugen Rochko c73653ce23
Add missing locale strings (#9723) 2019-01-05 19:13:11 +01:00
Eugen Rochko a49d43d112
Add scheduled statuses (#9706)
Fix #340
2019-01-05 12:43:28 +01:00
Eugen Rochko 6e49907ecf
Improve admin UI for account view (#9643) 2018-12-28 03:38:41 +01:00
chr v1.x c3465f699e Add local followers page to admin account UI (#9610)
* Add local followers page to admin account UI

For moderation, I often find myself wondering who, locally, is following
a remote user. Currently, to see this, I have to go back to the web UI,
paste in their full handle, click their profile, and go to the
"Followers" tab (plus, this information is incidental, and if mastodon
ever decides to resolve all of the follower information, there will be
no place local followers are shown). This PR adds a new page which is
accessible via the "following" count on the admin's account view
page, which shows the local followers. (It has filter parameters for
account location to indicate that only local followers are shown, and
leave room for expansion if mastodon ever decides to store the entire
remote follow list).

* Normalize en.yml
2018-12-27 13:15:39 +01:00
Eugen Rochko bb62827c16
Remove links to bridge.joinmastodon.org (non-functional) (#9608)
Add link to profile directory
2018-12-22 23:32:00 +01:00
Eugen Rochko 3c033c4352
Add moderation warnings (#9519)
* Add moderation warnings

Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.

Additionally, there are warning presets you can configure to save
time when performing the above.

* Use Account#local_username_and_domain
2018-12-22 20:02:09 +01:00
mayaeh ff472d2cfb Update Japanese translations. (#9574) 2018-12-19 08:51:02 +01:00
Eugen Rochko 087e118971
Remove "most popular" tab from profile directory, add responsive design (#9539)
* Remove "most popular" tab from profile directory, add responsive design

* Remove unused translations
2018-12-17 03:14:28 +01:00
ThibG 720daa8143 Add instance-wide setting to disable profile directory (#9497)
* Add instance-wide setting to disable profile directory

Fixes #9496

When the profile directory is disabled:
- The “discoverable” setting is hidden from users
- The “profile directory” link is not shown on public pages
- /explore returns 404

* Move Setting.profile_directory check to a before_action filter
2018-12-11 19:18:29 +01:00
Eugen Rochko 73be8f38c1
Add profile directory (#9427)
Fix #5578
2018-12-06 17:36:11 +01:00
Eugen Rochko 73faadad28
Redesign admin accounts index (#9340)
* Improve overview of accounts in admin UI

- Display suspended status, role, last activity and IP prominently
- Default to showing local accounts
- Default to not showing suspended accounts

* Remove unused strings

* Fix tests

* Allow filtering accounts by IP mask
2018-11-26 15:53:27 +01:00
Eugen Rochko fd5285658f
Add option to block reports from domain (#8830) 2018-10-20 08:02:44 +02:00
Eugen Rochko 9486f0ca77
Add "disable" button to report screen (#9024)
* Add "disable" button to report screen

* i18n-tasks remove-unused
2018-10-20 02:39:39 +02:00
Gomasy 7085b21f70 Add destroy_custom_emoji translation (#8997)
Includes Japanese and English
2018-10-17 16:54:59 +02:00
mayaeh 47bca33945 Fix description about custom mascot. (#8974) 2018-10-13 17:00:15 +02:00
mayaeh 87abbb07f3 Add Japanese translations. (#8927) 2018-10-09 07:12:37 +09:00
ashleyhull-versent 2dba313100 Replace SVG asset with Custom mascot (#8766) 2018-10-08 00:20:45 +02:00
Eugen Rochko 28401962ca Change documentation URL (#8898)
* Change documentation URL

* Fix hardcoded documentation URL in locales
2018-10-06 14:33:36 +09:00
Eugen Rochko a46ab86adf
Limit the number of people that can be followed from one account (#8807)
Configurable soft limit of 7,500, and above that, configurable
ratio of 1.1 * followers, controlled by:

- MAX_FOLLOWS_THRESHOLD
- MAX_FOLLOWS_RATIO

Fix #2311
2018-10-04 17:36:11 +02:00
Eugen Rochko f4d549d300
Redesign forms, verify link ownership with rel="me" (#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
Eugen Rochko 011437dcb5
Group reports by target account (#8674)
* Group reports by target account

* Improve CSS
2018-09-13 03:44:08 +02:00
Yamagishi Kazutoshi 50d8cf8aed Save button for relays translatable (#8539) 2018-08-31 15:15:21 +02:00
Eugen Rochko 5e1767173f
Display pending message on admin relays UI (#8494)
* Add missing specs for relay accept/reject

* Display pending message on admin relays UI
2018-08-28 05:39:43 +02:00
M Somerville b31449cd77 Better singulars of account followers/toots. (#8471) 2018-08-26 21:30:53 +02:00
Eugen Rochko 22e46ebad8
Add theme identifier to body classes for easier custom CSS styling (#8439)
Add forgotten custom CSS admin setting strings
2018-08-25 22:55:25 +02:00
M Somerville ad41806e53 Allow use of plurals on about page stats. (#8363) 2018-08-22 19:42:47 +02:00
Eugen Rochko 2374a00c10
Add confirmation step to account suspensions (#8353)
* Add confirmation page for suspensions

* Suspension confirmation closes reports, linked from report UI

* Fix tests
2018-08-22 11:53:41 +02:00
Eugen Rochko 0fc0980de1
Link to mobile apps page (#8278)
Fix #8269
2018-08-19 01:17:44 +02:00
Eugen Rochko 9dd5639f90
Add admin function to deactivate all invites (#8279)
Fix #8261
2018-08-19 00:58:53 +02:00
Eugen Rochko 85bb32c410
Add "sign in to participate" message to public toot page (#8200) 2018-08-18 12:48:27 +02:00
Eugen Rochko 78fa926ed5
Add remote interaction dialog for toots (#8202)
* Add remote interaction dialog for toots

* Change AuthorizeFollow into AuthorizeInteraction, support statuses

* Update brakeman.ignore

* Adjust how interaction buttons are display on public pages

* Fix tests
2018-08-18 03:03:12 +02:00
ThibG 106fa28a00 Prevent actions log from crashing when displaying deleted status (fixes #8133) (#8219) 2018-08-16 20:05:26 +02:00
ThibG c98681c358 Do not error out when performing admin actions on no statuses (#8220)
Fixes the other issue with #8168
2018-08-16 20:02:52 +02:00
Eugen Rochko 0dcc1950d1
Update /terms and /about/more to use public layout (#8142) 2018-08-09 12:58:20 +02:00
Eugen Rochko f2404de871
Public profile endorsements (accounts picked by profile owner) (#8146) 2018-08-09 09:56:53 +02:00
Eugen Rochko cc56f2230a
Add separate setting for sidebar text (site_short_description) (#8107)
* Add separate setting for sidebar text (site_short_description)

* Fix tests
2018-07-31 18:59:34 +02:00
Eugen Rochko bb71538bb5
Redesign public profiles and toots (#8068) 2018-07-28 19:25:33 +02:00
Eugen Rochko 2bcdfcdee3 Add missing translation for admin dashboard trends section (#8040) 2018-07-17 07:15:17 +09:00
Eugen Rochko 2354b10eb5
Add admin dashboard (#8029) 2018-07-16 01:11:53 +02:00
Eugen Rochko e55dce3176
Add federation relay support (#7998)
* Add federation relay support

* Add admin UI for managing relays

* Include actor on relay-related activities

* Fix i18n
2018-07-13 02:16:06 +02:00
Eugen Rochko f89c595ea0
Add admin setting to enable OG previews for sensitive media (#7962) 2018-07-06 02:15:56 +02:00
Eugen Rochko 2092d5c0ad
Improve embeds (#7919)
* Make embeds cacheable by reverse proxy

* Make follow button on embeds open remote follow modal

Instead of web+mastodon://, also, turn the button blue, and add a
sign up prompt to the remote follow modal
2018-07-01 04:12:34 +02:00
Eugen Rochko cdb101340a
Keyword/phrase filtering (#7905)
* Add keyword filtering

    GET|POST       /api/v1/filters
    GET|PUT|DELETE /api/v1/filters/:id

- Irreversible filters can drop toots from home or notifications
- Other filters can hide toots through the client app
- Filters use a phrase valid in particular contexts, expiration

* Make sure expired filters don't get applied client-side

* Add missing API methods

* Remove "regex filter" from column settings

* Add tests

* Add test for FeedManager

* Add CustomFilter test

* Add UI for managing filters

* Add streaming API event to allow syncing filters

* Fix tests
2018-06-29 15:34:36 +02:00
Eugen Rochko a58ec29631
Allow selecting default posting language instead of auto-detect (#7828)
* Allow selecting default posting language instead of auto-detect

* Enable default language setting in credentials API

* Fix form saving
2018-06-17 18:57:31 +02:00