1
0
Fork 1
mirror of https://github.com/mastodon/mastodon.git synced 2025-01-04 14:19:36 +00:00
Commit graph

155 commits

Author SHA1 Message Date
Eugen Rochko 5b3a8737d6
Add hints for rules () 2024-03-11 08:57:07 +00:00
Paolo Melchiorre aca691726b
Fix Add missing WebP hint in avatar/header localizations () 2024-02-23 22:10:46 +00:00
Claire 16681e0f20
Add admin notifications for new Mastodon versions () 2023-09-01 17:47:07 +02:00
Claire 9e26cd5503
Add authorized_fetch server setting in addition to env var () 2023-09-01 15:41:10 +02:00
jsgoldstein 30c191aaa0
Add new public status index ()
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-24 16:40:04 +02:00
Claire cc4560d95b
Change “privacy and reach” settings so that unchecking boxes always increase privacy and checking them always increase reach () 2023-08-17 09:13:26 +02:00
Claire fc5ab2dc83
Add privacy tab in profile settings ()
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-08-14 18:52:45 +02:00
Eugen Rochko 4d01d1a1ee
Remove 16:9 cropping from web UI () 2023-07-24 13:46:55 +02:00
Eugen Rochko bca649ba79
Change edit profile page () 2023-06-14 04:38:07 +02:00
Eugen Rochko 432a5d2d4b
Change "bot" label to "automated" () 2023-06-11 04:47:07 +02:00
Eugen Rochko 4c9406bdb0
Add time zone preference () 2023-06-10 03:29:37 +02:00
Eugen Rochko 4eda233e09
Add webhook templating ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 10:42:47 +02:00
Claire 94329f28e1
Change wording of “Content cache retention period” setting to highlight destructive implications () 2023-06-02 18:09:08 +02:00
Eugen Rochko e5c0b16735
Add progress indicator to sign-up flow () 2023-04-16 07:01:24 +02:00
Eugen Rochko 8f590b0a21
Add setting for status page URL () 2023-02-04 04:56:06 +01:00
Claire 3970a6f433
Add option to make the landing page be /about even when trends are enabled ()
* Add option to make the landing page be /about even when trends are enabled

* Restablish /explore as landing page by default
2023-01-18 16:43:58 +01:00
Darius Kazemi 507e1d22f5
Allow admins to toggle public statistics API ()
* Allow admins to toggle public statistics API

* Normalize i18n

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-01-13 17:14:39 +01:00
Darius Kazemi d35fe3d5e3
Add peers API endpoint toggle to Server Settings ()
* Add peers endpoint toggle to Server Settings

This places the toggle under "Discovery" and expands the hint text to explain further what the endpoint is used for. Added a "Recommended" tag since it was recommended in v3 before it was removed.

Fixes https://github.com/mastodon/mastodon/issues/22222

* i18n normalize step
2023-01-13 16:43:17 +01:00
Claire f79c200f7e
Change wording of admin report handling actions ()
* Change admin report handling UI to display appropriate text for remote reports

Change from “Decide which action to take to resolve this report. If you take a
punitive action against the reported account, an e-mail notification will be
sent to them, except when the Spam category is selected.” to “Decide which
action to take to resolve this report. This will only affect how your server
communicates with this remote account and handle its content.”

* Reword admin actions descriptions to make clear which admin actions close reports
2023-01-13 11:03:14 +01:00
Eugen Rochko b1a219552e
Fix featured tags not saving preferred casing () 2022-11-04 16:08:29 +01:00
Eugen Rochko 7c152acb2c
Change settings area to be separated into categories in admin UI ()
And update all descriptions
2022-10-22 11:44:41 +02:00
Eugen Rochko 5c9abdeff1
Add retention policy for cached content and media () 2022-09-27 03:08:19 +02:00
Eugen Rochko 546672e292
Change "Allow trends without prior review" setting to include statuses ()
* Change "Allow trends without prior review" setting to include posts

* Fix i18n-tasks
2022-08-28 04:00:39 +02:00
Eugen Rochko d83faa1a89
Add ability to block sign-ups from IP () 2022-08-24 19:00:37 +02:00
Ondřej Pokorný 04cdfc0086
Fix a typo in user role priority ()
"alower priority" -> "a lower priority"
2022-07-08 22:39:17 +02:00
Claire befbac3f1c
Fix various in the user role management UI ()
* Reword priority description

* Disable checkboxes for permissions you can't enable in role edition interface

* Set max priority in HTML attribute

* Explicitly link to role edition, do not link when you can't edit

* Reword priority description based on review
2022-07-07 18:18:23 +02:00
Eugen Rochko 44b2ee3485
Add customizable user roles ()
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
2022-07-05 02:41:40 +02:00
Claire 02851848e9
Revamp post filtering system ()
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
2022-06-28 09:42:13 +02:00
Eugen Rochko a2871cd747
Add administrative webhooks ()
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
2022-06-09 21:57:36 +02:00
Eugen Rochko 8e20e16cf0
Change e-mail notifications to only be sent when recipient is offline ()
* Change e-mail notifications to only be sent when recipient is offline

Change the default for follow and mention notifications back on

* Add preference to always send e-mail notifications

* Change wording
2022-04-08 18:03:31 +02:00
Eugen Rochko edf09ec747
Add /api/v1/accounts/familiar_followers to REST API ()
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07 09:36:47 +01:00
Eugen Rochko a29a982eaa
Change e-mail domain blocks to block IPs dynamically ()
* Change e-mail domain blocks to block IPs dynamically

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-24 17:28:23 +01:00
Eugen Rochko 564efd0651
Add appeals ()
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko 6e50134a42
Add trending links ()
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Claire 3c45dfa0fe
Fix “discoverable” account setting being tied to profile directory () 2021-08-20 16:11:58 +02:00
Mélanie Chauvel d137d2ab87
Replace “status” and “message” by “post” in WebUI () 2021-05-17 22:31:35 +02:00
Eugen Rochko 74081433d0
Change trending hashtags to be affected be reblogs ()
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending

Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots

Remove references to hashtags in profile directory from the code
and the admin UI
2021-05-07 14:33:43 +02:00
Eugen Rochko 8d5ab51c61
Change the noun 'toot' to 'post' in simple_form.en.yml as well () 2021-04-22 03:25:04 +02:00
Eugen Rochko 3d82a1de05
Change option labels on edit profile page () 2021-04-15 16:28:20 +02:00
Claire 4f19504986
Add inline description of moderation actions in moderation interface () 2021-02-24 16:53:16 +01:00
Eugen Rochko 8331fdf7e0
Add server rules () 2021-02-21 19:50:12 +01:00
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form ()
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
Takeshi Umeda d6fe0c94ca
Add account sensitized ()
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
2020-11-04 20:45:01 +01:00
Eugen Rochko 5e1364c448
Add IP-based rules () 2020-10-12 16:33:49 +02:00
ThibG 78e45a5285
Add option to disable swiping motions across the WebUI ()
Fixes 
2020-09-30 19:31:03 +02:00
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default () 2020-09-15 14:37:58 +02:00
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method ()
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
mayaeh 411bf188bb
follow-up ()
ran `yarn manage:translations en`
2020-07-01 11:34:19 +02:00
Eugen Rochko 72a7cfaa39
Add e-mail-based sign in challenge for users with disabled 2FA () 2020-06-09 10:23:06 +02:00
Eugen Rochko bea0bb39d6
Add option to include resolved DNS records when blacklisting e-mail domains in admin UI ()
* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12 22:35:20 +01:00