Commit graph

1498 commits

Author SHA1 Message Date
Claire db57bff11d
Stop setting a shortcode to newly-created media attachments (#16730)
* Stop setting a shortcode to newly-created media attachments

The WebUI has stopped using the “short media URL” in ages. This isn't used
anywhere except for mail notifications.

Deprecating it would allow us to eventually get rid of at least a database
column and corruption-prone index, as well as a controller.

* Fix tests
2021-09-13 18:59:37 +02:00
Claire 1aca5ef9bc Merge branch 'main' into glitch-soc/merge-upstream 2021-08-20 16:14:45 +02:00
Claire 3c45dfa0fe
Fix “discoverable” account setting being tied to profile directory (#16637) 2021-08-20 16:11:58 +02:00
Claire 8ec4be4233 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Not a real conflict, upstream-updated dependency (redis) textually too
  close to glitch-soc-only dependecy.
  Updated redis gem like upstream did.
2021-08-09 23:25:49 +02:00
Claire 4ac78e2a06
Add feature to automatically delete old toots (#16529)
* Add account statuses cleanup policy model

* Record last inspected toot to delete to speed up successive calls to statuses_to_delete

* Add service to cleanup a given account's statuses within a budget

* Add worker to go through account policies and delete old toots

* Fix last inspected status id logic

All existing statuses older or equal to last inspected status id must be
kept by the current policy. This is an invariant that must be kept so that
resuming deletion from the last inspected status remains sound.

* Add tests

* Refactor scheduler and add tests

* Add user interface

* Add support for discriminating based on boosts/favs

* Add UI support for min_reblogs and min_favs, rework UI

* Address first round of review comments

* Replace Snowflake#id_at_start with with_random parameter

* Add tests

* Add tests for StatusesCleanupController

* Rework settings page

* Adjust load-avoiding mechanisms

* Please CodeClimate
2021-08-09 23:11:50 +02:00
Claire cdf20f4367 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/serializers/rest/instance_serializer.rb`:
  Upstream changed the fields returned by /api/v1/instance by adding a
  `configuration` field holding a lot of useful information making our
  `max_toot_chars` and `poll_limits` fields obsolete.
  Keeping those around for now for compatibility.
- `app/validators/status_length_validator.rb`:
  No real conflict, just URL_PLACEHOLDER_CHARS introduced too close to
  MAX_CHARS which is defined differently in glitch-soc.
  Ported upstream changes.
2021-07-11 21:41:23 +02:00
Eugen Rochko 7095c80373
Add ability to filter reports by origin of target account (#16487) 2021-07-11 11:01:38 +02:00
Claire 3160e050a9 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/helpers/accounts_helper.rb`:
  Conflict due to upstream changing how followers count is displayed while we
  have an option to hide followers count.
  Ported upstream change.
- `app/views/accounts/_header.html.haml`:
  Conflict due to upstream changing how followers count is displayed while we
  have an option to hide followers count.
  Ported upstream change.
- `app/views/directories/index.html.haml`:
  Conflict due to upstream changing how followers count is displayed while we
  have an option to hide followers count.
  Ported upstream change.
2021-07-08 16:17:19 +02:00
Eugen Rochko 771c9d4ba8
Add ability to skip sign-in token authentication for specific users (#16427)
Remove "active within last two weeks" exception for sign in token requirement

Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00
Claire e2844b7e58
Change number_to_human calls to always use 3-digits precision (#16469)
Fixes #16435
2021-07-07 21:13:08 +02:00
Claire d1780fb9a4 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/ISSUE_TEMPLATE/bug_report.md`:
  Removed upstream, while we had a checkbox telling people to check if the
  issue was present upstream. Removed the file as well.
2021-06-30 00:42:52 +02:00
David Sterry 7c27ccb8d8
Fix #16407 (#16432) 2021-06-27 22:31:28 +02:00
Claire 86aca08ec6 Merge branch 'main' into glitch-soc/merge-upstream 2021-06-24 08:08:02 +02:00
Claire 262c7bcb57
Add full user agent in tooltips for login activities (#16428)
Also adds timestamp in HTML itself to not rely on javascript
2021-06-23 16:42:23 +02:00
Claire 37fd9670a5 Merge branch 'main' into glitch-soc/merge-upstream 2021-06-23 10:46:24 +02:00
Eugen Rochko d174d12c83
Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
Claire 50b430d9a2 Merge branch 'main' into glitch-soc/merge-upstream
- `app/views/statuses/_simple_status.html.haml`:
  Small markup change in glitch-soc, on a line that has been modified by
  upstream. Ported upstream changes.
2021-05-07 18:21:59 +02:00
Eugen Rochko 74081433d0
Change trending hashtags to be affected be reblogs (#16164)
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending

Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots

Remove references to hashtags in profile directory from the code
and the admin UI
2021-05-07 14:33:43 +02:00
Claire 566fc90913
Add Ruby 3.0 support (#16046)
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0

Also improve the Terrapin monkey-patch for the stderr/stdout issue.

* Fix keyword argument handling throughout the codebase

* Monkey-patch Paperclip to fix keyword arguments handling in validators

* Change validation_extensions to please CodeClimate

* Bump microformats from 4.2.1 to 4.3.1

* Allow Ruby 3.0

* Add Ruby 3.0 test target to CircleCI

* Add test for admin dashboard warnings

* Fix admin dashboard warnings on Ruby 3.0
2021-05-06 14:22:54 +02:00
Takeshi Umeda 7cb34b32f8
Add management of delivery availability in Federation settings (#15771)
* Add management of delivery availavility in Federation settings

* fix translate

* Remove useless object creation

* Fix DeepSource issue

* Add shortcut for all

* Fix DeepSource(skipcq)

* Change 'remove' to 'clear'

* Fix style

* Change class method name (exhausted_deliveries_key_by)
2021-05-05 23:39:02 +02:00
Eugen Rochko 351c744590
Fix error when trying to render component for media without meta (#16112) 2021-05-05 21:16:55 +02:00
Eugen Rochko daccc07dc1
Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
Claire 536892b8ae Merge branch 'main' into glitch-soc/merge-upstream 2021-04-21 13:52:03 +02:00
Eugen Rochko 23b102f661
Add "recommended" label to activity/peers API toggles in admin UI (#16081) 2021-04-20 13:57:45 +02:00
Claire 4b115d070c Fix the follow recommendation admin page on glitch-soc 2021-04-20 12:22:50 +02:00
Claire e2a2bc9021 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Upstream updated copyright year, we don't mention it so kept our version.
- `app/controllers/admin/dashboard_controller.rb`:
  Not really a conflict, upstream change (removing the spam checker) too close
  to glitch-soc changes. Ported upstream changes.
- `app/models/form/admin_settings.rb`:
  Same.
- `app/services/remove_status_service.rb`:
  Same.
- `app/views/admin/settings/edit.html.haml`:
  Same.
- `config/settings.yml`:
  Same.
- `config/environments/production.rb`:
  Not a real conflict, upstream added a default HTTP header, but we have
  extra headers in glitch-soc.
  Added the header.
2021-04-20 12:17:14 +02:00
Eugen Rochko 480d7c9478
Fix missing source strings and inconsistent lead text style in admin UI (#16052) 2021-04-17 11:12:49 +02:00
Eugen Rochko f7117646af
Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
Eugen Rochko 619fad6cf8
Remove spam check and dependency on nilsimsa gem (#16011) 2021-04-11 11:22:50 +02:00
Claire c901ae77d4 Merge branch 'main' into glitch-soc/merge-upstream 2021-04-05 14:31:07 +02:00
Claire 117f6638d0
Fix SVG files not being correctly included in templates (#16001)
In Rails 6.1, raw file inclusion in templates have to be explicitly marked as
HTML-safe, otherwise it's rendered as text.
2021-04-05 13:05:49 +02:00
Eugen Rochko 487e37d6d4
Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Claire f60c99a8fb Merge branch 'main' into glitch-soc/merge-upstream 2021-03-24 10:53:50 +01:00
Claire 876840e9ef
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire 39a490c70e
Fix custom CSS when CDN_HOST is set (#15927) 2021-03-19 20:23:08 +01:00
Claire eac4a3e9c8 Merge branch 'main' into glitch-soc/merge-upstream 2021-03-15 11:26:59 +01:00
Filipe Rodrigues 3dc94d9f91
Fix reference to non-existing translation in the exports page. (#15894)
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.

This issue was introduced in commit dcd86204 (PR #14956).

(h/t @meqif for helping with figuring out the bug)
2021-03-15 02:17:29 +01:00
Claire 1b02d29be5
Fix not being able to change world filter expiration back to “Never” (#15858)
Fixes #15849
2021-03-12 05:25:50 +01:00
Claire 1b6a21e6bc Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/validators/status_length_validator.rb`:
  Conflict due to glitch-soc's configurable maximum toot chars.
  Ported upstream changes.
2021-03-11 16:08:15 +01:00
Claire 67c5cdea40
Fix some ignored brakeman warnings (#15829) 2021-03-07 07:06:56 +01:00
Claire d8fdbb054e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/validators/status_length_validator.rb`:
  Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real
  conflict.
  Applied upstream changes.
- `package.json`:
  glitch-soc-only dependency textually too close to a dependency updated
  upstream, not a real conflict.
  Applied upstream changes.
2021-03-02 12:06:58 +01:00
Claire 4f19504986
Add inline description of moderation actions in moderation interface (#15792) 2021-02-24 16:53:16 +01:00
Claire 1b50ac08c1
Fix server rules not being displayed if extended server discription isn't set (#15778) 2021-02-22 18:26:24 +01:00
Claire 679642e26c Merge branch 'main' into glitch-soc/merge-upstream 2021-02-22 15:23:46 +01:00
Eugen Rochko 8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Claire 5e11f3a6e1 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/javascript/styles/mastodon/modal.scss`:
  For some reason we changed the file loading path in glitch-soc,
  but now upstream has completely changed how the logo is loaded.
  Applied upstream changes.
2021-02-12 10:28:32 +01:00
Jeong Arm d499bb031f
Use custom mascot on static share page (#15687)
* Use custom mascot on static share page

* Use full_asset_url
2021-02-11 02:18:56 +01:00
Claire f90fa11db5 Merge branch 'main' into glitch-soc/merge-upstream 2021-01-21 16:51:12 +01:00
ThibG 7d0031a515
Fix Google Translate breaking web interface (#15610)
- marks the page as a whole as untranslatable
- still marks user text as translatable

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-21 14:29:54 +01:00
Claire 90528f43bc Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `config/webpack/configuration.js`:
  Upstream updated the `js-yaml` dependency, which changed how to call it.
  Those changes conflicted because that code is pretty different in glitch-soc
  which has to deal with its more complex theming system.
  Proceeded to the same compatibility changes in glitch-soc's code.
- `package.json` and `yarn.lock`:
  Not really a conflict, just glitch-soc-specific dependencies textually too
  close to some dependencies updated upstream.
2021-01-06 18:08:06 +01:00
Takeshi Umeda cb5bb2313b
Fix expand video on public page (#15469) 2020-12-30 23:18:11 +01:00
Claire f9d000ebae Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/services/resolve_url_service.rb`:
  The private toot search by URL hack has been revamped upstream.
  Took upstream's version.
2020-12-19 00:55:12 +01:00
Eugen Rochko 59343ef4d1
Fix missing description on enable bootstrap timeline accounts toggle in admin UI (#15367) 2020-12-19 00:19:15 +01:00
Eugen Rochko 8a95867693
Add option to obfuscate domain name in public list of domain blocks (#15355)
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
2020-12-18 08:30:41 +01:00
ThibG 8357969559
Fix admins being able to suspend their instance actor (#14567)
* Fix admin being able to suspend their own instance account

* Add text about the instance's own actor in admin view

* Change instance actor notice from flash message to template

* Do not list local instance actor in account moderation list
2020-12-15 17:23:58 +01:00
Claire e4f8679eae Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/models/form/admin_settings.rb`:
  New setting added upstream. Ported it.
- `app/views/statuses/_simple_status.html.haml`:
  Upstream removed RTL classes. Did the same.
- `config/settings.yml`:
  New setting added upstream. Ported it.
2020-12-15 14:27:06 +01:00
Eugen Rochko 1f564051b6
Change RTL detection to rely on unicode-bidi paragraph by paragraph (#14573) 2020-12-15 12:56:43 +01:00
Mashiro 75d2762fdf
Add "invite request content" display in user account admin page (#15265)
* feat: display `invite_request_text` in admin's user account page

* fix: move invite_request to the bottom of accounts page

* fix: remove time display, remove formate, change code terminology

* fix: remove escape
2020-12-15 06:28:14 +01:00
ThibG 1390cc194b
Add indication to admin UI of whether a report has been forwarded (#13237)
* Add indication to admin UI of whether a report has been forwarded

* Rework how forwarded status is displayed

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15 04:30:15 +01:00
ThibG 47e507fa61
Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
Eugen Rochko 216b85b053
Fix performance on instances list in admin UI (#15282)
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
2020-12-14 09:06:34 +01:00
Eugen Rochko a3b5675aa8
Change number format on about page from full to shortened (#15327) 2020-12-14 05:09:14 +01:00
Claire 7782e4dc0d Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/about_controller.rb`:
  Minor conflict caused by glitch-soc's theming system.
  Ported upstream changes.
2020-12-10 09:41:49 +01:00
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
Claire f8d867bac4 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/services/remove_status_service.rb`:
  Conflict caused by us having a distinc Direct timeline.
  Ported upstream changes.
- `app/javascript/mastodon/features/compose/components/compose_form.js`:
  Conflict between glitch-soc's variable character limit and upstream
  refactoring that part of the code.
  Ported upstream changes.
2020-12-05 17:33:37 +01:00
ThibG d849aad852
Change public thread view to hide "Show thread" link (#15266)
Fixes #15262
2020-12-02 21:21:44 +01:00
Eugen Rochko 13b07b88f1
Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228) 2020-11-28 05:17:53 +01:00
Thibaut Girka 48f0f3ffee Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `.github/ISSUE_TEMPLATE/bug_report.md`:
  Upstream added the `bug` label to bug reports.
  Did the same.
- `app/services/fan_out_on_write_service.rb`:
  Upstream put DMs back into timelines, glitch-soc was already doing it.
  Ignored upstream changes.
2020-11-20 13:27:48 +01:00
ThibG 96c1e71329
Add import/export feature for bookmarks (#14956)
* Add ability to export bookmarks

* Add support for importing bookmarks

* Add bookmark import tests

* Add bookmarks export test
2020-11-19 17:48:13 +01:00
Thibaut Girka c077cdaba7 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/relationships_controller.rb`:
  Upstream changed a line too close to a glitch-soc only line related to
  glitch-soc's theming system.
  Applied upstream changes accordingly.
2020-11-12 22:13:57 +01:00
Takeshi Umeda 148ce97e21
Add interrelationship icon (#15149)
* Add interrelationship icon

* Fix arrow for rtl

* Fix to predefined color
2020-11-12 17:43:12 +01:00
Takeshi Umeda 2b1a6e734f
Add follow selected followers button (#15148)
* Add follow selected followers button

* Fix unused variable

* Fix i18n normalize
2020-11-12 16:58:00 +01:00
Thibaut Girka 412218af2e Merge branch 'master' into glitch-soc/merge-upstream 2020-11-07 18:23:02 +01:00
Eugen Rochko 9b1f2a4b61
Add subresource integrity for JS and CSS assets (#15096)
Fix #2744
2020-11-06 11:56:31 +01:00
Mélanie Chauvel 68d4b2b83e
Display “Show newer” and “Show older” instead of “Show more” in public pages (#15052) 2020-11-04 21:15:45 +01:00
Takeshi Umeda d6fe0c94ca
Add account sensitized (#14361)
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
2020-11-04 20:45:01 +01:00
Thibaut Girka cd675fbe18 Merge branch 'master' into glitch-soc/merge-upstream 2020-11-03 17:28:54 +01:00
Thibaut Girka 5a41704f89 Fix IP blocks in admin panel
It was broken due to discrepancies between upstream and glitch-soc's
theming system.
2020-10-28 23:55:41 +01:00
Mélanie Chauvel 1d07f51039
Make visibility icon clickable as part of the time of a toot (#15053)
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
2020-10-27 03:00:47 +01:00
Thibaut Girka ec49aa8175 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Updated upstream, we deleted it to not be flooded by Depandabot.
  Kept deleted.
- `Gemfile.lock`:
  Puma updated on both sides, went for the most recent version.
- `app/controllers/api/v1/mutes_controller.rb`:
  Upstream updated the serializer to support timed mutes, while
  glitch-soc added a custom API ages ago to get information that
  is already available elsewhere.
  Dropped the glitch-soc-specific API, went with upstream changes.
- `app/javascript/core/admin.js`:
  Conflict due to changing how assets are loaded. Went with upstream.
- `app/javascript/packs/public.js`:
  Conflict due to changing how assets are loaded. Went with upstream.
- `app/models/mute.rb`:
  🤷
- `app/models/user.rb`:
  New user setting added upstream while we have glitch-soc-specific
  user settings. Added upstream's user setting.
- `config/settings.yml`:
  Upstream added a new user setting close to a user setting we had
  changed the defaults for. Added the new upstream setting.
- `package.json`:
  Upstream dependency updated “too close” to a glitch-soc-specific
  dependency. No real conflict. Updated the dependency.
2020-10-21 19:10:50 +02:00
ThibG 4c45b43cb8
Change how CDN_HOST is passed down to make assets build reproducible (#14381)
* Change how CDN_HOST is passed down to make assets build reproducible

* Change webpacker/webpack configuration to dynamically load publicPath based on meta header

* Fix embedded layout missing the cdn-host meta header
2020-10-13 01:19:35 +02:00
Eugen Rochko 5e1364c448
Add IP-based rules (#14963) 2020-10-12 16:33:49 +02:00
Eugen Rochko 7d985f2aac
Remove dependency on goldfinger gem (#14919)
There are edge cases where requests to certain hosts timeout when
using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
that we no longer need to support OStatus servers, webfinger logic
is so simple that there is no point encapsulating it in a gem, so
we can just use our own Request class. With that, we benefit from
more robust timeout code and IPv4/IPv6 resolution.

Fix #14091
2020-10-08 00:34:57 +02:00
Eugen Rochko a549415868
Fix regressions in icon buttons in web UI (#14915) 2020-10-04 15:02:36 +02:00
ThibG 78e45a5285
Add option to disable swiping motions across the WebUI (#13885)
Fixes #13882
2020-09-30 19:31:03 +02:00
Thibaut Girka a7aedebc31 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Not a real conflict, upstream updated dependencies that were too close to
  glitch-soc-only ones in the file.
- `app/controllers/oauth/authorized_applications_controller.rb`:
  Upstream changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/controllers/settings/base_controller.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/controllers/settings/sessions_controller.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/models/user.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc not preventing moved accounts from logging
  in.
  Ported upstream changes while keeping the ability for moved accounts to log
  in.
- `app/policies/status_policy.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's local-only toots.
  Ported upstream changes.
- `app/serializers/rest/account_serializer.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's ability  to hide followers count.
  Ported upstream changes.
- `app/services/process_mentions_service.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's local-only toots.
  Ported upstream changes.
- `package.json`:
  Not a real conflict, upstream updated dependencies that were too close to
  glitch-soc-only ones in the file.
2020-09-28 14:13:30 +02:00
Jeremy Rose 03b6b034b9
add og:published_time to opengraph meta tags (#14865) 2020-09-24 23:32:13 +02:00
Takeshi Umeda 070026e634
Fix method of the DELETE DATA button (#14855) 2020-09-21 20:37:19 +02:00
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
Eugen Rochko 4e4b3a0c8e
Refactor settings controllers (#14767)
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
2020-09-11 20:56:35 +02:00
Thibaut Girka 9748f074a3 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/controllers/api/v1/timelines/public_controller.rb
- app/lib/feed_manager.rb
- app/models/status.rb
- app/services/precompute_feed_service.rb
- app/workers/feed_insert_worker.rb
- spec/models/status_spec.rb

All conflicts are due to upstream refactoring feed management and us having
local-only toots on top of that. Rewrote local-only toots management for
upstream's changes.
2020-09-08 16:26:47 +02:00
abcang e79d719e92
Changed tag most_used to recently_used (#14760) 2020-09-07 17:47:41 +02:00
Thibaut Girka a68ec50e4e Adapt 2FA changes to glitch-soc's theming system 2020-08-30 17:26:18 +02:00
Thibaut Girka 8c3c27bf06 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/accounts_controller.rb`:
  Upstream change too close to a glitch-soc change related to
  instance-local toots. Merged upstream changes.
- `app/services/fan_out_on_write_service.rb`:
  Minor conflict due to glitch-soc's handling of Direct Messages,
  merged upstream changes.
- `yarn.lock`:
  Not really a conflict, caused by glitch-soc-only dependencies
  being textually too close to updated upstream dependencies.
  Merged upstream changes.
2020-08-30 16:13:08 +02:00
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
Thibaut Girka 74a9affdcc Merge branch 'master' into glitch-soc/merge-upstream 2020-08-19 19:16:41 +02:00
ThibG 62a45ae26e
Fix client-side form validation not accepting handles with uppercase letters (#14599) 2020-08-19 19:00:47 +02:00
Thibaut Girka da62e350e0 Merge branch 'master' into glitch-soc/merge-upstream 2020-08-13 22:17:29 +02:00
ThibG 0f38f9726a
Fix hardcoded non-breaking space in public view (#14568) 2020-08-13 12:04:28 +02:00
ThibG 7dc4c74265
Add client-side validation in password change forms (#14564)
* Fix client-side username validation at registration

It used the Account::USERNAME_RE regexp which is for *remote* users,
local user validation is stricter. Also take into account max username length.

* Add client-side form validation for password change

* Add client-side form validation to dedicated registration form

Previous changes only applied to the /about page, not the dedicated form on
/auth
2020-08-12 12:11:15 +02:00