about summary refs log tree commit diff
path: root/app/controllers/api/v1/accounts_controller.rb
AgeCommit message (Collapse)Author
2020-09-08Monsterfork v2 Kaiju Commit 2020.06.27.1 - 2020.09.05.5Fire Demon
2020-03-08Add specific rate limits for posting and following (#13172)Eugen Rochko
2020-03-06Remove useless `respond_to` calls (#13208)Eugen Rochko
2019-10-03Add `reason` param to `POST /api/v1/accounts` REST API (#12064)Eugen Rochko
For approval-required registrations mode
2019-09-27Change silences to always require approval on follow (#11975)ThibG
* Change silenced accounts to require approval on follow * Also require approval for follows by people explicitly muted by target accounts * Do not auto-accept silenced or muted accounts when switching from locked to unlocked * Add `follow_requests_count` to verify_credentials * Show “Follow requests” menu item if needed even if account is locked * Add tests * Correctly reflect that follow requests weren't auto-accepted when local account is silenced * Accept follow requests from user-muted accounts to avoid leaking mutes
2019-07-30Add whitelist mode (#11291)Eugen Rochko
2019-04-07Improve blocked view of profiles (#10491)Eugen Rochko
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)" This reverts commit 120544067fcca4bf6e71ba1ffb276c451c17c656. * Revert "Hide blocking accounts from blocked users (#10442)" This reverts commit 62bafa20a112ccdddaedb25723fc819dbbcd8e9a. * Improve blocked view of profiles - Change "You are blocked" to "Profile unavailable" - Hide following/followers in API when blocked - Disable follow button and show "Profile unavailable" on public profile as well
2019-04-01Hide blocking accounts from blocked users (#10442)ThibG
* Revert "Add indication that you have been blocked in web UI (#10420)" This reverts commit bd02ec6daa974dcd3231e73826a56e08dbeedadc. * Revert "Add `blocked_by` relationship to the REST API (#10373)" This reverts commit 9745de883b198375ba23f7fde879f6d75ce2df0f. * Hide blocking accounts from search results * Filter blocking accouts from account followers * Filter blocking accouts from account's following accounts * Filter blocking accounts from “reblogged by” and “favourited by” lists * Remove blocking account from URL search * Return 410 on trying to fetch user data from a user who blocked us * Return 410 in /api/v1/account/statuses for suspended or blocking accounts * Fix status filtering when performing URL search * Restore some React improvements Restore some cleanup from bd02ec6daa974dcd3231e73826a56e08dbeedadc * Refactor by adding `without_blocking` scope
2019-03-14Admission-based registrations mode (#10250)Eugen Rochko
Fix #6856 Fix #6951
2019-01-07Add locale param to sign-up API (#9747)Eugen Rochko
Fix #9627
2018-12-24Add REST API for creating an account (#9572)Eugen Rochko
* Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
2018-11-08Optimize the process of following someone (#9220)Eugen Rochko
* Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-07-05Add more granular OAuth scopes (#7929)Eugen Rochko
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
2018-04-30Return HTTP 410 for suspended accounts in GET /api/v1/accounts/:id (#7287)Eugen Rochko
Fix #7243
2018-03-01Ensure that boolean params in the API are parsed for truthiness (#6575)Eugen Rochko
Use Rails smart boolean cast to account for values such as "f", "0", "false", etc. Previously, if a param was present in the request, it would count as true.
2017-12-06Using double splat operator (#5859)Yamagishi Kazutoshi
2017-11-28Allow hiding of reblogs from followed users (#5762)aschmitz
* Allow hiding of reblogs from followed users This adds a new entry to the account menu to allow users to hide future reblogs from a user (and then if they've done that, to show future reblogs instead). This does not remove or add historical reblogs from/to the user's timeline; it only affects new statuses. The API for this operates by sending a "reblogs" key to the follow endpoint. If this is sent when starting a new follow, it will be respected from the beginning of the follow relationship (even if the follow request must be approved by the followee). If this is sent when a follow relationship already exists, it will simply update the existing follow relationship. As with the notification muting, this will now return an object ({reblogs: [true|false]}) or false for each follow relationship when requesting relationship information for an account. This should cause few issues due to an object being truthy in many languages, but some modifications may need to be made in pickier languages. Database changes: adds a show_reblogs column (default true, non-nullable) to the follows and follow_requests tables. Because these are non-nullable, we use the existing MigrationHelpers to perform this change without locking those tables, although the tables are likely to be small anyway. Tests included. See also <https://github.com/glitch-soc/mastodon/pull/212>. * Rubocop fixes * Code review changes * Test fixes This patchset closes #648 and resolves #3271. * Rubocop fix * Revert reblogs defaulting in argument, fix tests It turns out we needed this for the same reason we needed it in muting: if nil gets passed in somehow (most usually by an API client not passing any value), we need to detect and handle it. We could specify a default in the parameter and then also catch nil, but there's no great reason to duplicate the default value.
2017-11-15Optional notification muting (#5087)Surinna Curtis
* Add a hide_notifications column to mutes * Add muting_notifications? and a notifications argument to mute! * block notifications in notify_service from hard muted accounts * Add specs for how mute! interacts with muting_notifications? * specs testing that hide_notifications in mutes actually hides notifications * Add support for muting notifications in MuteService * API support for muting notifications (and specs) * Less gross passing of notifications flag * Break out a separate mute modal with a hide-notifications checkbox. * Convert profile header mute to use mute modal * Satisfy eslint. * specs for MuteService notifications params * add trailing newlines to files for Pork :) * Put the label for the hide notifications checkbox in a label element. * Add a /api/v1/mutes/details route that just returns the array of mutes. * Define a serializer for /api/v1/mutes/details * Add more specs for the /api/v1/mutes/details endpoint * Expose whether a mute hides notifications in the api/v1/relationships endpoint * Show whether muted users' notifications are muted in account lists * Allow modifying the hide_notifications of a mute with the /api/v1/accounts/:id/mute endpoint * make the hide/unhide notifications buttons work * satisfy eslint * In probably dead code, replace a dispatch of muteAccount that was skipping the modal with launching the mute modal. * fix a missing import * add an explanatory comment to AccountInteractions * Refactor handling of default params for muting to make code cleaner * minor code style fixes oops * Fixed a typo that was breaking the account mute API endpoint * Apply white-space: nowrap to account relationships icons * Fix code style issues * Remove superfluous blank line * Rename /api/v1/mutes/details -> /api/v2/mutes * Don't serialize "account" in MuteSerializer Doing so is somewhat unnecessary since it's always the current user's account. * Fix wrong variable name in api/v2/mutes * Use Toggle in place of checkbox in the mute modal. * Make the Toggle in the mute modal look better * Code style changes in specs and removed an extra space * Code review suggestions from akihikodaki Also fixed a syntax error in tests for AccountInteractions. * Make AddHideNotificationsToMute Concurrent It's not clear how much this will benefit instances in practice, as the number of mutes tends to be pretty small, but this should prevent any blocking migrations nonetheless. * Fix up migration things * Remove /api/v2/mutes
2017-09-11Fix error when following locked accounts (#4896)Eugen Rochko
2017-09-05Fix #4794 - Fake instant follow in API response when account is believed ↵Eugen Rochko
unlocked (#4799)
2017-07-07Refactor JSON templates to be generated with ActiveModelSerializers instead ↵Eugen Rochko
of Rabl (#4090)
2017-06-07Clean up for api/base controller (#3629)Matt Jankowski
* Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
2017-05-31Spec coverage and refactor for the api/v1/accounts controllers (#3451)Matt Jankowski
2017-05-25More use of next link header on account (media) timelines (#3311)unarist
This will reduce requests on who have only few statuses. - Use next link header to detect more items from first request - Omit next link header if result items are fewer than requested count (It had omit it only if result was empty before)
2017-05-23Fix following/followers API to return correct link headers (#3268)unarist
Link headers in following/followers API should include follow_id as max_id/since_id. However, these API use current_user's account_id instead of follow_id from #3167. This causes irrelevant result on loading more users.
2017-05-20Use joins for account properties (#3167)Akihiko Odaki
2017-05-19Add buttons to block and unblock domain (#3127)Eugen Rochko
* Add buttons to block and unblock domain * Relationship API now returns "domain_blocking" status for accounts, rename "block entire domain" to "hide entire domain", fix unblocking domain, do not block notifications from domain-blocked-but-followed people, do not send Salmons to domain blocked users * Add test * Personal domain blocks shouldn't affect Salmon after all, since in this direction of communication the control is very thin when it comes to public stuff. Best stay consistent and not affect federation in this way * Ignore followers and follow request from domain blocked folks, ensure account domain blocks are not created for empty domain, and avoid duplicates in validation * Purge followers when blocking domain (without soft-blocks, since they are useless here) * Add tests, fix local timeline being empty when having any domain blocks
2017-04-19Simplify render in controllers (#2144)Matt Jankowski
2017-04-09Fix /api/v1/accounts/update_credentials tests (#1357)Eugen
2017-04-09Allow users to update their Account in the API (#1179)David Celis
* Allow users to update their Account in the API It would be nice for API clients to be able to allow users to update their accounts without having to wrap Mastodon in a web view. This patch adds an API endpoint to let users submit a PATCH for their account. Signed-off-by: David Celis <me@davidcel.is> * Add /api/v1/accounts/update_credentials to the API docs Signed-off-by: David Celis <me@davidcel.is>
2017-04-08Make public timelines API not require user context/app credentials (#1291)Eugen
* Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
2017-03-30Add counter caches for a large performance increase on API requestsEugen Rochko
2017-03-22New API method: /api/v1/searchEugen Rochko
Returns accounts, statuses, hashtags arrays
2017-03-17Forgot to hook up API with the latest methodEugen Rochko
2017-03-06Performance improvement for profilesEugen Rochko
2017-03-05Improved /api/v1/accounts/:id/statuses with new params: only_media, ↵Eugen Rochko
exclude_replies Redirect /:username to /users/:username Redirect /:username/:id to /users/:username/updates/:id Updated API documentation and sponsors
2017-03-01Mute button progress so far. WIP, doesn't entirely work correctly.Kit Redgrave
2017-02-25Add tuning documentation, add <content> tags back to most salmons,Eugen Rochko
make status pagination headers generation more lax about next page existing
2017-02-17Add GET /api/v1/accounts/:id/statuses/media that returns only statuses with ↵Eugen Rochko
media attachments Make replies default to privacy settings of the status being replied to
2017-01-24Make blocks create entries and unfollows instantly, but do the clean upEugen Rochko
in the background instead. Should fix delay where blocked person can interact with blocker for a short time before background job gets processed
2017-01-24API now respects ?limit param as long as it's within 2x default limitEugen Rochko
2017-01-23Move merging/unmerging of timelines into background. Move blocking intoEugen Rochko
background as well since it's a computationally expensive
2017-01-13Extend rails-settings-cached to merge db-saved hash values with defaultsEugen Rochko
2016-12-22Follow call on locked account creates follow request insteadEugen Rochko
Reflect "requested" relationship in API and UI Reflect inability of private posts to be reblogged in the UI Disable Webfinger for locked accounts
2016-12-21Private visibility on statuses prevents non-followers from seeing thoseEugen Rochko
Filters out hidden stream entries from Atom feed Blocks now generate hidden stream entries, can be used to federate blocks Private statuses cannot be reblogged (generates generic 422 error for now) POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean Statuses JSON now contains visibility=(public|unlisted|private) field
2016-12-01Fix pt translations, improve pre-cache queries, removing will_paginateEugen Rochko
from accounts/tags because it's a terribly inefficient way to paginate large sets of data
2016-11-29Unify collection caching codeEugen Rochko
2016-11-25Remove stale entries from cache resultsEugen Rochko
2016-11-24Remove Neo4JEugen Rochko
2016-11-23Cache accounts/:id/statuses and single statuses tooEugen Rochko