about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2018-04-17Set Referrer-Policy to origin in web UI and public pages of private toots ↵Eugen Rochko
(#7162) Fix #7115
2018-04-16Redirect to account status page for page of status stream entry (#7104)Akihiko Odaki
Commit 519119f657cf97ec187008a28dba00c1125a9292 missed a change for stream entry page. Instead of duplicating the change, redirect to account status page. It would also help crawlers (of search engines, for example) to understand a stream entry URL and its corresponding status URL points to the same page.
2018-04-14Add bio fields (#6645)Eugen Rochko
* Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
2018-04-12Upgrade Rails to version 5.2.0 (#5898)Yamagishi Kazutoshi
2018-04-11Paginate ancestor statuses in public page (#7102)Akihiko Odaki
This also limits the statuses returned by API, but pagination is not implemented in Web API yet. I still expect it brings user experience better than making a user wait to fetch all ancestor statuses and flooding the column with them.
2018-04-10Feature: Improve reports ui (#7032)Emelia Smith
* Further improvements to Reports UI - Clean up notes display - Clean up add new note form - Simplify controller - Allow reopening a report with a note - Show created at date for reports - Fix report details table formatting * Show history of report using Admin::ActionLog beneath the report * Fix incorrect log message when reopening a report * Implement fetching of all ActionLog items that could be related to the report * Ensure adding a report_note updates the report's updated_at * Limit Report History to actions that happened between the report being created and the report being resolved * Fix linting issues * Improve report history builder Thanks @gargron for the improvements
2018-04-10Feature: Allow staff to change user emails (#7074)Emelia Smith
* Admin: Show unconfirmed email address on account page * Admin: Allow staff to change user email addresses * ActionLog: On change_email, log current email address and new unconfirmed email address
2018-04-08Enable updating additional account information from user preferences via ↵Levi Bard
rest api (#6789) * Enable updating additional account information from user preferences via rest api Resolves #6553 * Pacify rubocop * Decoerce incoming settings in UserSettingsDecorator * Create user preferences hash directly from incoming credentials instead of going through ActionController::Parameters * Clean up user preferences update * Use ActiveModel::Type::Boolean instead of manually checking stringified number equivalence
2018-04-08Fix follow/unfollow buttons on public profile (fixes #7036) (#7040)ThibG
* Fix follow/unfollow buttons on public profile - Present non-logged users with web+mastodon:// URLs for remote accounts - Present logged-in users with appropriate links (authorize_follows and remote_unfollows) for remote accounts * Do not cache rendered cards if user is logged in
2018-04-07Prevent admins and moderators eavesdropping in private and direct toots (#7067)Alda Marteau-Hardi
Fix #6986
2018-04-03Improve require_admin! and require_staff! filters (#7018)Emelia Smith
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
2018-04-02Feature: Report improvements (#6967) (#7000)Emelia Smith
* Implement Assignment of Reports (#6967) * Change translation of admin.report.comment.label to "Report Comment" for clarity As we'll soon add the ability for reports to have comments on them, this clarification makes sense. * Implement notes for Reports This enables moderators to leave comments about a report whilst they work on it * Fix display of report moderation notes * Allow reports to be reopened / marked as unresolved * Redirect to reports listing upon resolution of report * Implement "resolve with note" functionality * Add inverse relationship for report notes * Remove additional database querying when loading report notes * Fix tests for reports * Fix localisations for report notes / reports
2018-04-02Implement the ability for an Administrator or Moderator to remove an account ↵Emelia Smith
avatar (#6998)
2018-04-02Fix unpermitted parameters warning when generating pagination URLs (#6995)Eugen Rochko
2018-03-18If DEFAULT_LOCALE is set, enforce it instead of HTTP request locale (#6817)Eugen Rochko
Fix #6784
2018-03-10Improve performance of account_media_status_ids (#6729)abcang
2018-03-08If login redirects to omniauth, redirect logout to root_path (#6694)Eugen Rochko
Fix #6670
2018-03-05Redirect from Web tag timeline to public tag timeline if not signed in (#6633)Akihiko Odaki
This is also implemented in Pawoo: https://github.com/pixiv/mastodon/commit/ceafdbd1bbf30fe20a2a814df0f8cae429a4e9db
2018-03-04Set the default locale in config (#6580)Akihiko Odaki
Previously the default locale was set by Localized concern for controllers, but it was not enforced for mailers. config is enforced throughout the application and an appropriate place to set the default locale.
2018-03-04Federate pinned statuses over ActivityPub (#6610)Eugen Rochko
* Federate pinned statuses over ActivityPub * Display pinned toots in web UI Fix #6117 * Fix migration * Fix tests * Update outbox_serializer.rb * Update remove_serializer.rb * Update add_serializer.rb * Update fetch_featured_collection_service.rb
2018-03-01Add only_media param to public and hashtag timelines API (#6576)Eugen Rochko
2018-03-01Ensure that boolean params in the API are parsed for truthiness (#6575)Eugen Rochko
Use Rails smart boolean cast to account for values such as "f", "0", "false", etc. Previously, if a param was present in the request, it would count as true.
2018-02-28Fix #942: Seamless LDAP login (#6556)Eugen Rochko
2018-02-28Federated reports (#6570)Eugen Rochko
* Fix #2176: Federated reports * UI for federated reports * Add spec for ActivityPub Flag handler * Add spec for ReportService
2018-02-26Improve public account cards (#6559)Eugen Rochko
- Add follow/unfollow/remote follow buttons - Format the bio properly - Always show username@domain, even for local accounts
2018-02-26Fix prev/next links on public profile page (#6497)Ian McCowan
* Fix prev/next links on public profile page * Don't make pagination urls if no available statuses * Fix empty check method * Put left chevron before prev page link * Add scope for pagination "starting at" a given id * Status pagination try 2: s/prev/older and s/next/newer "older" on left, "newer" on right Use new scope for "newer" link Extract magic 20 page size to constant Remove max_id from feed pagination as it's not respected * Reinstate max_id for accounts atom stream * normalize
2018-02-23New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML ↵Ghislain Loaec
strategies) (#6540)
2018-02-22Redesign landing page (again) (#6486)Eugen Rochko
* Redesign landing page (again) * Move login form in small version to the right column * Display closed registrations message * Add site setting for the hero image * Fix test * Increase spacing, maximum width, change call to action section
2018-02-22Fix #6526: Only store redirect location if not in JSON format (#6528)Eugen Rochko
2018-02-22Focal points (#6520)Eugen Rochko
* Add focus param to media API, center thumbnails on focus point * Add UI for setting a focal point * Improve focal point icon on upload item * Use focal point in upload preview * Add focalPoint property to ActivityPub * Don't show focal point button for non-image attachments
2018-02-21Fix bug in relationships API introduced by #6482 (#6527)Eugen Rochko
It was merge when it needed to be deep_merge. And added some tests
2018-02-21Account archive download (#6460)Eugen Rochko
* Fix #201: Account archive download * Export actor and private key in the archive * Optimize BackupService - Add conversation to cached associations of status, because somehow it was forgotten and is source of N+1 queries - Explicitly call GC between batches of records being fetched (Model class allocations are the worst offender) - Stream media files into the tar in 1MB chunks (Do not allocate media file (up to 8MB) as string into memory) - Use #bytesize instead of #size to calculate file size for JSON (Fix FileOverflow error) - Segment media into subfolders by status ID because apparently GIF-to-MP4 media are all named "media.mp4" for some reason * Keep uniquely generated filename in Paperclip::GifTranscoder * Ensure dumped files do not overwrite each other by maintaing directory partitions * Give tar archives a good name * Add scheduler to remove week-old backups * Fix code style issue
2018-02-18add parameter locked to /api/v1/update_credentials (#6506)Konrad Pozniak
2018-02-16Save video metadata and improve video OpenGraph tags (#6481)Eugen Rochko
* Save metadata from video attachments, put correct dimensions into OG tags * Add twitter:player for videos * Fix code style and test
2018-02-09Add preference to always display sensitive media (#6448)Eugen Rochko
2018-02-08Fix response of signature_verification_failure_reason (#6441)abcang
2018-02-04Exclude nil from relationships array (#6427)abcang
2018-02-04Add option to show only local toots in timeline preview (#6292)Renato "Lond" Cerqueira
* Add option to show only local toots in timeline preview Right know, toots from all the known fediverse are shown in the main page of an instance. That however doesn't reflect the instance itself. With this option the admin may choose to display only local toots so that users checking the instance get a better idea of internal conversations. * Fix issues pointed by codeclimate and eslint * Add default message for community timeline * Update pl.yml
2018-02-04CAS + SAML authentication feature (#6425)Eugen Rochko
* Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
2018-02-02Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207)ThibG
2018-02-02Allow retrieval of private statuses (single or in outbox) using HTTP ↵puckipedia
signatures (#6225)
2018-02-02pam authentication (#5303)Alexander
* add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
2018-01-23Fix #6331 (#6341)Eugen Rochko
UserTrackingConcern is circumvented by SessionsController#create because it calls warden, which calls the User#update_tracked_fields! method directly. Move returning user logic to that method.
2018-01-22Rename ResolveRemoteAccountService to ResolveAccountService (#6327)Akihiko Odaki
The service used to be named ResolveRemoteAccountService resolves local accounts as well.
2018-01-21Redirect to 2FA creation page when otp_secret is not available (#6314)Aboobacker MK
2018-01-18Fix regeneration marker not expiring (#6290)Eugen Rochko
* Fix regeneration key not getting expired * Add rake task to remove old regeneration markers
2018-01-17Fix home regeneration (#6251)Eugen Rochko
* Fix regeneration marker not being removed after completion * Return HTTP 206 from /api/v1/timelines/home if regeneration in progress Prioritize RegenerationWorker by putting it into default queue * Display loading indicator and poll home timeline while it regenerates * Add graphic to regeneration message * Make "not found" indicator consistent with home regeneration
2018-01-17implement web share target (#6278)りんすき
* web share target * fix * fix
2018-01-15Suppress CSRF token warnings (#6240)Patrick Figel
CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
2018-01-08Refactor /api/web APIs to use the centralized axios instance (#6223)nightpool
Also adds the ability to decouple the centralized axios logic from the state dispatcher