about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2017-07-17Updated from tootsuiteOndřej Hruška
2017-07-16Minor ActivityPub JSON fixes (#4214)Eugen Rochko
- Objects must have attributedTo instead of actor - The current attribute belongs to CollectionPage, not Collection
2017-07-15Merge upstream (#81)kibigo!
2017-07-15Raise search results count to 10 for testOndřej Hruška
reference: https://mastodon.xyz/users/lx/updates/278054
2017-07-15Improve ActivityPub representations (#3844)Eugen Rochko
* Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections
2017-07-14Fix #2672 - Connect signed PuSH subscription requests to instance domain (#4205)Eugen Rochko
* Fix #2672 - Connect signed PuSH subscription requests to instance domain Resolves #2739 * Fix return of locate_subscription * Fix tests
2017-07-14Fix response of unreblog/unfavourite APIs (#4204)unarist
Both APIs process asynchronously, so reblogged/favourited fields in the response should be set to `false` manually.
2017-07-14HTTP signatures (#4146)Eugen Rochko
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
2017-07-14Added buttons and menu items to dismiss individual notifications (#76)Ondřej Hruška
* Added DELETE verb for notifications * Added notification dismiss button to status dropdown * Added reveal-on-hover notif dismiss button, added FollowNotification component
2017-07-14Add option to opt out of search engines on public profile/status pages (#4199)Eugen Rochko
2017-07-13Web Push Notifications (#3243)Sorin Davidoi
* feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
2017-07-12Improve UI of admin site settings (#4163)Eugen Rochko
2017-07-11Fix #2848 - Rake task to redownload avatars/headers (#4156)Eugen Rochko
Can be filtered by a specific domain Resolves #2292
2017-07-11Fix #3462 - Require authentication for search API (#4155)Eugen Rochko
This makes it consistent with /api/v1/accounts/search and previous behaviour has been an oversight.
2017-07-11Redesign the landing page, mount public timeline on it (#4122)Eugen Rochko
* Redesign the landing page, mount public timeline on it * Adjust the standalone mounted component to the lacking of router * Adjust auth layout pages to new design * Fix tests * Standalone public timeline polling every 5 seconds * Remove now obsolete translations * Add responsive design for new landing page * Address reviews * Add floating clouds behind frontpage form * Use access token from public page when available * Fix mentions and hashtags links, cursor on status content in standalone mode * Add footer link to source code * Fix errors on pages that don't embed the component, use classnames * Fix tests * Change anonymous autoPlayGif default to false * When gif autoplay is disabled, hover to play * Add option to hide the timeline preview * Slightly improve alt layout * Add elephant friend to new frontpage * Display "back to mastodon" in place of "login" when logged in on frontpage * Change polling time to 3s
2017-07-10Remote following success page (#4129)STJrInuyasha
* Added a success page to remote following Includes follow-through links to web (the old redirect target) and back to the remote user's profile * Use Account.new in spec instead of a fake with only id (fixes spec) * Fabricate(:account) over Account.new * Remove self from the success text (and all HTML with it)
2017-07-10Add Japanese translation of terms and flash (#4137)のら
2017-07-10Add setting a always mark media as sensitive (#4136)Yamagishi Kazutoshi
2017-07-10Add attribute for default privacy to verify credentials (#4075)Yamagishi Kazutoshi
* Add attribute for default privacy to verify credentials * add raw_note * source
2017-07-08Replace OEmbed and initial state Rabl templates with serializers (#4110)Eugen Rochko
* Replace OEmbed Rabl template with serializer * Replace initial state rabl with serializer
2017-07-07Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091)Eugen Rochko
* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions * Fix tests, smooth migrate from previous session-based identifier
2017-07-07Refactor JSON templates to be generated with ActiveModelSerializers instead ↵Eugen Rochko
of Rabl (#4090)
2017-07-06Add a setting allowing the use of system's default font in Web UI (#4033)Damien Erambert
* add a system_font_ui setting on the server * Plug the system_font_ui on the front-end * add EN/FR locales for the new setting * put Roboto after all other fonts * remove trailing whitespace so CodeClimate is happy * fix user_spec.rb * correctly write user_spect this time * slightly better way of adding the classes * add comments to the system-font stack for clarification * use .system-font for the class instead * don't use multiple lines for comments * remove trailing whitespace * use the classnames module for consistency * use `mastodon-font-sans-serif` instead of Roboto directly
2017-07-04Customizable privacy policy from admin interface (#4062)Yamagishi Kazutoshi
2017-06-27Fix #1624 - Send e-mail notifications to admins about new reports (#3949)Eugen Rochko
2017-06-25Fix #3910 - Require OTP authentication to disable 2FA (#3935)Eugen Rochko
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability to generate new OTP backup codes *after* initial backup codes were handed out during activation * Restore recovery code re-generation * Improve display of some 2FA elements
2017-06-25Bind web UI access tokens to sessions (#3940)Eugen Rochko
* Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test
2017-06-25Add overview of active sessions (#3929)Eugen Rochko
* Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test
2017-06-19setting-for-account-deletable (#3852)masarakki
2017-06-19Rename FollowRemoteAccountService to ResolveRemoteAccountService (#3847)Eugen Rochko
Rename Activitypub to ActivityPub
2017-06-14Fix account delete form not accepting password, update suspended (#3745)Eugen Rochko
account before removing content for quicker feedback to end-users
2017-06-14Account deletion (#3728)Eugen Rochko
* Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
2017-06-14Fix #2619 - When redis feed is empty, fall back to database (#3721)Eugen Rochko
* Fix #2619 - When redis feed is empty, fall back to database * Use redis value to return feed from database only while RegenerationWorker hasn't finished running * Fix specs * Replace usage of reject!
2017-06-11Make sure email is case insensitive on all places (#3688)René Klačan
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed. More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
2017-06-10Improve default language decision and spec (#3351)Akihiko Odaki (@fn_aki@pawoo.net)
* Improve default language decision This change allows to takes account of accepted language determined by the user agent even if the custom default locale of the instance is configured. * Cover Localized more * Fix code style
2017-06-10Move create/destroy actions for api/v1/statuses to namespace (#3678)Matt Jankowski
Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods
2017-06-09Move reblogged_by and favourited_by actions out of api/v1/statuses and into ↵Matt Jankowski
unique controllers (#3646) * Add specs for api statuses routes * Update favourited_by and reblogged_by api routes * Move methods into new controllers * Use load_accounts methods to simplify index actions * Clean up load_accounts methods * Clean up link header generation * Check for link headers in specs * Remove unused actions from api/v1/statuses controller * Remove specs for moved actions
2017-06-08Add explit admin actions to (re)subscribe/unsubscribe remote accounts (#3640)Eugen Rochko
* Add explit admin actions to (re)subscribe/unsubscribe remote accounts and re-download avatar/header * Improve how admin NSFW toggle looks
2017-06-08Improve RuboCop rules (compatibility to Code Climate) (#3636)Yamagishi Kazutoshi
https://github.com/codeclimate/codeclimate-rubocop/blob/08f8de84ebfb39caa96391e23816877278f6441c/Gemfile.lock#L38 Code Climate is using RuboCop v0.46.0. Change several rules to maintain compatibility.
2017-06-07Clean up for api/base controller (#3629)Matt Jankowski
* Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
2017-06-07Coverage improvement and concern extraction for rate limit headers in API ↵Matt Jankowski
controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup
2017-06-06Fix #3063 - Add dynamic app manifest (#3563)Eugen Rochko
* Fix #3063 - Add dynamic app manifest * Added short_name * Add background_color
2017-06-05Redirect to streaming_api_base_url (#3579)Daigo 3 Dango
* Redirect to streaming_api_base_url When Rails receives a request to streaming API, it most likely means that there is another host which is configured to respond to it. This is to redirect clients to that host if `STREAMING_API_BASE_URL` is set as another host. * Use the new Ruby 1.9 hash syntax
2017-06-04Fix limit_param in favourites_controller.rb (#3553)Naoki Kosaka
2017-06-04change sidekiq queueing to bulk push (#3536)takayamaki
2017-06-02Ensure well_known controllers use WEB_DOMAIN by including RoutingHelper (#2388)ThibG
This fixes #2375.
2017-06-01Spec response for forgery (#3248)Akihiko Odaki (@fn_aki@pawoo.net)
Remove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
2017-05-31Spec coverage and refactor for the api/v1/accounts controllers (#3451)Matt Jankowski
2017-05-31Move admin/pubsubhubbub controller to admin/subscriptions (#3442)Matt Jankowski
2017-05-31Add Instance class to list admin records (#3443)Matt Jankowski