about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2017-04-27Add spec coverage and refactor authorize_follows controller (#2505)Matt Jankowski
2017-04-25Localize with i18n for Devise::FailureApp (#2309)alpaca-tc
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden. Warden::Manager can be found in rake middleware. It is outside of the controller. In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager delegates request to failure_app to generate response and flash[:alert] after catching it. Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
2017-04-25Change ActivityPub paging to match spec. Clean up ActivityPub outbox ↵Evan Minto
changes. (#2410) * Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes. * Fix code style and test failures for OutboxController. * Attempt to fix CI errors.
2017-04-25Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents ↵Eugen Rochko
(#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
2017-04-25Punycode URI normalization (#2370)Eugen
* Fix #2119 - Whenever about to send a HTTP request, normalize the URI * Add test for IDN request in FetchLinkCardService * Perform IDN normalization on domains before they are stored in the DB
2017-04-24Return force_ssl to the controller (#2380)Matt Jankowski
2017-04-24Followers-only post federation (#2111)Eugen
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers * Authorized followers controller, stub for bulk action * Soft block in the background * Add simple test for new controller * Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results, rename "private" post setting to "followers-only", fix pagination style, improve post privacy preferences style, improve warning style * Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
2017-04-23ActivityPub: Add basic, read-only support for Outboxes, Notes, and ↵Evan Minto
Create/Announce Activities (#2197) * Clean up collapsible components * Expose user Outboxes and AS2 representations of statuses * Save work thus far. * Fix bad merge. * Save my work * Clean up pagination. * First test working. * Add tests. * Add Forbidden error template. * Revert yarn.lock changes. * Fix code style deviations and use localized instead of hardcoded English text.
2017-04-23Admin UI for confirming users (#2245)Ash Furrow
* Shows confirmed status in list. * Adds ability to confirm users in admin UI. * Added new english translations. * Addresses feedback from #2245. * More feedback.
2017-04-23Move force_ssl check to production config (#2165)Matt Jankowski
The force_ssl method from controllers does not add all of the options that the sitewide configuration in a config block does. For example, HSTS enforcement is not added by the controller method, but is added by this style.
2017-04-222FA controller cleanup (#2296)Matt Jankowski
* Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
2017-04-22Added API for single notification dismissal (#2251)Ashley
* Added API backend for notification dismissal * Added render statement * Changed statement
2017-04-21Fix #2195 - Set locale to error pages (#2255)Takayoshi Nishida
* Fix #2195 - Set locale to error pages * Fix #2195 - Cut duplicate process into one method
2017-04-21Clean up settings/preferences controller (#2237)Matt Jankowski
* Add missing fields group on preferences page * Clean up settings/preferences controller * Extract a UserSettingsDecorator
2017-04-20Admin settings controller refactor, add specs, cleanup (#2225)Matt Jankowski
* Add render_views for admin/settings spec * Add coverage for admin/settings#update * Add coverage for admin/settings typecasting open_registrations setting * Simplify how admin/settings finds the value for updating * Rely on activerecord to not update a value that hasnt changed * Add coverage for non-existent setting * Use a constant for boolean settings
2017-04-20Fix #2120 - Use Status#as_tag_timeline on public hashtag page (#2182)Eugen
* Fix #2120 - Use Status#as_tag_timeline on public hashtag page * Update tags_controller.rb
2017-04-19Simplify render in controllers (#2144)Matt Jankowski
2017-04-19Restful refactor of accounts/ routes (#2133)Matt Jankowski
* Add routing specs for accounts followers and following actions * Use more restful route naming for public account follow pages Moves two actions: - accounts#followers to accounts/follower_accounts#index - accounts#following to accounts/following_accounts#index Adds routing spec to ensure prior URLs are preserved.
2017-04-18Remove API authentication for public statuses (after review) (#1919)happycoloredbanana
2017-04-18Instances list in admin (#2095)Matt Jankowski
* Add admin/instances index action * Add link to instances admin page * View lists instances * Instances, grouped by domain, ordered by count * Use Account.remote scope * Extract method: Account.by_domain_accounts
2017-04-18Admin reports with accounts (#2092)Matt Jankowski
* Add a ReportFilter class * Add reports and targeted_reports relationships to Account * Use ReportFilter from admin/reports controller * Link to admin/reports filtered views from admin account show view * Add indexes to reports.account_id and reports.target_account_id
2017-04-18Avoid dynamic methods due to processing speed (#2080)839
2017-04-18Adjust visuals of non-autoplaying GIFVEugen Rochko
2017-04-18Merge branch 'pause-gif' of git://github.com/patf/mastodon into patf-pause-gifEugen Rochko
2017-04-18Remove unused methods (#1730)Matt Jankowski
* Remove unused method #set_counters_maps from api controller * Remove unused method #set_account_counters_maps from api controller * Remove unused method Account#followers_domains * Remove unused User.prolific scope * Add mastodon:users:admins task to list all admin emails * Use interpolated query style in Account.triadic_closures * Coverage for Account.triadic_closures
2017-04-17Media controller specs (#2022)Matt Jankowski
* Add spec for media controller * Add MediaAttachment.attached scope * Simplify methods in media controller
2017-04-17Fix #1897 - Return reblogged: false on unreblog (was wrongly named variable) ↵Eugen
(#1989)
2017-04-17Improve handling of HTTP_ACCEPT for webfinger (#2008)Matt Jankowski
This change includes: - Improve the spec coverage for incoming request to the webfinger action - For requests without an accept header (ie, what a browser might look like), return a JSON response. - For requests with an explicit format of xml or json, return that format. - For requests using an accept header, return that format. Also adds failing spec showing webfinger does not return xml, which covers the issue described in: https://github.com/tootsuite/mastodon/issues/1983
2017-04-17Add gif auto-play/pause preferencePatrick Figel
This introduces a new per-user preference called "Auto-play animated GIFs", which is enabled by default. When a user disables this setting, gifs in toots become click-to-play. Previews of animated gifs were changed to display the video play button so that users can distinguish them from regular images. This setting also affects account avatars in the detailed account view, which was changed to use the same hover-to-play mechanism that is used for animated avatars in timelines. Fixes #1652
2017-04-17Assign user locale on signup (#1982)saturday06
2017-04-16Onboarding modal (#1883)Eugen
* Basic onboarding modal that's shown to users once * Lay out pages 2 through 5, add images, style modals (#1509) * Lay out pages 2 through 5 Added images and laid out pages 2 through 5 in the jsx file. SCSS will come, still working on just seeing if this works at all. * Fix jsx errors, add images to modal pages, style modal pages * Add animations to onboarding pager changes, improve wording and styling * Finishing touches on the onboarding * Add missing propTypes * Update wording
2017-04-16I18n health warnings (#1949)Matt Jankowski
* Rename admin.domain_block to admin.domain_blocks in prep for i18n improvement * Use implicit controller/action path for i18n in admin/domain_blocks * Add DomainBlock#accounts has_many * Avoid i18n health warning for `en` locale by using symbol scope with :count * Remove unused i18n key: plaintext_secret_html * Remove unused i18n key two_factor_auth.warning * Remove final will_paginate i18n keys * Remove unused key two_factor_auth.recovery_codes * Remove unused key: admin.reports.comment.none * Remove unused reports. i18n namespace (moved to admin.reports) * Ignore keys from locales which override activemodel and activerecord errors * Revert "Remove unused key: admin.reports.comment.none" This reverts commit 350ef2685fadc069e619bb6d1066190de195d942. * Update i18n key reference to match moved location * Add missing `en` keys to i18n * Tell i18n-tasks to ignore missing attributes that dont need overwriting * Add i18n-tasks unused to travis
2017-04-16Make file attachment on MediaAttachment optional (#1865)Eugen
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true Clean up old media files when creating a new domain block with reject_media set to true Return remote_url in media attachments API if local file is not present Undo domain block action in admin UI Ability to enable reject_media from admin UI
2017-04-15ActiveRecord::NotFound is not defined (#1864)alpaca-tc
2017-04-15Give SINGLE_USER a chance to register (#1820)Marcin Cieślak
An attempt to open a brand new Mastodon instance configured as SINGLE_USER_MODE=true will cause an exception. Enable temporary registration if we have no users in the database Fixes #1817
2017-04-15Add password reset for users from admin accounts area (#1841)Matt Jankowski
2017-04-15Add recovery code support for two-factor auth (#1773)Patrick Figel
* Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names
2017-04-15Send initial state in a <script type="application/json"> tag (#1806)Joachim Viide
2017-04-15Allow running mastodon on a different domain as the one used for identifying ↵ThibG
users (#1267) * Allow running mastodon on a different domain as the one used for identifying users * Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing * Compare to web_domain instead of local_domain when dealing with feeds/API * Correctly identify mentions to local accounts Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15Improve i18n chooser (#1804)Matt Jankowski
* Add locale spec with failing locale plus region check * Use a more accurate locale when supplied by browser headers Previously we were using a matching option which would use the first locale available which matched the locale portion, even if a region was specified. This changes to first try to find an exact match, and then fall back to the region, and then fall back to the default. * Clean up default_locale method
2017-04-14Admin reports controller improvements (#1714)Matt Jankowski
* Simplify admin/reports controller filtering for index * Rename parameter to resolved * Fix issue where reports view could not access filter_link_to * Add coverage for admin/reports controller * DRY up resolution of related reports for target account * Clean up admin/reports routes * Add Report#statuses method * DRY up current account action taken params * Rubocop styles
2017-04-13Clean up well-known routes/controllers (#1649)Matt Jankowski
* Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers
2017-04-13Admin accounts controller cleanup (#1664)Matt Jankowski
* Remove unused account_params method in admin/accounts controller * Introduce AccountFilter to find accounts * Use AccountFilter in admin/accounts controller * Use more restful routes admin silence and suspension area * Add admin/silences and admin/suspensions controllers
2017-04-13Settings export refactor (#1646)Matt Jankowski
* Refactor Export to take an account and know about the export types * Use Export instance in settings/exports#show
2017-04-12Quick best practice cleanup of views/helpers (#1546)Matt Jankowski
* Remove trailing whitespace * Use query methods instead of explicit .blank? checks
2017-04-12Webfinger resource to extract username from resource string (#1607)Matt Jankowski
* Add WebfingerResource class to extract usernames * Use WebfingerResource in xrd#webfinger
2017-04-12Allow import/export of mutes list (#1541)Matt Jankowski
* Allow export of mutes list * Allow importing of mutes list * Refactor to use Settings::Exports::BaseController and DRY up exports code
2017-04-12Simplify the way the embed view is created (#1590)Matt Jankowski
* Add coverage for embedded status view * Refactor embed view to eliminate @external_links variable
2017-04-12Default to json type for webfinger requests (#1583)Matt Jankowski
2017-04-11Refactor exports controller (#1567)Matt Jankowski
* Add basic coverage for settings/exports controller * Remove unused @account variable from settings/exports controller * Add coverage for download export actions * Remove deprecated `render :text` in favor of `send_data` for csv downloads * Add model to handle exports * Use Export class in settings/exports controller * Simplify settings/exports controller methods * Move settings/export to more restful routes