about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2017-05-03Fix #2706 - Always respond with 200 to PuSH payloads (#2733)Eugen Rochko
Fix #2196 - Respond with 201 when Salmon accepted, 400 when unverified Fix #2629 - Correctly handle confirm_domain? for local accounts Unify rules for extracting author acct from XML, prefer <email>, fall back to <name> + <uri> (see also #2017, #2172)
2017-05-02Auth sign out (#2511)Matt Jankowski
* Add a spec for signing out * Add spec showing that suspended user gets a 403 forbidden on sign out * Allow suspended account users to sign out
2017-05-02Add option to disable two factor auth in admin accounts panel. (#2584)Kaylee
* Add option to disable two factor auth in admin accounts panel. Closes #2578 * Add @mjankowski's suggestions. * Moves destroy actions behind User#disable_two_factor! * Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor!
2017-05-02Add admin area view partials for each record type (#2700)Matt Jankowski
2017-05-02Coverage for remote follows (#2694)Matt Jankowski
* Add coverage for create with empty acct value * Add coverage for create with webfinger failure * Add coverage for create with webfinger providing bad values * Add coverage for create when webfinger is good * Add coverage for session[:remote_follow] having data * Simplify how remote follow pulls acct from session * Remote follow behaves more like model * Move the discovery portions of remote follow out of controller * Check for suspended accounts
2017-05-01Error responses cleanup (#2692)Matt Jankowski
* Use respond_with_error for forbidden errors * Wrap up common error code into single method
2017-05-01Filter on allowed user language preferences (#2361)Matt Jankowski
* Naive approached to timeline filtering * Convert allowed_languages into a db column * Allow users to choose languages to see statuses in * Style list items as two columns * Add a hint to explain language filtering preference
2017-05-01Fix Rubocop offences (#2630)yhirano
* disable Bundler/OrderedGems * fix rubocop Lint/UselessAssignment * fix rubocop Style/BlockDelimiters * fix rubocop Style/AlignHash * fix rubocop Style/AlignParameters, Style/EachWithObject * fix rubocop Style/SpaceInLambdaLiteral
2017-04-30Extract user tracking into concern (#2600)Matt Jankowski
2017-04-30More coverage yes more even more (#2627)Matt Jankowski
* Add coverage for admin/confirmations controller * Coverage for statuses controller show action * Add coverage for admin/domain_blocks controller * Add coverage for settings/profiles#update
2017-04-30Downgrade rubocop 0.48.1 => 0.46.0 (#2628)yhirano
* downgrade rubocop 0.48.1 => 0.46.0 * exclude vendor/**/* from rubocop target files * add frozen_string_literal comment line * fix percent literal delimited by ( and ) * fix alignment * remove comment disabling unknown cop
2017-04-29Remove uneeded `ORDER BY` query (#2615)alpaca-tc
2017-04-28Return missing page when tag does not exist (#2563)Matt Jankowski
2017-04-27Fix Doorkeeper error (#2534)Yamagishi Kazutoshi
* Fix Doorkeeper error * use Doorkeeper::OAuth::Scopes.from_string
2017-04-27Catch error when server decryption fails on 2FA (#2512)Matt Jankowski
2017-04-27OEmbed support for PreviewCard (#2337)Eugen Rochko
* OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller
2017-04-27Add spec coverage and refactor authorize_follows controller (#2505)Matt Jankowski
2017-04-25Localize with i18n for Devise::FailureApp (#2309)alpaca-tc
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden. Warden::Manager can be found in rake middleware. It is outside of the controller. In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager delegates request to failure_app to generate response and flash[:alert] after catching it. Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
2017-04-25Change ActivityPub paging to match spec. Clean up ActivityPub outbox ↵Evan Minto
changes. (#2410) * Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes. * Fix code style and test failures for OutboxController. * Attempt to fix CI errors.
2017-04-25Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents ↵Eugen Rochko
(#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
2017-04-25Punycode URI normalization (#2370)Eugen
* Fix #2119 - Whenever about to send a HTTP request, normalize the URI * Add test for IDN request in FetchLinkCardService * Perform IDN normalization on domains before they are stored in the DB
2017-04-24Return force_ssl to the controller (#2380)Matt Jankowski
2017-04-24Followers-only post federation (#2111)Eugen
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers * Authorized followers controller, stub for bulk action * Soft block in the background * Add simple test for new controller * Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results, rename "private" post setting to "followers-only", fix pagination style, improve post privacy preferences style, improve warning style * Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
2017-04-23ActivityPub: Add basic, read-only support for Outboxes, Notes, and ↵Evan Minto
Create/Announce Activities (#2197) * Clean up collapsible components * Expose user Outboxes and AS2 representations of statuses * Save work thus far. * Fix bad merge. * Save my work * Clean up pagination. * First test working. * Add tests. * Add Forbidden error template. * Revert yarn.lock changes. * Fix code style deviations and use localized instead of hardcoded English text.
2017-04-23Admin UI for confirming users (#2245)Ash Furrow
* Shows confirmed status in list. * Adds ability to confirm users in admin UI. * Added new english translations. * Addresses feedback from #2245. * More feedback.
2017-04-23Move force_ssl check to production config (#2165)Matt Jankowski
The force_ssl method from controllers does not add all of the options that the sitewide configuration in a config block does. For example, HSTS enforcement is not added by the controller method, but is added by this style.
2017-04-222FA controller cleanup (#2296)Matt Jankowski
* Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
2017-04-22Added API for single notification dismissal (#2251)Ashley
* Added API backend for notification dismissal * Added render statement * Changed statement
2017-04-21Fix #2195 - Set locale to error pages (#2255)Takayoshi Nishida
* Fix #2195 - Set locale to error pages * Fix #2195 - Cut duplicate process into one method
2017-04-21Clean up settings/preferences controller (#2237)Matt Jankowski
* Add missing fields group on preferences page * Clean up settings/preferences controller * Extract a UserSettingsDecorator
2017-04-20Admin settings controller refactor, add specs, cleanup (#2225)Matt Jankowski
* Add render_views for admin/settings spec * Add coverage for admin/settings#update * Add coverage for admin/settings typecasting open_registrations setting * Simplify how admin/settings finds the value for updating * Rely on activerecord to not update a value that hasnt changed * Add coverage for non-existent setting * Use a constant for boolean settings
2017-04-20Fix #2120 - Use Status#as_tag_timeline on public hashtag page (#2182)Eugen
* Fix #2120 - Use Status#as_tag_timeline on public hashtag page * Update tags_controller.rb
2017-04-19Simplify render in controllers (#2144)Matt Jankowski
2017-04-19Restful refactor of accounts/ routes (#2133)Matt Jankowski
* Add routing specs for accounts followers and following actions * Use more restful route naming for public account follow pages Moves two actions: - accounts#followers to accounts/follower_accounts#index - accounts#following to accounts/following_accounts#index Adds routing spec to ensure prior URLs are preserved.
2017-04-18Remove API authentication for public statuses (after review) (#1919)happycoloredbanana
2017-04-18Instances list in admin (#2095)Matt Jankowski
* Add admin/instances index action * Add link to instances admin page * View lists instances * Instances, grouped by domain, ordered by count * Use Account.remote scope * Extract method: Account.by_domain_accounts
2017-04-18Admin reports with accounts (#2092)Matt Jankowski
* Add a ReportFilter class * Add reports and targeted_reports relationships to Account * Use ReportFilter from admin/reports controller * Link to admin/reports filtered views from admin account show view * Add indexes to reports.account_id and reports.target_account_id
2017-04-18Avoid dynamic methods due to processing speed (#2080)839
2017-04-18Adjust visuals of non-autoplaying GIFVEugen Rochko
2017-04-18Merge branch 'pause-gif' of git://github.com/patf/mastodon into patf-pause-gifEugen Rochko
2017-04-18Remove unused methods (#1730)Matt Jankowski
* Remove unused method #set_counters_maps from api controller * Remove unused method #set_account_counters_maps from api controller * Remove unused method Account#followers_domains * Remove unused User.prolific scope * Add mastodon:users:admins task to list all admin emails * Use interpolated query style in Account.triadic_closures * Coverage for Account.triadic_closures
2017-04-17Media controller specs (#2022)Matt Jankowski
* Add spec for media controller * Add MediaAttachment.attached scope * Simplify methods in media controller
2017-04-17Fix #1897 - Return reblogged: false on unreblog (was wrongly named variable) ↵Eugen
(#1989)
2017-04-17Improve handling of HTTP_ACCEPT for webfinger (#2008)Matt Jankowski
This change includes: - Improve the spec coverage for incoming request to the webfinger action - For requests without an accept header (ie, what a browser might look like), return a JSON response. - For requests with an explicit format of xml or json, return that format. - For requests using an accept header, return that format. Also adds failing spec showing webfinger does not return xml, which covers the issue described in: https://github.com/tootsuite/mastodon/issues/1983
2017-04-17Add gif auto-play/pause preferencePatrick Figel
This introduces a new per-user preference called "Auto-play animated GIFs", which is enabled by default. When a user disables this setting, gifs in toots become click-to-play. Previews of animated gifs were changed to display the video play button so that users can distinguish them from regular images. This setting also affects account avatars in the detailed account view, which was changed to use the same hover-to-play mechanism that is used for animated avatars in timelines. Fixes #1652
2017-04-17Assign user locale on signup (#1982)saturday06
2017-04-16Onboarding modal (#1883)Eugen
* Basic onboarding modal that's shown to users once * Lay out pages 2 through 5, add images, style modals (#1509) * Lay out pages 2 through 5 Added images and laid out pages 2 through 5 in the jsx file. SCSS will come, still working on just seeing if this works at all. * Fix jsx errors, add images to modal pages, style modal pages * Add animations to onboarding pager changes, improve wording and styling * Finishing touches on the onboarding * Add missing propTypes * Update wording
2017-04-16I18n health warnings (#1949)Matt Jankowski
* Rename admin.domain_block to admin.domain_blocks in prep for i18n improvement * Use implicit controller/action path for i18n in admin/domain_blocks * Add DomainBlock#accounts has_many * Avoid i18n health warning for `en` locale by using symbol scope with :count * Remove unused i18n key: plaintext_secret_html * Remove unused i18n key two_factor_auth.warning * Remove final will_paginate i18n keys * Remove unused key two_factor_auth.recovery_codes * Remove unused key: admin.reports.comment.none * Remove unused reports. i18n namespace (moved to admin.reports) * Ignore keys from locales which override activemodel and activerecord errors * Revert "Remove unused key: admin.reports.comment.none" This reverts commit 350ef2685fadc069e619bb6d1066190de195d942. * Update i18n key reference to match moved location * Add missing `en` keys to i18n * Tell i18n-tasks to ignore missing attributes that dont need overwriting * Add i18n-tasks unused to travis
2017-04-16Make file attachment on MediaAttachment optional (#1865)Eugen
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true Clean up old media files when creating a new domain block with reject_media set to true Return remote_url in media attachments API if local file is not present Undo domain block action in admin UI Ability to enable reject_media from admin UI
2017-04-15ActiveRecord::NotFound is not defined (#1864)alpaca-tc