about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2018-01-15Suppress CSRF token warnings (#6240)Patrick Figel
CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
2018-01-08Refactor /api/web APIs to use the centralized axios instance (#6223)nightpool
Also adds the ability to decouple the centralized axios logic from the state dispatcher
2018-01-08Revert #5772 (#6221)Eugen Rochko
2018-01-07Fix force_ssl conditional (#6201)Yamagishi Kazutoshi
2018-01-07Fix unintended cache (#6214)Yamagishi Kazutoshi
2018-01-05Represent numbers by strings in instance activity API (#6198)TheKinrar
Fixes #6197.
2018-01-04Make sure private toots remain private and do not end up in HTTP caches (#6175)ThibG
2018-01-04Cache JSON of immutable ActivityPub representations (#6171)Eugen Rochko
2018-01-03Allow to dereference Follow object for ActivityPub (#5772)Akihiko Odaki
* Allow to dereference Follow object for ActivityPub * Accept IRI as object representation for Accept activity
2018-01-03Allow HTTP caching of json view of public statuses (#6115)ThibG
* Allow HTTP caching of json view of public statuses HTML views are not cached as they can contain private statuses as well * Disable session cookies for ActivityPub json rendering of public toots
2018-01-02Add confirmation step for email changes (#6071)Patrick Figel
* Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes
2018-01-02Show mastodon on modal (#6129)Akihiko Odaki
2017-12-30keep the same filters and page when doing custom emojo stuff (fixes #6112) ↵beatrix
(#6114)
2017-12-29Add more instance stats APIs (#6125)Eugen Rochko
* Add GET /api/v1/instance/peers API to reveal known domains * Add GET /api/v1/instance/activity API * Make new APIs disableable, exclude private statuses from activity stats * Fix code style issue * Fix week timestamps
2017-12-27Make host_meta/webfinger replies cacheable (fixes #6100) (#6101)ThibG
* Make host_meta/webfinger replies cacheable (fixes #6100) Drop common code for handling users and sessions as webfinger queries are very basic, public APIs. Also explicitly mark results as cacheable with “expires_in”. * Add “Vary: Accept” header for caching since content-negociation is used
2017-12-14Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026)Eugen Rochko
2017-12-13Add filters to admin UI for custom emojis (#6003)Eugen Rochko
2017-12-13Clean up admin UI for accounts (#6004)Eugen Rochko
* Add staff filter to admin UI for accounts, remove obsolete columns * Only display OStatus section in admin UI for accounts when OStatus data
2017-12-12Fix #5953 - Add GET /api/v1/accounts/:id/lists (#5983)Eugen Rochko
2017-12-11Apply a 25x rate limit by IP even to authenticated requests (#5948)Eugen Rochko
2017-12-09Remove unused function (#5950)abcang
2017-12-09Rate limit by user instead of IP when API user is authenticated (#5923)Eugen Rochko
* Fix #668 - Rate limit by user instead of IP when API user is authenticated * Fix code style issue * Use request decorator provided by Doorkeeper
2017-12-09Keep WebPush settings (#5879)abcang
2017-12-09Limit users to 50 lists, remove pagination from lists API (#5933)Eugen Rochko
2017-12-06Using double splat operator (#5859)Yamagishi Kazutoshi
2017-12-06Remove rabl dependency (#5894)Eugen Rochko
* Remove rabl dependency * Replicate old Oj configuration
2017-12-05Add list of lists component to web UI (#5811)Eugen Rochko
* Add list of lists component to web UI * Add list adding * Add list removing * List editor modal * Add API account search limited by following=true relation * Rework list editor modal * Remove mandatory pagination of GET /api/v1/lists/:id/accounts * Adjust search input placeholder * Fix rspec (#5890) * i18n: (zh-CN) Add missing translations for #5811 (#5891) * i18n: (zh-CN) yarn manage:translations -- zh-CN * i18n: (zh-CN) Add missing translations for #5811 * Fix some issues - Display loading/missing state for list timelines - Order lists alphabetically in overview - Fix async list editor reset - Redirect to /lists after deleting unpinned list - Redirect to / after pinning a list * Remove dead list columns when a list is deleted or fetch returns 404
2017-12-01Add invite filter (#5862)Yamagishi Kazutoshi
2017-12-01Fix invites form path (#5861)Yamagishi Kazutoshi
2017-11-28Allow hiding of reblogs from followed users (#5762)aschmitz
* Allow hiding of reblogs from followed users This adds a new entry to the account menu to allow users to hide future reblogs from a user (and then if they've done that, to show future reblogs instead). This does not remove or add historical reblogs from/to the user's timeline; it only affects new statuses. The API for this operates by sending a "reblogs" key to the follow endpoint. If this is sent when starting a new follow, it will be respected from the beginning of the follow relationship (even if the follow request must be approved by the followee). If this is sent when a follow relationship already exists, it will simply update the existing follow relationship. As with the notification muting, this will now return an object ({reblogs: [true|false]}) or false for each follow relationship when requesting relationship information for an account. This should cause few issues due to an object being truthy in many languages, but some modifications may need to be made in pickier languages. Database changes: adds a show_reblogs column (default true, non-nullable) to the follows and follow_requests tables. Because these are non-nullable, we use the existing MigrationHelpers to perform this change without locking those tables, although the tables are likely to be small anyway. Tests included. See also <https://github.com/glitch-soc/mastodon/pull/212>. * Rubocop fixes * Code review changes * Test fixes This patchset closes #648 and resolves #3271. * Rubocop fix * Revert reblogs defaulting in argument, fix tests It turns out we needed this for the same reason we needed it in muting: if nil gets passed in somehow (most usually by an API client not passing any value), we need to detect and handle it. We could specify a default in the parameter and then also catch nil, but there's no great reason to duplicate the default value.
2017-11-28Fix account migration feature (#5837)nullkal
* Make removable account migration * Fix error during update of account migration setting * Add notice when update account migration setting
2017-11-27Add UI for setting up account migration (#5832)Eugen Rochko
2017-11-27Add consumable invites (#5814)Eugen Rochko
* Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
2017-11-24Add logging of admin actions (#5757)Eugen Rochko
* Add logging of admin actions * Update brakeman whitelist * Log creates, updates and destroys with history of changes * i18n: Update Polish translation (#5782) Signed-off-by: Marcin Mikołajczak <me@m4sk.in> * Split admin navigation into moderation and administration * Redesign audit log page * 🇵🇱 (#5795) * Add color coding to audit log * Change dismiss->resolve, log all outcomes of report as resolve * Update terminology (e-mail blacklist) (#5796) * Update terminology (e-mail blacklist) imho looks better * Update en.yml * Fix code style issues * i18n-tasks normalize
2017-11-19Add “staff” badge to admin user pages (#5735)Yamagishi Kazutoshi
* Allow staff badge to change from setting to hidden * i18n: Update Polish translation
2017-11-18Lists (#5703)Eugen Rochko
* Add structure for lists * Add list timeline streaming API * Add list APIs, bind list-account relation to follow relation * Add API for adding/removing accounts from lists * Add pagination to lists API * Add pagination to list accounts API * Adjust scopes for new APIs - Creating and modifying lists merely requires "write" scope - Fetching information about lists merely requires "read" scope * Add test for wrong user context on list timeline * Clean up tests
2017-11-17Fix regression #5467: fixes emoji copy (#5739)Clworld
2017-11-17Fix some rubocop style issues (#5730)Eugen Rochko
2017-11-15Optional notification muting (#5087)Surinna Curtis
* Add a hide_notifications column to mutes * Add muting_notifications? and a notifications argument to mute! * block notifications in notify_service from hard muted accounts * Add specs for how mute! interacts with muting_notifications? * specs testing that hide_notifications in mutes actually hides notifications * Add support for muting notifications in MuteService * API support for muting notifications (and specs) * Less gross passing of notifications flag * Break out a separate mute modal with a hide-notifications checkbox. * Convert profile header mute to use mute modal * Satisfy eslint. * specs for MuteService notifications params * add trailing newlines to files for Pork :) * Put the label for the hide notifications checkbox in a label element. * Add a /api/v1/mutes/details route that just returns the array of mutes. * Define a serializer for /api/v1/mutes/details * Add more specs for the /api/v1/mutes/details endpoint * Expose whether a mute hides notifications in the api/v1/relationships endpoint * Show whether muted users' notifications are muted in account lists * Allow modifying the hide_notifications of a mute with the /api/v1/accounts/:id/mute endpoint * make the hide/unhide notifications buttons work * satisfy eslint * In probably dead code, replace a dispatch of muteAccount that was skipping the modal with launching the mute modal. * fix a missing import * add an explanatory comment to AccountInteractions * Refactor handling of default params for muting to make code cleaner * minor code style fixes oops * Fixed a typo that was breaking the account mute API endpoint * Apply white-space: nowrap to account relationships icons * Fix code style issues * Remove superfluous blank line * Rename /api/v1/mutes/details -> /api/v2/mutes * Don't serialize "account" in MuteSerializer Doing so is somewhat unnecessary since it's always the current user's account. * Fix wrong variable name in api/v2/mutes * Use Toggle in place of checkbox in the mute modal. * Make the Toggle in the mute modal look better * Code style changes in specs and removed an extra space * Code review suggestions from akihikodaki Also fixed a syntax error in tests for AccountInteractions. * Make AddHideNotificationsToMute Concurrent It's not clear how much this will benefit instances in practice, as the number of mutes tends to be pretty small, but this should prevent any blocking migrations nonetheless. * Fix up migration things * Remove /api/v2/mutes
2017-11-15Filter searched toots to be consistent with blocking behaviors (#5383)ThibG
2017-11-14Add option to block direct messages from people you don't follow (#5669)Eugen Rochko
* Add option to block direct messages from people you don't follow Fix #5326 * If the DM responds to a toot by recipient, allow it through * i18n: Update Polish translation (for #5669) (#5673)
2017-11-11Add moderator role and add pundit policies for admin actions (#5635)Eugen Rochko
* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
2017-11-07Add ability to disable login and mark accounts as memorial (#5615)Eugen Rochko
Fix #5597
2017-11-07 Show the local couterpart of emoji when it exists in /admin/custom_emojis ↵nullkal
(#5467) * Show the local couterpart of emoji when it exists in admin/custom_emojis * Fix indentation * Fix error * Add class table-action-link to Overwrite link * Make it enable to overwrite emojis * Make Code Climate happy
2017-10-27Feature: Unlisted custom emojis (#5485)nullkal
2017-10-26Fix copying emojos: redirect to the page you were on (#5509)erin
2017-10-16Add option to reduce motion (#5393)Nolan Lawson
* Add option to reduce motion * Use HOC to wrap all Motion calls * fix case-sensitive issue * Avoid updating too frequently * Get rid of unnecessary change to _simple_status.html.haml
2017-10-14Fix #5351 - Redirection with page params after copy emoji (#5387)KY
* Fix #5351 - Redirection with page params after copy emoji * Add page params to copy emoji link
2017-10-13Fix UserTrackingConcern firing on every request, optimize some queries (#5368)Eugen Rochko
- For some reason, :if option on before_action did not work. It got executed every time, returned false, and the action run anyway, which led to the current_sign_in_at and sign_in_count being updated on every request - Return "do not filter" early in FeedManager#filter_from_home? if the status is authored by receiver. Usually this method is not called for own statuses at all, but it is called when Feed#get uses the database - Return early if #reload_stale_associations! has nothing to load to save a database query with WHERE 1=0
2017-10-13Set InstancePresenter to `Auth::RegistrationsController#create` (#5366)Yamagishi Kazutoshi