about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2022-04-08Fix error resposes for `from` search prefix (#17963)0x2019
* Fix error responses in `from` search prefix (addresses mastodon/mastodon#17941) Using unsupported prefixes now reports a 422; searching for posts from an account the instance is not aware of reports a 404. TODO: The UI for this on the front end is abysmal. Searching `from:username@domain` now succeeds when `domain` is the local domain; searching `from:@username(@domain)?` now works as expected. * Remove unused methods on new Error classes as they are not being used Currently when `raise`d there are error messages being supplied, but this is not actually being used. The associated `raise`s have been edited accordingly. * Remove needless comments * Satisfy rubocop * Try fixing tests being unable to find AccountFindingConcern methods * Satisfy rubocop * Simplify `from` prefix logic This incorporates @ClearlyClaire's suggestion (see https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737). Accepctable account strings in `from:` clauses are more lenient than before this commit; for example, `from:@user@example.org@asnteo +cat` will not error, and return posts by @user@example.org containing the word "cat". This is more consistent with how Mastodon matches mentions in statuses. In addition, `from` clauses will not be checked for syntatically invalid usernames or domain names, simply 404ing when `Account.find_remote!` raises ActiveRecord::NotFound. New code for this PR that is no longer used has been removed.
2022-04-08Fix extremely rare race condition when deleting a toot or account (#17994)Claire
2022-04-08Change e-mail notifications to only be sent when recipient is offline (#17984)Eugen Rochko
* Change e-mail notifications to only be sent when recipient is offline Change the default for follow and mention notifications back on * Add preference to always send e-mail notifications * Change wording
2022-04-07Fix pagination header on empty trends responses in REST API (#17986)Eugen Rochko
2022-04-06Remove sign-in token authentication, instead send e-mail about new sign-in ↵Eugen Rochko
(#17970)
2022-04-06Fix admin API unconditionally requiring CSRF token (#17975)Claire
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
2022-04-06Fix `GET /api/v1/trends/tags` missing `offset` param in REST API (#17973)Eugen Rochko
2022-03-28Fix /api/v1/admin/accounts (#17887)Claire
* Fix /api/v1/admin/accounts Compatibility was broken since #17009 which changed the underlying filter class without changing the controller. This commits restore support for the old parameters. * Add /api/v2/admin/accounts with the new parameters * Add tests * Add missing filter for `silenced` status Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-03-26Refactor formatter (#17828)Eugen Rochko
* Refactor formatter * Move custom emoji pre-rendering logic to view helpers * Move more methods out of Formatter * Fix code style issues * Remove Formatter * Add inline poll options to RSS feeds * Remove unused helper method * Fix code style issues * Various fixes and improvements * Fix test
2022-03-26Add offset pagination to trends in REST API (#17872)Eugen Rochko
2022-03-22Fix locale not being set in REST API (#17847)Eugen Rochko
2022-03-15Add `types` param to `GET /api/v1/notifications` in REST API (#17767)Eugen Rochko
* Add `types` param to `GET /api/v1/notifications` in REST API * Improve tests
2022-03-12Fix `POST /api/v1/emails/confirmations` not being available after sign-up ↵Eugen Rochko
(#17743)
2022-03-09Add rate limit for editing (#17728)Eugen Rochko
2022-03-09Allow login through OpenID Connect (#16221)chandrn7
* added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2022-03-09Change design of federation pages in admin UI (#17704)Eugen Rochko
* Change design of federation pages in admin UI * Fix query performance in instance media attachments measure * Fix reblogs being included in instance languages dimension
2022-03-08Fix performance of account timelines (#17709)Eugen Rochko
* Fix performance of account timelines * Various fixes and improvements * Fix duplicate results being returned Co-authored-by: Claire <claire.github-309c@sitedethib.com> * Fix grouping for pinned statuses scope Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07Add `/api/v1/accounts/familiar_followers` to REST API (#17700)Eugen Rochko
* Add `/api/v1/accounts/familiar_followers` to REST API * Change hide network preference to be stored consistently for local and remote accounts * Add dummy classes to migration * Apply suggestions from code review Co-authored-by: Claire <claire.github-309c@sitedethib.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-04Fix duplicate notifications being possible after poll expiration (#17697)Eugen Rochko
2022-03-03Allow editing media attachments for scheduled toots (#17690)Claire
Fixes #17676
2022-03-03Change `follow` scope to be covered by `read` and `write` scopes in REST API ↵Eugen Rochko
(#17678) Deprecate `follow` scope
2022-03-02Fix leak of existence of otherwise inaccessible statuses in REST API (#17684)Eugen Rochko
2022-03-02Fix report category not being saved in REST API (#17682)Eugen Rochko
2022-03-01Add ability to mark statuses as sensitive from reports in admin UI (#17668)Eugen Rochko
* Add ability to mark statuses as sensitive from reports in admin UI * Allow mark as sensitive action on statuses with preview cards
2022-03-01Change old moderation strikes to be displayed in a separate page (#17566)Claire
* Change old moderation strikes to be displayed in a separate page Fixes #17552 This changes the moderation strikes displayed on `/auth/edit` to be those from the past 3 months, and make all moderation strikes targeting the current user available in `/disputes`. * Add short description of what the strikes page is for * Move link to list of strikes to “Account status” instead of navigation item * Normalize i18n file * Fix layout and styling of strikes link * Revert highlights_on regexp * Reintroduce account status summary - this way, “Account status” is never empty - account status is not necessarily bound to strikes, or recent strikes
2022-03-01Change authorized applications page (#17656)Eugen Rochko
* Change authorized applications page * Hide revoke button for superapps and suspended accounts * Clean up db/schema.rb
2022-02-26Fix error when a MX is shared across blocked domains (#17650)Claire
2022-02-25Add trending statuses (#17431)Eugen Rochko
* Add trending statuses * Fix dangling items with stale scores in localized sets * Various fixes and improvements - Change approve_all/reject_all to approve_accounts/reject_accounts - Change Trends::Query methods to not mutate the original query - Change Trends::Query#skip to offset - Change follow recommendations to be refreshed in a transaction * Add tests for trending statuses filtering behaviour * Fix not applying filtering scope in controller
2022-02-24Change e-mail domain blocks to block IPs dynamically (#17635)Eugen Rochko
* Change e-mail domain blocks to block IPs dynamically * Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> * Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-23Add notifications for new sign-ups (#16953)Eugen Rochko
2022-02-19Bump pundit from 2.1.1 to 2.2.0 (#17543)dependabot[bot]
* Bump pundit from 2.1.1 to 2.2.0 Bumps [pundit](https://github.com/varvet/pundit) from 2.1.1 to 2.2.0. - [Release notes](https://github.com/varvet/pundit/releases) - [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md) - [Commits](https://github.com/varvet/pundit/compare/v2.1.1...v2.2.0) --- updated-dependencies: - dependency-name: pundit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * `include Pundit` is deprecated Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-19Change global `locale` param to `lang` to avoid conflicts (#17592)Eugen Rochko
2022-02-16Fix issues when attempting to appeal an old strike (#17554)Claire
* Display an error when an appeal could not be submitted * Do not offer users to appeal old strikes * Fix 500 error when trying to appeal a strike that is too old * Avoid using an extra translatable string
2022-02-14Add appeals (#17364)Eugen Rochko
* Add appeals * Add ability to reject appeals and ability to browse pending appeals in admin UI * Add strikes to account page in settings * Various fixes and improvements - Add separate notification setting for appeals, separate from reports - Fix style of links in report/strike header - Change approving an appeal to not restore statuses (due to federation complexities) - Change style of successfully appealed strikes on account settings page - Change account settings page to only show unappealed or recently appealed strikes * Change appealed_at to overruled_at * Fix missing method error
2022-02-12Fix empty batch statuses selection causing a 500 error (#17532)Claire
* Fix empty batch statuses selection causing a 500 error * Simplify current_params
2022-02-11Add notifications when a reblogged status has been updated (#17404)Eugen Rochko
* Add notifications when a reblogged status has been updated * Change wording to say "edit" instead of "update" and add missing controls * Replace previous update notifications with the most up-to-date one
2022-02-11Change actions in reports to require only one click (#17487)Eugen Rochko
2022-02-10Add editing for published statuses (#17320)Eugen Rochko
* Add editing for published statuses * Fix change of multiple-choice boolean in poll not resetting votes * Remove the ability to update existing media attachments for now
2022-02-10Add `category` and `rule_ids` params to `POST /api/v1/reports` (#17492)Eugen Rochko
2022-02-09Add edit history to web UI (#17390)Eugen Rochko
* Add edit history to web UI * Change history reducer to store items per status * Fix missing loading prop
2022-02-08Add global `locale` param (#17464)Eugen Rochko
- Remove the session-based locale stickyness
2022-02-07Fix replies collection incorrectly looping (#17462)Claire
* Refactor tests * Add tests * Fix replies collection incorrectly looping
2022-02-06Fix instance actor not being dereferenceable (#17457)Claire
* Add tests * Fix instance actor not being dereferenceable * Fix tests * Fix tests for real
2022-02-05Fix error on account relationships page in admin UI (#17444)Eugen Rochko
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-23Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)Claire
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)Claire
Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being.
2022-01-19Add support for editing for published statuses (#16697)Eugen Rochko
* Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake
2022-01-17Add notifications for statuses deleted by moderators (#17204)Eugen Rochko