Age | Commit message (Collapse) | Author |
|
|
|
* Disable invite links from disabled/suspended users
* Add has_many invites relationship to users
* Destroy unused invites when suspending an account
|
|
* Bump active_model_serializers from 0.10.9 to 0.10.10
Bumps [active_model_serializers](https://github.com/rails-api/active_model_serializers) from 0.10.9 to 0.10.10.
- [Release notes](https://github.com/rails-api/active_model_serializers/releases)
- [Changelog](https://github.com/rails-api/active_model_serializers/blob/v0.10.10/CHANGELOG.md)
- [Commits](https://github.com/rails-api/active_model_serializers/compare/v0.10.9...v0.10.10)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Add root option to render method
|
|
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
|
|
|
|
Fix #6462
|
|
|
|
* Add support for an instance actor
* Skip username validation for local Application accounts
* Add migration script to create instance actor
* Make Codeclimate happy
* Switch to id -99 for instance actor
* Remove unused `icon` and `image` attributes from instance actor
* Use if/elsif/else instead of return + ternary operator
* Add instance actor to fresh installs
* Use instance actor as instance representative
Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.
* Seed database in test environment
* Fix single-user mode
* Fix tests
* Fix specs to accomodate for an extra `Account`
* Auto-reject follows on instance actor
Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.
* Fix webfinger lookup and serialization for instance actor
* Rename instance actor
* Make it clear in the HTML view that the instance actor should not be blocked
* Raise cache time for instance actor as there's no dynamic content
* Re-use /about/more with a flash message for instance actor profile
|
|
* Add environment variable to disable the anti-spam
* Move antispam setting to admin settings
* Fix typo
* antispam → spam_check
|
|
Fix #11328
|
|
|
|
* Fix reverse-proxy caching in public fetch mode
* Fix caching in ActivityPub-specific controllers
|
|
Fix #9031
Fix #7913
|
|
* Add HTTP signature requirement for served ActivityPub resources
* Change `SECURE_MODE` to `AUTHORIZED_FETCH`
* Add 'Signature' to 'Vary' header and improve code style
* Improve code style by adding `public_fetch_mode?` method
|
|
|
|
|
|
|
|
(#11247)
|
|
* Remove Salmon and PubSubHubbub endpoints
* Add error when trying to follow OStatus accounts
* Fix new accounts not being created in ResolveAccountService
|
|
|
|
|
|
Fix #7940
|
|
* Add option to disable blurhash previews
* Update option text
* Change options order
|
|
|
|
* Change domain blocks to automatically support subdomains
If a more authoritative domain is blocked (example.com), then the
same block will be applied to a subdomain (foo.example.com)
* Match subdomains of existing accounts when blocking/unblocking domains
* Improve code style
|
|
Fix #8580
Fix #7143
|
|
|
|
* Add audio uploads
Fix #4827
Accept uploads of OGG, WAV, FLAC, OPUS and MP3 files, and converts
them to OGG. Media attachments get a new `audio` type. In the UI,
audio uploads are displayed identically to video uploads.
* Improve code style
|
|
Fix #11016
|
|
/settings/preferences/other (#10988)
|
|
|
|
|
|
* Remove skip_session! as it is not supported in Rails 5
* Minor cleanup in StreamEntriesController
* Remove redundant mark_cacheable! calls
|
|
|
|
* Fix poll API not requiring authentication on non-public polls
That API does not reveal the content of the status, i.e. the question
itself, nor who the author is, nor which status it belongs to, but it
does reveal the poll options and how many answers they got
Fix #10959
* Add test
|
|
Fixes #10861
|
|
* Add responsive panels to the single-column layout
* Fixes
* Fix not being able to save the preference
* Fix code style issues
* Set max-height on the compose textarea and add a link to relationship manager
|
|
* Move signature verification stoplight to the requests themselves
This avoids blocking messages from known keys for 5 minutes when only one fails…
* Put the stoplight on the actual client IP, not a potential reverse proxy
|
|
* Add `from_account` to notifications API
this adds the ability to filter notifications by the account they
originated from
* passing a non-existent user should cause none to be returned
* Fix codeclimate warnings
* fix more codeclimate warnings
* make requested changes:
* use account id instead of user@domain
* name the param `account_id` instead of `from_account`
* Don't use `return` in a lambda
|
|
* Record account suspend/silence time and keep track of domain blocks
* Also unblock users who were suspended/silenced before dates were recorded
* Add tests
* Keep track of suspending date for users suspended through the CLI
* Show accurate number of accounts that would be affected by unsuspending an instance
* Change migration to set silenced_at and suspended_at
* Revert "Also unblock users who were suspended/silenced before dates were recorded"
This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c.
* Switch from using suspended and silenced to suspended_at and silenced_at
* Add post-deployment migration script to remove `suspended` and `silenced` columns
* Use Account#silence! and Account#suspend! instead of updating the underlying property
* Add silenced_at and suspended_at migration to post-migration
* Change account fabricator to translate suspended and silenced attributes
* Minor fixes
* Make unblocking domains always retroactive
|
|
* Return Status with raw text in raw_content when deleting a status
* Use raw content if available on delete & redraft
* Rename raw_content to text; do not serialize formatted content when source is requested
|
|
|
|
Fixes #10652
|
|
already-blocked domain (#10663)
* When trying to block an already-blocked domain, provide a link to the block
* Fix styling for links in flash messages
* Allow blocks to be upgraded but not downgraded
|
|
* Check that an invite link is valid before bypassing approval mode
Fixes #10656
* Add tests
* Only consider valid invite links in registration controller
* fixup
|
|
|
|
* compare usernames case-insensitively on new proof creation flow
* Fix code style issue
|
|
Fix sorting of the pending accounts page
|
|
|
|
* Add "why do you want to join" field to invite requests
Fix #10512
* Remove unused translations
* Fix broken registrations when no invite request text is submitted
|