about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2022-03-01Change old moderation strikes to be displayed in a separate page (#17566)Claire
* Change old moderation strikes to be displayed in a separate page Fixes #17552 This changes the moderation strikes displayed on `/auth/edit` to be those from the past 3 months, and make all moderation strikes targeting the current user available in `/disputes`. * Add short description of what the strikes page is for * Move link to list of strikes to “Account status” instead of navigation item * Normalize i18n file * Fix layout and styling of strikes link * Revert highlights_on regexp * Reintroduce account status summary - this way, “Account status” is never empty - account status is not necessarily bound to strikes, or recent strikes
2022-03-01Change authorized applications page (#17656)Eugen Rochko
* Change authorized applications page * Hide revoke button for superapps and suspended accounts * Clean up db/schema.rb
2022-02-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-26Fix error when a MX is shared across blocked domains (#17650)Claire
2022-02-26Disable notifications for trending links and trending statuses by defaultClaire
2022-02-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/models/account.rb`: Not a real conflict, just upstream getting rid of unused constants too close to glitch-soc-specific contents. Removed unused constants like upstream did. - `app/models/trends.rb`: Conflict because glitch-soc disabled email notifications for trending links. Upstream has refactored this quite a bit and added trending posts. Took upstream code, but disabling the extra trending stuff will come in another commit. - `app/views/admin/trends/links/index.html.haml`: Conflict due to glitch-soc's theming system. Ported upstream changes accordingly.
2022-02-25Add trending statuses (#17431)Eugen Rochko
* Add trending statuses * Fix dangling items with stale scores in localized sets * Various fixes and improvements - Change approve_all/reject_all to approve_accounts/reject_accounts - Change Trends::Query methods to not mutate the original query - Change Trends::Query#skip to offset - Change follow recommendations to be refreshed in a transaction * Add tests for trending statuses filtering behaviour * Fix not applying filtering scope in controller
2022-02-24Change e-mail domain blocks to block IPs dynamically (#17635)Eugen Rochko
* Change e-mail domain blocks to block IPs dynamically * Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> * Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `.github/workflows/build-image.yml`: Upstream changed the workflow a bit. Conflict comes from us pushing to ghcr while upstream pushes to dockerhub. Ported the upstream changes while still pushing to ghcr.
2022-02-23Add notifications for new sign-ups (#16953)Eugen Rochko
2022-02-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-19Bump pundit from 2.1.1 to 2.2.0 (#17543)dependabot[bot]
* Bump pundit from 2.1.1 to 2.2.0 Bumps [pundit](https://github.com/varvet/pundit) from 2.1.1 to 2.2.0. - [Release notes](https://github.com/varvet/pundit/releases) - [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md) - [Commits](https://github.com/varvet/pundit/compare/v2.1.1...v2.2.0) --- updated-dependencies: - dependency-name: pundit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * `include Pundit` is deprecated Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-19Change global `locale` param to `lang` to avoid conflicts (#17592)Eugen Rochko
2022-02-17Fix issue with glitch-soc's theming systemClaire
2022-02-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `db/schema.rb`: Conflict due to glitch-soc adding the `content_type` column on status edits and thus having a different schema version number. Solved by taking upstream's schema version number, as it is higher than glitch-soc's.
2022-02-16Fix issues when attempting to appeal an old strike (#17554)Claire
* Display an error when an appeal could not be submitted * Do not offer users to appeal old strikes * Fix 500 error when trying to appeal a strike that is too old * Avoid using an extra translatable string
2022-02-14Add appeals (#17364)Eugen Rochko
* Add appeals * Add ability to reject appeals and ability to browse pending appeals in admin UI * Add strikes to account page in settings * Various fixes and improvements - Add separate notification setting for appeals, separate from reports - Fix style of links in report/strike header - Change approving an appeal to not restore statuses (due to federation complexities) - Change style of successfully appealed strikes on account settings page - Change account settings page to only show unappealed or recently appealed strikes * Change appealed_at to overruled_at * Fix missing method error
2022-02-12Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-12Fix empty batch statuses selection causing a 500 error (#17532)Claire
* Fix empty batch statuses selection causing a 500 error * Simplify current_params
2022-02-12Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-12Add support for multiple source files per packClaire
2022-02-11Add notifications when a reblogged status has been updated (#17404)Eugen Rochko
* Add notifications when a reblogged status has been updated * Change wording to say "edit" instead of "update" and add missing controls * Replace previous update notifications with the most up-to-date one
2022-02-11Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-11Change actions in reports to require only one click (#17487)Eugen Rochko
2022-02-10Add ability to change content-type when editing a tootClaire
Content-type defaults to edited toot's content-type to avoid surprising behaviors when using clients that do not support this feature.
2022-02-10Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/api/v1/statuses_controller.rb`: Upstream moved things around in a place where glitch-soc had support for an extra parameter (`content_type`). Follow upstream but reintroduce `content_type`.
2022-02-10Add editing for published statuses (#17320)Eugen Rochko
* Add editing for published statuses * Fix change of multiple-choice boolean in poll not resetting votes * Remove the ability to update existing media attachments for now
2022-02-10Add `category` and `rule_ids` params to `POST /api/v1/reports` (#17492)Eugen Rochko
2022-02-09Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/views/settings/preferences/appearance/show.html.haml`: Upstream renamed some helper functions that were used in a part of the settings page which glitch-soc slightly changed the layout of. Ported the change.
2022-02-09Add edit history to web UI (#17390)Eugen Rochko
* Add edit history to web UI * Change history reducer to store items per status * Fix missing loading prop
2022-02-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-08Add global `locale` param (#17464)Eugen Rochko
- Remove the session-based locale stickyness
2022-02-07Fix replies collection incorrectly looping (#17462)Claire
* Refactor tests * Add tests * Fix replies collection incorrectly looping
2022-02-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `CHANGELOG.md`: Upstream added newlines. Conflicts are because the CHANGELOG was independently merged from 3.4.6 on last security update. Took upstream's version. - `app/helpers/context_helper.rb`: Conflicts because of extra vocabulary in glitch-soc. The conflicts were actually handled in last security merge. Kept our version.
2022-02-06Fix instance actor not being dereferenceable (#17457)Claire
* Add tests * Fix instance actor not being dereferenceable * Fix tests * Fix tests for real
2022-02-05Move glitch-soc-specific theming methods to ThemingConcernClaire
2022-02-05Make theme-selection fall back to default ones if configured is not foundClaire
2022-02-05Fix error on account relationships page in admin UI (#17444)Eugen Rochko
2022-01-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-28Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `Gemfile.lock`: Upstream-updated lib textually too close to glitch-soc-only dep. Updated like upstream.
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-25Change CAPTCHA handling to be only on email verificationClaire
This simplifies the implementation considerably, and while not providing ideal UX, it's the most flexible approach.
2022-01-25Add ability to set hCaptcha either on registration form or on e-mail validationClaire
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band registration API.
2022-01-24Disable captcha if registrations are disabled for various reasonsClaire
2022-01-24Renew Rails session ID on successful registrationClaire
2022-01-24Please CodeClimateClaire
2022-01-24Add optional hCaptcha supportClaire
Fixes #1649 This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then enabling the admin setting at `/admin/settings/edit#form_admin_settings_captcha_enabled` Subsequently, a hCaptcha widget will be displayed on `/about` and `/auth/sign_up` unless: - the user is already signed-up already - the user has used an invite link - the user has already solved the captcha (and registration failed for another reason) The Content-Security-Policy headers are altered automatically to allow the third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same rules as above.
2022-01-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `spec/models/status_spec.rb`: Upstream added tests too close to glitch-soc-specific tests. Kept both tests.
2022-01-23Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)Claire
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider