about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2020-03-31Fix ImportsController param to permit :mode (#13347)Takeshi Umeda
2020-03-28Fix 404 and 410 API errors being silently discarded in WebUI (#13279)ThibG
* Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
2020-03-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `README.md`: Our README.md files are completely different. Discarded upstream changes. - `app/javascript/core/admin.js`: Updating rails-ujs, no real conflict, but a comment to close to changed code. Various glitch-soc-only files have been updated to match those changes, though. - `package.json`: No real conflict, just an additional dependency in glitch-soc that was too close to something updated upstream. Took upstream's changes.
2020-03-12Add option to include resolved DNS records when blacklisting e-mail domains ↵Eugen Rochko
in admin UI (#13254) * Add shortcuts to blacklist a user's e-mail domain in admin UI * Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12Add titles to warning presets in admin UI (#13252)Eugen Rochko
2020-03-09Add federation support for the "hide network" preference (#11673)ThibG
* Change ActivityPub follower/following collections to not link first page * Add support for hiding followers and following of remote users * Switch to using a single `hide_collections` column * Address code style remarks
2020-03-08Change local media attachments to perform heavy processing asynchronously ↵Eugen Rochko
(#13210) Fix #9106
2020-03-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/api/v1/statuses_controller.rb`: Conflict due to upstream adding a new parameter (with_rate_limit), too close to glitch-soc's own additional parameter (content_type). Added upstream's parameter. - `app/services/post_status_service.rb`: Conflict due to upstream adding a new parameter (rate_limit), too close to glitch-soc's own additional parameter (content_type). Added upstream's parameter. - `app/views/settings/preferences/appearance/show.html.haml`: Conflict due to us not exposing theme settings here (as we have a different flavour/skin menu). Took upstream change, while still not exposing theme settings. - `config/webpack/shared.js`: Coding style fixes for a part we have rewritten. Discarded upstream changes.
2020-03-08Add ability to delete files uploaded for settings in admin UI (#13192)ThibG
* Allow deleting site uploads * Refactor and move links into hints * Fix i18n tests * Fix HTML output of site_upload_delete_hint
2020-03-08Add specific rate limits for posting and following (#13172)Eugen Rochko
2020-03-06Remove useless `respond_to` calls (#13208)Eugen Rochko
2020-02-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-27Fix leak of arbitrary statuses through unfavourite action in REST API (#13161)Eugen Rochko
2020-02-25Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-24Fix dismissing an announcement twice raising an obscure error (#13124)ThibG
2020-02-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-19Fix account JSON/RSS not being cacheable due to wrong mime type comparison ↵ThibG
(#13116) `request.format` is not a symbol but a `Mime::Type`, so the condition actually never matched, and a session was created even for those requests, preventing caching.
2020-02-16Fix sign-ups without checked user agreement being accepted through the web ↵ThibG
form (#13088) * Fix user agreement not being verified * Fix tests * Fix up agreement field being dismissed
2020-02-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `Gemfile.lock`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `app/lib/sanitize_config.rb`: Upstream added better unsupported link stripping, while we had different sanitizing configs. Took only upstream's link stripping code. - `config/locales/simple_form.pl.yml`: Strings unused in glitch-soc had been removed from glitch-soc, reintroduced them even if they are not useful, to reduce the risk of later merge conflicts.
2020-02-08Fix unfiltered params error when generating ActivityPub tag pagination (#13049)Eugen Rochko
2020-02-07Fix malformed HTML causing uncaught error (#13042)Eugen Rochko
Fix OEmbed preview API leaking existence of private statuses (see #12930)
2020-02-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-03Change signature verification to ignore signatures with invalid host (#13033)Eugen Rochko
Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011
2020-02-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-02-03Change how unread announcements are handled (#13020)ThibG
* Change meaning of /api/v1/announcements/:id/dismiss to mark an announcement as read * Change how unread announcements are counted in UI * Add unread marker to announcements and mark announcements as unread as they are displayed * Fixups
2020-01-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/serializers/rest/account_serializer.rb`: Upstream added code too close to glitch-soc-specific followers-hiding code. Ported upstream changes.
2020-01-27Add publish/unpublish controls to announcements in admin UI (#12967)Eugen Rochko
2020-01-26Add streaming API updates for announcements being modified or deleted (#12963)Eugen Rochko
Change `all_day` to be a visual client-side cue only Publish immediately if `scheduled_at` is in the past Add `published_at` and `updated_at` to announcements JSON
2020-01-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Minor conflict due to theming system
2020-01-24Fix OEmbed leaking information about existence of non-public statuses (#12930)Eugen Rochko
2020-01-24Fix password change/reset not immediately invalidating other sessions (#12928)Eugen Rochko
While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
2020-01-24Fix relationships page not showing results in admin UI (#12934)Eugen Rochko
Follow-up to #12927
2020-01-23Add announcements (#12662)Eugen Rochko
* Add announcements Fix #11006 * Add reactions to announcements * Add admin UI for announcements * Add unit tests * Fix issues - Add `with_dismissed` param to announcements API - Fix end date not being formatted when time range is given - Fix announcement delete causing reactions to send streaming updates - Fix announcements container growing too wide and mascot too small - Fix `all_day` being settable when no time range is given - Change text "Update" to "Announcement" * Fix scheduler unpublishing announcements before they are due * Fix filter params not being passed to announcements filter
2020-01-23Change followers page to relationships page in admin UI (#12927)Eugen Rochko
Allow browsing and filtering all relationships instead of just followers, unify the codebase with the user-facing relationship manager, add ability to see who the user invited
2020-01-20Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/javascript/packs/public.js`: Upstream removed an unused function in code that has been refactored a bit. Removed that function in the corresponding places.
2020-01-20Various fixes and improvements (#12878)Eugen Rochko
* Fix unused role routes being generated * Remove unused JavaScript code * Refactor filters code to be DRYer * Fix `.count == 0` comparisons to `.empty?` in views * Fix filters in views
2020-01-20Merge branch 'master' into glitch-soc/masterThibaut Girka
Conflicts: - `README.md`: We have different README files. Discarded upstream changes. - `app/views/layouts/admin.html.haml`: Conflict due to glitch-soc theming system. Adapted upstream changes. - `app/views/layouts/embedded.html.haml`: Conflict due to glitch-soc theming system. Adapted upstream changes. - `yarn.lock`: No real conflict, glitch-specific dependency too close to an updated one. Adapted upstream change.
2020-01-14Fix access to OEmbed endpoint in secure mode (#12864)Eugen Rochko
2020-01-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/application_controller.rb`: Conflict due to theming system. - `app/controllers/oauth/authorizations_controller.rb`: Conflict due to theming system.
2020-01-04Fix base64-encoded file uploads not being possible (#12748)Eugen Rochko
Fix #3804, Fix #5776
2020-01-03Fix missing authentication call in filters controller (#12746)Eugen Rochko
2020-01-03Fix uncaught unknown format errors in host meta controller (#12747)Eugen Rochko
2019-12-31Hide blocked users from more places (#12733)ThibG
* Hide blocked, muted, and blocked-by users from toot favourite lists * Hide blocked, muted, and blocked-by users from toot reblog lists * Hide blocked, muted, and blocked-by users from followers/following (API) * Fix tests * Hide blocked, muted, and blocked-by users from followers/following on public pages
2019-12-31Fix error when fetching followers/following from REST API when user has ↵Eugen Rochko
network hidden (#12716) Fix #12510
2019-12-30Remove unused AccountRelationshipsPresenter call in public pages (#12734)ThibG
Those were used to show a “follow” or “unfollow” button on account grid on public pages, but that got removed a while ago.
2019-12-30Fix settings pages being cacheable by the browser (#12714)Eugen Rochko
Fix #12255
2019-12-30Fix HTML error pages being returned when JSON is expected (#12713)Eugen Rochko
Fix #12509 See also #12214
2019-12-12Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/application_controller.rb Minor conflict due to glitch-soc's theming system
2019-12-10Fix missing error templates for non-HTML requests (#12593)Eugen Rochko
2019-12-07Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - package.json Not really a conflict, caused by an additional dependency in glitch-soc. - yarn.lock Not really a conflict, caused by an additional dependency in glitch-soc.