about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2023-01-18Add more specific error messages to HTTP signature verification (#21617)Claire
* Return specific error on failure to parse Date header * Add error message when preferredUsername is not set * Change error report to be JSON and include more details * Change error report to differentiate unknown account and failed refresh * Add tests
2023-01-18Add confirmation screen when handling reports (#22375)Claire
* Add confirmation screen on moderation actions * Add flash notice when a report has been processed * Refactor tests * Add tests
2023-01-18Add support for editing media description and focus point of already-posted ↵Claire
statuses (#20878) * Add backend support for editing media attachments of existing posts * Allow editing media attachments of already-posted toots * Add tests
2023-01-18Fix /api/v1/admin/trends/tags using wrong serializer (#18943)Claire
* Fix /api/v1/admin/trends/tags using wrong serializer Fix regression from #18641 * Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies` * Fix admin trending hashtag component to not link if `id` is unknown
2023-01-18Change domain block CSV parsing to be more robust and handle more lists (#21470)Claire
* Change domain block CSV parsing to be more robust and handle more lists * Add some tests * Improve domain block import validation and reporting
2023-01-13Allow changing hide_collections setting with the api (#22790)Carl Schwan
* Allow changing hide_collections setting with the api This is currently only possible with app/controllers/settings/profiles_controller.rb and is the only difference in the allowed parameter between the two controllers * Fix the lint issue * Use normal indent
2023-01-10Change referrer-policy to no-referrer application-wide (#23014)Claire
2023-01-05Add dropdown menu item to open admin interface for remote domains (#21895)Claire
* Allow /admin/instances/:domain to handle IDNs * Add dropdown menu item to open admin interface for remote domains
2023-01-05Fix PermalinkRedirector not applying to users with moved accounts (#22497)Claire
Fixes #22262
2022-12-15Fix changing domain block severity not undoing individual account effects ↵Claire
(#22135) * Fix changing domain block severity not undoing individual account effects Fixes #22133 * Add tests
2022-12-15Fix single name variables on controller folder (#20092)David Vega
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com> Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com> Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15Change CSP directives on API to be tight and concise (#20960)Claire
2022-12-15Fix N+1 queries from in NotificationsController (#21202)nametoolong
Co-authored-by: Nonexistent <nx@example.org>
2022-12-15Allow adding relays while secure mode & limited federation mode are enabled ↵Effy Elden
(#22324)
2022-12-15Revoke all authorized applications on password reset (#21325)Francis Murillo
* Clear sessions on password change * Rename User::clear_sessions to revoke_access for a clearer meaning * Add reset paassword controller test * Use User.find instead of User.find_for_authentication for reset password test * Use redirect and render for better test meaning in reset password Co-authored-by: Effy Elden <effy@effy.space>
2022-12-07Log admin approve and reject account (#22088)Francis Murillo
* Log admin approve and reject account * Add unit tests for approve and reject logging
2022-12-07Fix irreversible and whole_word parameters handling in /api/v1/filters (#21988)Claire
Fixes #21965
2022-12-01Fix some performance issues with /admin/instances (#21907)Claire
/admin/instances?availability=failing remains wholly unefficient
2022-11-21Fix not being able to follow more than one hashtag (#21285)Claire
Fixes regression from #20860
2022-11-17Fix form-action CSP directive for external login (#20962)Claire
2022-11-17Fix OAuth flow being broken by recent CSP change (#20958)Claire
2022-11-17Support for import/export of instance-level domain blocks/allows for 4.x w/ ↵lenore gilbert
additional fixes (#20597) * Allow import/export of instance-level domain blocks/allows (#1754) * Allow import/export of instance-level domain blocks/allows. Fixes #15095 * Pacify circleci * Address simple code review feedback * Add headers to exported CSV * Extract common import/export functionality to AdminExportControllerConcern * Add additional fields to instance-blocked domain export * Address review feedback * Split instance domain block/allow import/export into separate pages/controllers * Address code review feedback * Pacify DeepSource * Work around Paperclip::HasAttachmentFile for Rails 6 * Fix deprecated API warning in export tests * Remove after_commit workaround (cherry picked from commit 94e98864e39c010635e839fea984f2b4893bef1a) * Add confirmation page when importing blocked domains (#1773) * Move glitch-soc-specific strings to glitch-soc-specific locale files * Add confirmation page when importing blocked domains (cherry picked from commit b91196f4b73fff91997b8077619ae25b6d04a59e) * Fix authorization check in domain blocks controller (cherry picked from commit 75279377583c6e2aa04cc8d7380c593979630b38) * Fix error strings for domain blocks and email-domain blocks Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's" * Ran i18n-tasks normalize to address test failure * Removed unused admin.export_domain_blocks.not_permitted string Removing unused string as indicated by Check i18n * Fix tests (cherry picked from commit 9094c2f52c24e1c00b594e7c11cd00e4a07eb431) * Fix domain block export not exporting blocks with only media rejection (cherry picked from commit 26ff48ee48a5c03a2a4b0bd03fd322529e6bd960) * Fix various issues with domain block import - stop using Paperclip for processing domain allow/block imports - stop leaving temporary files - better error handling - assume CSV files are UTF-8-encoded (cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902) Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-17Fix invalid/empty RSS feed link on account pages (#20772)Claire
Fixes #20770
2022-11-17Make tag following idempotent (#20860)trwnh
2022-11-17Change automatic post deletion configuration to be accessible to redirected ↵Claire
users (#20774) Fixes #20550
2022-11-17Fix pagination of followed tags (#20861)trwnh
* Fix missing pagination headers on followed tags * Fix typo
2022-11-16Add 'private' to Cache-Control, match Rails expectations (#20608)Daniel Axtens
Several controlers set quite intricate Cache-Control headers in order to hopefully not be cached by any intermediate proxies or local caches. Unfortunately, these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes and discards any values set alongside no-store other than private: https://github.com/rails/rails/blob/8015c2c2cf5c8718449677570f372ceb01318a32/actionpack/lib/action_dispatch/http/cache.rb#L207-L209 We want to preserve no-store on these responses, but we might as well remove parts that are going to be dropped anyway. As many of the endpoints in these controllers are private to a particular user, we should also add "private", which will be preserved alongside no-store.
2022-11-14Move V2 Filter methods under /api/v2 prefix (#20622)trwnh
* Move V2 Filter methods under /api/v2 prefix * move over the tests too
2022-11-14Fix error when passing unknown filter param in REST API (#20626)Eugen Rochko
Fix #19156
2022-11-14Fix `role_ids` not accepting arrays in admin API (#20625)Eugen Rochko
Fix #19157
2022-11-10Remove dead code and refactor status threading code (#20357)Claire
* Remove dead code * Remove unneeded/broken parameters and refactor descendant computation
2022-11-10Change logged out /api/v1/statuses/:id/context logged out limits (#20355)Claire
2022-11-10Improve performance by avoiding regex construction (#20215)James Tucker
```ruby 10.times { p /#{FOO}/.object_id } 10.times { p FOO_RE.object_id } ```
2022-11-10Revert filtering public timelines by locale by default (#20294)Eugen Rochko
2022-11-08Make account endorsements idempotent (fix #19045) (#20118)trwnh
* Make account endorsements idempotent (fix #19045) * Accept suggestion to use exists? instead of find_by + nil check Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> * fix logic (unless, not if) * switch to using `find_or_create_by!` Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-11-08Fix uncaught 500 error on invalid `replies_policy` (Fix #19097) (#20126)trwnh
2022-11-07Fix crash when external auth provider has no display_name set (#19962)Claire
Fixes #19913
2022-11-07Fix crash in legacy filter creation controller (#19878)Claire
2022-11-05Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803)Eugen Rochko
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2022-11-04Fix reblogs being discarded after the reblogged status (#19731)Claire
2022-11-02Fix inaccurate admin log entry for re-sending confirmation e-mails (#19674)Claire
Fixes #19593
2022-11-01Change post-processing to be deferred only for large media types (#19617)Eugen Rochko
2022-10-31Change featured hashtag deletion to be done synchronously (#19590)Claire
2022-10-30Remove language filtering from hashtag timelines (#19563)Eugen Rochko
2022-10-30Fix invites (#19560)Claire
Fixes #19507 Fix regression from #19296
2022-10-30Fix admin APIs returning deleted object instead of empty object upon delete ↵Eugen Rochko
(#19479) Fix #19153
2022-10-30Fix language not being saved when editing status (#19543)Eugen Rochko
Fix #19542
2022-10-27Fix uncaught error when invalid date is supplied to API (#19480)Eugen Rochko
Fix #19213
2022-10-26Add ability to view previous edits of a status in admin UI (#19462)Eugen Rochko
* Add ability to view previous edits of a status in admin UI * Change moderator access to posts to be controlled by a separate policy
2022-10-26Change unauthenticated search to not support pagination in REST API (#19326)Eugen Rochko
- Only exact search matches for queries with < 5 characters - Do not support queries with `offset` (pagination) - Return HTTP 401 on truthy `resolve` instead of overriding to false