about summary refs log tree commit diff
path: root/app/javascript/packs
AgeCommit message (Collapse)Author
2022-06-09Change brand color and logotypes (#18592)Eugen Rochko
- Add rake task for generating Apple/Android icons and favicons from SVG - Add rake task for generating PNG icons and logos for e-mails from SVG - Remove obsolete Microsoft icons and configuration - Remove PWA shortcut icons
2022-04-29Pre-fill domain block/allow domain from search filter (#18172)Claire
2022-02-16Fix edge case where settings/admin page sidebar would be incorrectly hidden ↵Claire
(#17580)
2021-12-05Show correct error message if chosen password is too long (#17082)Rens Groothuijsen
* Add correct error message for exceeding max length on password confirmation field * Code style fixes
2021-10-14Add graphs and retention metrics to admin dashboard (#16829)Eugen Rochko
2020-12-14Add ability to require invite request text (#15326)ThibG
Fixes #15273 Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14Fix dynamic updating of “Bootstrap timeline accounts” admin setting (#15325)ThibG
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10Add honeypot fields and minimum fill-out time for sign-up form (#15276)ThibG
* Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-10-13Change how CDN_HOST is passed down to make assets build reproducible (#14381)ThibG
* Change how CDN_HOST is passed down to make assets build reproducible * Change webpacker/webpack configuration to dynamically load publicPath based on meta header * Fix embedded layout missing the cdn-host meta header
2020-08-24Add WebAuthn as an alternative 2FA method (#14466)santiagorodriguez96
* feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-12Add client-side validation in password change forms (#14564)ThibG
* Fix client-side username validation at registration It used the Account::USERNAME_RE regexp which is for *remote* users, local user validation is stricter. Also take into account max username length. * Add client-side form validation for password change * Add client-side form validation to dedicated registration form Previous changes only applied to the /about page, not the dedicated form on /auth
2020-08-11Add HTML form validation for the registration form (#14560)ThibG
* Add HTML-level validation of username in sign-up form * Make required fields with incorrect values more visible * Enable HTML form validation for the registration form * Mark agreement checkbox as required client-side * Add minimum length to password * Add client-side password confirmation validation
2020-07-01Fix lock icon not being shown when locking account in profile settings (#14190)ThibG
2020-04-28Fix end-user-facing uses of inline CSS (#13438)ThibG
* Move some inline styles to CSS files * Move default_account_display_name span to fix useless tags with duplicate id * Change handling of public pages spoiler text from inline CSS to dataset attribute * Use the `dir` HTML attribute instead of inline CSS * Move status action bar inline CSS to CSS file * Hide logo resources from CSS file, not inline CSS Fixes #11601 * Move translation prompt styling from inline CSS to CSS file * Move “invited by” styling on registration form from inline to CSS file * Use the progress tag to display poll results in JS fallback * Fix poll results JS-less fallback when the user has voted for an option * Change account public page “moved” notice to use img tags instead of inline CSS * Move OTP hint inline CSS to SCSS file * Hide JS-less fallback vote progressbars from accessibility tools Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-05Fix “Show more” not switching to “Show less” on public pages (#13174)ThibG
* Fix “Show more” not switching to “Show less” on public pages Fixes #13169 * Fix initial text of CW button on public pages when CW are unfolded by default
2020-04-03Add ability to filter audit log in admin UI (#13381)Eugen Rochko
2020-03-21Migrate Rails ujs as required for Rails 6 Upgrade. (#13280)Shlee
* Update yarn.lock * Update package.json * Update public.js * Update admin.js * Update log_out.js * Update common.js
2020-02-03Fix dates (without time) being rendered as datetimes in public pages (#13034)ThibG
2020-01-20Various fixes and improvements (#12878)Eugen Rochko
* Fix unused role routes being generated * Remove unused JavaScript code * Refactor filters code to be DRYer * Fix `.count == 0` comparisons to `.empty?` in views * Fix filters in views
2019-12-16Admin setting to disable default follows (#12566)Alice Gaudon
2019-11-04fix: support KaiOS arrow navigation on public pages (#12251)Nolan Lawson
2019-09-20Fix page body not being scrollable in admin layout (#11893)Eugen Rochko
Hide navigation behind hamburger icon on small screens in admin layout
2019-09-18Fix eslint error of import/no-extraneous-dependencies (#11884)nzws✨
* Fix eslint error of import/no-extraneous-dependencies - Add history dependency * refactoring code
2019-09-03Fix admin interface showing superfluous reject media/reports on suspended ↵ThibG
blocks (#11749) * Fix admin interface showing superfluous reject media/reports on suspended domains * Fix reject media/reports checkboxes being visible when editing domain block of suspend severity
2019-08-19Add public blocks to /about/blocks (#11298)ThibG
* Add automatic blocklist display in /about/blocks Inspired by https://github.com/Gargron/mastodon.social-misc * Add admin option to set who can see instance blocks * Normalize locales files * Rename “Sandbox” to “Silence” for consistency * Disable /about/blocks when in whitelist mode * Optionally display rationale for domain blocks * Only display domain blocks that have user-facing limitations, and order them * Redesign table of blocked domains to better handle long domain names and rationales * Change domain blocks ordering now that rationales aren't displayed right away * Only show explanation for block severities actually in use * Reword instance block explanations and add disclaimer for public fetch mode
2019-07-21Play animated custom emoji on hover (#11348)ThibG
* Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup
2019-07-19Change single-column mode to scroll the whole page (#11359)Eugen Rochko
Fix #10840
2019-07-19Fix avatar animation on hover when not logged in (#11349)ThibG
2019-06-08Put poll options behind content warnings (#10983)ThibG
* Put poll options behind CWs in WebUI * Put polls behind CWs on public pages * Add poll icon to public pages CWs * Revert to not showing an icon in the CW button
2019-04-21Animate avatar GIFs on-hover on public profiles (#10549)Jessica
* Third time is the charm? * Use full asset URL for data-static and data-original ̀image_tag` expands to the full asset URL, we have to do the same in `data` attributes so that it can work when assets and user data are stored on a different host
2019-04-03Hopefully fix input text selection quirks on iOS (#10463)ThibG
Fix #10448 (hopefully)
2019-02-15Change error graphic to hover-to-play (#10055)Eugen Rochko
Fix #6060
2019-01-16Fix public hashtag timeline width on mobile, fix scrollbar width ↵ThibG
compensation (#9824) * Fix hashtag timeline width being potentially larger than window width * Add automatic computation of scrollbar width
2019-01-13Add attachment list fallback to public pages (#9780)ThibG
* Add attachment list fallback to public pages Fixes #6714 * Refactor attachments lists
2019-01-10Postpone scroll-to-detailed status after react components are loaded (#9773)ThibG
2018-12-07Escape HTML in profile name preview in profile settings (#9446)Paweł Ngei
* fix non-escaped html in the profile settings * provide a default profile text in case if there's no custom one * update haml syntax * simplify default profile name to username * sanitize user-input html but display emojified icons
2018-11-26Redesign admin accounts index (#9340)Eugen Rochko
* Improve overview of accounts in admin UI - Display suspended status, role, last activity and IP prominently - Default to showing local accounts - Default to not showing suspended accounts * Remove unused strings * Fix tests * Allow filtering accounts by IP mask
2018-10-26Remove character counter from edit profile (#9100)Eugen Rochko
* Remove display name and bio counter hint, simply limit input * Remove now redundant translations * Fix code style issue
2018-10-20Add option to block reports from domain (#8830)Eugen Rochko
2018-10-09Fix that the copy button of verify link did not work. (#8938)mayaeh
2018-09-18Redesign forms, verify link ownership with rel="me" (#8703)Eugen Rochko
* Verify link ownership with rel="me" * Add explanation about verification to UI * Perform link verifications * Add click-to-copy widget for verification HTML * Redesign edit profile page * Redesign forms * Improve responsive design of settings pages * Restore landing page sign-up form * Fix typo * Support <link> tags, add spec * Fix links not being verified on first discovery and passive updates
2018-08-26Fix CW issues in static view on Safari (Fixes #8354) (#8446)PatrickRWells
* Fix CW issues in static view on Safari (8354) * Fixed formatting issues * Trailing space
2018-08-25Hide reject media checkbox when not relevant. (#8426)M Somerville
2018-08-18Add remote interaction dialog for toots (#8202)Eugen Rochko
* Add remote interaction dialog for toots * Change AuthorizeFollow into AuthorizeInteraction, support statuses * Update brakeman.ignore * Adjust how interaction buttons are display on public pages * Fix tests
2018-08-15Fix admin.js starting rails-ujs twice (fixes #8168) (#8213)ThibG
2018-08-06Scroll to linked status in public status view (fixes #7884) (#8130)ThibG
When there is a single detailed status on a public page, scroll to it and replace the history state to not scroll back on refresh (simulates # anchors).
2018-07-28Redesign public profiles and toots (#8068)Eugen Rochko
2018-07-14Upgrade webpack to version v4.x (#6655)Yamagishi Kazutoshi
2018-07-01Improve embeds (#7919)Eugen Rochko
* Make embeds cacheable by reverse proxy * Make follow button on embeds open remote follow modal Instead of web+mastodon://, also, turn the button blue, and add a sign up prompt to the remote follow modal
2018-05-12Combine similar components into one on public UI (#7458)Yamagishi Kazutoshi