about summary refs log tree commit diff
path: root/app/models/user.rb
AgeCommit message (Collapse)Author
2020-08-24Add WebAuthn as an alternative 2FA method (#14466)santiagorodriguez96
* feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-06-09Add e-mail-based sign in challenge for users with disabled 2FA (#14013)Eugen Rochko
2020-04-15Fix “Email changed” notification sometimes having wrong e-mail (#13475)ThibG
* Fix “Email changed” notification sometimes having wrong e-mail Fixes #6778 The root of the issue is that `send_devise_notification` was called before the changes were properly commited to the database, causing the mailer to pick previous values if running too early. Devise's documentation provides guidance on how to handle that[1][2], however, I have found it to not be working, as the following happens, in that order: - `send_devise_notification` is called for the `email_changed` notification. In that case, `changed?` is false and `saved_changes?` is true, so if we use the former, we have the same issue. - the `after_commit` hook is called - `send_devise_notification` is called for the `confirmation_instructions` notification. In that case, `changed?` is still false, and `saved_changes?` still true, so if we use the latter, that second notification email is simply not going to be sent (as we would be queuing the notification *after* executing the after_commit hook). This is because it may be called from either an `after_update` or `after_commit` hook, the difference not being a call to `save` but the transaction actually being committed to the database. This may arguably be a bug in Devise, or Devise's notification. The proposed workaround is inspired by Devise's documentation but checks whether a transaction is open to make the call whether to immediately send the notification or defer it to the `after_commit` hook. [1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification [2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194 * Fix cases when sending notifications without changing the model * Defer sending if and only if in transaction including current record
2020-01-25Fix user disabling changing activity timestamps, fix nil error (#12943)Eugen Rochko
2020-01-24Fix password change/reset not immediately invalidating other sessions (#12928)Eugen Rochko
While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
2020-01-20Fix not all of account's active IPs showing up in admin UI (#12909)Eugen Rochko
2020-01-20Fix search by IP not using alternative browser sessions in admin UI (#12904)Eugen Rochko
2019-10-24Add setting for whether to crop images in unexpanded toots (#12126)Faye Duxovni
2019-09-19Add account migration UI (#11846)Eugen Rochko
Fix #10736 - Change data export to be available for non-functional accounts - Change non-functional accounts to include redirecting accounts
2019-09-18Add password challenge to 2FA settings, e-mail notifications (#11878)Eugen Rochko
Fix #3961
2019-09-11Change deletes to preserve soft-deleted statuses in unresolved reports (#11805)Eugen Rochko
Change all account actions except "none" to resolve all unresolved reports Refactor `SuspendAccountService` to be more readable
2019-09-06Add timeline read markers API (#11762)Eugen Rochko
Fix #4093
2019-08-06Add trends UI with admin and user settings (#11502)Eugen Rochko
2019-08-05Change admin UI for hashtags and add back whitelisted trends (#11490)Eugen Rochko
Fix #271 Add back the `GET /api/v1/trends` API with the caveat that it does not return tags that have not been allowed to trend by the staff. When a hashtag begins to trend (internally) and that hashtag has not been previously reviewed by the staff, the staff is notified. The new admin UI for hashtags allows filtering hashtags by where they are used (e.g. in the profile directory), whether they have been reviewed or are pending reviewal, they show by how many people the hashtag is used in the directory, how many people used it today, how many statuses with it have been created today, and it allows fixing the name of the hashtag to make it more readable. The disallowed hashtags feature has been reworked. It is now controlled from the admin UI for hashtags instead of from the file `config/settings.yml`
2019-07-26Fix invites not being disabled upon account suspension (#11412)ThibG
* Disable invite links from disabled/suspended users * Add has_many invites relationship to users * Destroy unused invites when suspending an account
2019-07-22Change unconfirmed user login behaviour (#11375)Eugen Rochko
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
2019-07-16Add option to disable real-time updates in web UI (#9984)Eugen Rochko
Fix #9031 Fix #7913
2019-06-26Add option to disable blurhash previews (#11188)ThibG
* Add option to disable blurhash previews * Update option text * Change options order
2019-06-20Add moderation API (#9387)Eugen Rochko
Fix #8580 Fix #7143
2019-06-18Fix User#active scope only returning suspended users (#11111)ThibG
Fix a regression from #10660
2019-05-25Add responsive panels to the single-column layout (#10820)Eugen Rochko
* Add responsive panels to the single-column layout * Fixes * Fix not being able to save the preference * Fix code style issues * Set max-height on the compose textarea and add a link to relationship manager
2019-05-19Fix “invited by” not showing up for invited accounts in admin interface ↵ThibG
(#10791)
2019-05-14Record account suspend/silence time and keep track of domain blocks (#10660)ThibG
* Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive
2019-05-03Change e-mail whitelist/blacklist to not be checked when invited (#10683)Eugen Rochko
* Change e-mail whitelist/blacklist to not be checked when invited And only when creating an account, not when updating it later Fix #10648 * Fix test
2019-05-02Check that an invite link is valid before bypassing approval mode (#10657)ThibG
* Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
2019-04-27Fix approved column being set to nil instead of false (#10642)Eugen Rochko
Fix https://github.com/tootsuite/mastodon/pull/10621#issuecomment-487316619
2019-04-25Fix LDAP/PAM/SAML/CAS users not being approved instantly (#10621)Eugen Rochko
2019-04-10Add preference to disable e-mails about new pending accounts (#10529)Eugen Rochko
2019-04-09Add "why do you want to join" field to invite requests (#10524)Eugen Rochko
* Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted
2019-03-23If registrations have been re-opened when user confirms account, approve ↵Eugen Rochko
(#10349)
2019-03-14Admission-based registrations mode (#10250)Eugen Rochko
Fix #6856 Fix #6951
2019-03-14Refactor User model, extract PamAuthenticable, LdapAuthenticable (#10217)Eugen Rochko
2019-02-20correct opt-out showing application (#10086)Hinaloe
* correct opt-out showing application refs #9994 * Revert "correct opt-out showing application" This reverts commit 0e9bb70f145be42962416a6b87c08d59a2896486. * User#shows_application? calls wrong value
2019-02-02Make displaying application used to toot opt-in (#9897)ThibG
* Make storing and displaying application used to toot opt-in * Revert to storing application info, and display it to the author via API
2019-01-25Fix SSO authentication not working due to missing agreement boolean (#9915)Eugen Rochko
Fix #9906
2019-01-18Fix code style of regeneration-related code (#9843)Eugen Rochko
2019-01-02Improve e-mail digest (#9689)Eugen Rochko
- Reduce time-to-digest from 20 to 7 days - Fetch mentions starting from +1 day since last login - Fix case when last login is more recent than last e-mail - Do not render all mentions, only 40, but show number in subject - Do not send digest to moved accounts - Do send digest to silenced accounts
2018-12-28Improve admin UI for account view (#9643)Eugen Rochko
2018-12-24Add REST API for creating an account (#9572)Eugen Rochko
* Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
2018-12-10Improve e-mail MX validator and add tests (#9489)Eugen Rochko
2018-12-09Add setting to not aggregate reblogs (#9248)ThibG
* Add setting to not aggregate reblogs Fixes #9222 * Handle cases where user is nil in add_to_home and add_to_list * Add hint for setting_aggregate_reblogs option * Reword setting_aggregate_reblogs label
2018-11-26Redesign admin accounts index (#9340)Eugen Rochko
* Improve overview of accounts in admin UI - Display suspended status, role, last activity and IP prominently - Default to showing local accounts - Default to not showing suspended accounts * Remove unused strings * Fix tests * Allow filtering accounts by IP mask
2018-09-25Add a new preference to always hide all media (#8569)ふぁぼ原
2018-09-24Add user preference to always expand toots marked with content warnings (#8762)Matt Sweetman
2018-09-02Add preference for report notification e-mails, skip for duplicates (#8559)Eugen Rochko
If an unresolved report for the same target account already exists, no new notification is generated
2018-08-26Fix low-hanging rubocop gripes (#8458)Quint Guvernator
* rubocop: quit being so picky * rubocop: miscellany * rubocop: prefer present to blank
2018-08-23Allow mods to disable login, improve message when login disabled (#8329)Eugen Rochko
* Allow moderators to disable/enable login * Instead of rejecting login, show forbidden error when login disabled Avoid confusion because when login is rejected, the message is that the account is not activated, which is wrong. * Fix tests
2018-08-19Reduce user active duration from 7 days to 2 days (#8282)Eugen Rochko
To minimize fanout work and redis home feed storage space when there are lots of recent sign-ups
2018-06-17Allow selecting default posting language instead of auto-detect (#7828)Eugen Rochko
* Allow selecting default posting language instead of auto-detect * Enable default language setting in credentials API * Fix form saving
2018-06-17Change language opt-out to language opt-in (#7823)Eugen Rochko
* Switch filtered_languages to chosen_languages * Adjust interface * Remove unused translations