about summary refs log tree commit diff
path: root/app/models
AgeCommit message (Collapse)Author
2020-06-30Add user notes on accounts (#14148)ThibG
* Add UserNote model * Add UI for user notes * Put comment in relationships entity * Add API to create user notes * Copy user notes to new account when receiving a Move activity * Address some of the review remarks * Replace modal by inline edition * Please CodeClimate * Button design changes * Change design again * Cancel note edition when pressing Escape * Fixes * Tweak design again * Move “Add note” item, and allow users to add notes to themselves * Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
2020-06-29Fix trying to write non-existent image remote URL attribute on preview cards ↵Eugen Rochko
(#14181) Regression from #14145
2020-06-29Add customizable thumbnails for audio and video attachments (#14145)Eugen Rochko
- Change audio files to not be stripped of metadata - Automatically extract cover art from audio if it exists - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id` - Add `icon` to represent it in attachments in ActivityPub - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null - Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-25Fix various issues around OpenGraph representation of media (#14133)Eugen Rochko
- Fix audio attachments not being represented in OpenGraph tags - Fix audio being represented as "1 image" in OpenGraph descriptions - Fix video metadata being overwritten by paperclip-av-transcoder - Fix embedded player not using Mastodon's UI - Fix audio/video progress bars not moving smoothly - Fix audio/video buffered bars not displaying correctly
2020-06-09Add e-mail-based sign in challenge for users with disabled 2FA (#14013)Eugen Rochko
2020-06-05Add blurhash to preview cards (#13984)ThibG
Fixes #13001
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-06-01Fix admin page crashing when trying to block an invalid domain name (#13884)ThibG
* Fix admin page crashing when trying to block an invalid domain name Fixes #13880 * Fix trailing and leading spaces not being properly stripped for domain blocks
2020-05-24Fix csv upload (#13835)Takeshi Umeda
2020-05-23Fix searchable status without explicitly mentioning it (#13829)Takeshi Umeda
2020-05-12Bump doorkeeper from 5.3.3 to 5.4.0 (#13733)dependabot-preview[bot]
* Bump doorkeeper from 5.3.3 to 5.4.0 Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.3.3 to 5.4.0. - [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases) - [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md) - [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.3.3...v5.4.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Fix tests * Fix use of Doorkeeper::AccessToken.find_or_create_for * Fix tests? Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Thibaut Girka <thib@sitedethib.com>
2020-05-10Refactor monkey-patching of Goldfinger (#12561)Eugen Rochko
2020-05-10Add remote only to public timeline (#13504)Takeshi Umeda
* Add remote only to public timeline * Fix code style
2020-05-10Improve RSS entries for statuses (#13592)ThibG
* Improve RSS entries for statuses - Render polls in both accounts and tags serializers - Refactor RSS serializers - Change title preview to include ellipsis when truncated - Change title preview to show CW instead of toot text - Add tests * Remove title from OEmbed serialization Twitter doesn't serialize title either, and tihs allows us to move the title formatting code to the RSS serializers.
2020-05-08Fix followings list order | Issue #13538 (#13676)Taras Gogol
2020-05-03Revert "improve status title (#8596)" (#13591)Yamagishi Kazutoshi
This reverts commit 05756c9a14864655ae6777505a4ee5cfa9b0ee93.
2020-05-03Add more tests for ActivityPub controllers (#13585)Eugen Rochko
2020-04-30Only check locally when deduplicating usernames (#13581)kaiyou
When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1. This fixes #13580
2020-04-26Add separate cache directory for non-local uploads (#12821)Eugen Rochko
2020-04-23Fix enable/disable relay failures (#13535)Takeshi Umeda
2020-04-15Fix confusing error when failing to add an alias to an unknown account (#13480)ThibG
Follow-up to #13452, fixing broken `uri.nil?` test. Also remove the separate check for `uri` presence, as that would result in a “Please review 2 errors below” while only one would be listed.
2020-04-15Change delivery failure tracking to work with hostnames instead of URLs (#13437)Eugen Rochko
2020-04-15Fix “Email changed” notification sometimes having wrong e-mail (#13475)ThibG
* Fix “Email changed” notification sometimes having wrong e-mail Fixes #6778 The root of the issue is that `send_devise_notification` was called before the changes were properly commited to the database, causing the mailer to pick previous values if running too early. Devise's documentation provides guidance on how to handle that[1][2], however, I have found it to not be working, as the following happens, in that order: - `send_devise_notification` is called for the `email_changed` notification. In that case, `changed?` is false and `saved_changes?` is true, so if we use the former, we have the same issue. - the `after_commit` hook is called - `send_devise_notification` is called for the `confirmation_instructions` notification. In that case, `changed?` is still false, and `saved_changes?` still true, so if we use the latter, that second notification email is simply not going to be sent (as we would be queuing the notification *after* executing the after_commit hook). This is because it may be called from either an `after_update` or `after_commit` hook, the difference not being a call to `save` but the transaction actually being committed to the database. This may arguably be a bug in Devise, or Devise's notification. The proposed workaround is inspired by Devise's documentation but checks whether a transaction is open to make the call whether to immediately send the notification or defer it to the `after_commit` hook. [1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification [2]: https://github.com/heartcombo/devise/blob/406915cb781e38255a30ad2a0609e33952b9ec50/lib/devise/models/authenticatable.rb#L133-L194 * Fix cases when sending notifications without changing the model * Defer sending if and only if in transaction including current record
2020-04-13Fix account aliases page (#13452)ThibG
* Fix error not being displayed when adding an account alias, add error for self-references Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org> * Add “You have no aliases.” note in confusing empty aliases table Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org> Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-04-05Add rate limit for reporting (#13390)Eugen Rochko
2020-04-05Fix PostgreSQL load when linking in announcements (#13250)ThibG
* Fix PostgreSQL load when linking in announcements Fixes #13245 by caching status lookups Since statuses are supposed to be known already and we only need their URLs and a few other things, caching them should be fine. Since it's only used by announcements so far, there won't be much statuses to cache. * Perform status lookup when saving announcements, not when rendering them * Change EntityCache#status to fetch URLs instead of looking into the database * Move announcement link lookup to publishing worker * Address issues pointed out during review
2020-04-03Add ability to filter audit log in admin UI (#13381)Eugen Rochko
2020-03-26Change `tootctl media remove-orphans` to work for all classes (#13316)Eugen Rochko
Change `tootctl media lookup` to not use an interactive prompt
2020-03-21Make bookmarks also searchable (#13271)Jeong Arm
2020-03-21Fix reported accounts not being whitelisted when resolving a spamcheck ↵ThibG
report (#13289)
2020-03-12Add option to include resolved DNS records when blacklisting e-mail domains ↵Eugen Rochko
in admin UI (#13254) * Add shortcuts to blacklist a user's e-mail domain in admin UI * Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12Add titles to warning presets in admin UI (#13252)Eugen Rochko
2020-03-10Fix videos with unsupported colorspace not being transcoded (#13242)ThibG
2020-03-09Fix MP4 (H264 + AAC) video files being needlessly re-encoded (#13239)ThibG
2020-03-09Change video uploads to always be converted to H264/MP4 (#13220)Eugen Rochko
Even if the container format is the same (.mp4), the codec could be different and not playable in web browsers
2020-03-09Change video uploads to enforce certain limits (#13218)Eugen Rochko
- Dimensions at most 1920x1200 - Frame rate at most 60
2020-03-09Add federation support for the "hide network" preference (#11673)ThibG
* Change ActivityPub follower/following collections to not link first page * Add support for hiding followers and following of remote users * Switch to using a single `hide_collections` column * Address code style remarks
2020-03-08Change local media attachments to perform heavy processing asynchronously ↵Eugen Rochko
(#13210) Fix #9106
2020-03-08Add support for links to statuses in announcements to be opened in web UI ↵ThibG
(#13212) * Add support for links to public statuses in announcements to be opened in WebUI * Please CodeClimate
2020-03-08Add sorting by username, creation and last activity in moderation view (#13076)ThibG
* Add ability to order accounts in moderation view * Display last status date in “Most recent activity” for remote users
2020-03-08Add specific rate limits for posting and following (#13172)Eugen Rochko
2020-03-05Fix "tootctl media remove-orphans" crashing when encountering invalid media ↵Eugen Rochko
(#13170) Fixes #13168
2020-02-28Fix announcements with fully-qualified mention to local user crashing WebUI ↵ThibG
(#13164)
2020-02-03Fix remote convertible media attachments not being saved (#13032)Eugen Rochko
Because the file name was set after loading the file, Paperclip was flagging the differing file extension as content type spoofing Fix #12938
2020-02-01Search account domain in lowercase (#13016)abcang
* Search account domain in lowercase * fix rubocop error * fix spec/models/account_spec.rb
2020-01-27Add publish/unpublish controls to announcements in admin UI (#12967)Eugen Rochko
2020-01-26Fix expired announcements being re-published (#12964)Eugen Rochko
2020-01-26Add streaming API updates for announcements being modified or deleted (#12963)Eugen Rochko
Change `all_day` to be a visual client-side cue only Publish immediately if `scheduled_at` is in the past Add `published_at` and `updated_at` to announcements JSON
2020-01-25Fix user disabling changing activity timestamps, fix nil error (#12943)Eugen Rochko
2020-01-24Fix password change/reset not immediately invalidating other sessions (#12928)Eugen Rochko
While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.