Age | Commit message (Collapse) | Author |
|
support subdomains
* Change domain blocks to automatically support subdomains
If a more authoritative domain is blocked (example.com), then the
same block will be applied to a subdomain (foo.example.com)
* Match subdomains of existing accounts when blocking/unblocking domains
* Improve code style
|
|
`reject_unknown`/graylist mode caveats
|
|
|
|
enabling greylist federation also enable secure mode
|
|
method
|
|
auto-learn known accounts is enabled
|
|
|
|
|
|
|
|
|
|
|
|
have toggle switches in site settings
|
|
avoid accidentally dosing servers when multiple users block a domain
|
|
|
|
|
|
admin-locked accts, also federate `frozen` state
|
|
federate the kobolds~
|
|
|
|
|
|
add federatable `adult content` tag. Handle from remote accounts as well.
|
|
|
|
* Record account suspend/silence time and keep track of domain blocks
* Also unblock users who were suspended/silenced before dates were recorded
* Add tests
* Keep track of suspending date for users suspended through the CLI
* Show accurate number of accounts that would be affected by unsuspending an instance
* Change migration to set silenced_at and suspended_at
* Revert "Also unblock users who were suspended/silenced before dates were recorded"
This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c.
* Switch from using suspended and silenced to suspended_at and silenced_at
* Add post-deployment migration script to remove `suspended` and `silenced` columns
* Use Account#silence! and Account#suspend! instead of updating the underlying property
* Add silenced_at and suspended_at migration to post-migration
* Change account fabricator to translate suspended and silenced attributes
* Minor fixes
* Make unblocking domains always retroactive
|
|
* Add ActivityPub representation for identity proofs
* Add tests
|
|
|
|
* Add Tombstone model to remember object deletion
* Do not recreate a status if it has been deleted
* Record Tombstone for remote deleted items
Also, only record deleted items from same-host actors
* Clear an user's tombstones when their key change
|
|
* Refactor signature verification a bit
* Rescue signature verification if recorded public key is invalid
Fixes #8822
* Always re-fetch AP signing key when HTTP Signature verification fails
But when the account is not marked as stale, avoid fetching collections and
media, and avoid webfinger round-trip.
* Apply stoplight to key/account update as well as initial key retrieval
|
|
|
|
|
|
* Verify link ownership with rel="me"
* Add explanation about verification to UI
* Perform link verifications
* Add click-to-copy widget for verification HTML
* Redesign edit profile page
* Redesign forms
* Improve responsive design of settings pages
* Restore landing page sign-up form
* Fix typo
* Support <link> tags, add spec
* Fix links not being verified on first discovery and passive updates
|
|
* If an Update is signed with known key, skip re-following procedure
Because it means the remote actor did *not* lose their database
* Add CLI method for rotating keys
bin/tootctl accounts rotate [USERNAME]
Generates a new RSA key per account and sends out an Update activity
signed with the old key.
* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts
* Skip suspended accounts in key rotation
|
|
#8376) (#8377)
|
|
Fix #8051
|
|
An explicit error allows user agents to know the error and Sidekiq to
retry.
|
|
Updates account `uri` field on each call to `update_account` instead of
only once during `create_account` to mirror the same behavior in OStatus
`ResolveAccountService` class [0].
ActivityPub accounts are identified using `@username` and `@domain` pair
instead of URI since #6842.
This fixes #7479: a bug when the account identified by `@username` and
`@domain` changes its URI.
[0]:
https://github.com/tootsuite/mastodon/blob/03b69ebc450efc07246bd64204276941b7ede3fc/app/services/resolve_account_service.rb#L121
|
|
|
|
* Store actor type in database
* Add bot nameplate to web UI, add setting to preferences, API, AP
Fix #7365
* Fix code style issues
|
|
* Add equals_or_includes_any? helper in JsonLdHelper
* Support arrays in JSON-LD type fields for actors/tags/objects.
* Spec for resolving accounts with extension types
* Style tweaks for codeclimate
|
|
* Add bio fields
- Fix #3211
- Fix #232
- Fix #121
* Display bio fields in web UI
* Fix output of links and missing fields
* Federate bio fields over ActivityPub as PropertyValue
* Improve how the fields are stored, add to Edit profile form
* Add rel=me to links in fields
Fix #121
|
|
* Ensure SynchronizeFeaturedCollectionWorker is unique and clean up
Fix #7041
* Fix code style issue
|
|
|
|
Federate custom emojis with accounts
|
|
See also: #6837, #6667
|
|
* Federate pinned statuses over ActivityPub
* Display pinned toots in web UI
Fix #6117
* Fix migration
* Fix tests
* Update outbox_serializer.rb
* Update remove_serializer.rb
* Update add_serializer.rb
* Update fetch_featured_collection_service.rb
|
|
* Fix actors accepting invalid URI schemes or different host between URI and URL
* Fix statuses accepting invalid URI scheme or different host to actor
* Adjust tests to new requirements
* Improve readability of mismatching_origin?/invalid_origin? methods
|
|
* Fix #6140 - Update moved-to property when it's removed too
* Remove trailing whitespace
|
|
* Add semi-support for Video/Image objects in ActivityPub
Video and Image objects will create corresponding status records
with manually crafted text contents (title + URL)
* Extract html-url-finding logic into JsonLdHelper
* Fallback to id when url missing, extract supported object types
|
|
* Serialize moved accounts into REST and ActivityPub APIs
* Parse federated moved accounts from ActivityPub
* Add note about moved accounts to public profiles
* Add moved account message to web UI
* Fix code style issues
|
|
Additionally, ActivityPub::FetchRemoteStatusService no longer parses
activities.
OStatus::Activity::Creation no longer delegates to ActivityPub because
the provided ActivityPub representations are not signed while OStatus
representations are.
|
|
* Fix incomplete account records being read
- Put account processing into redis lock
- Do not save until record is complete
* Fix spaces
|
|
* Make RefollowWorker ActivityPub-only to avoid potential identifier mismatches
* Don't call RefollowWorker on new accounts
|