about summary refs log tree commit diff
path: root/app/views/settings
AgeCommit message (Collapse)Author
2020-08-30Adapt 2FA changes to glitch-soc's theming systemThibaut Girka
2020-08-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream change too close to a glitch-soc change related to instance-local toots. Merged upstream changes. - `app/services/fan_out_on_write_service.rb`: Minor conflict due to glitch-soc's handling of Direct Messages, merged upstream changes. - `yarn.lock`: Not really a conflict, caused by glitch-soc-only dependencies being textually too close to updated upstream dependencies. Merged upstream changes.
2020-08-24Add WebAuthn as an alternative 2FA method (#14466)santiagorodriguez96
* feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-05-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile.lock`: Not a real conflict, just a glitch-soc-only dependency too close to a dependency that got updated upstream. Updated as well. - `app/models/status.rb`: Not a real conflict, just a change too close to glitch-soc-changed code for optionally showing boosts in public timelines. Applied upstream changes. - `app/views/layouts/application.html.haml`: Upstream a new, static CSS file, conflict due to glitch-soc's theming system, include the file regardless of the theme. - `config/initializers/content_security_policy.rb`: Upstream dropped 'unsafe-inline' from the 'style-src' directive, but both files are very different. Removed 'unsafe-inline' as well.
2020-05-10Add ability to remove identity proofs from account (#13682)Eugen Rochko
Fix #12613
2020-05-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Upstream disabled the embed controller for reblogs. Not a real conflict, but glitch-soc has an extra line to deal with its theming system. Ported upstream changes. - `app/javascript/packs/public.js`: Upstream made changes to get rid of most inline CSS, this changes javascript for public pages, which in glitch are split between different files. Ported those changes. - `app/models/status.rb`: Upstream changed the block check in `Status#permitted_for` to include domain-block checks. Not a real conflict with glitch-soc, but our scope is slightly different, as our scope for unauthenticated access do not include instance-local toots. Ported upstream changes. - `app/serializers/rest/instance_serializer.rb`: Not a real conflict, upstream added a new field to the instance serializer, the conflict is one line above since we added more of that. Ported upstream changes. - `app/views/settings/profiles/show.html.haml`: Upstream got rid of most inline CSS and moved hidden elements to data attributes in the process, in fields were we have different values. Ported upstream changes while keeping our glitch-specific values. - `app/views/statuses/_simple_status.html.haml`: Upstream got rid of inline CSS on an HAML line we treat differently, stripping empty text nodes. Ported upstream changes to the style attribute, keeping the empty text node stripping behavior.
2020-04-28Fix end-user-facing uses of inline CSS (#13438)ThibG
* Move some inline styles to CSS files * Move default_account_display_name span to fix useless tags with duplicate id * Change handling of public pages spoiler text from inline CSS to dataset attribute * Use the `dir` HTML attribute instead of inline CSS * Move status action bar inline CSS to CSS file * Hide logo resources from CSS file, not inline CSS Fixes #11601 * Move translation prompt styling from inline CSS to CSS file * Move “invited by” styling on registration form from inline to CSS file * Use the progress tag to display poll results in JS fallback * Fix poll results JS-less fallback when the user has voted for an option * Change account public page “moved” notice to use img tags instead of inline CSS * Move OTP hint inline CSS to SCSS file * Hide JS-less fallback vote progressbars from accessibility tools Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-20Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-04-20Allow users to delete their header and avatar (#13234)sternenseemann
This is achieved by sending a DELETE request to /settings/profile/pictures/{avatar,header} via a link that is part of the upload form's hint of the respective picture.
2020-04-15Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `package.json`: No real conflict, upstream updated a dependency which is textually adjacent to a glitch-soc-specific dependency. Updated it. - `yarn.lock`: No real conflict, upstream updated a dependency which is textually adjacent to a glitch-soc-specific dependency. Updated it.
2020-04-13Fix account aliases page (#13452)ThibG
* Fix error not being displayed when adding an account alias, add error for self-references Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org> * Add “You have no aliases.” note in confusing empty aliases table Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org> Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-03-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/api/v1/statuses_controller.rb`: Conflict due to upstream adding a new parameter (with_rate_limit), too close to glitch-soc's own additional parameter (content_type). Added upstream's parameter. - `app/services/post_status_service.rb`: Conflict due to upstream adding a new parameter (rate_limit), too close to glitch-soc's own additional parameter (content_type). Added upstream's parameter. - `app/views/settings/preferences/appearance/show.html.haml`: Conflict due to us not exposing theme settings here (as we have a different flavour/skin menu). Took upstream change, while still not exposing theme settings. - `config/webpack/shared.js`: Coding style fixes for a part we have rewritten. Discarded upstream changes.
2020-03-08Add submit button to the top of preferences pages (#13068)guigeekz
* Move submit button to the top of the edit page * Duplicate save button on long form * Fix click submit on profile spec
2020-01-20Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/javascript/packs/public.js`: Upstream removed an unused function in code that has been refactored a bit. Removed that function in the corresponding places.
2020-01-20Various fixes and improvements (#12878)Eugen Rochko
* Fix unused role routes being generated * Remove unused JavaScript code * Refactor filters code to be DRYer * Fix `.count == 0` comparisons to `.empty?` in views * Fix filters in views
2020-01-12Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile.lock`: No real conflict, glitch-soc-only dependency (redcarpet) too close to an upstream one (rdf-normalize) - `README.md`: we have different READMEs, discarded upstream's changes - `app/views/admin/custom_emojis/index.html.haml`: No real conflict, different context because of glitch-soc theming - `lib/mastodon/statuses_cli.rb`: Upstream added code to keep bookmarked statuses, we were already doing so with slightly different code. Discarded upstream's changes. - `package.json`: No real conflict, glitch-soc-only dependency (favico.js) too close to an upstream one
2020-01-11Use heading actions and placeholders in settings (#12801)Sasha Sorokin
This commit: - Refactors centered text blocks currently used for placeholders for empty tables and puts styles for it in separate class - .centered-text, simply aliasing text-align: center. Which is furtherly used in this commit. - Improves applications settings page to use heading actions, moving "New application" button there, and displaying placeholder "You have no applications" in place of empty table. - Improves custom emoji settings page to use heading action for "Upload" button, making it more easily accessible without need to scroll through all of the emojis. - Improves email domain blocks settings page, moving "Add new" to the heading actions and using placeholder "No e-mail domains currently blacklisted" instead of showing empty table.
2020-01-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/application_controller.rb`: Conflict due to theming system. - `app/controllers/oauth/authorizations_controller.rb`: Conflict due to theming system.
2019-12-31Add translation project promotion link (#12736)Sasha Sorokin
This commit adds promotional notice on appearance settings about translation project if any other locale than English is used. It allows users to learn and contribute translations to Mastodon. Step ahead, in this commit one unusual string is added - link to a guide. By default it refers to Crowdin project itself, but if any of Mastodon localization teams established their own guide, they can refer it. Or, if Crowdin supports localized domain for language, it can also be put there (e.g. https://fr.crowdin.com/...).
2019-12-19Merge branch 'master' into glitch-soc/masterThibaut Girka
Conflicts: - `config/locales/en.yml` No real conflict, upstream added a translatable string “too close” to one specific to glitch-soc - `lib/mastodon/statuses_cli.rb` Fixes made upstream, while changed in glitch-soc to keep bookmarked statuses - `package.json` No real conflict, additional dependency in glitch-soc
2019-12-19Use different strings on exports page (#12569)Sasha Sorokin
Currently the page re-uses strings from other contexts which doesn't fit very well - strings incorrectly lowercase-d and pluralized, when they don't need to be, because it's a table. This commit changes page to re-use accounts.posts_tab_heading for toots, and admin.accounts for "Following" and "Follows". This all should look more aesthetically pleasing.
2019-12-12Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/application_controller.rb Minor conflict due to glitch-soc's theming system
2019-12-09Use codeblock for native redirect URI (#12570)Sasha Sorokin
This commit changes how doorkeeper.applications.help.native_redirect_uri string is being formatted to use <code> tag for native_redirect_uri placeholder. This makes the URI look more distinguishable.
2019-12-07Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - package.json Not really a conflict, caused by an additional dependency in glitch-soc. - yarn.lock Not really a conflict, caused by an additional dependency in glitch-soc.
2019-12-02Fix notifications label (#12517)mayaeh
* Fix translations not being displayed * ran `yarn manage:translations en`
2019-11-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-11-29Improve notifications page (#12497)Sasha Sorokin
Currently notifications page seems a bit cluttered with no clear separation between e-mail and filtering settings. This commit tries to address them by adding clear separation with headers, hints and removing continuously reused texts for events checkboxes.
2019-10-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - README.md - app/helpers/statuses_helper.rb Upstream moved account helpers to their own file, we had extra helpers there, moved too. - app/lib/sanitize_config.rb - app/models/user.rb - app/serializers/initial_state_serializer.rb - config/locales/simple_form.en.yml - spec/lib/sanitize_config_spec.rb
2019-10-24Add setting for whether to crop images in unexpanded toots (#12126)Faye Duxovni
2019-09-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile - Gemfile.lock - app/controllers/about_controller.rb - app/controllers/auth/sessions_controller.rb
2019-09-29Add (back) option to set redirect notice on account without moving followers ↵Eugen Rochko
(#11994) Fix #11913
2019-09-19Add account migration UI (#11846)Eugen Rochko
Fix #10736 - Change data export to be available for non-functional accounts - Change non-functional accounts to include redirecting accounts
2019-09-18Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/auth/sessions_controller.rb Minor conflict due to glitch-soc's theming code
2019-09-18Add password challenge to 2FA settings, e-mail notifications (#11878)Eugen Rochko
Fix #3961
2019-09-18Fix TOTP codes not being filtered from logs during enabling/disabling (#11877)Eugen Rochko
Not a serious issue because they are meaningless past single use
2019-09-15Fix 2FA challenge and password challenge for non-database users (#11831)Eugen Rochko
* Fix 2FA challenge not appearing for non-database users Fix #11685 * Fix account deletion not working when using external login Fix #11691
2019-09-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-09-04Change account deletion page to have better explanations (#11753)Eugen Rochko
Fix deletion of unconfirmed account not freeing up the username Add prefill of logged-in user's email in the reconfirmation form
2019-08-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/views/directories/index.html.haml Upstream has redesigned the profile directory, and we had a glitch-soc-specific change to hide follower counts. Ported that change to the new design.
2019-08-30Add profile directory to web UI (#11688)Eugen Rochko
* Add profile directory to web UI * Add a line of bio to the directory
2019-08-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/home_controller.rb - app/controllers/shares_controller.rb - app/javascript/packs/public.js - app/models/status.rb - app/serializers/initial_state_serializer.rb - app/views/home/index.html.haml - app/views/layouts/public.html.haml - app/views/public_timelines/show.html.haml - app/views/shares/show.html.haml - app/views/tags/show.html.haml - config/initializers/content_security_policy.rb - config/locales/en.yml - config/webpack/shared.js - package.json
2019-08-17Add explanation to featured hashtags page and profile (#11586)Eugen Rochko
2019-08-12Add option to disable emoji replacementsThibaut Girka
Fixes #647 The option is found in `/settings` (because that was easier to write it this way) but only affects the glitch-soc front-end.
2019-08-07Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/user.rb - app/serializers/initial_state_serializer.rb - app/views/admin/dashboard/index.html.haml - config/locales/simple_form.en.yml
2019-08-06Add trends UI with admin and user settings (#11502)Eugen Rochko
2019-08-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-08-05Change admin UI for hashtags and add back whitelisted trends (#11490)Eugen Rochko
Fix #271 Add back the `GET /api/v1/trends` API with the caveat that it does not return tags that have not been allowed to trend by the staff. When a hashtag begins to trend (internally) and that hashtag has not been previously reviewed by the staff, the staff is notified. The new admin UI for hashtags allows filtering hashtags by where they are used (e.g. in the profile directory), whether they have been reviewed or are pending reviewal, they show by how many people the hashtag is used in the directory, how many people used it today, how many statuses with it have been created today, and it allows fixing the name of the hashtag to make it more readable. The disallowed hashtags feature has been reworked. It is now controlled from the admin UI for hashtags instead of from the file `config/settings.yml`
2019-07-16Add option to disable real-time updates in web UI (#9984)Eugen Rochko
Fix #9031 Fix #7913
2019-07-16Add option to disable real-time updates in web UI (#9984)Eugen Rochko
Fix #9031 Fix #7913
2019-06-26Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/settings/preferences_controller.rb - app/lib/user_settings_decorator.rb - app/models/user.rb - config/locales/simple_form.en.yml