Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.
This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
|
|
|
|
|
|
* Add missing `en.notification_mailer.status.subject`
* Update en.yml
|
|
|
|
|
|
admin UI (#15367)
|
|
For consistency with #15265
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
|
|
* Fix admin being able to suspend their own instance account
* Add text about the instance's own actor in admin view
* Change instance actor notice from flash message to template
* Do not list local instance actor in account moderation list
|
|
* feat: display `invite_request_text` in admin's user account page
* fix: move invite_request to the bottom of accounts page
* fix: remove time display, remove formate, change code terminology
* fix: remove escape
|
|
* Add indication to admin UI of whether a report has been forwarded
* Rework how forwarded status is displayed
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Fixes #15273
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
|
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
* Add ability to export bookmarks
* Add support for importing bookmarks
* Add bookmark import tests
* Add bookmarks export test
|
|
* Add follow selected followers button
* Fix unused variable
* Fix i18n normalize
|
|
|
|
public pages (#15052)
|
|
* Add account sensitized
* Fix i18n normalize
* Fix description and spec
* Fix spec
* Fix wording
|
|
|
|
|
|
* feat: add possibility of adding WebAuthn security keys to use as 2FA
This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add request for WebAuthn as second factor at login if enabled
This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add possibility of deleting WebAuthn Credentials
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: disable WebAuthn when an Admin disables 2FA for a user
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA
Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.
* We had to change a little the flow for setting up TOTP, given that now
it's possible to setting up again if you already had TOTP, in order to
let users modify their authenticator app – given that now it's not
possible for them to disable TOTP and set it up again with another
authenticator app.
So, basically, now instead of storing the new `otp_secret` in the
user, we store it in the session until the process of set up is
finished.
This was because, as it was before, when users clicked on 'Edit' in
the new two-factor methods lists page, but then went back without
finishing the flow, their `otp_secret` had been changed therefore
invalidating their previous authenticator app, making them unable to
log in again using TOTP.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* refactor: fix eslint errors
The PR build was failing given that linting returning some errors.
This commit attempts to fix them.
* refactor: normalize i18n translations
The build was failing given that i18n translations files were not
normalized.
This commits fixes that.
* refactor: avoid having the webauthn gem locked to a specific version
* refactor: use symbols for routes without '/'
* refactor: avoid sending webauthn disabled email when 2FA is disabled
When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.
* refactor: avoid creating new env variable for webauthn_origin config
* refactor: improve flash error messages for webauthn pages
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
|
|
* Increase DNS timeout from 1 second to 5 seconds for MX check
1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.
* Add more precise error messages for invalid e-mail addresses
|
|
* New translations devise.en.yml (Uyghur)
[ci skip]
* New translations doorkeeper.en.yml (Uyghur)
[ci skip]
* New translations en.json (Sorani (Kurdish))
[ci skip]
* New translations en.yml (Sorani (Kurdish))
[ci skip]
* New translations simple_form.en.yml (Sorani (Kurdish))
[ci skip]
* New translations activerecord.en.yml (Sorani (Kurdish))
[ci skip]
* New translations devise.en.yml (Sorani (Kurdish))
[ci skip]
* New translations doorkeeper.en.yml (Sorani (Kurdish))
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.json (Croatian)
[ci skip]
* New translations en.json (Marathi)
[ci skip]
* New translations en.json (Norwegian Nynorsk)
[ci skip]
* New translations en.json (Bengali)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.json (Hindi)
[ci skip]
* New translations en.json (Latvian)
[ci skip]
* New translations en.json (Estonian)
[ci skip]
* New translations en.json (Kazakh)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.json (Urdu (Pakistan))
[ci skip]
* New translations en.json (Chinese Traditional)
[ci skip]
* New translations en.json (Icelandic)
[ci skip]
* New translations en.json (Tamil)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.json (Indonesian)
[ci skip]
* New translations en.json (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Ido)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Corsican)
[ci skip]
* New translations en.json (Serbian (Latin))
[ci skip]
* New translations en.json (Uyghur)
[ci skip]
* New translations en.json (Sorani (Kurdish))
[ci skip]
* New translations en.json (Taigi)
[ci skip]
* New translations en.json (Silesian)
[ci skip]
* New translations en.json (Malay)
[ci skip]
* New translations en.json (Welsh)
[ci skip]
* New translations en.json (Esperanto)
[ci skip]
* New translations en.json (Telugu)
[ci skip]
* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.json (Asturian)
[ci skip]
* New translations en.json (Kannada)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.json (Malayalam)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Bulgarian)
[ci skip]
* New translations en.json (Arabic)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Czech)
[ci skip]
* New translations en.json (Greek)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations en.json (Danish)
[ci skip]
* New translations en.json (German)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Slovenian)
[ci skip]
* New translations en.json (Sardinian)
[ci skip]
* New translations en.json (Romanian)
[ci skip]
* New translations en.json (Occitan)
[ci skip]
* New translations en.json (Chinese Simplified)
[ci skip]
* New translations en.json (Ukrainian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.json (Slovak)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Polish)
[ci skip]
* New translations en.json (Norwegian)
[ci skip]
* New translations en.json (Turkish)
[ci skip]
* New translations en.json (Swedish)
[ci skip]
* New translations en.json (Serbian (Cyrillic))
[ci skip]
* New translations en.json (Albanian)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (Armenian)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Macedonian)
[ci skip]
* New translations en.json (Lithuanian)
[ci skip]
* New translations en.json (Georgian)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (German)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.json (Albanian)
[ci skip]
* New translations en.json (Corsican)
[ci skip]
* New translations simple_form.en.yml (Dutch)
[ci skip]
* New translations simple_form.en.yml (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.json (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Occitan)
[ci skip]
* New translations en.json (Occitan)
[ci skip]
* New translations en.yml (Occitan)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.json (Arabic)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.json (Icelandic)
[ci skip]
* New translations en.json (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Indonesian)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.json (Tamil)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.json (Bengali)
[ci skip]
* New translations en.json (Marathi)
[ci skip]
* New translations en.json (Albanian)
[ci skip]
* New translations en.json (Serbian (Cyrillic))
[ci skip]
* New translations en.json (Swedish)
[ci skip]
* New translations en.json (Turkish)
[ci skip]
* New translations en.json (Chinese Traditional)
[ci skip]
* New translations en.json (Urdu (Pakistan))
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.json (Welsh)
[ci skip]
* New translations en.json (Esperanto)
[ci skip]
* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.json (Malayalam)
[ci skip]
* New translations en.json (Telugu)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.json (Kannada)
[ci skip]
* New translations en.json (Uyghur)
[ci skip]
* New translations en.json (Croatian)
[ci skip]
* New translations en.json (Norwegian Nynorsk)
[ci skip]
* New translations en.json (Kazakh)
[ci skip]
* New translations en.json (Estonian)
[ci skip]
* New translations en.json (Latvian)
[ci skip]
* New translations en.json (Hindi)
[ci skip]
* New translations en.json (Malay)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Arabic)
[ci skip]
* New translations en.json (Bulgarian)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Czech)
[ci skip]
* New translations en.json (Danish)
[ci skip]
* New translations en.json (German)
[ci skip]
* New translations en.json (Greek)
[ci skip]
* New translations en.json (Romanian)
[ci skip]
* New translations en.json (Slovenian)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Chinese Simplified)
[ci skip]
* New translations en.json (Slovak)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Ukrainian)
[ci skip]
* New translations en.json (Norwegian)
[ci skip]
* New translations en.json (Lithuanian)
[ci skip]
* New translations en.json (Macedonian)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Polish)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (Armenian)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Georgian)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (Ido)
[ci skip]
* New translations en.json (Taigi)
[ci skip]
* New translations en.json (Silesian)
[ci skip]
* New translations en.json (Sardinian)
[ci skip]
* New translations en.json (Occitan)
[ci skip]
* New translations en.json (Sorani (Kurdish))
[ci skip]
* New translations en.json (Asturian)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Serbian (Latin))
[ci skip]
* New translations en.json (Corsican)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (German)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Esperanto)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.json (Esperanto)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (Corsican)
[ci skip]
* New translations en.json (Corsican)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.json (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Albanian)
[ci skip]
* i18n-tasks normalize
* yarn manage:translations
|
|
Some translations of that string are single-line, which somehow seems to make
Crowdin issue a blank newline at the end of those translations.
This, in turns, leads to different results when running “i18n-tasks normalize”
depending on the version of libyaml installed, making the CI fail if it
runs a different version than whoever ran “i18n-tasks normalize”.
Since there is no real reason for that source string to be multi-line (it is
only displayed in HTML, without replacing newlines by <br/> tags),
attempt to fix Crowdin export by making the source string single-line.
|
|
* Change move handler to carry blocks and mutes over
When user A blocks user B and B moves to a new account C, make A block C
accordingly.
Note that it only works if A's instance is aware of the Move, that is,
if B is on A's instance or has followers there.
* Also notify instances with known people blocking you when moving
* Add automatic account notes when blocking/muting an account that had no note
|
|
* Add UserNote model
* Add UI for user notes
* Put comment in relationships entity
* Add API to create user notes
* Copy user notes to new account when receiving a Move activity
* Address some of the review remarks
* Replace modal by inline edition
* Please CodeClimate
* Button design changes
* Change design again
* Cancel note edition when pressing Escape
* Fixes
* Tweak design again
* Move “Add note” item, and allow users to add notes to themselves
* Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
|
|
Localization strings:
- "Whitelist mode" -> "Limited federation mode"
- "Blacklist e-mail domain" -> "Block e-mail domain"
- "Whitelist domain" -> "Allow domain for federation"
...And so on
Environment variables (backwards-compatible):
- `WHITELIST_MODE` -> `LIMITED_FEDERATION_MODE`
- `EMAIL_DOMAIN_BLACKLIST` -> `EMAIL_DOMAIN_DENYLIST`
- `EMAIL_DOMAIN_WHITELIST` -> `EMAIL_DOMAIN_ALLOWLIST`
tootctl:
- `tootctl domains purge --whitelist-mode` -> `tootctl domains purge --limited-federation-mode`
Removed badly maintained and no longer relevant .env.production.sample file
|
|
- Fix audio attachments not being represented in OpenGraph tags
- Fix audio being represented as "1 image" in OpenGraph descriptions
- Fix video metadata being overwritten by paperclip-av-transcoder
- Fix embedded player not using Mastodon's UI
- Fix audio/video progress bars not moving smoothly
- Fix audio/video buffered bars not displaying correctly
|
|
(#13930)
|
|
|
|
* Display appropriate error when performing unpermitted operation on custom emoji
Fixes #13897
* Remove links to custom emoji actions not performable by moderators
|
|
Fixes #13949
|
|
|
|
Fixes the confusion mentioned in https://github.com/tootsuite/mastodon/issues/12216. Suggestion of this fix provided by https://github.com/tootsuite/mastodon/issues/12216#issuecomment-564918757.
|
|
Fix #12613
|
|
* Fix error not being displayed when adding an account alias, add error for self-references
Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
* Add “You have no aliases.” note in confusing empty aliases table
Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
|
|
|
|
* Fix 404 and 410 API errors being silently discarded in WebUI
Fixes #13278
* Return more appropriate error when user replies to a deleted toot
* Please CodeClimate
* Fix 404/410 errors on fetching account timelines & identity proofs
* Refactor error handling
* Move error message string to statuses.errors
|
|
in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
|
|
|
|
(#13210)
Fix #9106
|
|
* Allow deleting site uploads
* Refactor and move links into hints
* Fix i18n tests
* Fix HTML output of site_upload_delete_hint
|
|
|