Age | Commit message (Collapse) | Author |
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
* Add account sensitized
* Fix i18n normalize
* Fix description and spec
* Fix spec
* Fix wording
|
|
|
|
Fixes #13882
|
|
|
|
* feat: add possibility of adding WebAuthn security keys to use as 2FA
This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add request for WebAuthn as second factor at login if enabled
This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add possibility of deleting WebAuthn Credentials
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: disable WebAuthn when an Admin disables 2FA for a user
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA
Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.
* We had to change a little the flow for setting up TOTP, given that now
it's possible to setting up again if you already had TOTP, in order to
let users modify their authenticator app – given that now it's not
possible for them to disable TOTP and set it up again with another
authenticator app.
So, basically, now instead of storing the new `otp_secret` in the
user, we store it in the session until the process of set up is
finished.
This was because, as it was before, when users clicked on 'Edit' in
the new two-factor methods lists page, but then went back without
finishing the flow, their `otp_secret` had been changed therefore
invalidating their previous authenticator app, making them unable to
log in again using TOTP.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* refactor: fix eslint errors
The PR build was failing given that linting returning some errors.
This commit attempts to fix them.
* refactor: normalize i18n translations
The build was failing given that i18n translations files were not
normalized.
This commits fixes that.
* refactor: avoid having the webauthn gem locked to a specific version
* refactor: use symbols for routes without '/'
* refactor: avoid sending webauthn disabled email when 2FA is disabled
When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.
* refactor: avoid creating new env variable for webauthn_origin config
* refactor: improve flash error messages for webauthn pages
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
|
|
ran `yarn manage:translations en`
|
|
|
|
in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
|
|
|
|
|
|
|
|
* Add announcements
Fix #11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
|
|
|
|
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations doorkeeper.en.yml (Japanese)
[ci skip]
* New translations doorkeeper.en.yml (Welsh)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Ukrainian)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations devise.en.yml (German)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations devise.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.json (Welsh)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations en.json (Welsh)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Czech)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations activerecord.en.yml (Basque)
[ci skip]
* New translations devise.en.yml (Basque)
[ci skip]
* New translations en.yml (Asturian)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations activerecord.en.yml (Tamil)
[ci skip]
* New translations devise.en.yml (Tamil)
[ci skip]
* New translations devise.en.yml (Tamil)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Danish)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations activerecord.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations devise.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Czech)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.json (Turkish)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.json (Asturian)
[ci skip]
* New translations en.yml (Asturian)
[ci skip]
* New translations en.json (Asturian)
[ci skip]
* New translations en.yml (Asturian)
[ci skip]
* New translations simple_form.en.yml (Asturian)
[ci skip]
* New translations en.yml (Danish)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Kazakh)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.json (Polish)
[ci skip]
* New translations en.json (Polish)
[ci skip]
* New translations en.json (Ukrainian)
[ci skip]
* New translations en.yml (Ukrainian)
[ci skip]
* New translations en.yml (Ukrainian)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations simple_form.en.yml (Esperanto)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.json (Swedish)
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations doorkeeper.en.yml (Catalan)
[ci skip]
* New translations activerecord.en.yml (Catalan)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations devise.en.yml (Catalan)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations simple_form.en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Japanese)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations doorkeeper.en.yml (Korean)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations doorkeeper.en.yml (German)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations doorkeeper.en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations doorkeeper.en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations doorkeeper.en.yml (Russian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations doorkeeper.en.yml (Catalan)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations doorkeeper.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Kazakh)
[ci skip]
* New translations doorkeeper.en.yml (Kazakh)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations doorkeeper.en.yml (Persian)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations doorkeeper.en.yml (Turkish)
[ci skip]
* New translations doorkeeper.en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations doorkeeper.en.yml (Tamil)
[ci skip]
* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations doorkeeper.en.yml (Estonian)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations doorkeeper.en.yml (Arabic)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations doorkeeper.en.yml (Portuguese)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations activerecord.en.yml (Icelandic)
[ci skip]
* New translations devise.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Corsican)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Swedish)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.json (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations doorkeeper.en.yml (Esperanto)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations doorkeeper.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations doorkeeper.en.yml (Italian)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations doorkeeper.en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations doorkeeper.en.yml (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Czech)
[ci skip]
* New translations doorkeeper.en.yml (Czech)
[ci skip]
* New translations doorkeeper.en.yml (Basque)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations doorkeeper.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Greek)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* i18n-tasks normalize
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* yarn manage:translations
* New translations en.yml (Thai)
[ci skip]
|
|
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
|
|
|
|
|
|
Fix #10736
- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
|
|
Fix #3961
|
|
* Add search and sort functions to hashtag admin UI
* Move scope processing from tags_controller to tag_filter
* Fix based on method naming conventions
* Fixed not to get 500 errors for invalid requests
|
|
* Add profile directory to web UI
* Add a line of bio to the directory
|
|
* Add translation target for hashtag.
* run `yarn manage:translations en`
|
|
|
|
* Add more accurate hashtag search
Using ElasticSearch to index hashtags with edge n-grams and score
them by usage within the last 7 days since last activity. Only
hashtags that have been reviewed and are listable can appear in
searches, unless they match the query exactly
* Fix search analyzer dropping non-ascii characters
|
|
|
|
Fix #271
Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.
When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.
The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.
The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
|
|
|
|
Fix #9031
Fix #7913
|
|
* Add option to disable blurhash previews
* Update option text
* Change options order
|
|
|
|
* Add responsive panels to the single-column layout
* Fixes
* Fix not being able to save the preference
* Fix code style issues
* Set max-height on the compose textarea and add a link to relationship manager
|
|
|
|
* Add "why do you want to join" field to invite requests
Fix #10512
* Remove unused translations
* Fix broken registrations when no invite request text is submitted
|
|
|
|
* Add hashtag filter to profiles
GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag
* Display featured hashtags on public profile
* Use separate model for featured tags
* Update featured hashtag counters on-write
* Limit featured tags to 10
|
|
* Make storing and displaying application used to toot opt-in
* Revert to storing application info, and display it to the author via API
|
|
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
|
|
* Add setting to not aggregate reblogs
Fixes #9222
* Handle cases where user is nil in add_to_home and add_to_list
* Add hint for setting_aggregate_reblogs option
* Reword setting_aggregate_reblogs label
|
|
Fix #5578
|
|
* Remove display name and bio counter hint, simply limit input
* Remove now redundant translations
* Fix code style issue
|
|
|
|
|
|
* Verify link ownership with rel="me"
* Add explanation about verification to UI
* Perform link verifications
* Add click-to-copy widget for verification HTML
* Redesign edit profile page
* Redesign forms
* Improve responsive design of settings pages
* Restore landing page sign-up form
* Fix typo
* Support <link> tags, add spec
* Fix links not being verified on first discovery and passive updates
|
|
If an unresolved report for the same target account already exists,
no new notification is generated
|
|
|
|
* Add federation relay support
* Add admin UI for managing relays
* Include actor on relay-related activities
* Fix i18n
|
|
(#8004)
* Add Japanese translation for "Whole word" and add it's description.
* Fix to enable "Whole-word" selection.
|
|
* Add more granular OAuth scopes
* Add human-readable descriptions of the new scopes
* Ensure new scopes look good on the app UI
* Add tests
* Group scopes in screen and color-code dangerous ones
* Fix wrong extra scope
|
|
* Add keyword filtering
GET|POST /api/v1/filters
GET|PUT|DELETE /api/v1/filters/:id
- Irreversible filters can drop toots from home or notifications
- Other filters can hide toots through the client app
- Filters use a phrase valid in particular contexts, expiration
* Make sure expired filters don't get applied client-side
* Add missing API methods
* Remove "regex filter" from column settings
* Add tests
* Add test for FeedManager
* Add CustomFilter test
* Add UI for managing filters
* Add streaming API event to allow syncing filters
* Fix tests
|