| Age | Commit message (Collapse) | Author |
|---|
|
whitelist/secure mode
Fix relays UI referencing relay that is not functional
|
|
* Add automatic blocklist display in /about/blocks
Inspired by https://github.com/Gargron/mastodon.social-misc
* Add admin option to set who can see instance blocks
* Normalize locales files
* Rename “Sandbox” to “Silence” for consistency
* Disable /about/blocks when in whitelist mode
* Optionally display rationale for domain blocks
* Only display domain blocks that have user-facing limitations, and order them
* Redesign table of blocked domains to better handle long domain names and rationales
* Change domain blocks ordering now that rationales aren't displayed right away
* Only show explanation for block severities actually in use
* Reword instance block explanations and add disclaimer for public fetch mode
|
|
|
|
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
|
|
exceptions and missing error templates
|
|
|
|
Fix #6462
|
|
even if file is not stored
Change the behaviour of remotable concern. Previously, it would skip
downloading an attachment if the stored remote URL is identical to
the new one. Now it would not be skipped if the attachment is not
actually currently stored by Paperclip.
|
|
* Add nodeinfo endpoint
* dont commit stuff from my local dev
* consistant naming since we implimented 2.1 schema
* Add some additional node info stuff
* Add nodeinfo endpoint
* dont commit stuff from my local dev
* consistant naming since we implimented 2.1 schema
* expanding this to include federation info
* codeclimate feedback
* CC feedback
* using activeserializers seems like a good idea...
* get rid of draft 2.1 version
* Reimplement 2.1, also fix metaData -> metadata
* Fix metaData -> metadata here too
* Fix nodeinfo 2.1 tests
* Implement cache for monthly user aggregate
* Useless
* Remove ostatus from the list of supported protocols
* Fix nodeinfo's open_registration reading obsolete setting variable
* Only serialize domain blocks with user-facing limitations
* Do not needlessly list noop severity in nodeinfo
* Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone
* Enable caching for nodeinfo endpoints
* Fix rendering nodeinfo
* CodeClimate fixes
* Please CodeClimate
* Change InstancePresenter#active_user_count_months for clarity
* Refactor NodeInfoSerializer#metadata
* Remove nodeinfo 2.1 support as the schema doesn't exist
* Clean-up
|
|
|
|
up using `fangs`/`op` bangtag or toggling defang setting in profile; auto-defang after 15 mins or with `defang`/`deop` bangtag
|
|
env var, default to 10
|
|
(@ambassador@monsterpit.net) within monsterfork itself
|
|
|
|
`reject_unknown`/graylist mode caveats
|
|
auto-trusted in graylist mode + give options better descriptions
|
|
federation should be
|
|
|
|
|
|
enabling greylist federation also enable secure mode
|
|
make default
|
|
Fixes #1276
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
requests from accounts you've never interacted with before; default to off
|
|
|
|
non-technical users
|
|
options to defederate and/or delete past posts + add `defed_in`/`parent:defed_in`/`thread:defed_in` bangtags + ui indicator for posts marked for auto-defederation
|
|
beyond local followers, default to 90 days
|
|
`full` - if this gives your app indigestion change it to back to `basic` in preferences
|
|
filter logic + caching bugs
|
|
|
|
|
|
|
|
When authenticating via OAuth, the resource owner password grant
strategy is allowed by Mastodon, but (without this PR), it does not
attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM
authenticated users cannot sign in to Mastodon with their
email/password credentials via OAuth (for instance, for native/mobile
app users).
This PR fleshes out the authentication strategy supplied to doorkeeper
in its initializer by looking up the user with LDAP and/or PAM when
devise is configured to use LDAP/PAM backends. It attempts to follow the
same logic as the Auth::SessionsController for handling email/password
credentials.
Note #1: Since this pull request affects an initializer, it's unclear
how to add test automation.
Note #2: The PAM authentication path has not been manually tested. It
was added for completeness sake, and it is hoped that it can be manually
tested before merging.
|
|
|
|
|
|
|
|
across all timelines - works in all client apps
|
|
|
|
|
