about summary refs log tree commit diff
path: root/db
AgeCommit message (Collapse)Author
2020-09-15Change account suspensions to be reversible by default (#14726)Eugen Rochko
2020-09-01Add configuration option to filter replies in lists (#9205)ThibG
* Add database support for list show-reply preferences * Add backend support to read and update list-specific show_replies settings * Add basic UI to set list replies setting * Add specs for list replies policy * Switch "cycling" reply policy link to a set of radio inputs * Capitalize replies_policy strings * Change radio button design to be consistent with that of the directory explorer
2020-08-24Add WebAuthn as an alternative 2FA method (#14466)santiagorodriguez96
* feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-07-08Fix RemoveDuplicatedIndexesPghero to check for the existence of the index ↵Takeshi Umeda
(#14259)
2020-07-07Fix media attachments enumeration (#14254)Eugen Rochko
* Fix media attachment enumeration * Switch media_attachments id to snowflake ids Co-authored-by: Thibaut Girka <thib@sitedethib.com>
2020-06-30Add user notes on accounts (#14148)ThibG
* Add UserNote model * Add UI for user notes * Put comment in relationships entity * Add API to create user notes * Copy user notes to new account when receiving a Move activity * Address some of the review remarks * Replace modal by inline edition * Please CodeClimate * Button design changes * Change design again * Cancel note edition when pressing Escape * Fixes * Tweak design again * Move “Add note” item, and allow users to add notes to themselves * Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
2020-06-29Add customizable thumbnails for audio and video attachments (#14145)Eugen Rochko
- Change audio files to not be stripped of metadata - Automatically extract cover art from audio if it exists - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id` - Add `icon` to represent it in attachments in ActivityPub - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null - Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-25remove duplicated indexes according to pghero (#13695)Lerk
2020-06-21Fix unique username constraint for local users not being enforced in ↵ThibG
database (#14099) This should not be an issue in practice because of the Rails-level uniqueness check, but local accounts having a NULL domain means the uniqueness constraint did not apply to them (since no two NULL values are considered equal).
2020-06-09Add e-mail-based sign in challenge for users with disabled 2FA (#14013)Eugen Rochko
2020-06-05Add blurhash to preview cards (#13984)ThibG
Fixes #13001
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-05-10Reset secret of web app that could have been exposed by Doorkeeper (#13688)Eugen Rochko
There are no obvious ways it could be misused, as the secret is not really used for anything, but it is best to secure it for the future Follow-up to #13613
2020-05-09Fix old unique jobs digests not having been cleaned up (#13683)Eugen Rochko
2020-05-08Fix migrations failing due to strong-migrations update (#13680)Eugen Rochko
2020-04-26Add separate cache directory for non-local uploads (#12821)Eugen Rochko
2020-04-16Fix migration 20200407202420_migrate_unavailable_inboxes (#13481)Takeshi Umeda
2020-04-15Change delivery failure tracking to work with hostnames instead of URLs (#13437)Eugen Rochko
2020-04-05Fix PostgreSQL load when linking in announcements (#13250)ThibG
* Fix PostgreSQL load when linking in announcements Fixes #13245 by caching status lookups Since statuses are supposed to be known already and we only need their URLs and a few other things, caching them should be fine. Since it's only used by announcements so far, there won't be much statuses to cache. * Perform status lookup when saving announcements, not when rendering them * Change EntityCache#status to fetch URLs instead of looking into the database * Move announcement link lookup to publishing worker * Address issues pointed out during review
2020-03-12Add option to include resolved DNS records when blacklisting e-mail domains ↵Eugen Rochko
in admin UI (#13254) * Add shortcuts to blacklist a user's e-mail domain in admin UI * Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12Add titles to warning presets in admin UI (#13252)Eugen Rochko
2020-03-09Add federation support for the "hide network" preference (#11673)ThibG
* Change ActivityPub follower/following collections to not link first page * Add support for hiding followers and following of remote users * Switch to using a single `hide_collections` column * Address code style remarks
2020-03-08Change local media attachments to perform heavy processing asynchronously ↵Eugen Rochko
(#13210) Fix #9106
2020-01-27Fix interactive delays in database migrations with no TTY (#12969)Eugen Rochko
Fix #12587
2020-01-26Fix expired announcements being re-published (#12964)Eugen Rochko
2020-01-23Add announcements (#12662)Eugen Rochko
* Add announcements Fix #11006 * Add reactions to announcements * Add admin UI for announcements * Add unit tests * Fix issues - Add `with_dismissed` param to announcements API - Fix end date not being formatted when time range is given - Fix announcement delete causing reactions to send streaming updates - Fix announcements container growing too wide and mascot too small - Fix `all_day` being settable when no time range is given - Change text "Update" to "Announcement" * Fix scheduler unpublishing announcements before they are due * Fix filter params not being passed to announcements filter
2020-01-21Fix slow query of federated timeline (#12886)notozeki
2020-01-11Fix old migrations failing because of strong_migrations update (#12787)ThibG
Fixes #12768 Some migrations were overlooked in #12692
2019-12-29Fix old migrations failing because of strong_migrations update (#12692)ThibG
Fixes #12690 The `strong_migrations` update from ba2eac8824a85aa9541f8070ed7bcd22b9982cc8 introduced a check for `change_column_null` specific to Postgres. This rejects old migrations. This commit just wraps old migrations with `safety_assured` to bypass this check. Alternatives would have been to: - Disable that check entirely (a possibility added in that same `strong_migrations` version) for Mastodon, but it makes sense to write new migrations without such a strong lock. - Rewrite the old migrations to do it in a way that do not require an exclusive lock. I thought fixing those old migrations for performance wasn't worth the pain. Also, if I understand correctly, the next version of `strong_migrations` is going to include a helper to do that. We could update those migrations at that point.
2019-12-18Fix unsafe column type change in migration (#12653)Eugen Rochko
2019-12-17Increase max backup size (#12602)scd31
* Increased max backup size * partially reverted schema.rb
2019-12-04Fix old migration failing with new status default scope (#12493)ThibG
2019-11-13Add bookmarks (#7107)ThibG
* Add backend support for bookmarks Bookmarks behave like favourites, except they aren't shared with other users and do not have an associated counter. * Add spec for bookmark endpoints * Add front-end support for bookmarks * Introduce OAuth scopes for bookmarks * Add bookmarks to archive takeout * Fix migration * Coding style fixes * Fix rebase issue * Update bookmarked_statuses to latest UI changes * Update bookmark actions to properly reflect status changes in state * Add bookmarks item to single-column layout * Make active bookmarks red
2019-11-04Add abilityto add oneself to lists (#12271)ThibG
* Add ability to add oneself to lists * Change search results to include oneself when searching through followers * Mark follow relation as optional in ListAccount
2019-10-07Fix old migration trying to use new column due to default status scope (#12095)Eugen Rochko
Fix #12087
2019-10-07Fix existing user records with now-renamed `pt` locale (#12092)Eugen Rochko
Fix #12082
2019-10-02Fix account counters being overwritten by parallel writes (#12045)Eugen Rochko
2019-09-29Add voters count support (#11917)ThibG
* Add voters count to polls * Add ActivityPub serialization and parsing of voters count * Add support for voters count in WebUI * Move incrementation of voters count out of redis lock * Reword “voters” to “people”
2019-09-28Fix older migrations not working due to new default scope (#11983)Eugen Rochko
Fix #11952, regression from #11623
2019-09-27Validate Web::PushSubscription (#11971)abcang
2019-09-19Add account migration UI (#11846)Eugen Rochko
Fix #10736 - Change data export to be available for non-functional accounts - Change non-functional accounts to include redirecting accounts
2019-09-18Add users remember_token index (#11881)abcang
2019-09-06Add timeline read markers API (#11762)Eugen Rochko
Fix #4093
2019-09-02Change trending hashtags to not disappear instantly after midnight (#11712)Eugen Rochko
2019-08-24Fix slow local timeline query (#11648)Eugen Rochko
Fix #11643
2019-08-22Add soft delete for statuses for instant deletes through API (#11623)Eugen Rochko
* Add soft delete for statuses to allow them to appear instant * Allow reporting soft-deleted statuses and show them in the admin UI * Change index for getting an account's statuses
2019-08-19Add invite comments (#10465)ThibG
2019-08-18Add more accurate hashtag search (#11579)Eugen Rochko
* Add more accurate hashtag search Using ElasticSearch to index hashtags with edge n-grams and score them by usage within the last 7 days since last activity. Only hashtags that have been reviewed and are listable can appear in searches, unless they match the query exactly * Fix search analyzer dropping non-ascii characters
2019-08-07Add domain block notes (#11515)ThibG
* Add database columns for adding notes to domain blocks/restrctions * Add admin UI to set private and public comments when blocking a domain * Add text for private and public comments on domain blocks * Show domain block comments in admin UI * Add comments to the domain block undo page * Make UnblockDomainService more robust regarding upgraded domain blocks * Allow editing domain blocks * Rename button from “undo domain block” to “view domain block” in account admin UI * Change test to unsilence silenced users from upgraded blocks
2019-08-05Change admin UI for hashtags and add back whitelisted trends (#11490)Eugen Rochko
Fix #271 Add back the `GET /api/v1/trends` API with the caveat that it does not return tags that have not been allowed to trend by the staff. When a hashtag begins to trend (internally) and that hashtag has not been previously reviewed by the staff, the staff is notified. The new admin UI for hashtags allows filtering hashtags by where they are used (e.g. in the profile directory), whether they have been reviewed or are pending reviewal, they show by how many people the hashtag is used in the directory, how many people used it today, how many statuses with it have been created today, and it allows fixing the name of the hashtag to make it more readable. The disallowed hashtags feature has been reworked. It is now controlled from the admin UI for hashtags instead of from the file `config/settings.yml`