Age | Commit message (Collapse) | Author |
|
* Add spec coverage for settings/two_factor_auth area
* extract setup method for qr code
* Move otp required check to before action
* Merge method only used once
* Remove duplicate view
* Consolidate creation of @codes for backup
* Move settings/2fq#recovery_codes to settings/recovery_codes#create
* Rename settings/two_factor_auth#disable to #destroy
* Add coverage for the otp required path on 2fa#show
* Clean up the recovery codes list styles
* Move settings/two_factor_auth to settings/two_factor_authentication
* Reorganize the settings two factor auth area
Updated to use a flow like:
- settings/two_factor_authentication goes to a #show view which has a button
either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
codes
- that create action shares a view with a recovery codes controller which can be
used separately to reset codes if needed
|
|
* Add user spec for settings, highlight global default mutation issue
* Fix mutation issue caused by settings/preferences spec
|
|
* Add missing fields group on preferences page
* Clean up settings/preferences controller
* Extract a UserSettingsDecorator
|
|
* Add render_views for admin/settings spec
* Add coverage for admin/settings#update
* Add coverage for admin/settings typecasting open_registrations setting
* Simplify how admin/settings finds the value for updating
* Rely on activerecord to not update a value that hasnt changed
* Add coverage for non-existent setting
* Use a constant for boolean settings
|
|
|
|
* Add routing specs for accounts followers and following actions
* Use more restful route naming for public account follow pages
Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index
Adds routing spec to ensure prior URLs are preserved.
|
|
|
|
* Add admin/instances index action
* Add link to instances admin page
* View lists instances
* Instances, grouped by domain, ordered by count
* Use Account.remote scope
* Extract method: Account.by_domain_accounts
|
|
* Add spec for media controller
* Add MediaAttachment.attached scope
* Simplify methods in media controller
|
|
|
|
|
|
* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes #563 and fixes #987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
|
|
* Simplify admin/reports controller filtering for index
* Rename parameter to resolved
* Fix issue where reports view could not access filter_link_to
* Add coverage for admin/reports controller
* DRY up resolution of related reports for target account
* Clean up admin/reports routes
* Add Report#statuses method
* DRY up current account action taken params
* Rubocop styles
|
|
* Add request spec for host meta route returning xml
* Add routing spec for xrd routes
* Update well-known routes
* Move webfinger and host-meta actions to their own controllers
|
|
* Remove unused account_params method in admin/accounts controller
* Introduce AccountFilter to find accounts
* Use AccountFilter in admin/accounts controller
* Use more restful routes admin silence and suspension area
* Add admin/silences and admin/suspensions controllers
|
|
* Refactor Export to take an account and know about the export types
* Use Export instance in settings/exports#show
|
|
* Allow export of mutes list
* Allow importing of mutes list
* Refactor to use Settings::Exports::BaseController and DRY up exports code
|
|
* Add coverage for embedded status view
* Refactor embed view to eliminate @external_links variable
|
|
|
|
The spec was checking the activity_id of the activities held in notifications
within the controller.
Because the activities are different models, it is possible that they are
created with the same database IDs, and when they are this spec fails because an
activity which should not count as a match is counted as one.
|
|
* Add basic coverage for settings/exports controller
* Remove unused @account variable from settings/exports controller
* Add coverage for download export actions
* Remove deprecated `render :text` in favor of `send_data` for csv downloads
* Add model to handle exports
* Use Export class in settings/exports controller
* Simplify settings/exports controller methods
* Move settings/export to more restful routes
|
|
* Add spec for settings/imports controller
* Add failing spec for settings/imports#create
* Fix broken imports
* Refactor ImportWorker
|
|
* Add exclude_types param to /api/v1/notifications
* Exclude notification types in web UI through exclude_types in the API
|
|
* Consolidate webfinger string creation under Account#to_webfinger_s
* Introduce Account#local_username_and_domain for consolidation
|
|
* Add Admin::BaseController to wrap admin area
Extracts the setting of the `admin` layout and verifying that users are admins
to a common base class for the admin/ controllers.
* Add basic coverage for admin/reports and admin/settings controllers
|
|
|
|
* Allow users to update their Account in the API
It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.
Signed-off-by: David Celis <me@davidcel.is>
* Add /api/v1/accounts/update_credentials to the API docs
Signed-off-by: David Celis <me@davidcel.is>
|
|
* Add InstancePresenter to expose site details
* Clean up about controller, use instance presenter
|
|
|
|
|
|
|
|
if account lock info was up to date, otherwise re-do the FollowService
with now updated information
|
|
Expose ActivityStreams 2.0 representation of accounts
|
|
|
|
|
|
redis-backed "mentions" timeline as redundant (given notifications)
|
|
|
|
|
|
application website validation, don't link to app website if website isn't set,
also comment out animated boost icon from #464 until it's consistent with non-animated version
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
|
|
removing web app capability from non-webapp pages
|
|
|