Age | Commit message (Collapse) | Author |
|
* Check that an invite link is valid before bypassing approval mode
Fixes #10656
* Add tests
* Only consider valid invite links in registration controller
* fixup
|
|
* compare usernames case-insensitively on new proof creation flow
* Fix code style issue
|
|
* Refactor imports
* Export show_reblogs when exporting list of followed users
* Add support for importing show_reblogs with following collection
* Fix tests
|
|
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)"
This reverts commit 120544067fcca4bf6e71ba1ffb276c451c17c656.
* Revert "Hide blocking accounts from blocked users (#10442)"
This reverts commit 62bafa20a112ccdddaedb25723fc819dbbcd8e9a.
* Improve blocked view of profiles
- Change "You are blocked" to "Profile unavailable"
- Hide following/followers in API when blocked
- Disable follow button and show "Profile unavailable" on public profile as well
|
|
* Export hide_notifications along with user mutes
* Import hide_notifications along with muted users list
* Add headers for CSV exports
|
|
* Revert "Add indication that you have been blocked in web UI (#10420)"
This reverts commit bd02ec6daa974dcd3231e73826a56e08dbeedadc.
* Revert "Add `blocked_by` relationship to the REST API (#10373)"
This reverts commit 9745de883b198375ba23f7fde879f6d75ce2df0f.
* Hide blocking accounts from search results
* Filter blocking accouts from account followers
* Filter blocking accouts from account's following accounts
* Filter blocking accounts from “reblogged by” and “favourited by” lists
* Remove blocking account from URL search
* Return 410 on trying to fetch user data from a user who blocked us
* Return 410 in /api/v1/account/statuses for suspended or blocking accounts
* Fix status filtering when performing URL search
* Restore some React improvements
Restore some cleanup from bd02ec6daa974dcd3231e73826a56e08dbeedadc
* Refactor by adding `without_blocking` scope
|
|
|
|
* Add validations to admin settings
- Validate correct HTML markup
- Validate presence of contact username & e-mail
- Validate that all usernames are valid
- Validate that enums have expected values
* Fix code style issue
* Fix tests
|
|
|
|
* create account_identity_proofs table
* add endpoint for keybase to check local proofs
* add async task to update validity and liveness of proofs from keybase
* first pass keybase proof CRUD
* second pass keybase proof creation
* clean up proof list and add badges
* add avatar url to keybase api
* Always highlight the “Identity Proofs” navigation item when interacting with proofs.
* Update translations.
* Add profile URL.
* Reorder proofs.
* Add proofs to bio.
* Update settings/identity_proofs front-end.
* Use `link_to`.
* Only encode query params if they exist.
URLs without params had a trailing `?`.
* Only show live proofs.
* change valid to active in proof list and update liveness before displaying
* minor fixes
* add keybase config at well-known path
* extremely naive feature flagging off the identity proof UI
* fixes for rubocop
* make identity proofs page resilient to potential keybase issues
* normalize i18n
* tweaks for brakeman
* remove two unused translations
* cleanup and add more localizations
* make keybase_contacts an admin setting
* fix ExternalProofService my_domain
* use Addressable::URI in identity proofs
* use active model serializer for keybase proof config
* more cleanup of keybase proof config
* rename proof is_valid and is_live to proof_valid and proof_live
* cleanup
* assorted tweaks for more robust communication with keybase
* Clean up
* Small fixes
* Display verified identity identically to verified links
* Clean up unused CSS
* Add caching for Keybase avatar URLs
* Remove keybase_contacts setting
|
|
|
|
Fix #6856
Fix #6951
|
|
* Add polls
Fix #1629
* Add tests
* Fixes
* Change API for creating polls
* Use name instead of content for votes
* Remove poll validation for remote polls
* Add polls to public pages
* When updating the poll, update options just in case they were changed
* Fix public pages showing both poll and other media
|
|
|
|
* Not to skip executable specs
* Combine specs
Combine specs to one to reduce multiple slow http post.
|
|
|
|
Fix #340
|
|
* Add REST API for creating an account
The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.
The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.
The method is rate-limited by IP to 5 requests per 30 minutes.
* Redirect users back to app from confirmation if they were created with an app
* Add tests
* Return 403 on the method if registrations are not open
* Require agreement param to be true in the API when creating an account
|
|
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Error message for avatar image that's too large. #9204
* Code climate/formatting
* Removed avatar error message
* Moved valid image dimentions check to update service
* removed unnescessary begin block
* code climate formatting
* code climate indent fix
|
|
|
|
* Add specs for ActivityPub::CollectionsController#show
* Raise ActiveRecord::RecordNotFound
Raising ActiveRecord::NotFound raises NameError: uninitialized constant
ActiveRecord::NotFound.
|
|
|
|
|
|
|
|
|
|
* Add test that should currently fail
* Fix depth computation (will still fail if statuses have been filtered out)
* Fix handling of broken threads
|
|
* Improve overview of accounts in admin UI
- Display suspended status, role, last activity and IP prominently
- Default to showing local accounts
- Default to not showing suspended accounts
* Remove unused strings
* Fix tests
* Allow filtering accounts by IP mask
|
|
* Eliminate extra accounts select query from FollowService
* Optimistically update follow state in web UI and hide loading bar
Fix #6205
* Asynchronize NotifyService in FollowService
And fix failing test
* Skip Webfinger resolve routine when called from FollowService if possible
If an account is ActivityPub, then webfinger re-resolving is not necessary
when called from FollowService. Improve options of ResolveAccountService
|
|
and use 'if' option of context block
|
|
* Do not test PAM authentication by default
* Disable PAM tests if PAM is not enabled
|
|
* Downcase signed_headers string before building the signed string
The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.
Thankfully, I don't know of any such client.
* Revert "Remove dead code (#8919)"
This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb.
* Restore time window checking, change it to 12 hours
By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.
* Escape users' URLs when formatting them
Fixes possible HTML injection
* Escape all string interpolations in Formatter class
Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls
* Fix code style issues
|
|
* cleanup pass
* undo mistakes
* fixed.
* revert
|
|
* Add conversations API
* Add web UI for conversations
* Add test for conversations API
* Add tests for ConversationAccount
* Improve web UI
* Rename ConversationAccount to AccountConversation
* Remove conversations on block and mute
* Change last_status_id to be a denormalization of status_ids
* Add optimistic locking
|
|
* Code quality pass
* Typofix
* Update applications_controller_spec.rb
* Update applications_controller_spec.rb
|
|
|
|
|
|
* Allow min_id pagination in Feed#get
* Add min_id pagination to home and list timeline APIs
* Add min_id pagination to account statuses, public and tag APIs
* Remove unused stub in reports API
* Use min_id pagination in notifications, favourites, and fix order
* Fix HomeFeed#from_database not using paginate_by_id
|
|
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
|
|
* Add force_login option to OAuth authorize page
For when a user needs to sign into an app from multiple accounts
on the same server
* When logging out from modal header, redirect back after re-login
|
|
Fixes #8463
|