Age | Commit message (Collapse) | Author |
|
* Add force_login option to OAuth authorize page
For when a user needs to sign into an app from multiple accounts
on the same server
* When logging out from modal header, redirect back after re-login
|
|
CSFR-prevention is already implemented but adding this doesn't hurt.
A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
|
|
If an unresolved report for the same target account already exists,
no new notification is generated
|
|
Add tests to avoid similar issues in the future
|
|
* Add animate custom emoji param to embed pages
* Rename param, use it for avatars and gifs
* Fix issues pointed by codeclimate and breaking test
* Ignore brakeman warning
|
|
Host can be nil in urls like
'https:https://example.com/path/file.png'
|
|
updates some "context" and "it" lines to have clearer explanations
updates "context" lines to properly describe function input, and "it" lines to describe results
|
|
* Add missing specs for relay accept/reject
* Display pending message on admin relays UI
|
|
Fixes #8463
|
|
Add forgotten custom CSS admin setting strings
|
|
* Allow moderators to disable/enable login
* Instead of rejecting login, show forbidden error when login disabled
Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.
* Fix tests
|
|
panel (#7092) (#8381)
* Add default_settings class method to ScopedSettings
ScopedSettings was extended to use value of unscoped setting instead of
only using defaults set in config/settings.yml for selected settings.
This adds possibility for admins to set default values of users' settings,
for example default theme (as requested in #7092).
* Add ability to change an instance default theme
Closes #7092
|
|
* Fix URI not being sufficiently validated with prefetched JSON
* Add additional id validation to OStatus documents, when possible
|
|
|
|
* Add confirmation page for suspensions
* Suspension confirmation closes reports, linked from report UI
* Fix tests
|
|
Fix #7316
|
|
|
|
* Add remote interaction dialog for toots
* Change AuthorizeFollow into AuthorizeInteraction, support statuses
* Update brakeman.ignore
* Adjust how interaction buttons are display on public pages
* Fix tests
|
|
* Add Follow#revoke_request!
* Implement Undo { Accept { Follow } } (fixes #8234)
|
|
* Allow accessing local private/DM messages by URL
(Provided the user pasting the URL is authorized to see the toot, obviously)
* Fix SearchServiceSpec tests
|
|
* Show exact number of followers/statuses on export page/in tooltip
* Fix tests
|
|
* Move status counters to separate table, count replies
* Migration to remove old counter columns from statuses table
* Fix schema file
|
|
* Update Rails
* fix Update Rails
|
|
|
|
|
|
* Add separate setting for sidebar text (site_short_description)
* Fix tests
|
|
* Compensate for scrollbar disappearing when media modal visible
Make auth pages backgrounds lighter
* Fix typo
|
|
Initially I thought there might be valid reasons for remote users to
have a different, unpredicted username format. However, I now realize
such a difference would be unusable and unexpected within Mastodon.
Fix #8058
|
|
|
|
To improve the way super tall or super ride images are treated, the
numbers remain the same, 1280x1280 and 400x400, but if an image
is less in one dimension than the other, the other can become larger
Thanks to @WAHa_06x36@mastodon.social for the tip
|
|
|
|
If the input text is blank after preparation (only mention, or
only URL, or empty as in a media post), then use nil as language,
since it's OK to show to everyone.
Otherwise, always fall back to the server's default locale
|
|
* Add federation relay support
* Add admin UI for managing relays
* Include actor on relay-related activities
* Fix i18n
|
|
(#7975)
* Add option to not consider word boundaries when filtering phrases
* Add a few tests for keyword/phrase filtering
|
|
Fix #7926
|
|
* Add more granular OAuth scopes
* Add human-readable descriptions of the new scopes
* Ensure new scopes look good on the app UI
* Add tests
* Group scopes in screen and color-code dangerous ones
* Fix wrong extra scope
|
|
* Re-add follow recommendations API
GET /api/v1/suggestions
Removed in 8efa081f210d72ed450c39ac4cde0fd84fb3d3fb due to Neo4J
dependency. The algorithm uses triadic closures, takes into account
suspensions, blocks, mutes, domain blocks, excludes locked and moved
accounts, and prefers more recently updated accounts.
* Track interactions with people you don't follow
Replying to, favouriting and reblogging someone you're not following
will make them show up in follow recommendations. The interactions
have different weights:
- Replying is 1
- Favouriting is 10 (decidedly positive interaction, but private)
- Reblogging is 20
Following them, muting or blocking will remove them from the list,
obviously.
* Remove triadic closures, ensure potential friendships are trimmed
|
|
* Add keyword filtering
GET|POST /api/v1/filters
GET|PUT|DELETE /api/v1/filters/:id
- Irreversible filters can drop toots from home or notifications
- Other filters can hide toots through the client app
- Filters use a phrase valid in particular contexts, expiration
* Make sure expired filters don't get applied client-side
* Add missing API methods
* Remove "regex filter" from column settings
* Add tests
* Add test for FeedManager
* Add CustomFilter test
* Add UI for managing filters
* Add streaming API event to allow syncing filters
* Fix tests
|
|
|
|
|
|
|
|
* Switch filtered_languages to chosen_languages
* Adjust interface
* Remove unused translations
|
|
|
|
|
|
|
|
|
|
* Send rejections to followers when user hides domain they're on
* Use account domain blocks for "authorized followers" action
Replace soft-blocking (block & unblock) behaviour with follow rejection
* Split sync and async work of account domain blocking
Do not create domain block when removing followers by domain, that
is probably unexpected from the user's perspective.
* Adjust confirmation message for domain block
* yarn manage:translations
|
|
|
|
* Small refactoring of status_finder_spec
* Add tests for embeds_controller
|
|
|