Commit graph

1545 commits

Author SHA1 Message Date
Emelia Smith
e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 2023-08-02 19:32:48 +02:00
Christian Schmidt
ca342d4838
Add List-Unsubscribe email header (#26085) 2023-08-01 19:34:40 +02:00
Claire
6c39125761
Change /api/v1/peers/search to be case-insensitive when using Elasticsearch (#26268) 2023-08-01 14:52:32 +02:00
Misty De Méo
12a6cf569e
Storage: add :azure to remaining callers (#26080) 2023-07-27 16:13:45 +02:00
Claire
b4e739ff0f
Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-27 16:11:17 +02:00
Matt Jankowski
50ff3d3342
Coverage for Auth::OmniauthCallbacks controller (#26147) 2023-07-25 09:46:57 +02:00
Claire
b629e21515
Fix unexpected redirection to /explore after sign-in (#26143) 2023-07-24 16:06:32 +02:00
Christian Schmidt
4c18928a93
Wrong count in response when removing favourite/reblog (#24365)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-19 09:02:30 +02:00
Claire
943f27f437
Remove unfollowed hashtag posts from home feed (#26028) 2023-07-17 13:56:28 +02:00
Claire
41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 15:53:03 +02:00
Eugen Rochko
8d0c69529a
Change markers API to use a replica (#25851) 2023-07-12 18:57:40 +02:00
Eugen Rochko
fdc3ff7c2d
Change notifications API to use a replica (#25874) 2023-07-12 17:06:00 +02:00
Matt Jankowski
2e1391fdd2
Fix Naming/MemoizedInstanceVariableName cop (#25928) 2023-07-12 10:08:51 +02:00
Matt Jankowski
5134fc65e2
Fix Naming/AccessorMethodName cop (#25924) 2023-07-12 10:03:19 +02:00
Claire
c27b82a437
Add forward_to_domains parameter to POST /api/v1/reports (#25866) 2023-07-10 18:26:56 +02:00
Kurtis Rainbolt-Greene
e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter (#25693)
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
2023-07-08 19:45:36 +02:00
Daniel M Brasil
383c00819c
Fix /api/v2/search not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Claire
e6a8faae81
Add users index on unconfirmed_email (#25672) 2023-07-02 19:41:35 +02:00
Claire
180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2023-07-02 16:08:58 +02:00
Daniel M Brasil
4fe2d7cb59
Fix HTTP 500 in /api/v1/emails/check_confirmation (#25595) 2023-07-02 00:05:44 +02:00
Matt Jankowski
683ba5ecb1
Fix rails rewhere deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
Claire
1d622c8033
Add POST /api/v1/conversations/:id/unread (#25509) 2023-06-22 18:46:43 +02:00
Claire
a5b6f6da80
Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-06-22 14:56:14 +02:00
Claire
602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00
Claire
fd23f50243
Fix wrong view being displayed when a webhook fails validation (#25464) 2023-06-20 18:15:35 +02:00
Daniel M Brasil
b9bc9d0bda
Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-06-19 08:53:05 +02:00
Eugen Rochko
f20698000f
Fix always redirecting to onboarding in web UI (#25396) 2023-06-14 09:05:03 +02:00
Claire
ec59166844
Fix ArgumentError when loading newer Private Mentions (#25399) 2023-06-14 08:54:52 +02:00
Eugen Rochko
bca649ba79
Change edit profile page (#25413) 2023-06-14 04:38:07 +02:00
Eugen Rochko
39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow (#25395) 2023-06-13 22:30:40 +02:00
Eugen Rochko
6637ef7852
Add unsubscribe link to e-mails (#25378) 2023-06-12 14:22:46 +02:00
Eugen Rochko
4c9406bdb0
Add time zone preference (#25342) 2023-06-10 03:29:37 +02:00
Matt Jankowski
75e299f440
Remove unused redis_info method Admin::Dashboard (#25345) 2023-06-09 14:03:35 +02:00
Eugen Rochko
4eda233e09
Add webhook templating (#23289)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 10:42:47 +02:00
Darius Kazemi
bacb674921
Add exclusive lists (#22048)
Co-authored-by: Liam Cooke <liam@liamcooke.com>
Co-authored-by: John Holdun <john@johnholdun.com>
Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Lina Reyne <git@lina.pizza>
Co-authored-by: Lina <20880695+necropolina@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-05 09:37:02 +02:00
Matt Jankowski
0daf78f903
Add allow_other_host: true to backups controller (#25266) 2023-06-05 08:22:03 +02:00
Claire
8884d1ece0
Add support for importing lists (#25203) 2023-06-01 14:47:31 +02:00
Claire
e9385e93e9
Add a confirmation screen when suspending a domain (#25144) 2023-06-01 09:37:38 +02:00
Claire
2b45fecde1
Fix multiple N+1s in ConversationsController (#25134) 2023-06-01 02:41:51 +02:00
Claire
9017df7178
Remove dead code in Api::V1::FeaturedTagsController (#25073) 2023-05-23 14:27:37 +02:00
Claire
fea0830614
Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-05-23 14:27:17 +02:00
Daniel M Brasil
785e650ab4
Fix uncaught TypeError in POST /api/v1/featured_tags (#25072)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-05-22 19:14:54 +02:00
Daniel M Brasil
45d98959ac
Fix uncaught NoMethodError in POST /api/v1/featured_tags (#25063) 2023-05-22 18:11:28 +02:00
Claire
e13d2edd47
Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-05-22 14:03:38 +02:00
Daniel M Brasil
ce8b5899ae
Fix POST /api/v1/admin/domain_allows returning 200 when no domain is specified (#24958) 2023-05-22 13:44:49 +02:00
Frankie Roberto
36a77748b4
Order sessions by most-recent to least-recently updated (#25005) 2023-05-22 11:40:00 +02:00
Claire
45ba9ada34
Fix race condition when reblogging a status (#25016) 2023-05-17 00:09:21 +02:00
Claire
bec6a1cad4
Add hCaptcha support (#25019) 2023-05-16 23:27:35 +02:00
Claire
e60414792d
Add polling and automatic redirection to /start on email confirmation (#25013) 2023-05-16 18:03:52 +02:00
Daniel M Brasil
433ab0c9a3
Fix uncaught NoMethodError error in /api/v1/admin/canonical_email_blocks/test (#24947)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-05-12 13:46:16 +02:00
zunda
c0ea33e3fc
Make it possible to upload audio and video to Heroku app (#24866) 2023-05-05 14:41:07 +02:00
Nick Schonning
569b39256b
Bump rubocop-rails 2.19.1 with update .rubocop_todo.yml (#24469) 2023-05-04 11:56:24 +02:00
Nick Schonning
d5a185d721
Autofix Rubocop Style/CaseLikeIf (#23756) 2023-05-04 05:51:18 +02:00
Matt Jankowski
08fb9d300a
Spec coverage for settings/preferences/* controllers (#24825) 2023-05-04 05:44:27 +02:00
Matt Jankowski
668a19a2f3
Fix Performance/DeletePrefix cop (#24796) 2023-05-02 21:07:45 +02:00
Matt Jankowski
f1c1dd0118
Rename with_lock to with_redis_lock to avoid confusion with ActiveRecord's method (#24741) 2023-05-02 18:16:07 +02:00
Claire
9189e90ff2
Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (#23600)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-05-02 17:42:42 +02:00
Claire
32a030dd74
Rewrite import feature (#21054) 2023-05-02 12:08:48 +02:00
Matt Jankowski
6e226f5a32
Fix Rails/ActionOrder cop (#24692) 2023-04-30 06:46:39 +02:00
Claire
faa336e3f7
Change logged-out WebUI HTML pages to be cached for a few seconds (#24708) 2023-04-28 10:27:26 +02:00
Claire
1c61869eed
Fix /api/v1/custom_emojis being cached even when unauthenticated API access is disallowed (#24665) 2023-04-28 10:01:38 +02:00
Claire
b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662) 2023-04-26 11:42:47 +02:00
Claire
62ab7506d6
Fix /actor needlessly reading session cookie and varying on Signature (#24664) 2023-04-26 11:42:26 +02:00
Claire
1419f90ef2
Fix some user-independent endpoints potentially reading session cookies (#24650) 2023-04-25 22:14:44 +02:00
Claire
276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584) 2023-04-25 16:51:38 +02:00
Eugen Rochko
6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2023-04-25 15:41:34 +02:00
Claire
e9a79d46cd
Fix crash when SSO_ACCOUNT_SETTINGS is not defined (#24628) 2023-04-24 20:26:04 +02:00
Matt Jankowski
0a5f0a8b20
Remove instance variables from helper usage (#24203) 2023-04-23 22:35:54 +02:00
Claire
58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2023-04-23 22:27:24 +02:00
Eugen Rochko
e98c86050a
Refactor Cache-Control and Vary definitions (#24347) 2023-04-19 16:07:29 +02:00
Robert R George
4db8230194
Add trend management to admin API (#24257) 2023-04-18 11:33:30 +02:00
Eugen Rochko
e5c0b16735
Add progress indicator to sign-up flow (#24545) 2023-04-16 07:01:24 +02:00
Matt Jankowski
d193bc8c5c
Remove unused methods in 2FA OTP Auth Controller (#24220) 2023-04-07 14:13:53 +02:00
Claire
9d08b81193
Fix user archive takeouts when using OpenStack Swift (#24431) 2023-04-05 19:31:49 +02:00
Claire
280fa3b2c0
Fix invalid/expired invites being processed on sign-up (#24337) 2023-03-31 21:42:28 +02:00
Eugen Rochko
a9b5598c97
Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire
e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-03-27 17:07:37 +02:00
Matt Jankowski
0663803348
Move link header setting to after_action (#24251) 2023-03-26 00:40:01 +01:00
Matt Jankowski
e633b26f4f
Add allow_other_host in redirects which may go outside app (#24252) 2023-03-26 00:38:32 +01:00
Claire
2626097869
Fix Rails cache namespace being overriden with v2 for cached statuses (#24202) 2023-03-22 15:47:44 +01:00
Matt Jankowski
7bef11630d
Remove references to non-existent actions (#24183) 2023-03-20 20:03:44 +01:00
Jean byroot Boussier
160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-17 14:37:30 +01:00
CSDUMMI
d75a1e5054
Link to the Identity provider's account settings from the account settings (#24100)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-17 10:09:01 +01:00
Eugen Rochko
75e5a6e437
Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:46:52 +01:00
Christian Schmidt
bd047acc35
Replace Status#translatable? with language matrix in separate endpoint (#24037) 2023-03-16 11:07:24 +01:00
Nick Schonning
25d36b6edd
Autofix Rubocop Style/RedundantArgument (#23798) 2023-03-16 10:34:00 +09:00
Claire
a232a1feb8
Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2023-03-15 04:15:20 +01:00
CSDUMMI
39c7236649
Redirect users to SLO at the IdP after logging them out of Mastodon. (#24020) 2023-03-15 03:52:40 +01:00
CSDUMMI
d258ec8e3b
Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073) 2023-03-13 00:06:27 +01:00
Claire
f8bb4d0d6b
Fix server error when failing to follow back followers from /relationships (#23787) 2023-03-03 20:36:18 +01:00
Claire
c2a046ded1
Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2023-03-03 20:25:15 +01:00
Nick Schonning
434770f580
Autofix Rubocop Rails/FindById (#23762) 2023-02-21 10:21:48 +09:00
Nick Schonning
717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2023-02-20 06:58:28 +01:00
Nick Schonning
aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2023-02-20 11:16:40 +09:00
Nick Schonning
2177daeae9
Autofix Rubocop Style/RedundantBegin (#23703) 2023-02-19 07:09:40 +09:00
Nick Schonning
c38bd17657
Autofix Rubocop Style/TrailingCommaInArguments (#23694) 2023-02-18 12:39:58 +01:00
Nick Schonning
e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2023-02-18 12:37:47 +01:00
Nick Schonning
a6f77aa28a
Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#23681) 2023-02-18 04:30:23 +01:00
Claire
d6930b3847
Add API parameter to safeguard unexpect mentions in new posts (#18350) 2023-02-13 16:36:29 +01:00
Claire
832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections (#23460) 2023-02-08 17:57:25 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition (#23451) 2023-02-08 07:07:36 +01:00
Nick Schonning
2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument (#23443)
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
2023-02-08 02:25:20 +01:00
Claire
20a479ff7c
Change POST /settings/applications/:id to regenerate token on scopes change (#23359)
Fixes #23096
2023-02-02 12:03:49 +01:00
Eugen Rochko
21780c0204
Change notifications per page from 15 to 40 in REST API (#23348) 2023-02-01 11:23:54 +01:00
Claire
68dcbcb7bf
Add more specific error messages to HTTP signature verification (#21617)
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2023-01-18 16:47:56 +01:00
Claire
343e1fe8e9
Add confirmation screen when handling reports (#22375)
* Add confirmation screen on moderation actions

* Add flash notice when a report has been processed

* Refactor tests

* Add tests
2023-01-18 16:40:09 +01:00
Claire
4b92e59f4f
Add support for editing media description and focus point of already-posted statuses (#20878)
* Add backend support for editing media attachments of existing posts

* Allow editing media attachments of already-posted toots

* Add tests
2023-01-18 16:33:55 +01:00
Claire
b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer (#18943)
* Fix /api/v1/admin/trends/tags using wrong serializer

Fix regression from #18641

* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`

* Fix admin trending hashtag component to not link if `id` is unknown
2023-01-18 16:28:18 +01:00
Claire
fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists (#21470)
* Change domain block CSV parsing to be more robust and handle more lists

* Add some tests

* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
Carl Schwan
f33e22ae4c
Allow changing hide_collections setting with the api (#22790)
* Allow changing hide_collections setting with the api

This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers

* Fix the lint issue

* Use normal indent
2023-01-13 16:40:21 +01:00
Claire
aefefc74c4
Change referrer-policy to no-referrer application-wide (#23014) 2023-01-10 05:18:43 +01:00
Claire
18d00055f4
Add dropdown menu item to open admin interface for remote domains (#21895)
* Allow /admin/instances/:domain to handle IDNs

* Add dropdown menu item to open admin interface for remote domains
2023-01-05 14:03:46 +01:00
Claire
42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts (#22497)
Fixes #22262
2023-01-05 13:40:27 +01:00
Claire
8556a649d5
Fix changing domain block severity not undoing individual account effects (#22135)
* Fix changing domain block severity not undoing individual account effects

Fixes #22133

* Add tests
2022-12-15 17:45:02 +01:00
David Vega
1b5d207131
Fix single name variables on controller folder (#20092)
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 17:11:58 +01:00
Claire
623d3d2e32
Change CSP directives on API to be tight and concise (#20960) 2022-12-15 16:40:32 +01:00
nametoolong
63b379c2d9
Fix N+1 queries from in NotificationsController (#21202)
Co-authored-by: Nonexistent <nx@example.org>
2022-12-15 16:18:20 +01:00
Effy Elden
441cac758f
Allow adding relays while secure mode & limited federation mode are enabled (#22324) 2022-12-15 15:56:05 +01:00
Francis Murillo
5fb1c3e934
Revoke all authorized applications on password reset (#21325)
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Francis Murillo
f6492a7c4d
Log admin approve and reject account (#22088)
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2022-12-07 00:25:18 +01:00
Claire
69137f4a90
Fix irreversible and whole_word parameters handling in /api/v1/filters (#21988)
Fixes #21965
2022-12-07 00:10:53 +01:00
Claire
68d1df8bc3
Fix some performance issues with /admin/instances (#21907)
/admin/instances?availability=failing remains wholly unefficient
2022-12-01 10:32:10 +01:00
Claire
51a33ce77a
Fix not being able to follow more than one hashtag (#21285)
Fixes regression from #20860
2022-11-21 10:35:09 +01:00
Claire
48e136605a
Fix form-action CSP directive for external login (#20962) 2022-11-17 22:59:07 +01:00
Claire
4ae97a2e4c
Fix OAuth flow being broken by recent CSP change (#20958) 2022-11-17 21:31:52 +01:00
lenore gilbert
c373148b3d
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597)
* Allow import/export of instance-level domain blocks/allows (#1754)

* Allow import/export of instance-level domain blocks/allows.
Fixes #15095

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit 94e98864e39c010635e839fea984f2b4893bef1a)

* Add confirmation page when importing blocked domains (#1773)

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit b91196f4b73fff91997b8077619ae25b6d04a59e)

* Fix authorization check in domain blocks controller

(cherry picked from commit 75279377583c6e2aa04cc8d7380c593979630b38)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 9094c2f52c24e1c00b594e7c11cd00e4a07eb431)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 26ff48ee48a5c03a2a4b0bd03fd322529e6bd960)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-17 11:05:09 +01:00
Claire
cbb0153bd0
Fix invalid/empty RSS feed link on account pages (#20772)
Fixes #20770
2022-11-17 10:58:33 +01:00
trwnh
7fdeed5fbc
Make tag following idempotent (#20860) 2022-11-17 10:55:59 +01:00
Claire
00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users (#20774)
Fixes #20550
2022-11-17 10:55:23 +01:00
trwnh
e1f819fd78
Fix pagination of followed tags (#20861)
* Fix missing pagination headers on followed tags

* Fix typo
2022-11-17 10:54:10 +01:00
Daniel Axtens
4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2022-11-16 04:56:30 +01:00
trwnh
b59ce0a60f
Move V2 Filter methods under /api/v2 prefix (#20622)
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2022-11-14 08:34:07 +01:00
Eugen Rochko
b31afc6294
Fix error when passing unknown filter param in REST API (#20626)
Fix #19156
2022-11-14 08:06:06 +01:00
Eugen Rochko
167d86d21d
Fix role_ids not accepting arrays in admin API (#20625)
Fix #19157
2022-11-14 06:56:15 +01:00
Claire
86f6631d28
Remove dead code and refactor status threading code (#20357)
* Remove dead code

* Remove unneeded/broken parameters and refactor descendant computation
2022-11-10 22:30:00 +01:00
Claire
1615c3eb6e
Change logged out /api/v1/statuses/:id/context logged out limits (#20355) 2022-11-10 21:06:08 +01:00
James Tucker
78a6b871fe
Improve performance by avoiding regex construction (#20215)
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2022-11-10 05:49:30 +01:00
Eugen Rochko
0cd0786aef
Revert filtering public timelines by locale by default (#20294) 2022-11-10 05:34:42 +01:00
trwnh
89e1974f30
Make account endorsements idempotent (fix #19045) (#20118)
* Make account endorsements idempotent (fix #19045)

* Accept suggestion to use exists? instead of find_by + nil check

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* fix logic (unless, not if)

* switch to using `find_or_create_by!`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-11-08 16:39:15 +01:00
trwnh
68d9dcd425
Fix uncaught 500 error on invalid replies_policy (Fix #19097) (#20126) 2022-11-08 16:37:28 +01:00
Claire
1e1289b024
Fix crash when external auth provider has no display_name set (#19962)
Fixes #19913
2022-11-07 15:43:24 +01:00
Claire
4cb2323458
Fix crash in legacy filter creation controller (#19878) 2022-11-07 03:38:53 +01:00
Eugen Rochko
3a41fccc43
Change AUTHORIZED_FETCH to not block unauthenticated REST API access (#19803)
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2022-11-05 22:56:03 +01:00
Claire
c2170991c7
Fix reblogs being discarded after the reblogged status (#19731) 2022-11-04 16:31:44 +01:00
Claire
125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails (#19674)
Fixes #19593
2022-11-02 18:50:21 +01:00
Eugen Rochko
15bae3e0e4
Change post-processing to be deferred only for large media types (#19617) 2022-11-01 15:27:58 +01:00
Claire
bb1ef11c30
Change featured hashtag deletion to be done synchronously (#19590) 2022-10-31 16:31:44 +01:00
Eugen Rochko
26478f461c
Remove language filtering from hashtag timelines (#19563) 2022-10-30 21:29:23 +01:00
Claire
a529d6d93e
Fix invites (#19560)
Fixes #19507

Fix regression from #19296
2022-10-30 19:04:39 +01:00
Eugen Rochko
276b85bc91
Fix admin APIs returning deleted object instead of empty object upon delete (#19479)
Fix #19153
2022-10-30 02:43:57 +02:00
Eugen Rochko
5724da0780
Fix language not being saved when editing status (#19543)
Fix #19542
2022-10-30 02:43:27 +02:00
Eugen Rochko
3e18e05330
Fix uncaught error when invalid date is supplied to API (#19480)
Fix #19213
2022-10-27 14:30:52 +02:00
Eugen Rochko
f8ca3bb2a1
Add ability to view previous edits of a status in admin UI (#19462)
* Add ability to view previous edits of a status in admin UI

* Change moderator access to posts to be controlled by a separate policy
2022-10-26 13:42:29 +02:00
Eugen Rochko
1ae508bf2f
Change unauthenticated search to not support pagination in REST API (#19326)
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2022-10-26 12:10:02 +02:00
Eugen Rochko
487d81fb92
Fix IP blocks not having a unique index (#19456) 2022-10-25 21:43:44 +02:00
Yamagishi Kazutoshi
45d3b32488
Fix Settings::FeaturedTagsController (#19418)
Regression from #19409
2022-10-22 23:14:58 +02:00
Takeshi Umeda
74ead7d106
Change featured tag updates to add/remove activity (#19409)
* Change featured tag updates to add/remove activity

* Fix to check for the existence of feature tag

* Rename service and worker

* Merge AddHashtagSerializer with AddSerializer

* Undo removal of sidekiq_options
2022-10-22 18:30:55 +02:00
Eugen Rochko
7c152acb2c
Change settings area to be separated into categories in admin UI (#19407)
And update all descriptions
2022-10-22 11:44:41 +02:00
Eugen Rochko
839f893168
Change public accounts pages to mount the web UI (#19319)
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Takeshi Umeda
b0e3f0312c
Add synchronization of remote featured tags (#19380)
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27b104ded2df6bb5665132dc24dab09c.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2022-10-20 09:15:52 +02:00
prplecake
c618d3a0a5
Make "No $entity selected" errors more accurate (#19356)
Previously all controllers would use the single "No accounts changed as
none were selected" message. This commit changes them to read "tags",
"posts", "emojis", etc. where necessary.
2022-10-15 00:20:54 +02:00
Eugen Rochko
1bd00036c2
Change about page to be mounted in the web UI (#19345) 2022-10-13 14:42:37 +02:00
Eugen Rochko
45ebdb72ca
Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
Eugen Rochko
a2ba011326
Change privacy policy to be rendered in web UI, add REST API (#19310)
Source string no longer localized, Markdown instead of raw HTML
2022-10-08 06:01:11 +02:00
Eugen Rochko
93f340a4bf
Remove setting that disables account deletes (#17683) 2022-10-06 10:16:47 +02:00
Eugen Rochko
62782babd0
Change public statuses pages to mount the web UI (#19301) 2022-10-06 02:26:34 +02:00
Eugen Rochko
58d5b28cb0
Remove previous landing page (#19300) 2022-10-06 02:19:45 +02:00
Eugen Rochko
679274465b
Add server rules to sign-up flow (#19296) 2022-10-05 18:57:33 +02:00
Eugen Rochko
9f65909f42
Change public timelines to be filtered by current locale by default (#19291)
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2022-10-05 03:48:06 +02:00
Eugen Rochko
d2528b26b6
Add server banner to web app, add GET /api/v2/instance to REST API (#19294) 2022-10-05 03:47:56 +02:00
Claire
cedcece0cc
Fix deleted pinned posts potentially counting towards the pinned posts limit (#19005)
Fixes #18938
2022-10-05 00:16:40 +02:00
Eugen Rochko
02ba9cfa35
Remove code for rendering public and hashtag timelines outside the web UI (#19257) 2022-10-04 20:13:46 +02:00
Eugen Rochko
36f4c32a38
Change path of privacy policy page (#19249) 2022-09-29 06:22:12 +02:00
Eugen Rochko
43b5d5e38d
Add logged-out access to the web UI (#18961) 2022-09-29 04:39:33 +02:00
Eugen Rochko
0d6b878808
Add user content translations with configurable backends (#19218) 2022-09-23 23:00:12 +02:00
Claire
8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors (#19212)
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account

* Refactor SignatureVerification to allow non-Account actors

* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors

* Refactor inbound ActivityPub payload processing to accept non-Account actors

* Refactor inbound ActivityPub processing to accept activities relayed through non-Account

* Refactor how Account key URIs are built

* Refactor Request and drop unused key_id_format parameter

* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2022-09-21 22:45:57 +02:00
Claire
84aff598ea
Fix typo in SignatureVerification (#19209)
Fix regression from #15605
2022-09-21 14:48:35 +02:00
Eugen Rochko
50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
Claire
1145dbd327
Improve error reporting and logging when processing remote accounts (#15605)
* Add a more descriptive PrivateNetworkAddressError exception class

* Remove unnecessary exception class to rescue clause

* Remove unnecessary include to JsonLdHelper

* Give more neutral error message when too many webfinger redirects

* Remove unnecessary guard condition

* Rework how “ActivityPub::FetchRemoteAccountService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).

* Rework how “ActivityPub::FetchRemoteKeyService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).

* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error

* Add suppress_errors option to ResolveAccountService

Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.

* Return more precise error when failing to fetch account signing AP payloads

* Add tests

* Fixes

* Refactor error handling a bit

* Fix various issues

* Add specific error when provided Digest is not 256 bits of base64-encoded data

* Please CodeClimate

* Improve webfinger error reporting
2022-09-20 23:30:26 +02:00
Claire
2750a7a0e6
Fix REST API sometimes returning HTML on error (#19135)
Fixes #19115
2022-09-08 09:44:36 +02:00
Eugen Rochko
c57907737a
Change search API to be accessible without being logged in (#18963)
But with the resolve option turned off
2022-08-28 03:45:19 +02:00
Eugen Rochko
c99c106ef0
Change following and followers API to be accessible without being logged in (#18964) 2022-08-28 03:45:07 +02:00
Eugen Rochko
2a7766dcc9
Add admin API for managing e-mail domain blocks (#19066) 2022-08-28 03:37:55 +02:00
Eugen Rochko
c556c3a0d1
Add admin API for managing canonical e-mail blocks (#19067) 2022-08-28 03:31:54 +02:00
Eugen Rochko
b399d79545
Add admin API for managing IP blocks (#19065) 2022-08-27 20:56:47 +02:00
Eugen Rochko
0b3e4fd5de
Remove digest e-mails (#17985)
* Remove digest e-mails

* Remove digest-related code
2022-08-25 23:38:22 +02:00
Eugen Rochko
5b0e8cc92b
Add ability to select all accounts matching search for batch actions (#19053) 2022-08-25 23:33:34 +02:00
Eugen Rochko
0396acf39e
Add audit log entries for user roles (#19040)
* Refactor audit log schema

* Add audit log entries for user roles
2022-08-25 20:39:40 +02:00
Claire
50487db122
Add ability to filter individual posts (#18945)
* Add database table for status-specific filters

* Add REST endpoints, entities and attributes

* Show status filters in /filters interface

* Perform server-side filtering for individual posts filters

* Fix filtering on context mismatch

* Refactor `toServerSideType` by moving it to its own module

* Move loupe and delete icons to their own module

* Add ability to filter individual posts from WebUI

* Replace keyword list by warnings (expired, context mismatch)

* Refactor server-side filtering code

* Add tests
2022-08-25 04:27:47 +02:00
Eugen Rochko
d83faa1a89
Add ability to block sign-ups from IP (#19037) 2022-08-24 19:00:37 +02:00
Claire
726931fe4a
Fix /api/v1/tags/:id route constraints (#18854)
The constraint was applied prior to decoding, and rejected anything containing
the '%' character, which would be used for anything with non-ASCII unicode
characters.
2022-07-20 17:06:52 +02:00
Eugen Rochko
c3f0621a59
Add ability to follow hashtags (#18809) 2022-07-17 13:49:29 +02:00
Eugen Rochko
e7aa2be828
Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
2022-07-13 15:03:28 +02:00
Eugen Rochko
44b2ee3485
Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
2022-07-05 02:41:40 +02:00
Claire
02851848e9
Revamp post filtering system (#18058)
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
2022-06-28 09:42:13 +02:00
Claire
35588d09e2
Add /api/v1/admin/domain_allows (#18668)
- `GET /api/v1/admin/domain_allows` lists allowed domains
- `GET /api/v1/admin/domain_allows/:id` shows one by ID
- `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list
  of allowed domains
- `POST /api/v1/admin/domain_allows` to allow a new domain:
  if that domain is already allowed, the existing DomainAllow will be returned
2022-06-23 23:12:01 +02:00
tateisu
47f2ff617d
use Notification::TYPES for api push subscription alerts (#18709) 2022-06-23 01:44:27 +02:00
Claire
327eed0076
Fix suspicious sign-in mails never being sent (#18599)
* Add tests

* Fix suspicious sign-in mails never being sent
2022-06-21 15:16:22 +02:00
Eugen Rochko
a2871cd747
Add administrative webhooks (#18510)
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
2022-06-09 21:57:36 +02:00
Claire
28329ba62f
Add /api/v1/admin/domain_blocks (#18247)
* Add /api/v1/admin/domain_blocks

Fixes #18140

- `GET /api/v1/admin/domain_blocks` lists domain blocks
- `GET /api/v1/admin/domain_blocks/:id` shows one by ID
- `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block
- `POST /api/v1/admin/domain_blocks` to create a new domain block:
  if it conflicts with an existing one, returns an error with
  an attribute `existing_domain_block` with the rendered domain block

* Simplify conflict handling as suggested in review
2022-06-01 17:31:36 +02:00