Commit graph

159 commits

Author SHA1 Message Date
santiagorodriguez96
e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
mayaeh
411bf188bb
follow-up #14149 (#14192)
ran `yarn manage:translations en`
2020-07-01 11:34:19 +02:00
Eugen Rochko
72a7cfaa39
Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
Eugen Rochko
bea0bb39d6
Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12 22:35:20 +01:00
Eugen Rochko
f556f79b77
Add titles to warning presets in admin UI (#13252) 2020-03-12 17:57:59 +01:00
Mélanie Chauvel (ariasuni)
62c4e4cc22
Change wording of media display preferences to be more intuitive (#13198) 2020-03-08 16:08:38 +01:00
ThibG
0fd2d2eee2
Fix english wording (#13003) 2020-01-29 18:39:44 +01:00
Eugen Rochko
f52c988e12
Add announcements (#12662)
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
mayaeh
709ca0496d Undo translations restored to its previous state (#12876) 2020-01-17 10:53:53 +01:00
Eugen Rochko
a369d1ca64
New Crowdin translations (#12378)
* New translations simple_form.en.yml (Japanese)
[ci skip]

* New translations doorkeeper.en.yml (Japanese)
[ci skip]

* New translations doorkeeper.en.yml (Welsh)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations devise.en.yml (German)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations devise.en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.yml (Welsh)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.yml (Welsh)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations activerecord.en.yml (Basque)
[ci skip]

* New translations devise.en.yml (Basque)
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.yml (Tamil)
[ci skip]

* New translations activerecord.en.yml (Tamil)
[ci skip]

* New translations devise.en.yml (Tamil)
[ci skip]

* New translations devise.en.yml (Tamil)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations activerecord.en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations devise.en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations en.yml (Chinese Traditional)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Hungarian)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.yml (Tamil)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations simple_form.en.yml (Greek)
[ci skip]

* New translations simple_form.en.yml (Greek)
[ci skip]

* New translations en.yml (Greek)
[ci skip]

* New translations simple_form.en.yml (Greek)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations en.json (Turkish)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.yml (Asturian)
[ci skip]

* New translations simple_form.en.yml (Asturian)
[ci skip]

* New translations en.yml (Danish)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Kazakh)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations en.json (Polish)
[ci skip]

* New translations en.json (Polish)
[ci skip]

* New translations en.json (Ukrainian)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations en.yml (Ukrainian)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations devise.en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations simple_form.en.yml (Esperanto)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations en.yml (Estonian)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations simple_form.en.yml (Catalan)
[ci skip]

* New translations doorkeeper.en.yml (Catalan)
[ci skip]

* New translations activerecord.en.yml (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations devise.en.yml (Catalan)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations simple_form.en.yml (Galician)
[ci skip]

* New translations doorkeeper.en.yml (Japanese)
[ci skip]

* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* New translations doorkeeper.en.yml (Korean)
[ci skip]

* New translations en.yml (Slovak)
[ci skip]

* New translations en.yml (German)
[ci skip]

* New translations doorkeeper.en.yml (German)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* New translations doorkeeper.en.yml (Spanish)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations doorkeeper.en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations doorkeeper.en.yml (Russian)
[ci skip]

* New translations en.yml (Catalan)
[ci skip]

* New translations doorkeeper.en.yml (Catalan)
[ci skip]

* New translations en.yml (Indonesian)
[ci skip]

* New translations doorkeeper.en.yml (Indonesian)
[ci skip]

* New translations en.yml (Kazakh)
[ci skip]

* New translations doorkeeper.en.yml (Kazakh)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations doorkeeper.en.yml (Persian)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations doorkeeper.en.yml (Turkish)
[ci skip]

* New translations doorkeeper.en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Tamil)
[ci skip]

* New translations doorkeeper.en.yml (Tamil)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Estonian)
[ci skip]

* New translations doorkeeper.en.yml (Estonian)
[ci skip]

* New translations en.yml (Arabic)
[ci skip]

* New translations doorkeeper.en.yml (Arabic)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations en.yml (Portuguese)
[ci skip]

* New translations doorkeeper.en.yml (Portuguese)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations activerecord.en.yml (Icelandic)
[ci skip]

* New translations devise.en.yml (Icelandic)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations doorkeeper.en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations doorkeeper.en.yml (Corsican)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Corsican)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Swedish)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations doorkeeper.en.yml (Swedish)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations en.json (Icelandic)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations doorkeeper.en.yml (Esperanto)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations simple_form.en.yml (Icelandic)
[ci skip]

* New translations doorkeeper.en.yml (Icelandic)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations doorkeeper.en.yml (Italian)
[ci skip]

* New translations en.yml (Italian)
[ci skip]

* New translations en.yml (Spanish, Argentina)
[ci skip]

* New translations doorkeeper.en.yml (Spanish, Argentina)
[ci skip]

* New translations en.yml (Icelandic)
[ci skip]

* New translations doorkeeper.en.yml (Japanese)
[ci skip]

* New translations en.yml (Japanese)
[ci skip]

* New translations en.yml (Czech)
[ci skip]

* New translations doorkeeper.en.yml (Czech)
[ci skip]

* New translations doorkeeper.en.yml (Basque)
[ci skip]

* New translations en.yml (Basque)
[ci skip]

* New translations en.yml (Portuguese, Brazilian)
[ci skip]

* New translations doorkeeper.en.yml (Portuguese, Brazilian)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.yml (Russian)
[ci skip]

* New translations en.yml (Galician)
[ci skip]

* New translations doorkeeper.en.yml (Greek)
[ci skip]

* New translations en.yml (Turkish)
[ci skip]

* New translations en.yml (Spanish)
[ci skip]

* i18n-tasks normalize

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Korean)
[ci skip]

* yarn manage:translations

* New translations en.yml (Thai)
[ci skip]
2020-01-12 15:18:03 +01:00
Sasha Sorokin
fd45f5bbaa Improve notifications page (#12497)
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
2019-11-29 17:03:06 +01:00
Faye Duxovni
48f75b86ae Add setting for whether to crop images in unexpanded toots (#12126) 2019-10-24 22:51:41 +02:00
Soft. Dev
3ebd903535 change string from Disable to Disable login (#12201) 2019-10-24 22:45:55 +02:00
Eugen Rochko
3ed94dcc1a
Add account migration UI (#11846)
Fix #10736

- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
2019-09-19 20:58:19 +02:00
Eugen Rochko
e1066cd431
Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
mayaeh
ef0d22f232 Add search and sort functions to hashtag admin UI (#11829)
* Add search and sort functions to hashtag admin UI

* Move scope processing from tags_controller to tag_filter

* Fix based on method naming conventions

* Fixed not to get 500 errors for invalid requests
2019-09-16 14:27:29 +02:00
Eugen Rochko
cb447b28c4
Add profile directory to web UI (#11688)
* Add profile directory to web UI

* Add a line of bio to the directory
2019-08-30 00:14:36 +02:00
mayaeh
89b574aa6c Add translation target for hashtag (#11657)
* Add translation target for hashtag.

* run `yarn manage:translations en`
2019-08-25 16:22:20 +02:00
Eugen Rochko
73ca0bb925
Add option to include reported statuses in warning e-mail (#11639) 2019-08-23 22:37:23 +02:00
Eugen Rochko
cc0a55cf9a
Add more accurate hashtag search (#11579)
* Add more accurate hashtag search

Using ElasticSearch to index hashtags with edge n-grams and score
them by usage within the last 7 days since last activity. Only
hashtags that have been reviewed and are listable can appear in
searches, unless they match the query exactly

* Fix search analyzer dropping non-ascii characters
2019-08-18 03:45:51 +02:00
Eugen Rochko
9072fe5ab6
Add trends UI with admin and user settings (#11502) 2019-08-06 17:57:52 +02:00
Eugen Rochko
115dab78f1
Change admin UI for hashtags and add back whitelisted trends (#11490)
Fix #271

Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.

When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.

The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.

The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
2019-08-05 19:54:29 +02:00
Eugen Rochko
24552b5160
Add whitelist mode (#11291) 2019-07-30 11:10:46 +02:00
Eugen Rochko
9b1d3e4acb
Add option to disable real-time updates in web UI (#9984)
Fix #9031
Fix #7913
2019-07-16 06:30:47 +02:00
ThibG
3086c645fd Add option to disable blurhash previews (#11188)
* Add option to disable blurhash previews

* Update option text

* Change options order
2019-06-26 19:33:04 +02:00
Eugen Rochko
1db4117030
Change preferences page into appearance, notifications, and other (#10977) 2019-06-07 03:39:24 +02:00
Eugen Rochko
1e5532e693
Add responsive panels to the single-column layout (#10820)
* Add responsive panels to the single-column layout

* Fixes

* Fix not being able to save the preference

* Fix code style issues

* Set max-height on the compose textarea and add a link to relationship manager
2019-05-25 21:27:00 +02:00
Eugen Rochko
36b39fbac5
Add preference to disable e-mails about new pending accounts (#10529) 2019-04-10 00:35:49 +02:00
Eugen Rochko
8b69a66380 Add "why do you want to join" field to invite requests (#10524)
* Add "why do you want to join" field to invite requests

Fix #10512

* Remove unused translations

* Fix broken registrations when no invite request text is submitted
2019-04-09 23:06:30 +09:00
mayaeh
46e806cd2f Rename from instance to server. (#9938) 2019-02-05 19:11:24 +01:00
Eugen Rochko
364f2ff9aa
Add featured hashtags to profiles (#9755)
* Add hashtag filter to profiles

GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag

* Display featured hashtags on public profile

* Use separate model for featured tags

* Update featured hashtag counters on-write

* Limit featured tags to 10
2019-02-04 04:25:59 +01:00
ThibG
ed30110618 Make displaying application used to toot opt-in (#9897)
* Make storing and displaying application used to toot opt-in

* Revert to storing application info, and display it to the author via API
2019-02-02 19:18:15 +01:00
Eugen Rochko
3c033c4352
Add moderation warnings (#9519)
* Add moderation warnings

Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.

Additionally, there are warning presets you can configure to save
time when performing the above.

* Use Account#local_username_and_domain
2018-12-22 20:02:09 +01:00
ThibG
81bda7d67c Add setting to not aggregate reblogs (#9248)
* Add setting to not aggregate reblogs

Fixes #9222

* Handle cases where user is nil in add_to_home and add_to_list

* Add hint for setting_aggregate_reblogs option

* Reword setting_aggregate_reblogs label
2018-12-09 13:03:01 +01:00
Eugen Rochko
73be8f38c1
Add profile directory (#9427)
Fix #5578
2018-12-06 17:36:11 +01:00
Eugen Rochko
161aeadbb4
Remove character counter from edit profile (#9100)
* Remove display name and bio counter hint, simply limit input

* Remove now redundant translations

* Fix code style issue
2018-10-26 01:55:24 +02:00
ふぁぼ原
f7a6f9489d Add a new preference to always hide all media (#8569) 2018-09-25 05:09:35 +02:00
Matt Sweetman
1889526e23 Add user preference to always expand toots marked with content warnings (#8762) 2018-09-24 05:44:01 +02:00
Eugen Rochko
f4d549d300
Redesign forms, verify link ownership with rel="me" (#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
Eugen Rochko
c593d6df9c
Add preference for report notification e-mails, skip for duplicates (#8559)
If an unresolved report for the same target account already exists,
no new notification is generated
2018-09-02 00:11:58 +02:00
Eugen Rochko
0a3cc246ac Fix size/dimension values in avatar/header hint localizations (#8088) 2018-07-29 09:57:13 +09:00
Eugen Rochko
e55dce3176
Add federation relay support (#7998)
* Add federation relay support

* Add admin UI for managing relays

* Include actor on relay-related activities

* Fix i18n
2018-07-13 02:16:06 +02:00
mayaeh
401559c376 Fix whole-word selection and i18n: Add Japanese translation for Whole-word (#8004)
* Add Japanese translation for "Whole word" and add it's description.

* Fix to enable "Whole-word" selection.
2018-07-12 17:58:26 +02:00
Eugen Rochko
1f6ed4f86a
Add more granular OAuth scopes (#7929)
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
2018-07-05 18:31:35 +02:00
Eugen Rochko
cdb101340a
Keyword/phrase filtering (#7905)
* Add keyword filtering

    GET|POST       /api/v1/filters
    GET|PUT|DELETE /api/v1/filters/:id

- Irreversible filters can drop toots from home or notifications
- Other filters can hide toots through the client app
- Filters use a phrase valid in particular contexts, expiration

* Make sure expired filters don't get applied client-side

* Add missing API methods

* Remove "regex filter" from column settings

* Add tests

* Add test for FeedManager

* Add CustomFilter test

* Add UI for managing filters

* Add streaming API event to allow syncing filters

* Fix tests
2018-06-29 15:34:36 +02:00
Eugen Rochko
a58ec29631
Allow selecting default posting language instead of auto-detect (#7828)
* Allow selecting default posting language instead of auto-detect

* Enable default language setting in credentials API

* Fix form saving
2018-06-17 18:57:31 +02:00
Eugen Rochko
7eec279c7f
Change language opt-out to language opt-in (#7823)
* Switch filtered_languages to chosen_languages

* Adjust interface

* Remove unused translations
2018-06-17 13:54:02 +02:00
Eugen Rochko
ca85658975
Add autofollow option to invites (#7805)
* Add autofollow option to invites

* Trigger CodeClimate rebuild
2018-06-15 18:00:23 +02:00
Eugen Rochko
1e02dc8715
Add preference to hide following/followers lists (#7532)
* Add preference to hide following/followers lists

- Public pages
- ActivityPub collections (does not return pages but does give total)
- REST API (unless it's your own) (does not federate)

Fix #6901

* Add preference

* Add delegation

* Fix issue

* Fix issue
2018-05-18 02:26:51 +02:00
nightpool
dbf65e1b76 Update bot preference text (#7507)
* Update simple_form.en.yml

* fix #2
2018-05-16 14:47:29 +02:00
Eugen Rochko
42cd363542
Bot nameplates (#7391)
* Store actor type in database

* Add bot nameplate to web UI, add setting to preferences, API, AP
Fix #7365

* Fix code style issues
2018-05-07 09:31:07 +02:00
Eugen Rochko
b611dbac79
Add contact e-mail hint to 2FA login form (#7376) 2018-05-06 10:52:36 +02:00
Eugen Rochko
78ed4ab75f
Add bio fields (#6645)
* Add bio fields

- Fix #3211
- Fix #232
- Fix #121

* Display bio fields in web UI

* Fix output of links and missing fields

* Federate bio fields over ActivityPub as PropertyValue

* Improve how the fields are stored, add to Edit profile form

* Add rel=me to links in fields

Fix #121
2018-04-14 12:41:08 +02:00
Yamagishi Kazutoshi
4c16ddf588 Change avatar size on form hints (#6707) 2018-03-09 10:57:33 +01:00
Eugen Rochko
76f3d5d16b
Add preference to always display sensitive media (#6448) 2018-02-09 00:26:57 +01:00
Alexander
04fef7b888 pam authentication (#5303)
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
2018-02-02 10:18:55 +01:00
Eugen Rochko
ed867eca9d
Move e-mail digest task to sidekiq, reduce workload, improve hint (#6252) 2018-01-15 04:34:28 +01:00
Eugen Rochko
740f8a95a9
Add consumable invites (#5814)
* Add consumable invites

* Add UI for generating invite codes

* Add tests

* Display max uses and expiration in invites table, delete invite

* Remove unused column and redundant validator

- Default follows not used, probably bad idea
- InviteCodeValidator is redundant because RegistrationsController
  checks invite code validity

* Add admin setting to disable invites

* Add admin UI for invites, configurable role for invite creation

- Admin UI that lists everyone's invites, always available
- Admin setting min_invite_role to control who can invite people
- Non-admin invite UI only visible if users are allowed to

* Do not remove invites from database, expire them instantly
2017-11-27 16:07:59 +01:00
Eugen Rochko
fbef909c2a
Add option to block direct messages from people you don't follow (#5669)
* Add option to block direct messages from people you don't follow

Fix #5326

* If the DM responds to a toot by recipient, allow it through

* i18n: Update Polish translation (for #5669) (#5673)
2017-11-14 21:12:57 +01:00
Marcin Mikołajczak
3c530d95f6 i18n: Update Polish translation (#5416)
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
2017-10-16 14:09:51 +02:00
Nolan Lawson
fa0be3f834 Add option to reduce motion (#5393)
* Add option to reduce motion

* Use HOC to wrap all Motion calls

* fix case-sensitive issue

* Avoid updating too frequently

* Get rid of unnecessary change to _simple_status.html.haml
2017-10-16 09:36:15 +02:00
Eugen Rochko
0b3f1ec62a Reorganize preferences page (#5161) 2017-10-01 10:52:39 +02:00
Lynx Kotoura
8fcfcddc8f Fix theme translations alphabetically (#5031) 2017-09-20 19:41:35 +02:00
Andrew
0401a24558 Add support for multiple themes (#4959)
* Add support for selecting a theme

* Fix codeclimate issues

* Look up site default style if current user is not available due to e.g. not being logged in

* Remove outdated comment in common.js

* Address requested changes in themes PR

* Fix codeclimate issues

* Explicitly check current_account in application controller and only check theme availability if non-nil

* codeclimate

* explicit precedence with &&

* Fix code style in application_controller according to @nightpool's suggestion, use default style in embedded.html.haml

* codeclimate: indentation + return
2017-09-19 16:36:23 +02:00
Eugen Rochko
3c515f2cd2 Run yarn run manage:translations and i18n-tasks normalize (#4302) 2017-07-23 01:14:57 +02:00
Yamagishi Kazutoshi
3267e4a785 Add unfollow modal (optional) (#4246)
* Add unfollow modal

* unfollowing someone

* remove unnecessary prop
2017-07-18 17:14:43 +02:00
unarist
033f970af3 Don't mention default post privacy on hints for locked accounts (#4222)
"defaults post privacy to followers-only" only means...

* default value of `visibility` param on post API
* default value for web UI privacy setting (i.e. it will be overridden if they once updated)

...so, many users won't see an effect of it.
2017-07-16 14:02:03 +02:00
Eugen Rochko
c42092ba7a Add option to opt out of search engines on public profile/status pages (#4199) 2017-07-14 16:41:02 +02:00
Yamagishi Kazutoshi
43f868de3d Add Japanese translations for #4163 and #4129 (#4166)
* Add Japanese translations for #4163

* Add Japanese translations for #4129

* top page -> front page
2017-07-12 14:50:07 +02:00
Yamagishi Kazutoshi
2b9721d1b3 Add setting a always mark media as sensitive (#4136) 2017-07-10 14:00:32 +02:00
Damien Erambert
18d3fa953b Add a setting allowing the use of system's default font in Web UI (#4033)
* add a system_font_ui setting on the server

* Plug the system_font_ui on the front-end

* add EN/FR locales for the new setting

* put Roboto after all other fonts

* remove trailing whitespace so CodeClimate is happy

* fix user_spec.rb

* correctly write user_spect this time

* slightly better way of adding the classes

* add comments to the system-font stack for clarification

* use .system-font for the class instead

* don't use multiple lines for comments

* remove trailing whitespace

* use the classnames module for consistency

* use `mastodon-font-sans-serif` instead of Roboto directly
2017-07-06 22:39:56 +02:00
Eugen Rochko
8902e265b4 Add explit admin actions to (re)subscribe/unsubscribe remote accounts (#3640)
* Add explit admin actions to (re)subscribe/unsubscribe remote accounts
and re-download avatar/header

* Improve how admin NSFW toggle looks
2017-06-08 14:58:22 +02:00
Atsushi Yamamoto
402c19a924 Add preference setting for delete toot modal (#3368)
* Set delete_modal preference to true by default
* Does not show confirmation modal if delete_modal is false
* Add ja translation for preference setting page
2017-05-29 17:56:13 +02:00
Yamagishi Kazutoshi
84608c3ff8 Add translations for counter of profile (#3214)
ref #3101
2017-05-22 04:45:55 +02:00
Matt Jankowski
8f4b7c1820 Filter languages with opt out (#3175)
* Remove allowed_languages and add filtered_languages

* Use filtered_languages instead of allowed_languages
2017-05-20 17:32:44 +02:00
Eugen Rochko
76449df903 Fix character counter not updating for bio (#3101) 2017-05-18 00:38:18 +02:00
Stephen Burgess
4bd0488a77 feat(count): Just yml count syntax to provide different rule for 1 (#2685)
Update all translation forms that use this "counter" element.
2017-05-13 17:13:17 +02:00
Matt Jankowski
f025cc6782 Filter on allowed user language preferences (#2361)
* Naive approached to timeline filtering

* Convert allowed_languages into a db column

* Allow users to choose languages to see statuses in

* Style list items as two columns

* Add a hint to explain language filtering preference
2017-05-01 17:42:13 +02:00
Eugen
501514960a Followers-only post federation (#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
2017-04-24 00:38:37 +02:00
Sebastian Morr
74c474a652 Display remaining characters when editing display name and bio (#2219) 2017-04-21 18:17:21 +02:00
Patrick Figel
ffb99325ca Add gif auto-play/pause preference
This introduces a new per-user preference called
"Auto-play animated GIFs", which is enabled by default. When a
user disables this setting, gifs in toots become click-to-play.

Previews of animated gifs were changed to display the video play
button so that users can distinguish them from regular images.

This setting also affects account avatars in the detailed account
view, which was changed to use the same hover-to-play mechanism
that is used for animated avatars in timelines.

Fixes #1652
2017-04-17 12:14:03 +02:00
Patrick Figel
df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Thomas Citharel
c0c56db0fa Translate admin (#1702)
* Translate the domain_block panel

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

* Translate PubSubHubbub section

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

* translate account section and correct typos

* move reports translation & translate sidebar

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

* normalize l18n
2017-04-13 21:49:07 +02:00
Eugen
9e5c1c487e Apply i18n-tasks normalize to locales (#1696) 2017-04-13 19:18:32 +02:00
blackle
06444bf050 Allow user to disable the boost confirm dialog in preferences 2017-04-11 10:10:16 -04:00
Eugen
57466d542b Merge pull request #805 from nevillepark/master
Changed "reblogs" to "boosts"
2017-04-05 03:00:57 +02:00
Neville Park
ce1ca28594 Changed "reblogs" to "boosts" 2017-04-03 17:45:36 -04:00
Eugen Rochko
e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 2017-03-30 19:42:33 +02:00
Eugen Rochko
56d998cbdb Export follow/block lists as CSV 2017-03-19 20:29:41 +01:00
Eugen Rochko
6b81d10030 Add digest e-mails 2017-03-04 00:00:48 +01:00
Eugen Rochko
347a153b3d Add API modifiers to limit returned toots from public/hashtag timelines
to only those from local users; Add link to "extended information" to
getting started in the UI; Add defaults for posting privacy; Change
how publish button looks depending on posting privacy chosen
2017-02-06 23:16:20 +01:00
Eugen Rochko
23b997ae55 Split 2FA login into two prompts 2017-01-28 20:43:38 +01:00
Eugen Rochko
f4bc9620a9 Update settings to re-use admin layout, one big navigation tree, improve settings forms 2017-01-28 03:56:10 +01:00
Eugen Rochko
ba192f12e3 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko
eca6110fc4 Add preferences for follow request notification e-mails 2016-12-26 22:04:16 +01:00
Eugen Rochko
b302b9202b Add page for authorizing/rejecting follow requests 2016-12-23 00:04:52 +01:00
Eugen Rochko
3c841c7306 Adjust wording 2016-12-22 23:24:46 +01:00
Eugen Rochko
05b13c38b5 Re-enable Webfinger for locked accounts but don't handle "follow" events
coming in via Salmon.

Currently no way to prevent remote follows, but they will only receive public
and unlisted posts
2016-12-22 23:17:57 +01:00
Eugen Rochko
b891a81008 Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko
14bd46946d Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
2016-11-30 21:34:59 +01:00