Commit Graph

515 Commits

Author SHA1 Message Date
Claire
bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire
6eea3f8f9c
Add post edited notice in admin and public UIs (#17335)
* Add edited toot flag on public pages

* Add toot edit flag to admin pages
2022-01-20 13:37:31 +01:00
Eugen Rochko
14f436c457
Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire
d5c9feb7b7
Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Claire
76761d5fc0
Add ability for admins to delete canonical email blocks (#16644)
* Add admin option to remove canonical email blocks from a deleted account

* Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17 23:02:14 +01:00
Claire
7f803c41e2
Add ability to purge undeliverable domains from admin interface (#16686)
* Add ability to purge undeliverable domains from admin interface

* Add tests
2021-12-17 23:01:21 +01:00
Claire
0fc73bbcb9
Fix incorrect singular version of some translation strings (#17124)
Fixes #17120

Co-authored-by: Mélanie Chauvel <perso@hack-libre.org>

Co-authored-by: Mélanie Chauvel <perso@hack-libre.org>
2021-12-13 18:25:25 +01:00
Eugen Rochko
0fb9536d38
Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
Eugen Rochko
7de0ee7aba
Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Eugen Rochko
6e50134a42
Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Jeong Arm
f4081d1564
Allow keeping only 1 boosts/favs on auto deleting posts (#16653)
* Allow keeping 1 boosts/favs on auto deleting posts

* Fix tests
2021-10-14 21:11:14 +02:00
Eugen Rochko
07341e7aa6
Add graphs and retention metrics to admin dashboard (#16829) 2021-10-14 20:44:59 +02:00
Claire
7c7e78d807
Fix suspicious sign-in mail text being out of date (#16690)
Fixes #16687
2021-09-04 16:44:50 +02:00
Claire
4ac78e2a06
Add feature to automatically delete old toots (#16529)
* Add account statuses cleanup policy model

* Record last inspected toot to delete to speed up successive calls to statuses_to_delete

* Add service to cleanup a given account's statuses within a budget

* Add worker to go through account policies and delete old toots

* Fix last inspected status id logic

All existing statuses older or equal to last inspected status id must be
kept by the current policy. This is an invariant that must be kept so that
resuming deletion from the last inspected status remains sound.

* Add tests

* Refactor scheduler and add tests

* Add user interface

* Add support for discriminating based on boosts/favs

* Add UI support for min_reblogs and min_favs, rework UI

* Address first round of review comments

* Replace Snowflake#id_at_start with with_random parameter

* Add tests

* Add tests for StatusesCleanupController

* Rework settings page

* Adjust load-avoiding mechanisms

* Please CodeClimate
2021-08-09 23:11:50 +02:00
Eugen Rochko
7095c80373
Add ability to filter reports by origin of target account (#16487) 2021-07-11 11:01:38 +02:00
Eugen Rochko
771c9d4ba8
Add ability to skip sign-in token authentication for specific users (#16427)
Remove "active within last two weeks" exception for sign in token requirement

Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00
Eugen Rochko
d174d12c83
Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
Mélanie Chauvel
fd5ab80eed
Fix some typos and improve some UI text (#16283)
* Fix typo: similiar → similar

Suggestion of unextro: https://crowdin.com/profile/unextro

* Fix typo: ChromeOS → Chrome OS

Suggestion of unextro: https://crowdin.com/profile/unextro

* Fix typo: Successfully remove → Successfully removed

Suggestion of GunChleoc: https://crowdin.com/profile/gunchleoc

* Fix typo: will now be processed in due time → will be processed

Suggestion of NCAA: https://crowdin.com/profile/ncaa

* Improve UI text: use “waiting period” instead of “cooldown period”

Suggestion of NCAA: https://crowdin.com/profile/ncaa

* Improve UI text: use “for today” instead of “for that day”

Suggestion of NCAA: https://crowdin.com/profile/ncaa
2021-05-24 03:03:01 +02:00
Mélanie Chauvel
d137d2ab87
Replace “status” and “message” by “post” in WebUI (#16271) 2021-05-17 22:31:35 +02:00
Eugen Rochko
74081433d0
Change trending hashtags to be affected be reblogs (#16164)
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending

Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots

Remove references to hashtags in profile directory from the code
and the admin UI
2021-05-07 14:33:43 +02:00
Takeshi Umeda
7cb34b32f8
Add management of delivery availability in Federation settings (#15771)
* Add management of delivery availavility in Federation settings

* fix translate

* Remove useless object creation

* Fix DeepSource issue

* Add shortcut for all

* Fix DeepSource(skipcq)

* Change 'remove' to 'clear'

* Fix style

* Change class method name (exhausted_deliveries_key_by)
2021-05-05 23:39:02 +02:00
Eugen Rochko
daccc07dc1
Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
Eugen Rochko
9cc283f0b4
Change the nouns "toot" and "status" to "post" (#16080) 2021-04-21 18:31:24 +02:00
Claire
e243092a5a
Add DM icon back on HTML view of DMs (#16086)
Fix regression from #16052
2021-04-21 15:40:00 +02:00
Eugen Rochko
23b102f661
Add "recommended" label to activity/peers API toggles in admin UI (#16081) 2021-04-20 13:57:45 +02:00
Eugen Rochko
480d7c9478
Fix missing source strings and inconsistent lead text style in admin UI (#16052) 2021-04-17 11:12:49 +02:00
Eugen Rochko
f7117646af
Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
Eugen Rochko
619fad6cf8
Remove spam check and dependency on nilsimsa gem (#16011) 2021-04-11 11:22:50 +02:00
Eugen Rochko
487e37d6d4
Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Claire
59f94593d0
Add warning in admin dashboard if some required queues are not handled (#15954) 2021-03-26 18:22:54 +01:00
Claire
876840e9ef
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire
d023eefbcc
Fix push notification title for polls (#15931) 2021-03-19 23:47:31 +01:00
Claire
0ff4264c3e
Add missing push notification title for polls (#15929) 2021-03-19 20:22:49 +01:00
Marcin Mikołajczak
8fa11b0e83
Add missing en.notification_mailer.status.subject (#15564)
* Add missing `en.notification_mailer.status.subject`

* Update en.yml
2021-03-19 17:15:59 +01:00
Eugen Rochko
9aa37b32c3
Add details to error response for POST /api/v1/accounts in REST API (#15803) 2021-03-01 04:59:13 +01:00
Eugen Rochko
8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Eugen Rochko
59343ef4d1
Fix missing description on enable bootstrap timeline accounts toggle in admin UI (#15367) 2020-12-19 00:19:15 +01:00
ThibG
1a02882244
Reword invite text settings in admin views for consistency (#15358)
For consistency with #15265

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 09:57:54 +01:00
Eugen Rochko
eb35be0431
Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
Eugen Rochko
8a95867693
Add option to obfuscate domain name in public list of domain blocks (#15355)
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
2020-12-18 08:30:41 +01:00
ThibG
8357969559
Fix admins being able to suspend their instance actor (#14567)
* Fix admin being able to suspend their own instance account

* Add text about the instance's own actor in admin view

* Change instance actor notice from flash message to template

* Do not list local instance actor in account moderation list
2020-12-15 17:23:58 +01:00
Mashiro
75d2762fdf
Add "invite request content" display in user account admin page (#15265)
* feat: display `invite_request_text` in admin's user account page

* fix: move invite_request to the bottom of accounts page

* fix: remove time display, remove formate, change code terminology

* fix: remove escape
2020-12-15 06:28:14 +01:00
ThibG
1390cc194b
Add indication to admin UI of whether a report has been forwarded (#13237)
* Add indication to admin UI of whether a report has been forwarded

* Rework how forwarded status is displayed

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15 04:30:15 +01:00
ThibG
47e507fa61
Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
Eugen Rochko
216b85b053
Fix performance on instances list in admin UI (#15282)
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
2020-12-14 09:06:34 +01:00
ThibG
49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
ThibG
96c1e71329
Add import/export feature for bookmarks (#14956)
* Add ability to export bookmarks

* Add support for importing bookmarks

* Add bookmark import tests

* Add bookmarks export test
2020-11-19 17:48:13 +01:00
Takeshi Umeda
2b1a6e734f
Add follow selected followers button (#15148)
* Add follow selected followers button

* Fix unused variable

* Fix i18n normalize
2020-11-12 16:58:00 +01:00
Mélanie Chauvel
bb13276e53
Precise that home timeline filters also apply to lists (#15139) 2020-11-11 01:18:42 +01:00
Mélanie Chauvel
68d4b2b83e
Display “Show newer” and “Show older” instead of “Show more” in public pages (#15052) 2020-11-04 21:15:45 +01:00
Takeshi Umeda
d6fe0c94ca
Add account sensitized (#14361)
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
2020-11-04 20:45:01 +01:00
Eugen Rochko
5e1364c448
Add IP-based rules (#14963) 2020-10-12 16:33:49 +02:00
Eugen Rochko
ed099d8bdc
Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
santiagorodriguez96
e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
ThibG
8d217d7231
Improve email address validation (#14565)
* Increase DNS timeout from 1 second to 5 seconds for MX check

1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.

* Add more precise error messages for invalid e-mail addresses
2020-08-12 12:40:25 +02:00
Eugen Rochko
c158dda796
New Crowdin updates (#14197)
* New translations devise.en.yml (Uyghur)
[ci skip]

* New translations doorkeeper.en.yml (Uyghur)
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.yml (Sorani (Kurdish))
[ci skip]

* New translations simple_form.en.yml (Sorani (Kurdish))
[ci skip]

* New translations activerecord.en.yml (Sorani (Kurdish))
[ci skip]

* New translations devise.en.yml (Sorani (Kurdish))
[ci skip]

* New translations doorkeeper.en.yml (Sorani (Kurdish))
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]

* New translations en.yml (Chinese Simplified)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.yml (Persian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Croatian)
[ci skip]

* New translations en.json (Marathi)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Bengali)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Hindi)
[ci skip]

* New translations en.json (Latvian)
[ci skip]

* New translations en.json (Estonian)
[ci skip]

* New translations en.json (Kazakh)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Urdu (Pakistan))
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.json (Icelandic)
[ci skip]

* New translations en.json (Tamil)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Indonesian)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Ido)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Serbian (Latin))
[ci skip]

* New translations en.json (Uyghur)
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.json (Taigi)
[ci skip]

* New translations en.json (Silesian)
[ci skip]

* New translations en.json (Malay)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Telugu)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.json (Kannada)
[ci skip]

* New translations en.json (Breton)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Bulgarian)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Czech)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations en.json (Danish)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (Finnish)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Sardinian)
[ci skip]

* New translations en.json (Romanian)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.json (Ukrainian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (Slovak)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Polish)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.json (Turkish)
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Serbian (Cyrillic))
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Armenian)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Macedonian)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Georgian)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations simple_form.en.yml (Dutch)
[ci skip]

* New translations simple_form.en.yml (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.yml (Thai)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.yml (Dutch)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.yml (Occitan)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.yml (French)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.yml (Kabyle)
[ci skip]

* New translations en.json (Icelandic)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Indonesian)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Tamil)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Bengali)
[ci skip]

* New translations en.json (Marathi)
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* New translations en.json (Serbian (Cyrillic))
[ci skip]

* New translations en.json (Swedish)
[ci skip]

* New translations en.json (Turkish)
[ci skip]

* New translations en.json (Chinese Traditional)
[ci skip]

* New translations en.json (Urdu (Pakistan))
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Welsh)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]

* New translations en.json (Malayalam)
[ci skip]

* New translations en.json (Telugu)
[ci skip]

* New translations en.json (Breton)
[ci skip]

* New translations en.json (Kannada)
[ci skip]

* New translations en.json (Uyghur)
[ci skip]

* New translations en.json (Croatian)
[ci skip]

* New translations en.json (Norwegian Nynorsk)
[ci skip]

* New translations en.json (Kazakh)
[ci skip]

* New translations en.json (Estonian)
[ci skip]

* New translations en.json (Latvian)
[ci skip]

* New translations en.json (Hindi)
[ci skip]

* New translations en.json (Malay)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Arabic)
[ci skip]

* New translations en.json (Bulgarian)
[ci skip]

* New translations en.json (Catalan)
[ci skip]

* New translations en.json (Czech)
[ci skip]

* New translations en.json (Danish)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (Greek)
[ci skip]

* New translations en.json (Romanian)
[ci skip]

* New translations en.json (Slovenian)
[ci skip]

* New translations en.json (Thai)
[ci skip]

* New translations en.json (Chinese Simplified)
[ci skip]

* New translations en.json (Slovak)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Ukrainian)
[ci skip]

* New translations en.json (Norwegian)
[ci skip]

* New translations en.json (Lithuanian)
[ci skip]

* New translations en.json (Macedonian)
[ci skip]

* New translations en.json (Dutch)
[ci skip]

* New translations en.json (Polish)
[ci skip]

* New translations en.json (Basque)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Armenian)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Finnish)
[ci skip]

* New translations en.json (Hebrew)
[ci skip]

* New translations en.json (Georgian)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Ido)
[ci skip]

* New translations en.json (Taigi)
[ci skip]

* New translations en.json (Silesian)
[ci skip]

* New translations en.json (Sardinian)
[ci skip]

* New translations en.json (Occitan)
[ci skip]

* New translations en.json (Sorani (Kurdish))
[ci skip]

* New translations en.json (Asturian)
[ci skip]

* New translations en.json (Kabyle)
[ci skip]

* New translations en.json (Serbian (Latin))
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Russian)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (German)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Korean)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.yml (Esperanto)
[ci skip]

* New translations en.json (Esperanto)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Vietnamese)
[ci skip]

* New translations en.json (Japanese)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Italian)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Corsican)
[ci skip]

* New translations en.json (Persian)
[ci skip]

* New translations en.json (Hungarian)
[ci skip]

* New translations en.json (Portuguese, Brazilian)
[ci skip]

* New translations en.json (Spanish)
[ci skip]

* New translations en.json (French)
[ci skip]

* New translations en.json (Spanish, Argentina)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Galician)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Portuguese)
[ci skip]

* New translations en.json (Albanian)
[ci skip]

* i18n-tasks normalize

* yarn manage:translations
2020-07-10 20:57:21 +02:00
ThibG
a80fd8c79b
Change the about.instance_actor_flash to be single-line (#14200)
Some translations of that string are single-line, which somehow seems to make
Crowdin issue a blank newline at the end of those translations.

This, in turns, leads to different results when running “i18n-tasks normalize”
depending on the version of libyaml installed, making the CI fail if it
runs a different version than whoever ran “i18n-tasks normalize”.

Since there is no real reason for that source string to be multi-line (it is
only displayed in HTML, without replacing newlines by <br/> tags),
attempt to fix Crowdin export by making the source string single-line.
2020-07-03 03:06:08 +02:00
ThibG
35cedc922c
Change move handler to carry blocks over (#14144)
* Change move handler to carry blocks and mutes over

When user A blocks user B and B moves to a new account C, make A block C
accordingly.

Note that it only works if A's instance is aware of the Move, that is,
if B is on A's instance or has followers there.

* Also notify instances with known people blocking you when moving

* Add automatic account notes when blocking/muting an account that had no note
2020-07-01 13:51:15 +02:00
ThibG
65506bac3f
Add user notes on accounts (#14148)
* Add UserNote model

* Add UI for user notes

* Put comment in relationships entity

* Add API to create user notes

* Copy user notes to new account when receiving a Move activity

* Address some of the review remarks

* Replace modal by inline edition

* Please CodeClimate

* Button design changes

* Change design again

* Cancel note edition when pressing Escape

* Fixes

* Tweak design again

* Move “Add note” item, and allow users to add notes to themselves

* Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
2020-06-30 19:19:50 +02:00
Eugen Rochko
8c04e37b03
Remove the terms blacklist and whitelist from UX (#14149)
Localization strings:

- "Whitelist mode" -> "Limited federation mode"
- "Blacklist e-mail domain" -> "Block e-mail domain"
- "Whitelist domain" -> "Allow domain for federation"

...And so on

Environment variables (backwards-compatible):

- `WHITELIST_MODE` -> `LIMITED_FEDERATION_MODE`
- `EMAIL_DOMAIN_BLACKLIST` -> `EMAIL_DOMAIN_DENYLIST`
- `EMAIL_DOMAIN_WHITELIST` -> `EMAIL_DOMAIN_ALLOWLIST`

tootctl:

- `tootctl domains purge --whitelist-mode` -> `tootctl domains purge --limited-federation-mode`

Removed badly maintained and no longer relevant .env.production.sample file
2020-06-27 20:20:11 +02:00
Eugen Rochko
662a49dc3f
Fix various issues around OpenGraph representation of media (#14133)
- Fix audio attachments not being represented in OpenGraph tags
- Fix audio being represented as "1 image" in OpenGraph descriptions
- Fix video metadata being overwritten by paperclip-av-transcoder
- Fix embedded player not using Mastodon's UI
- Fix audio/video progress bars not moving smoothly
- Fix audio/video buffered bars not displaying correctly
2020-06-25 01:33:01 +02:00
Mélanie Chauvel
ac3c83ef6f
Improve wording and add titles on moderated servers section in /about/more (#13930) 2020-06-09 10:28:02 +02:00
Eugen Rochko
72a7cfaa39
Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
ThibG
bf6745b9c3
Fix unpermitted operations on custom emojis leading to cryptic errors (#13951)
* Display appropriate error when performing unpermitted operation on custom emoji

Fixes #13897

* Remove links to custom emoji actions not performable by moderators
2020-06-05 15:23:27 +02:00
ThibG
bf94934623
Fix account redirect confirmation message talking about moved followers (#13950)
Fixes #13949
2020-06-03 20:18:19 +02:00
Eugen Rochko
5d8398c8b8
Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
TheMainOne
be1e2594fb
Clarified "missing_also_known_as" (#13746)
Fixes the confusion mentioned in https://github.com/tootsuite/mastodon/issues/12216. Suggestion of this fix provided by https://github.com/tootsuite/mastodon/issues/12216#issuecomment-564918757.
2020-05-12 21:38:24 +02:00
Eugen Rochko
8be4c2ba21
Add ability to remove identity proofs from account (#13682)
Fix #12613
2020-05-10 11:21:10 +02:00
ThibG
f7e011919e
Fix account aliases page (#13452)
* Fix error not being displayed when adding an account alias, add error for self-references

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

* Add “You have no aliases.” note in confusing empty aliases table

Co-Authored-By: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>

Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
2020-04-13 06:41:43 +02:00
Eugen Rochko
f65568f1d4
Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
ThibG
0d117c106a
Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI

Fixes #13278

* Return more appropriate error when user replies to a deleted toot

* Please CodeClimate

* Fix 404/410 errors on fetching account timelines & identity proofs

* Refactor error handling

* Move error message string to statuses.errors
2020-03-28 17:59:45 +01:00
Eugen Rochko
bea0bb39d6
Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
2020-03-12 22:35:20 +01:00
Eugen Rochko
f556f79b77
Add titles to warning presets in admin UI (#13252) 2020-03-12 17:57:59 +01:00
Eugen Rochko
9660aa4543
Change local media attachments to perform heavy processing asynchronously (#13210)
Fix #9106
2020-03-08 23:56:18 +01:00
ThibG
2423d2f677
Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads

* Refactor and move links into hints

* Fix i18n tests

* Fix HTML output of site_upload_delete_hint
2020-03-08 16:00:24 +01:00
Eugen Rochko
339ce1c4e9
Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
ThibG
cf4fe6caef
Fix misleading error when attempting to re-send a pending follow request (#13133)
Fixes #13131
2020-02-24 21:19:19 +01:00
ThibG
aeb6efbb03
Fix typo in about page (#13038) 2020-02-03 23:29:42 +01:00
Sasha Sorokin
50cd73e5d7
Add "Show thread" button to public profiles (#13000)
This adds "Show thread" button to the status view which is used in
profiles. The logic to display the button is mimicking logic in
web app available at app/javascript/mastodon/components/status.js#L439.

* The little change in components CSS required to remove enforced
  underline for all links on public pages on our button.
2020-01-29 17:35:54 +01:00
Eugen Rochko
305abc9e05
Fix design of announcements in admin UI (#12989) 2020-01-28 02:21:00 +01:00
Eugen Rochko
663ea84b08
Add publish/unpublish controls to announcements in admin UI (#12967) 2020-01-27 11:05:33 +01:00
Eugen Rochko
f816da9c64
Add limit of 8 different reaction types per announcement (#12950) 2020-01-25 05:23:33 +01:00
koyu
dd4738a3f2 Mac is now known as macOS (#12935) 2020-01-24 00:21:13 +01:00
Eugen Rochko
f52c988e12
Add announcements (#12662)
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
2020-01-23 22:00:13 +01:00
ThibG
43daeccccb Add “account timeline” filter category (#12918)
* Add “account timeline” filter category

Previously, no filter category applied to account timelines.

* Rename “Account timelines” into “Profiles”
2020-01-23 21:32:00 +01:00
Eugen Rochko
c0006a004d
Change followers page to relationships page in admin UI (#12927)
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
2020-01-23 20:33:20 +01:00
ThibG
d386d89179 Fix invalid votes from the API being accepted (#12601)
* Fix invalid votes from the API being accepted

Fixes #12556

- Ensure `choice` is an integer instead of silently converting to 0
- Ensure `choice` corresponds to an actual choice of the poll

* Please CodeClimate
2020-01-12 14:17:03 +01:00
koyu
5b9f01aec0 Fix spelling mistake (#12817) 2020-01-11 11:32:25 +09:00
Sasha Sorokin
36426ed4ad Use heading actions and placeholders in settings (#12801)
This commit:

- Refactors centered text blocks currently used for placeholders
  for empty tables and puts styles for it in separate class -
  .centered-text, simply aliasing text-align: center. Which is
  furtherly used in this commit.

- Improves applications settings page to use heading actions, moving
  "New application" button there, and displaying placeholder "You
  have no applications" in place of empty table.

- Improves custom emoji settings page to use heading action
  for "Upload" button, making it more easily accessible without
  need to scroll through all of the emojis.

- Improves email domain blocks settings page, moving "Add new" to the
  heading actions and using placeholder "No e-mail domains currently
  blacklisted" instead of showing empty table.
2020-01-11 02:14:45 +01:00
Sasha Sorokin
345dd93310 Little improvements to filters settings page (#12793)
When you have many filters, it may be hard for you to reach the button
to create yet another one. This commit moves creation button to the
heading, leaving the page just for the list.

On the other hand, when there are no filters, page looks kind of
strange with the empty table. So text stating obvious fact that user
has no filters was added in this commit too.

Closes #11020
Closes #12790
2020-01-07 10:41:19 +01:00
Sasha Sorokin
9edab7afaf Add translation project promotion link (#12736)
This commit adds promotional notice on appearance settings about
translation project if any other locale than English is used. It
allows users to learn and contribute translations to Mastodon.

Step ahead, in this commit one unusual string is added - link to a
guide. By default it refers to Crowdin project itself, but if any of
Mastodon localization teams established their own guide, they can
refer it. Or, if Crowdin supports localized domain for language, it
can also be put there (e.g. https://fr.crowdin.com/...).
2019-12-31 22:15:05 +01:00
Sasha Sorokin
902c6bed5a Use different strings on exports page (#12569)
Currently the page re-uses strings from other contexts which doesn't fit
very well - strings incorrectly lowercase-d and pluralized, when they
don't need to be, because it's a table.

This commit changes page to re-use accounts.posts_tab_heading for toots,
and admin.accounts for "Following" and "Follows". This all should look
more aesthetically pleasing.
2019-12-19 12:47:55 +01:00
ThibG
fb9137752a Remove unused translatable strings (#12643)
* Remove unused “salmon_url” string

* Remove more unused translatable strings

The following strings all used to be on the admin account page
but aren't used anymore: profile_url, outbox_url, followers_url, feed_url
2019-12-18 16:56:39 +01:00
Alice Gaudon
668f698077 Admin setting to disable default follows (#12566) 2019-12-16 23:55:50 +01:00
Sasha Sorokin
d5b7a4b116 Avoid using pluralize on moderation pages (#12589)
Pluralize function from Rails framework does not work with other
languages than English, moreover it does not even work properly with
English [1]. Not that the latest applies to this context, it's just
a sign that we best to avoid this function, especially when there are
more reliable ways.

This commit changes how reports pages generated in order to avoid usage
of pluralize function, replacing it with default translation function,
called with given counter. On top of that, we have to make strings
pluralizable, so have to change locale files.

[1]: https://medium.com/@anna7/b3927de2ca8e#6a60
2019-12-12 19:50:23 +01:00
Takeshi Umeda
f43f1e0184 Add basic support for group actors (#12071)
* Show badge on group actor in WebUI

* Do not notify in case of  by following group actor

* If you mention group actor, also mention group actor followers

* Relax characters that can be used in username (same as Application)

* Revert "Relax characters that can be used in username (same as Application)"

This reverts commit 7e10a137b8.

* Delete display_name method
2019-12-04 20:36:33 +01:00
Sasha Sorokin
c8d82ef3c3 Split relationships page strings (#12502)
Before this moment relationships managing page was using strings from
other context - from counters, but in order for translators to be able
to translate it relatively to the page, it must use separate strings.

I've split the strings for "Following" and "Followers" and put them to
"relationships" keyset in localization file. This should solve this
issue.

Fixes #10863
2019-12-01 07:08:40 +01:00
ThibG
d8f96028c5 Add ability to filter reports by target account domain (#12154)
* Add ability to filter reports by target account domain

* Reword by_target_domain label
2019-11-30 19:53:58 +01:00
Sasha Sorokin
fd45f5bbaa Improve notifications page (#12497)
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
2019-11-29 17:03:06 +01:00
ThibG
a2014830c2 Fix broken admin audit log in whitelist mode (#12303) 2019-11-11 00:05:15 +02:00
Yamagishi Kazutoshi
7512f3a3e0 Change message of public timeline for local only (#12224) 2019-10-27 12:45:33 +01:00
Faye Duxovni
48f75b86ae Add setting for whether to crop images in unexpanded toots (#12126) 2019-10-24 22:51:41 +02:00
ThibG
15c192ce40 Add link to search for users connected from the same IP address (#12157)
* Add link to search for users connected from the same IP address

Fixes #11949

* Fix missing cell in admin account view table
2019-10-24 22:49:26 +02:00
Eugen Rochko
aa509a3d8a
Fix auto-report string saying the account has been auto-silenced (#12142) 2019-10-10 18:47:24 +02:00
Eugen Rochko
b5f7e12817
Remove auto-silence behaviour from spam check (#12117)
Fix #12113
2019-10-09 07:11:23 +02:00
Eugen Rochko
c8bcf5cbfd
Add admin setting to auto-approve hashtags (#12122)
Change inaccurate labels on other admin settings
2019-10-09 00:30:15 +02:00
Eugen Rochko
19cdc62765
Remove fallback to long description on sidebar and meta description (#12119)
Fix #12114
2019-10-08 22:08:55 +02:00
Eugen Rochko
740c9cb3ee
Remove invite comments from UI (#12068)
Due to UX confusion and insufficient time to fix it
2019-10-03 22:37:13 +02:00
mayaeh
b258583d2b Fix hashtag link to directory in AdminUI (#12005)
* Fixed not to generate link if no user used hashtag in directory

* Added missing translation for AdminUI custom emojis

* run yarn manage:translations en
2019-10-01 01:20:22 +02:00
ThibG
3babf8464b Add voters count support (#11917)
* Add voters count to polls

* Add ActivityPub serialization and parsing of voters count

* Add support for voters count in WebUI

* Move incrementation of voters count out of redis lock

* Reword “voters” to “people”
2019-09-29 22:58:01 +02:00
Eugen Rochko
bd9685f798
Fix public list of domain blocks being too verbose on about page (#11967) 2019-09-29 16:23:01 +02:00
Eugen Rochko
163ed91af3
Add (back) option to set redirect notice on account without moving followers (#11994)
Fix #11913
2019-09-29 05:03:19 +02:00
mayaeh
05ad7d606c Add translation strings for AdminUI custom emojis (#11970) 2019-09-27 03:07:19 +02:00
Eugen Rochko
add4d4118c
Fix relays UI being available in whitelist/secure mode (#11963)
Fix relays UI referencing relay that is not functional
2019-09-27 02:13:34 +02:00
Eugen Rochko
3ed94dcc1a
Add account migration UI (#11846)
Fix #10736

- Change data export to be available for non-functional accounts
- Change non-functional accounts to include redirecting accounts
2019-09-19 20:58:19 +02:00
Eugen Rochko
d930eb88b6
Add table of contents to about page (#11885)
Move public domain blocks information to about page
2019-09-19 11:09:05 +02:00
Eugen Rochko
e1066cd431
Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
mayaeh
ef0d22f232 Add search and sort functions to hashtag admin UI (#11829)
* Add search and sort functions to hashtag admin UI

* Move scope processing from tags_controller to tag_filter

* Fix based on method naming conventions

* Fixed not to get 500 errors for invalid requests
2019-09-16 14:27:29 +02:00
Eugen Rochko
c707ef49d9
Fix 2FA challenge and password challenge for non-database users (#11831)
* Fix 2FA challenge not appearing for non-database users

Fix #11685

* Fix account deletion not working when using external login

Fix #11691
2019-09-15 21:08:39 +02:00
Tao Bror Bojlén
4fe127664b add admin setting for default search engine indexing (fix #11750) (#11804) 2019-09-11 08:44:58 +02:00
Eugen Rochko
1110ea1a91
Add batch actions and categories to admin UI for custom emojis (#11793) 2019-09-09 22:44:17 +02:00
Eugen Rochko
261e52268c
Add batch approve/reject for pending hashtags in admin UI (#11791) 2019-09-09 12:50:09 +02:00
Eugen Rochko
43f56f1291
Change account deletion page to have better explanations (#11753)
Fix deletion of unconfirmed account not freeing up the username

Add prefill of logged-in user's email in the reconfirmation form
2019-09-04 04:13:54 +02:00
Eugen Rochko
3221f998dd
Change OpenGraph description on sign-up page to reflect invite (#11744) 2019-09-03 04:56:54 +02:00
mayaeh
1f22b8197c Integrate translation strings for the Profile Directory. (#11722)
Run `yarn manage:translations en`
2019-09-02 18:12:27 +02:00
Eugen Rochko
22ce4778eb
Fix uncaught parameter missing exceptions and missing error templates (#11702) 2019-08-30 01:34:47 +02:00
Eugen Rochko
cb447b28c4
Add profile directory to web UI (#11688)
* Add profile directory to web UI

* Add a line of bio to the directory
2019-08-30 00:14:36 +02:00
Eugen Rochko
73ca0bb925
Add option to include reported statuses in warning e-mail (#11639) 2019-08-23 22:37:23 +02:00
Eugen Rochko
282ea17078
Add soft delete for statuses for instant deletes through API (#11623)
* Add soft delete for statuses to allow them to appear instant

* Allow reporting soft-deleted statuses and show them in the admin UI

* Change index for getting an account's statuses
2019-08-22 21:55:56 +02:00
ThibG
9b6a5ed109 Add public blocks to /about/blocks (#11298)
* Add automatic blocklist display in /about/blocks

Inspired by https://github.com/Gargron/mastodon.social-misc

* Add admin option to set who can see instance blocks

* Normalize locales files

* Rename “Sandbox” to “Silence” for consistency

* Disable /about/blocks when in whitelist mode

* Optionally display rationale for domain blocks

* Only display domain blocks that have user-facing limitations, and order them

* Redesign table of blocked domains to better handle long domain names and rationales

* Change domain blocks ordering now that rationales aren't displayed right away

* Only show explanation for block severities actually in use

* Reword instance block explanations and add disclaimer for public fetch mode
2019-08-19 11:35:48 +02:00
Eugen Rochko
c6b4b923e6
Add trends to public pages sidebar (#11594) 2019-08-18 14:55:32 +02:00
Eugen Rochko
b348c9b0db
Add explanation to featured hashtags page and profile (#11586) 2019-08-17 18:07:52 +02:00
Eugen Rochko
7a1f8a58df
Fix crash when saving invalid domain name (#11528)
Fix #7629
2019-08-08 23:04:19 +02:00
Eugen Rochko
3a6b6c63f2
Add breakdown of usage by source to admin UI for hashtags (#11517)
Allows determining where the majority of posts in a hashtag come
from on a given day at a glance.
2019-08-07 20:20:39 +02:00
ThibG
bced70469a Add domain block notes (#11515)
* Add database columns for adding notes to domain blocks/restrctions

* Add admin UI to set private and public comments when blocking a domain

* Add text for private and public comments on domain blocks

* Show domain block comments in admin UI

* Add comments to the domain block undo page

* Make UnblockDomainService more robust regarding upgraded domain blocks

* Allow editing domain blocks

* Rename button from “undo domain block” to “view domain block” in account admin UI

* Change test to unsilence silenced users from upgraded blocks
2019-08-07 20:20:23 +02:00
Eugen Rochko
94c54997cf
Fix trending tags returning less items than requested sometimes (#11513)
Add better sorting defaults to the hashtags admin UI

Add "not reviewed" filter to hashtags admin UI
2019-08-07 17:08:30 +02:00
Eugen Rochko
7a737c79cc
Add number of pending accounts and pending hashtags to admin dashboard (#11514) 2019-08-07 16:13:34 +02:00
Eugen Rochko
ac33f1aedd
Fix account tags not being saved correctly (#11507)
* Fix account tags not being saved correctly

Regression from f371b32

Fix Tag#discoverable not returning tags where listable is nil instead of true

Add notice when saving hashtags in admin UI

Change public hashtag and directory pages to return 404 for forbidden tags

* Remove unused locale string
2019-08-07 10:01:55 +02:00
Eugen Rochko
dd38c280a5
Fix admin dashboard missing latest features (#11505)
Fix redis-namespace deprecation warning about administrative commands
2019-08-06 19:40:06 +02:00
Eugen Rochko
9072fe5ab6
Add trends UI with admin and user settings (#11502) 2019-08-06 17:57:52 +02:00
Eugen Rochko
115dab78f1
Change admin UI for hashtags and add back whitelisted trends (#11490)
Fix #271

Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.

When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.

The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.

The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
2019-08-05 19:54:29 +02:00
Eugen Rochko
24552b5160
Add whitelist mode (#11291) 2019-07-30 11:10:46 +02:00
Eugen Rochko
964ae8eee5
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.

Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.

After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.

Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
ThibG
730c4053d6 Add ActivityPub actor representing the entire server (#11321)
* Add support for an instance actor

* Skip username validation for local Application accounts

* Add migration script to create instance actor

* Make Codeclimate happy

* Switch to id -99 for instance actor

* Remove unused `icon` and `image` attributes from instance actor

* Use if/elsif/else instead of return + ternary operator

* Add instance actor to fresh installs

* Use instance actor as instance representative

Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.

* Seed database in test environment

* Fix single-user mode

* Fix tests

* Fix specs to accomodate for an extra `Account`

* Auto-reject follows on instance actor

Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.

* Fix webfinger lookup and serialization for instance actor

* Rename instance actor

* Make it clear in the HTML view that the instance actor should not be blocked

* Raise cache time for instance actor as there's no dynamic content

* Re-use /about/more with a flash message for instance actor profile
2019-07-19 01:44:42 +02:00
ThibG
7e2b6da57f Add setting to disable the anti-spam (#11296)
* Add environment variable to disable the anti-spam

* Move antispam setting to admin settings

* Fix typo

* antispam → spam_check
2019-07-17 21:09:15 +02:00
Eugen Rochko
6ff67be0f6
Add a spam check (#11217)
* Add a spam check

* Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance

* Add more tests

* Add exemption when the message is a reply to something that mentions the sender

* Use Nilsimsa Compare Value instead of Levenshtein distance

* Use MD5 for messages shorter than 10 characters

* Add message to automated report, do not add non-public statuses to
automated report, add trust level to accounts and make unsilencing
raise the trust level to prevent repeated spam checks on that account

* Expire spam check data after 3 months

* Add support for local statuses, reduce expiration to 1 week, always create a report

* Add content warnings to the spam check and exempt empty statuses

* Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check

* Add all matched statuses into automatic report
2019-07-13 16:45:50 +02:00
Eugen Rochko
ef15246397
Remove unused remote unfollow controller (#11250) 2019-07-08 12:04:06 +02:00
Eugen Rochko
23aeef52cc
Remove Salmon and PubSubHubbub (#11205)
* Remove Salmon and PubSubHubbub endpoints

* Add error when trying to follow OStatus accounts

* Fix new accounts not being created in ResolveAccountService
2019-07-06 23:26:16 +02:00
Eugen Rochko
1db4117030
Change preferences page into appearance, notifications, and other (#10977) 2019-06-07 03:39:24 +02:00
Eugen Rochko
a60364ca7d
Add waiting time to list of pending accounts in admin UI (#10985) 2019-06-07 03:24:10 +02:00