1
0
mirror of https://github.com/mastodon/mastodon.git synced 2025-01-18 16:11:42 +01:00

204 Commits

Author SHA1 Message Date
Matt Jankowski
9fb9ef418a
Fix Rails/WhereExists cop in User model () 2024-01-18 13:55:44 +00:00
Claire
98b5f85f10
Rename and refactor User#confirm! to User#mark_email_as_confirmed! () 2024-01-15 18:04:58 +00:00
Claire
e621c1c44c
Fix registrations not checking MX records for email domain blocks requiring approval () 2024-01-15 17:10:57 +00:00
Claire
8cb4825c8b
Fix sign-up restrictions based on email addresses not being enforced () 2024-01-15 11:06:48 +00:00
Matt Jankowski
543d7890fd
Use normalizes to prepare User values ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-10 13:36:06 +00:00
Matt Jankowski
c52a593a30
Remove unused scope User.emailable () 2024-01-08 13:33:45 +00:00
Claire
dfdadb92e8
Add ability to require approval when users sign up using specific email domains () 2024-01-04 09:07:05 +00:00
Matt Jankowski
f70f39dd04
Add explicit dependent: nil to associations () 2023-12-01 15:52:47 +00:00
Matt Jankowski
440b80b2e7
Model concerns organization into module namespaces () 2023-12-01 11:00:41 +00:00
Claire
963354978a
Add Account#unavailable? and Account#permanently_unavailable? aliases () 2023-11-30 15:43:26 +00:00
Eugen Rochko
cdc57c74b7
Fix unsupported time zone or locale preventing sign-up ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-22 11:38:07 +00:00
Matt Jankowski
bbad5b6456
Remove false positive cop detection () 2023-11-07 10:44:15 +00:00
Matt Jankowski
12550a6a28
Use Rails.env.local? shorthand method to check env () 2023-10-26 21:20:41 +00:00
Matt Jankowski
cf33028f35
Admin mailer parameterization () 2023-07-08 20:03:38 +02:00
Eugen Rochko
4c9406bdb0
Add time zone preference () 2023-06-10 03:29:37 +02:00
Matt Jankowski
d902a707a3
Fix Rails/CompactBlank cop () 2023-04-30 14:07:21 +02:00
Eugen Rochko
a9b5598c97
Change user settings to be stored in a more optimal way ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire
86f8aa2db2
Fix unconfirmed accounts being registered as active users () 2023-03-06 16:00:08 +01:00
Nick Schonning
717683d1c3
Autofix Rubocop remaining Layout rules () 2023-02-20 06:58:28 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition () 2023-02-08 07:07:36 +01:00
Claire
6883fddb19
Fix account activation being triggered before email confirmation ()
* Add tests

* Fix account activation being triggered before email confirmation

Fixes 
2023-01-24 19:40:21 +01:00
Alexander Ivanov
8eb29741b4
Add webhook account.approved ()
* Webhook `account.approved` when preparing new user

* Update Webhook.EVENTS
2023-01-05 13:29:49 +01:00
Francis Murillo
5fb1c3e934
Revoke all authorized applications on password reset ()
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Claire
ed07f10ca8
Fix failure when “Require a reason to join” is set with open registrations () 2022-12-07 16:39:58 +01:00
Claire
00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users ()
Fixes 
2022-11-17 10:55:23 +01:00
Eugen Rochko
839f893168
Change public accounts pages to mount the web UI ()
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Eugen Rochko
0d0f3c15d3
Fix language dropdown sometimes not appearing in web UI ()
When user has no locale preference saved (such as never changing it
from the default), the preferred posting language is nil, and
the dropdown is not visible
2022-09-28 01:02:15 +02:00
Eugen Rochko
0b3e4fd5de
Remove digest e-mails ()
* Remove digest e-mails

* Remove digest-related code
2022-08-25 23:38:22 +02:00
Eugen Rochko
0396acf39e
Add audit log entries for user roles ()
* Refactor audit log schema

* Add audit log entries for user roles
2022-08-25 20:39:40 +02:00
Claire
03241d884e
Add option for EMAIL_DOMAIN_DENYLIST/EMAIL_DOMAIN_ALLOWLIST to apply after confirmation ()
Fixes 
2022-08-25 04:31:10 +02:00
Eugen Rochko
44b2ee3485
Add customizable user roles ()
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
2022-07-05 02:41:40 +02:00
Eugen Rochko
a2871cd747
Add administrative webhooks ()
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
2022-06-09 21:57:36 +02:00
Claire
e34dd3644c
Remove unused filtered_languages column ()
* Remove unused `filtered_languages` column

Fixes 

* Fix tests
2022-05-27 20:05:22 +02:00
Eugen Rochko
6c699b1723
Fix preferred posting language returning unusable value in REST API () 2022-05-16 19:13:36 +02:00
Eugen Rochko
3917353645
Fix single Redis connection being used across all threads ()
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
2022-04-28 17:47:34 +02:00
Eugen Rochko
8e20e16cf0
Change e-mail notifications to only be sent when recipient is offline ()
* Change e-mail notifications to only be sent when recipient is offline

Change the default for follow and mention notifications back on

* Add preference to always send e-mail notifications

* Change wording
2022-04-08 18:03:31 +02:00
Eugen Rochko
6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in () 2022-04-06 20:58:12 +02:00
Eugen Rochko
5554ff2a1d
Fix being able to bypass e-mail restrictions () 2022-03-30 14:45:52 +02:00
Eugen Rochko
2dd30804b6
Change how unconfirmed accounts are displayed in admin UI ()
Fix 
2022-03-26 02:53:13 +01:00
Eugen Rochko
edf09ec747
Add /api/v1/accounts/familiar_followers to REST API ()
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07 09:36:47 +01:00
Eugen Rochko
27965ce5ed
Add trending statuses ()
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko
564efd0651
Add appeals ()
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko
6240466866
Fix duplicate accounts when searching by IP range in admin UI () 2022-02-13 01:58:26 +01:00
Eugen Rochko
b6d7726ecb
Remove language detection through cld3 ()
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations ()
Follow-up to 
2022-02-01 20:57:39 +01:00
Claire
8a07ecd377
Remove leftover database columns from Devise::Models::Rememberable ()
* Remove leftover database columns from Devise::Models::Rememberable

* Update fix-duplication maintenance script

* Improve errors/warnings in the fix-duplicates maintenance script
2022-01-23 15:46:30 +01:00
Eugen Rochko
8e84ebf0cb
Remove IP tracking columns from users table () 2022-01-16 13:23:50 +01:00
Jeong Arm
720e8ab0f5
Fix duplicate record on admin/accounts when searching with IP () 2021-12-21 00:17:14 +01:00
Claire
6da135a493
Fix reviving revoked sessions and invalidating login ()
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:13:58 +01:00
Eugen Rochko
771c9d4ba8
Add ability to skip sign-in token authentication for specific users ()
Remove "active within last two weeks" exception for sign in token requirement

Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00