* Change hashtag search to only return results that have trended in the past
A way to eliminate typos and other one-off "junk" results
* Fix excluding exact matches that don't have a score
* Fix tests
* Check to make sure usernames with '.' cannot be created
* Add test for instance actor account name conflicts
This makes sure that migration 20190715164535_add_instance_actor
won't fail if there's already an account that is named the same
as the domain (minus the .)
* Put the test into the correct context...
* Add another test to split this into two validations
* Don't delete periods when validating username uniqueness (#11392)
The 20190715164535_add_instance_actor migration fails if there's
already a username similar to the domain name, e.g. if you are
'vulpine.club' and have a user named 'vulpineclub', validation
fails.
Upon further review, usernames with periods are dropped by the
regular expression in the Account class, so we don't need to
worry about it here.
Fixes#11392
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
* Add support for an instance actor
* Skip username validation for local Application accounts
* Add migration script to create instance actor
* Make Codeclimate happy
* Switch to id -99 for instance actor
* Remove unused `icon` and `image` attributes from instance actor
* Use if/elsif/else instead of return + ternary operator
* Add instance actor to fresh installs
* Use instance actor as instance representative
Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.
* Seed database in test environment
* Fix single-user mode
* Fix tests
* Fix specs to accomodate for an extra `Account`
* Auto-reject follows on instance actor
Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.
* Fix webfinger lookup and serialization for instance actor
* Rename instance actor
* Make it clear in the HTML view that the instance actor should not be blocked
* Raise cache time for instance actor as there's no dynamic content
* Re-use /about/more with a flash message for instance actor profile
Conflicts:
- app/models/media_attachment.rb
Upstream added audio attachment support
- app/serializers/initial_state_serializer.rb
Upstream added audio attachment support and how mimetypes are returned
- app/serializers/rest/instance_serializer.rb
Upstream added a few fields
- config/application.rb
Upstream added a different paperclip transcoder
* Change domain blocks to automatically support subdomains
If a more authoritative domain is blocked (example.com), then the
same block will be applied to a subdomain (foo.example.com)
* Match subdomains of existing accounts when blocking/unblocking domains
* Improve code style
* Change note_length validator from 160 to 500
* Change input maxlength from 160 to 500
* update bio test from 160 to 500
* Multiply a string 30 times instead of 10
* Record account suspend/silence time and keep track of domain blocks
* Also unblock users who were suspended/silenced before dates were recorded
* Add tests
* Keep track of suspending date for users suspended through the CLI
* Show accurate number of accounts that would be affected by unsuspending an instance
* Change migration to set silenced_at and suspended_at
* Revert "Also unblock users who were suspended/silenced before dates were recorded"
This reverts commit a015c65d2d.
* Switch from using suspended and silenced to suspended_at and silenced_at
* Add post-deployment migration script to remove `suspended` and `silenced` columns
* Use Account#silence! and Account#suspend! instead of updating the underlying property
* Add silenced_at and suspended_at migration to post-migration
* Change account fabricator to translate suspended and silenced attributes
* Minor fixes
* Make unblocking domains always retroactive
* When trying to block an already-blocked domain, provide a link to the block
* Fix styling for links in flash messages
* Allow blocks to be upgraded but not downgraded
Conflicts:
- app/views/admin/pending_accounts/index.html.haml
No real conflict, upstream changes too close to glitch-specific
theming system changes.
- config/navigation.rb
Upstream redesigned the settings navigation, took those changes
and re-inserted the flavours menu.
* Add "why do you want to join" field to invite requests
Fix#10512
* Remove unused translations
* Fix broken registrations when no invite request text is submitted
* Refactor imports
* Export show_reblogs when exporting list of followed users
* Add support for importing show_reblogs with following collection
* Fix tests
Conflicts:
- app/controllers/following_accounts_controller.rb
Conflicts were due to glitch-soc's theming system.
- app/javascript/packs/public.js
Some code has been change upstream, but it has been
moved to app/javascript/core/settings.js in glitch-soc.
Applied the changes there.
* Squish username before validation (#10101)
Fix#10101
* Move before_validation hook to a private method
Also add Unicode wite-spaces to the spec to support the use of squish
over strip.
* Add polls
Fix#1629
* Add tests
* Fixes
* Change API for creating polls
* Use name instead of content for votes
* Remove poll validation for remote polls
* Add polls to public pages
* When updating the poll, update options just in case they were changed
* Fix public pages showing both poll and other media
Conflicts:
- app/controllers/oauth/authorized_applications_controller.rb
Two changes too close to each other
- app/controllers/settings/sessions_controller.rb
- app/lib/user_settings_decorator.rb
Two changes too close to each other
- app/models/media_attachment.rb
New changes too close to glitch-soc only changes.
- app/models/user.rb
Two changes too close to each other.
- app/services/remove_status_service.rb
Kept direct timeline code which had been removed upstream.
- app/views/settings/preferences/show.html.haml
Two changes too close to each other.
- config/locales/en.yml
Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/ja.yml
Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/pl.yml
Introduction of a new string too close to glitch-soc-only's “flavour”
- config/locales/simple_form.en.yml
Introduction of a new string too close to glitch-soc-only's “skin”
- config/locales/simple_form.pl.yml
Introduction of a new string too close to glitch-soc-only's “skin”
- config/settings.yml
Reverted upstream's decision of enabling posting application by default.
* Add hashtag filter to profiles
GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag
* Display featured hashtags on public profile
* Use separate model for featured tags
* Update featured hashtag counters on-write
* Limit featured tags to 10
Conflicts:
- .eslintrc.yml
Removed, as upstream removed it.
- app/controllers/admin/statuses_controller.rb
Minor code cleanup when porting one of our features.
- app/models/account.rb
Note length validation has changed upstream.
We now use upstream's validation (dropped legacy glitch-soc
account metadata stuff) but with configurable limit.
- app/services/post_status_service.rb
Upstream has added support for scheduled toots, refactoring
the code a bit. Adapted our changes to this refactoring.
- app/views/stream_entries/_detailed_status.html.haml
Not a real conflict, changes too close.
- app/views/stream_entries/_simple_status.html.haml
Not a real conflict, changes too close.
* Add REST API for creating an account
The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.
The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.
The method is rate-limited by IP to 5 requests per 30 minutes.
* Redirect users back to app from confirmation if they were created with an app
* Add tests
* Return 403 on the method if registrations are not open
* Require agreement param to be true in the API when creating an account
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
* Make custom emoji domains case sensitive #9351
* Fixup style in downcase_domain to comply with codeclimate.
* switch if! to unless
* Don't use transactions, operate in batches.
Also revert spurious schema change.
Fixes#9309
This only allows hyphens in the middle of a username, much like dots,
although I don't have a compelling reason to do so other than keeping
the changes minimal.
* Improve overview of accounts in admin UI
- Display suspended status, role, last activity and IP prominently
- Default to showing local accounts
- Default to not showing suspended accounts
* Remove unused strings
* Fix tests
* Allow filtering accounts by IP mask
* Add conversations API
* Add web UI for conversations
* Add test for conversations API
* Add tests for ConversationAccount
* Improve web UI
* Rename ConversationAccount to AccountConversation
* Remove conversations on block and mute
* Change last_status_id to be a denormalization of status_ids
* Add optimistic locking
Conflicts:
db/migrate/20170716191202_add_hide_notifications_to_mute.rb
spec/controllers/application_controller_spec.rb
Took our version, upstream changes were only minor style linting.
* Allow moderators to disable/enable login
* Instead of rejecting login, show forbidden error when login disabled
Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.
* Fix tests
Conflicts:
.circleci/config.yml
app/controllers/authorize_follows_controller.rb
app/javascript/packs/public.js
Moved new stuff from packs/public.js to core/public.js.
Added appropriate use_pack in new controllers.
Conflicts:
app/models/status.rb
db/migrate/20180528141303_fix_accounts_unique_index.rb
db/schema.rb
Resolved by taking upstream changes (no real conflicts, just glitch-soc
specific code too close to actual changes).
Conflicts:
app/controllers/accounts_controller.rb
app/javascript/mastodon/locales/pl.json
app/views/about/more.html.haml
Conflicts in `accounts_controller.rb` resolved by taking upstream's
version + our `use_pack`.
Conflicts in `pl.json` resolved by taking upstream's changes.
Conflicts in `aboute/more.html.haml` resolved by taking upstream's changes.
Manually-resolved conflicts:
.circleci/config.yml
app/controllers/accounts_controller.rb
app/controllers/auth/passwords_controller.rb
app/controllers/statuses_controller.rb
app/javascript/packs/public.js
app/models/media_attachment.rb
app/views/stream_entries/_content_spoiler.html.haml
app/views/stream_entries/_media.html.haml
config/locales/en.yml
config/locales/ja.yml
config/locales/pl.yml
lib/mastodon/version.rb
Some content from app/javascript/packs/public.js has been split to
app/javascript/core/settings.js.
Translation strings for glitch-soc's keyword mutes were dropped.
Everything else was mostly “take both”.
Initially I thought there might be valid reasons for remote users to
have a different, unpredicted username format. However, I now realize
such a difference would be unusable and unexpected within Mastodon.
Fix#8058
To improve the way super tall or super ride images are treated, the
numbers remain the same, 1280x1280 and 400x400, but if an image
is less in one dimension than the other, the other can become larger
Thanks to @WAHa_06x36@mastodon.social for the tip
Conflicts:
Dockerfile
app/javascript/packs/common.js
config/webpack/loaders/sass.js
config/webpack/shared.js
db/schema.rb
package.json
yarn.lock
A lot of the conflicts come from updating webpack.
Even though upstream deleted app/javascript/packs/common.js, I kept
glitch-soc's version as it unifies JS/CSS packs behavior across flavours.
Ported glitch changes to webpack 4.x
Completely remove glitch-soc's Keyword Mutes, migrate
existing database records to CustomFilters.
Handling of client-side filters is still not implemented
in the glitch-soc front-end.
Conflicts:
README.md
app/controllers/statuses_controller.rb
app/lib/feed_manager.rb
config/navigation.rb
spec/lib/feed_manager_spec.rb
Conflicts were resolved by taking both versions for each change.
This means the two filter systems (glitch-soc's keyword mutes and tootsuite's
custom filters) are in place, which will be changed in a follow-up commit.
* Re-add follow recommendations API
GET /api/v1/suggestions
Removed in 8efa081f21 due to Neo4J
dependency. The algorithm uses triadic closures, takes into account
suspensions, blocks, mutes, domain blocks, excludes locked and moved
accounts, and prefers more recently updated accounts.
* Track interactions with people you don't follow
Replying to, favouriting and reblogging someone you're not following
will make them show up in follow recommendations. The interactions
have different weights:
- Replying is 1
- Favouriting is 10 (decidedly positive interaction, but private)
- Reblogging is 20
Following them, muting or blocking will remove them from the list,
obviously.
* Remove triadic closures, ensure potential friendships are trimmed
* Add keyword filtering
GET|POST /api/v1/filters
GET|PUT|DELETE /api/v1/filters/:id
- Irreversible filters can drop toots from home or notifications
- Other filters can hide toots through the client app
- Filters use a phrase valid in particular contexts, expiration
* Make sure expired filters don't get applied client-side
* Add missing API methods
* Remove "regex filter" from column settings
* Add tests
* Add test for FeedManager
* Add CustomFilter test
* Add UI for managing filters
* Add streaming API event to allow syncing filters
* Fix tests
Also add an apply_to_mentions attribute on Glitch::KeywordMute, which is
used to calculate scope. Next up: additions to the test suite to
demonstrate how scoping works.
Do not touch statuses_count on accounts table when mass-destroying
statuses to reduce load when removing accounts, same for
reblogs_count and favourites_count
Do not count statuses with direct visibility in statuses_count
Fix#828
* optimize direct timeline
* fix typo in class name
* change filter condition for direct timeline
* fix codestyle issue
* revoke index_accounts_not_silenced because direct timeline does not use it.
* revoke index_accounts_not_silenced because direct timeline does not use it.
* fix rspec test condition.
* fix rspec test condition.
* fix rspec test condition.
* revoke adding column and partial index
* (direct timeline) move merging logic to model
* fix pagination parameter
* add method arguments that switches return array of status or cache_ids
* fix order by
* returns ActiveRecord.Relation in default behavor
* fix codestyle issue
- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
Same URI passed between follow request and follow, since they are
the same thing in ActivityPub. Local URIs are generated during
creation using UUIDs and are passed to serializers.
* Added a timeline for Direct statuses
* Lists all Direct statuses you've sent and received
* Displayed in Getting Started
* Streaming server support for direct TL
* Changes to match other timelines in 2.0
Sidekiq sometimes throws errors for users that have more pinned items
than the allowed by the local instance. It should only validate the
number of pins for local accounts.
This also limits the statuses returned by API, but pagination is not
implemented in Web API yet. I still expect it brings user experience
better than making a user wait to fetch all ancestor statuses and flooding
the column with them.
to_s method of HTTP::Response keeps blocking while it receives the whole
content, no matter how it is big. This means it may waste time to receive
unacceptably large files. It may also consume memory and disk in the
process. This solves the inefficency by checking response length while
receiving.
* Fix#201: Account archive download
* Export actor and private key in the archive
* Optimize BackupService
- Add conversation to cached associations of status, because
somehow it was forgotten and is source of N+1 queries
- Explicitly call GC between batches of records being fetched
(Model class allocations are the worst offender)
- Stream media files into the tar in 1MB chunks
(Do not allocate media file (up to 8MB) as string into memory)
- Use #bytesize instead of #size to calculate file size for JSON
(Fix FileOverflow error)
- Segment media into subfolders by status ID because apparently
GIF-to-MP4 media are all named "media.mp4" for some reason
* Keep uniquely generated filename in Paperclip::GifTranscoder
* Ensure dumped files do not overwrite each other by maintaing directory partitions
* Give tar archives a good name
* Add scheduler to remove week-old backups
* Fix code style issue
The cache store is explicitly used by some specs, but they were not
isolated and therefore not reliable. This fixes the issue by clearing
the cache after each specs.
A change introduced in #6125 prevents
`Devise::Models::Confirmable#confirm` from being called for existing
users, which in turn leads to `email` not being set to
`unconfirmed_email`, breaking email updates. This also adds a test
that would've caught this issue.
This commit also:
- exposes the local-only emoji so that it can be used in examples
- allows local_only to be set explicitly, i.e. for timeline filtering
specs
* Allow hiding of reblogs from followed users
This adds a new entry to the account menu to allow users to hide
future reblogs from a user (and then if they've done that, to show
future reblogs instead).
This does not remove or add historical reblogs from/to the user's
timeline; it only affects new statuses.
The API for this operates by sending a "reblogs" key to the follow
endpoint. If this is sent when starting a new follow, it will be
respected from the beginning of the follow relationship (even if
the follow request must be approved by the followee). If this is
sent when a follow relationship already exists, it will simply
update the existing follow relationship. As with the notification
muting, this will now return an object ({reblogs: [true|false]}) or
false for each follow relationship when requesting relationship
information for an account. This should cause few issues due to an
object being truthy in many languages, but some modifications may
need to be made in pickier languages.
Database changes: adds a show_reblogs column (default true,
non-nullable) to the follows and follow_requests tables. Because
these are non-nullable, we use the existing MigrationHelpers to
perform this change without locking those tables, although the
tables are likely to be small anyway.
Tests included.
See also <https://github.com/glitch-soc/mastodon/pull/212>.
* Rubocop fixes
* Code review changes
* Test fixes
This patchset closes#648 and resolves#3271.
* Rubocop fix
* Revert reblogs defaulting in argument, fix tests
It turns out we needed this for the same reason we needed it in muting:
if nil gets passed in somehow (most usually by an API client not passing
any value), we need to detect and handle it.
We could specify a default in the parameter and then also catch nil, but
there's no great reason to duplicate the default value.
* Add consumable invites
* Add UI for generating invite codes
* Add tests
* Display max uses and expiration in invites table, delete invite
* Remove unused column and redundant validator
- Default follows not used, probably bad idea
- InviteCodeValidator is redundant because RegistrationsController
checks invite code validity
* Add admin setting to disable invites
* Add admin UI for invites, configurable role for invite creation
- Admin UI that lists everyone's invites, always available
- Admin setting min_invite_role to control who can invite people
- Non-admin invite UI only visible if users are allowed to
* Do not remove invites from database, expire them instantly
* Add structure for lists
* Add list timeline streaming API
* Add list APIs, bind list-account relation to follow relation
* Add API for adding/removing accounts from lists
* Add pagination to lists API
* Add pagination to list accounts API
* Adjust scopes for new APIs
- Creating and modifying lists merely requires "write" scope
- Fetching information about lists merely requires "read" scope
* Add test for wrong user context on list timeline
* Clean up tests
=~ made sense when we were passing it through to a regex, but we're no
longer doing that: TagMatcher looks at individual tags and returns a
value that *looks* like what you get out of #=~ but really isn't that
meaningful. Probably a good idea to not subvert convention like this
and instead use a name with guessable intent.
It is reasonable to expect someone to enter #foo to mute hashtag #foo.
However, tags are recorded on statuses without the preceding #.
To adjust for this, we build a separate tag matcher and use
Tag::HASHTAG_RE to extract a hashtag from the hashtag syntax.
* Add a hide_notifications column to mutes
* Add muting_notifications? and a notifications argument to mute!
* block notifications in notify_service from hard muted accounts
* Add specs for how mute! interacts with muting_notifications?
* specs testing that hide_notifications in mutes actually hides notifications
* Add support for muting notifications in MuteService
* API support for muting notifications (and specs)
* Less gross passing of notifications flag
* Break out a separate mute modal with a hide-notifications checkbox.
* Convert profile header mute to use mute modal
* Satisfy eslint.
* specs for MuteService notifications params
* add trailing newlines to files for Pork :)
* Put the label for the hide notifications checkbox in a label element.
* Add a /api/v1/mutes/details route that just returns the array of mutes.
* Define a serializer for /api/v1/mutes/details
* Add more specs for the /api/v1/mutes/details endpoint
* Expose whether a mute hides notifications in the api/v1/relationships endpoint
* Show whether muted users' notifications are muted in account lists
* Allow modifying the hide_notifications of a mute with the /api/v1/accounts/:id/mute endpoint
* make the hide/unhide notifications buttons work
* satisfy eslint
* In probably dead code, replace a dispatch of muteAccount that was skipping the modal with launching the mute modal.
* fix a missing import
* add an explanatory comment to AccountInteractions
* Refactor handling of default params for muting to make code cleaner
* minor code style fixes oops
* Fixed a typo that was breaking the account mute API endpoint
* Apply white-space: nowrap to account relationships icons
* Fix code style issues
* Remove superfluous blank line
* Rename /api/v1/mutes/details -> /api/v2/mutes
* Don't serialize "account" in MuteSerializer
Doing so is somewhat unnecessary since it's always the current user's account.
* Fix wrong variable name in api/v2/mutes
* Use Toggle in place of checkbox in the mute modal.
* Make the Toggle in the mute modal look better
* Code style changes in specs and removed an extra space
* Code review suggestions from akihikodaki
Also fixed a syntax error in tests for AccountInteractions.
* Make AddHideNotificationsToMute Concurrent
It's not clear how much this will benefit instances in practice, as the
number of mutes tends to be pretty small, but this should prevent any
blocking migrations nonetheless.
* Fix up migration things
* Remove /api/v2/mutes