Commit Graph

119 Commits (219fb317eeee47e91066b8baebcaf02ef9e0c0bf)

Author SHA1 Message Date
Evan Minto 66fd8e7821 ActivityPub: Add basic, read-only support for Outboxes, Notes, and Create/Announce Activities (#2197)
* Clean up collapsible components

* Expose user Outboxes and AS2 representations of statuses

* Save work thus far.

* Fix bad merge.

* Save my work

* Clean up pagination.

* First test working.

* Add tests.

* Add Forbidden error template.

* Revert yarn.lock changes.

* Fix code style deviations and use localized instead of hardcoded English text.
8 years ago
Ash Furrow 723f25a999 Admin UI for confirming users (#2245)
* Shows confirmed status in list.

* Adds ability to confirm users in admin UI.

* Added new english translations.

* Addresses feedback from #2245.

* More feedback.
8 years ago
Matt Jankowski 67dea31b0f 2FA controller cleanup (#2296)
* Add spec coverage for settings/two_factor_auth area

* extract setup method for qr code

* Move otp required check to before action

* Merge method only used once

* Remove duplicate view

* Consolidate creation of @codes for backup

* Move settings/2fq#recovery_codes to settings/recovery_codes#create

* Rename settings/two_factor_auth#disable to #destroy

* Add coverage for the otp required path on 2fa#show

* Clean up the recovery codes list styles

* Move settings/two_factor_auth to settings/two_factor_authentication

* Reorganize the settings two factor auth area

Updated to use a flow like:

- settings/two_factor_authentication goes to a #show view which has a button
  either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
  codes
- that create action shares a view with a recovery codes controller which can be
  used separately to reset codes if needed
8 years ago
Ashley 05ac28f3e4 Added API for single notification dismissal (#2251)
* Added API backend for notification dismissal

* Added render statement

* Changed statement
8 years ago
Matt Jankowski 8bac0350d1 Restful refactor of accounts/ routes (#2133)
* Add routing specs for accounts followers and following actions

* Use more restful route naming for public account follow pages

Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index

Adds routing spec to ensure prior URLs are preserved.
8 years ago
Matt Jankowski 55e1503522 Instances list in admin (#2095)
* Add admin/instances index action

* Add link to instances admin page

* View lists instances

* Instances, grouped by domain, ordered by count

* Use Account.remote scope

* Extract method: Account.by_domain_accounts
8 years ago
Matt Jankowski 21a767dcfa Improve handling of HTTP_ACCEPT for webfinger (#2008)
This change includes:

- Improve the spec coverage for incoming request to the webfinger action
- For requests without an accept header (ie, what a browser might look like),
  return a JSON response.
- For requests with an explicit format of xml or json, return that format.
- For requests using an accept header, return that format.

Also adds failing spec showing webfinger does not return xml, which covers the
issue described in: https://github.com/tootsuite/mastodon/issues/1983
8 years ago
Eugen 5d710b1139 Make file attachment on MediaAttachment optional (#1865)
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
8 years ago
Matt Jankowski 6670e6d33f Add password reset for users from admin accounts area (#1841) 8 years ago
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
8 years ago
Matt Jankowski 8b74aa4217 Admin reports controller improvements (#1714)
* Simplify admin/reports controller filtering for index

* Rename parameter to resolved

* Fix issue where reports view could not access filter_link_to

* Add coverage for admin/reports controller

* DRY up resolution of related reports for target account

* Clean up admin/reports routes

* Add Report#statuses method

* DRY up current account action taken params

* Rubocop styles
8 years ago
Matt Jankowski 137100dcf3 Clean up well-known routes/controllers (#1649)
* Add request spec for host meta route returning xml

* Add routing spec for xrd routes

* Update well-known routes

* Move webfinger and host-meta actions to their own controllers
8 years ago
Matt Jankowski 3a9eb81a80 Admin accounts controller cleanup (#1664)
* Remove unused account_params method in admin/accounts controller

* Introduce AccountFilter to find accounts

* Use AccountFilter in admin/accounts controller

* Use more restful routes admin silence and suspension area

* Add admin/silences and admin/suspensions controllers
8 years ago
Matt Jankowski 7f0a865b05 Allow import/export of mutes list (#1541)
* Allow export of mutes list

* Allow importing of mutes list

* Refactor to use Settings::Exports::BaseController and DRY up exports code
8 years ago
Matt Jankowski b352a8e5d4 Default to json type for webfinger requests (#1583) 8 years ago
Matt Jankowski 3ddd936b03 Refactor exports controller (#1567)
* Add basic coverage for settings/exports controller

* Remove unused @account variable from settings/exports controller

* Add coverage for download export actions

* Remove deprecated `render :text` in favor of `send_data` for csv downloads

* Add model to handle exports

* Use Export class in settings/exports controller

* Simplify settings/exports controller methods

* Move settings/export to more restful routes
8 years ago
David Celis d4fe6cd2bf Allow users to update their Account in the API (#1179)
* Allow users to update their Account in the API

It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.

Signed-off-by: David Celis <me@davidcel.is>

* Add /api/v1/accounts/update_credentials to the API docs

Signed-off-by: David Celis <me@davidcel.is>
8 years ago
Matt Jankowski e5282e4ec0 Clean up about page (#1282)
* Add InstancePresenter to expose site details

* Clean up about controller, use instance presenter
8 years ago
Matt Jankowski 71706f21c2 Ignore implied formats for catch all route requests (#1340)
A request to `/test` would show the custom 404 page, but a request to
`/test.test` would return a 404 with an empty body.

This change ignores the format on incoming catch all route requests, so that the
html 404 page is returned on these requests.
8 years ago
Eugen 9acdb166e8 Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled (#1278)
* Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled
TOTP secret is not shown again after 2FA is enabled

* Clean up
8 years ago
Eugen Rochko e3a3422a65 Allow setting of default language through config
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
8 years ago
Eugen Rochko b7c1b12367 Make default admin UI page reports. Add admin UI for creating a domain block 8 years ago
Eugen Rochko e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 8 years ago
Eugen Rochko d6ed2eb512 Prettier account and stream entry URLs 8 years ago
Eugen Rochko 05cf086766 New API method: /api/v1/search
Returns accounts, statuses, hashtags arrays
8 years ago
Eugen Rochko 56d998cbdb Export follow/block lists as CSV 8 years ago
Eugen Rochko 6be7bde243 Fix #525 - Add instance information API 8 years ago
Eugen e245115f47 Merge branch 'master' into mastodon-site-api 8 years ago
Eugen Rochko 5f4e402204 Improved /api/v1/accounts/:id/statuses with new params: only_media, exclude_replies
Redirect /:username to /users/:username
Redirect /:username/:id to /users/:username/updates/:id
Updated API documentation and sponsors
8 years ago
Kit Redgrave 442fdbfc53 Mute button progress so far. WIP, doesn't entirely work correctly. 8 years ago
Kibigo 620f70e42c Adds site metadata access to the API 8 years ago
Eugen Rochko 175a9b9caa Fix #104 - Style OAuth authorized applications page
Add ability to search accounts by display name
8 years ago
Eugen Rochko 8132cf8153 Add GET /api/v1/accounts/:id/statuses/media that returns only statuses with media attachments
Make replies default to privacy settings of the status being replied to
8 years ago
Eugen Rochko d0f087db2d Add UI to view report details, remove reported statuses, quick links to resolve/silence/suspend from report 8 years ago
Eugen Rochko 24ba7c9762 Adding index overview for reports in admin UI 8 years ago
Eugen Rochko 5426f06ac2 Fix admin UI for accounts somewhat 8 years ago
Eugen Rochko 3b81baaaaf Adding POST /api/v1/reports API, and a UI for submitting reports 8 years ago
Eugen Rochko 0518492158 Stop trying to shoehorn all Salmon updates into the poor database-connected
StreamEntry model. Simply render Salmon slaps as they are needed
8 years ago
Eugen Rochko 77e13c2bc9 Removing failed push notification API, make context loads use cache 8 years ago
Eugen Rochko d9ca46b464 Cleaning up format of broadcast real-time messages, removing
redis-backed "mentions" timeline as redundant (given notifications)
8 years ago
Eugen Rochko 3f075c7794 API for apps to register for push notifications 8 years ago
Eugen Rochko ba192f12e3 Added optional two-factor authentication 8 years ago
Effy Elden 07b9a10d4d Add redirect for /admin => /admin/settings 8 years ago
Eugen Rochko f392030ab8 Add /api/v1/notifications/clear, non-existing link cards for statuses will
now return empty hash instead of throwing a 404 error. When following,
merge into timeline will filter statuses
8 years ago
Eugen Rochko e028406db4 Fix code style 8 years ago
Eugen Rochko d72dd38c13 Merge branch 'master' of https://github.com/ineffyble/mastodon into ineffyble-master 8 years ago
Eugen Rochko 3a4b5961be Method to fetch a single notification 8 years ago
Effy Elden 5fef55c11a Set remote dev environments to use letter_opener_web, add default .env.vagrant variables 8 years ago
Eugen Rochko f0de621e76 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 8 years ago
Eugen Rochko e25170f960 Add extended about page stub 8 years ago