Commit graph

194 commits

Author SHA1 Message Date
Eugen Rochko
cdc57c74b7
Fix unsupported time zone or locale preventing sign-up ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-22 11:38:07 +00:00
Matt Jankowski
bbad5b6456
Remove false positive cop detection () 2023-11-07 10:44:15 +00:00
Matt Jankowski
12550a6a28
Use Rails.env.local? shorthand method to check env () 2023-10-26 21:20:41 +00:00
Matt Jankowski
cf33028f35
Admin mailer parameterization () 2023-07-08 20:03:38 +02:00
Eugen Rochko
4c9406bdb0
Add time zone preference () 2023-06-10 03:29:37 +02:00
Matt Jankowski
d902a707a3
Fix Rails/CompactBlank cop () 2023-04-30 14:07:21 +02:00
Eugen Rochko
a9b5598c97
Change user settings to be stored in a more optimal way ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire
86f8aa2db2
Fix unconfirmed accounts being registered as active users () 2023-03-06 16:00:08 +01:00
Nick Schonning
717683d1c3
Autofix Rubocop remaining Layout rules () 2023-02-20 06:58:28 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition () 2023-02-08 07:07:36 +01:00
Claire
6883fddb19
Fix account activation being triggered before email confirmation ()
* Add tests

* Fix account activation being triggered before email confirmation

Fixes 
2023-01-24 19:40:21 +01:00
Alexander Ivanov
8eb29741b4
Add webhook account.approved ()
* Webhook `account.approved` when preparing new user

* Update Webhook.EVENTS
2023-01-05 13:29:49 +01:00
Francis Murillo
5fb1c3e934
Revoke all authorized applications on password reset ()
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Claire
ed07f10ca8
Fix failure when “Require a reason to join” is set with open registrations () 2022-12-07 16:39:58 +01:00
Claire
00b2720ef0
Change automatic post deletion configuration to be accessible to redirected users ()
Fixes 
2022-11-17 10:55:23 +01:00
Eugen Rochko
839f893168
Change public accounts pages to mount the web UI ()
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Eugen Rochko
0d0f3c15d3
Fix language dropdown sometimes not appearing in web UI ()
When user has no locale preference saved (such as never changing it
from the default), the preferred posting language is nil, and
the dropdown is not visible
2022-09-28 01:02:15 +02:00
Eugen Rochko
0b3e4fd5de
Remove digest e-mails ()
* Remove digest e-mails

* Remove digest-related code
2022-08-25 23:38:22 +02:00
Eugen Rochko
0396acf39e
Add audit log entries for user roles ()
* Refactor audit log schema

* Add audit log entries for user roles
2022-08-25 20:39:40 +02:00
Claire
03241d884e
Add option for EMAIL_DOMAIN_DENYLIST/EMAIL_DOMAIN_ALLOWLIST to apply after confirmation ()
Fixes 
2022-08-25 04:31:10 +02:00
Eugen Rochko
44b2ee3485
Add customizable user roles ()
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
2022-07-05 02:41:40 +02:00
Eugen Rochko
a2871cd747
Add administrative webhooks ()
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
2022-06-09 21:57:36 +02:00
Claire
e34dd3644c
Remove unused filtered_languages column ()
* Remove unused `filtered_languages` column

Fixes 

* Fix tests
2022-05-27 20:05:22 +02:00
Eugen Rochko
6c699b1723
Fix preferred posting language returning unusable value in REST API () 2022-05-16 19:13:36 +02:00
Eugen Rochko
3917353645
Fix single Redis connection being used across all threads ()
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
2022-04-28 17:47:34 +02:00
Eugen Rochko
8e20e16cf0
Change e-mail notifications to only be sent when recipient is offline ()
* Change e-mail notifications to only be sent when recipient is offline

Change the default for follow and mention notifications back on

* Add preference to always send e-mail notifications

* Change wording
2022-04-08 18:03:31 +02:00
Eugen Rochko
6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in () 2022-04-06 20:58:12 +02:00
Eugen Rochko
5554ff2a1d
Fix being able to bypass e-mail restrictions () 2022-03-30 14:45:52 +02:00
Eugen Rochko
2dd30804b6
Change how unconfirmed accounts are displayed in admin UI ()
Fix 
2022-03-26 02:53:13 +01:00
Eugen Rochko
edf09ec747
Add /api/v1/accounts/familiar_followers to REST API ()
* Add `/api/v1/accounts/familiar_followers` to REST API

* Change hide network preference to be stored consistently for local and remote accounts

* Add dummy classes to migration

* Apply suggestions from code review

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07 09:36:47 +01:00
Eugen Rochko
27965ce5ed
Add trending statuses ()
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko
564efd0651
Add appeals ()
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko
6240466866
Fix duplicate accounts when searching by IP range in admin UI () 2022-02-13 01:58:26 +01:00
Eugen Rochko
b6d7726ecb
Remove language detection through cld3 ()
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations ()
Follow-up to 
2022-02-01 20:57:39 +01:00
Claire
8a07ecd377
Remove leftover database columns from Devise::Models::Rememberable ()
* Remove leftover database columns from Devise::Models::Rememberable

* Update fix-duplication maintenance script

* Improve errors/warnings in the fix-duplicates maintenance script
2022-01-23 15:46:30 +01:00
Eugen Rochko
8e84ebf0cb
Remove IP tracking columns from users table () 2022-01-16 13:23:50 +01:00
Jeong Arm
720e8ab0f5
Fix duplicate record on admin/accounts when searching with IP () 2021-12-21 00:17:14 +01:00
Claire
6da135a493
Fix reviving revoked sessions and invalidating login ()
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:13:58 +01:00
Eugen Rochko
771c9d4ba8
Add ability to skip sign-in token authentication for specific users ()
Remove "active within last two weeks" exception for sign in token requirement

Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00
Claire
566fc90913
Add Ruby 3.0 support ()
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0

Also improve the Terrapin monkey-patch for the stderr/stdout issue.

* Fix keyword argument handling throughout the codebase

* Monkey-patch Paperclip to fix keyword arguments handling in validators

* Change validation_extensions to please CodeClimate

* Bump microformats from 4.2.1 to 4.3.1

* Allow Ruby 3.0

* Add Ruby 3.0 test target to CircleCI

* Add test for admin dashboard warnings

* Fix admin dashboard warnings on Ruby 3.0
2021-05-06 14:22:54 +02:00
Eugen Rochko
fab65848d2
Fix empty home feed before first follow has finished processing ()
Change queue of merge worker from pull to default
2021-05-04 04:45:08 +02:00
Eugen Rochko
af8fe6e1e9
WIP () 2021-03-19 17:15:36 +01:00
ThibG
e955ca5463
Fix sign-up restrictions based on IP addresses not being enforced ()
Fixes 

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-01-21 06:18:30 +01:00
ThibG
1cf2c3a810
Fix external user creation failing when invite request text is required ()
* Fix external user creation failing when invite request text is required

Also fixes tootctl-based user creation.

* Add test about invites when invite request text is otherwise required

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-22 17:14:32 +01:00
ThibG
6f51fd7435
Fix invitation links not working when invite request text is required ()
Fixes 

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-21 00:47:02 +01:00
ThibG
47e507fa61
Add ability to require invite request text ()
Fixes 

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
ThibG
49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form ()
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
Eugen Rochko
8532429af7
Fix 2FA/sign-in token sessions being valid after password change ()
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
2020-11-12 23:05:01 +01:00
Eugen Rochko
5e1364c448
Add IP-based rules () 2020-10-12 16:33:49 +02:00