Commit graph

326 commits

Author SHA1 Message Date
Patrick Figel
df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
ThibG
31f0bcf804 Refresh webfinger (#1323)
* Refresh local info for remote accounts when webfinger returns new values

It only refreshes account info if one of the URLs or the public-key changes,
in which cases it refreshes the full info, re-downloading the feeds from that
user.

Some special handling should probably be done when the public key changes,
but I have been unable to find any use for it in Mastodon yet.

* Re-fetch remote users we aren't subscribed to.

This might induce performance issues, we might want to only do that for users
we explicitly attempted to subscribe but failed to.

* Refactor changes

* Do not refresh existing remote account details more than once a day

* Avoid re-fetching webfinger info in tests unless otherwise specified
2017-04-15 03:16:05 +02:00
Eugen Rochko
31597fd377 Low-hanging fruit of query optimization, these indices were missing 2017-04-07 00:04:38 +02:00
Eugen Rochko
cfe91ac984 Add index on mentions status_id 2017-04-05 13:32:57 +02:00
Eugen Rochko
68f829e11c Add basic logging of who resolved report 2017-04-03 19:35:00 +02:00
Eugen Rochko
e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 2017-03-30 19:42:33 +02:00
Eugen Rochko
03fb6c16ec Fix up null values on latest migration, add notes 2017-03-30 16:06:27 +02:00
Eugen Rochko
87513b31e0 Do NOT try to update the new fields from the migration. Takes too long on a live DB
Needs to be a separate task with no locking
2017-03-30 15:50:34 +02:00
Eugen Rochko
de22c202f5 Add counter caches for a large performance increase on API requests 2017-03-30 15:06:59 +02:00
Eugen Rochko
5aa3df017b Fix full-text search query quotation, improve tag search performance with an index,
add ability to open status by URL from search (fix #53)
2017-03-22 17:36:34 +01:00
Eugen Rochko
22e06a4077 Upgrade status IDs to bigint 2017-03-22 15:46:58 +01:00
Eugen Rochko
1b09c3cb17 More efficient single account retrieval (0.9ms vs 50ms before) 2017-03-22 03:21:38 +01:00
Eugen Rochko
2816b1bf8e Federate header images, fix open-uri http->https redirection error 2017-03-18 22:51:20 +01:00
Eugen Rochko
ad0d82d3ce Make account search blazing fast and rank followers/followees higher in the results 2017-03-17 20:48:14 +01:00
Eugen Rochko
caf5b8e975 Fix #431 - convert gif to webm during upload. Web UI treats them like it did
before. In the API, attachments now can be either image, video or gifv. Gifv
is to be treated like images in terms of behaviour, but are videos by file
type.
2017-03-04 23:02:24 +01:00
Eugen Rochko
6b81d10030 Add digest e-mails 2017-03-04 00:00:48 +01:00
Kit Redgrave
442fdbfc53 Mute button progress so far. WIP, doesn't entirely work correctly. 2017-03-01 22:31:21 -06:00
Eugen Rochko
a1e96ae94f Add foreign key to prevent reblogs of non-existent (after race conditions) statuses from happening
Fix issue with detailed status view not supporting unreblogging/unfavouriting
2017-02-17 02:33:10 +01:00
Eugen Rochko
3b81baaaaf Adding POST /api/v1/reports API, and a UI for submitting reports 2017-02-14 20:59:26 +01:00
Eugen Rochko
6331ed16e5 Fix #614 - extra reply-boolean on statuses to account for cases when replied-to
status is not in the system at time of distribution; fix #607 - reset privacy
settings to defaults when cancelling replies
2017-02-09 20:25:39 +01:00
Eugen Rochko
920ba5fc4e Fix #61 - Add list of blocked users to the UI; clean up failed push notifications API
Try to fix Travis CI setup
2017-02-05 19:18:11 +01:00
Eugen Rochko
3f075c7794 API for apps to register for push notifications 2017-01-29 01:30:32 +01:00
Eugen Rochko
ba192f12e3 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko
0430f7c0fa Fix spoiler_text not having "not null" constraint 2017-01-25 15:24:19 +01:00
Eugen Rochko
51a7047367 Fix order of migrations 2017-01-25 15:01:00 +01:00
Eugen Rochko
999cde94a6 Instead of using spoiler boolean and spoiler_text, simply check for non-blank spoiler_text
Federate spoiler_text using warning attribute on <content /> instead of a <category term="spoiler" />
Clean up schema file from accidental development migrations
2017-01-25 01:29:16 +01:00
blackle
bf0f6eb62d Implement a click-to-view spoiler system 2017-01-23 21:07:40 -05:00
Eugen Rochko
434cf8237e Optional domain block attribute that prevents media attachments from being downloaded 2017-01-23 21:36:08 +01:00
Eugen Rochko
6d98a73180 Domain blocks now have varying severity - auto-suspend vs auto-silence 2017-01-23 17:38:38 +01:00
Eugen Rochko
f0de621e76 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 2017-01-20 01:00:14 +01:00
Effy Elden
d6bc0e8db4 Add tracking of OAuth app that posted a status, extend OAuth apps to have optional website field, add application details to API, show application name and website on detailed status views. Resolves #11 2017-01-15 08:58:50 +11:00
Eugen Rochko
b11fdc3ae3 Migrate from ledermann/rails-settings to rails-settings-cached which allows global settings
with YAML-defined defaults. Add admin page for editing global settings. Add "site_description"
setting that would show as a paragraph on the frontpage
2017-01-12 20:46:24 +01:00
Eugen Rochko
75f80bef10 Persist UI settings, add missing localizations for German 2017-01-09 14:00:55 +01:00
Eugen Rochko
7b9f8766e8 Fix #416 - Generate random unique 14-byte (19 characters) shortcodes
for local attachments, use them in URLs. Check status privacy
before redirecting to actual file.
2017-01-06 00:29:12 +01:00
Eugen Rochko
b891a81008 Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko
2d2154ba75 Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users 2016-12-22 21:34:19 +01:00
Eugen Rochko
80e02b90e4 Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
2016-12-21 20:04:13 +01:00
Eugen Rochko
39cc9fde8a Add account suspension 2016-12-05 22:59:30 +01:00
Eugen Rochko
565cd95bca Keep timelines in the UI trimmed when possible 2016-12-03 21:04:57 +01:00
Eugen Rochko
b14b5e3b44 Improve notification model 2016-12-03 20:04:19 +01:00
Eugen Rochko
816284d739 Fix #248 - Reload all accounts when fetching from cache 2016-12-03 18:21:26 +01:00
Eugen Rochko
165498f110 Make data migration more merciful 2016-12-02 15:09:44 +01:00
Eugen Rochko
3114e55c7a Fix #323 - self-replies to appear in public timelines again 2016-12-02 14:33:20 +01:00
Eugen Rochko
14bd46946d Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
2016-11-30 21:34:59 +01:00
Eugen Rochko
4a2347da41 Track successful PuSH deliveries 2016-11-30 15:24:57 +01:00
Eugen Rochko
2d2c81765b Adding embedded PuSH server 2016-11-28 13:36:47 +01:00
Eugen Rochko
0603971894 Adding sensitive marker to statuses in API 2016-11-23 10:46:48 +01:00
Eugen Rochko
45c7ee39b3 Remove unneeded indices, improve error handling in background workers, don't needlessly reload reblogged status, send Devise e-mails asynchronously 2016-11-22 17:32:51 +01:00
Eugen Rochko
38dd85daab Adding notifications column 2016-11-20 19:39:58 +01:00
Eugen Rochko
da2ef4d676 Adding unified streamable notifications 2016-11-20 19:39:58 +01:00
Eugen Rochko
2c766bd4b4 Add user locale setting 2016-11-16 17:56:31 +01:00
Eugen Rochko
48b9619439 Adding hashtags 2016-11-05 17:13:14 +01:00
Eugen Rochko
62292797ec Adding hashtag model 2016-11-04 19:12:59 +01:00
Eugen Rochko
909d0d5e88 Adding public timeline silencing 2016-10-27 19:33:04 +02:00
Eugen Rochko
22a8801dbc Adding domain blocks 2016-10-09 14:48:59 +02:00
Eugen Rochko
06016453bd Adding user settings (model and mailer), no form yet 2016-10-07 13:17:56 +02:00
Eugen Rochko
9d59d7b463 Adding a block model and filter mentions from blocked users (fix #60) 2016-10-03 17:12:13 +02:00
Eugen Rochko
fc198a8b4c Adding e-mail confirmations 2016-10-03 16:51:00 +02:00
Eugen Rochko
7e14eefc81 Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app
registration API
2016-09-26 23:56:53 +02:00
Eugen Rochko
608a2bfffc Upgrade to PubSubHubbub 0.4 (removing verify_token) 2016-09-20 02:43:20 +02:00
Eugen Rochko
059ebbf48d Separate PuSH subscriptions from following, add mastodon:push:refresh task,
respect hub.lease_seconds (fix #46)
2016-09-20 00:43:36 +02:00
Eugen Rochko
ae1fac0062 Add API to upload media attachments 2016-09-05 17:46:36 +02:00
Eugen Rochko
92afd29650 The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko
e24bfbde1a Fixing FanOutOnWriteService, fixing Sidekiq not having enough DB connections
in the pool, adding a throttle of 60rpm per IP, adding mini profiler, adding
admin status to users
2016-03-25 14:12:24 +01:00
Eugen Rochko
02e4fb2e06 Only re-download avatar if URL changed (fix #19) 2016-03-22 21:05:23 +01:00
Eugen Rochko
8767a98fbb Adding CSS for form errors, adding missing indices 2016-03-16 11:46:25 +01:00
Eugen Rochko
6fec8afc3f Bind oauth applications to users 2016-03-14 17:49:13 +01:00
Eugen Rochko
3441361568 Adding simple_form, adding profile settings, header image 2016-03-12 20:47:22 +01:00
Eugen Rochko
b919f39b31 Customizing doorkeeper views for authorizing app 2016-03-11 01:58:55 +01:00
Eugen Rochko
ab6696e855 Adding doorkeeper, adding a REST API
POST /api/statuses                  Params: status (text contents), in_reply_to_id (optional)
GET  /api/statuses/:id
POST /api/statuses/:id/reblog

GET  /api/accounts/:id
GET  /api/accounts/:id/following
GET  /api/accounts/:id/followers
POST /api/accounts/:id/follow
POST /api/accounts/:id/unfollow

POST /api/follows                  Params: uri (e.g. user@domain)

OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
2016-03-07 12:42:33 +01:00
Eugen Rochko
7e93da3f8d Removing grape and adding devise 2016-03-05 13:12:24 +01:00
Eugen Rochko
2c70f0ecaa Adding paperclip for avatars, fixing design of the public pages 2016-02-28 00:02:59 +01:00
Eugen Rochko
71fe24096c Adding a Mention model, test stubs 2016-02-25 00:17:01 +01:00
Eugen Rochko
fa33750105 Adding reblogs, favourites, improving atom generation 2016-02-23 19:17:37 +01:00
Eugen Rochko
709c6685a9 Made some progress 2016-02-22 16:00:20 +01:00
Eugen Rochko
9c4856bdb1 Initial commit 2016-02-20 22:53:20 +01:00