Commit Graph

7269 Commits

Author SHA1 Message Date
Renato "Lond" Cerqueira
1e5b17b88a Merge tag 'v2.8.4' into instance_only_statuses 2019-06-03 22:06:36 +02:00
Eugen Rochko
7d92c2c81d Bump version to 2.8.4 2019-05-24 15:35:32 +02:00
ThibG
aa80292170 Improve streaming server security ()
* Check OAuth token scopes in the streaming API

* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token

Inspired by https://github.com/kubevirt/kubevirt/issues/1242
2019-05-24 15:23:38 +02:00
ThibG
130fbf839b Fix possible race condition when processing statuses () 2019-05-24 15:23:38 +02:00
ThibG
39d1d022de Move signature verification stoplight to the requests themselves ()
* Move signature verification stoplight to the requests themselves

This avoids blocking messages from known keys for 5 minutes when only one fails…

* Put the stoplight on the actual client IP, not a potential reverse proxy
2019-05-24 15:23:38 +02:00
ThibG
9a881c70e2 Retry ActivityPub inbox delivery on HTTP 401 and 408 errors ()
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.

Also added HTTP 408 as that error is by nature temporary.
2019-05-24 15:23:38 +02:00
Eugen Rochko
370ec7e771 Bump version to 2.8.3 2019-05-19 22:35:49 +02:00
ThibG
9222c26e19 Fix “invited by” not showing up for invited accounts in admin interface () 2019-05-19 22:32:25 +02:00
Hinaloe
94439a1da7 fix isSubmitting prop case () 2019-05-19 22:32:14 +02:00
ThibG
a6815a7578 Add post-deployment migration script to delete public-boosts-of-private-toots () 2019-05-19 16:27:11 +02:00
Ben Lubar
d587a943a5 add og:image:alt for media attachments in embeds () 2019-05-19 16:26:00 +02:00
ThibG
3c27687a6e Prevent from publicly boosting one's own private toots () 2019-05-19 16:25:40 +02:00
ThibG
ee17d81b8a Minor performance improvements and cleanup in formatter () 2019-05-19 16:25:39 +02:00
Neil Moore
9e95af3391 Adds click-able div that expands status () ()
The clickable div is positioned under the account avatar and covers
all empty space below it to the end of the status.
2019-05-19 16:25:20 +02:00
nzws
91e25a20ce Fix some colors in light theme ()
* Fix typo in light theme

* Fix background color of empty column
2019-05-19 16:25:20 +02:00
ThibG
47e0928c5b Change icon and label depending on whether media is marked as sensitive ()
* Change icon and label depending on whether media is marked as sensitive

* WiP use a checkbox
2019-05-19 16:25:20 +02:00
Maciek Baron
c407a4edf8 Improve poll link accessibility ()
* Add distinction between hover and active/focus states
* Resolves 
2019-05-19 16:25:20 +02:00
Jeong Arm
7a6464bea0 Bring back crossed eye icon on gallery () 2019-05-19 16:25:20 +02:00
nzws
9679ec4fcb Fix some colors of high contrast theme ()
* Fix "nothing here" text color of high contrast

* Fix counter border color of high contrast
2019-05-19 16:25:20 +02:00
ThibG
b40dfc124b Add description on hover in media gallery () 2019-05-19 16:25:20 +02:00
Renato "Lond" Cerqueira
84c8b1e200 Merge tag 'v2.8.2' into instance_only_statuses 2019-05-07 21:42:11 +02:00
Eugen Rochko
2508370f44
Bump version to 2.8.2 () 2019-05-05 17:14:15 +02:00
Marek Ľach
fc192b882f Minor Slovak locale update () 2019-05-05 17:25:35 +09:00
Aditoo17
b7741ed732 I18n: Update Czech translation 🇨🇿 ()
* I18n: Update Czech translation

* Tiny fix
2019-05-05 15:33:33 +09:00
Baptiste Gelez
21209c2b52 Make sure the instance banner is never cropped () 2019-05-05 01:07:15 +02:00
Eugen Rochko
f0865171fe
Bump blurhash from 0.1.2 to 0.1.3 () 2019-05-04 22:52:54 +02:00
ThibG
7aa749ab46 Fix transition: all () 2019-05-04 17:39:53 +02:00
Ushitora Anqou
56880fa76a Add SOURCE_TAG to show source repository's tag () 2019-05-04 17:39:17 +02:00
ThibG
4f73cde4e1 Minor account media gallery fixes ()
* Make the cursor icon consistant across media types in account media gallery

* Fix the video player modal causing scroll position to reset
2019-05-04 17:36:43 +02:00
Alix Rossi
c88d9e524b i18n: Update Corsican translation () 2019-05-04 20:09:25 +09:00
Eugen Rochko
8025a41a1f
Add tootctl cache clear () 2019-05-04 01:02:57 +02:00
Eugen Rochko
5f9f610a23
Bump version to 2.8.1 () 2019-05-04 00:31:06 +02:00
ThibG
b85f216cbc Do not retry processing ActivityPub jobs raising validation errors ()
* Do not retry processing ActivityPub jobs raising validation errors

Jobs yielding validation errors most probably won't ever be accepted,
so it makes sense not to clutter the queues with retries.

* Lower RecordInvalid error reporting to debug log level

* Remove trailing whitespace
2019-05-03 23:45:37 +02:00
Eugen Rochko
7cb369d4c6
Change e-mail whitelist/blacklist to not be checked when invited ()
* Change e-mail whitelist/blacklist to not be checked when invited

And only when creating an account, not when updating it later

Fix 

* Fix test
2019-05-03 23:44:44 +02:00
Eugen Rochko
d77ee3f276
Fix accounts created through tootctl not being always pre-approved ()
Add `--approve` option to `tootctl accounts modify`
2019-05-03 20:49:27 +02:00
Eugen Rochko
63b1388fef
Change font weight of sensitive button to 500 () 2019-05-03 20:44:20 +02:00
ThibG
91634947f8 Explicitly disable storage of REST API results ()
Fixes 
2019-05-03 20:39:19 +02:00
ThibG
011b032300 Provide a link to existing domain block when trying to block an already-blocked domain ()
* When trying to block an already-blocked domain, provide a link to the block

* Fix styling for links in flash messages

* Allow blocks to be upgraded but not downgraded
2019-05-03 20:36:36 +02:00
Eugen Rochko
eb63217210
Add button to view context to media modal ()
* Add "view context" button to media modal when opened from gallery

* Add "view context" button to video modal

Allow closing the video modal by navigating back in the browser,
just like the media modal
2019-05-03 16:16:30 +02:00
dependabot[bot]
ecbea2e3c6 Bump rack-attack from 5.4.2 to 6.0.0 ()
* Bump rack-attack from 5.4.2 to 6.0.0

Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 5.4.2 to 6.0.0.
- [Release notes](https://github.com/kickstarter/rack-attack/releases)
- [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kickstarter/rack-attack/compare/v5.4.2...v6.0.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* fix payload[:request]
2019-05-03 16:16:11 +02:00
dependabot[bot]
61e28b0ccc Bump scss_lint from 0.57.1 to 0.58.0 ()
Bumps [scss_lint](https://github.com/sds/scss-lint) from 0.57.1 to 0.58.0.
- [Release notes](https://github.com/sds/scss-lint/releases)
- [Changelog](https://github.com/sds/scss-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sds/scss-lint/compare/v0.57.1...v0.58.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-03 17:29:53 +09:00
dependabot[bot]
153b4ffc78 Bump fabrication from 2.20.1 to 2.20.2 ()
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.20.1 to 2.20.2.
- [Release notes](https://github.com/paulelliott/fabrication/releases)
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown)
- [Commits](https://github.com/paulelliott/fabrication/compare/2.20.1...2.20.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-03 15:01:38 +09:00
ThibG
5121d9c12f When selecting a toot via keyboard, ensure it is scrolled into view () 2019-05-03 06:20:35 +02:00
Eugen Rochko
05ef3462ba
Make the "mark media as sensitive" button more obvious in web UI ()
* Make the "mark media as sensitive" button more obvious in web UI

* Use eye-slash icon instead of eye icon to mean "hide"
2019-05-03 04:34:55 +02:00
Eugen Rochko
967e419f8f
Fix alignment of items in the account gallery in web UI and load more per page () 2019-05-03 04:02:55 +02:00
Eugen Rochko
3f143606fa
Change account gallery in web UI ()
- 3 items per row instead of 2
- Use blurhash for previews
- Animate/hover-to-play GIFs and videos
- Open media modal instead of opening status
- Allow opening status instead with ctrl+click and open in new tab
2019-05-02 08:34:32 +02:00
ThibG
21a73c52a7 Check that an invite link is valid before bypassing approval mode ()
* Check that an invite link is valid before bypassing approval mode

Fixes 

* Add tests

* Only consider valid invite links in registration controller

* fixup
2019-05-02 04:30:12 +02:00
ThibG
c4f2433300 Disallow robots from indexing /interact/ ()
This does not provide any new information and may just triple the number
of crawled pages
2019-05-02 00:10:19 +02:00
ThibG
0db269f3dc Minor fixes to the French translation () 2019-05-01 22:19:55 +09:00
dependabot[bot]
699109b954 Bump rubocop from 0.68.0 to 0.68.1 ()
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.68.0 to 0.68.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.68.0...v0.68.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-01 15:49:16 +09:00