Commit graph

7165 commits

Author SHA1 Message Date
Eugen Rochko
7d92c2c81d Bump version to 2.8.4 2019-05-24 15:35:32 +02:00
ThibG
aa80292170 Improve streaming server security (#10818)
* Check OAuth token scopes in the streaming API

* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token

Inspired by https://github.com/kubevirt/kubevirt/issues/1242
2019-05-24 15:23:38 +02:00
ThibG
130fbf839b Fix possible race condition when processing statuses (#10815) 2019-05-24 15:23:38 +02:00
ThibG
39d1d022de Move signature verification stoplight to the requests themselves (#10813)
* Move signature verification stoplight to the requests themselves

This avoids blocking messages from known keys for 5 minutes when only one fails…

* Put the stoplight on the actual client IP, not a potential reverse proxy
2019-05-24 15:23:38 +02:00
ThibG
9a881c70e2 Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (#10812)
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.

Also added HTTP 408 as that error is by nature temporary.
2019-05-24 15:23:38 +02:00
Eugen Rochko
370ec7e771 Bump version to 2.8.3 2019-05-19 22:35:49 +02:00
ThibG
9222c26e19 Fix “invited by” not showing up for invited accounts in admin interface (#10791) 2019-05-19 22:32:25 +02:00
Hinaloe
94439a1da7 fix isSubmitting prop case (#10785) 2019-05-19 22:32:14 +02:00
ThibG
a6815a7578 Add post-deployment migration script to delete public-boosts-of-private-toots (#10783) 2019-05-19 16:27:11 +02:00
Ben Lubar
d587a943a5 add og:image:alt for media attachments in embeds (#10779) 2019-05-19 16:26:00 +02:00
ThibG
3c27687a6e Prevent from publicly boosting one's own private toots (#10775) 2019-05-19 16:25:40 +02:00
ThibG
ee17d81b8a Minor performance improvements and cleanup in formatter (#10765) 2019-05-19 16:25:39 +02:00
Neil Moore
9e95af3391 Adds click-able div that expands status (#10733) (#10766)
The clickable div is positioned under the account avatar and covers
all empty space below it to the end of the status.
2019-05-19 16:25:20 +02:00
nzws
91e25a20ce Fix some colors in light theme (#10754)
* Fix typo in light theme

* Fix background color of empty column
2019-05-19 16:25:20 +02:00
ThibG
47e0928c5b Change icon and label depending on whether media is marked as sensitive (#10748)
* Change icon and label depending on whether media is marked as sensitive

* WiP use a checkbox
2019-05-19 16:25:20 +02:00
Maciek Baron
c407a4edf8 Improve poll link accessibility (#10720)
* Add distinction between hover and active/focus states
* Resolves #10198
2019-05-19 16:25:20 +02:00
Jeong Arm
7a6464bea0 Bring back crossed eye icon on gallery (#10715) 2019-05-19 16:25:20 +02:00
nzws
9679ec4fcb Fix some colors of high contrast theme (#10711)
* Fix "nothing here" text color of high contrast

* Fix counter border color of high contrast
2019-05-19 16:25:20 +02:00
ThibG
b40dfc124b Add description on hover in media gallery (#10713) 2019-05-19 16:25:20 +02:00
Eugen Rochko
2508370f44
Bump version to 2.8.2 (#10703) 2019-05-05 17:14:15 +02:00
Marek Ľach
fc192b882f Minor Slovak locale update (#10705) 2019-05-05 17:25:35 +09:00
Aditoo17
b7741ed732 I18n: Update Czech translation 🇨🇿 (#10704)
* I18n: Update Czech translation

* Tiny fix
2019-05-05 15:33:33 +09:00
Baptiste Gelez
21209c2b52 Make sure the instance banner is never cropped (#10702) 2019-05-05 01:07:15 +02:00
Eugen Rochko
f0865171fe
Bump blurhash from 0.1.2 to 0.1.3 (#10700) 2019-05-04 22:52:54 +02:00
ThibG
7aa749ab46 Fix transition: all (#10699) 2019-05-04 17:39:53 +02:00
Ushitora Anqou
56880fa76a Add SOURCE_TAG to show source repository's tag (#10698) 2019-05-04 17:39:17 +02:00
ThibG
4f73cde4e1 Minor account media gallery fixes (#10695)
* Make the cursor icon consistant across media types in account media gallery

* Fix the video player modal causing scroll position to reset
2019-05-04 17:36:43 +02:00
Alix Rossi
c88d9e524b i18n: Update Corsican translation (#10692) 2019-05-04 20:09:25 +09:00
Eugen Rochko
8025a41a1f
Add tootctl cache clear (#10689) 2019-05-04 01:02:57 +02:00
Eugen Rochko
5f9f610a23
Bump version to 2.8.1 (#10687) 2019-05-04 00:31:06 +02:00
ThibG
b85f216cbc Do not retry processing ActivityPub jobs raising validation errors (#10614)
* Do not retry processing ActivityPub jobs raising validation errors

Jobs yielding validation errors most probably won't ever be accepted,
so it makes sense not to clutter the queues with retries.

* Lower RecordInvalid error reporting to debug log level

* Remove trailing whitespace
2019-05-03 23:45:37 +02:00
Eugen Rochko
7cb369d4c6
Change e-mail whitelist/blacklist to not be checked when invited (#10683)
* Change e-mail whitelist/blacklist to not be checked when invited

And only when creating an account, not when updating it later

Fix #10648

* Fix test
2019-05-03 23:44:44 +02:00
Eugen Rochko
d77ee3f276
Fix accounts created through tootctl not being always pre-approved (#10684)
Add `--approve` option to `tootctl accounts modify`
2019-05-03 20:49:27 +02:00
Eugen Rochko
63b1388fef
Change font weight of sensitive button to 500 (#10682) 2019-05-03 20:44:20 +02:00
ThibG
91634947f8 Explicitly disable storage of REST API results (#10655)
Fixes #10652
2019-05-03 20:39:19 +02:00
ThibG
011b032300 Provide a link to existing domain block when trying to block an already-blocked domain (#10663)
* When trying to block an already-blocked domain, provide a link to the block

* Fix styling for links in flash messages

* Allow blocks to be upgraded but not downgraded
2019-05-03 20:36:36 +02:00
Eugen Rochko
eb63217210
Add button to view context to media modal (#10676)
* Add "view context" button to media modal when opened from gallery

* Add "view context" button to video modal

Allow closing the video modal by navigating back in the browser,
just like the media modal
2019-05-03 16:16:30 +02:00
dependabot[bot]
ecbea2e3c6 Bump rack-attack from 5.4.2 to 6.0.0 (#10599)
* Bump rack-attack from 5.4.2 to 6.0.0

Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 5.4.2 to 6.0.0.
- [Release notes](https://github.com/kickstarter/rack-attack/releases)
- [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kickstarter/rack-attack/compare/v5.4.2...v6.0.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* fix payload[:request]
2019-05-03 16:16:11 +02:00
dependabot[bot]
61e28b0ccc Bump scss_lint from 0.57.1 to 0.58.0 (#10678)
Bumps [scss_lint](https://github.com/sds/scss-lint) from 0.57.1 to 0.58.0.
- [Release notes](https://github.com/sds/scss-lint/releases)
- [Changelog](https://github.com/sds/scss-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sds/scss-lint/compare/v0.57.1...v0.58.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-03 17:29:53 +09:00
dependabot[bot]
153b4ffc78 Bump fabrication from 2.20.1 to 2.20.2 (#10677)
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.20.1 to 2.20.2.
- [Release notes](https://github.com/paulelliott/fabrication/releases)
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown)
- [Commits](https://github.com/paulelliott/fabrication/compare/2.20.1...2.20.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-03 15:01:38 +09:00
ThibG
5121d9c12f When selecting a toot via keyboard, ensure it is scrolled into view (#10593) 2019-05-03 06:20:35 +02:00
Eugen Rochko
05ef3462ba
Make the "mark media as sensitive" button more obvious in web UI (#10673)
* Make the "mark media as sensitive" button more obvious in web UI

* Use eye-slash icon instead of eye icon to mean "hide"
2019-05-03 04:34:55 +02:00
Eugen Rochko
967e419f8f
Fix alignment of items in the account gallery in web UI and load more per page (#10674) 2019-05-03 04:02:55 +02:00
Eugen Rochko
3f143606fa
Change account gallery in web UI (#10667)
- 3 items per row instead of 2
- Use blurhash for previews
- Animate/hover-to-play GIFs and videos
- Open media modal instead of opening status
- Allow opening status instead with ctrl+click and open in new tab
2019-05-02 08:34:32 +02:00
ThibG
21a73c52a7 Check that an invite link is valid before bypassing approval mode (#10657)
* Check that an invite link is valid before bypassing approval mode

Fixes #10656

* Add tests

* Only consider valid invite links in registration controller

* fixup
2019-05-02 04:30:12 +02:00
ThibG
c4f2433300 Disallow robots from indexing /interact/ (#10666)
This does not provide any new information and may just triple the number
of crawled pages
2019-05-02 00:10:19 +02:00
ThibG
0db269f3dc Minor fixes to the French translation (#10662) 2019-05-01 22:19:55 +09:00
dependabot[bot]
699109b954 Bump rubocop from 0.68.0 to 0.68.1 (#10658)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.68.0 to 0.68.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.68.0...v0.68.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-01 15:49:16 +09:00
dependabot[bot]
825d5c79b7 Bump annotate from 2.7.4 to 2.7.5 (#10651)
Bumps [annotate](https://github.com/ctran/annotate_models) from 2.7.4 to 2.7.5.
- [Release notes](https://github.com/ctran/annotate_models/releases)
- [Changelog](https://github.com/ctran/annotate_models/blob/develop/CHANGELOG.rdoc)
- [Commits](https://github.com/ctran/annotate_models/compare/v2.7.4...2.7.5)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-04-30 18:06:09 +02:00
dependabot[bot]
7c94b190c8 Bump bullet from 5.9.0 to 6.0.0 (#10635)
Bumps [bullet](https://github.com/flyerhzm/bullet) from 5.9.0 to 6.0.0.
- [Release notes](https://github.com/flyerhzm/bullet/releases)
- [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/5.9.0...6.0.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-04-30 18:05:49 +02:00