Commit graph

4744 commits

Author SHA1 Message Date
ThibG
aa80292170 Improve streaming server security (#10818)
* Check OAuth token scopes in the streaming API

* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token

Inspired by https://github.com/kubevirt/kubevirt/issues/1242
2019-05-24 15:23:38 +02:00
ThibG
130fbf839b Fix possible race condition when processing statuses (#10815) 2019-05-24 15:23:38 +02:00
ThibG
39d1d022de Move signature verification stoplight to the requests themselves (#10813)
* Move signature verification stoplight to the requests themselves

This avoids blocking messages from known keys for 5 minutes when only one fails…

* Put the stoplight on the actual client IP, not a potential reverse proxy
2019-05-24 15:23:38 +02:00
ThibG
9a881c70e2 Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (#10812)
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.

Also added HTTP 408 as that error is by nature temporary.
2019-05-24 15:23:38 +02:00
ThibG
9222c26e19 Fix “invited by” not showing up for invited accounts in admin interface (#10791) 2019-05-19 22:32:25 +02:00
Hinaloe
94439a1da7 fix isSubmitting prop case (#10785) 2019-05-19 22:32:14 +02:00
Ben Lubar
d587a943a5 add og:image:alt for media attachments in embeds (#10779) 2019-05-19 16:26:00 +02:00
ThibG
3c27687a6e Prevent from publicly boosting one's own private toots (#10775) 2019-05-19 16:25:40 +02:00
ThibG
ee17d81b8a Minor performance improvements and cleanup in formatter (#10765) 2019-05-19 16:25:39 +02:00
Neil Moore
9e95af3391 Adds click-able div that expands status (#10733) (#10766)
The clickable div is positioned under the account avatar and covers
all empty space below it to the end of the status.
2019-05-19 16:25:20 +02:00
nzws
91e25a20ce Fix some colors in light theme (#10754)
* Fix typo in light theme

* Fix background color of empty column
2019-05-19 16:25:20 +02:00
ThibG
47e0928c5b Change icon and label depending on whether media is marked as sensitive (#10748)
* Change icon and label depending on whether media is marked as sensitive

* WiP use a checkbox
2019-05-19 16:25:20 +02:00
Maciek Baron
c407a4edf8 Improve poll link accessibility (#10720)
* Add distinction between hover and active/focus states
* Resolves #10198
2019-05-19 16:25:20 +02:00
Jeong Arm
7a6464bea0 Bring back crossed eye icon on gallery (#10715) 2019-05-19 16:25:20 +02:00
nzws
9679ec4fcb Fix some colors of high contrast theme (#10711)
* Fix "nothing here" text color of high contrast

* Fix counter border color of high contrast
2019-05-19 16:25:20 +02:00
ThibG
b40dfc124b Add description on hover in media gallery (#10713) 2019-05-19 16:25:20 +02:00
Aditoo17
b7741ed732 I18n: Update Czech translation 🇨🇿 (#10704)
* I18n: Update Czech translation

* Tiny fix
2019-05-05 15:33:33 +09:00
Baptiste Gelez
21209c2b52 Make sure the instance banner is never cropped (#10702) 2019-05-05 01:07:15 +02:00
ThibG
7aa749ab46 Fix transition: all (#10699) 2019-05-04 17:39:53 +02:00
ThibG
4f73cde4e1 Minor account media gallery fixes (#10695)
* Make the cursor icon consistant across media types in account media gallery

* Fix the video player modal causing scroll position to reset
2019-05-04 17:36:43 +02:00
ThibG
b85f216cbc Do not retry processing ActivityPub jobs raising validation errors (#10614)
* Do not retry processing ActivityPub jobs raising validation errors

Jobs yielding validation errors most probably won't ever be accepted,
so it makes sense not to clutter the queues with retries.

* Lower RecordInvalid error reporting to debug log level

* Remove trailing whitespace
2019-05-03 23:45:37 +02:00
Eugen Rochko
7cb369d4c6
Change e-mail whitelist/blacklist to not be checked when invited (#10683)
* Change e-mail whitelist/blacklist to not be checked when invited

And only when creating an account, not when updating it later

Fix #10648

* Fix test
2019-05-03 23:44:44 +02:00
Eugen Rochko
63b1388fef
Change font weight of sensitive button to 500 (#10682) 2019-05-03 20:44:20 +02:00
ThibG
91634947f8 Explicitly disable storage of REST API results (#10655)
Fixes #10652
2019-05-03 20:39:19 +02:00
ThibG
011b032300 Provide a link to existing domain block when trying to block an already-blocked domain (#10663)
* When trying to block an already-blocked domain, provide a link to the block

* Fix styling for links in flash messages

* Allow blocks to be upgraded but not downgraded
2019-05-03 20:36:36 +02:00
Eugen Rochko
eb63217210
Add button to view context to media modal (#10676)
* Add "view context" button to media modal when opened from gallery

* Add "view context" button to video modal

Allow closing the video modal by navigating back in the browser,
just like the media modal
2019-05-03 16:16:30 +02:00
ThibG
5121d9c12f When selecting a toot via keyboard, ensure it is scrolled into view (#10593) 2019-05-03 06:20:35 +02:00
Eugen Rochko
05ef3462ba
Make the "mark media as sensitive" button more obvious in web UI (#10673)
* Make the "mark media as sensitive" button more obvious in web UI

* Use eye-slash icon instead of eye icon to mean "hide"
2019-05-03 04:34:55 +02:00
Eugen Rochko
967e419f8f
Fix alignment of items in the account gallery in web UI and load more per page (#10674) 2019-05-03 04:02:55 +02:00
Eugen Rochko
3f143606fa
Change account gallery in web UI (#10667)
- 3 items per row instead of 2
- Use blurhash for previews
- Animate/hover-to-play GIFs and videos
- Open media modal instead of opening status
- Allow opening status instead with ctrl+click and open in new tab
2019-05-02 08:34:32 +02:00
ThibG
21a73c52a7 Check that an invite link is valid before bypassing approval mode (#10657)
* Check that an invite link is valid before bypassing approval mode

Fixes #10656

* Add tests

* Only consider valid invite links in registration controller

* fixup
2019-05-02 04:30:12 +02:00
partev
5e79dd3f17 Update hy.json (#10644) 2019-04-28 12:51:20 +09:00
Eugen Rochko
e18786dec7
Fix approved column being set to nil instead of false (#10642)
Fix https://github.com/tootsuite/mastodon/pull/10621#issuecomment-487316619
2019-04-27 23:55:16 +02:00
Eugen Rochko
fba96c808d
Add blurhash (#10630)
* Add blurhash

* Use fallback color for spoiler when blurhash missing

* Federate the blurhash and accept it as long as it's at most 5x5

* Display unknown media attachments as blurhash placeholders

* Improve style of embed actions and spoiler button

* Change blurhash resolution from 3x3 to 4x4

* Improve dependency definitions

* Fix code style issues
2019-04-27 03:24:09 +02:00
Eugen Rochko
e451ba0e83
Fix LDAP/PAM/SAML/CAS users not being approved instantly (#10621) 2019-04-25 02:49:25 +02:00
Eugen Rochko
f27d709351
Fix not being able to save e-mail preference for new pending accounts (#10622) 2019-04-25 02:49:06 +02:00
ThibG
852ccea676 Fix upload progressbar when image resizing is involved (#10632) 2019-04-25 02:48:54 +02:00
ThibG
b1a0322a06 Reject follow requests of blocked users (#10633) 2019-04-25 02:47:33 +02:00
Eugen Rochko
041fb0e840
Fix sign up button not saying sign up when invite is used (#10623)
Fix #10616
2019-04-23 04:39:21 +02:00
ThibG
0e78862b61 Allow switching between singe-option and multiple-option polls (#10603) 2019-04-22 14:56:14 +02:00
kedama
d763d39d26 Fix modal items cannot scroll on touch devices (#10605) 2019-04-22 14:55:50 +02:00
ThibG
bdec58b514 Minor code cleanup (#10613) 2019-04-22 14:55:24 +02:00
Ben Lubar
be8692b938 Default to the web domain (eg. mastodon.lubar.me) instead of the local domain (eg. lubar.me) for keybase proofs (#10565) 2019-04-21 04:53:24 +02:00
Yamagishi Kazutoshi
80c9cb0eb3 Add hi.json (#10573) 2019-04-21 04:52:20 +02:00
partev
d210d0a655 Update hy.json (#10591) 2019-04-21 04:48:47 +02:00
Daniel Aleksandersen
10bdd912d6 Treat meta[property] as a space-separated list (#10604)
The @property attribute in HTML is a space-separated list of values.
This change normalizes whitespace and finds the desired value in
the list instead of requiring an exact single-value match.

More details:
https://www.ctrl.blog/entry/rdfa-socialmedia-metadata.html
2019-04-21 04:48:19 +02:00
Jessica
01b1c377b1 Animate avatar GIFs on-hover on public profiles (#10549)
* Third time is the charm?

* Use full asset URL for data-static and data-original

̀image_tag` expands to the full asset URL, we have to do the same in `data` attributes so that it can work when assets and user data are stored on a different host
2019-04-21 04:47:39 +02:00
jeroenpraat
951f8d5b44 Update NL (Dutch) translation (#10601)
* Update NL language strings

Have to do it this way, cause this file is locked on Weblate

* fix

* Update simple_form.nl.yml

* Update nl.yml
2019-04-21 04:46:08 +02:00
ThibG
6e620dcab1 Use correct local names for fonts (#10594) 2019-04-21 04:42:02 +02:00
Sho Kusano
3e6c7f3617 Configrationable repository url (#10600)
* config: Add GITHUB_REPOSITORY for repository name

* config: Add SOURCE_BASE_URL for repository url

* Show source_url and repository name on getting started
2019-04-21 04:41:34 +02:00