* Shows confirmed status in list.
* Adds ability to confirm users in admin UI.
* Added new english translations.
* Addresses feedback from #2245.
* More feedback.
* Add spec coverage for settings/two_factor_auth area
* extract setup method for qr code
* Move otp required check to before action
* Merge method only used once
* Remove duplicate view
* Consolidate creation of @codes for backup
* Move settings/2fq#recovery_codes to settings/recovery_codes#create
* Rename settings/two_factor_auth#disable to #destroy
* Add coverage for the otp required path on 2fa#show
* Clean up the recovery codes list styles
* Move settings/two_factor_auth to settings/two_factor_authentication
* Reorganize the settings two factor auth area
Updated to use a flow like:
- settings/two_factor_authentication goes to a #show view which has a button
either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
codes
- that create action shares a view with a recovery codes controller which can be
used separately to reset codes if needed
* Add render_views for admin/settings spec
* Add coverage for admin/settings#update
* Add coverage for admin/settings typecasting open_registrations setting
* Simplify how admin/settings finds the value for updating
* Rely on activerecord to not update a value that hasnt changed
* Add coverage for non-existent setting
* Use a constant for boolean settings
* Fix#2108 - Fix gif uploads
Add specs for media attachment gifv conversion
* Add ffmpeg to travis
* Make travis install ffmpeg, not libav
* Switch travis to trusty
* Add routing specs for accounts followers and following actions
* Use more restful route naming for public account follow pages
Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index
Adds routing spec to ensure prior URLs are preserved.
* Extract detect_language to separate class
* Use default locale, not just en
* Add spec to confirm that whatlanguage cant identify empty string
* Allow account locale to override default in language detector
* PostStatusService supplies an account to detect language
* Add a ReportFilter class
* Add reports and targeted_reports relationships to Account
* Use ReportFilter from admin/reports controller
* Link to admin/reports filtered views from admin account show view
* Add indexes to reports.account_id and reports.target_account_id
* Remove unused method #set_counters_maps from api controller
* Remove unused method #set_account_counters_maps from api controller
* Remove unused method Account#followers_domains
* Remove unused User.prolific scope
* Add mastodon:users:admins task to list all admin emails
* Use interpolated query style in Account.triadic_closures
* Coverage for Account.triadic_closures
* Move site title helper to instance helper (name change only)
* Remove newline in <title> tag
* Add site_hostname helper method to wrap up local_domain value
* Use site_hostname helper in places that need local_domain value
These were being skipped with `xit`, but we also just added the `unused` task to
the CI server, and it will be caught there. That seems good enough for this,
instead of requiring a full keys check on every local spec suite run.
This change includes:
- Improve the spec coverage for incoming request to the webfinger action
- For requests without an accept header (ie, what a browser might look like),
return a JSON response.
- For requests with an explicit format of xml or json, return that format.
- For requests using an accept header, return that format.
Also adds failing spec showing webfinger does not return xml, which covers the
issue described in: https://github.com/tootsuite/mastodon/issues/1983
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes#563 and fixes#987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
* Begin coverage for account search service
* Coverage for hashtag query
* Coverage for calling local vs remote find based on domain presence
* Spec to check that exact matches are not duped
* Coverage of resolve option
* Coverage for account being provided
* Start to refactor account search service
* Isolate query username and domain methods
* Isolate exact_match method
* Extract methods for local and remote results
* Simplify local vs remote and account isoliation
* Extract methods for local and remote results
* Simplify de-dupe of exact match
* Simplify logic to check for non exact remotes
* Cache some methods
* Remove nil from exact_match from results array
* Return exact matches first
* Use find_remote even with no domain
Account.find_local is just an alias for Account.find_remote(user, nil) - so we
can not bother with the conditional here, and call find_remote directly.
* Refresh local info for remote accounts when webfinger returns new values
It only refreshes account info if one of the URLs or the public-key changes,
in which cases it refreshes the full info, re-downloading the feeds from that
user.
Some special handling should probably be done when the public key changes,
but I have been unable to find any use for it in Mastodon yet.
* Re-fetch remote users we aren't subscribed to.
This might induce performance issues, we might want to only do that for users
we explicitly attempted to subscribe but failed to.
* Refactor changes
* Do not refresh existing remote account details more than once a day
* Avoid re-fetching webfinger info in tests unless otherwise specified
This commit introduces Capybara and the first feature spec.
I focused on coverage for log in for the first feature spec because that would
have prevented 624a9a7136 causing #1236.
* Add locale spec with failing locale plus region check
* Use a more accurate locale when supplied by browser headers
Previously we were using a matching option which would use the first locale
available which matched the locale portion, even if a region was specified.
This changes to first try to find an exact match, and then fall back to the
region, and then fall back to the default.
* Clean up default_locale method
* Simplify admin/reports controller filtering for index
* Rename parameter to resolved
* Fix issue where reports view could not access filter_link_to
* Add coverage for admin/reports controller
* DRY up resolution of related reports for target account
* Clean up admin/reports routes
* Add Report#statuses method
* DRY up current account action taken params
* Rubocop styles
* Add request spec for host meta route returning xml
* Add routing spec for xrd routes
* Update well-known routes
* Move webfinger and host-meta actions to their own controllers
* Remove unused account_params method in admin/accounts controller
* Introduce AccountFilter to find accounts
* Use AccountFilter in admin/accounts controller
* Use more restful routes admin silence and suspension area
* Add admin/silences and admin/suspensions controllers
* Remote spec for non-existent entry_classes helper method
This method no longer exists, and is handled by a local variable in a partial
instead.
* Remove spec for non-existent Account#ping! method