Commit Graph

86 Commits

Author SHA1 Message Date
Kay Faraday 492a0c7b54 merge latest glitch-soc 2023-09-22 02:57:14 +00:00
Claire 16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
Kay Faraday efceb36cd4 merge latest glitch-soc 2023-08-19 04:02:58 +00:00
Christian Schmidt ca342d4838
Add List-Unsubscribe email header (#26085) 2023-08-01 19:34:40 +02:00
Kay Faraday caa7762b42 merge latest glitch-soc 2023-07-29 16:47:00 +00:00
Kay Faraday 6828369ae6 merge #2221 2023-07-29 03:11:38 +00:00
Matt Jankowski f3fca78756
Refactor `NotificationMailer` to use parameterization (#25718) 2023-07-10 03:06:22 +02:00
Matt Jankowski cf33028f35
Admin mailer parameterization (#25759) 2023-07-08 20:03:38 +02:00
Eugen Rochko 6637ef7852
Add unsubscribe link to e-mails (#25378) 2023-06-12 14:22:46 +02:00
Kay Faraday 5c1401ea9e Merge branch 'custom-emoji-reactions' 2023-04-27 07:15:21 +00:00
Heitor de Melo Cardozo 4601e0dcbb
Add user handle to notification mail recipient address (#24240)
Co-authored-by: luccamps <luccamps@users.noreply.github.com>
Co-authored-by: Leonardo Negreiros de Oliveira <negreirosleo12@gmail.com>
Co-authored-by: Marcio Flavio <mflaviof1995@gmail.com>
Co-authored-by: Gabriel Quaresma <j.quaresmasantos_98@hotmail.com>
2023-04-17 11:06:06 +02:00
Claire d6679d1751
Add mail headers to avoid auto-replies (#23597) 2023-03-03 20:44:46 +01:00
Nick Schonning f0e1b12c10
Autofix Rubocop Style/ExplicitBlockArgument (#23704) 2023-02-20 11:18:08 +09:00
Kay Faraday 7ad0ec2fba Merge branch 'main' of https://github.com/glitch-soc/mastodon 2023-02-11 01:14:01 +00:00
zunda 09191dee66
Add single splat to callback method definitions to avoid ArgumentError (#22246)
It looks like a [bug](https://bugs.ruby-lang.org/issues/18633) around
autosplat is [fixed](fbaadd1cfe)
on ruby-3.2.0-rc1 and breaks a test (but not on ruby <= 3.1.3):

```
$ bundle exec rspec ./spec/controllers/api/v1/emails/confirmations_controller_spec.rb:41
  :
  1) Api::V1::Emails::ConfirmationsController#create with an oauth token from an app that created the account when the account is already confirmed but user changed e-mail and has not confirmed it returns http success
     Failure/Error:
         def email_changed(user, **)
           @resource = user
           @instance = Rails.configuration.x.local_domain

           return unless @resource.active_for_authentication?

           I18n.with_locale(locale) do
             mail to: @resource.email, subject: I18n.t('devise.mailer.email_changed.subject')
           end
         end

     ArgumentError:
       wrong number of arguments (given 2, expected 1)
     # ./app/mailers/user_mailer.rb:51:in `email_changed'
     # ./app/models/user.rb:444:in `render_and_send_devise_message'
     # ./app/models/user.rb:430:in `block in send_pending_devise_notifications'
     # ./app/models/user.rb:429:in `each'
     # ./app/models/user.rb:429:in `send_pending_devise_notifications'
     # ./spec/controllers/api/v1/emails/confirmations_controller_spec.rb:38:in `block (7 levels) in <top (required)>'
```
2022-12-13 20:03:16 +01:00
Kay Faraday c29dfcdf53 Merge branch 'main' of https://github.com/glitch-soc/mastodon 2022-11-23 06:01:42 +00:00
Kay Faraday 5012cb42ae Merge branch 'main' of https://github.com/glitch-soc/mastodon 2022-10-21 05:50:19 +00:00
Eugen Rochko 45ebdb72ca
Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
Eugen Rochko 0b3e4fd5de
Remove digest e-mails (#17985)
* Remove digest e-mails

* Remove digest-related code
2022-08-25 23:38:22 +02:00
Kay Faraday 44ea79f4b2 Merge branch 'main' of https://github.com/glitch-soc/mastodon 2022-07-02 20:56:22 +00:00
Jeong Arm fed7380e9f
Prevent use locale with empty string (#18543)
Somehow user's locale could be an empty string, And empty string itself
are treated as true value.
2022-05-28 14:32:08 +02:00
Kay Faraday a0c818309d Merge branch 'main' of https://github.com/glitch-soc/mastodon 2022-05-06 01:24:07 +00:00
Kay Faraday 52d7d52dac fix reply_to for new pending accounts emails 2022-04-14 20:53:36 +00:00
Claire ce9dcbea32
Fix failure when sending warning emails with custom text (#17983)
* Add tests

* Fix failure when sending warning emails with custom text
2022-04-07 14:47:30 +02:00
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00
Kay Faraday d6f2cd068b Merge branch 'main' of https://github.com/glitch-soc/mastodon 2022-04-01 01:48:02 +00:00
Eugen Rochko cefa526c6d
Refactor formatter (#17828)
* Refactor formatter

* Move custom emoji pre-rendering logic to view helpers

* Move more methods out of Formatter

* Fix code style issues

* Remove Formatter

* Add inline poll options to RSS feeds

* Remove unused helper method

* Fix code style issues

* Various fixes and improvements

* Fix test
2022-03-26 02:53:34 +01:00
Eugen Rochko 27965ce5ed
Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
helloworldstack 2426577a91
Fix sign in token and warning emails failed to send in some cases (#17589) 2022-02-18 20:43:42 +01:00
Kay Faraday 47e3c334e3 Merge remote-tracking branch 'glitch/main' 2022-02-17 02:20:01 +00:00
Eugen Rochko 564efd0651
Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko 14f436c457
Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Kay Faraday 390fd84e20 Merge branch 'main' of https://github.com/glitch-soc/mastodon into fork 2021-12-03 03:45:24 +00:00
Eugen Rochko a458b74c7e
Fix error on trending mailer due to missing constant (#17072) 2021-11-29 17:39:40 +01:00
Eugen Rochko 6e50134a42
Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Kay Faraday 4ec713ae6c Add Reply-To header for new pending account emails
When I deny someone's application, I usually send them an email explaining why.
This patch facilitates that.
2021-08-03 11:00:30 +02:00
Claire 43eff898a0
Prepare Mastodon for Rails 6 (#15911)
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
2021-03-17 10:09:55 +01:00
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
Eugen Rochko 72a7cfaa39
Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
Renato "Lond" Cerqueira 37dc12dd53
Fix error when sending moderation notification (#13014)
Since the statuses helper is not loaded, the rtl helper cannot be found
and the email cannot be sent.
2020-02-01 15:42:12 +01:00
Takeshi Umeda a6269b2f83 Split AccountsHelper from StatusesHelper (#12078) 2019-10-24 22:50:09 +02:00
Eugen Rochko e1066cd431
Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
2019-09-18 16:37:27 +02:00
Eugen Rochko 73ca0bb925
Add option to include reported statuses in warning e-mail (#11639) 2019-08-23 22:37:23 +02:00
Eugen Rochko 115dab78f1
Change admin UI for hashtags and add back whitelisted trends (#11490)
Fix #271

Add back the `GET /api/v1/trends` API with the caveat that it does
not return tags that have not been allowed to trend by the staff.

When a hashtag begins to trend (internally) and that hashtag has
not been previously reviewed by the staff, the staff is notified.

The new admin UI for hashtags allows filtering hashtags by where
they are used (e.g. in the profile directory), whether they have
been reviewed or are pending reviewal, they show by how many people
the hashtag is used in the directory, how many people used it
today, how many statuses with it have been created today, and it
allows fixing the name of the hashtag to make it more readable.

The disallowed hashtags feature has been reworked. It is now
controlled from the admin UI for hashtags instead of from
the file `config/settings.yml`
2019-08-05 19:54:29 +02:00
Eugen Rochko b851456139
Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` (#11247) 2019-07-07 16:16:51 +02:00
Eugen Rochko 874bd3ac0c
Fix error in AdminMailer#new_pending_account (#10264) 2019-03-14 14:20:22 +01:00
Eugen Rochko 51e154f5e8
Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
Eugen Rochko 66436d0895
Improve e-mail digest (#9689)
- Reduce time-to-digest from 20 to 7 days
- Fetch mentions starting from +1 day since last login
- Fix case when last login is more recent than last e-mail
- Do not render all mentions, only 40, but show number in subject
- Do not send digest to moved accounts
- Do send digest to silenced accounts
2019-01-02 10:47:32 +01:00
Eugen Rochko 3c033c4352
Add moderation warnings (#9519)
* Add moderation warnings

Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.

Additionally, there are warning presets you can configure to save
time when performing the above.

* Use Account#local_username_and_domain
2018-12-22 20:02:09 +01:00