Skip to content
Snippets Groups Projects
  1. Aug 24, 2020
    • santiagorodriguez96's avatar
      Add WebAuthn as an alternative 2FA method (#14466) · e8d41bc2
      santiagorodriguez96 authored
      
      * feat: add possibility of adding WebAuthn security keys to use as 2FA
      
      This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
      to the Settings page for editing the 2FA methods – now it will list the
      methods that are available to the user (TOTP and WebAuthn) and from
      there they'll be able to add or remove any of them.
      Also, it's worth mentioning that for enabling WebAuthn it's required to
      have TOTP enabled, so the first time that you go to the 2FA Settings
      page, you'll be asked to set it up.
      This work was inspired by the one donde by Github in their platform, and
      despite it could be approached in different ways, we decided to go with
      this one given that we feel that this gives a great UX.
      
      Co-authored-by: default avatarFacundo Padula <facundo.padula@cedarcode.com>
      
      * feat: add request for WebAuthn as second factor at login if enabled
      
      This commits adds the feature for using WebAuthn as a second factor for
      login when enabled.
      If users have WebAuthn enabled, now a page requesting for the use of a
      WebAuthn credential for log in will appear, although a link redirecting
      to the old page for logging in using a two-factor code will also be
      present.
      
      Co-authored-by: default avatarFacundo Padula <facundo.padula@cedarcode.com>
      
      * feat: add possibility of deleting WebAuthn Credentials
      
      Co-authored-by: default avatarFacundo Padula <facundo.padula@cedarcode.com>
      
      * feat: disable WebAuthn when an Admin disables 2FA for a user
      
      Co-authored-by: default avatarFacundo Padula <facundo.padula@cedarcode.com>
      
      * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA
      
      Following examples form other platforms like Github, we decided to make
      Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
      possibility of removing TOTP authentication only, leaving users with
      just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
      in order to remove second factor auth.
      The reason for WebAuthn being secondary to TOPT is that in that way,
      users will still be able to log in using their code from their phone's
      application if they don't have their security keys with them – or maybe
      even lost them.
      
      * We had to change a little the flow for setting up TOTP, given that now
        it's possible to setting up again if you already had TOTP, in order to
        let users modify their authenticator app – given that now it's not
        possible for them to disable TOTP and set it up again with another
        authenticator app.
        So, basically, now instead of storing the new `otp_secret` in the
        user, we store it in the session until the process of set up is
        finished.
        This was because, as it was before, when users clicked on 'Edit' in
        the new two-factor methods lists page, but then went back without
        finishing the flow, their `otp_secret` had been changed therefore
        invalidating their previous authenticator app, making them unable to
        log in again using TOTP.
      
      Co-authored-by: default avatarFacundo Padula <facundo.padula@cedarcode.com>
      
      * refactor: fix eslint errors
      
      The PR build was failing given that linting returning some errors.
      This commit attempts to fix them.
      
      * refactor: normalize i18n translations
      
      The build was failing given that i18n translations files were not
      normalized.
      This commits fixes that.
      
      * refactor: avoid having the webauthn gem locked to a specific version
      
      * refactor: use symbols for routes without '/'
      
      * refactor: avoid sending webauthn disabled email when 2FA is disabled
      
      When an admins disable 2FA for users, we were sending two mails
      to them, one notifying that 2FA was disabled and the other to notify
      that WebAuthn was disabled.
      As the second one is redundant since the first email includes it, we can
      remove it and send just one email to users.
      
      * refactor: avoid creating new env variable for webauthn_origin config
      
      * refactor: improve flash error messages for webauthn pages
      
      Co-authored-by: default avatarFacundo Padula <facundo.padula@cedarcode.com>
      Unverified
      e8d41bc2
  2. Jul 08, 2020
  3. Jul 07, 2020
  4. Jun 30, 2020
    • ThibG's avatar
      Add user notes on accounts (#14148) · 65506bac
      ThibG authored
      * Add UserNote model
      
      * Add UI for user notes
      
      * Put comment in relationships entity
      
      * Add API to create user notes
      
      * Copy user notes to new account when receiving a Move activity
      
      * Address some of the review remarks
      
      * Replace modal by inline edition
      
      * Please CodeClimate
      
      * Button design changes
      
      * Change design again
      
      * Cancel note edition when pressing Escape
      
      * Fixes
      
      * Tweak design again
      
      * Move “Add note” item, and allow users to add notes to themselves
      
      * Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
      Unverified
      65506bac
  5. Jun 29, 2020
    • Eugen Rochko's avatar
      Add customizable thumbnails for audio and video attachments (#14145) · 64aac307
      Eugen Rochko authored
      - Change audio files to not be stripped of metadata
      - Automatically extract cover art from audio if it exists
      - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
      - Add `icon` to represent it in attachments in ActivityPub
      - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
      - Fix duration of audio not being displayed on public pages until the file is loaded
      Unverified
      64aac307
  6. Jun 25, 2020
  7. Jun 21, 2020
  8. Jun 09, 2020
  9. Jun 05, 2020
  10. Jun 02, 2020
  11. May 10, 2020
  12. May 09, 2020
  13. May 08, 2020
  14. Apr 26, 2020
  15. Apr 16, 2020
  16. Apr 15, 2020
  17. Apr 05, 2020
    • ThibG's avatar
      Fix PostgreSQL load when linking in announcements (#13250) · 89e28c76
      ThibG authored
      * Fix PostgreSQL load when linking in announcements
      
      Fixes #13245 by caching status lookups
      
      Since statuses are supposed to be known already and we only
      need their URLs and a few other things, caching them should
      be fine.
      
      Since it's only used by announcements so far, there won't
      be much statuses to cache.
      
      * Perform status lookup when saving announcements, not when rendering them
      
      * Change EntityCache#status to fetch URLs instead of looking into the database
      
      * Move announcement link lookup to publishing worker
      
      * Address issues pointed out during review
      Unverified
      89e28c76
  18. Mar 12, 2020
  19. Mar 08, 2020
  20. Jan 27, 2020
  21. Jan 26, 2020
  22. Jan 23, 2020
    • Eugen Rochko's avatar
      Add announcements (#12662) · f52c988e
      Eugen Rochko authored
      * Add announcements
      
      Fix #11006
      
      * Add reactions to announcements
      
      * Add admin UI for announcements
      
      * Add unit tests
      
      * Fix issues
      
      - Add `with_dismissed` param to announcements API
      - Fix end date not being formatted when time range is given
      - Fix announcement delete causing reactions to send streaming updates
      - Fix announcements container growing too wide and mascot too small
      - Fix `all_day` being settable when no time range is given
      - Change text "Update" to "Announcement"
      
      * Fix scheduler unpublishing announcements before they are due
      
      * Fix filter params not being passed to announcements filter
      Unverified
      f52c988e
  23. Jan 21, 2020
  24. Jan 10, 2020
  25. Dec 29, 2019
    • ThibG's avatar
      Fix old migrations failing because of strong_migrations update (#12692) · 1155dc08
      ThibG authored
      Fixes #12690
      
      The `strong_migrations` update from ba2eac88
      introduced a check for `change_column_null` specific to Postgres. This rejects
      old migrations.
      
      This commit just wraps old migrations with `safety_assured` to bypass this
      check. Alternatives would have been to:
      - Disable that check entirely (a possibility added in that same
        `strong_migrations` version) for Mastodon, but it makes sense to write new
        migrations without such a strong lock.
      - Rewrite the old migrations to do it in a way that do not require an exclusive
        lock. I thought fixing those old migrations for performance wasn't worth the
        pain. Also, if I understand correctly, the next version of
        `strong_migrations` is going to include a helper to do that. We could update
        those migrations at that point.
      1155dc08
  26. Dec 18, 2019
  27. Dec 17, 2019
  28. Dec 04, 2019
  29. Nov 13, 2019
    • ThibG's avatar
      Add bookmarks (#7107) · dfea7368
      ThibG authored
      * Add backend support for bookmarks
      
      Bookmarks behave like favourites, except they aren't shared with other
      users and do not have an associated counter.
      
      * Add spec for bookmark endpoints
      
      * Add front-end support for bookmarks
      
      * Introduce OAuth scopes for bookmarks
      
      * Add bookmarks to archive takeout
      
      * Fix migration
      
      * Coding style fixes
      
      * Fix rebase issue
      
      * Update bookmarked_statuses to latest UI changes
      
      * Update bookmark actions to properly reflect status changes in state
      
      * Add bookmarks item to single-column layout
      
      * Make active bookmarks red
      dfea7368
  30. Nov 04, 2019
    • ThibG's avatar
      Add abilityto add oneself to lists (#12271) · 65e13cfa
      ThibG authored
      * Add ability to add oneself to lists
      
      * Change search results to include oneself when searching through followers
      
      * Mark follow relation as optional in ListAccount
      65e13cfa
  31. Oct 07, 2019
  32. Oct 02, 2019
  33. Sep 29, 2019
  34. Sep 27, 2019
  35. Sep 19, 2019
  36. Sep 18, 2019
Loading