Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA
This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add request for WebAuthn as second factor at login if enabled
This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add possibility of deleting WebAuthn Credentials
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: disable WebAuthn when an Admin disables 2FA for a user
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA
Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.
* We had to change a little the flow for setting up TOTP, given that now
it's possible to setting up again if you already had TOTP, in order to
let users modify their authenticator app – given that now it's not
possible for them to disable TOTP and set it up again with another
authenticator app.
So, basically, now instead of storing the new `otp_secret` in the
user, we store it in the session until the process of set up is
finished.
This was because, as it was before, when users clicked on 'Edit' in
the new two-factor methods lists page, but then went back without
finishing the flow, their `otp_secret` had been changed therefore
invalidating their previous authenticator app, making them unable to
log in again using TOTP.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* refactor: fix eslint errors
The PR build was failing given that linting returning some errors.
This commit attempts to fix them.
* refactor: normalize i18n translations
The build was failing given that i18n translations files were not
normalized.
This commits fixes that.
* refactor: avoid having the webauthn gem locked to a specific version
* refactor: use symbols for routes without '/'
* refactor: avoid sending webauthn disabled email when 2FA is disabled
When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.
* refactor: avoid creating new env variable for webauthn_origin config
* refactor: improve flash error messages for webauthn pages
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> 3 years ago Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add moderation warnings (#9519)
* Add moderation warnings
Replace individual routes for disabling, silencing, and suspending
a user, as well as the report update route, with a unified account
action controller that allows you to select an action (none,
disable, silence, suspend) as well as whether it should generate an
e-mail notification with optional custom text. That notification,
with the optional custom text, is saved as a warning.
Additionally, there are warning presets you can configure to save
time when performing the above.
* Use Account#local_username_and_domain
5 years ago Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA
This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add request for WebAuthn as second factor at login if enabled
This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add possibility of deleting WebAuthn Credentials
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: disable WebAuthn when an Admin disables 2FA for a user
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA
Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.
* We had to change a little the flow for setting up TOTP, given that now
it's possible to setting up again if you already had TOTP, in order to
let users modify their authenticator app – given that now it's not
possible for them to disable TOTP and set it up again with another
authenticator app.
So, basically, now instead of storing the new `otp_secret` in the
user, we store it in the session until the process of set up is
finished.
This was because, as it was before, when users clicked on 'Edit' in
the new two-factor methods lists page, but then went back without
finishing the flow, their `otp_secret` had been changed therefore
invalidating their previous authenticator app, making them unable to
log in again using TOTP.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* refactor: fix eslint errors
The PR build was failing given that linting returning some errors.
This commit attempts to fix them.
* refactor: normalize i18n translations
The build was failing given that i18n translations files were not
normalized.
This commits fixes that.
* refactor: avoid having the webauthn gem locked to a specific version
* refactor: use symbols for routes without '/'
* refactor: avoid sending webauthn disabled email when 2FA is disabled
When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.
* refactor: avoid creating new env variable for webauthn_origin config
* refactor: improve flash error messages for webauthn pages
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> 3 years ago |
|
- ---
- en:
- simple_form:
- hints:
- account_alias:
- acct: Specify the username@domain of the account you want to move from
- account_migration:
- acct: Specify the username@domain of the account you want to move to
- account_warning_preset:
- text: You can use toot syntax, such as URLs, hashtags and mentions
- title: Optional. Not visible to the recipient
- admin_account_action:
- include_statuses: The user will see which toots have caused the moderation action or warning
- send_email_notification: The user will receive an explanation of what happened with their account
- text_html: Optional. You can use toot syntax. You can <a href="%{path}">add warning presets</a> to save time
- type_html: Choose what to do with <strong>%{acct}</strong>
- warning_preset_id: Optional. You can still add custom text to end of the preset
- announcement:
- all_day: When checked, only the dates of the time range will be displayed
- ends_at: Optional. Announcement will be automatically unpublished at this time
- scheduled_at: Leave blank to publish the announcement immediately
- starts_at: Optional. In case your announcement is bound to a specific time range
- text: You can use toot syntax. Please be mindful of the space the announcement will take up on the user's screen
- defaults:
- autofollow: People who sign up through the invite will automatically follow you
- avatar: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
- bot: This account mainly performs automated actions and might not be monitored
- context: One or multiple contexts where the filter should apply
- current_password: For security purposes please enter the password of the current account
- current_username: To confirm, please enter the username of the current account
- digest: Only sent after a long period of inactivity and only if you have received any personal messages in your absence
- discoverable: The profile directory is another way by which your account can reach a wider audience
- email: You will be sent a confirmation e-mail
- fields: You can have up to 4 items displayed as a table on your profile
- header: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
- inbox_url: Copy the URL from the frontpage of the relay you want to use
- irreversible: Filtered toots will disappear irreversibly, even if filter is later removed
- locale: The language of the user interface, e-mails and push notifications
- locked: Requires you to manually approve followers
- password: Use at least 8 characters
- phrase: Will be matched regardless of casing in text or content warning of a toot
- scopes: Which APIs the application will be allowed to access. If you select a top-level scope, you don't need to select individual ones.
- setting_aggregate_reblogs: Do not show new boosts for toots that have been recently boosted (only affects newly-received boosts)
- setting_default_sensitive: Sensitive media is hidden by default and can be revealed with a click
- setting_display_media_default: Hide media marked as sensitive
- setting_display_media_hide_all: Always hide media
- setting_display_media_show_all: Always show media
- setting_hide_network: Who you follow and who follows you will not be shown on your profile
- setting_noindex: Affects your public profile and status pages
- setting_show_application: The application you use to toot will be displayed in the detailed view of your toots
- setting_use_blurhash: Gradients are based on the colors of the hidden visuals but obfuscate any details
- setting_use_pending_items: Hide timeline updates behind a click instead of automatically scrolling the feed
- username: Your username will be unique on %{domain}
- whole_word: When the keyword or phrase is alphanumeric only, it will only be applied if it matches the whole word
- domain_allow:
- domain: This domain will be able to fetch data from this server and incoming data from it will be processed and stored
- email_domain_block:
- domain: This can be the domain name that shows up in the e-mail address, the MX record that domain resolves to, or IP of the server that MX record resolves to. Those will be checked upon user sign-up and the sign-up will be rejected.
- with_dns_records: An attempt to resolve the given domain's DNS records will be made and the results will also be blocked
- featured_tag:
- name: 'You might want to use one of these:'
- form_challenge:
- current_password: You are entering a secure area
- imports:
- data: CSV file exported from another Mastodon server
- invite_request:
- text: This will help us review your application
- sessions:
- otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:'
- webauthn: If it's an USB key be sure to insert it and, if necessary, tap it.
- tag:
- name: You can only change the casing of the letters, for example, to make it more readable
- user:
- chosen_languages: When checked, only toots in selected languages will be displayed in public timelines
- labels:
- account:
- fields:
- name: Label
- value: Content
- account_alias:
- acct: Handle of the old account
- account_migration:
- acct: Handle of the new account
- account_warning_preset:
- text: Preset text
- title: Title
- admin_account_action:
- include_statuses: Include reported toots in the e-mail
- send_email_notification: Notify the user per e-mail
- text: Custom warning
- type: Action
- types:
- disable: Disable login
- none: Do nothing
- silence: Silence
- suspend: Suspend and irreversibly delete account data
- warning_preset_id: Use a warning preset
- announcement:
- all_day: All-day event
- ends_at: End of event
- scheduled_at: Schedule publication
- starts_at: Start of event
- text: Announcement
- defaults:
- autofollow: Invite to follow your account
- avatar: Avatar
- bot: This is a bot account
- chosen_languages: Filter languages
- confirm_new_password: Confirm new password
- confirm_password: Confirm password
- context: Filter contexts
- current_password: Current password
- data: Data
- discoverable: List this account on the directory
- display_name: Display name
- email: E-mail address
- expires_in: Expire after
- fields: Profile metadata
- header: Header
- inbox_url: URL of the relay inbox
- irreversible: Drop instead of hide
- locale: Interface language
- locked: Lock account
- max_uses: Max number of uses
- new_password: New password
- note: Bio
- otp_attempt: Two-factor code
- password: Password
- phrase: Keyword or phrase
- setting_advanced_layout: Enable advanced web interface
- setting_aggregate_reblogs: Group boosts in timelines
- setting_auto_play_gif: Auto-play animated GIFs
- setting_boost_modal: Show confirmation dialog before boosting
- setting_crop_images: Crop images in non-expanded toots to 16x9
- setting_default_language: Posting language
- setting_default_privacy: Posting privacy
- setting_default_sensitive: Always mark media as sensitive
- setting_delete_modal: Show confirmation dialog before deleting a toot
- setting_display_media: Media display
- setting_display_media_default: Default
- setting_display_media_hide_all: Hide all
- setting_display_media_show_all: Show all
- setting_expand_spoilers: Always expand toots marked with content warnings
- setting_hide_network: Hide your network
- setting_noindex: Opt-out of search engine indexing
- setting_reduce_motion: Reduce motion in animations
- setting_show_application: Disclose application used to send toots
- setting_system_font_ui: Use system's default font
- setting_theme: Site theme
- setting_trends: Show today's trends
- setting_unfollow_modal: Show confirmation dialog before unfollowing someone
- setting_use_blurhash: Show colorful gradients for hidden media
- setting_use_pending_items: Slow mode
- severity: Severity
- sign_in_token_attempt: Security code
- type: Import type
- username: Username
- username_or_email: Username or Email
- whole_word: Whole word
- email_domain_block:
- with_dns_records: Include MX records and IPs of the domain
- featured_tag:
- name: Hashtag
- interactions:
- must_be_follower: Block notifications from non-followers
- must_be_following: Block notifications from people you don't follow
- must_be_following_dm: Block direct messages from people you don't follow
- invite:
- comment: Comment
- invite_request:
- text: Why do you want to join?
- notification_emails:
- digest: Send digest e-mails
- favourite: Someone favourited your status
- follow: Someone followed you
- follow_request: Someone requested to follow you
- mention: Someone mentioned you
- pending_account: New account needs review
- reblog: Someone boosted your status
- report: New report is submitted
- trending_tag: An unreviewed hashtag is trending
- tag:
- listable: Allow this hashtag to appear in searches and on the profile directory
- name: Hashtag
- trendable: Allow this hashtag to appear under trends
- usable: Allow toots to use this hashtag
- 'no': 'No'
- recommended: Recommended
- required:
- mark: "*"
- text: required
- title:
- sessions:
- webauthn: Use one of your security keys to sign in
- 'yes': 'Yes'
|