In #2110, a new attachment type "unknown" was introduced for
attachments that were rejected due to a domain being blocked using
reject_media. However, the "type" field was never set to "unknown"
because a default value of "0" (image) is set for that column,
causing the `type.blank?` expression to always equal false.
This version uses type_changed? instead, causing the type to be set
to "unknown" unless a type has been explicitly set. This introduces
a small change in behaviour causing the type to be set to unknown
before paperclip calls `before_post_process`. Presumably this
behaviour is more appropriate than the current one because the
attachment type has not been determined by that point.
Included are new tests for `ProcessFeedService` and
`UpdateRemoteProfileService` which now check that remote media is
downloaded for non-blocked domains and is rejected for others.
* Add render_views in more places
* Delegate methods from account to user with allow nil true, so that admin accounts show view renders when missing a user
* Use actual account instances in authorize follow controller spec
* Add rough outline of coverage needed for public timeline
* Specs for visibility, replies, boosts
* Specs for silenced account
* Specs for local_only option
* Specs for blocks and mutes
* Add tentative spec around including other silenced account statuses
* Add with_public_visibility scope
* Add simple coverage for tag_timeline
* Tag timeline includes replies
* Replace tag.statuses with a tagged_with scope in tag timeline method
* Use with_public_visibility in tag timeline
* Extract common scope between public and tag timelines to method
* Extract local domain check to local_only scope
* Extract local_only check to starting scope method
* Move list of excluded from timeline account ids to account model
* Simplify excluded accounts list on account model
* Only join accounts when needed
* Rename method for account specific filtering
* Extract method for account exclusions
* Fix bug where silenced accounts were not including statuses from other silenced accounts
* DRY up filter application from account or no account
* timeline_scope can be private
* Add spec showing that account can find its excluded accounts ids
* Add spec which fails if local_only does not have a left outer join
* rubocop
* OEmbed support for PreviewCard
* Improve ProviderDiscovery code failure treatment
* Do not crawl links if there is a content warning, since those
don't display a link card anyway
* Reset db schema
* Fresh migrate
* Fix rubocop style issues
Fix#1681 - return existing access token when applicable instead of creating new
* Fix test
* Extract http client to helper
* Improve oembed controller
* Fixes#1985
- add migration AddMediaAttachmentMeta, which add meta field to media_attachments
- before saving attachment, set file meta if needed
- add meta in api
* add spec
* align the “size” format for image and video
* fix code climate
* fixes media_attachment_spec.rb
* Fix#2119 - Whenever about to send a HTTP request, normalize the URI
* Add test for IDN request in FetchLinkCardService
* Perform IDN normalization on domains before they are stored in the DB
* Expose media attachments on reported statuses directly
* Comment out unused bulk report checkbox. Add title to report comment for viewing full comment. Add 'contents' column, with icons and numerical indicators to show the number of referenced statuses and media attachments in the report
* Link account name on authorize_follow card back to account
* Add localisation string for report_contents
* Show new admin accounts card partial on report view. Apply simple_format to report comment so newlines are preserved.
* Add new admin accounts card partial, for display quick useful admin stats (e.g. report history, moderation status).
* Fix localized variable
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers
* Authorized followers controller, stub for bulk action
* Soft block in the background
* Add simple test for new controller
* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
* Clean up collapsible components
* Expose user Outboxes and AS2 representations of statuses
* Save work thus far.
* Fix bad merge.
* Save my work
* Clean up pagination.
* First test working.
* Add tests.
* Add Forbidden error template.
* Revert yarn.lock changes.
* Fix code style deviations and use localized instead of hardcoded English text.
* Shows confirmed status in list.
* Adds ability to confirm users in admin UI.
* Added new english translations.
* Addresses feedback from #2245.
* More feedback.
* Fix#2108 - Fix gif uploads
Add specs for media attachment gifv conversion
* Add ffmpeg to travis
* Make travis install ffmpeg, not libav
* Switch travis to trusty
* Add a ReportFilter class
* Add reports and targeted_reports relationships to Account
* Use ReportFilter from admin/reports controller
* Link to admin/reports filtered views from admin account show view
* Add indexes to reports.account_id and reports.target_account_id
* Remove unused method #set_counters_maps from api controller
* Remove unused method #set_account_counters_maps from api controller
* Remove unused method Account#followers_domains
* Remove unused User.prolific scope
* Add mastodon:users:admins task to list all admin emails
* Use interpolated query style in Account.triadic_closures
* Coverage for Account.triadic_closures
This introduces a new per-user preference called
"Auto-play animated GIFs", which is enabled by default. When a
user disables this setting, gifs in toots become click-to-play.
Previews of animated gifs were changed to display the video play
button so that users can distinguish them from regular images.
This setting also affects account avatars in the detailed account
view, which was changed to use the same hover-to-play mechanism
that is used for animated avatars in timelines.
Fixes#1652
* Rename admin.domain_block to admin.domain_blocks in prep for i18n improvement
* Use implicit controller/action path for i18n in admin/domain_blocks
* Add DomainBlock#accounts has_many
* Avoid i18n health warning for `en` locale by using symbol scope with :count
* Remove unused i18n key: plaintext_secret_html
* Remove unused i18n key two_factor_auth.warning
* Remove final will_paginate i18n keys
* Remove unused key two_factor_auth.recovery_codes
* Remove unused key: admin.reports.comment.none
* Remove unused reports. i18n namespace (moved to admin.reports)
* Ignore keys from locales which override activemodel and activerecord errors
* Revert "Remove unused key: admin.reports.comment.none"
This reverts commit 350ef2685f.
* Update i18n key reference to match moved location
* Add missing `en` keys to i18n
* Tell i18n-tasks to ignore missing attributes that dont need overwriting
* Add i18n-tasks unused to travis
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes#563 and fixes#987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
* Simplify admin/reports controller filtering for index
* Rename parameter to resolved
* Fix issue where reports view could not access filter_link_to
* Add coverage for admin/reports controller
* DRY up resolution of related reports for target account
* Clean up admin/reports routes
* Add Report#statuses method
* DRY up current account action taken params
* Rubocop styles
* Remove unused account_params method in admin/accounts controller
* Introduce AccountFilter to find accounts
* Use AccountFilter in admin/accounts controller
* Use more restful routes admin silence and suspension area
* Add admin/silences and admin/suspensions controllers
* Add basic coverage for settings/exports controller
* Remove unused @account variable from settings/exports controller
* Add coverage for download export actions
* Remove deprecated `render :text` in favor of `send_data` for csv downloads
* Add model to handle exports
* Use Export class in settings/exports controller
* Simplify settings/exports controller methods
* Move settings/export to more restful routes
* When avatar/header are GIF, generate static versions.
Account API returns "avatar"/"avatar_static", "header"/"header_static"
Static version is the same as original for other cases
Web UI de-animates avatars in toots, lists of users
Fix#441, fix#596, prerequisite for #1064
* Fix JS test
* Add rake task to generate static avatars/headers from GIF ones, add test
* Clean up SQL output in Tag and Account search methods
* Add basic coverage for Tag.search_for
* Add coverage for Account.search_for
* Add coverage for Account.advanced_search_for
Checking reblog vs original status was happening in multiple places
across the app. For views, this logic was encapsulated in a helper
method named `proper_status` but in the other layers of the app, the
logic was duplicated.
Because the logic is used at all layers of the app, we extracted it into
a `Status#proper` method on the model and changed all uses of the logic
to use this method. There is now a single source of truth for this
condition.
We added test coverage to untested methods that got refactored.
* Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder
StreamEntry is now limited to only statuses, which allows some optimization. Removed
extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper
used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer
and PubSubHubbub::DistributionWorker
PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker
instead.
All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri
* All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account