* Refactor signature verification a bit
* Rescue signature verification if recorded public key is invalid
Fixes#8822
* Always re-fetch AP signing key when HTTP Signature verification fails
But when the account is not marked as stale, avoid fetching collections and
media, and avoid webfinger round-trip.
* Apply stoplight to key/account update as well as initial key retrieval
* Use Contact User as Relay, Report, Subscribe.
* Use Account.representative to fetch contact user.
* Use find_local.
* No reason to use Account.representative in subscribe_service.
* Don't required representative!
* Fallback is included in Account.representative method.
* Do not LDS-sign Follow, Accept, Reject, Undo, Block
* Do not use LDS for Create activities of private toots
* Minor cleanup
* Ignore unsigned activities instead of misattributing them
* Use status.distributable? instead of querying visibility directly
* Add REST API for creating an account
The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.
The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.
The method is rate-limited by IP to 5 requests per 30 minutes.
* Redirect users back to app from confirmation if they were created with an app
* Add tests
* Return 403 on the method if registrations are not open
* Require agreement param to be true in the API when creating an account
* Add failing test for windows-1251 link cards
* Ignore low-confidence CharlockHolmes guesses
Fixes#9466
* Fix no method error when charlock holmes cannot detect charset
- Some associations were missing from the clean-up
- Some attributes were not reset on suspension
- Skip federation and streaming deletes when purging a dead domain
- Move account association definitions to concern
* Eliminate extra accounts select query from FollowService
* Optimistically update follow state in web UI and hide loading bar
Fix#6205
* Asynchronize NotifyService in FollowService
And fix failing test
* Skip Webfinger resolve routine when called from FollowService if possible
If an account is ActivityPub, then webfinger re-resolving is not necessary
when called from FollowService. Improve options of ResolveAccountService
* Nascent tag menu on frontend
* Hook up frontend to search
* Tag intersection backend first pass
* Update yarnlock
* WIP
* Fix for tags not searching correctly
* Make radio buttons function
* Simplify radio buttons with modeOption
* Better naming
* Rearrange options
* Add all/any/none functionality on backend
* Small PR cleanup
* Move to service from scope
* Small cleanup, add proper service tests
* Don't use send with user input :D
* Set appropriate column header
* Handle auto updating timeline
* Fix up toggle function
* Use tag value correctly
* A bit more correct to use 'self' rather than 'all' in status scope
* Fix some style issues
* Fix more code style issues
* Style select dropdown more better
* Only use to_id'ed value to ensure no SQL injection
* Revamp frontend to allow for multiple selects
* Update backend / col header to account for more flexible tagging
* Update brakeman ignore
* Codeclimate suggestions
* Fix presenter tag_url
* Implement initial PR feedback
* Handle additional tag streaming
* CodeClimate tweak
* Add profile to json+ld in Accept
It's required by the ActivityPub spec
* Use headers['Content-type'] instead of mime_type
mime_type strips the profile from the content type, but it's still available raw in the headers hash
* Add test for ld+json with profile
* Do not hide boost notifications from followed people with hidden boosts
Not displaying boosts from a followed user in the Home timeline and not
having notifications when they reblog your own content are two very
separate concerns, tying them together seem counter-intuitive and unwanted.
* Update specs accordingly
* Add locality check to ActivityPub::FetchRemoteAccountService
Fix#8643
Because there are a few places where it is called, it is difficult
to confirm if they all previously checked it for locality. It's better
to make sure within the service.
* Remove faux-remote duplicates of local accounts
* Add silent column to mentions
* Save silent mentions in ActivityPub Create handler and optimize it
Move networking calls out of the database transaction
* Add "limited" visibility level masked as "private" in the API
Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic
* Ensure silent column is non-null, add spec
* Ensure filters don't check silent mentions for blocks/mutes
As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering
* Clean up code
* Use Status#active_mentions to limit returned mentions
* Fix code style issues
* Use Status#active_mentions in Notification
And remove stream_entry eager-loading from Notification
* Add conversations API
* Add web UI for conversations
* Add test for conversations API
* Add tests for ConversationAccount
* Improve web UI
* Rename ConversationAccount to AccountConversation
* Remove conversations on block and mute
* Change last_status_id to be a denormalization of status_ids
* Add optimistic locking
UX-wise, people expect that saving the profile will re-check links even without changing fields content. Bug-wise, `@account` was undefined.
Regression from #8703
* Verify link ownership with rel="me"
* Add explanation about verification to UI
* Perform link verifications
* Add click-to-copy widget for verification HTML
* Redesign edit profile page
* Redesign forms
* Improve responsive design of settings pages
* Restore landing page sign-up form
* Fix typo
* Support <link> tags, add spec
* Fix links not being verified on first discovery and passive updates
* If an Update is signed with known key, skip re-following procedure
Because it means the remote actor did *not* lose their database
* Add CLI method for rotating keys
bin/tootctl accounts rotate [USERNAME]
Generates a new RSA key per account and sends out an Update activity
signed with the old key.
* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts
* Skip suspended accounts in key rotation
* Allow accessing local private/DM messages by URL
(Provided the user pasting the URL is authorized to see the toot, obviously)
* Fix SearchServiceSpec tests
* Re-add follow recommendations API
GET /api/v1/suggestions
Removed in 8efa081f21 due to Neo4J
dependency. The algorithm uses triadic closures, takes into account
suspensions, blocks, mutes, domain blocks, excludes locked and moved
accounts, and prefers more recently updated accounts.
* Track interactions with people you don't follow
Replying to, favouriting and reblogging someone you're not following
will make them show up in follow recommendations. The interactions
have different weights:
- Replying is 1
- Favouriting is 10 (decidedly positive interaction, but private)
- Reblogging is 20
Following them, muting or blocking will remove them from the list,
obviously.
* Remove triadic closures, ensure potential friendships are trimmed
Ref: cfa9b6e13a
This breaks compatibility with pre-2.3.0 Mastodon and older
software, but at the time of writing the network is >80% above
that version.
Compatibility broken only for toots with no text.
* Send rejections to followers when user hides domain they're on
* Use account domain blocks for "authorized followers" action
Replace soft-blocking (block & unblock) behaviour with follow rejection
* Split sync and async work of account domain blocking
Do not create domain block when removing followers by domain, that
is probably unexpected from the user's perspective.
* Adjust confirmation message for domain block
* yarn manage:translations
Old statuses and statuses from Pawoo, which runs a modified version of
Mastodon, may not have been marked sensitive even if spoiler text is
present.
Such statuses are still not marked sensitve if they are local or
arrived before version upgrade. Marking recently fetched remote status
sensitive contradicts the behavior.
Considering what people expected when they authored such statuses, this
change removes the sensitivity enforcement.
Do not touch statuses_count on accounts table when mass-destroying
statuses to reduce load when removing accounts, same for
reblogs_count and favourites_count
Do not count statuses with direct visibility in statuses_count
Fix#828
* Track trending tags
- Half-life of 1 day
- Historical usage in daily buckets (last 7 days stored)
- GET /api/v1/trends
Fix#271
* Add trends to web UI
* Don't render compose form on search route, adjust search results header
* Disqualify tag from trends if it's in disallowed hashtags setting
* Count distinct accounts using tag, ignore silenced accounts
Updates account `uri` field on each call to `update_account` instead of
only once during `create_account` to mirror the same behavior in OStatus
`ResolveAccountService` class [0].
ActivityPub accounts are identified using `@username` and `@domain` pair
instead of URI since #6842.
This fixes#7479: a bug when the account identified by `@username` and
`@domain` changes its URI.
[0]:
03b69ebc45/app/services/resolve_account_service.rb (L121)
When an ActivityPub Announce is processed and the boosted toot is not known,
fetch it on behalf of one of the booster's followers. This is to allow
fetching self-boosts of previously-unknown private toots.
If fetching on behalf of a user fails, try fetching it anonymously: the
selected follower of a boosting user may be banned by the boosted toot's
author.
- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
Offload creation of local notifications to a worker. Remove two
redundant SQL queries from ProcessMentionsService, remove n+1
XML/JSON serialization via memoization
* No need to re-require sidekiq plugins, they are required via Gemfile
* Add derailed_benchmarks tool, no need to require TTY gems in Gemfile
* Replace ruby-oembed with FetchOEmbedService
Reduce startup by 45382 allocated objects
* Remove preloaded JSON-LD in favour of caching HTTP responses
Reduce boot RAM by about 6 MiB
* Fix tests
* Fix test suite by stubbing out JSON-LD contexts
* Remove most behaviour disparities between blocks and mutes
The only differences between block and mute should be:
- Mutes can optionally NOT affect notifications
- Mutes should not be visible to the muted
Fix#7230Fix#5713
* Do not allow boosting someone you blocked
Fix#7248
* Do not allow favouriting someone you blocked
* Fix nil error in StatusPolicy
* Add equals_or_includes_any? helper in JsonLdHelper
* Support arrays in JSON-LD type fields for actors/tags/objects.
* Spec for resolving accounts with extension types
* Style tweaks for codeclimate
* Added a timeline for Direct statuses
* Lists all Direct statuses you've sent and received
* Displayed in Getting Started
* Streaming server support for direct TL
* Changes to match other timelines in 2.0
ThibG
Eugen Rochko
Naoki Kosaka
kodai
Jeong Arm
Sumit Khanna
ysksn
valerauko
James Kiesel
m.b
abcang
Quint Guvernator
Yamagishi Kazutoshi
Akihiko Odaki
unarist
Wiktor
Surinna Curtis
Emelia Smith
Kaito Sinclaire