Jeong Arm
c8ce728705
Support authentication for ElasticSearch ( #16890 )
...
* Support authentication for ElasticSearch
* Fix chewy auth settings
2021-10-24 17:20:03 +02:00
夕日
58204175cc
Fix the wrong full documentation link ( #14293 )
2020-07-12 22:11:31 +02:00
Eugen Rochko
2f2ab48b75
Add back a cleaner and leaner .env.production.sample ( #14206 )
2020-07-03 21:01:39 +02:00
Eugen Rochko
8c04e37b03
Remove the terms blacklist and whitelist from UX ( #14149 )
...
Localization strings:
- "Whitelist mode" -> "Limited federation mode"
- "Blacklist e-mail domain" -> "Block e-mail domain"
- "Whitelist domain" -> "Allow domain for federation"
...And so on
Environment variables (backwards-compatible):
- `WHITELIST_MODE` -> `LIMITED_FEDERATION_MODE`
- `EMAIL_DOMAIN_BLACKLIST` -> `EMAIL_DOMAIN_DENYLIST`
- `EMAIL_DOMAIN_WHITELIST` -> `EMAIL_DOMAIN_ALLOWLIST`
tootctl:
- `tootctl domains purge --whitelist-mode` -> `tootctl domains purge --limited-federation-mode`
Removed badly maintained and no longer relevant .env.production.sample file
2020-06-27 20:20:11 +02:00
Denis Teyssier
73f3842284
Updated docker-compose snippet to a working one ( #13196 )
...
added 'bundle exec' before rake
2020-05-10 09:50:06 +02:00
ThibG
27f9aa3477
Document AUTHORIZED_FETCH mode and WHITELIST_MODE ( #12856 )
...
* Document AUTHORIZED_FETCH mode and WHITELIST_MODE
* Replace extended description with a link to the online docs
2020-01-23 00:43:54 +01:00
Aries
44f88a334b
Fix sample SAML_ACS_URL, SAML_ISSUER ( #12669 )
2019-12-23 18:12:22 +01:00
Mathieu Brunot
bd8dc9bd0c
✨ Add an LDAP Mail attribute config ( #12053 )
...
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2019-12-01 18:52:21 +01:00
Mathieu Brunot
d70268f099
✨ Convert LDAP username ( #12461 )
...
* ✨ Convert LDAP username #12021
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* 🐛 Fix conversion var use
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* 🐛 Fix LDAP uid conversion test
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* 👌 Remove comments with ref to PR
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* 👌 Remove unnecessary paranthesis
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* 🔧 Move space in conversion string
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2019-12-01 07:21:28 +01:00
Mathieu Brunot
b85fb6b5e7
Remove quotes in `LDAP_SEARCH_FILTER` example ( #12019 )
2019-10-01 19:18:50 +02:00
Yamagishi Kazutoshi
172eaeba3f
Add config of multipart threshold for S3 ( #11924 )
2019-09-23 15:37:45 +02:00
Hugo Gameiro
5466b39c78
Add SMTP reply_to option ( #11718 )
...
* Add SMTP_REPLY_TO in .env.production.sample
* Set reply_to in SMTP options
2019-09-02 18:12:40 +02:00
Stanislas
a3c7dd92f3
Add ES_PREFIX in .env.production.sample ( #10087 )
2019-05-09 22:41:27 +02:00
M Somerville
2bba6e582d
Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. ( #8423 )
...
Still check for S3_CLOUDFRONT_HOST for existing installs.
2018-08-25 13:27:08 +02:00
Immae
b0f4fe456b
Add ldap search filter ( #8151 )
2018-08-15 18:12:44 +02:00
MIYAGI Hikaru
ddd0bb69e1
Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` ( #7901 )
...
If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address.
I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
2018-06-29 15:36:02 +02:00
Akihiko Odaki
d95642f6d9
Cache attachments on external host with service worker ( #7493 )
2018-05-29 00:43:47 +02:00
Hugo Gameiro
ea4e243303
Improve OpenStack v3 compatibility ( #7392 )
...
* Update paperclip.rb
* Update .env.production.sample
* Update paperclip.rb
2018-05-07 02:28:28 +02:00
MIYAGI Hikaru
f58dcbc981
HTTP proxy support for outgoing request, manage access to hidden service ( #7134 )
...
* Add support for HTTP client proxy
* Add access control for darknet
Supress error when access to darknet via transparent proxy
* Fix the codes pointed out
* Lint
* Fix an omission + lint
* any? -> include?
* Change detection method to regexp to avoid test fail
2018-04-25 02:14:49 +02:00
Akihiko Odaki
4f9136d2d5
Document CORS requirement for asset host ( #6941 )
2018-03-28 20:40:18 +02:00
Alexander
33ee347c99
rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) ( #6833 )
2018-03-19 20:09:26 +01:00
Eugen Rochko
675b8fea53
Adjust suggested ES host in .env sample for docker-compose config ( #6710 )
2018-03-09 11:32:55 +01:00
Effy Elden
dd9d00d293
Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available ( #6669 )
2018-03-07 06:19:10 +01:00
Alexander
42fe05dea1
fix logic for pam_controlled_service ( #6599 )
2018-03-02 19:02:50 +01:00
Eugen Rochko
b4f8e87358
Add LDAP options to .env.production.sample ( #6592 )
2018-03-02 08:14:34 +01:00
Eugen Rochko
5cc716688a
Ensure the app does not even start if OTP_SECRET is not set ( #6557 )
...
* Ensure the app does not even start if OTP_SECRET is not set
* Remove PAPERCLIP_SECRET (it's not used by anything, actually)
Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
2018-02-26 01:31:44 +01:00
Eugen Rochko
f0a1b1a152
Fix #6536 ( #6558 )
2018-02-26 00:24:55 +01:00
Ghislain Loaec
e668180044
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) ( #6540 )
2018-02-23 01:16:17 +01:00
Alexander
8fa924e372
Update pam documentation ( #6518 )
...
* document pam email extraction
* remove superfluous newline
2018-02-22 23:41:21 +01:00
Ghislain Loaec
3084fe4959
New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 ( #6538 )
2018-02-22 23:31:25 +01:00
Eugen Rochko
3ebc0ad4d3
Full-text search for authorized statuses ( #6423 )
...
* Add full-text search for authorized statuses
- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index
Fix #5880
Fix #4293
Fix #1152
* Add commented out docker-compose configuration for ES container
* Optimize index import, filter search results
* Add basic normalization to the index
* Add better stemming and normalization to the index
* Skip webfinger request if search query includes both @ and a space
* Fix code style
* Visually separate search result sections
* Fix code style issues
2018-02-09 23:04:47 +01:00
Eugen Rochko
38e0133e1b
Make PAM gem optional, allow configuration over environment ( #6415 )
2018-02-04 15:05:53 +01:00
Eugen Rochko
26f21fd5a0
CAS + SAML authentication feature ( #6425 )
...
* Cas authentication feature
* Config
* Remove class_eval + Omniauth initializer
* Codeclimate review
* Codeclimate review 2
* Codeclimate review 3
* Remove uid/email reconciliation
* SAML authentication
* Clean up code
* Improve login form
* Fix code style issues
* Add locales
2018-02-04 05:42:13 +01:00
nightpool
9592b5e31e
enforce LOCAL_HTTPS=true in production ( #6061 )
...
* enforce https in production
* note changes in production env sample
* typo fix
2017-12-22 02:17:59 +01:00
Nolan Lawson
d4f80824f7
Document REDIS_NAMESPACE ( #5038 )
2017-09-22 06:44:39 +02:00
Patrick Figel
3018043fc2
Add OpenStack Keystone V3 support ( #4889 )
...
Keystone V2 is deprecated in favour of V3. This adds the necessary
connection parameters for establishing a V3 connection. Connections
to V2 endpoints are still possible and the configuration should
remain compatible.
This also introduces a SWIFT_REGION variable for multi-region
OpenStack environments and a SWIFT_CACHE_TTL that controls how long
tokens and other meta-data is cached for. Caching tokens avoids
rate-limiting errors that would result in media uploads becoming
unavailable during high load or when using tasks like
media:remove_remote. fog-openstack only supports token caching for
V3 endpoints, so a recommendation for using V3 was added.
2017-09-11 15:11:13 +02:00
Yamagishi Kazutoshi
fa21d004c7
Add environment sample for OpenStack Swift ( #4816 )
2017-09-06 12:13:00 +02:00
Treyssat-Vincent Nino
aefb4719bc
comment correction ( #4812 )
2017-09-05 12:13:25 +02:00
ScienJus
c3e355388a
Show SMTP_TLS in config sample ( #4477 )
2017-08-01 15:00:29 +02:00
Yamagishi Kazutoshi
0fa9dd8527
Add Rake task for generate VAPID key ( #4195 )
...
* Add Rake task for generate VAPID key
* edit config/initializers/vapid.rb
2017-07-14 12:13:43 +02:00
Sorin Davidoi
0c7c188c45
Web Push Notifications ( #3243 )
...
* feat: Register push subscription
* feat: Notify when mentioned
* feat: Boost, favourite, reply, follow, follow request
* feat: Notification interaction
* feat: Handle change of public key
* feat: Unsubscribe if things go wrong
* feat: Do not send normal notifications if push is enabled
* feat: Focus client if open
* refactor: Move push logic to WebPushSubscription
* feat: Better title and body
* feat: Localize messages
* chore: Fix lint errors
* feat: Settings
* refactor: Lazy load
* fix: Check if push settings exist
* feat: Device-based preferences
* refactor: Simplify logic
* refactor: Pull request feedback
* refactor: Pull request feedback
* refactor: Create /api/web/push_subscriptions endpoint
* feat: Spec PushSubscriptionController
* refactor: WebPushSubscription => Web::PushSubscription
* feat: Spec Web::PushSubscription
* feat: Display first media attachment
* feat: Support direction
* fix: Stuff broken while rebasing
* refactor: Integration with session activations
* refactor: Cleanup
* refactor: Simplify implementation
* feat: Set VAPID keys via environment
* chore: Comments
* fix: Crash when no alerts
* fix: Set VAPID keys in testing environment
* fix: Follow link
* feat: Notification actions
* fix: Delete previous subscription
* chore: Temporary logs
* refactor: Move migration to a later date
* fix: Fetch the correct session activation and misc bugs
* refactor: Move migration to a later date
* fix: Remove follow request (no notifications)
* feat: Send administrator contact to push service
* feat: Set time-to-live
* fix: Do not show sensitive images
* fix: Reducer crash in error handling
* feat: Add badge
* chore: Fix lint error
* fix: Checkbox label overlap
* fix: Check for payload support
* fix: Rename action "type" (crash in latest Chrome)
* feat: Action to expand notification
* fix: Lint errors
* fix: Unescape notification body
* fix: Do not allow boosting if the status is hidden
* feat: Add VAPID keys to the production sample environment
* fix: Strip HTML tags from status
* refactor: Better error messages
* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)
* fix: Error when target_status is nil
* fix: Handle lack of image
* fix: Delete reference to invalid subscriptions
* feat: Better error handling
* fix: Unescape HTML characters after tags are striped
* refactor: Simpify code
* fix: Modify to work with #4091
* Sort strings alphabetically
* i18n: Updated Polish translation
it annoys me that it's not fully localized :P
* refactor: Use current_session in PushSubscriptionController
* fix: Rebase mistake
* fix: Set cacheName to mastodon
* refactor: Pull request feedback
* refactor: Remove logging statements
* chore(yarn): Fix conflicts with master
* chore(yarn): Copy latest from master
* chore(yarn): Readd offline-plugin
* refactor: Use save! and update!
* refactor: Send notifications async
* fix: Allow retry when push fails
* fix: Save track for failed pushes
* fix: Minify sw.js
* fix: Remove account_id from fabricator
2017-07-13 22:15:32 +02:00
Chris
23081bb299
added 'https://' to CDN_HOST variable example ( #3446 )
2017-05-30 18:39:28 +02:00
Immae
a94c152fd3
Allow alternate domains for mastodon handlers ( #3187 )
2017-05-22 15:40:04 +02:00
Wonderfall
ae78d012ac
Some Dockerfile improvements ( #3182 )
...
- improve docker_entrypoint.sh
- serve static files with puma by default
- sort packages list
- use virtual package for build deps
- show how to assign UID/GID
2017-05-20 20:01:05 +02:00
Audun Larsen
3da521a586
Adds better documentation to LOCAL_DOMAIN and LOCAL_HTTPS ( #3149 )
...
Fixes #2254
2017-05-19 20:55:15 +02:00
Jarek Lipski
b18504adfe
Improve example env file for local Postfix relay ( #2892 )
2017-05-08 03:34:11 +02:00
ThibG
4d22d03fab
Add additional documentation and warnings to the WEB_DOMAIN setting. ( #2386 )
...
* Add additional documentation and warnings to the WEB_DOMAIN setting.
This feature is largely undocumented, and quite a number of users have
shot them in the feet already despite the warning. Added a bit of documentation
and expanded the warning until we have a mechanism for dealing with conflicting
user URIs.
* Change WEB_DOMAIN comments to point to the extensive online documentation
2017-05-05 04:56:28 +02:00
abcang
629a4d0fca
fix DB_URL ( #2778 )
2017-05-04 15:53:44 +02:00
Eugen Rochko
c997091166
Clean up redis configuration. Allow using REDIS_URL to set advanced ( #2732 )
...
connection options instead of setting REDIS_HOST etc individually
Close #1986
2017-05-03 23:18:13 +02:00
Akihiko Odaki
26bc591572
Allow to set CA file for SMTP ( #2713 )
2017-05-03 01:03:12 +02:00