Commit graph

851 commits

Author SHA1 Message Date
Yamagishi Kazutoshi
e925b06721
Fix languages dropdown on light theme (#18460) 2022-05-19 19:26:19 +02:00
Eugen Rochko
0cdb077570
Add language dropdown to compose in web UI (#18420) 2022-05-16 11:18:35 +02:00
Eugen Rochko
b4d373a3df
Add limited attribute to accounts in REST API and a warning in web UI (#18344) 2022-05-10 09:44:35 +02:00
Claire
5a448d0d71
Fix floating action button obscuring last element (#18332)
Fixes #18331

Add some padding below the last element of scrollable lists when the FAB is
shown in order for users to always be able to fully see the last element.
2022-05-06 21:40:49 +02:00
Eugen Rochko
7e244879fe
Change "Conversations" back to "Direct messages" and add warning in web UI (#18289)
Partially reverts #18146
2022-05-03 09:09:09 +02:00
Eugen Rochko
a8e27ac4d1
Fix being able to scroll away from the loading bar in web UI (#18170) 2022-04-29 00:15:27 +02:00
Eugen Rochko
6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00
Claire
2de5128e66
Fix regression of status colors in actions modal in web UI (#17903)
Fixes #17900

Regression in #17844 (#17851 restored the code in the wrong place…)
2022-03-29 22:55:37 +02:00
Eugen Rochko
2de44d3e47
Fix regression of status colors in actions modal in web UI (#17851)
Regression in #17844
2022-03-22 18:20:08 +01:00
Eugen Rochko
d5df9d4797
Fix wrong position of fade-out element in account card in web UI (#17846) 2022-03-22 11:58:13 +01:00
Eugen Rochko
4e9855e09a
Add hint about missing media attachment description in web UI (#17845) 2022-03-22 09:48:12 +01:00
Eugen Rochko
69f9dc4f4e
Fix color of show more link in report dialog in web UI (#17844) 2022-03-22 06:08:05 +01:00
Claire
64d2988d18
Fix edit history dropdown and modal in light theme (#17740)
Fixes #17739
2022-03-10 17:59:23 +01:00
Claire
29ee3c61a3
Fix report dialog being illegible using mastodon-light theme (#17734)
Fixes #17726
2022-03-10 00:11:15 +01:00
Eugen Rochko
9f2791eb64
Add polls and media attachments to edit comparison modal in web UI (#17727) 2022-03-09 21:15:24 +01:00
Eugen Rochko
bd53dd5210
Change design of federation pages in admin UI (#17704)
* Change design of federation pages in admin UI

* Fix query performance in instance media attachments measure

* Fix reblogs being included in instance languages dimension
2022-03-09 08:52:32 +01:00
Eugen Rochko
dba4be1038
Change appearance of account cards in web UI (#17689)
* Change appearance of account cards in web UI

* Various fixes and improvements

* Various fixes and improvements
2022-03-07 11:38:52 +01:00
Josh Soref
b5329e0035
Spelling (#17705)
* spelling: account

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: affiliated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: appearance

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: autosuggest

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: cacheable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: component

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: conversations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: domain.example

Clarify what's distinct and use RFC friendly domain space.

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: environment

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: exceeds

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: functional

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: inefficiency

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: not

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: notifications

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: occurring

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: position

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: progress

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: promotable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: reblogging

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: repetitive

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: resolve

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: saturated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: similar

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: strategies

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: success

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: targeting

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: thumbnails

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unauthorized

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unsensitizes

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: validations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: various

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2022-03-06 22:51:40 +01:00
Claire
c0c4b5718d
Change visual separation of applications in authorized apps list (#17686) 2022-03-02 20:28:25 +01:00
Eugen Rochko
25d3dc4373
Add ability to mark statuses as sensitive from reports in admin UI (#17668)
* Add ability to mark statuses as sensitive from reports in admin UI

* Allow mark as sensitive action on statuses with preview cards
2022-03-01 22:20:29 +01:00
Eugen Rochko
50ea54b3ed
Change authorized applications page (#17656)
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
2022-03-01 16:48:58 +01:00
Claire
57814a98a9
Fix remote reports with comments revealing remote reporter (#17652)
* Display username rather than display name in report comment

For consistency with report notes and appeals

* Fix remote reports with comments revealing remote reporter

* Display instance name in placeholder

* Make instance name in report comment a link to the federation admin page

* Normalize i18n file
2022-02-26 21:14:12 +01:00
Claire
255748dff4
Fix media modal footer's “external link” not being a link (#17561) 2022-02-25 01:20:41 +01:00
Eugen Rochko
d4592bbfcd
Add explore page to web UI (#17123)
* Add explore page to web UI

* Fix not removing loaded statuses from trends on mute/block action
2022-02-25 00:34:33 +01:00
Eugen Rochko
27965ce5ed
Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko
a9a43de6d1
Change report modal to include category selection in web UI (#17565)
* Change report modal to include category selection in web UI

* Various fixes and improvements

- Change thank you text to be different based on category
- Change starting headline to be different for account and status reports
- Change toggle components to have a checkmark when checked
- Fix report dialog being cut off on small screens
- Fix thank you screen offering mute or block if already muted or blocked
- Refactor toggle components in report dialog into one component

* Change wording on final screen

* Change checkboxes to be square when multiple options are possible
2022-02-23 20:03:46 +01:00
Eugen Rochko
51e67f3243
Fix link colors in report and strike details (#17616) 2022-02-22 15:27:25 +01:00
Eugen Rochko
8338826963
Fix wrong styles on strike page (#17615) 2022-02-22 06:20:04 +01:00
Claire
00b45b967e
Fix edge case where settings/admin page sidebar would be incorrectly hidden (#17580) 2022-02-16 21:44:19 +01:00
Eugen Rochko
564efd0651
Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Eugen Rochko
bbd3474416
Fix privacy policy link not being visible on small screens (#17533)
Fix #17482
2022-02-13 02:52:34 +01:00
Eugen Rochko
e848d281d5
Fix layout of the report page on smaller screens in admin UI (#17523)
Fix #17491
2022-02-12 01:08:23 +01:00
Eugen Rochko
d0fcf07436
Change actions in reports to require only one click (#17487) 2022-02-11 21:51:57 +01:00
Eugen Rochko
fd3a45e348
Add edit history to web UI (#17390)
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Eugen Rochko
1060666c58
Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Eugen Rochko
14f436c457
Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire
40f202c1e5
Change list title input styling (#17092) 2021-12-17 23:00:05 +01:00
Eugen Rochko
0fb9536d38
Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
Claire
1630807ee2
Fix color of hashtag column settings inputs (#17058)
Fixes #17057
2021-11-26 22:09:11 +01:00
Eugen Rochko
7de0ee7aba
Remove Keybase integration (#17045) 2021-11-26 05:58:18 +01:00
Eugen Rochko
6e50134a42
Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
Claire
db32835338
Fix overflow of long profile fields in admin view (#17010) 2021-11-19 18:22:49 +01:00
Claire
6159020617
Fix background-color of emoji-mart selector (#17011)
Reverts part of #16907 to fix hardcoded color
2021-11-19 18:21:37 +01:00
Mashiro
2b6a25c609
Add lazy load to emoji-mart (#16907)
* perf: lazyload emoji-mart!

* Bump lazyload
2021-11-18 22:01:31 +01:00
Mashiro
b58d32cfe2
Enhance dashboard styles (#16884)
* Display sparkline graph on Chrome

* Heatmap auto overflow

* Change grid columns number on small screen

* Please codeclimate bot

* Remove graph height
2021-10-21 06:24:34 +02:00
Jeong Arm
3ec8e04b3b
Add font-display to display text before loading (#16330) 2021-10-14 21:04:26 +02:00
Eugen Rochko
07341e7aa6
Add graphs and retention metrics to admin dashboard (#16829) 2021-10-14 20:44:59 +02:00
Mélanie Chauvel
900481b7fa
Improve hover and focus style in columns settings (#16222)
* Make focus visible on switches and text buttons in columns settings

* Make hover/focus visible on left/right arrows in columns settings

Use same style as for station action bar (reply/boost/fav/etc.)

* Tab first to “Pin/Unpin” before left/right arrows in columns settings
2021-10-01 00:55:51 +02:00
Claire
aaf24d3093
Fix download button color in audio player (#16572)
Fixes #16571
2021-08-11 17:48:55 +02:00
Jeong Arm
6e0ab6814f
Fix trends layout (#16570) 2021-08-05 13:05:32 +02:00
Claire
1381e0e1d9
Fix pop-in player display when poster has long username or handle (#16468) 2021-07-05 19:16:06 +02:00
Claire
9e5a1daa9b
Fix styling of boost button in media modal not reflecting ability to boost (#16387) 2021-06-25 04:45:30 +02:00
Eugen Rochko
d174d12c83
Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
Claire
be8079f637
Fix deprecated slash as division in SASS files (#16347)
Fixes #16293
2021-06-01 23:47:27 +02:00
Eugen Rochko
abd7b4636a
Add assets from Twemoji 13.1.0 (#16345)
* Add assets from Twemoji 13.1.0

* Update emoji-mart
2021-06-01 14:35:49 +02:00
Zero King
028ba13eb3
Remove duplicate CSS properties (#16278) 2021-05-19 23:51:52 +02:00
Zero King
689974b1ed
Remove duplicate CSS property of margin (#16277) 2021-05-18 20:13:44 +02:00
Claire
4f747d9f83
Fix follow recommendations UI in advanced layout (#16215) 2021-05-11 21:16:24 +02:00
Mélanie Chauvel
0464240f19
Fix dialog close button (#16219)
* Fix dialog close button being white on almost white

* Make dialog close button slightly bigger
2021-05-11 21:15:57 +02:00
Eugen Rochko
2c77d97e0d
Add joined date to profiles in web UI (#16169) 2021-05-07 14:33:19 +02:00
Eugen Rochko
8d75bd002d
Add empty state message for follow recommendations in web UI (#16161) 2021-05-05 23:57:29 +02:00
Eugen Rochko
bf903dc510
Change onboarding by replacing tutorial with follow recommendations in web UI (#16060) 2021-04-19 14:45:15 +02:00
Eugen Rochko
487e37d6d4
Add system checks to dashboard in admin UI (#15989) 2021-04-03 14:12:30 +02:00
Marcin Mikołajczak
f8e50eaea3
Add transition to media modal background (#15843)
* Add transition to media modal background

* use reduceMotion

* Move background color transition into css

Signed-off-by: marcin mikołajczak <me@mkljczk.pl>
2021-03-24 13:51:32 +01:00
Claire
5d48402be1
Fixing the hero widget (#15926)
* Removing last-child padding conflicts with light theme in hero widget

* Add missing background color to widget

* Reset widget.scss to default

* Hope this works

Co-authored-by: koyu <me@koyu.space>
2021-03-19 20:23:32 +01:00
Eugen Rochko
8331fdf7e0
Add server rules (#15769) 2021-02-21 19:50:12 +01:00
Jeong Arm
d499bb031f
Use custom mascot on static share page (#15687)
* Use custom mascot on static share page

* Use full_asset_url
2021-02-11 02:18:56 +01:00
Claire
07b46cb332
Add dropdown for boost privacy in boost confirmation modal (#15704)
* Various dropdown code quality fixes

* Prepare support for privacy selection in boost modal

* Add dropdown for boost privacy in boost confirmation modal
2021-02-11 00:53:12 +01:00
Takeshi Umeda
e38874dcf7
Fix getting-started footer in single column mode not being clickable in Safari (#15496) 2021-01-05 19:57:32 +01:00
Takeshi Umeda
3f4b0dfd47
Fix logo button style more (#15458) 2020-12-30 23:18:39 +01:00
Takeshi Umeda
ba748a83f2
Fix logo button style (#15428)
* Fix bell button rtl style

* Remove size and style props from button component

* Fix logo button style

* Update jest snapshot
2020-12-26 23:50:34 +01:00
ThibG
b08d2d4f78
Fix media modal buttons not showing up on mobile (#15417)
Fixes #15374

When the pop-out player was introduced, it had tweaks for the mobile
view, but it's now disabled in mobile mode and the styling was reused
for modals, causing the footer to be hidden on mobile without a good
reason.

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-23 19:55:23 +01:00
ThibG
47c6c54d31
Fix styling issue on /about when server admin has a long username (#15357)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18 09:43:33 +01:00
Eugen Rochko
941ff04b03
Fix styles for RTL languages and the light theme (#15356) 2020-12-18 08:47:36 +01:00
ThibG
79efcf8aad
Change notification permission handling (#15176)
* Change notification permission handling

- allow changing individual alert settings even if permission is not explicitly
  enabled (asks for permission on toggle)
- persist permission request banner dismissal across sessions through settings

* Add additional, more discrete message to grant permissions

* Change permission granting button design according to reviews

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15 18:43:54 +01:00
Eugen Rochko
1f564051b6
Change RTL detection to rely on unicode-bidi paragraph by paragraph (#14573) 2020-12-15 12:56:43 +01:00
ThibG
47e507fa61
Add ability to require invite request text (#15326)
Fixes #15273

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-14 10:03:09 +01:00
ThibG
49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
Eugen Rochko
1e89e2ed98
Change media modals look in web UI (#15217)
- Change overlay background to match color of viewed image
- Add interactive reply/boost/favourite buttons to footer of modal
- Change ugly "View context" link to button among the action bar
2020-11-27 03:24:11 +01:00
Eugen Rochko
272566043a
Remove fade-in animation from modals in web UI (#15199) 2020-11-21 23:54:36 +01:00
Takeshi Umeda
148ce97e21
Add interrelationship icon (#15149)
* Add interrelationship icon

* Fix arrow for rtl

* Fix to predefined color
2020-11-12 17:43:12 +01:00
Eugen Rochko
4790a126be
Add button to dismiss desktop notifications permissions banner (#15141) 2020-11-11 05:36:29 +01:00
Eugen Rochko
3134691948
Add support for reversible suspensions through ActivityPub (#14989) 2020-11-08 00:28:39 +01:00
Mashiro
6a2db10f76
Add expand/compress image button on image view box (#15068)
* add zoom image button

* enhance zoom algorithm & add translation

* code structure

* code structure

* code structure

* enhance grab performance

* rm useless state

* fix behavior on Firefox & scroll lock & horizontal scroll with mousewheel

* remove scroll lock on MouseWheelEvent

* code structure

* enhance algorithm and code structure

* rm Gemfile.lock from tree

* codeclimate

* fix a stupid mistake
2020-11-02 21:16:38 +01:00
mayaeh
2ae751f19d
Fix width of content text fluctuating over time (#15055) 2020-10-27 13:34:02 +01:00
Mélanie Chauvel
1d07f51039
Make visibility icon clickable as part of the time of a toot (#15053)
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
2020-10-27 03:00:47 +01:00
Mélanie Chauvel
a5afbb62d2
Make click area of video/audio player buttons bigger in WebUI (#15049) 2020-10-27 02:58:47 +01:00
Eugen Rochko
a69ca29473
Change how missing desktop notifications permission is displayed (#14985)
Add missing controls for new notification type
2020-10-15 16:24:47 +02:00
OSAMU SATO
96761752ec
Add duration parameter to muting. (#13831)
* Adding duration to muting.

* Remove useless checks
2020-10-13 01:01:14 +02:00
ThibG
f54ca3d08e
Fix browser notification permission request logic (#13543)
* Add notification permission handling code

* Request notification permission when enabling any notification setting

* Add badge to notification settings when permissions insufficient

* Disable alerts by default, requesting permission and enable them on onboarding
2020-10-13 00:37:21 +02:00
Eugen Rochko
a549415868
Fix regressions in icon buttons in web UI (#14915) 2020-10-04 15:02:36 +02:00
Eugen Rochko
d88a79b456
Add pop-out player for audio/video in web UI (#14870)
Fix #11160
2020-09-28 13:29:43 +02:00
ThibG
ff89025979
Add unread notification markers (#14818)
* Add unread notification markers

Fixes #14804

* Allow IntersectionObserverArticle's children to be updated
2020-09-26 20:57:07 +02:00
Eugen Rochko
974b1b79ce
Add option to be notified when a followed user posts (#13546)
* Add bell button

Fix #4890

* Remove duplicate type from post-deployment migration

* Fix legacy class type mappings

* Improve query performance with better index

* Fix validation

* Remove redundant index from notifications
2020-09-18 17:26:45 +02:00
Eugen Rochko
bbcbf12215
Fix unreadable placeholder text color in high contrast theme in web UI (#14803)
Fix #14717
2020-09-15 09:24:24 +02:00
Takeshi Umeda
272aa4a109
Fix direct visibility style for light theme (#14727) 2020-09-04 08:49:56 +02:00
ThibG
79305428a7
Add configuration option to filter replies in lists (#9205)
* Add database support for list show-reply preferences

* Add backend support to read and update list-specific show_replies settings

* Add basic UI to set list replies setting

* Add specs for list replies policy

* Switch "cycling" reply policy link to a set of radio inputs

* Capitalize replies_policy strings

* Change radio button design to be consistent with that of the directory explorer
2020-09-01 13:31:28 +02:00
Eugen Rochko
1c308af84c
Change own direct-visibility statuses to be in the home feed again (#14711)
And remove highlighting in web UI

Full circle from #8940
2020-09-01 13:30:42 +02:00
santiagorodriguez96
e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00
Tdxdxoz
a3ec9af9b0
Fix: also use custom private boost icon for detailed status (#14471)
* use custom private boost icon for detail status

* only use className
2020-08-24 14:13:44 +02:00