Merge branch 'master' into glitch-soc/merge-upstream

Conflicts: - Gemfile - Gemfile.lock - app/controllers/about_controller.rb - app/controllers/auth/sessions_controller.rb
2019-09-30 12:23:57 +02:00
parent febcdad2e2 3babf8464b
commit 16ff7c5627
352 changed files with 7151 additions and 2269 deletions
--- a/app/controllers/settings/aliases_controller.rb
+++ b/app/controllers/settings/aliases_controller.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class Settings::AliasesController < Settings::BaseController
+  layout 'admin'
+
+  before_action :authenticate_user!
+  before_action :set_aliases, except: :destroy
+  before_action :set_alias, only: :destroy
+
+  def index
+    @alias = current_account.aliases.build
+  end
+
+  def create
+    @alias = current_account.aliases.build(resource_params)
+
+    if @alias.save
+      ActivityPub::UpdateDistributionWorker.perform_async(current_account.id)
+      redirect_to settings_aliases_path, notice: I18n.t('aliases.created_msg')
+    else
+      render :index
+    end
+  end
+
+  def destroy
+    @alias.destroy!
+    redirect_to settings_aliases_path, notice: I18n.t('aliases.deleted_msg')
+  end
+
+  private
+
+  def resource_params
+    params.require(:account_alias).permit(:acct)
+  end
+
+  def set_alias
+    @alias = current_account.aliases.find(params[:id])
+  end
+
+  def set_aliases
+    @aliases = current_account.aliases.order(id: :desc).reject(&:new_record?)
+  end
+end
--- a/app/controllers/settings/exports_controller.rb
+++ b/app/controllers/settings/exports_controller.rb
@@ -6,6 +6,9 @@ class Settings::ExportsController < Settings::BaseController
  layout 'admin'

  before_action :authenticate_user!
+  before_action :require_not_suspended!
+
+  skip_before_action :require_functional!

  def show
    @export  = Export.new(current_account)
@@ -34,4 +37,8 @@ class Settings::ExportsController < Settings::BaseController
  def lock_options
    { redis: Redis.current, key: "backup:#{current_user.id}" }
  end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
+  end
 end
--- a/app/controllers/settings/migration/redirects_controller.rb
+++ b/app/controllers/settings/migration/redirects_controller.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class Settings::Migration::RedirectsController < Settings::BaseController
+  layout 'admin'
+
+  before_action :authenticate_user!
+  before_action :require_not_suspended!
+
+  skip_before_action :require_functional!
+
+  def new
+    @redirect = Form::Redirect.new
+  end
+
+  def create
+    @redirect = Form::Redirect.new(resource_params.merge(account: current_account))
+
+    if @redirect.valid_with_challenge?(current_user)
+      current_account.update!(moved_to_account: @redirect.target_account)
+      ActivityPub::UpdateDistributionWorker.perform_async(current_account.id)
+      redirect_to settings_migration_path, notice: I18n.t('migrations.moved_msg', acct: current_account.moved_to_account.acct)
+    else
+      render :new
+    end
+  end
+
+  def destroy
+    if current_account.moved_to_account_id.present?
+      current_account.update!(moved_to_account: nil)
+      ActivityPub::UpdateDistributionWorker.perform_async(current_account.id)
+    end
+
+    redirect_to settings_migration_path, notice: I18n.t('migrations.cancelled_msg')
+  end
+
+  private
+
+  def resource_params
+    params.require(:form_redirect).permit(:acct, :current_password, :current_username)
+  end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
+  end
+end
--- a/app/controllers/settings/migrations_controller.rb
+++ b/app/controllers/settings/migrations_controller.rb
@@ -4,31 +4,48 @@ class Settings::MigrationsController < Settings::BaseController
  layout 'admin'

  before_action :authenticate_user!
+  before_action :require_not_suspended!
+  before_action :set_migrations
+  before_action :set_cooldown
+
+  skip_before_action :require_functional!

  def show
-    @migration = Form::Migration.new(account: current_account.moved_to_account)
+    @migration = current_account.migrations.build
  end

-  def update
-    @migration = Form::Migration.new(resource_params)
+  def create
+    @migration = current_account.migrations.build(resource_params)

-    if @migration.valid? && migration_account_changed?
-      current_account.update!(moved_to_account: @migration.account)
-      ActivityPub::UpdateDistributionWorker.perform_async(current_account.id)
-      redirect_to settings_migration_path, notice: I18n.t('migrations.updated_msg')
+    if @migration.save_with_challenge(current_user)
+      MoveService.new.call(@migration)
+      redirect_to settings_migration_path, notice: I18n.t('migrations.moved_msg', acct: current_account.moved_to_account.acct)
    else
      render :show
    end
  end

+  helper_method :on_cooldown?
+
  private

  def resource_params
-    params.require(:migration).permit(:acct)
+    params.require(:account_migration).permit(:acct, :current_password, :current_username)
  end

-  def migration_account_changed?
-    current_account.moved_to_account_id != @migration.account&.id &&
-      current_account.id != @migration.account&.id
+  def set_migrations
+    @migrations = current_account.migrations.includes(:target_account).order(id: :desc).reject(&:new_record?)
+  end
+
+  def set_cooldown
+    @cooldown = current_account.migrations.within_cooldown.first
+  end
+
+  def on_cooldown?
+    @cooldown.present?
+  end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
  end
 end
--- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
@@ -3,9 +3,12 @@
 module Settings
  module TwoFactorAuthentication
    class ConfirmationsController < BaseController
+      include ChallengableConcern
+
      layout 'admin'

      before_action :authenticate_user!
+      before_action :require_challenge!
      before_action :ensure_otp_secret

      skip_before_action :require_functional!
@@ -22,6 +25,8 @@ module Settings
          @recovery_codes = current_user.generate_otp_backup_codes!
          current_user.save!

+          UserMailer.two_factor_enabled(current_user).deliver_later!
+
          render 'settings/two_factor_authentication/recovery_codes/index'
        else
          flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
--- a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
@@ -3,16 +3,22 @@
 module Settings
  module TwoFactorAuthentication
    class RecoveryCodesController < BaseController
+      include ChallengableConcern
+
      layout 'admin'

      before_action :authenticate_user!
+      before_action :require_challenge!, on: :create

      skip_before_action :require_functional!

      def create
        @recovery_codes = current_user.generate_otp_backup_codes!
        current_user.save!
+
+        UserMailer.two_factor_recovery_codes_changed(current_user).deliver_later!
        flash.now[:notice] = I18n.t('two_factor_authentication.recovery_codes_regenerated')
+
        render :index
      end
    end
--- a/app/controllers/settings/two_factor_authentications_controller.rb
+++ b/app/controllers/settings/two_factor_authentications_controller.rb
@@ -2,10 +2,13 @@

 module Settings
  class TwoFactorAuthenticationsController < BaseController
+    include ChallengableConcern
+
    layout 'admin'

    before_action :authenticate_user!
    before_action :verify_otp_required, only: [:create]
+    before_action :require_challenge!, only: [:create]

    skip_before_action :require_functional!

@@ -23,6 +26,7 @@ module Settings
      if acceptable_code?
        current_user.otp_required_for_login = false
        current_user.save!
+        UserMailer.two_factor_disabled(current_user).deliver_later!
        redirect_to settings_two_factor_authentication_path
      else
        flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')