This adds a self-serve password reset page. Users can enter their username
and receive an email with a link that will let them create a new password.
If they've never set a password, it will send them a one-time login link
(building on #776) that will then take them to their Account Settings page.
If they don't have an email associated with their account, they'll be
instructed to contact the admin, so they can manually reset the password.
Includes changes to the stylesheet and database, so run:
make ui
writefreely db migrate
Closes T508
- Shows all fediverse followers and email subscribers
- Shows number of email subscribers on Stats page
- Links to Subscribers page from Stats page
Requires running `make ui` to regenerate stylesheet.
Ref T826
This adds beginning email subscription functionality, with only MySQL support,
Mailgun support, and incomplete support for private instances. It includes
database changes, so run:
writefreely db migrate
to use this feature.
Ref T856
This fixes federation with Mastodon instances that have Authorized
Fetch turned on by signing the GET request to fetch the actor when
a blog is first followed.
Ref T820
This adds a "load more" button to the bottom of the draft posts page,
which calls /api/me/posts with new parameters and the current page
number. It then populates the page accordingly.
Ref T696 - load anon. posts with ?anonymous=1&page=1
Ref T401 - completes UI for post loading
This moves app config to a "Settings" page and the application monitor
to a "Monitor" page. It also reworks the admin navigation bar a bit and
adds some instance stats on the dashboard.
Ref T694
Previously, loading something like /invite/fFdblk😄 would return a 500,
due to a mix of collations in MySQL while SELECTing for an invite with
an ID of 'fFdblk😄'. This restricts the route to [a-zA-Z0-9] chars, to
prevent this.
Previously, anyone could access the editor even if they weren't logged
in. They couldn't do much in that case (publishing would fail), but it
could potentially cause some confusion.
Now, users will be sent to the login page, and then redirected back to
the editor once successfully logged in.
- return an error with invalid request types
- simplify json decoding
- return error and success consistent with app conventions
- endpoint change from /api/generate/markdownify to /api/markdown
- fix nil pointer dereference when passing a base_url
- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
this adds a new page with instructions for sharing user invites
if a user clicks the link for one of their own invite codes they are
directed to a page with clear instructions for it's use.
if a user clicks another users link they are redirectec to their account
settings witha flash telling them they do not need to register.
includes cache of latest version and page to view if updates are
available with a link to the latest update's release notes and a link to
check for the latest update now, refreshing the cache manually.
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.
While suspended, users may not create or edit posts or collections.
User status is listed in the admin user page
Admin view of user details shows status and now has a button to activate
or suspend a user.
this adds basic support for importing files as blog posts.
.txt and .md are supported at this time and the
collection is selectable, defaulting to draft.
if a collection is specified the post is federated.
This is the start of all changes needed to support entirely private
instances, where all blogs are only visible to other authenticated users
on an instance (ref T576). It begins by changing how Handler methods check an
endpoint's permissions.
- Renames UserLevelLEVEL consts to UserLevelLEVELType
- Adds UserLevelLEVEL funcs with same names as previous consts. Each
returns a UserLevel
- Adds a new UserLevelReader that restricts access based on app
configuration. This is now used on collections and posts.
- Changes routing a bit so static files are always accessible