* Adding visual captchas for register and login.
* Adding audio wav file for Captcha using espeak.
* Lots of captcha fixes.
- Removed login captchas.
- Added settings to disable captchas, and change difficulty.
- Captchas can only be checked / used once, front end gives a new one on
failure.
- Added front end button for regenerating captcha.
- Added a disabled / pause button audio playing.
* Some more fixes.
* Federate sticky flag (ref #1018)
* Adding tests for federated sticky and lock.
* Changing test to make sure it returns the correct locked error.
Co-authored-by: Felix Ableitner <me@nutomic.com>
* Remove extra jwt claims (for user settings)
- The JWT token only contains the issuer, and your user id now.
- Now only a page refresh is necessary to pick up your settings on all
clients, including theme, language, etc.
- GetSiteResponse now gives you your user and settings if logged in.
- Fixes#773
* Remove extra comment line, I tested nsfw
* Adding a todo to add a User_::readSafe()
- This adds a form_id to CreateComment, EditComment, and CommentResponse
- This is so any front end clients can add a randomly generated string,
and know which comment they submitted, is the one they're getting
back.
- This gets rid of all the weird complicated logic in handleFinished(),
and should stop the comment forms getting cleared once and for all.
* added serverside url validation
* api.post: use if let instead of is_some
also add "invalid_url" to en.json
Co-authored-by: John Doe <dhas8m@protonmail.com>
Merge branch 'main' into more-upgrade-apub-3
Update activitystreams library to latest version
Remove remaining usages of old activitystreams library
Migrate community inbox and user inbox
Migrate private message
Migrate post
Migrate community activities
Migrate extensions to new activitystreams library
Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71
* secure the `EditPost` API endpoint
* Check user is moderator in BanFromCommunity
* secure the `EditComment` API endpoint
* pass orig `read` prob when not explicitly updating it.
* Block random users from adding mods.
* use cleaner logic from `EditPost`
* prevent editing a community by a mod from transfering ownership to them
* secure `read` action in `EditPrivateMessage`
* Add check in UserMention
* only let the indended recipient mark as read
* simplify booleans to satisfy clippy
* requested changes + cargo +nightly fmt
* fix to pass federation tests for deleting comments and posts
Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>