* services: scan spoiler_text for hashtags (#699)
* views: link hashtags from spoiler_texts
This covers linking hashtags from within the spoiler
text on the server-generated pages.
* services: fix string concat going into hashtag RE
Cleaner Ruby syntax, may handle immutable strings better
Compact Language Detector v3 (CLD3) is the successor of CLD2, which was
used in the previous implementation. CLD3 includes improvements since CLD2,
and supports newer compilers. On the other hand, it has additional
requirements and cld3-ruby, the FFI of CLD3 for Ruby, is still new and may
be still inmature.
Though CLD3 is named after CLD2, it is implemented with a neural network
model, different from the old implementation, which is based on a Naïve
Bayesian classifier.
CLD3 supports newer compilers, such as GCC 6. CLD2 is not compatible with
GCC 6 because it assigns negative values to varibales typed unsigned.
(see internal/cld_generated_cjk_uni_prop_80.cc) The support for GCC 6 and
newer compilers are essential today, when some server operating system
such as Ubuntu Server 16.10 has GCC 6 by default.
On the one hand, CLD3 requires C++11 support. Environments with old
compilers such as Ubuntu Server 14.04 needs to update the system or install
a newer compiler.
CLD3 needs protocol buffers as a new dependency. However,it is not
considered problematic because major server operating systems, CentOS and
Ubuntu Server provide them.
The FFI cld3-ruby was written by me (Akihiko Odaki) for use in Mastodon.
It is still new and may be inmature, but confirmed to pass existing tests.
ExtractTextWebpackPlugin extracts the content of loaded files, which means
it loads files loaded by require.context but not required after that.
However the former implementation is not aware of that.
require.context can have a RegExp to filter files to load. This change
gives a RegExp which matches with SCSSes with 'custom' prefix to
require.context to take advantage of the feature.
* Update fr.json
Updating some missing french translations.
* Update fr.json
Fix repetition in line 41.
* Update fr.json
Fix : adding space between {name} and ? question mark.
- Updates scss variables file to use better-named variables for black/white/etc
- Arranges the "mastodon classic" colors into variables
- Remove all references to `$color-*` naming, replacing with new
This does not in itself introduce "theme" support, but:
- It would probably be easier to start working on theme support after this
change and others
- Even without the goal of themes, these changes make it more clear how the
colors are being used.
There is almost definitely some edge case in here where I've guessed the
intent/context of some color usage incorrectly, but it still seems like a net
improvement.
* Updated Thai language
* locale: remove unused translation in Thai
* locale: add Thai to settings menu and application
* locale: fix activerecord.th.yml format
* Update ar.json
Adding more translations (updating the missing non translated strings) and some little minimal corrections.
* Update ar.json
Deleting final new line as suggested in the review.
* Update ar.json
* Update ar.json
* Call simple query
* Refactor Account#keypair
* Replace escaped single quote
* Extract similar behavior to method
* Gather the same condition to one block
* Remove not needed receiver
* Add Turkish yml file
* Add translation files for Turkish
* Deleted click_to_edit key and val
Deleted click_to_edit: Düzenlemek için ilgili ayara tıklayınız line
* follow the instructions for registering the language as stated on the Tootsuite's docs.
* Added translation strings from latest master
Adding ‏ characters to many strings that are misdirected in the interface.
A tiny grammar fix
Updates of Hebrew strings to v1.3.1
Hebrew translation of the mailer templates.
Fix strings and a missing comma.
Just discovered two string keys were updated. this should lay Travis' mind to rest at last.
Remove mentions before counting characters to decide RTL ratio
Fixes for PR #2573
updated strings for latest master
Undo RTL counting, moved out to another branch for future consideration...
* locale: added hr and oc react-intl locale data
* adds Croatian locale data in mastodon.js
* adds Occitan locale data in mastodon.js
Resolves#2667
* locale: sort locale data imports in mastodon.js
* locale: remove oc reference
* [react-intl](https://github.com/yahoo/react-intl) does not provide
default locale data for Occitan. Hence removed from reference.
* Added support options to the bottom right
I don't know if this is actually wanted, but I made these changes on my instance, so why not share it. Not wanted? No problem! BTW: Maybe the Mastodon image should leave here, cause there is no space left cause of the increased height of the getting started column.
* 2 paragraphs looks cleaner
* Update
* Good morning
* package.json: Add "build:*" targets
* Improve react-intl-translations-manager workflow.
* Added "build:production" to build production bundle.
* Added "build:development" to build development bundle.
* Fix json translation files
* Run `yarn manage:translations` to fix translation files.
* Fix `pl.json` for syntax error.
* translationRunner: auto detect existing languages
* Auto detect existing rfc5646 language tag in *.json filenames
in `app/javascript/mastodon/locale` folder. No need to manually
define every new language in the languages array here.
* translationRunner: add more functionality
* Allow script user to specify language code to check.
* Added available language check.
* Added --force flag to force creation of unexists language.
* Added --help flag and help messages.
* gitignore: ignore npm-debug.log
* Fix webpack error if NODE_ENV is not defined
Default to use 'development' in config/webpack/configuration.js
* Dont use raise_error by itself (avoids warning)
* Add coverage for AccountFilter
* Improve coverage and refactor for Subscription#lease_seconds
* Improve coverage and refactor for NotificationMailer
* Simplify assignment of min/max threshold on subscription
* Fix#2473 - Use sidekiq scheduler to refresh PuSH subscriptions instead of cron
Fix an issue where / in domain would raise exception in TagManager#normalize_domain
PuSH subscriptions refresh done in a round-robin way to avoid hammering a single
server's hub in sequence. Correct handling of failures/retries through Sidekiq (see
also #2613). Optimize Account#with_followers scope. Also, since subscriptions
are now delegated to Sidekiq jobs, an uncaught exception will not stop the entire
refreshing operation halfway through
Fix#2702 - Correct user agent header on outgoing http requests
* Add test for SubscribeService
* Extract #expiring_accounts into method
* Make mastodon:push:refresh no-op
* Queues are now defined in sidekiq.yml
* Queues are now in sidekiq.yml
* ui: check spoiler_text against regex filter (#1635)
When filtering by regex, also check the spoiler_text if
present.
* ui: concatenate spoiler and content in reducer
Simplifies aa5b03c, clarifies intent of the field
* When streaming API is disconnected, poll home/notifications
Display slightly different empty home timeline message if user is following others
Cull notifications to 20 items when over 40 get added in real-time
Run manage:translations
* Optimize <HomeTimeline /> a little
* Likely fix#2458, fix#2031 - handle out-of-order deletes for statuses
If a delete arrives before the original status, cache that information
for 6h, and if the original status arrives in that window, ignore it
* Add test case
Fix#2196 - Respond with 201 when Salmon accepted, 400 when unverified
Fix#2629 - Correctly handle confirm_domain? for local accounts
Unify rules for extracting author acct from XML, prefer <email>, fall back
to <name> + <uri> (see also #2017, #2172)
* Update zh-CN translations.
* Update doorkeeper.zh-CN.yml
* Follow @Artoria2e5 's change advices.
* forget mail for text format ......
* fix some changes
* mail's html version ......
* https://github.com/tootsuite/mastodon/pull/2699#pullrequestreview-35982283
* a space.....
* delete some unused keys
* Replace browserify with webpack
* Add react-intl-translations-manager
* Do not minify in development, add offline-plugin for ServiceWorker background cache updates
* Adjust tests and dependencies
* Fix production deployments
* Fix tests
* More optimizations
* Improve travis cache for npm stuff
* Re-run travis
* Add back support for custom.scss as before
* Remove offline-plugin and babili
* Fix issue with Immutable.List().unshift(...values) not working as expected
* Make travis load schema instead of running all migrations in sequence
* Fix missing React import in WarningContainer. Optimize rendering performance by using ImmutablePureComponent instead of
React.PureComponent. ImmutablePureComponent uses Immutable.is() to compare props. Replace dynamic callback bindings in
<UI />
* Add react definitions to places that use JSX
* Add Procfile.dev for running rails, webpack and streaming API at the same time
* follow the instructions for registering the language as stated on the Tootsuite's docs.
* Added translation strings from latest master
Adding ‏ characters to many strings that are misdirected in the interface.
A tiny grammar fix
Updates of Hebrew strings to v1.3.1
Hebrew translation of the mailer templates.
Fix strings and a missing comma.
Just discovered two string keys were updated. this should lay Travis' mind to rest at last.
Remove mentions before counting characters to decide RTL ratio
Fixes for PR #2573
updated strings for latest master
Undo RTL counting, moved out to another branch for future consideration...
* add annotate to Gemfile
* rails g annotate:install
* configure annotate_models
* add schema info to models
* fix rubocop to add frozen_string_literal
* Add coverage for create with empty acct value
* Add coverage for create with webfinger failure
* Add coverage for create with webfinger providing bad values
* Add coverage for create when webfinger is good
* Add coverage for session[:remote_follow] having data
* Simplify how remote follow pulls acct from session
* Remote follow behaves more like model
* Move the discovery portions of remote follow out of controller
* Check for suspended accounts
* Added Italian Translation of the following files:
Changes to be committed:
new file: app/views/user_mailer/confirmation_instructions.it.html.erb
new file: app/views/user_mailer/confirmation_instructions.it.text.erb
new file: app/views/user_mailer/password_change.it.html.erb
new file: app/views/user_mailer/password_change.it.text.erb
new file: app/views/user_mailer/reset_password_instructions.it.html.erb
new file: app/views/user_mailer/reset_password_instructions.it.text.erb
* Added italian translation
Changes to be committed:
new file: config/locales/activerecord.it.yml
* fix(dropdowns): Allow for dropdowns to fill full column
When the text inside a dropdown is longer than it is for English, the text is truncated which can result in a less-than-usable experience for languages such as German with longer words. This commit addresses the following:
* Allow the dropdown to expand to the entire width of the column based on the length of the text in the dropdown
* Align active dropdown arrow in relation to the trigger rather than the dropdown
* Show the right hand side of the dropdown which was previously hidden (could not see border radius)
* Ensure the three places dropdowns of status, account, and emoji appear well in Chrome, Firefox, Safari
* fix(emoji-dropdown): Restore emoji dropdown caret
* Naive approached to timeline filtering
* Convert allowed_languages into a db column
* Allow users to choose languages to see statuses in
* Style list items as two columns
* Add a hint to explain language filtering preference
* update id.jsx file
* update id.yml for new strings and improvements
* add activerecord.id.yml
* improve translation that out of context
* fix another ooc string
* fix main key
* Changement de « muets » en « silencés »
Utiliser le mot « muet » donne la fausse impression que ces comptes ne diffusent juste rien. Utiliser le mot « silencé » met l’accent sur le fait que ceci résulte d’une action de l’utilisateur·rice.
By using tho word "muet" (mute), we give the false impression that this accounts don't publish anything. Using the "silencé" (muted) put emphasis on the fact that this is the result of one of the user's action.
* Remplacement de « ' » par « ’ »
En français, l’apostrophe utilisée est une apostrophe courbe « ’ » (U+2019) et non pas une apostrophe droite « ' » (U+0027). La plupart des chaînes utilisaient une apostrophe droite. Ce commit harmonise le type d’apostrophe utilisé en remplaçant toutes les apostrophes droites par des apostrophes courbes.
In French, the apostrophe used is the curly one (U+2019) and not the vertical one (U+0027). Almost all the strings used a vertical apostrophe. This commit harmonize the kind of apostrophe used in the French localization by replacing all the vertical apostrophes by curly apostrophes.
* Remplacement de « ... » par « … »
Certaines chaînes utilisaient trois points d’affilié afin de représenter les points de suspension au lieu d’utiliser le caractère dédié « … » (U+2026). Ce commit harmonise la façon de représenter des points en remplaçant toutes les séries de trois points par le caractère dédié.
Some chains used a series of three dots to show the ellipsis instead of using the dedicated character "…" (U+2026). This commit harmonize how the ellipsis is shown in the French localization by replacing all the series of three dots by the dedicated character.
* Ajout d’un point final
Il manque un point à la fin de la dernière phrase de la chaîne « compose_form.privacy_disclaimer ». Ce commit le rajoute.
The last sentence of the "compose_form.privacy_disclaimer" string is missing a final dot. This commit will add it.
* Retrait d’un « s » final à « Mastodon »
Suite à la remarque de @wxcafe, retrait du « s » final à « Mastodon ».
Following @wxcafe comment, this commit remove the final "s" in the word "Mastodon".
* Add coverage for admin/confirmations controller
* Coverage for statuses controller show action
* Add coverage for admin/domain_blocks controller
* Add coverage for settings/profiles#update
* fix(video): Position of play icon
#2601
* fix(overlay-button): Positioning
* fix(expand): Bottom align expand icon
* feat(video): Fit landscape videos into preview area
Follow-up to #2599. When a domain block with `reject_media` is
added or `rake mastodon:media:remove_remote` is invoked, mastodon
deletes the locally cached attachments and avatars but does not
reflect that change in the database, causing the `file` fields to
still have values. This change persists the deletion in the
database and sets the attachment type to unknown.
This also introduces a one-off rake task that sets all attachments
without a local file to the "unknown" type. The upgrade notes for
the next release should contain a post-upgrade step with
`rake mastodon:media:set_unknown`.
In #2110, a new attachment type "unknown" was introduced for
attachments that were rejected due to a domain being blocked using
reject_media. However, the "type" field was never set to "unknown"
because a default value of "0" (image) is set for that column,
causing the `type.blank?` expression to always equal false.
This version uses type_changed? instead, causing the type to be set
to "unknown" unless a type has been explicitly set. This introduces
a small change in behaviour causing the type to be set to unknown
before paperclip calls `before_post_process`. Presumably this
behaviour is more appropriate than the current one because the
attachment type has not been determined by that point.
Included are new tests for `ProcessFeedService` and
`UpdateRemoteProfileService` which now check that remote media is
downloaded for non-blocked domains and is rejected for others.
* Minor updates to zh-CN JS translation
* removed "!" from "toot" per #2549 (it's a privacy indicator)
* ellipsis work (from ... to some U+2026 horizontal ellipsis unicode stuff)
* Spillcheck for zh-CN js translations (squash this)
部 [份→分]
* Add render_views in more places
* Delegate methods from account to user with allow nil true, so that admin accounts show view renders when missing a user
* Use actual account instances in authorize follow controller spec
* Add rough outline of coverage needed for public timeline
* Specs for visibility, replies, boosts
* Specs for silenced account
* Specs for local_only option
* Specs for blocks and mutes
* Add tentative spec around including other silenced account statuses
* Add with_public_visibility scope
* Add simple coverage for tag_timeline
* Tag timeline includes replies
* Replace tag.statuses with a tagged_with scope in tag timeline method
* Use with_public_visibility in tag timeline
* Extract common scope between public and tag timelines to method
* Extract local domain check to local_only scope
* Extract local_only check to starting scope method
* Move list of excluded from timeline account ids to account model
* Simplify excluded accounts list on account model
* Only join accounts when needed
* Rename method for account specific filtering
* Extract method for account exclusions
* Fix bug where silenced accounts were not including statuses from other silenced accounts
* DRY up filter application from account or no account
* timeline_scope can be private
* Add spec showing that account can find its excluded accounts ids
* Add spec which fails if local_only does not have a left outer join
* rubocop
In #2505, the authorize_follow views were renamed to
authorize_follows. This change was not applied in the show view
of admin/reports, which causes a 500 when reports are viewed.
* Instead of parsing shared status contents verbatim, make roundtrip
to purported original URL. Confirm that the "original" URL is from the
same domain as the author it claims to be from.
* Fix obvious typo, add comment
* Use URI look-up first
* Add test, update Goldfinger dependency to make less useless HTTP requests per Webfinger lookup
* OEmbed support for PreviewCard
* Improve ProviderDiscovery code failure treatment
* Do not crawl links if there is a content warning, since those
don't display a link card anyway
* Reset db schema
* Fresh migrate
* Fix rubocop style issues
Fix#1681 - return existing access token when applicable instead of creating new
* Fix test
* Extract http client to helper
* Improve oembed controller
* Fix syntax error
* Remove two_factor_auth.warning (appears obsolete)
* Add missing strings in ru.yml
A lot of new strings translated, especially for the newly added admin section
* Update Russian translation
* Fix merge conflicts
Redid Works by @rkarabut
* Add coverage for domain block service with silence
* Get rid of warning about find_each and order
* Move domain_block to attr_reader
* Move optional clear_media into silence_accounts method
* Use blocked_domain method to reduce passed vars
* Extract blocked_domain_accounts method to find accounts on the domain
* Extract media_from_blocked_domain method to find relevant attachments
* Separate destruction of account images and account attachments
* Fixes#1985
- add migration AddMediaAttachmentMeta, which add meta field to media_attachments
- before saving attachment, set file meta if needed
- add meta in api
* add spec
* align the “size” format for image and video
* fix code climate
* fixes media_attachment_spec.rb
Closestootsuite/mastodon#1349
This is my first PR and I’m only checking in the source JSX file.
Please let me know if it should be checked in after being built also.
* Stricter whitelist rules
* Linting
* Added spec for blacklisting
* Test subdomain blacklist on domain whitelist
* No need to split
* Change spec name
Set status action bar to have display flex and center align items so dropdown icon appears center aligned with other icons. Make styles alpha organized.
Add hover state to boost icon - lighten color on hover.
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden.
Warden::Manager can be found in rake middleware. It is outside of the controller.
In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager
delegates request to failure_app to generate response and flash[:alert] after catching it.
Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only
inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
* Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes.
* Fix code style and test failures for OutboxController.
* Attempt to fix CI errors.
duplicates. Web UI regenerates UUID for that header every time the compose
form is changed or successfully submitted
Also, fix Farsi i18n overwriting the English one
* Fix#2119 - Whenever about to send a HTTP request, normalize the URI
* Add test for IDN request in FetchLinkCardService
* Perform IDN normalization on domains before they are stored in the DB
* fix(upload): Only show upload modal when drag even contains files
* fix(firefox): Close drag window ondragend also
Do not only end drag styles on drag leave, but also on drag end. Fixes firefox bug. #687
* fix(drag-modal): Remove drag modal trigger cruft
* fix(upload-modal): Allow close with escape button
* Add failing spec for oauth/authorized_applications controller
* Use explicit reference to flashes partial from admin layout
Because some of the controllers which use the admin layout do not inherit from
application controller, this partial is not in their view path.
* Expose media attachments on reported statuses directly
* Comment out unused bulk report checkbox. Add title to report comment for viewing full comment. Add 'contents' column, with icons and numerical indicators to show the number of referenced statuses and media attachments in the report
* Link account name on authorize_follow card back to account
* Add localisation string for report_contents
* Show new admin accounts card partial on report view. Apply simple_format to report comment so newlines are preserved.
* Add new admin accounts card partial, for display quick useful admin stats (e.g. report history, moderation status).
* Fix localized variable
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers
* Authorized followers controller, stub for bulk action
* Soft block in the background
* Add simple test for new controller
* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
Float detailed status display avatar left. Only apply display block to display names in status info, not in detailed status. Thanks to @nightpool for finding those. Make star icon in notification show up as gold. Add anchor selector back to status__content__spoiler-link in order to override default anchor style elsewhere.
Add an ID to the CW spoiler input field to give aria-controls a handle on it. Pass that id to the CW trigger button. Modify text icon button component to accept aria controls id value. Add aria-expanded value to text icon button to indicate when it is expanded.
* Add failing spec showing that human_locales does not match what i18n knows about
* Add missing `ar` key for arabic to human locales
* Remove duplicate `id` key from available locales
* Sort keys in human locales list
* Add spec for human_locale helper
This provides a hotfix for outbound salmon requests to other Mastodon instances
as they currently will try to resovle user@WEB_DOMAIN instead of user@LOCAL_DOMAIN
(see #2012 and #20312).
Furthermore, this should ease transition from users switching from
LOCAL_DOMAIN = WEB_DOMAIN to another LOCAL_DOMAIN when WEB_DOMAIN does not change.
Put Column Slim Back Button classnames in order so it is positioned right and top. Add icon button style back to privacy dropdown and upload buttons so they are positioned correctly and do not wiggle. Remove abstracted style from CSS. Add missed class for the upload form thumbnail. Add the missed styles for upload form thumnail. Alphabetize styles for column-back-button. Fix fontSize typo for media-spoiler-video-play-icon.
The two methods `StreamEntriesHelper#stream_link_target` and
`StreamEntriesHelper#acct` are based on checking whether we are running
in an embedded view.
This adds some test helper code to make the testing easier. We extracted
some "magic strings" to constants to lower the coupling in the specs.
The code that generates CSS is based on a lot of boolean conditions.
The possible combinations of these grows exponentially as we add more
conditions.
Since most of the code is conditional on a single boolean, we tested the
following:
1. All `false`
2. All `true`
3. Each individual flag set to `true`
The methods tested are:
* `StreamEntriesHelper#style_classes`
* `StreamEntriesHelper#microformats_classes`
* `StreamEntriesHelper#microformats_h_class`
* Made tooltip for boosting depend on visibility
* Removed spaces that were added in merge conflict resolution
* Try again :P
* Added missing bracket
* Changed 'toot' to 'status'
* Clean up collapsible components
* Expose user Outboxes and AS2 representations of statuses
* Save work thus far.
* Fix bad merge.
* Save my work
* Clean up pagination.
* First test working.
* Add tests.
* Add Forbidden error template.
* Revert yarn.lock changes.
* Fix code style deviations and use localized instead of hardcoded English text.
* Shows confirmed status in list.
* Adds ability to confirm users in admin UI.
* Added new english translations.
* Addresses feedback from #2245.
* More feedback.
- Deleting a toot
- Muting, blocking someone
- Clearing notifications
Remove source map generation from development environment, as it is a huge
performance sink hole with little gains
The previous translation for NSFW, "不適切" means "impertinent". This change
suggests "閲覧注意", which means the content requires precaution, instead.
However, "閲覧注意" was also a translation for CW. CW is now translated as
"警告", which simply means "warnings".
* fix(classnames): Status icon style classnames
Take out inline css and put into classnames for the following components: account, avatar, icon button, status action bar, notification.
* fix(status): Move styles from inline to classes for statuses
Move styles to classnames in components.scss for the following components:
display name
media gallery
status
status content
video player
* fix(classnames): Add classnames to rest of components
Take out inline styles and apply them to classnames in the sass for the following components:
button
column back button
slim column back button
collapsable column
dropdown menu
loading indicator
status list
* fix(classnames): Remove all non-dynamic inline styles
Components affected:
autosuggested
permalink
action bar
header
character counter
compose form
emoji dropdown
privacy dropdown
reply indicator
upload form
account auth
followers
getting started
column settings
mutes
settings
reblogs
status checkbox
report
action bar
status
card
boost modal
media modal
video modal
* fix(permalink): Do not lose classname
* fix(tests): Add space back in display name
* fix(status__wrapper): Remove duplicate css name
Remove incorrect style attribute. Remove style attribute all together. Cursor defaults to "auto" when not specified as 'default'.
* fix(nl): do not lose translations
The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.
* feat(aria): Add aria-labels to underlabelled tab nav items
The drawer tabs which control primary navigation are only labelled by a title which is not available to many screenreaders. Add an aria-label attribute to each link to improve readability with screenreaders. Organize link attributes so link target is first followed by classname.
Issue #1349
* feat(aria): Replace abstract aria role of section with region
Abstract aria roles such as section should not be used in content. Use non-abstract 'region' aria role instead. That role expects an aria-labelledby attribute with an id. Pass an ID to the column header. Remove the aria-label attribute on the ColumnHeader because the same value is output in plaintext as its child.
Issue #1349
* fix(aria): Remove aria-controls attribute until solution is found
Columns do not have wrappers, so these icons can't point to a column wrapper which it controls. Instead these icons function as triggers to show or hide individual columns.
#1349
* fix(typo): Remove type of aria-labelledby instead of aria-label
* Add spec coverage for settings/two_factor_auth area
* extract setup method for qr code
* Move otp required check to before action
* Merge method only used once
* Remove duplicate view
* Consolidate creation of @codes for backup
* Move settings/2fq#recovery_codes to settings/recovery_codes#create
* Rename settings/two_factor_auth#disable to #destroy
* Add coverage for the otp required path on 2fa#show
* Clean up the recovery codes list styles
* Move settings/two_factor_auth to settings/two_factor_authentication
* Reorganize the settings two factor auth area
Updated to use a flow like:
- settings/two_factor_authentication goes to a #show view which has a button
either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
codes
- that create action shares a view with a recovery codes controller which can be
used separately to reset codes if needed