* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes#563 and fixes#987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
- details a background for contrast
- add 5px padding to the top of the `details-counters` children to line them up with the bio to the right (Which has a 5px padding on the top)
* Replace will_paginate with kaminari
* Use #page instead of #paginate in controllers
* Replace will_paginate.page_gap with pagination.truncate in i18n
* Customize kaminari views to match prior styles
* Set kaminari options to match prior behavior
* Replace will_paginate with paginate in views
* When avatar/header are GIF, generate static versions.
Account API returns "avatar"/"avatar_static", "header"/"header_static"
Static version is the same as original for other cases
Web UI de-animates avatars in toots, lists of users
Fix#441, fix#596, prerequisite for #1064
* Fix JS test
* Add rake task to generate static avatars/headers from GIF ones, add test
Addresses #1451 which notes the emoji picker is too light. I agree, so I submit this adjustment.
Changes:
Changed the background to a darkened version of another system color
* Replace column margin with padding
This improves horizontal scrolling behaviour significantly; scrolled flex elements are... a little weird.
* Move clear column button styling to css
The Mastodon mascot was previously anchored to the bottom, and that was since broken. This restores that behaviour!
It also disables the double-scrollbar behaviour that was caused by this area allowing overflow-y in addition to its parent doing so.
word-break:break-all is a surefire way to break things. It should be set
to normal.
This merge just set it back to what it should be.
Tested on Firefox 52.0.2 and Chrome 56.0.2924.87 with no detected
errors.