Age | Commit message (Collapse) | Author |
|
Conflicts:
.env.production.sample
app/controllers/auth/confirmations_controller.rb
db/schema.rb
|
|
* Cas authentication feature
* Config
* Remove class_eval + Omniauth initializer
* Codeclimate review
* Codeclimate review 2
* Codeclimate review 3
* Remove uid/email reconciliation
* SAML authentication
* Clean up code
* Improve login form
* Fix code style issues
* Add locales
|
|
Conflicts:
app/javascript/styles/mastodon/components.scss
|
|
* add pam support, without extra column
* bugfixes for pam login
* document options
* fix code style
* fix codestyle
* fix tests
* don't call remember_me without password
* fix codestyle
* improve checks for pam usage (should fix tests)
* fix remember_me part 1
* add remember_token column because :rememberable requires either a password or this column.
* migrate db for remember_token
* move pam_authentication to the right place, fix logic bug in edit.html.haml
* fix tests
* fix pam authentication, improve username lookup, add comment
* valid? is sometimes not honored, return nil instead trying to authenticate with pam
* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests
* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user
* codeconvention fixes
* code convention fixes
* fix idention
* update dependency, explicit conflict check
* fix disabled password updates if in pam mode
* fix check password if password is present, fix templates
* block registration if account is maintained by pam
* Revert "block registration if account is maintained by pam"
This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.
* fix identation error introduced by rebase
* block usernames maintained by pam
* document pam settings better
* fix code style
|
|
Mitigation for CVE-2017-0889.
https://www.cvedetails.com/cve/CVE-2017-0889/
https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8
|
|
|
|
|
|
Conflicts:
app/controllers/settings/two_factor_authentication/confirmations_controller.rb
|
|
|
|
Conflicts:
app/javascript/styles/mastodon/components.scss
app/javascript/styles/mastodon/modal.scss
|
|
|
|
Conflicts:
Gemfile.lock
|
|
- premailer gem to turn CSS into inline styles automatically
- rework UserMailer templates
- reword UserMailer templates
|
|
|
|
|
|
|
|
* Add confirmation step for email changes
This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.
Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.
Fixes #3871
* Add review fixes
|
|
|
|
|
|
Optimizing paperclip
|
|
|
|
|
|
* Remove rabl dependency
* Replicate old Oj configuration
|
|
* Update active_model_serializers to version 0.10.7
* Update capistrano-rails to version 1.3.1
* Update capistrano-rbenv to version 2.1.3
* Update capybara to version 2.16.1
* Update devise-two-factor to version 3.0.2
* Update i18n-tasks to version 0.8.19
* Update ox to version 2.8.2
* Update parallel_tests to version 2.19.0
* Update puma to version 3.11.0
* Update redis-namespace to version 1.6.0
* Update rspec-rails to version 3.7.2
* Update scss_lint to version 0.56.0
* Update webmock to version 3.1.1
* Update webpush to version 0.3.3
* bundle update
|
|
|
|
jwt 2.1.0 still does not work well.
ref. https://github.com/zaru/webpush/issues/42
|
|
* Update better_errors to version 2.4.0
* Update binding_of_caller to version 0.7.3
* Update bootsnap to version 1.1.5
* Update browser to version 2.5.2
* Update capistrano to version 3.10.0
* Update capistrano-bundler to version 1.3.0
* Update capistrano-rbenv to version 2.1.2
* Update capybara to version 2.15.4
* Update cld3 to version 3.2.1
* Update fabrication to version 2.18.0
* Update fog-openstack to version 0.1.22
* Update kaminari to version 1.1.1
* Update lograge to version 0.7.1
* Update nokogiri to version 1.8.1
* Update oj to version 3.3.9
* Update ox to version 2.8.1
* Update parallel_tests to version 2.17.0
* Update pkg-config to version 1.2.8
* Update rspec-rails to version 3.7.1
* Update rubocop to version 0.51.0
* Update scss_lint to version 0.55.0
* Update sidekiq to version 5.0.5
* Update sidekiq-scheduler to version 2.1.10
* Update tzinfo-data to version 1.2017.3
* Update webpacker to version 3.0.2
* bundle update
|
|
* Close connection when succeeded posting
* Update webmock
|
|
|
|
|
|
|
|
|
|
* Bump ruby version to 2.4.2
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/
Gemfile.lock is also updated.
TODO
- [ ] Update Dockerfile with Alpine release of ruby-2.4.2
* Revert jwt version
It seems that jwt 2.0.0 fails in some environment.
ref. https://github.com/zaru/webpush/issues/42
* Bump Ruby version on docker image
|
|
|
|
Bumps [puma](https://github.com/puma/puma) from 3.9.1 to 3.10.0.
- [Release notes](https://github.com/puma/puma/releases/tag/v3.10.0)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.9.1...v3.10.0)
|
|
Bumps [rails](https://github.com/rails/rails) from 5.1.3 to 5.1.4.
- [Commits](https://github.com/rails/rails/compare/v5.1.3...v5.1.4)
|
|
* Fix language filter codes
CLD3 returns BCP-47 language identifier, filter settings expect
identifiers in the ISO 639-1 format. Convert between formats,
and exclude duplicate languages from filter choices (zh-CN->zh)
* Fix zh name
|
|
|
|
|
|
* Add handling of Linked Data Signatures in payloads
* Add a way to sign JSON, fix canonicalization of signature options
* Fix signatureValue encoding, send out signed JSON when distributing
* Add missing security context
|
|
|
|
|
|
* Update twitter-text to version 1.14.7
* Update tilt to version 2.0.8
* Update statsd-instrument to version 2.1.4
* Update sidekiq to version 5.0.4
* Update sidekiq-scheduler to version 2.1.8
* Update sidekiq-unique-jobs to version 5.0.9
* Update redis-activesupport to version 5.0.3
* Update rails-settings-cached to version v0.6.6
* Update pkg-config to version 1.2.4
* Update parallel_tests to version 2.14.2
* Update jsonapi-renderer to version 0.1.3
* Update i18n-tasks to version 0.9.16
* Update httplog to version 0.99.7
* Update fabrication to version 2.16.2
* Update bootsnap to version 1.1.2
* Update aws-sigv4 to version 1.0.1
* Update aws-sdk-core to version 2.10.21
* Update hashdiff to version 0.3.5
* Update rails to version 5.1.3
|
|
|
|
|
|
- No masking of HTTP::Error and OpenSSL::SSL::SSLError
- No longer accepts non-HTTPS WebFinger endpoints
|
|
* Refactor ResolveRemoteAccountService
* Remove trailing whitespace
* Use redis locks around critical ResolveRemoteAccountService code
* Add test for race condition of lock
|
|
* Add dependency on idn-ruby to speed up URI normalization
* Use normalized_host instead of normalize.host when applicable
When we are only interested in the normalized host, calling normalized_host
avoids normalizing the other components of the URI as well as creating a
new object
|
|
|
|
- Use unicode when selecting emoji through picker
- Convert shortcodes to unicode when storing text input server-side
- Do not convert shortcodes in JS anymore
|