Age | Commit message (Collapse) | Author |
|
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.
More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
|
|
|
|
In single user mode, visitors are redirected to the single user's
profile page. So, if you are the owner without a session, you start
from that page, click the login button and authenticate yourself
expecting you'll soon get started with the home page, but in reality
you'll get redirected back to where you started from -- your own
profile page.
This fixes the behavior by redirecting you home after login if you
have started from your own profile page.
|
|
(You may think that we need account deletions, but this way would've just orphaned the db records)
|
|
* Add a spec for signing out
* Add spec showing that suspended user gets a 403 forbidden on sign out
* Allow suspended account users to sign out
|
|
* disable Bundler/OrderedGems
* fix rubocop Lint/UselessAssignment
* fix rubocop Style/BlockDelimiters
* fix rubocop Style/AlignHash
* fix rubocop Style/AlignParameters, Style/EachWithObject
* fix rubocop Style/SpaceInLambdaLiteral
|
|
|
|
|
|
An attempt to open a brand new Mastodon instance configured
as SINGLE_USER_MODE=true will cause an exception.
Enable temporary registration if we have no users in the database
Fixes #1817
|
|
* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes #563 and fixes #987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
|
|
admin UI
|
|
|
|
|
|
settings forms
|
|
|
|
|
|
|
|
|
|
to sign in page after sign up instead of root path which redirects to /about
|
|
|
|
|
|
|
|
registration API
|
|
|
|
|
|
behaviour with Turbolinks enabled, optimizing Rabl for production
|
|
|
|
|
|
|
|
|