about summary refs log tree commit diff
path: root/app/controllers/oauth
AgeCommit message (Collapse)Author
2022-11-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-11-17Fix OAuth flow being broken by recent CSP change (#20958)Claire
2022-11-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `config/initializers/content_security_policy.rb`: Our config file is pretty different from upstream. Upstream changed CSP directive `script-src` to include `wasm-unsafe-eval` instead of `unsafe-eval`, which we did not include. Added `wasm-unsafe-eval` to `script-src` to fix execution of the OCR web worker. - `package.json`: Upstream updated a dependency (`array-includes`) textually adjacent to a glitch-soc-only dependency (`atrament`). Updated `array-includes` as upstream did.
2022-11-16Add 'private' to Cache-Control, match Rails expectations (#20608)Daniel Axtens
Several controlers set quite intricate Cache-Control headers in order to hopefully not be cached by any intermediate proxies or local caches. Unfortunately, these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes and discards any values set alongside no-store other than private: https://github.com/rails/rails/blob/8015c2c2cf5c8718449677570f372ceb01318a32/actionpack/lib/action_dispatch/http/cache.rb#L207-L209 We want to preserve no-store on these responses, but we might as well remove parts that are going to be dropped anyway. As many of the endpoints in these controllers are private to a particular user, we should also add "private", which will be preserved alongside no-store.
2022-05-01Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/javascript/packs/admin.js`: Conflicts due to glitch-soc's theming system. Upstream changes have been ported to `app/javascript/core/admin.js` - `app/models/trends/statuses.rb`: Minor conflict due to glitch-soc's option to allow CWed toots in trends. Ported upstream changes.
2022-05-01Fix error when trying to revoke OAuth token without supplying a token (#18205)Eugen Rochko
2020-09-28Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile.lock`: Not a real conflict, upstream updated dependencies that were too close to glitch-soc-only ones in the file. - `app/controllers/oauth/authorized_applications_controller.rb`: Upstream changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc's theming system. Ported upstream changes. - `app/controllers/settings/base_controller.rb`: Upstream refactored and changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc's theming system. Ported upstream changes. - `app/controllers/settings/sessions_controller.rb`: Upstream refactored and changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc's theming system. Ported upstream changes. - `app/models/user.rb`: Upstream refactored and changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc not preventing moved accounts from logging in. Ported upstream changes while keeping the ability for moved accounts to log in. - `app/policies/status_policy.rb`: Upstream refactored and changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc's local-only toots. Ported upstream changes. - `app/serializers/rest/account_serializer.rb`: Upstream refactored and changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc's ability to hide followers count. Ported upstream changes. - `app/services/process_mentions_service.rb`: Upstream refactored and changed the logic surrounding suspended accounts. Minor conflict due to glitch-soc's local-only toots. Ported upstream changes. - `package.json`: Not a real conflict, upstream updated dependencies that were too close to glitch-soc-only ones in the file.
2020-09-11Refactor settings controllers (#14767)Eugen Rochko
- Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
2020-01-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/application_controller.rb`: Conflict due to theming system. - `app/controllers/oauth/authorizations_controller.rb`: Conflict due to theming system.
2019-12-30Fix settings pages being cacheable by the browser (#12714)Eugen Rochko
Fix #12255
2019-07-23Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/application_controller.rb - app/controllers/auth/confirmations_controller.rb - app/controllers/auth/sessions_controller.rb - app/controllers/settings/deletes_controller.rb - app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
2019-07-22Change unconfirmed user login behaviour (#11375)Eugen Rochko
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
2019-02-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/oauth/authorized_applications_controller.rb Two changes too close to each other - app/controllers/settings/sessions_controller.rb - app/lib/user_settings_decorator.rb Two changes too close to each other - app/models/media_attachment.rb New changes too close to glitch-soc only changes. - app/models/user.rb Two changes too close to each other. - app/services/remove_status_service.rb Kept direct timeline code which had been removed upstream. - app/views/settings/preferences/show.html.haml Two changes too close to each other. - config/locales/en.yml Introduction of a new string too close to glitch-soc-only's “flavour” - config/locales/ja.yml Introduction of a new string too close to glitch-soc-only's “flavour” - config/locales/pl.yml Introduction of a new string too close to glitch-soc-only's “flavour” - config/locales/simple_form.en.yml Introduction of a new string too close to glitch-soc-only's “skin” - config/locales/simple_form.pl.yml Introduction of a new string too close to glitch-soc-only's “skin” - config/settings.yml Reverted upstream's decision of enabling posting application by default.
2019-02-04Fix authorized applications list page design (#9969)rinsuki
2018-09-11Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/oauth/authorizations_controller.rb Just two changes being too close to one another. Took both.
2018-09-09Add force_login option to OAuth authorize page (#8655)Eugen Rochko
* Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
2018-05-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: config/locales/simple_form.ja.yml
2018-05-19Ensure push subscription is immediately removed when application is revoked ↵Eugen Rochko
(#7548) * Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too
2017-12-11change pack to 'auth'cwm
2017-12-11load packcwm
2017-12-11Add missing set_pack def/filter in OAuth::AuthorizedApplicationsController.David Yip
2017-04-08Fix #1165 - before_action was called before protect_from_forgeryEugen Rochko
2017-04-07Allow setting of default language through configEugen Rochko
Setting of locale in controller extracted to Localized concern, the doorkeeper authorized applications controller moved under custom namespace with inclusion of Localized, which resolves the "it sometimes appears in a different random language" bug
2017-04-04Only call regeneration worker after first login after a 14 day breakEugen Rochko
2016-11-15Fix rubocop issues, introduce usage of frozen literal to improve performanceEugen Rochko
2016-10-23Fix OAuth authorization redirectEugen Rochko
2016-10-22Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limitingEugen Rochko
to the API
2016-09-26Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - appEugen Rochko
registration API
2016-08-17Upgrade to Rails 5.0.0.1Eugen Rochko
2016-03-14Bind oauth applications to usersEugen Rochko