Age | Commit message (Collapse) | Author |
|
* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions
* Fix tests, smooth migrate from previous session-based identifier
|
|
of Rabl (#4090)
|
|
* add a system_font_ui setting on the server
* Plug the system_font_ui on the front-end
* add EN/FR locales for the new setting
* put Roboto after all other fonts
* remove trailing whitespace so CodeClimate is happy
* fix user_spec.rb
* correctly write user_spect this time
* slightly better way of adding the classes
* add comments to the system-font stack for clarification
* use .system-font for the class instead
* don't use multiple lines for comments
* remove trailing whitespace
* use the classnames module for consistency
* use `mastodon-font-sans-serif` instead of Roboto directly
|
|
|
|
|
|
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation
* Restore recovery code re-generation
* Improve display of some 2FA elements
|
|
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
* Fix #2347 - Bind web UI access token to session
When you logout, session also destroys the access token, so it's no longer
valid. If access token is destroyed some other way, the session is also
destroyed, requiring a re-login.
Fix #1681 - Add scheduler to remove revoked access tokens and grants
* Fix test
|
|
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
|
|
|
|
Rename Activitypub to ActivityPub
|
|
account before removing content for quicker feedback to end-users
|
|
* Add form for account deletion
* If avatar or header are gone from source, remove them
* Add option to have SuspendAccountService remove user record, add tests
* Exclude suspended accounts from search
|
|
* Fix #2619 - When redis feed is empty, fall back to database
* Use redis value to return feed from database only while RegenerationWorker
hasn't finished running
* Fix specs
* Replace usage of reject!
|
|
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.
More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
|
|
* Improve default language decision
This change allows to takes account of accepted language determined by
the user agent even if the custom default locale of the instance is
configured.
* Cover Localized more
* Fix code style
|
|
Each of mute, favourite, reblog has been updated to:
- Have a separate controller with just a create and destroy action
- Preserve historical route names to not break the API
- Mild refactoring to break up long methods
|
|
unique controllers (#3646)
* Add specs for api statuses routes
* Update favourited_by and reblogged_by api routes
* Move methods into new controllers
* Use load_accounts methods to simplify index actions
* Clean up load_accounts methods
* Clean up link header generation
* Check for link headers in specs
* Remove unused actions from api/v1/statuses controller
* Remove specs for moved actions
|
|
* Add explit admin actions to (re)subscribe/unsubscribe remote accounts
and re-download avatar/header
* Improve how admin NSFW toggle looks
|
|
https://github.com/codeclimate/codeclimate-rubocop/blob/08f8de84ebfb39caa96391e23816877278f6441c/Gemfile.lock#L38
Code Climate is using RuboCop v0.46.0.
Change several rules to maintain compatibility.
|
|
* Move ApiController to Api/BaseController
* API controllers inherit from Api::BaseController
* Add coverage for various error cases in api/base controller
|
|
controller (#3625)
* Coverage for rate limit headers
* Move rate limit headers methods to concern
* Move throttle check to condition on before_action
* Move match_data variable into method
* Move utc timestamp to separate method
* Move header setting into smaller methods
* specs cleanup
|
|
* Fix #3063 - Add dynamic app manifest
* Added short_name
* Add background_color
|
|
* Redirect to streaming_api_base_url
When Rails receives a request to streaming API, it most likely
means that there is another host which is configured to respond
to it. This is to redirect clients to that host if
`STREAMING_API_BASE_URL` is set as another host.
* Use the new Ruby 1.9 hash syntax
|
|
|
|
|
|
This fixes #2375.
|
|
Remove protect_from_forgery in ApiController, which is disabled by the
following skip_before_action, as well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Add status destroy authorization to policy
* Create explicit unreblog status authorization
|
|
* Add StreamEntryFinder class to parse URLs
* Use StreamEntryFinder and clean up api/oembed controller
|
|
|
|
|
|
|
|
* Remove methods from ObfuscateFilename
* Spec ObfuscateFilename
|
|
* Set delete_modal preference to true by default
* Does not show confirmation modal if delete_modal is false
* Add ja translation for preference setting page
|
|
|