about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2018-02-16Save video metadata and improve video OpenGraph tags (#6481)Eugen Rochko
* Save metadata from video attachments, put correct dimensions into OG tags * Add twitter:player for videos * Fix code style and test
2018-02-09Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: .travis.yml app/lib/user_settings_decorator.rb app/models/user.rb app/serializers/initial_state_serializer.rb app/views/stream_entries/_detailed_status.html.haml app/views/stream_entries/_simple_status.html.haml config/locales/simple_form.en.yml
2018-02-09Add preference to always display sensitive media (#6448)Eugen Rochko
2018-02-08Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-02-08Fix response of signature_verification_failure_reason (#6441)abcang
2018-02-04Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: .env.production.sample app/controllers/auth/confirmations_controller.rb db/schema.rb
2018-02-04Exclude nil from relationships array (#6427)abcang
2018-02-04Add option to show only local toots in timeline preview (#6292)Renato "Lond" Cerqueira
* Add option to show only local toots in timeline preview Right know, toots from all the known fediverse are shown in the main page of an instance. That however doesn't reflect the instance itself. With this option the admin may choose to display only local toots so that users checking the instance get a better idea of internal conversations. * Fix issues pointed by codeclimate and eslint * Add default message for community timeline * Update pl.yml
2018-02-04CAS + SAML authentication feature (#6425)Eugen Rochko
* Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
2018-02-02Merge remote-tracking branch 'tootsuite/master' into merge-upstreamDavid Yip
Conflicts: app/javascript/styles/mastodon/components.scss
2018-02-02Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207)ThibG
2018-02-02Allow retrieval of private statuses (single or in outbox) using HTTP ↵puckipedia
signatures (#6225)
2018-02-02pam authentication (#5303)Alexander
* add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
2018-01-24Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-23Fix #6331 (#6341)Eugen Rochko
UserTrackingConcern is circumvented by SessionsController#create because it calls warden, which calls the User#update_tracked_fields! method directly. Move returning user logic to that method.
2018-01-22Rename ResolveRemoteAccountService to ResolveAccountService (#6327)Akihiko Odaki
The service used to be named ResolveRemoteAccountService resolves local accounts as well.
2018-01-21Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/controllers/settings/two_factor_authentication/confirmations_controller.rb
2018-01-21Redirect to 2FA creation page when otp_secret is not available (#6314)Aboobacker MK
2018-01-19Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/javascript/styles/mastodon/components.scss app/javascript/styles/mastodon/modal.scss
2018-01-18Fix regeneration marker not expiring (#6290)Eugen Rochko
* Fix regeneration key not getting expired * Add rake task to remove old regeneration markers
2018-01-17Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/javascript/styles/mastodon/components.scss
2018-01-17Fix home regeneration (#6251)Eugen Rochko
* Fix regeneration marker not being removed after completion * Return HTTP 206 from /api/v1/timelines/home if regeneration in progress Prioritize RegenerationWorker by putting it into default queue * Display loading indicator and poll home timeline while it regenerates * Add graphic to regeneration message * Make "not found" indicator consistent with home regeneration
2018-01-17Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-17implement web share target (#6278)りんすき
* web share target * fix * fix
2018-01-15Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-15Suppress CSRF token warnings (#6240)Patrick Figel
CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
2018-01-10Thank you, Officer MurphyDavid Yip
2018-01-10The flavour parameter is unused, so omit it (#317)David Yip
2018-01-10Allow for user object to be empty. Fixes #317.David Yip
If a flavour has only one skin, the skin selector will be omitted. This omits the user[setting_skin] field, and because that's the only user[...] field on the page, the entire user object will not be present in the request handler's params object. This commit accounts for that scenario by avoiding params.require(:user) and instead picking out what we need from the params hash.
2018-01-09Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-08Refactor /api/web APIs to use the centralized axios instance (#6223)nightpool
Also adds the ability to decouple the centralized axios logic from the state dispatcher
2018-01-08Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-08Revert #5772 (#6221)Eugen Rochko
2018-01-07Merge remote-tracking branch 'personal/merge/tootsuite/master' into gs-masterDavid Yip
2018-01-07Use error pack when rendering error pages. Fixes #305.David Yip
2018-01-07Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-07Fix force_ssl conditional (#6201)Yamagishi Kazutoshi
2018-01-07Fix unintended cache (#6214)Yamagishi Kazutoshi
2018-01-07Merge remote-tracking branch 'ykzts/fix-unintended-cache' into gs-masterDavid Yip
2018-01-07Fix unintended cacheYamagishi Kazutoshi
2018-01-05Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-05Represent numbers by strings in instance activity API (#6198)TheKinrar
Fixes #6197.
2018-01-04Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-04Make sure private toots remain private and do not end up in HTTP caches (#6175)ThibG
2018-01-04Cache JSON of immutable ActivityPub representations (#6171)Eugen Rochko
2018-01-03Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-03Allow to dereference Follow object for ActivityPub (#5772)Akihiko Odaki
* Allow to dereference Follow object for ActivityPub * Accept IRI as object representation for Accept activity
2018-01-03Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-03Allow HTTP caching of json view of public statuses (#6115)ThibG
* Allow HTTP caching of json view of public statuses HTML views are not cached as they can contain private statuses as well * Disable session cookies for ActivityPub json rendering of public toots
2018-01-02Add confirmation step for email changes (#6071)Patrick Figel
* Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes