Age | Commit message (Collapse) | Author |
|
Conflicts:
.env.production.sample
app/controllers/auth/confirmations_controller.rb
db/schema.rb
|
|
|
|
* Add option to show only local toots in timeline preview
Right know, toots from all the known fediverse are shown in the main
page of an instance. That however doesn't reflect the instance itself.
With this option the admin may choose to display only local toots so
that users checking the instance get a better idea of internal
conversations.
* Fix issues pointed by codeclimate and eslint
* Add default message for community timeline
* Update pl.yml
|
|
* Cas authentication feature
* Config
* Remove class_eval + Omniauth initializer
* Codeclimate review
* Codeclimate review 2
* Codeclimate review 3
* Remove uid/email reconciliation
* SAML authentication
* Clean up code
* Improve login form
* Fix code style issues
* Add locales
|
|
Conflicts:
app/javascript/styles/mastodon/components.scss
|
|
|
|
signatures (#6225)
|
|
* add pam support, without extra column
* bugfixes for pam login
* document options
* fix code style
* fix codestyle
* fix tests
* don't call remember_me without password
* fix codestyle
* improve checks for pam usage (should fix tests)
* fix remember_me part 1
* add remember_token column because :rememberable requires either a password or this column.
* migrate db for remember_token
* move pam_authentication to the right place, fix logic bug in edit.html.haml
* fix tests
* fix pam authentication, improve username lookup, add comment
* valid? is sometimes not honored, return nil instead trying to authenticate with pam
* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests
* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user
* codeconvention fixes
* code convention fixes
* fix idention
* update dependency, explicit conflict check
* fix disabled password updates if in pam mode
* fix check password if password is present, fix templates
* block registration if account is maintained by pam
* Revert "block registration if account is maintained by pam"
This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.
* fix identation error introduced by rebase
* block usernames maintained by pam
* document pam settings better
* fix code style
|
|
|
|
UserTrackingConcern is circumvented by SessionsController#create
because it calls warden, which calls the User#update_tracked_fields!
method directly. Move returning user logic to that method.
|
|
The service used to be named ResolveRemoteAccountService resolves local
accounts as well.
|
|
Conflicts:
app/controllers/settings/two_factor_authentication/confirmations_controller.rb
|
|
|
|
Conflicts:
app/javascript/styles/mastodon/components.scss
app/javascript/styles/mastodon/modal.scss
|
|
* Fix regeneration key not getting expired
* Add rake task to remove old regeneration markers
|
|
Conflicts:
app/javascript/styles/mastodon/components.scss
|
|
* Fix regeneration marker not being removed after completion
* Return HTTP 206 from /api/v1/timelines/home if regeneration in progress
Prioritize RegenerationWorker by putting it into default queue
* Display loading indicator and poll home timeline while it regenerates
* Add graphic to regeneration message
* Make "not found" indicator consistent with home regeneration
|
|
|
|
* web share target
* fix
* fix
|
|
|
|
CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.
This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
|
|
|
|
|
|
If a flavour has only one skin, the skin selector will be omitted. This
omits the user[setting_skin] field, and because that's the only
user[...] field on the page, the entire user object will not be present
in the request handler's params object.
This commit accounts for that scenario by avoiding params.require(:user)
and instead picking out what we need from the params hash.
|
|
|
|
Also adds the ability to decouple the centralized axios logic from the
state dispatcher
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes #6197.
|
|
|
|
|
|
|
|
|
|
* Allow to dereference Follow object for ActivityPub
* Accept IRI as object representation for Accept activity
|
|
|
|
* Allow HTTP caching of json view of public statuses
HTML views are not cached as they can contain private statuses as well
* Disable session cookies for ActivityPub json rendering of public toots
|
|
* Add confirmation step for email changes
This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.
Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.
Fixes #3871
* Add review fixes
|
|
Conflicts:
app/controllers/authorize_follows_controller.rb
app/javascript/styles/mastodon/components.scss
|
|
|
|
Conflicts:
app/controllers/auth/confirmations_controller.rb
|
|
(#6114)
|
|
* Add GET /api/v1/instance/peers API to reveal known domains
* Add GET /api/v1/instance/activity API
* Make new APIs disableable, exclude private statuses from activity stats
* Fix code style issue
* Fix week timestamps
|