about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2018-01-07Fix force_ssl conditional (#6201)Yamagishi Kazutoshi
2018-01-07Fix unintended cache (#6214)Yamagishi Kazutoshi
2018-01-07Merge remote-tracking branch 'ykzts/fix-unintended-cache' into gs-masterDavid Yip
2018-01-07Fix unintended cacheYamagishi Kazutoshi
2018-01-05Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-05Represent numbers by strings in instance activity API (#6198)TheKinrar
Fixes #6197.
2018-01-04Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-04Make sure private toots remain private and do not end up in HTTP caches (#6175)ThibG
2018-01-04Cache JSON of immutable ActivityPub representations (#6171)Eugen Rochko
2018-01-03Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-03Allow to dereference Follow object for ActivityPub (#5772)Akihiko Odaki
* Allow to dereference Follow object for ActivityPub * Accept IRI as object representation for Accept activity
2018-01-03Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-03Allow HTTP caching of json view of public statuses (#6115)ThibG
* Allow HTTP caching of json view of public statuses HTML views are not cached as they can contain private statuses as well * Disable session cookies for ActivityPub json rendering of public toots
2018-01-02Add confirmation step for email changes (#6071)Patrick Figel
* Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes
2018-01-02Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/controllers/authorize_follows_controller.rb app/javascript/styles/mastodon/components.scss
2018-01-02Show mastodon on modal (#6129)Akihiko Odaki
2017-12-30Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/controllers/auth/confirmations_controller.rb
2017-12-30keep the same filters and page when doing custom emojo stuff (fixes #6112) ↵beatrix
(#6114)
2017-12-29Add more instance stats APIs (#6125)Eugen Rochko
* Add GET /api/v1/instance/peers API to reveal known domains * Add GET /api/v1/instance/activity API * Make new APIs disableable, exclude private statuses from activity stats * Fix code style issue * Fix week timestamps
2017-12-27Make host_meta/webfinger replies cacheable (fixes #6100) (#6101)ThibG
* Make host_meta/webfinger replies cacheable (fixes #6100) Drop common code for handling users and sessions as webfinger queries are very basic, public APIs. Also explicitly mark results as cacheable with “expires_in”. * Add “Vary: Accept” header for caching since content-negociation is used
2017-12-20Set packs on 2FA-related pages. Fixes #271.David Yip
Specifically, this commit: - changes S::TFA::{Confirmations,RecoveryCodes}Controller to derive from S::BaseController, because this gives us the necessary actions and packs - prepends set_pack to Auth::SessionsController's action chain so that it takes effect in time for render :two_factor
2017-12-15Merge branch 'gs-master' into prevent-local-only-federationDavid Yip
Conflicts: db/schema.rb
2017-12-15Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2017-12-14Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026)Eugen Rochko
2017-12-13Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2017-12-13Add filters to admin UI for custom emojis (#6003)Eugen Rochko
2017-12-13Clean up admin UI for accounts (#6004)Eugen Rochko
* Add staff filter to admin UI for accounts, remove obsolete columns * Only display OStatus section in admin UI for accounts when OStatus data
2017-12-12Merge remote-tracking branch 'tootsuite/master' into merge-upstreamDavid Yip
2017-12-12Fix #5953 - Add GET /api/v1/accounts/:id/lists (#5983)Eugen Rochko
2017-12-11change pack to 'auth'cwm
2017-12-11load packcwm
2017-12-11move outbox filtering to Status#permitted_for (as per @ekiru)Erin
2017-12-11Merge pull request #254 from glitch-soc/new-theme-uxbeatrix
New flavour/skin UX
2017-12-11Apply a 25x rate limit by IP even to authenticated requests (#5948)Eugen Rochko
2017-12-11Add missing set_pack def/filter in OAuth::AuthorizedApplicationsController.David Yip
2017-12-10Moved flavour UI into own prefs tabkibigo!
2017-12-10filter local-only toots from AP outboxesErin
2017-12-10filter local-only statuses from public pagesErin
2017-12-10pulled master, moved locale entry to new locationcwm
2017-12-10Javascript intl8n flavour supportkibigo!
2017-12-09Remove unused function (#5950)abcang
2017-12-09add initial components based off of tootsuite pr #1507cwm
2017-12-09Rate limit by user instead of IP when API user is authenticated (#5923)Eugen Rochko
* Fix #668 - Rate limit by user instead of IP when API user is authenticated * Fix code style issue * Use request decorator provided by Doorkeeper
2017-12-09Keep WebPush settings (#5879)abcang
2017-12-09Limit users to 50 lists, remove pagination from lists API (#5933)Eugen Rochko
2017-12-07Skins shouldn't apply to fallback flavourskibigo!
2017-12-06Fix common packs when other pack also therekibigo!
2017-12-06Use settings pack for InvitesController (#229)David Yip
2017-12-06Merge pull request #229 from glitch-soc/glitch-themebeatrix
Advanced Next-Level Flavours And Skins For Mastodon™
2017-12-06Prepend check_enabled_deletion to Settings::DeletesController (#229)David Yip
The specs for Settings::DeletesController include an example that sets Settings.open_deletion to false and expects the "if deletion is not available, redirect to root" logic to run. However, this spec does not set up a user, which means that the spec (intentionally or otherwise) expects this redirection to work with unauthenticated access. We should preserve that behavior. To do so, we prepend the deletion check to the action chain set up by Settings::BaseController, so that said check occurs before the authenticate_user! check.