Age | Commit message (Collapse) | Author |
|
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.
This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
|
|
Follow-up to #12927
|
|
* Add announcements
Fix #11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
|
|
Fix #12554
|
|
* Add “account timeline” filter category
Previously, no filter category applied to account timelines.
* Rename “Account timelines” into “Profiles”
|
|
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
|
|
Conflicts:
- `app/javascript/packs/public.js`:
Upstream removed an unused function in code that has
been refactored a bit. Removed that function in the corresponding
places.
|
|
|
|
|
|
* Fix unused role routes being generated
* Remove unused JavaScript code
* Refactor filters code to be DRYer
* Fix `.count == 0` comparisons to `.empty?` in views
* Fix filters in views
|
|
|
|
Fix #12849
|
|
Conflicts:
- `Gemfile.lock`:
No real conflict, glitch-soc-only dependency (redcarpet) too close to an
upstream one (rdf-normalize)
- `README.md`:
we have different READMEs, discarded upstream's changes
- `app/views/admin/custom_emojis/index.html.haml`:
No real conflict, different context because of glitch-soc theming
- `lib/mastodon/statuses_cli.rb`:
Upstream added code to keep bookmarked statuses, we were already doing so
with slightly different code. Discarded upstream's changes.
- `package.json`:
No real conflict, glitch-soc-only dependency (favico.js) too close to
an upstream one
|
|
|
|
* Remove #filter_from_context?
* Create scope Status.with_accounts
Retrieving AR objects should be
their model's scope
|
|
* improve shown status title, useful for atom/rss
* use single quotes to satisfy codeclimate
* fix tests, make message more pretty
* fix tests
* fix codestyle
* fix codestyle
* remove atom_serializer_spec
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
Fixes #12795
It was already possible to create domain blocks for TLDs, but those
weren't enforced, nor editable. This commit changes it so that they
are enforced and editable.
|
|
Conflicts:
- `app/controllers/application_controller.rb`:
Conflict due to theming system.
- `app/controllers/oauth/authorizations_controller.rb`:
Conflict due to theming system.
|
|
Fix #3804, Fix #5776
|
|
This changes the REST API to return unicode domains in the `acct`
attribute instead of punycode, and to render unicode instead of
punycode on public HTML pages as well.
Fix #7812, fix #12246
|
|
Conflicts:
- `config/locales/en.yml`
No real conflict, upstream added a translatable string “too close” to
one specific to glitch-soc
- `lib/mastodon/statuses_cli.rb`
Fixes made upstream, while changed in glitch-soc to keep bookmarked statuses
- `package.json`
No real conflict, additional dependency in glitch-soc
|
|
category (#12647)
Instead, just re-use the existing category if any.
Fixes #12608
|
|
invalid tags (#12436)
* Revert "Fix ignoring whole status because of one invalid hashtag (#11621)"
This reverts commit dff46b260b2f7d765d254c84a4b89105c7de5e97.
* Fix statuses being rejected because of invalid hashtag names
* Add spec for invalid hashtag names in statuses
* Add test for featured tags controller
|
|
* Increased max backup size
* partially reverted schema.rb
|
|
|
|
Conflicts:
- app/controllers/application_controller.rb
Minor conflict due to glitch-soc's theming system
|
|
|
|
Conflicts:
- package.json
Not really a conflict, caused by an additional dependency in glitch-soc.
- yarn.lock
Not really a conflict, caused by an additional dependency in glitch-soc.
|
|
* Show badge on group actor in WebUI
* Do not notify in case of by following group actor
* If you mention group actor, also mention group actor followers
* Relax characters that can be used in username (same as Application)
* Revert "Relax characters that can be used in username (same as Application)"
This reverts commit 7e10a137b878d0db1b5252c52106faef5e09ca4b.
* Delete display_name method
|
|
|
|
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
|
|
* Add follow_request notification type
The notification type already existed in the backend but was never pushed
to the front-end. This also means translation strings were also available
for the backend, from the notification mailer.
Unlike other notification types, these are off by default, to match what
I remember of Gargron's view on the topic: that follow requests should not
clutter notifications and should instead be reviewed at the user's own
leisure in the dedicated column.
Since follow requests have their own column, I've deemed it unnecessary to
add a specific tab for them in the notification quick filter.
* Show follow request link in single-column if there are pending requests, even if account isn't locked
* Push follow requests from notifications to the follow_requests list
* Offer to accept or reject follow request from the notification
* Redesign follow request notification
|
|
Before this patch, if remote poll options have leading or trailing spaces,
the information stored locally won't match them, causing federated voting to
fail.
|
|
|
|
* :sparkles: Convert LDAP username #12021
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :bug: Fix conversion var use
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :bug: Fix LDAP uid conversion test
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :ok_hand: Remove comments with ref to PR
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :ok_hand: Remove unnecessary paranthesis
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :wrench: Move space in conversion string
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
|
|
* Add ability to filter reports by target account domain
* Reword by_target_domain label
|
|
This might be somewhat controversial, but putting a redirection up
makes the account unusable, which works against use cases such as
using the moved account as backup in case the new one temporarily fails
(sure, the redirection can be temporarily removed, but it is a hassle)
|
|
|
|
|
|
Conflicts:
- README.md
discarded upstream changes
- app/controllers/api/v1/bookmarks_controller.rb
finally merged upstream, some code style fixes
and slightly changed pagination code
- app/controllers/application_controller.rb
changed upstream to always return HTML error pages
slight conflict caused by theming code
- app/models/bookmark.rb
finally merged upstream, no real conflict
- spec/controllers/api/v1/bookmarks_controller_spec.rb
finally merged upstream, slightly changed pagination code
|
|
* Add backend support for bookmarks
Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.
* Add spec for bookmark endpoints
* Add front-end support for bookmarks
* Introduce OAuth scopes for bookmarks
* Add bookmarks to archive takeout
* Fix migration
* Coding style fixes
* Fix rebase issue
* Update bookmarked_statuses to latest UI changes
* Update bookmark actions to properly reflect status changes in state
* Add bookmarks item to single-column layout
* Make active bookmarks red
|
|
Conflicts:
- `package.json`
|
|
* Add ability to add oneself to lists
* Change search results to include oneself when searching through followers
* Mark follow relation as optional in ListAccount
|
|
* Fix remote media descriptions being cut off at 420 chars
Fixes #12258
* Fix tests
|
|
Conflicts:
- README.md
- app/helpers/statuses_helper.rb
Upstream moved account helpers to their own file, we had extra
helpers there, moved too.
- app/lib/sanitize_config.rb
- app/models/user.rb
- app/serializers/initial_state_serializer.rb
- config/locales/simple_form.en.yml
- spec/lib/sanitize_config_spec.rb
|
|
|
|
|
|
Conflicts:
- README.md
- app/javascript/styles/mastodon/components.scss
conflicts caused by image URLs being different
- app/models/status.rb
as_home_timeline removed, kept glitch-soc-only as_direct_timeline
- app/views/statuses/_simple_status.html.haml
- config/locales/en.yml
some strings were changed upstream
- spec/models/status_spec.rb
as_home_timeline removed, kept glitch-soc-only as_direct_timeline
|
|
Follow-up to #12122
|
|
Fix #12113
|