| Age | Commit message (Collapse) | Author |
|---|
|
Conflicts:
- `app/controllers/auth/setup_controller.rb`:
Upstream removed a method close to a glitch-soc theming-related method.
Removed the method like upstream did.
|
|
|
|
|
|
(#24100)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Conflicts:
- `README.md`:
Upstream changed their README, we have our own.
Kept ours.
- `app/helpers/application_helper.rb`:
Minor code style fix upstream, on a line that is different in glitch-soc
due to the different theming system.
Applied the code style fix to our own code.
- `app/views/settings/preferences/appearance/show.html.haml`:
Code style fix on a line next to lines exclusive to glitch-soc.
Applied upstream changes.
- `yarn.lock`:
Upstream updated a dependency textually close to a glitch-soc-only
dependency.
Updated the dependency like upstream did.
|
|
|
|
|
|
|
|
|
|
requesting a new confirmation e-mail (#23247)
Fixes #23093
|
|
Conflicts:
- `README.md`:
Discarded upstream changes: we have our own README
- `app/controllers/follower_accounts_controller.rb`:
Port upstream's minor refactoring
|
|
|
|
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed how docker images were built, including how
they were cached.
I don't know much about it, so applied upstream's changes.
- `app/controllers/admin/domain_blocks_controller.rb`:
The feature, that was in glitch-soc, got backported upstream.
It also had a few fixes upstream, so those have been ported!
- `app/javascript/packs/admin.js`:
Glitch-soc changes have been backported upstream. As a result,
some code from `app/javascript/core/admin.js` got added upstream.
Kept our version since our shared Javascript already has that feature.
- `app/models/user.rb`:
Upstream added something to distinguish unusable and unusable-because-moved
accounts, while glitch-soc considers moved accounts usable.
Took upstream's code for `functional_or_moved?` and made `functional?`
call it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream cleaned up code style a bit, on a line that we had custom changes
for.
Applied upstream's change while keeping our change.
- `config/initializers/content_security_policy.rb`:
Upstream adopted one CSP directive we already had.
The conflict is because of our files being structurally different, but the
change itself was already part of glitch-soc.
Kept our version.
|
|
* Fix style for hashes
Make the style for hashes consistent.
* New style
More consistency
|
|
|
|
Fixes #20067
Our password autocomplete hints were “off” but that does not prevent current
browsers from trying to autocomplete them anyway, so use `current-password` and
`new-password` so they don't put a newly-generated password in a password
confirmation prompt, or the old password for a password renewal prompt.
|
|
|
|
This is modeled on #19833, and based on the attribute values documented
in https://developer.apple.com/documentation/security/password_autofill/enabling_password_autofill_on_an_html_input_element?language=objc
|
|
The email address will be used as the "username" for sign-in purposes, so it's the value that should be stored in password managers. We can inform the password manager of this by setting `autocomplete="email"`. Without this hint, password managers may instead store the `username` field, which isn't valid for sign-in (this happens with iCloud Keychain in Safari, for instance).
|
|
|
|
Fixes #19507
Fix regression from #19296
|
|
|
|
|
|
|
|
Conflicts:
- `app/controllers/concerns/sign_in_token_authentication_concern.rb`:
Upstream removed this file, while glitch-soc had changes to deal with
its theming system.
Removed the file like upstream did.
|
|
(#17970)
|
|
Conflicts:
- `.github/dependabot.yml`:
Upstream modified it, but we deleted it in glitch-soc.
Keep it deleted.
|
|
|
|
|
|
* Change old moderation strikes to be displayed in a separate page
Fixes #17552
This changes the moderation strikes displayed on `/auth/edit` to be those from
the past 3 months, and make all moderation strikes targeting the current user
available in `/disputes`.
* Add short description of what the strikes page is for
* Move link to list of strikes to “Account status” instead of navigation item
* Normalize i18n file
* Fix layout and styling of strikes link
* Revert highlights_on regexp
* Reintroduce account status summary
- this way, “Account status” is never empty
- account status is not necessarily bound to strikes, or recent strikes
|
|
Conflicts:
- `db/schema.rb`:
Conflict due to glitch-soc adding the `content_type` column on status edits
and thus having a different schema version number.
Solved by taking upstream's schema version number, as it is higher than
glitch-soc's.
|
|
* Add appeals
* Add ability to reject appeals and ability to browse pending appeals in admin UI
* Add strikes to account page in settings
* Various fixes and improvements
- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes
* Change appealed_at to overruled_at
* Fix missing method error
|
|
|
|
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
|
|
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
|
|
Fixes #1649
This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then
enabling the admin setting at
`/admin/settings/edit#form_admin_settings_captcha_enabled`
Subsequently, a hCaptcha widget will be displayed on `/about` and
`/auth/sign_up` unless:
- the user is already signed-up already
- the user has used an invite link
- the user has already solved the captcha (and registration failed for another
reason)
The Content-Security-Policy headers are altered automatically to allow the
third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same
rules as above.
|
|
Conflicts:
- `spec/models/status_spec.rb`:
Upstream added tests too close to glitch-soc-specific tests.
Kept both tests.
|
|
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN
Fixes #15959
Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.
However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.
As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
* Add OMNIAUTH_ONLY environment variable to enforce external log-in only
* Disable user registration when OMNIAUTH_ONLY is set to true
* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
|
|
|
|
|
|
Conflicts:
- `app/models/form/admin_settings.rb`:
New setting added upstream. Ported it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream removed RTL classes. Did the same.
- `config/settings.yml`:
New setting added upstream. Ported it.
|
|
Fixes #15273
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Conflicts:
- `app/controllers/about_controller.rb`:
Minor conflict caused by glitch-soc's theming system.
Ported upstream changes.
|
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Conflicts:
- `app/services/remove_status_service.rb`:
Conflict caused by us having a distinc Direct timeline.
Ported upstream changes.
- `app/javascript/mastodon/features/compose/components/compose_form.js`:
Conflict between glitch-soc's variable character limit and upstream
refactoring that part of the code.
Ported upstream changes.
|
|
|
|
Fix #2744
|
|
Conflicts:
- `Gemfile.lock`:
Not a real conflict, upstream updated dependencies that were too close to
glitch-soc-only ones in the file.
- `app/controllers/oauth/authorized_applications_controller.rb`:
Upstream changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's theming system.
Ported upstream changes.
- `app/controllers/settings/base_controller.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's theming system.
Ported upstream changes.
- `app/controllers/settings/sessions_controller.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's theming system.
Ported upstream changes.
- `app/models/user.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc not preventing moved accounts from logging
in.
Ported upstream changes while keeping the ability for moved accounts to log
in.
- `app/policies/status_policy.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's local-only toots.
Ported upstream changes.
- `app/serializers/rest/account_serializer.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's ability to hide followers count.
Ported upstream changes.
- `app/services/process_mentions_service.rb`:
Upstream refactored and changed the logic surrounding suspended accounts.
Minor conflict due to glitch-soc's local-only toots.
Ported upstream changes.
- `package.json`:
Not a real conflict, upstream updated dependencies that were too close to
glitch-soc-only ones in the file.
|
|
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
|
|
|
