about summary refs log tree commit diff
path: root/config/initializers
AgeCommit message (Collapse)Author
2019-11-30LDAP & PAM added to OAuth password grant strategy (#7999) (#12390)ntl-purism
When authenticating via OAuth, the resource owner password grant strategy is allowed by Mastodon, but (without this PR), it does not attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM authenticated users cannot sign in to Mastodon with their email/password credentials via OAuth (for instance, for native/mobile app users). This PR fleshes out the authentication strategy supplied to doorkeeper in its initializer by looking up the user with LDAP and/or PAM when devise is configured to use LDAP/PAM backends. It attempts to follow the same logic as the Auth::SessionsController for handling email/password credentials. Note #1: Since this pull request affects an initializer, it's unclear how to add test automation. Note #2: The PAM authentication path has not been manually tested. It was added for completeness sake, and it is hoped that it can be manually tested before merging.
2019-11-20Fix weird edge case in load_schemaThibaut Girka
2019-11-20Override Migrator.new instead of Migrator#initialize, it's easier to understandThibaut Girka
2019-11-20Add documentation about the migration hackThibaut Girka
2019-11-20Monkey-patch Rails' migrator to ignore duplicate migrations across Mastodon ↵Thibaut Girka
and glitch-soc
2019-11-13Add bookmarks (#7107)ThibG
* Add backend support for bookmarks Bookmarks behave like favourites, except they aren't shared with other users and do not have an associated counter. * Add spec for bookmark endpoints * Add front-end support for bookmarks * Introduce OAuth scopes for bookmarks * Add bookmarks to archive takeout * Fix migration * Coding style fixes * Fix rebase issue * Update bookmarked_statuses to latest UI changes * Update bookmark actions to properly reflect status changes in state * Add bookmarks item to single-column layout * Make active bookmarks red
2019-10-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - README.md - app/javascript/styles/mastodon/components.scss conflicts caused by image URLs being different - app/models/status.rb as_home_timeline removed, kept glitch-soc-only as_direct_timeline - app/views/statuses/_simple_status.html.haml - config/locales/en.yml some strings were changed upstream - spec/models/status_spec.rb as_home_timeline removed, kept glitch-soc-only as_direct_timeline
2019-10-10Fix preloaded JSON-LD context for identity not being used (#12138)Eugen Rochko
Regression from #11316
2019-10-09Fix attachment not being re-downloaded even if file is not stored (#12125)Eugen Rochko
Change the behaviour of remotable concern. Previously, it would skip downloading an attachment if the stored remote URL is identical to the new one. Now it would not be skipped if the attachment is not actually currently stored by Paperclip.
2019-10-06Fix S3 adapter retrying failing uploads with exponential backoff (#12085)Eugen Rochko
The default limit of 10 retries with exponential backoff meant that if the S3 server was timing out, you would be stuck with it for much, much longer than the 5 second read timeout we expect. The uploading happens within a database transaction, which means a failing S3 server could negatively affect database performance
2019-10-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/media_attachment.rb Upstream raised max image size from 8MB to 10MB while our limit is configurable. Raised the default to 10MB.
2019-10-01Fix records not being indexed sometimes (#12024)Eugen Rochko
It's possible that after commit callbacks were not firing when exceptions occurred in the process. Also, the default Sidekiq strategy does not push indexing jobs immediately, which is not necessary and could be part of the issue too.
2019-09-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile - Gemfile.lock - app/controllers/about_controller.rb - app/controllers/auth/sessions_controller.rb
2019-09-29Add a nodeinfo endpoint (#12002)Eugen Rochko
* Add nodeinfo endpoint * dont commit stuff from my local dev * consistant naming since we implimented 2.1 schema * Add some additional node info stuff * Add nodeinfo endpoint * dont commit stuff from my local dev * consistant naming since we implimented 2.1 schema * expanding this to include federation info * codeclimate feedback * CC feedback * using activeserializers seems like a good idea... * get rid of draft 2.1 version * Reimplement 2.1, also fix metaData -> metadata * Fix metaData -> metadata here too * Fix nodeinfo 2.1 tests * Implement cache for monthly user aggregate * Useless * Remove ostatus from the list of supported protocols * Fix nodeinfo's open_registration reading obsolete setting variable * Only serialize domain blocks with user-facing limitations * Do not needlessly list noop severity in nodeinfo * Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone * Enable caching for nodeinfo endpoints * Fix rendering nodeinfo * CodeClimate fixes * Please CodeClimate * Change InstancePresenter#active_user_count_months for clarity * Refactor NodeInfoSerializer#metadata * Remove nodeinfo 2.1 support as the schema doesn't exist * Clean-up
2019-09-24Hide error message on /heath (#11947)Yamagishi Kazutoshi
* Hide error message on /heath * update health_check
2019-09-24Cast multipart threshold to integer (#11944)Yamagishi Kazutoshi
2019-09-24Fix authentication before 2FA challenge (#11943)Eugen Rochko
Regression from #11831
2019-09-23Add config of multipart threshold for S3 (#11924)Yamagishi Kazutoshi
2019-09-18Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/auth/sessions_controller.rb Minor conflict due to glitch-soc's theming code
2019-09-15Fix 2FA challenge and password challenge for non-database users (#11831)Eugen Rochko
* Fix 2FA challenge not appearing for non-database users Fix #11685 * Fix account deletion not working when using external login Fix #11691
2019-09-13Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile - app/controllers/api/v1/search_controller.rb Conflict because we changed the number of default results to be configurable - app/lib/settings/scoped_settings.rb Addition of a new “noindex” site-wide setting, conflict due to our change of the two other site-wide settings (default flavour and skin instead of theme) - spec/controllers/application_controller_spec.rb Addition of a new “noindex” site-wide setting, conflict due to our change of the two other site-wide settings (default flavour and skin instead of theme)
2019-09-13Change rate limit for media proxy (#11814)Yamagishi Kazutoshi
2019-09-07Add healthcheck endpoint for web (#11770)Yamagishi Kazutoshi
2019-09-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-09-03Fix ActivityPub context not being dynamically computed (#11746)ThibG
* Fix contexts not being dynamically included Fixes #11649 * Refactor Note context in serializer * Refactor Actor serializer
2019-08-19Fix connect-src policy for TesseractThibaut Girka
2019-08-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/home_controller.rb - app/controllers/shares_controller.rb - app/javascript/packs/public.js - app/models/status.rb - app/serializers/initial_state_serializer.rb - app/views/home/index.html.haml - app/views/layouts/public.html.haml - app/views/public_timelines/show.html.haml - app/views/shares/show.html.haml - app/views/tags/show.html.haml - config/initializers/content_security_policy.rb - config/locales/en.yml - config/webpack/shared.js - package.json
2019-08-19Fix CSP needlessly allowing blob URLs in script-src (#11620)ThibG
2019-08-16Fix media host not being included in connect-src for OCR (#11577)Eugen Rochko
2019-08-15Add OCR tool to media editing modal (#11566)Eugen Rochko
2019-07-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/directories_controller.rb - package.json - yarn.lock
2019-07-30Add whitelist mode (#11291)Eugen Rochko
2019-07-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-07-02Remove unused StatsD code and expose StatsD as a global variable (#11232)Eugen Rochko
The instrumentation code was used for StatsD metrics collection prior to the switch to the nsa gem and should have been removed at that point as it no longer does anything at all
2019-06-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/media_attachment.rb Upstream added audio attachment support - app/serializers/initial_state_serializer.rb Upstream added audio attachment support and how mimetypes are returned - app/serializers/rest/instance_serializer.rb Upstream added a few fields - config/application.rb Upstream added a different paperclip transcoder
2019-06-20Add moderation API (#9387)Eugen Rochko
Fix #8580 Fix #7143
2019-06-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/settings/notifications_controller.rb - app/javascript/packs/public.js - app/views/settings/preferences/show.html.haml - app/views/stream_entries/_simple_status.html.haml - config/locales/simple_form.en.yml - config/locales/simple_form.pl.yml - config/navigation.rb - config/routes.rb
2019-06-07Change preferences page into appearance, notifications, and other (#10977)Eugen Rochko
2019-05-28Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-05-28Fix undefined method error (#10868)Hinaloe
2019-05-28Fix undefined method error. (#10867)mayaeh
2019-05-27Improve rate limiting (#10860)ThibG
* Rate limit based on remote address IP, not on potential reverse proxy * Limit rate of unauthenticated API requests further * Rate-limit paging requests to one every 3 seconds
2019-05-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/media_attachment.rb
2019-05-04Fix CSP when PAPERCLIP_ROOT_URL is set to a different hostThibaut Girka
2019-05-04Fix CSP when dealing with S3 hostsThibaut Girka
2019-05-03Bump rack-attack from 5.4.2 to 6.0.0 (#10599)dependabot[bot]
* Bump rack-attack from 5.4.2 to 6.0.0 Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 5.4.2 to 6.0.0. - [Release notes](https://github.com/kickstarter/rack-attack/releases) - [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md) - [Commits](https://github.com/kickstarter/rack-attack/compare/v5.4.2...v6.0.0) Signed-off-by: dependabot[bot] <support@dependabot.com> * fix payload[:request]
2019-04-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-04-23Fix stoplight logging to stderr separate from Rails logger (#10624)Eugen Rochko
2019-04-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - config/locales/pl.yml Conflict caused by new upstream string too close to glitch-specific “flavour” string. Took both strings.
2019-04-07Add rate limit for media proxy requests (#10490)Eugen Rochko
30 per 30 minutes, like media uploads