From 04ecf44c2f78ae29911027352a3e9fb21187e20c Mon Sep 17 00:00:00 2001
From: Patrick Figel <patrick@figel.email>
Date: Tue, 2 Jan 2018 16:55:00 +0100
Subject: Add confirmation step for email changes (#6071)

* Add confirmation step for email changes

This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.

Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.

Fixes #3871

* Add review fixes
---
 app/controllers/auth/registrations_controller.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index da0b6512f..b8ff4e54f 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -37,6 +37,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController
     new_user_session_path
   end
 
+  def after_update_path_for(_resource)
+    edit_user_registration_path
+  end
+
   def check_enabled_registrations
     redirect_to root_path if single_user_mode? || !allowed_registrations?
   end
-- 
cgit 


From 99f962ba731f67050a914bb5b9a245869531ebd1 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Wed, 3 Jan 2018 04:57:57 +0100
Subject: Allow HTTP caching of json view of public statuses (#6115)

* Allow HTTP caching of json view of public statuses

HTML views are not cached as they can contain private statuses as well

* Disable session cookies for ActivityPub json rendering of public toots
---
 app/controllers/statuses_controller.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index e8a360fb5..c00b9f034 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -10,6 +10,7 @@ class StatusesController < ApplicationController
   before_action :set_link_headers
   before_action :check_account_suspension
   before_action :redirect_to_original, only: [:show]
+  before_action { response.headers['Vary'] = 'Accept' }
 
   def show
     respond_to do |format|
@@ -25,6 +26,12 @@ class StatusesController < ApplicationController
                serializer: ActivityPub::NoteSerializer,
                adapter: ActivityPub::Adapter,
                content_type: 'application/activity+json'
+
+        # Allow HTTP caching for 3 minutes if the status is public
+        unless @stream_entry.hidden?
+          request.session_options[:skip] = true
+          expires_in(3.minutes, public: true)
+        end
       end
     end
   end
-- 
cgit