From 12f8f39e257e1b628d005d67dc0080d287a873eb Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Sat, 22 May 2021 15:00:33 +0200
Subject: Fix media proxy RedisLocks auto-releasing too fast (#16291)

Follow-up to #16276
---
 app/controllers/media_proxy_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb
index 1b610318d..5596e92d1 100644
--- a/app/controllers/media_proxy_controller.rb
+++ b/app/controllers/media_proxy_controller.rb
@@ -45,7 +45,7 @@ class MediaProxyController < ApplicationController
   end
 
   def lock_options
-    { redis: Redis.current, key: "media_download:#{params[:id]}" }
+    { redis: Redis.current, key: "media_download:#{params[:id]}", autorelease: 15.minutes.seconds }
   end
 
   def reject_media?
-- 
cgit 


From 5ef216d032469aa38c437b57a3871d5c3d992549 Mon Sep 17 00:00:00 2001
From: Jeong Arm <kjwonmail@gmail.com>
Date: Mon, 31 May 2021 00:57:47 +0900
Subject: Remove set-cookie header on custom.css (#16314)

* Remove set-cookie header on custom.css

* Additional fix for set-cookie
---
 app/controllers/custom_css_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/custom_css_controller.rb b/app/controllers/custom_css_controller.rb
index 0a667a6a6..e1dc5eaf6 100644
--- a/app/controllers/custom_css_controller.rb
+++ b/app/controllers/custom_css_controller.rb
@@ -3,11 +3,16 @@
 class CustomCssController < ApplicationController
   skip_before_action :store_current_location
   skip_before_action :require_functional!
+  skip_before_action :update_user_sign_in
+  skip_before_action :set_session_activity
+
+  skip_around_action :set_locale
 
   before_action :set_cache_headers
 
   def show
     expires_in 3.minutes, public: true
+    request.session_options[:skip] = true
     render plain: Setting.custom_css || '', content_type: 'text/css'
   end
 end
-- 
cgit 


From 3b27b09acbbcd5ad920da68cbcfb30eafa792fa5 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Mon, 31 May 2021 22:59:30 +0200
Subject: Fix some IDs in instance actor outbox (#16343)

---
 app/controllers/activitypub/outboxes_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index 111285036..4a52560ac 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -29,7 +29,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
       )
     else
       ActivityPub::CollectionPresenter.new(
-        id: account_outbox_url(@account),
+        id: outbox_url,
         type: :ordered,
         size: @account.statuses_count,
         first: outbox_url(page: true),
@@ -47,11 +47,11 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   end
 
   def next_page
-    account_outbox_url(@account, page: true, max_id: @statuses.last.id) if @statuses.size == LIMIT
+    outbox_url(page: true, max_id: @statuses.last.id) if @statuses.size == LIMIT
   end
 
   def prev_page
-    account_outbox_url(@account, page: true, min_id: @statuses.first.id) unless @statuses.empty?
+    outbox_url(page: true, min_id: @statuses.first.id) unless @statuses.empty?
   end
 
   def set_statuses
-- 
cgit 


From 1410dffdf415223932767a15324b7e4cd87e3ca8 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 2 Jun 2021 21:07:50 +0200
Subject: Fix e-mail confirmations API not working correctly (#16348)

* Fix e-mail confirmations API not working correctly

* Fix typo
---
 app/controllers/api/v1/emails/confirmations_controller.rb | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/api/v1/emails/confirmations_controller.rb b/app/controllers/api/v1/emails/confirmations_controller.rb
index 4a7aa9c32..f1d9954d0 100644
--- a/app/controllers/api/v1/emails/confirmations_controller.rb
+++ b/app/controllers/api/v1/emails/confirmations_controller.rb
@@ -3,12 +3,11 @@
 class Api::V1::Emails::ConfirmationsController < Api::BaseController
   before_action :doorkeeper_authorize!
   before_action :require_user_owned_by_application!
+  before_action :require_user_not_confirmed!
 
   def create
-    if !current_user.confirmed? && current_user.unconfirmed_email.present?
-      current_user.update!(email: params[:email]) if params.key?(:email)
-      current_user.resend_confirmation_instructions
-    end
+    current_user.update!(email: params[:email]) if params.key?(:email)
+    current_user.resend_confirmation_instructions
 
     render_empty
   end
@@ -18,4 +17,8 @@ class Api::V1::Emails::ConfirmationsController < Api::BaseController
   def require_user_owned_by_application!
     render json: { error: 'This method is only available to the application the user originally signed-up with' }, status: :forbidden unless current_user && current_user.created_by_application_id == doorkeeper_token.application_id
   end
+
+  def require_user_not_confirmed!
+    render json: { error: 'This method is only available while the e-mail is awaiting confirmation' }, status: :forbidden if current_user.confirmed? || current_user.unconfirmed_email.blank?
+  end
 end
-- 
cgit