- 05 Nov, 2021 36 commits
-
-
Eugen Rochko authored
-
Claire authored
-
Claire authored
Up until now, we have used Devise's Rememberable mechanism to re-log users after the end of their browser sessions. This mechanism relies on a signed cookie containing a token. That token was stored on the user's record, meaning it was shared across all logged in browsers, meaning truly revoking a browser's ability to auto-log-in involves revoking the token itself, and revoking access from *all* logged-in browsers. We had a session mechanism that dynamically checks whether a user's session has been disabled, and would log out the user if so. However, this would only clear a session being actively used, and a new one could be respawned with the `remember_user_token` cookie. In practice, this caused two issues: - sessions could be revived after being closed from /auth/edit (security issue) - auto-log-in would be disabled for *all* browsers after logging out from one of them This PR removes the `remember_token` mechanism and treats the `_session_id` cookie/token as a browser-specific `remember_token`, fixing both issues.
-
Claire authored
Broken since #15827
-
Claire authored
* Add tests * Fix user email address being banned on self-deletion Fixes #16498
-
Claire authored
* Refactor shouldUpdateScroll passing So far, shouldUpdateScroll has been manually passed down from the very top of the React component hierarchy even though it is a static function common to all ScrollContainer instances, so replaced that with a custom class extending ScrollContainer. * Generalize “press back to close modal” to any modal and to public pages * Fix boost confirmation modal closing media modal
-
Claire authored
* Change references to tootsuite/mastodon to mastodon/mastodon * Remove obsolete test fixture * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG And a few other places
-
Claire authored
Fixes #16435
-
Claire authored
-
Claire authored
* Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes
-
Claire authored
* Fix WebUI crash when a toot with a playing video gets deleted * Fix pop-up player not closing the moment a status is deleted
-
Claire authored
* Add tests * Fix serialization of followers/following counts when user hides their network Fixes #16382 Signed-off-by:
Claire <claire.github-309c@sitedethib.com>
-
Claire authored
The auto-linking code basically rewrote the whole string escaping non-ascii characters in an inefficient way, and building a full character offset map between the unescaped and escaped texts before sending the contents to TwitterText's extractor. Instead of doing that, this commit changes the TwitterText regexps to include valid IRI characters in addition to valid URI characters.
-
Claire authored
* Do not block existing users' emails on self-destruct That is wasteful and unintuitive * Do not close registrations when running tootctl self-destruct with --dry-run * Close registrations on self-destruct regardless of known remote accounts * Fix tootctl self-destruct not sending Deletes for recently-suspended accounts * Suspend local users even if no remote account is known * Do not show scary confirmation text if ran with --dry-run
-
Claire authored
Fixes #16509 Microsoft Edge with translation enabled rewrites the DOM in ways that confuse react and prevent it from working properly. Wrapping the offending parts in a span avoids this issue.
-
Claire authored
Fixes #16687
-
Claire authored
Saves about 10MiB of memory usage at boot
-
Claire authored
Follow-up to #16510, forgot the controller exposing the actual followers…
-
Eugen Rochko authored
-
Claire authored
-
Eugen Rochko authored
List various values like file size limits and supported mime types
-
Jeong Arm authored
-
Jeong Arm authored
-
Claire authored
In order to work around https://github.com/mastodon/mastodon/issues/16895, add a warning to .env.production.sample, and change the mastodon:setup rake task to: - output a warning if a variable will be interpreted differently by dotenv and docker-compose - ensure the printed config is compatible with docker-compose
-
Claire authored
* Add tests * Fix some link previews being incorrectly generated from different prior links PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can be guessed from the URL. This caching mechanism is not perfectly correct as there is no guarantee that all pages from a given domain share the same OEmbed provider endpoint. This PR prevents the FetchOEmbedService from caching OEmbed endpoint that cannot be generalized by replacing a fully-qualified URL from the endpoint's parameters, greatly reducing the number of incorrect cached generalizations.
-
Claire authored
* Add tests * Fix scheduled statuses decreasing statuses counts Fixes #16774
-
Claire authored
* Add tests * Fix webauthn secure key authentication Fixes #16769
-
Holger authored
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
-
Claire authored
Fixes #16699
-
Claire authored
Fixes #16602
-
Claire authored
* Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
-
Claire authored
* Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended
-
Claire authored
* Add test * Fix crash when encountering invalid account fields
-
Takeshi Umeda authored
-
Takeshi Umeda authored
-
Claire authored
* Fix newlines in account notes added by the move handler * Make MoveWorker more robust
-
- 03 Jun, 2021 1 commit
-
-
Eugen Rochko authored
-
- 02 Jun, 2021 3 commits
-
-
Eugen Rochko authored
* New translations en.yml (Galician) [ci skip] * New translations activerecord.en.yml (Galician) [ci skip] * New translations en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (Chinese Traditional) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations devise.en.yml (Swedish) [ci skip] * New translations doorkeeper.en.yml (Swedish) [ci skip] * New translations en.json (Dutch) [ci skip] * New translations en.json (Dutch) [ci skip] * New translations en.yml (Dutch) [ci skip] * New translations simple_form.en.yml (Dutch) [ci skip] * New translations activerecord.en.yml (Dutch) [ci skip] * New translations doorkeeper.en.yml (Dutch) [ci skip] * New translations en.json (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.json (Swedish) [ci skip] * New translations en.json (Swedish) [ci skip] * New translations en.json (Swedish) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (French) [ci skip] * New translations en.yml (French) [ci skip] * New translations en.yml (Romanian) [ci skip] * New translations en.yml (Norwegian Nynorsk) [ci skip] * New translations en.yml (Welsh) [ci skip] * New translations en.yml (Telugu) [ci skip] * New translations en.yml (Malay) [ci skip] * New translations en.yml (Hindi) [ci skip] * New translations en.yml (Latvian) [ci skip] * New translations en.yml (Estonian) [ci skip] * New translations en.yml (Kazakh) [ci skip] * New translations en.yml (Croatian) [ci skip] * New translations en.yml (Uyghur) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations en.yml (Marathi) [ci skip] * New translations en.yml (Bengali) [ci skip] * New translations en.yml (Spanish, Mexico) [ci skip] * New translations en.yml (Spanish, Argentina) [ci skip] * New translations en.yml (Tamil) [ci skip] * New translations en.yml (Persian) [ci skip] * New translations en.yml (Esperanto) [ci skip] * New translations en.yml (Chinese Traditional, Hong Kong) [ci skip] * New translations en.yml (Portuguese, Brazilian) [ci skip] * New translations en.yml (Sorani (Kurdish)) [ci skip] * New translations en.yml (Silesian) [ci skip] * New translations en.yml (Taigi) [ci skip] * New translations en.yml (Ido) [ci skip] * New translations en.yml (Kabyle) [ci skip] * New translations en.yml (Sanskrit) [ci skip] * New translations en.yml (Sardinian) [ci skip] * New translations en.yml (Corsican) [ci skip] * New translations en.yml (Serbian (Latin)) [ci skip] * New translations en.yml (Tatar) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.yml (Asturian) [ci skip] * New translations en.yml (Scottish Gaelic) [ci skip] * New translations en.yml (Kannada) [ci skip] * New translations en.yml (Cornish) [ci skip] * New translations en.yml (Sinhala) [ci skip] * New translations en.yml (Breton) [ci skip] * New translations en.yml (Malayalam) [ci skip] * New translations en.yml (Indonesian) [ci skip] * New translations en.yml (Icelandic) [ci skip] * New translations en.yml (Greek) [ci skip] * New translations en.yml (Italian) [ci skip] * New translations en.yml (Armenian) [ci skip] * New translations en.yml (Hungarian) [ci skip] * New translations en.yml (Hebrew) [ci skip] * New translations en.yml (Finnish) [ci skip] * New translations en.yml (Basque) [ci skip] * New translations en.yml (German) [ci skip] * New translations en.yml (Korean) [ci skip] * New translations en.yml (Danish) [ci skip] * New translations en.yml (Czech) [ci skip] * New translations en.yml (Catalan) [ci skip] * New translations en.yml (Bulgarian) [ci skip] * New translations en.yml (Arabic) [ci skip] * New translations en.yml (Afrikaans) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Georgian) [ci skip] * New translations en.yml (Lithuanian) [ci skip] * New translations en.yml (Galician) [ci skip] * New translations en.yml (Serbian (Cyrillic)) [ci skip] * New translations en.yml (Vietnamese) [ci skip] * New translations en.yml (Urdu (Pakistan)) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Ukrainian) [ci skip] * New translations en.yml (Turkish) [ci skip] * New translations en.yml (Albanian) [ci skip] * New translations en.yml (Macedonian) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Slovak) [ci skip] * New translations en.yml (Russian) [ci skip] * New translations en.yml (Portuguese) [ci skip] * New translations en.yml (Polish) [ci skip] * New translations en.yml (Punjabi) [ci skip] * New translations en.yml (Norwegian) [ci skip] * New translations en.yml (Standard Moroccan Tamazight) [ci skip] * Update source file en.yml [ci skip] * New translations en.yml (French) [ci skip] * New translations en.yml (French) [ci skip] * New translations en.yml (French) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Polish) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations en.json (Lithuanian) [ci skip] * New translations en.json (Lithuanian) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations en.json (Korean) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Chinese Simplified) [ci skip] * New translations devise.en.yml (Chinese Simplified) [ci skip] * New translations doorkeeper.en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Chinese Simplified) [ci skip] * New translations en.json (Portuguese) [ci skip] * New translations en.json (Malayalam) [ci skip] * New translations en.json (Malayalam) [ci skip] * New translations en.json (Persian) [ci skip] * New translations en.yml (Persian) [ci skip] * New translations en.json (Chinese Traditional) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations en.json (Chinese Traditional) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations simple_form.en.yml (Chinese Traditional) [ci skip] * New translations activerecord.en.yml (Chinese Traditional) [ci skip] * New translations devise.en.yml (Chinese Traditional) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations simple_form.en.yml (Chinese Traditional) [ci skip] * New translations doorkeeper.en.yml (Chinese Traditional) [ci skip] * New translations devise.en.yml (Chinese Traditional) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations en.json (Croatian) [ci skip] * New translations en.json (Telugu) [ci skip] * New translations en.json (Malay) [ci skip] * New translations en.json (Hindi) [ci skip] * New translations en.json (Latvian) [ci skip] * New translations en.json (Estonian) [ci skip] * New translations en.json (Kazakh) [ci skip] * New translations en.json (Norwegian Nynorsk) [ci skip] * New translations en.json (Marathi) [ci skip] * New translations en.json (Esperanto) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Tamil) [ci skip] * New translations en.json (Portuguese, Brazilian) [ci skip] * New translations en.json (Welsh) [ci skip] * New translations en.json (Uyghur) [ci skip] * New translations en.json (Urdu (Pakistan)) [ci skip] * New translations en.json (Sorani (Kurdish)) [ci skip] * New translations en.json (Silesian) [ci skip] * New translations en.json (Taigi) [ci skip] * New translations en.json (Ido) [ci skip] * New translations en.json (Kabyle) [ci skip] * New translations en.json (Sanskrit) [ci skip] * New translations en.json (Sardinian) [ci skip] * New translations en.json (Serbian (Latin)) [ci skip] * New translations en.json (Chinese Traditional, Hong Kong) [ci skip] * New translations en.json (Occitan) [ci skip] * New translations en.json (Asturian) [ci skip] * New translations en.json (Kannada) [ci skip] * New translations en.json (Cornish) [ci skip] * New translations en.json (Sinhala) [ci skip] * New translations en.json (Breton) [ci skip] * New translations en.json (Tatar) [ci skip] * New translations en.json (Romanian) [ci skip] * New translations en.json (Thai) [ci skip] * New translations en.json (Persian) [ci skip] * New translations en.json (Arabic) [ci skip] * New translations en.json (Afrikaans) [ci skip] * New translations en.json (Bulgarian) [ci skip] * New translations en.json (Serbian (Cyrillic)) [ci skip] * New translations en.json (Macedonian) [ci skip] * New translations en.json (Slovenian) [ci skip] * New translations en.json (Slovak) [ci skip] * New translations en.json (Punjabi) [ci skip] * New translations en.json (Norwegian) [ci skip] * New translations en.json (Georgian) [ci skip] * New translations en.json (Armenian) [ci skip] * New translations en.json (Hebrew) [ci skip] * New translations en.json (Finnish) [ci skip] * New translations en.json (Greek) [ci skip] * New translations en.json (Standard Moroccan Tamazight) [ci skip] * New translations simple_form.en.yml (Scottish Gaelic) [ci skip] * New translations en.yml (Scottish Gaelic) [ci skip] * New translations activerecord.en.yml (Scottish Gaelic) [ci skip] * New translations en.yml (Scottish Gaelic) [ci skip] * New translations simple_form.en.yml (Scottish Gaelic) [ci skip] * New translations doorkeeper.en.yml (Scottish Gaelic) [ci skip] * New translations en.json (Scottish Gaelic) [ci skip] * New translations devise.en.yml (Scottish Gaelic) [ci skip] * New translations en.yml (Spanish, Argentina) [ci skip] * New translations en.json (Spanish, Argentina) [ci skip] * New translations simple_form.en.yml (Spanish, Argentina) [ci skip] * New translations activerecord.en.yml (Spanish, Argentina) [ci skip] * New translations doorkeeper.en.yml (Spanish, Argentina) [ci skip] * New translations en.json (Thai) [ci skip] * i18n-tasks normalize * yarn manage:translations Co-authored-by:
Yamagishi Kazutoshi <ykzts@desire.sh>
-
Eugen Rochko authored
* Fix e-mail confirmations API not working correctly * Fix typo
-
Claire authored
* Fix migration script not being able to run if it fails midway * Fix old migration script * Fix old migration script * Refactor CorruptionError
-