1. 03 Feb, 2022 1 commit
  2. 02 Feb, 2022 9 commits
  3. 31 Jan, 2022 10 commits
  4. 26 Nov, 2021 11 commits
  5. 06 Nov, 2021 2 commits
  6. 05 Nov, 2021 7 commits
    • Eugen Rochko's avatar
      Bump version to 3.4.2 · 8a74d851
      Eugen Rochko authored
      8a74d851
    • Claire's avatar
      76c20288
    • Claire's avatar
      Fix reviving revoked sessions and invalidating login (#16943) · 3251b8ee
      Claire authored
      Up until now, we have used Devise's Rememberable mechanism to re-log users
      after the end of their browser sessions. This mechanism relies on a signed
      cookie containing a token. That token was stored on the user's record,
      meaning it was shared across all logged in browsers, meaning truly revoking
      a browser's ability to auto-log-in involves revoking the token itself, and
      revoking access from *all* logged-in browsers.
      
      We had a session mechanism that dynamically checks whether a user's session
      has been disabled, and would log out the user if so. However, this would only
      clear a session being actively used, and a new one could be respawned with
      the `remember_user_token` cookie.
      
      In practice, this caused two issues:
      - sessions could be revived after being closed from /auth/edit (security issue)
      - auto-log-in would be disabled for *all* browsers after logging out from one
        of them
      
      This PR removes the `remember_token` mechanism and treats the `_sess...
      3251b8ee
    • Claire's avatar
      Fix handling announcements with links (#16941) · f60bb078
      Claire authored
      Broken since #15827
      f60bb078
    • Claire's avatar
      Fix user email address being banned on self-deletion (#16503) · c3a6f7b9
      Claire authored
      * Add tests
      
      * Fix user email address being banned on self-deletion
      
      Fixes #16498
      c3a6f7b9
    • Claire's avatar
      Improve modal flow and back button handling (#16499) · 986397b3
      Claire authored
      * Refactor shouldUpdateScroll passing
      
      So far, shouldUpdateScroll has been manually passed down from the very top of
      the React component hierarchy even though it is a static function common to
      all ScrollContainer instances, so replaced that with a custom class extending
      ScrollContainer.
      
      * Generalize “press back to close modal” to any modal and to public pages
      
      * Fix boost confirmation modal closing media modal
      986397b3
    • Claire's avatar
      Change references to tootsuite/mastodon to mastodon/mastodon (#16491) · c79d4711
      Claire authored
      * Change references to tootsuite/mastodon to mastodon/mastodon
      
      * Remove obsolete test fixture
      
      * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG
      
      And a few other places
      c79d4711