aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,111 Commits
120 Branches
265 Tags
1004 MiB
renovate/aws-sdk-s3-1.x-lockfile
renovate/sass-1.x-lockfile
more-explicit-fediverse-actor
redesign/content-warning-filters
main
stable-4.3
remove/trendable-provider-attribution
activitypub/summary-over-name
renovate/definitelytyped-types-(non-major)
renovate/pino-9.x-lockfile
renovate/rubocop-(non-major)
renovate/reduxjs-toolkit-2.x-lockfile
renovate/eslint-(non-major)
renovate/major-react-monorepo
build-stable-nightly
stable-4.2
fixes/notification-excerpt-paragraph
stable-4.1
renovate/ubuntu-24.x
fixes/mastodon-setup-task-redis
fixes/out-of-order-private-posts
renovate/mime-types-3.x
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
renovate/express-5.x
renovate/major-formatjs-monorepo
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
cleanup/remove-old-notifications
renovate/omniauth-packages
fixes/detect-missing-indexes2
cleanup/simplify-css
renovate/glob-11.x
feature-post-layout
features/media-description-in-embedded-status
fixes/different-strings-private-messages
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
fixes/thread-resolve-worker-skip_fetching
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
fixes/delivery-to-suspended-accounts
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c008911249'
${ noResults }
Commit Graph

58 Commits (c008911249a2fc0efaf22b83e51ea8510e67acac)

Author SHA1 Message Date
Eugen Rochko 8b69a66380 Add "why do you want to join" field to invite requests (#10524) 
* Add "why do you want to join" field to invite requests

Fix #10512

* Remove unused translations

* Fix broken registrations when no invite request text is submitted
 6 years ago
Eugen Rochko 51e154f5e8
Admission-based registrations mode (#10250) 
Fix #6856
Fix #6951
 6 years ago
ThibG 67215692fc Save IP address used for sign-up, not only sign-in (#10026) 
Fixes #9995
 6 years ago
Eugen Rochko 5d2fc6de32
Add REST API for creating an account (#9572) 
* Add REST API for creating an account

The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.

The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.

The method is rate-limited by IP to 5 requests per 30 minutes.

* Redirect users back to app from confirmation if they were created with an app

* Add tests

* Return 403 on the method if registrations are not open

* Require agreement param to be true in the API when creating an account
 6 years ago
Eugen Rochko 5c8e7f0e1d
Revert "feat(auth/session_controller): Send Clear-Site-Data when logging out (8627)" (#9161) 
This reverts commit 10680f93e7.
 6 years ago
ThibG 215e649391 Fix styling in /auth/edit (#9117) 6 years ago
luzpaz 40dd19be37 Misc. typos (#8694) 
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
 6 years ago
Eugen Rochko 2288d50a7b
Add force_login option to OAuth authorize page (#8655) 
* Add force_login option to OAuth authorize page

For when a user needs to sign into an app from multiple accounts
on the same server

* When logging out from modal header, redirect back after re-login
 6 years ago
Sorin Davidoi 10680f93e7 feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627) 
Will clear the browser's cache, cookies and storage.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
https://w3c.github.io/webappsec-clear-site-data/
 6 years ago
Eugen Rochko 2f34b747b3
Allow mods to disable login, improve message when login disabled (#8329) 
* Allow moderators to disable/enable login

* Instead of rejecting login, show forbidden error when login disabled

Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.

* Fix tests
 6 years ago
Eugen Rochko 60df87f6f0
Compensate for scrollbar disappearing when media modal visible (#8100) 
* Compensate for scrollbar disappearing when media modal visible

Make auth pages backgrounds lighter

* Fix typo
 6 years ago
Eugen Rochko baff4a7ce0
If signed in, redirect autofollow invite to profile page (#7956) 
Fix #7944
 6 years ago
Shuhei Kitagawa 7f59206944 Replace bypass option with bypass_sign_in (#7867) 6 years ago
Eugen Rochko ca85658975
Add autofollow option to invites (#7805) 
* Add autofollow option to invites

* Trigger CodeClimate rebuild
 6 years ago
Eugen Rochko a29d409e20
If login redirects to omniauth, redirect logout to root_path (#6694) 
Fix #6670
 7 years ago
Eugen Rochko 47bdb9b33b
Fix #942: Seamless LDAP login (#6556) 7 years ago
Ghislain Loaec e668180044 New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540) 7 years ago
Eugen Rochko 26f21fd5a0
CAS + SAML authentication feature (#6425) 
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
 7 years ago
Alexander 04fef7b888 pam authentication (#5303) 
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
 7 years ago
Patrick Figel 04ecf44c2f Add confirmation step for email changes (#6071) 
* Add confirmation step for email changes

This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.

Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.

Fixes #3871

* Add review fixes
 7 years ago
Eugen Rochko 38fc1b498d
Add more instance stats APIs (#6125) 
* Add GET /api/v1/instance/peers API to reveal known domains

* Add GET /api/v1/instance/activity API

* Make new APIs disableable, exclude private statuses from activity stats

* Fix code style issue

* Fix week timestamps
 7 years ago
Eugen Rochko 740f8a95a9
Add consumable invites (#5814) 
* Add consumable invites

* Add UI for generating invite codes

* Add tests

* Display max uses and expiration in invites table, delete invite

* Remove unused column and redundant validator

- Default follows not used, probably bad idea
- InviteCodeValidator is redundant because RegistrationsController
  checks invite code validity

* Add admin setting to disable invites

* Add admin UI for invites, configurable role for invite creation

- Admin UI that lists everyone's invites, always available
- Admin setting min_invite_role to control who can invite people
- Non-admin invite UI only visible if users are allowed to

* Do not remove invites from database, expire them instantly
 7 years ago
Eugen Rochko 3e90987c8b Fix some rubocop style issues (#5730) 7 years ago
Yamagishi Kazutoshi dc91fd482a Set InstancePresenter to `Auth::RegistrationsController#create` (#5366) 7 years ago
takayamaki 552d22bec9 sign_in and sign_up views present og meta infos (#5308) 7 years ago
Eugen Rochko 7d7844a47f Default follows for new users (#4871) 
When a new user confirms their e-mail, bootstrap their home timeline
by automatically following a set of accounts. By default, all local
admin accounts (that are unlocked). Can be customized by new admin
setting (comma-separated usernames, local and unlocked only)
 7 years ago
nullkal dfcd2834f9 Redirect to PasswordController#new when reset_password_token is invalid (#4506) 7 years ago
Eugen Rochko f7301bd5b9 Add overview of active sessions (#3929) 
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test
 7 years ago
René Klačan dcf0530218 Make sure email is case insensitive on all places (#3688) 
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.

More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
 7 years ago
unarist ecef03bb15 Fix empty flash message on the settings page (#3345) 7 years ago
Akinori MUSHA f6a93fc150 Go to root after login in single user mode (#3289) 
In single user mode, visitors are redirected to the single user's
profile page.  So, if you are the owner without a session, you start
from that page, click the login button and authenticate yourself
expecting you'll soon get started with the home page, but in reality
you'll get redirected back to where you started from -- your own
profile page.

This fixes the behavior by redirecting you home after login if you
have started from your own profile page.
 8 years ago
Eugen Rochko 2ca1f0737a Fix Devise destroy method being available to delete user record (#3266) 
(You may think that we need account deletions, but this way would've just orphaned the db records)
 8 years ago
Matt Jankowski 268dd32d76 Auth sign out (#2511) 
* Add a spec for signing out

* Add spec showing that suspended user gets a 403 forbidden on sign out

* Allow suspended account users to sign out
 8 years ago
yhirano 3988f2dade Fix Rubocop offences (#2630) 
* disable Bundler/OrderedGems

* fix rubocop Lint/UselessAssignment

* fix rubocop Style/BlockDelimiters

* fix rubocop Style/AlignHash

* fix rubocop Style/AlignParameters, Style/EachWithObject

* fix rubocop Style/SpaceInLambdaLiteral
 8 years ago
Matt Jankowski b48f2cbc8b Catch error when server decryption fails on 2FA (#2512) 8 years ago
saturday06 d87ee1167e Assign user locale on signup (#1982) 8 years ago
Marcin Cieślak 1c8477eab2 Give SINGLE_USER a chance to register (#1820) 
An attempt to open a brand new Mastodon instance configured
as SINGLE_USER_MODE=true will cause an exception.

Enable temporary registration if we have no users in the database

Fixes #1817
 8 years ago
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773) 
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
 8 years ago
Eugen Rochko 5f54981846 New admin setting: open/close registrations, with custom message, from the admin UI 8 years ago
Eugen d96e031dfc Fix #611 - Layout setting in registrations controller 8 years ago
Eugen Rochko 23b997ae55 Split 2FA login into two prompts 8 years ago
Eugen Rochko f4bc9620a9 Update settings to re-use admin layout, one big navigation tree, improve settings forms 8 years ago
Eugen Rochko ba192f12e3 Added optional two-factor authentication 8 years ago
Eugen Rochko 1bbcd71cd4 Fix #390 - fix redirect after sign-up (to login page instead of homepage) 8 years ago
Eugen Rochko 1357c1cb3d Add single user mode 8 years ago
Eugen Rochko fdc17bea58 Fix rubocop issues, introduce usage of frozen literal to improve performance 8 years ago
Eugen Rochko 33f7e1cf99 Shorten rendered links (strip protocol and www, truncate to 30 chars), redirect 
to sign in page after sign up instead of root path which redirects to /about
 8 years ago
Eugen Rochko fc198a8b4c Adding e-mail confirmations 8 years ago
Eugen Rochko a0f85774c4 Redirect after sign in to previous page (unless it's a sign in/up/etc page) 8 years ago
Eugen Rochko 927333f4f8 Improve code style 8 years ago