aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fix-31996-radio-buttons
renovate/tesseract.js-6.x-lockfile
main
features/quote-posts
fix-32750-filter-post-bugs
security-notice
stable-4.2-eol
stable-4.1-eol
refactor-action-bar
refactor-action-bar-types
renovate/aws-sdk-s3-1.x-lockfile
features/numeric-identifiers
refactor-favourites-bookmarks
refactor-followed-hashtags
renovate/express-5.x
renovate/glob-11.x
stable-4.1
stable-4.2
stable-4.3
fix-alt-text-focal-spring
MAS-80-webpack-to-vite
MAS-351-featured-tab
remove-rails-delegate
fixes/followers-synchronization-double-check
debug/ghost-followers-synchronization
feature-streaming-profile
feature-starter-packs
renovate/major-react-monorepo
fixes/account-note
fixes/recheck-suspensions
refactor-accounts-map
feat/fasp_trends
feat/fasp_account_search
updates/vips
features/split-in-app-notif
refactor/modal-stack
tests/media-description-modal
fixes/out-of-order-private-posts
fixes/thread-resolve-worker-skip_fetching
renovate/immutable-5.x
renovate/react-test-renderer-19.x
replace-oj-with-json
refactor-status-content-typescript
fixes/embed-requestAnimationFrame
features/lock-icon-on-hover-card
feature-admin-report-forward
feature-reports-batch-actions
fix-admin-dashboard-slow
fix-future-date-trend
redesign/content-warning-filters-4.3
fixes/filtered-follows
remove/trendable-provider-attribution
activitypub/summary-over-name
build-stable-nightly
fixes/notification-excerpt-paragraph
fixes/mastodon-setup-task-redis
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
fixes/detect-missing-indexes2
cleanup/simplify-css
feature-post-layout
features/media-description-in-embedded-status
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.18
v4.2.19
v4.2.2
v4.2.20
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '18b885ee3a'
${ noResults }
mastodon/app
History
Claire 6da135a493
Fix reviving revoked sessions and invalidating login (#16943) 
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
 		3 years ago
..
chewy Change `tootctl search deploy` algorithm (#14300) 5 years ago
controllers Fix reviving revoked sessions and invalidating login (#16943) 3 years ago
helpers Add Northern Kurdish locale as requested by translator. It already has a project started on Crowdin. (#16548) 4 years ago
javascript ran `yarn manage:translations en` (#16912) 3 years ago
lib Add support for structured data and more OpenGraph tags to link cards (#16938) 3 years ago
mailers Prepare Mastodon for Rails 6 (#15911) 4 years ago
models Fix reviving revoked sessions and invalidating login (#16943) 3 years ago
policies Add ability to skip sign-in token authentication for specific users (#16427) 4 years ago
presenters Add graphs and retention metrics to admin dashboard (#16829) 4 years ago
serializers Add graphs and retention metrics to admin dashboard (#16829) 4 years ago
services Add support for structured data and more OpenGraph tags to link cards (#16938) 3 years ago
validators Minor memory optimizations (#16507) 4 years ago
views Add graphs and retention metrics to admin dashboard (#16829) 4 years ago
workers Fix AccountNote not having a maximum length (#16942) 3 years ago