David Yip
c08c971dd3
Merge remote-tracking branch 'origin/master' into merge-upstream
...
Conflicts:
README.md
app/controllers/follower_accounts_controller.rb
app/controllers/following_accounts_controller.rb
app/serializers/rest/instance_serializer.rb
app/views/stream_entries/_simple_status.html.haml
config/locales/simple_form.ja.yml
2018-03-02 21:46:44 -06:00
Alexander
988f6505e4
fix logic for pam_controlled_service ( #6599 )
2018-03-02 19:02:50 +01:00
Eugen Rochko
9721b7746a
Fix #942 : Seamless LDAP login ( #6556 )
2018-02-28 19:04:53 +01:00
Akihiko Odaki
a5a434a8f6
Raise Mastodon::HostValidationError when host for HTTP request is private ( #6410 )
2018-02-24 19:16:11 +01:00
imncls
c0aabbec0f
Merge branch 'master' of https://github.com/tootsuite/mastodon
...
# Conflicts:
# app/controllers/settings/exports_controller.rb
# app/models/media_attachment.rb
# app/models/status.rb
# app/views/about/show.html.haml
# docker_entrypoint.sh
# spec/views/about/show.html.haml_spec.rb
2018-02-23 23:28:31 +09:00
Ghislain Loaec
d1806f5dc4
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) ( #6540 )
2018-02-23 01:16:17 +01:00
Ghislain Loaec
deea524052
New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 ( #6538 )
2018-02-22 23:31:25 +01:00
Eugen Rochko
2815ef6d7f
Fix #6509 : Use pull queue for chewy jobs ( #6513 )
2018-02-20 17:25:16 +01:00
Jenkins
bcd435effe
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-02-11 23:17:11 +00:00
Daniel King
845ea13622
Fix URLs incorrectly having trailing hyphen removed ( #6465 )
...
In cases where a URL has a trailing hyphen the FetchLinkCardService incorrectly removes the hyphen when it is parsed
The hyphen is not a reserved character in the URI spec https://tools.ietf.org/html/rfc3986#section-2.2
2018-02-11 23:49:18 +01:00
Eugen Rochko
cd925c11e3
Fix Chewy trying to update index with the wrong strategy ( #6464 )
2018-02-11 22:59:44 +01:00
Jenkins
3a1f58e9eb
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-02-11 04:10:16 +00:00
Eugen Rochko
7ca5a06505
Full-text search for authorized statuses ( #6423 )
...
* Add full-text search for authorized statuses
- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index
Fix #5880
Fix #4293
Fix #1152
* Add commented out docker-compose configuration for ES container
* Optimize index import, filter search results
* Add basic normalization to the index
* Add better stemming and normalization to the index
* Skip webfinger request if search query includes both @ and a space
* Fix code style
* Visually separate search result sections
* Fix code style issues
2018-02-09 23:04:47 +01:00
David Yip
4f8122a98c
Merge remote-tracking branch 'origin/master' into merge-upstream
...
Conflicts:
.env.production.sample
app/controllers/auth/confirmations_controller.rb
db/schema.rb
2018-02-04 16:36:19 -06:00
Eugen Rochko
555e7205da
Make PAM gem optional, allow configuration over environment ( #6415 )
2018-02-04 15:05:53 +01:00
Eugen Rochko
5322013f25
CAS + SAML authentication feature ( #6425 )
...
* Cas authentication feature
* Config
* Remove class_eval + Omniauth initializer
* Codeclimate review
* Codeclimate review 2
* Codeclimate review 3
* Remove uid/email reconciliation
* SAML authentication
* Clean up code
* Improve login form
* Fix code style issues
* Add locales
2018-02-04 05:42:13 +01:00
David Yip
6d1023b2e9
Merge remote-tracking branch 'tootsuite/master' into merge-upstream
...
Conflicts:
app/javascript/styles/mastodon/components.scss
2018-02-02 08:39:52 -06:00
Alexander
23ce0c86da
pam authentication ( #5303 )
...
* add pam support, without extra column
* bugfixes for pam login
* document options
* fix code style
* fix codestyle
* fix tests
* don't call remember_me without password
* fix codestyle
* improve checks for pam usage (should fix tests)
* fix remember_me part 1
* add remember_token column because :rememberable requires either a password or this column.
* migrate db for remember_token
* move pam_authentication to the right place, fix logic bug in edit.html.haml
* fix tests
* fix pam authentication, improve username lookup, add comment
* valid? is sometimes not honored, return nil instead trying to authenticate with pam
* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests
* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user
* codeconvention fixes
* code convention fixes
* fix idention
* update dependency, explicit conflict check
* fix disabled password updates if in pam mode
* fix check password if password is present, fix templates
* block registration if account is maintained by pam
* Revert "block registration if account is maintained by pam"
This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.
* fix identation error introduced by rebase
* block usernames maintained by pam
* document pam settings better
* fix code style
2018-02-02 10:18:55 +01:00
David Yip
de7283a318
Merge remote-tracking branch 'origin/master' into gs-master
...
Conflicts:
Gemfile.lock
2018-01-15 22:17:48 -06:00
Eugen Rochko
9613c3238c
HTML e-mails for UserMailer ( #6256 )
...
- premailer gem to turn CSS into inline styles automatically
- rework UserMailer templates
- reword UserMailer templates
2018-01-16 03:29:11 +01:00
Jenkins
6e821c4273
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-01-15 06:17:15 +00:00
Patrick Figel
2a27afc656
Suppress CSRF token warnings ( #6240 )
...
CSRF token checking was enabled for API controllers in #6223 ,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.
This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
2018-01-15 06:51:23 +01:00
David Yip
1a7f8eb723
Merge remote-tracking branch 'origin/master' into merge-upstream
...
Conflicts:
db/schema.rb
2018-01-09 14:16:45 -06:00
Eugen Rochko
b7b0f630a0
Increase rate limit on protected paths ( #6229 )
...
Previously each protected path had a separate rate limit. Now they're all in the same bucket, so people are more likely to hit one with register->login. Increasing to 25 per 5 minutes should be fine.
2018-01-09 17:07:54 +01:00
Jenkins
86007e913d
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-01-05 22:17:12 +00:00
Naoki Kosaka
3bc13de62f
Fix enforce HTTPS in production. ( #6180 )
2018-01-05 20:04:22 +01:00
Jenkins
b42e6973a1
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2018-01-03 04:17:11 +00:00
Patrick Figel
3c20cfd734
Add confirmation step for email changes ( #6071 )
...
* Add confirmation step for email changes
This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.
Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.
Fixes #3871
* Add review fixes
2018-01-02 16:55:00 +01:00
Jenkins
9ccad78647
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2017-12-22 04:17:14 +00:00
nightpool
e921778dd3
enforce LOCAL_HTTPS=true in production ( #6061 )
...
* enforce https in production
* note changes in production env sample
* typo fix
2017-12-22 02:17:59 +01:00
Jenkins
1366e96a02
Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master
2017-12-13 18:17:16 +00:00
Yamagishi Kazutoshi
9dcead778c
Change streaming API URL when remote development ( #5942 )
...
* Change streaming API URL when remote development
* Use STREAMING_API_BASE_URL when dev env
2017-12-13 12:43:54 +01:00
David Yip
a56c9ac5dc
Merge remote-tracking branch 'tootsuite/master' into merge-upstream
2017-12-12 02:54:13 -06:00
Eugen Rochko
31fe0d067b
Apply a 25x rate limit by IP even to authenticated requests ( #5948 )
2017-12-11 15:32:29 +01:00
kibigo!
f4c233f59f
Ruby intl8n for themes
2017-12-10 11:08:04 -08:00
Naoki Kosaka
77660c4624
Missing require 'authorization_decorator'. ( #5947 )
2017-12-09 15:12:10 +01:00
Eugen Rochko
87af0bf6cf
Rate limit by user instead of IP when API user is authenticated ( #5923 )
...
* Fix #668 - Rate limit by user instead of IP when API user is authenticated
* Fix code style issue
* Use request decorator provided by Doorkeeper
2017-12-09 14:20:02 +01:00
THE BOSS ♨
33b40397f8
Fix typo in paperclip.rb ( #5936 )
2017-12-09 13:59:59 +09:00
Yamagishi Kazutoshi
f76681ebd6
Revert fog-aws (ref #5604 ) ( #5934 )
2017-12-09 00:47:52 +01:00
Eugen Rochko
b037fbf9f4
Remove rabl dependency ( #5894 )
...
* Remove rabl dependency
* Replicate old Oj configuration
2017-12-06 15:04:49 +09:00
Eugen Rochko
a71791e3f1
Allow specifying STATSD_NAMESPACE ( #5700 )
2017-11-15 07:22:43 +09:00
MitarashiDango
7a5fb781ce
Fix spell miss (SWIIFT_OBJECT_URL -> SWIFT_OBJECT_URL) ( #5617 )
2017-11-07 19:06:30 +01:00
Yamagishi Kazutoshi
a624688ebd
Unify file upload to using fog ( #5604 )
2017-11-07 14:30:31 +01:00
Jeong Arm
a5582bf9f5
Remove timestamps on any option ( #5282 )
2017-10-09 17:52:02 +02:00
unarist
12bdbf38ba
Fix migration failure due to StrongMigrations on production env ( #5283 )
2017-10-09 10:05:35 +02:00
Lynx Kotoura
4e822d41b9
adjust public profile pages 2 ( #5223 )
2017-10-04 22:49:36 +02:00
Nishi, Keisuke
8f344b7bb0
Fix Paperclip::Fog always responds Not Found in OpenStack-v2 like ConoHa ( #5155 )
2017-09-30 14:28:29 +02:00
Eugen Rochko
6033b8eac1
Replace self-rolled statsd instrumention with localshred/nsa ( #5118 )
2017-09-29 03:16:44 +02:00
Eugen Rochko
7031e350b3
When OAuth password verification fails, return 401 instead of redirect ( #5111 )
...
Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.
2017-09-27 23:42:49 +02:00
Eugen Rochko
10a2b3dd4c
Follow-up to #4582 and #5027 , removing dead code ( #5101 )
2017-09-26 01:06:27 +02:00