specter/mastodon
1
0
Fork 1
forked from fedi/mastodon
Code Pull requests Activity
14513 commits 82 branches 202 tags 316 MiB
Commit graph

1424 commits

Author SHA1 Message Date
Claire 870ee80fd3 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 22:55:31 +01:00
Claire f1700523f1
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire a6641f828b
Merge pull request from GHSA-3fjr-858r-92rw 
* Fix insufficient origin validation

* Bump version to v4.2.5
 2024-02-01 15:56:46 +01:00
Claire 6fe2a47357 Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:13 +01:00
Claire 3837ec2227 Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:13 +01:00
Claire c0a9db3611 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:13 +01:00
Claire 01caa18e5b Fix streaming API redirection ignoring the port of streaming_api_base_url (#28558) 2024-01-24 15:31:13 +01:00
Claire d7875adad2
Fix call to inefficient delete_matched cache method in domain blocks (#28367) 2023-12-19 11:27:37 +01:00
Claire 700ae1f918 Fix report processing notice not mentioning the report number when performing a custom action (#27442) 2023-12-04 15:28:15 +01:00
Claire ffcf2c691e Fix Vary headers not being set on some redirects (#27272) 2023-10-10 13:52:41 +02:00
Robert R George 20666482ef
Added admin api for managing tags (#26872) 2023-09-13 11:22:53 +02:00
CSDUMMI 9a70cac9de
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857) 2023-09-12 13:04:51 +02:00
Claire 33c8708a1a
Change GET /api/v1/directory to use database replica rather than primary (#26856) 2023-09-08 17:01:02 +02:00
Claire 09ec9c6aa5
Downgrade signature verification debug logging from warn to debug (#26812) 2023-09-06 12:17:22 +02:00
Claire 548c032dbb
Improve interaction modal error handling (#26795) 2023-09-05 23:49:48 +02:00
Claire 16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
Claire 9e26cd5503
Add authorized_fetch server setting in addition to env var (#25798) 2023-09-01 15:41:10 +02:00
Daniel M Brasil ccca542db1
Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-08-31 13:53:24 +02:00
Claire 25bf640629
Add debug logging on signature verification failure (#26637) 2023-08-29 10:29:07 +02:00
Lukas Martini a7d96e6aff
Improve error messages when DeepL quota is exceeded (#26704) 2023-08-29 09:14:44 +02:00
jsgoldstein 30c191aaa0
Add new public status index (#26344) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-08-24 16:40:04 +02:00
Claire 191d302b7f
Refactor Api::V1::ProfilesController into two separate controllers (#26573) 2023-08-21 15:47:09 +02:00
Daniel M Brasil d24a87ce4f
Add ability to delete avatar or header picture via the API (#25124) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-08-21 08:44:35 +02:00
Claire cc4560d95b
Change “privacy and reach” settings so that unchecking boxes always increase privacy and checking them always increase reach (#26508) 2023-08-17 09:13:26 +02:00
Claire fc5ab2dc83
Add privacy tab in profile settings (#26484) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-08-14 18:52:45 +02:00
Claire b12d75ef4f
Fix blocking subdomains of an already-blocked domain (#26392) 2023-08-09 09:39:36 +02:00
Claire 8b37dd2c86
Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388) 2023-08-08 15:41:38 +02:00
CSDUMMI 120f5802c0
Add direct link to the Single-Sign On provider if there is only one sign up method available (#26083) 2023-08-03 16:43:15 +02:00
Daniel M Brasil 3a4d3e9d4b
Add GET /api/v1/instance/languages to REST API (#24443) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-08-03 11:25:47 +02:00
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 2023-08-02 19:32:48 +02:00
Christian Schmidt ca342d4838
Add List-Unsubscribe email header (#26085) 2023-08-01 19:34:40 +02:00
Claire 6c39125761
Change /api/v1/peers/search to be case-insensitive when using Elasticsearch (#26268) 2023-08-01 14:52:32 +02:00
Misty De Méo 12a6cf569e
Storage: add :azure to remaining callers (#26080) 2023-07-27 16:13:45 +02:00
Claire b4e739ff0f
Change interaction modal in web UI (#26075) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-07-27 16:11:17 +02:00
Matt Jankowski 50ff3d3342
Coverage for Auth::OmniauthCallbacks controller (#26147) 2023-07-25 09:46:57 +02:00
Claire b629e21515
Fix unexpected redirection to /explore after sign-in (#26143) 2023-07-24 16:06:32 +02:00
Christian Schmidt 4c18928a93
Wrong count in response when removing favourite/reblog (#24365) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-07-19 09:02:30 +02:00
Claire 943f27f437
Remove unfollowed hashtag posts from home feed (#26028) 2023-07-17 13:56:28 +02:00
Claire 41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 15:53:03 +02:00
Eugen Rochko 8d0c69529a
Change markers API to use a replica (#25851) 2023-07-12 18:57:40 +02:00
Eugen Rochko fdc3ff7c2d
Change notifications API to use a replica (#25874) 2023-07-12 17:06:00 +02:00
Matt Jankowski 2e1391fdd2
Fix Naming/MemoizedInstanceVariableName cop (#25928) 2023-07-12 10:08:51 +02:00
Matt Jankowski 5134fc65e2
Fix Naming/AccessorMethodName cop (#25924) 2023-07-12 10:03:19 +02:00
Claire c27b82a437
Add forward_to_domains parameter to POST /api/v1/reports (#25866) 2023-07-10 18:26:56 +02:00
Kurtis Rainbolt-Greene e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter (#25693) 
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
 2023-07-08 19:45:36 +02:00
Daniel M Brasil 383c00819c
Fix /api/v2/search not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Claire e6a8faae81
Add users index on unconfirmed_email (#25672) 2023-07-02 19:41:35 +02:00
Claire 180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2023-07-02 16:08:58 +02:00
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in /api/v1/emails/check_confirmation (#25595) 2023-07-02 00:05:44 +02:00
Matt Jankowski 683ba5ecb1
Fix rails rewhere deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00