monorail
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,231 Commits 1 Branch 0 Tags 290 MiB
Commit Graph

139 Commits

Author SHA1 Message Date
Matt Jankowski c3419d146a
Remove duplicate cache header setting before action (#33833) 2025-02-05 09:19:08 +00:00
Matt Jankowski a1d9c3fb99
Use `expect` params wrapper for more "auth" and "2FA" "controllers" (#33717) 2025-01-24 14:40:20 +00:00
Matt Jankowski 45149cd5e1
Use `expect` for nested params in `auth/setup#update` (#33657) 2025-01-21 08:16:40 +00:00
Matt Jankowski 998cf0dd53
Convert `auth/setup` spec controller->system/request (#33604) 2025-01-16 09:03:46 +00:00
Eugen Rochko ca45f896dd
Fix various visual sign-up flow issues (#33206) 2024-12-09 08:23:19 +00:00
Matt Jankowski a397141d78
Move non-action public method controller callback to private methods (#31933) 2024-09-18 08:05:25 +00:00
Matt Jankowski a9d0b48b65
Set "admin" body class from `admin` nested layout (#31269) 2024-09-06 13:58:46 +00:00
Renaud Chaput c3e1d86d58
Fix log out from user menu not working on Safari (#31402) 2024-08-13 17:49:23 +00:00
Claire 2ec1181ee5
Fix contrast between background and form elements on some pages (#31266) 2024-08-02 13:55:31 +00:00
Matt Jankowski 929b9fdaff
Remove exclusion for `Rails/LexicallyScopedActionFilter` cop (#30697) 2024-06-21 15:34:13 +00:00
Matt Jankowski 9b5055d34d
Fix `Style/SuperArguments` cop (#30406) 2024-05-24 08:36:21 +00:00
Claire d4d0565b0f
Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 21:49:45 +00:00
Claire b31af34c97
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire eeabf9af72
Fix compatibility with Redis <6.2 (#29123) 2024-02-07 11:52:38 +00:00
Matt Jankowski 17ea22671d
Fix `Style/GuardClause` cop in app/controllers (#28420) 2024-01-25 15:13:41 +00:00
Claire e2d9635074
Add notification email on invalid second authenticator (#28822) 2024-01-22 13:55:43 +00:00
Claire 3593ee2e36
Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-19 12:19:49 +00:00
Matt Jankowski 0e5b8fc46b
Fix `Style/RedundantReturn` cop (#28391) 2023-12-18 09:50:51 +00:00
Claire 963354978a
Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases (#28053) 2023-11-30 15:43:26 +00:00
Matt Jankowski 1f1c75bba5
File cleanup/organization in `controllers/concerns` (#27846) 2023-11-30 14:39:41 +00:00
Claire 07a4059901
Add support for invite codes in the registration API (#27805) 2023-11-13 13:27:00 +00:00
Claire 49b8433c56
Fix confusing screen when visiting a confirmation link for an already-confirmed email (#27368) 2023-10-25 21:33:44 +00:00
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439) 2023-10-23 15:46:21 +00:00
Matt Jankowski 340f1a68be
Simplify instance presenter view access (#26046) 2023-09-28 16:52:37 +02:00
Matt Jankowski 50ff3d3342
Coverage for `Auth::OmniauthCallbacks` controller (#26147) 2023-07-25 09:46:57 +02:00
Claire b629e21515
Fix unexpected redirection to /explore after sign-in (#26143) 2023-07-24 16:06:32 +02:00
Matt Jankowski 5134fc65e2
Fix `Naming/AccessorMethodName` cop (#25924) 2023-07-12 10:03:19 +02:00
Claire e6a8faae81
Add users index on unconfirmed_email (#25672) 2023-07-02 19:41:35 +02:00
Claire 180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2023-07-02 16:08:58 +02:00
Eugen Rochko f20698000f
Fix always redirecting to onboarding in web UI (#25396) 2023-06-14 09:05:03 +02:00
Frankie Roberto 36a77748b4
Order sessions by most-recent to least-recently updated (#25005) 2023-05-22 11:40:00 +02:00
Claire bec6a1cad4
Add hCaptcha support (#25019) 2023-05-16 23:27:35 +02:00
Matt Jankowski 6e226f5a32
Fix Rails/ActionOrder cop (#24692) 2023-04-30 06:46:39 +02:00
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347) 2023-04-19 16:07:29 +02:00
Eugen Rochko e5c0b16735
Add progress indicator to sign-up flow (#24545) 2023-04-16 07:01:24 +02:00
Claire 280fa3b2c0
Fix invalid/expired invites being processed on sign-up (#24337) 2023-03-31 21:42:28 +02:00
CSDUMMI d258ec8e3b
Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073) 2023-03-13 00:06:27 +01:00
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2023-02-20 11:16:40 +09:00
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2023-02-18 12:37:47 +01:00
David Vega 1b5d207131
Fix single name variables on controller folder (#20092) 
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>

Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
 2022-12-15 17:11:58 +01:00
Francis Murillo 5fb1c3e934
Revoke all authorized applications on password reset (#21325) 
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
 2022-12-15 15:47:06 +01:00
Claire 48e136605a
Fix form-action CSP directive for external login (#20962) 2022-11-17 22:59:07 +01:00
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608) 
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
 2022-11-16 04:56:30 +01:00
Claire 1e1289b024
Fix crash when external auth provider has no display_name set (#19962) 
Fixes #19913
 2022-11-07 15:43:24 +01:00
Claire a529d6d93e
Fix invites (#19560) 
Fixes #19507

Fix regression from #19296
 2022-10-30 19:04:39 +01:00
Eugen Rochko 679274465b
Add server rules to sign-up flow (#19296) 2022-10-05 18:57:33 +02:00
Eugen Rochko d83faa1a89
Add ability to block sign-ups from IP (#19037) 2022-08-24 19:00:37 +02:00
Claire 327eed0076
Fix suspicious sign-in mails never being sent (#18599) 
* Add tests

* Fix suspicious sign-in mails never being sent
 2022-06-21 15:16:22 +02:00
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without `Location` header (#18523) 2022-05-26 22:03:54 +02:00
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00