447d7e6127 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'tootsuite/master' into glitchsoc/master  
							
							
							
						 
						
							2018-03-09 00:17:17 +00:00  
				
					
						
							
							
								 
						
							
								a29d409e20 
								
							 
						 
						
							
							
								
								If login redirects to omniauth, redirect logout to root_path ( #6694 )  
							
							... 
							
							
							
							Fix  #6670  
						
							2018-03-08 11:18:26 +01:00  
				
					
						
							
							
								 
						
							
								1b8fcd4df5 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'origin/master' into merge-upstream  
							
							... 
							
							
							
							Conflicts:
 	README.md
 	app/controllers/follower_accounts_controller.rb
 	app/controllers/following_accounts_controller.rb
 	app/serializers/rest/instance_serializer.rb
 	app/views/stream_entries/_simple_status.html.haml
 	config/locales/simple_form.ja.yml 
							
						 
						
							2018-03-02 21:46:44 -06:00  
				
					
						
							
							
								 
						
							
								47bdb9b33b 
								
							 
						 
						
							
							
								
								Fix   #942 : Seamless LDAP login ( #6556 )  
							
							
							
						 
						
							2018-02-28 19:04:53 +01:00  
				
					
						
							
							
								 
						
							
								bb6988a7ac 
								
							 
						 
						
							
							
								
								Merge branch 'master' of  https://github.com/tootsuite/mastodon  
							
							... 
							
							
							
							# Conflicts:
#	app/controllers/settings/exports_controller.rb
#	app/models/media_attachment.rb
#	app/models/status.rb
#	app/views/about/show.html.haml
#	docker_entrypoint.sh
#	spec/views/about/show.html.haml_spec.rb 
							
						 
						
							2018-02-23 23:28:31 +09:00  
				
					
						
							
							
								 
						
							
								e668180044 
								
							 
						 
						
							
							
								
								New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref  #6538  (not only SAML strategies) ( #6540 )  
							
							
							
						 
						
							2018-02-23 01:16:17 +01:00  
				
					
						
							
							
								 
						
							
								4c1fd9a19c 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'tootsuite/master' into merge-upstream  
							
							... 
							
							
							
							Conflicts:
      app/javascript/styles/mastodon/components.scss 
							
						 
						
							2018-02-02 08:39:52 -06:00  
				
					
						
							
							
								 
						
							
								04fef7b888 
								
							 
						 
						
							
							
								
								pam authentication ( #5303 )  
							
							... 
							
							
							
							* add pam support, without extra column
* bugfixes for pam login
* document options
* fix code style
* fix codestyle
* fix tests
* don't call remember_me without password
* fix codestyle
* improve checks for pam usage (should fix tests)
* fix remember_me part 1
* add remember_token column because :rememberable requires either a password or this column.
* migrate db for remember_token
* move pam_authentication to the right place, fix logic bug in edit.html.haml
* fix tests
* fix pam authentication, improve username lookup, add comment
* valid? is sometimes not honored, return nil instead trying to authenticate with pam
* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests
* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user
* codeconvention fixes
* code convention fixes
* fix idention
* update dependency, explicit conflict check
* fix disabled password updates if in pam mode
* fix check password if password is present, fix templates
* block registration if account is maintained by pam
* Revert "block registration if account is maintained by pam"
This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.
* fix identation error introduced by rebase
* block usernames maintained by pam
* document pam settings better
* fix code style 
							
						 
						
							2018-02-02 10:18:55 +01:00  
				
					
						
							
							
								 
						
							
								bf1eb0912c 
								
							 
						 
						
							
							
								
								Set packs on 2FA-related pages.   Fixes   #271 .  
							
							... 
							
							
							
							Specifically, this commit:
- changes S::TFA::{Confirmations,RecoveryCodes}Controller to derive from
  S::BaseController, because this gives us the necessary actions and
  packs
- prepends set_pack to Auth::SessionsController's action chain so that
  it takes effect in time for render :two_factor 
							
						 
						
							2017-12-20 03:15:54 -06:00  
				
					
						
							
							
								 
						
							
								bdbbd06dad 
								
							 
						 
						
							
							
								
								Finalized theme loading and stuff  
							
							
							
						 
						
							2017-11-20 22:13:37 -08:00  
				
					
						
							
							
								 
						
							
								3e90987c8b 
								
							 
						 
						
							
							
								
								Fix some rubocop style issues ( #5730 )  
							
							
							
						 
						
							2017-11-17 10:06:26 +09:00  
				
					
						
							
							
								 
						
							
								552d22bec9 
								
							 
						 
						
							
							
								
								sign_in and sign_up views present og meta infos ( #5308 )  
							
							
							
						 
						
							2017-10-11 00:52:25 +02:00  
				
					
						
							
							
								 
						
							
								dcf0530218 
								
							 
						 
						
							
							
								
								Make sure email is case insensitive on all places ( #3688 )  
							
							... 
							
							
							
							When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.
More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails  
							
						 
						
							2017-06-11 02:29:08 +02:00  
				
					
						
							
							
								 
						
							
								ecef03bb15 
								
							 
						 
						
							
							
								
								Fix empty flash message on the settings page ( #3345 )  
							
							
							
						 
						
							2017-05-27 13:04:28 +02:00  
				
					
						
							
							
								 
						
							
								f6a93fc150 
								
							 
						 
						
							
							
								
								Go to root after login in single user mode ( #3289 )  
							
							... 
							
							
							
							In single user mode, visitors are redirected to the single user's
profile page.  So, if you are the owner without a session, you start
from that page, click the login button and authenticate yourself
expecting you'll soon get started with the home page, but in reality
you'll get redirected back to where you started from -- your own
profile page.
This fixes the behavior by redirecting you home after login if you
have started from your own profile page. 
							
						 
						
							2017-05-26 14:14:03 +02:00  
				
					
						
							
							
								 
						
							
								268dd32d76 
								
							 
						 
						
							
							
								
								Auth sign out ( #2511 )  
							
							... 
							
							
							
							* Add a spec for signing out
* Add spec showing that suspended user gets a 403 forbidden on sign out
* Allow suspended account users to sign out 
							
						 
						
							2017-05-02 23:37:58 +02:00  
				
					
						
							
							
								 
						
							
								3988f2dade 
								
							 
						 
						
							
							
								
								Fix Rubocop offences ( #2630 )  
							
							... 
							
							
							
							* disable Bundler/OrderedGems
* fix rubocop Lint/UselessAssignment
* fix rubocop Style/BlockDelimiters
* fix rubocop Style/AlignHash
* fix rubocop Style/AlignParameters, Style/EachWithObject
* fix rubocop Style/SpaceInLambdaLiteral 
							
						 
						
							2017-05-01 16:31:02 +02:00  
				
					
						
							
							
								 
						
							
								b48f2cbc8b 
								
							 
						 
						
							
							
								
								Catch error when server decryption fails on 2FA ( #2512 )  
							
							
							
						 
						
							2017-04-27 15:18:21 +02:00  
				
					
						
							
							
								 
						
							
								df4ff9a8e1 
								
							 
						 
						
							
							
								
								Add recovery code support for two-factor auth ( #1773 )  
							
							... 
							
							
							
							* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes  #563  and fixes  #987 
* Set OTP_SECRET in test enviroment
* add missing .html to view file names 
							
						 
						
							2017-04-15 13:26:03 +02:00  
				
					
						
							
							
								 
						
							
								23b997ae55 
								
							 
						 
						
							
							
								
								Split 2FA login into two prompts  
							
							
							
						 
						
							2017-01-28 20:43:38 +01:00  
				
					
						
							
							
								 
						
							
								ba192f12e3 
								
							 
						 
						
							
							
								
								Added optional two-factor authentication  
							
							
							
						 
						
							2017-01-27 20:35:16 +01:00  
				
					
						
							
							
								 
						
							
								fdc17bea58 
								
							 
						 
						
							
							
								
								Fix rubocop issues, introduce usage of frozen literal to improve performance  
							
							
							
						 
						
							2016-11-15 16:56:29 +01:00  
				
					
						
							
							
								 
						
							
								fc198a8b4c 
								
							 
						 
						
							
							
								
								Adding e-mail confirmations  
							
							
							
						 
						
							2016-10-03 16:51:00 +02:00  
				
					
						
							
							
								 
						
							
								a0f85774c4 
								
							 
						 
						
							
							
								
								Redirect after sign in to previous page (unless it's a sign in/up/etc page)  
							
							
							
						 
						
							2016-10-02 17:11:08 +02:00  
				
					
						
							
							
								 
						
							
								7e14eefc81 
								
							 
						 
						
							
							
								
								Replace logo,  fix   #57  - delete/unreblog/unfavourite API,  fix   #45  - app  
							
							... 
							
							
							
							registration API 
							
						 
						
							2016-09-26 23:56:53 +02:00  
				
					
						
							
							
								 
						
							
								ff2cbc0753 
								
							 
						 
						
							
							
								
								Remember me enabled by default  
							
							
							
						 
						
							2016-03-28 00:06:52 +02:00  
				
					
						
							
							
								 
						
							
								da4b675aca 
								
							 
						 
						
							
							
								
								Fix favourite handling in ProcessInteractionService  
							
							
							
						 
						
							2016-03-26 01:34:12 +01:00  
				
					
						
							
							
								 
						
							
								43bb8a25e7 
								
							 
						 
						
							
							
								
								Remember user logins by default  
							
							
							
						 
						
							2016-03-26 01:14:37 +01:00  
				
					
						
							
							
								 
						
							
								6045b6cb18 
								
							 
						 
						
							
							
								
								Customizing devise views and controllers  
							
							
							
						 
						
							2016-03-05 22:43:05 +01:00