Conflicts:
- `Gemfile.lock`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
- `README.md`:
Upstream updated its README, we have a completely different one.
Kept glitch-soc's README.
- `app/models/account.rb`:
Not a real conflict, upstream updated some lines textually adjacent
to glitch-soc-specific lines.
Ported upstream's changes.
Conflicts:
- `.github/workflows/build-security.yml`:
Changes were already cherry-picked and adapted in glitch-soc.
Kept glitch-soc's version.
- `Gemfile.lock`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
- `lib/mastodon/version.rb`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
Conflicts:
- `spec/controllers/api/v1/timelines/direct_controller_spec.rb`:
`spec/controllers/api/v1/timelines` has been renamed, but we had an extra
spec here for a glitch-soc-only endpoint.
Kept glitch-soc's file unchanged (will port to a request spec later).
Conflicts:
- `app/javascript/mastodon/features/compose/components/compose_form.jsx`:
Upstream completely redesigned this, and glitch-soc had different handling for
the character limit.
Ported upstream's change to the new version.
- `app/javascript/mastodon/features/compose/components/poll_form.jsx`:
Upstream completely redesigned this, and glitch-soc had different limits for
option length and number of options.
Ported glitch-soc's changes to the new version.
Additional change:
- `app/javascript/styles/components.scss`:
Change how the new image is looked up.
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Claire
Matt Jankowski
Emelia Smith