mstdn.y-zu.org/mastodon
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,072 Commits 12 Branches 127 Tags 124 MiB
main
Commit Graph

1350 Commits

Author SHA1 Message Date
YorimiMochida
c92b5559a9
Merge pull request #137 from Y-zu-don-maintenance-org/4.1.18 
4.1.18
 2024-07-05 18:59:51 +09:00
Claire
34aeef3453
Merge pull request from GHSA-58x8-3qxw-6hm7 
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
 2024-07-04 16:26:49 +02:00
Claire
122740047a
Merge pull request from GHSA-vp5r-5pgw-jwqx 
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
 2024-07-04 16:11:28 +02:00
Emelia Smith
984d7d3dc8 Fix missing destory audit logs for Domain Allows (#30125) 2024-05-17 12:30:07 +02:00
Claire
33a50884e5 Fix not being able to block a subdomain of an already-blocked domain through the API (#30119) 2024-05-17 12:30:07 +02:00
Claire
5973d7a4b6 Remove caching in cache_collection (#29862) 2024-05-17 12:30:07 +02:00
Matt Jankowski
8ce403a85b Fix results/query in api/v1/featured_tags/suggestions (#29597) 2024-05-17 12:30:07 +02:00
Claire
079d3e5189 Add fallback redirection when getting a webfinger query WEB_DOMAIN@WEB_DOMAIN (#28592) 2024-05-17 12:30:07 +02:00
YoheiZuho
0eb421cc64 Revert "Add reject pattern to Admin setting" 
This reverts commit 0cd5faaa9d.
 2024-02-22 20:46:08 +09:00
noellabo
0cd5faaa9d Add reject pattern to Admin setting 2024-02-22 20:15:49 +09:00
YorimiMochida
1b06c5befc
Merge pull request #134 from Y-zu-don-maintenance-org/features/v4.1.15 
Features/v4.1.15
 2024-02-17 10:18:09 +09:00
Claire
9e5af6bb58 Fix user creation failure handling in OAuth paths (#29207) 
Co-authored-by: Matt Jankowski <matt@jankowski.online>
 2024-02-14 23:16:39 +01:00
YorimiMochida
ec77396ddd
Merge pull request #133 from Y-zu-don-maintenance-org/features/v4.1.14 
Features/v4.1.14
 2024-02-15 05:53:04 +09:00
Claire
6f36b633a7
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
YorimiMochida
5e2bc7aa95
Merge pull request #130 from Y-zu-don-maintenance-org/features/v4.1.13 
Merge pull request from GHSA-3fjr-858r-92rw
 2024-02-02 21:32:09 +09:00
YorimiMochida
2ab80bc511
Merge pull request #129 from Y-zu-don-maintenance-org/features/v4.1.12 
Features/v4.1.12
 2024-02-02 21:31:08 +09:00
Claire
5799bc4af7
Merge pull request from GHSA-3fjr-858r-92rw 
* Fix insufficient origin validation

* Bump version to v4.1.13
 2024-02-01 15:56:46 +01:00
Claire
2e8943aecd Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:06 +01:00
Claire
9292d998fe Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:06 +01:00
Claire
458620bdd4 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:06 +01:00
Claire
a1a71263e0 Fix streaming API redirection ignoring the port of streaming_api_base_url (#28558) 2024-01-24 15:31:06 +01:00
Claire
3ef0a19bac Fix report processing notice not mentioning the report number when performing a custom action (#27442) 2023-12-04 15:28:02 +01:00
YoheiZuho
70cf68fc6e Merge tag 'v4.1.9' into features/4.1.9 2023-10-11 18:13:24 +09:00
Daniel M Brasil
ea7fa048f3 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 19:16:09 +02:00
Claire
6339806f05 Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 19:16:09 +02:00
YoheiZuho
d646011a17 remove setting_show_tab_bar_label 2023-07-10 16:16:13 +00:00
YorimiMochida
ff17262aff
Merge pull request #119 from Y-zu-don-maintenance-org/features/v4.1.3 
Features/v4.1.3
 2023-07-06 22:39:03 +09:00
Claire
f8930a67a0 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-07-06 13:45:40 +02:00
Claire
e65e3a6d14 Add finer permission requirements for managing webhooks (#25463) 2023-07-06 13:45:40 +02:00
Claire
8acbfc6ab1 Fix wrong view being displayed when a webhook fails validation (#25464) 2023-07-06 13:45:40 +02:00
Daniel M Brasil
fd1ffd72eb Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:45:40 +02:00
Claire
2779bce9a2 Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (#23600) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-07-06 13:45:40 +02:00
Claire
1301af60e0 Fix race condition when reblogging a status (#25016) 2023-07-06 13:45:40 +02:00
Claire
b3cbcd7447 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:40 +02:00
Claire
72d96bf17a Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:45:40 +02:00
Claire
036ac5b5c9 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:45:40 +02:00
Claire
3e1724e972 Fix multiple N+1s in ConversationsController (#25134) 2023-07-06 13:45:40 +02:00
Claire
bc8592627b Fix user archive takeouts when using OpenStack Swift (#24431) 2023-07-06 13:45:40 +02:00
YoheiZuho
d05a0c8fa3 下タブバーの実装 2023-07-02 06:22:56 +00:00
YoheiZuho
1b02b4bfde Merge remote-tracking branch 'accelforce/custom/quote' into features/v4.1.2 2023-06-30 20:52:31 +09:00
Claire
51572ac615 Fix invalid/expired invites being processed on sign-up (#24337) 2023-04-04 12:41:27 +02:00
Claire
ae64c5b7ec Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:41:27 +02:00
Eugen Rochko
6db76875fd Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:48:42 +01:00
Claire
8c4ea7d715 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2023-03-16 11:45:53 +01:00
Claire
aff3f850de Fix server error when failing to follow back followers from /relationships (#23787) 2023-03-13 18:39:35 +01:00
Claire
0dc342df81 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2023-03-13 18:36:15 +01:00
Claire
832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections (#23460) 2023-02-08 17:57:25 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition (#23451) 2023-02-08 07:07:36 +01:00
Nick Schonning
2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument (#23443) 
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
 2023-02-08 02:25:20 +01:00
Claire
20a479ff7c
Change POST /settings/applications/:id to regenerate token on scopes change (#23359) 
Fixes #23096
 2023-02-02 12:03:49 +01:00