Skip to content
Extraits de code Groupes Projets
  1. fév. 02, 2022
  2. jan. 31, 2022
  3. nov. 26, 2021
  4. nov. 06, 2021
  5. nov. 05, 2021
    • Eugen Rochko's avatar
      Bump version to 3.4.2 · 8a74d851
      Eugen Rochko a rédigé
      8a74d851
    • Claire's avatar
      Fix AccountNote not having a maximum length (#16942) · 76c20288
      Claire a rédigé
      76c20288
    • Claire's avatar
      Fix reviving revoked sessions and invalidating login (#16943) · 3251b8ee
      Claire a rédigé
      Up until now, we have used Devise's Rememberable mechanism to re-log users
      after the end of their browser sessions. This mechanism relies on a signed
      cookie containing a token. That token was stored on the user's record,
      meaning it was shared across all logged in browsers, meaning truly revoking
      a browser's ability to auto-log-in involves revoking the token itself, and
      revoking access from *all* logged-in browsers.
      
      We had a session mechanism that dynamically checks whether a user's session
      has been disabled, and would log out the user if so. However, this would only
      clear a session being actively used, and a new one could be respawned with
      the `remember_user_token` cookie.
      
      In practice, this caused two issues:
      - sessions could be revived after being closed from /auth/edit (security issue)
      - auto-log-in would be disabled for *all* browsers after logging out from one
        of them
      
      This PR removes the `remember_token` mechanism and treats the `_session_id`
      cookie/token as a browser-specific `remember_token`, fixing both issues.
      3251b8ee
    • Claire's avatar
      Fix handling announcements with links (#16941) · f60bb078
      Claire a rédigé
      Broken since #15827
      f60bb078
    • Claire's avatar
      Fix user email address being banned on self-deletion (#16503) · c3a6f7b9
      Claire a rédigé
      * Add tests
      
      * Fix user email address being banned on self-deletion
      
      Fixes #16498
      c3a6f7b9
    • Claire's avatar
      Improve modal flow and back button handling (#16499) · 986397b3
      Claire a rédigé
      * Refactor shouldUpdateScroll passing
      
      So far, shouldUpdateScroll has been manually passed down from the very top of
      the React component hierarchy even though it is a static function common to
      all ScrollContainer instances, so replaced that with a custom class extending
      ScrollContainer.
      
      * Generalize “press back to close modal” to any modal and to public pages
      
      * Fix boost confirmation modal closing media modal
      986397b3
    • Claire's avatar
      Change references to tootsuite/mastodon to mastodon/mastodon (#16491) · c79d4711
      Claire a rédigé
      * Change references to tootsuite/mastodon to mastodon/mastodon
      
      * Remove obsolete test fixture
      
      * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG
      
      And a few other places
      c79d4711
    • Claire's avatar
      Change number_to_human calls to always use 3-digits precision (#16469) · be560337
      Claire a rédigé
      Fixes #16435
      be560337
Chargement en cours