Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6f2aba989f 
							
						 
					 
					
						
						
							
							Move "limited federation mode" config to x.mastodon area ( #35041 )  
						
						
						
					 
					
						2025-06-16 06:13:03 +00:00 
						 
				 
			
				
					
						
							
							
								Emelia Smith 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a73ade526a 
							
						 
					 
					
						
						
							
							Assert usage of client credentials for account registration ( #34828 )  
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Bundler Audit / security (push) Waiting to run 
				
			 
		
			
				
	Check i18n / check-i18n (push) Waiting to run 
				
			 
		
			
				
	CodeQL / Analyze (javascript) (push) Waiting to run 
				
			 
		
			
				
	CodeQL / Analyze (ruby) (push) Waiting to run 
				
			 
		
			
				
	Check formatting / lint (push) Waiting to run 
				
			 
		
			
				
	Haml Linting / lint (push) Waiting to run 
				
			 
		
			
				
	Ruby Linting / lint (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (14-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (15-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (16-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (17-alpine) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / build (production) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / build (test) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / test (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / test (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / test (3.3) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / ImageMagick tests (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / ImageMagick tests (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / ImageMagick tests (3.3) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (3.3) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (3.3, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	CSS Linting / lint (push) Has been cancelled 
				
			 
		
			
				
	JavaScript Linting / lint (push) Has been cancelled 
				
			 
		
			
				
	JavaScript Testing / test (push) Has been cancelled 
				
			 
		
		
	 
 
	 
						
					 
					
						2025-05-28 12:09:32 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d4944a2467 
							
						 
					 
					
						
						
							
							Fix incorrect redirect in response to unauthenticated API requests in limited federation mode ( #34549 )  
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	CodeQL / Analyze (javascript) (push) Waiting to run 
				
			 
		
			
				
	CodeQL / Analyze (ruby) (push) Waiting to run 
				
			 
		
			
				
	Crowdin / Upload translations / upload-translations (push) Waiting to run 
				
			 
		
			
				
	Check formatting / lint (push) Waiting to run 
				
			 
		
			
				
	JavaScript Linting / lint (push) Waiting to run 
				
			 
		
			
				
	Ruby Linting / lint (push) Waiting to run 
				
			 
		
			
				
	JavaScript Testing / test (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (14-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (15-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (16-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (17-alpine) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / build (production) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / build (test) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / test (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / test (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / test (3.3) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Libvips tests (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Libvips tests (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Libvips tests (3.3) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (3.3) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (3.3, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Bundler Audit / security (push) Has been cancelled 
				
			 
		
			
				
	CSS Linting / lint (push) Has been cancelled 
				
			 
		
			
				
	Haml Linting / lint (push) Has been cancelled 
				
			 
		
		
	 
 
	 
						
					 
					
						2025-04-25 11:24:57 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							598ae4f2da 
							
						 
					 
					
						
						
							
							Add endpoints for unread notifications count ( #31191 )  
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Bundler Audit / security (push) Waiting to run 
				
			 
		
			
				
	Check i18n / check-i18n (push) Waiting to run 
				
			 
		
			
				
	CodeQL / Analyze (javascript) (push) Waiting to run 
				
			 
		
			
				
	CodeQL / Analyze (ruby) (push) Waiting to run 
				
			 
		
			
				
	Check formatting / lint (push) Waiting to run 
				
			 
		
			
				
	Haml Linting / lint (push) Waiting to run 
				
			 
		
			
				
	Ruby Linting / lint (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (14-alpine) (push) Waiting to run 
				
			 
		
			
				
	Historical data migration test / test (15-alpine) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / build (production) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / build (test) (push) Waiting to run 
				
			 
		
			
				
	Ruby Testing / test (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / test (3.1) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / test (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Libvips tests (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Libvips tests (3.1) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Libvips tests (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (3.1) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (3.1, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
			
				
	Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions 
				
			 
		
		
	 
 
	 
						
					 
					
						2024-07-30 08:39:11 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1d3ecd3fba 
							
						 
					 
					
						
						
							
							Add API::Pagination concern ( #28826 )  
						
						
						
					 
					
						2024-04-17 09:22:45 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b5115850bb 
							
						 
					 
					
						
						
							
							Move repeated insert_pagination_headers method to api base class ( #29606 )  
						
						
						
					 
					
						2024-03-18 10:11:53 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f9100743ec 
							
						 
					 
					
						
						
							
							Add Api::ErrorHandling concern for api/base controller ( #29574 )  
						
						
						
					 
					
						2024-03-14 09:09:47 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9754967d5f 
							
						 
					 
					
						
						
							
							Move pagination_max_id and pagination_since_id into api/base controller ( #28844 )  
						
						
						
					 
					
						2024-03-13 08:51:44 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c28976d89e 
							
						 
					 
					
						
						
							
							Handle negative offset param in api/v2/search ( #28282 )  
						
						
						
					 
					
						2023-12-19 10:55:39 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							3bc437b99a 
							
						 
					 
					
						
						
							
							Fix Style/RedundantParentheses cop ( #28176 )  
						
						
						
					 
					
						2023-12-01 16:00:44 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							963354978a 
							
						 
					 
					
						
						
							
							Add Account#unavailable? and Account#permanently_unavailable? aliases ( #28053 )  
						
						
						
					 
					
						2023-11-30 15:43:26 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1f1c75bba5 
							
						 
					 
					
						
						
							
							File cleanup/organization in controllers/concerns ( #27846 )  
						
						
						
					 
					
						2023-11-30 14:39:41 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d562fb8459 
							
						 
					 
					
						
						
							
							Specs for minimal CSP policy in Api:: controllers ( #27845 )  
						
						
						
					 
					
						2023-11-14 14:34:30 +00:00 
						 
				 
			
				
					
						
							
							
								Emelia Smith 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e258b4cb64 
							
						 
					 
					
						
						
							
							Refactor: replace whitelist_mode mentions with limited_federation_mode ( #26252 )  
						
						
						
					 
					
						2023-08-02 19:32:48 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							276c39361b 
							
						 
					 
					
						
						
							
							Fix anonymous visitors getting a session cookie on first visit ( #24584 )  
						
						
						
					 
					
						2023-04-25 16:51:38 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6084461cd0 
							
						 
					 
					
						
						
							
							Change unauthenticated responses to be cached in REST API ( #24348 )  
						
						
						
					 
					
						2023-04-25 15:41:34 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							58a1b2e330 
							
						 
					 
					
						
						
							
							Fix caching logic with regards to Accept-Language, Cookie, and Signature ( #24604 )  
						
						
						
					 
					
						2023-04-23 22:27:24 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e98c86050a 
							
						 
					 
					
						
						
							
							Refactor Cache-Control and Vary definitions ( #24347 )  
						
						
						
					 
					
						2023-04-19 16:07:29 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							623d3d2e32 
							
						 
					 
					
						
						
							
							Change CSP directives on API to be tight and concise ( #20960 )  
						
						
						
					 
					
						2022-12-15 16:40:32 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Axtens 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							4d85c27d1a 
							
						 
					 
					
						
						
							
							Add 'private' to Cache-Control, match Rails expectations ( #20608 )  
						
						... 
						
						
						
						Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209) 
						
					 
					
						2022-11-16 04:56:30 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b31afc6294 
							
						 
					 
					
						
						
							
							Fix error when passing unknown filter param in REST API ( #20626 )  
						
						... 
						
						
						
						Fix  #19156  
					
						2022-11-14 08:06:06 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							3a41fccc43 
							
						 
					 
					
						
						
							
							Change AUTHORIZED_FETCH to not block unauthenticated REST API access ( #19803 )  
						
						... 
						
						
						
						New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS` 
						
					 
					
						2022-11-05 22:56:03 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							3e18e05330 
							
						 
					 
					
						
						
							
							Fix uncaught error when invalid date is supplied to API ( #19480 )  
						
						... 
						
						
						
						Fix  #19213  
					
						2022-10-27 14:30:52 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2750a7a0e6 
							
						 
					 
					
						
						
							
							Fix REST API sometimes returning HTML on error ( #19135 )  
						
						... 
						
						
						
						Fixes  #19115  
					
						2022-09-08 09:44:36 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9f81b9f29a 
							
						 
					 
					
						
						
							
							Fix suspended users being able to access APIs that don't require a user ( #18524 )  
						
						
						
					 
					
						2022-05-26 22:04:05 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							67d550830b 
							
						 
					 
					
						
						
							
							Fix locale not being set in REST API ( #17847 )  
						
						
						
					 
					
						2022-03-22 12:29:04 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							50ea54b3ed 
							
						 
					 
					
						
						
							
							Change authorized applications page ( #17656 )  
						
						... 
						
						
						
						* Change authorized applications page
* Hide revoke button for superapps and suspended accounts
* Clean up db/schema.rb 
						
					 
					
						2022-03-01 16:48:58 +01:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d8629e7b86 
							
						 
					 
					
						
						
							
							Add logging of S3-related errors ( #16381 )  
						
						
						
					 
					
						2021-07-21 18:34:39 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1045549f85 
							
						 
					 
					
						
						
							
							Add stoplight for object storage failures, return HTTP 503 ( #13043 )  
						
						
						
					 
					
						2020-12-15 12:55:29 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8532429af7 
							
						 
					 
					
						
						
							
							Fix 2FA/sign-in token sessions being valid after password change ( #14802 )  
						
						... 
						
						
						
						If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token 
						
					 
					
						2020-11-12 23:05:01 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ed099d8bdc 
							
						 
					 
					
						
						
							
							Change account suspensions to be reversible by default ( #14726 )  
						
						
						
					 
					
						2020-09-15 14:37:58 +02:00 
						 
				 
			
				
					
						
							
							
								dependabot[bot] 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8972e5f7f6 
							
						 
					 
					
						
						
							
							Bump rubocop from 0.86.0 to 0.88.0 ( #14412 )  
						
						... 
						
						
						
						* Bump rubocop from 0.86.0 to 0.88.0
Bumps [rubocop](https://github.com/rubocop-hq/rubocop ) from 0.86.0 to 0.88.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases )
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.88.0 )
Signed-off-by: dependabot[bot] <support@github.com>
* Fix for latest RuboCop
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> 
						
					 
					
						2020-09-01 03:04:00 +02:00 
						 
				 
			
				
					
						
							
							
								ThibG 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ac8a788370 
							
						 
					 
					
						
						
							
							Fix functional user requirements in whitelist mode ( #14093 )  
						
						... 
						
						
						
						Fixes  #14092  
					
						2020-06-19 19:18:47 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							339ce1c4e9 
							
						 
					 
					
						
						
							
							Add specific rate limits for posting and following ( #13172 )  
						
						
						
					 
					
						2020-03-08 15:17:39 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f52c988e12 
							
						 
					 
					
						
						
							
							Add announcements ( #12662 )  
						
						... 
						
						
						
						* Add announcements
Fix  #11006 
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter 
						
					 
					
						2020-01-23 22:00:13 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6d7daf6154 
							
						 
					 
					
						
						
							
							Fix generic HTTP 500 error on duplicate records ( #12563 )  
						
						... 
						
						
						
						Fix  #12551 
Fix  #12547  
					
						2019-12-06 22:40:06 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							22ce4778eb 
							
						 
					 
					
						
						
							
							Fix uncaught parameter missing exceptions and missing error templates ( #11702 )  
						
						
						
					 
					
						2019-08-30 01:34:47 +02:00 
						 
				 
			
				
					
						
							
							
								ThibG 
							
						 
					 
					
						
						
						
						
							
						
						
							646f96d448 
							
						 
					 
					
						
						
							
							Fix ActivityPub and REST API queries setting cookies and preventing caching ( #11539 )  
						
						... 
						
						
						
						Regression from #8657  
						
					 
					
						2019-08-11 22:59:40 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							24552b5160 
							
						 
					 
					
						
						
							
							Add whitelist mode ( #11291 )  
						
						
						
					 
					
						2019-07-30 11:10:46 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							964ae8eee5 
							
						 
					 
					
						
						
							
							Change unconfirmed user login behaviour ( #11375 )  
						
						... 
						
						
						
						Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication. 
						
					 
					
						2019-07-22 10:48:50 +02:00 
						 
				 
			
				
					
						
							
							
								ThibG 
							
						 
					 
					
						
						
						
						
							
						
						
							91634947f8 
							
						 
					 
					
						
						
							
							Explicitly disable storage of REST API results ( #10655 )  
						
						... 
						
						
						
						Fixes  #10652  
					
						2019-05-03 20:39:19 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							51e154f5e8 
							
						 
					 
					
						
						
							
							Admission-based registrations mode ( #10250 )  
						
						... 
						
						
						
						Fix  #6856 
Fix  #6951  
					
						2019-03-14 05:28:30 +01:00 
						 
				 
			
				
					
						
							
							
								Takeshi Umeda 
							
						 
					 
					
						
						
						
						
							
						
						
							bf70e5cfda 
							
						 
					 
					
						
						
							
							Add error message with invalid email confirmation ( #9625 )  
						
						
						
					 
					
						2018-12-25 19:35:26 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5d2fc6de32 
							
						 
					 
					
						
						
							
							Add REST API for creating an account ( #9572 )  
						
						... 
						
						
						
						* Add REST API for creating an account
The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.
The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.
The method is rate-limited by IP to 5 requests per 30 minutes.
* Redirect users back to app from confirmation if they were created with an app
* Add tests
* Return 403 on the method if registrations are not open
* Require agreement param to be true in the API when creating an account 
						
					 
					
						2018-12-24 19:12:38 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f0fff3eb10 
							
						 
					 
					
						
						
							
							Support min_id-based pagination in REST API ( #8736 )  
						
						... 
						
						
						
						* Allow min_id pagination in Feed#get
* Add min_id pagination to home and list timeline APIs
* Add min_id pagination to account statuses, public and tag APIs
* Remove unused stub in reports API
* Use min_id pagination in notifications, favourites, and fix order
* Fix HomeFeed#from_database not using paginate_by_id 
						
					 
					
						2018-09-28 02:23:45 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2288d50a7b 
							
						 
					 
					
						
						
							
							Add force_login option to OAuth authorize page ( #8655 )  
						
						... 
						
						
						
						* Add force_login option to OAuth authorize page
For when a user needs to sign into an app from multiple accounts
on the same server
* When logging out from modal header, redirect back after re-login 
						
					 
					
						2018-09-09 04:10:44 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2f34b747b3 
							
						 
					 
					
						
						
							
							Allow mods to disable login, improve message when login disabled ( #8329 )  
						
						... 
						
						
						
						* Allow moderators to disable/enable login
* Instead of rejecting login, show forbidden error when login disabled
Avoid confusion because when login is rejected, the message is that
the account is not activated, which is wrong.
* Fix tests 
						
					 
					
						2018-08-23 23:26:29 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1f6ed4f86a 
							
						 
					 
					
						
						
							
							Add more granular OAuth scopes ( #7929 )  
						
						... 
						
						
						
						* Add more granular OAuth scopes
* Add human-readable descriptions of the new scopes
* Ensure new scopes look good on the app UI
* Add tests
* Group scopes in screen and color-code dangerous ones
* Fix wrong extra scope 
						
					 
					
						2018-07-05 18:31:35 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f62ee1ddb0 
							
						 
					 
					
						
						
							
							Disable API access when login is disabled ( #7289 )  
						
						
						
					 
					
						2018-04-30 09:13:14 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							fce8464077 
							
						 
					 
					
						
						
							
							Ensure that boolean params in the API are parsed for truthiness ( #6575 )  
						
						... 
						
						
						
						Use Rails smart boolean cast to account for values such as "f",
"0", "false", etc. Previously, if a param was present in the request,
it would count as true. 
						
					 
					
						2018-03-01 02:47:59 +01:00