nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
20245 commits 4 branches 0 tags 121 MiB
Commit graph

9524 commits

Author SHA1 Message Date
Jonne Haß
7fabd9d17f OpenID Connect: Disable form-action CSP on authorization page 
Some browsers apply this CSP rules even to the redirect response
after the POST requests, blocking the redirect_uri redirect
 2020-10-20 18:10:52 +02:00
Jonne Haß
15c11b87ca Merge branch 'next-minor' into develop 2020-09-04 21:58:57 +02:00
Jonne Haß
08395cc877 Migrate configuration to TOML 
YAML is just too easy to get wrong

closes #8132
 2020-09-04 21:48:54 +02:00
Dennis Schubert
517e3b22ba
Expose a user's .current_sign_in_ip in the admin panel 2020-09-02 21:06:13 +02:00
Dennis Schubert
31b28e731d
Merge branch 'next-minor' into develop 2020-06-13 23:31:09 +02:00
Noah Leal
ad91dddd63
Issue #8119 - Add length validation to a profile's gender field. 
closes #8127
 2020-06-13 23:31:03 +02:00
Jonne Haß
d13bcc00e0 Merge branch 'next-minor' into develop 2020-03-21 19:15:14 +01:00
Vitalie Ciubotaru
827a2ce991 Remove links to deleted profiles in admin user stats 
closes #8063
closes #8061
 2020-03-21 19:14:56 +01:00
Jonne Haß
1a7b2b0c31 API: extend /search/user with a filter option 
See API docs for more details
 2020-03-20 12:39:09 +01:00
Jonne Haß
2d28ddc1ef Add API route to (un)block a user 2020-03-20 12:38:27 +01:00
Jonne Haß
cd6e02ccec API: allow post creation without a body when there are photos 2020-02-20 18:50:32 +01:00
Jonne Haß
e9242d7754 API: Fix fetching explicitly not only unread conversations 2020-02-17 10:59:10 +01:00
Jonne Haß
00df0b7bda API: add new route to search for tags 2020-02-17 10:58:04 +01:00
Benjamin Neff
4139ae2549
Merge branch 'next-minor' into develop 2020-02-12 00:13:19 +01:00
Dennis Schubert
2e2b42ef1a
Mark non-attribute usage in SQL queries as safe. 
Non-attribute arguments will be disallowed in Rails 6.0.
 2020-02-11 23:54:55 +01:00
Dennis Schubert
4685df634c
Make Person.search_query_string public. 
Accessibility of private/protected class methods in :scope is deprecated and will be removed in Rails 6.0.
 2020-02-11 23:53:14 +01:00
Dennis Schubert
45e8b54bea
Check for status codes instead of relying on response.redirect?. 
Rack did so much refactoring, we do not see a Response object here anymore.
 2020-02-11 23:53:14 +01:00
Dennis Schubert
75ef13b5d1
Replace content_security_policy_nonce with content_security_policy_script_nonce. 
To avoid an conflict with Rails, and to avoid confusing by twitter's gem overloading the method.
 2020-02-11 23:53:14 +01:00
Dennis Schubert
25e9728fae
Do not depend on the default parameter being set in Person#initialize. 
ActiveRecord 5.2.x occasionally calls with a nil parameter explicitly provided, so using default arguments does not work.
 2020-02-11 23:53:14 +01:00
Jonne Haß
6dbef95951 API: return whether post or item was already reported or not 2020-02-09 11:04:59 +01:00
Jonne Haß
8068d8747b API: Fix fetching explicitly not only unread notifications 2020-02-09 11:03:55 +01:00
Jonne Haß
cd0995abf3 API: Don't return notifications target unless it's a post 2020-02-09 11:03:55 +01:00
Jonne Haß
04d0d6dccb API: return mentioned_people for comments 2020-02-04 18:54:53 +01:00
Dennis Schubert
dbbf743920
Add the scaled_full image as a raw image in AvatarPresenter as well. 
This is a temporary workaround. Adding the real raw photo is quite a
challange and touches multiple components nobody wants to touch right
now. As this change is blocking an actual hotfix, this is fine, and will
be properly fixed at a later time.
 2020-02-04 15:52:57 +01:00
Dennis Schubert
bf55d07580
Re-add sizes.raw to the photo JSON 
because we need it for showing the raw image in the lightbox. This got lost, as the photo extension was made after API development started.
 2020-02-04 14:38:49 +01:00
Jonne Haß
2e7526bac5 API: Let hide endpoint take payload as documented and act according to it 2020-02-02 21:49:20 +01:00
Jonne Haß
dcbd02cf7f Return 403 for unauthorized API requests 
Also cleanup error handling code and remove last translatable
API error messages
 2020-02-02 21:49:20 +01:00
Jonne Haß
884de9008f API: rename poll_answer_id to poll_answer in post interactions vote endpoint 2020-02-02 21:26:33 +01:00
Jonne Haß
b1f357849b API: return post oEmbed data 2020-02-02 20:15:36 +01:00
Jonne Haß
5921cd0176 API: return post open graph metadata 2020-02-02 20:15:36 +01:00
Jonne Haß
8cae234f45 API: return own vote state in polls 2020-02-02 18:40:07 +01:00
Jonne Haß
b921b71b97 API: ensure nsfw field in post is returned as a boolean 2020-02-02 18:31:46 +01:00
Jonne Haß
0754c92116 API: correct like and comment scopes for private posts 2020-02-02 18:23:34 +01:00
Jonne Haß
fbd0a51829 API: return current users like, reshare and subcription status in post infos 2020-02-02 18:13:55 +01:00
Jonne Haß
6bbcb7415b API: don't make error messages translatable 2020-02-02 18:04:11 +01:00
Jonne Haß
04744b4dac API: Return 409 when trying to create something existing and 410 when trying to delete something already gone 
Probably missed a few more cases where we always return sucess when the user requests
status quo, but this should cover most ground
 2020-02-02 18:04:11 +01:00
Jonne Haß
e8b9a70fbf Ensure API responses adhere to documented error format 2020-02-02 18:04:11 +01:00
Jonne Haß
2da33408f9 Merge branch 'next-minor' into develop 2020-01-27 09:30:14 +01:00
Jonne Haß
1e642be040 Hide sign up link in mobile header when registrations are disabled 
closes #8060
 2020-01-27 09:30:11 +01:00
Jonne Haß
35bfbc9c82 Return missing created_at field on reshares endpoint 2020-01-24 16:58:32 +01:00
Jonne Haß
0935451cd8 Return a default token_endpoint_auth_method when the client gives none in its OpenID Connect registration request 
Since we announce it in the supported metadata, some clients expect to be told what to use and don't fallback to the spec standard of
client_secret_basic on their own.
 2020-01-24 11:02:02 +01:00
Jonne Haß
8d690a9e33 undo changes in introduced by merge conflicts in the api branch 2020-01-21 23:56:01 +01:00
Jonne Haß
16b242fa0f Drop chat_enabled from aspects API 2020-01-21 23:35:01 +01:00
Jonne Haß
3abf6b6f41 return required client_secret_expires_at in openid connect dynamic registration response 2020-01-21 23:35:01 +01:00
Jonne Haß
1bf05e7921 use desktop openid connect authorizations and error pages on mobile for now 2020-01-21 23:35:01 +01:00
Jonne Haß
39c863ead9 Merge branch 'develop' into api 2020-01-21 23:35:01 +01:00
cmrd Senya
6b8cd5d390 API: accept name parameter instead of first name and last name in user patch 2020-01-21 23:34:43 +01:00
cmrd Senya
9e18b19d6a API: render name instead of first_name and last_name in user data 2020-01-21 23:34:43 +01:00
cmrd Senya
c348a763cf API: add profile:read_private scope 2020-01-21 23:34:43 +01:00
Jonne Haß
d08b31f2ed OpenID: remove private profile data claims that are not returned anyway and fix return values for profile and picture 2020-01-21 23:34:43 +01:00