* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
This is diverging behaviour from upstream and was fixed by me in [1]
already. It is working fine on queer.group and therefore now going to be
merged into this fork.
[1]: https://github.com/hometown-fork/hometown/pull/1321
- Align webfinger_controller with upstream
- Remove validation from webhook (It's not in v4.2.1, I don't know where it came from)
- Remove show_application from other view (merge error)
- Remove duplicate display name from account header
- Fix misspelled className for navigation bar
Conflict resolution:
- app/javascript/mastodon/features/compose/components/search_results.jsx:
taken as is
- app/models/account.rb: use upstream SQL queries for filtering
- app/models/media_attachment.rb: use upstream ffmpeg settings
- config/locales/de.yml: merged
- cli: followed upstream
- version.rb: followed upstream, since we can use environment variables for the suffix now
- lib/paperclip: chose their spoof detector
- lib/sanitize: merged h1-h6 into supported elements, allowed translated attribute
- config/environments: follow upstream
- config/initializers: follow upstream
- config/application.rb: follow upstream
- config/locales: translations with %{title} prefix were replaced with hardcoded "Mastodon:" prefixes, should be fixed afterwards
it's inconsistent anyway right now
- config/settings: removed settings that were removed in upstream
- config/routes: followed upstream, due to API restructurings. Is there some hometown-specific API stuff that might be missing now?
- spec/: followed upstream, might have lost hometown-specific tests, but I haven't found any on a quick check
- .ruby-version, Gemfile, etc.: upstream
- .github/workflows: upstream
- about: followed upstream, therefore the static homepage is gone :/
- credentials: moved federation into the settings_attributes
- lists: follow upstream, `:is_exclusive` -> `:exclusive`
- statuses: keep local only
- account_statuses_filter: still hide local only posts for anonymous users
- activitypub/activity/create:
- keep activity_pub_type in params
- text: use hometown's way for determining the content
- spoiler: use hometown's mechanism
- feed_manager: use upstream exclusive list mechanism
- plain_text_formatter: use upstream way with html decoding, as I'm not sure whether we still have the Nokogiri library(?) available
problem: might remove tags that we want to keep?
- text_formatter: follow upstream
- account: use upstream MENTION_RE expression
- backup: follow upstream for permission validation
- list: follow upstream, is_exclusive -> exclusive !! WE MIGHT NEED A MIGRATION!
- status: moved set_locality hook to the others
- user: delegates for settings (federation, autoplay, etc.) were removed upstream, follow them
- webhook: follow upstream
- initial_state_serializer: keep max_toot_chars
- list_serializer: follow rename of is_exclusive -> exclusive
Use upstream version, since the translation API got upgraded to v2.
Use upstream version of vote_validator.
- admin/webhooks/_form: add group for template
- settings/preferences/appearance/show: add new input for 'expand_usernames'
check: missing translations, especially for hints
- settings/preferences/other/show: added input groups for no_rss and default_privacy
check: missing translations, especially for hints
- settigngs/profiles: upstream removed verification banner, follow them
Followed upstream changes.
Incorporated upstream changes and put the local_only check back in the correct place.
Ignored hometown changes, take upstream version.
- actions/lists: follow exclusive list naming
- components/column_back_button: follow upstream router refactoring
- components/column_header: follow upstream router refactoring
- components/hashtag: keep hometown behaviour, add href to links
- components/media_gallery: merge alt text indicator into upstream
- components/status: merge timestamp click -> original page
- components/status_action_bar: upstream removed the share button, follow them
- components/status_content:
- still make remote usernames => check: does the new href work?
- make translate button always visible like upstream
- keep hometown-specific changes for Articles and other posts
- features/header: keep header link
- features/account_gallery/components/media_item: keep link
- features/audio/index: keep no media description indicator, merge upstream styles
- features/compose/components/compose_form:
- merge max chars logic
- merge federation dropdown
- features/compose/components/navigation_bar: keep href to profile
- features/compose/components/poll_form: keep "is multiple" toggle
- features/compose/index: keep column header
- features/follow_requests/components/account_authorize: keep external link
- features/list_editor/components/edit_list_form: overwritten from upstream
- features/list_timeline/index: overwritten from upstream
- features/components/follow_request: keep external link
- features/components/notification: keep external link
- features/picture_in_picture/components/footer: keep external link
- features/status/components/detailed_status: keep external link
- features/ui/components/boost_modal: keep external link
- features/ui/index: merge upstream changes
- features/video/: keep no media description indicator
- containers/status_container: overwrite with upstream
- locales: best-effort merge, but I wouldn't trust it. should be normalized in some way.
Conflict resolution:
1. decided to add the build-image workflow, we can adjust it later
2. JS conflicts are just missing semicolons, added them
3. en_GB translations were removed upstream, following them.
There were quite a couple of conflicts, they were resolved in the
following manner:
- Translations: Moved to "publish" as translation, aligns with other
languages
- Options: `trends_as_landing_page` is kept false
- UI: clicking the display name opens the original profile
Potential problems:
1. Not all translations for mails and stuff are prefixed with
`%{title}`, some are, some are hardcoded to `Mastodon`.
nachtjasmin
Claire
Jeong Arm
Eugen Rochko
Matt Jankowski
Essem