dependabot[bot]
5b8928fef9
Bump reselect from 4.1.2 to 4.1.4 ( #17025 )
...
Bumps [reselect](https://github.com/reduxjs/reselect ) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/reduxjs/reselect/releases )
- [Changelog](https://github.com/reduxjs/reselect/blob/master/CHANGELOG.md )
- [Commits](https://github.com/reduxjs/reselect/compare/v4.1.2...v4.1.4 )
---
updated-dependencies:
- dependency-name: reselect
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-26 14:01:53 +09:00
dependabot[bot]
9a77a16087
Bump @babel/plugin-proposal-decorators from 7.16.0 to 7.16.4 ( #17027 )
...
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators ) from 7.16.0 to 7.16.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.16.4/packages/babel-plugin-proposal-decorators )
---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-26 14:01:31 +09:00
Eugen Rochko
7de0ee7aba
Remove Keybase integration ( #17045 )
2021-11-26 05:58:18 +01:00
Eugen Rochko
12b3ff6c6d
Fix error on trending hashtags/links pages in admin UI due to missing constant ( #17044 )
2021-11-26 01:12:39 +01:00
Claire
b1fd6d4490
Fix handling of recursive toots in WebUI ( #17041 )
2021-11-25 23:46:39 +01:00
Claire
013bee6afb
Fix filtering DMs from non-followed users ( #17042 )
2021-11-25 23:46:30 +01:00
Eugen Rochko
6e50134a42
Add trending links ( #16917 )
...
* Add trending links
* Add overriding specific links trendability
* Add link type to preview cards and only trend articles
Change trends review notifications from being sent every 5 minutes to being sent every 2 hours
Change threshold from 5 unique accounts to 15 unique accounts
* Fix tests
2021-11-25 13:07:38 +01:00
zunda
46e62fc4b3
Upgrade Ruby to 3.0.3 ( #17038 )
...
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
2021-11-24 20:29:05 +01:00
trwnh
08a7c5139d
Better ordering for bug report issue template ( #17019 )
...
Logically, it makes more sense to provide the steps leading up to the bug before asking what the bug is. This change moves "steps to reproduce" above "expected behavior" and "actual behavior" to enforce the above progression and logical flow.
2021-11-24 20:24:09 +01:00
Claire
02a87431cf
Fix error when suspending user with an already-existing canonical email block ( #17036 )
...
* Fix error when suspending user with an already-existing canonical email block
Fixes #17033
While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.
A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.
* Add tests
2021-11-24 17:41:03 +01:00
Claire
9c44cf205f
Add FEDERATION.md ( #17029 )
...
Some ActivityPub projects have a FEDERATION.md which is used to describe the
various extensions they use.
Everything here is also documented elsewhere, but it's a concise starting point
with links to that documentation.
2021-11-23 00:15:31 +01:00
Claire
db32835338
Fix overflow of long profile fields in admin view ( #17010 )
2021-11-19 18:22:49 +01:00
Claire
6159020617
Fix background-color of emoji-mart selector ( #17011 )
...
Reverts part of #16907 to fix hardcoded color
2021-11-19 18:21:37 +01:00
Takeshi Umeda
3419d3ec84
Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) ( #16915 )
...
* Bump chewy from 5.2.0 to 7.2.2
* fix style (codeclimate)
* fix style
* fix style
* Bump chewy from 7.2.2 to 7.2.3
2021-11-18 22:02:08 +01:00
Mashiro
2b6a25c609
Add lazy load to emoji-mart ( #16907 )
...
* perf: lazyload emoji-mart!
* Bump lazyload
2021-11-18 22:01:31 +01:00
Shlee
d647f6ad04
Update Dockerfile ( #16939 )
2021-11-18 22:00:38 +01:00
Shlee
ac8ad78e91
[Docker-Compose] [Breaking] Postgres 9.6 is EOL (11th Nov 2021) - Migrate to 14 Stable ( #16947 )
...
* Update docker-compose.yml
* Update docker-compose.yml
* Update docker-compose.yml
* Update docker-compose.yml
2021-11-18 22:00:27 +01:00
Shlee
c242c1d87a
Ruby 3.0.2 Upgrade ( #16982 )
...
* Update .ruby-version
* Update Gemfile
* Update Gemfile.lock
* Update Dockerfile
* Update check-i18n.yml
* Update config.yml
* Update config.yml
2021-11-18 21:59:57 +01:00
Shlee
bc348dbe94
[Dockerfile] Upgrade ElasticSearch-OSS 6.8.10 to 7.10.2 ( #16956 )
...
* Update docker-compose.yml
* Update docker-compose.yml
* Update docker-compose.yml
2021-11-18 21:59:34 +01:00
dependabot[bot]
4ad7b81bc9
Bump aws-sdk-s3 from 1.105.1 to 1.106.0 ( #17001 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.105.1 to 1.106.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:44:23 +09:00
dependabot[bot]
d0d69fd88a
Bump mime-types from 3.4.0 to 3.4.1 ( #17002 )
...
Bumps [mime-types](https://github.com/mime-types/ruby-mime-types ) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/mime-types/ruby-mime-types/releases )
- [Changelog](https://github.com/mime-types/ruby-mime-types/blob/main/History.md )
- [Commits](https://github.com/mime-types/ruby-mime-types/compare/v3.4.0...v3.4.1 )
---
updated-dependencies:
- dependency-name: mime-types
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:44:08 +09:00
dependabot[bot]
0d624c89f8
Bump eslint-plugin-jsx-a11y from 6.4.1 to 6.5.1 ( #16993 )
...
Bumps [eslint-plugin-jsx-a11y](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y ) from 6.4.1 to 6.5.1.
- [Release notes](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/releases )
- [Changelog](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/compare/v6.4.1...v6.5.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-jsx-a11y
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:42:12 +09:00
dependabot[bot]
e53fb1569c
Bump letter_opener_web from 1.4.1 to 2.0.0 ( #16960 )
...
Bumps [letter_opener_web](https://github.com/fgrehm/letter_opener_web ) from 1.4.1 to 2.0.0.
- [Release notes](https://github.com/fgrehm/letter_opener_web/releases )
- [Changelog](https://github.com/fgrehm/letter_opener_web/blob/master/CHANGELOG.md )
- [Commits](https://github.com/fgrehm/letter_opener_web/compare/v1.4.1...v2.0.0 )
---
updated-dependencies:
- dependency-name: letter_opener_web
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:20:31 +09:00
dependabot[bot]
1b46004635
Bump eslint-plugin-import from 2.25.2 to 2.25.3 ( #16995 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.25.2 to 2.25.3.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.25.2...v2.25.3 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:08:10 +09:00
dependabot[bot]
ffcb58414e
Bump @babel/runtime from 7.16.0 to 7.16.3 ( #16994 )
...
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime ) from 7.16.0 to 7.16.3.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.16.3/packages/babel-runtime )
---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:07:56 +09:00
dependabot[bot]
934c62dc05
Bump eslint-plugin-react from 7.26.1 to 7.27.0 ( #16992 )
...
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react ) from 7.26.1 to 7.27.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases )
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.26.1...v7.27.0 )
---
updated-dependencies:
- dependency-name: eslint-plugin-react
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:07:15 +09:00
dependabot[bot]
08114772db
Bump mime-types from 3.3.1 to 3.4.0 ( #16991 )
...
Bumps [mime-types](https://github.com/mime-types/ruby-mime-types ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/mime-types/ruby-mime-types/releases )
- [Changelog](https://github.com/mime-types/ruby-mime-types/blob/main/History.md )
- [Commits](https://github.com/mime-types/ruby-mime-types/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: mime-types
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:06:58 +09:00
dependabot[bot]
7936bae40c
Bump sprockets-rails from 3.2.2 to 3.4.0 ( #16990 )
...
Bumps [sprockets-rails](https://github.com/rails/sprockets-rails ) from 3.2.2 to 3.4.0.
- [Release notes](https://github.com/rails/sprockets-rails/releases )
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.2.2...v3.4.0 )
---
updated-dependencies:
- dependency-name: sprockets-rails
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:06:40 +09:00
dependabot[bot]
96f1538cc8
Bump rubocop from 1.22.3 to 1.23.0 ( #16989 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.22.3 to 1.23.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.22.3...v1.23.0 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:06:26 +09:00
Shlee
03338d1297
[Dockerfile] [Security] Update NodeJS to V16 (LTS) on docker. ( #16856 )
...
* [Security] Update NodeJS on docker.
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
* Update Dockerfile
* Upgrade npm package
* Update Dockerfile
2021-11-17 07:57:01 +01:00
Eugen Rochko
f603de1f4c
Add manual GitHub Actions runs ( #17000 )
2021-11-16 21:42:14 +01:00
Claire
48f8658d34
Fix upload of remote media with OpenStack Swift sometimes failing ( #16998 )
...
Under certain conditions, files fetched from remotes trigger an error when
being uploaded using OpenStack Swift. This is because in some cases, the
remote server will not return a content-length, so our ResponseWithLimitAdapter
will hold a `nil` value for `#size`, which will lead to an invalid value
for the Content-Length header of the Swift API call.
This commit fixes that by taking the size from the actually-downloaded file
size rather than the upstream-provided Content-Length header value.
2021-11-16 21:36:28 +01:00
Claire
3517867b76
Fix confusing error when webfinger request returns empty document ( #16986 )
...
For some reason, some misconfigured servers return an empty document when
queried over webfinger. Since an empty document does not lead to a parse
error, the error is not caught properly and triggers uncaught exceptions
later on.
This PR fixes that by immediately erroring out with `Webfinger::Error` on
getting an empty response.
2021-11-14 21:55:40 +01:00
Eugen Rochko
4b616c4f0a
Change workflow to push to Docker Hub ( #16980 )
2021-11-14 06:11:05 +01:00
Eugen Rochko
5d7c852283
Fix no link previews being generated for pages with invalid structured data ( #16979 )
...
Fix #16955
2021-11-13 23:07:13 +01:00
dependabot[bot]
070b1b8397
Bump react-select from 5.1.0 to 5.2.1 ( #16967 )
...
Bumps [react-select](https://github.com/JedWatson/react-select ) from 5.1.0 to 5.2.1.
- [Release notes](https://github.com/JedWatson/react-select/releases )
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md )
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@5.1.0...react-select@5.2.1 )
---
updated-dependencies:
- dependency-name: react-select
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:51:42 +09:00
dependabot[bot]
80c2b305e8
Bump @testing-library/jest-dom from 5.14.1 to 5.15.0 ( #16966 )
...
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom ) from 5.14.1 to 5.15.0.
- [Release notes](https://github.com/testing-library/jest-dom/releases )
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md )
- [Commits](https://github.com/testing-library/jest-dom/compare/v5.14.1...v5.15.0 )
---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:51:07 +09:00
dependabot[bot]
c47ad38853
Bump reselect from 4.1.1 to 4.1.2 ( #16963 )
...
Bumps [reselect](https://github.com/reduxjs/reselect ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/reduxjs/reselect/releases )
- [Changelog](https://github.com/reduxjs/reselect/blob/master/CHANGELOG.md )
- [Commits](https://github.com/reduxjs/reselect/compare/v4.1.1...v4.1.2 )
---
updated-dependencies:
- dependency-name: reselect
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:49:38 +09:00
dependabot[bot]
8ce60c94d8
Bump sidekiq from 6.2.2 to 6.3.1 ( #16965 )
...
Bumps [sidekiq](https://github.com/mperham/sidekiq ) from 6.2.2 to 6.3.1.
- [Release notes](https://github.com/mperham/sidekiq/releases )
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md )
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.2...v6.3.1 )
---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:48:34 +09:00
dependabot[bot]
3a5e7495f6
Bump webpack-dev-server from 3.11.2 to 3.11.3 ( #16964 )
...
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server ) from 3.11.2 to 3.11.3.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases )
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/v3.11.3/CHANGELOG.md )
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.11.2...v3.11.3 )
---
updated-dependencies:
- dependency-name: webpack-dev-server
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:46:14 +09:00
dependabot[bot]
554d6831b1
Bump aws-sdk-s3 from 1.104.0 to 1.105.1 ( #16962 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.104.0 to 1.105.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:36:28 +09:00
dependabot[bot]
f460f24fbe
Bump ox from 2.14.5 to 2.14.6 ( #16961 )
...
Bumps [ox](https://github.com/ohler55/ox ) from 2.14.5 to 2.14.6.
- [Release notes](https://github.com/ohler55/ox/releases )
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/ohler55/ox/compare/v2.14.5...v2.14.6 )
---
updated-dependencies:
- dependency-name: ox
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:35:52 +09:00
dependabot[bot]
4b1af2249d
Bump i18n-tasks from 0.9.34 to 0.9.35 ( #16959 )
...
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks ) from 0.9.34 to 0.9.35.
- [Release notes](https://github.com/glebm/i18n-tasks/releases )
- [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md )
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.34...v0.9.35 )
---
updated-dependencies:
- dependency-name: i18n-tasks
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:34:28 +09:00
dependabot[bot]
6a34be0cab
Bump idn-ruby from 0.1.2 to 0.1.4 ( #16958 )
...
Bumps [idn-ruby](https://github.com/deepfryed/idn-ruby ) from 0.1.2 to 0.1.4.
- [Release notes](https://github.com/deepfryed/idn-ruby/releases )
- [Changelog](https://github.com/deepfryed/idn-ruby/blob/master/CHANGES )
- [Commits](https://github.com/deepfryed/idn-ruby/compare/v0.1.2...v0.1.4 )
---
updated-dependencies:
- dependency-name: idn-ruby
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:34:00 +09:00
Claire
ef8deb0878
Fix OpenGraph/LinkedData embeds having incorrectly-generated iframes ( #16978 )
2021-11-13 03:30:27 +01:00
Yusuke Nakamura
e510302a7c
Build container image by GitHub Actions ( #16973 )
...
* Build container image by GitHub Actions
* Trigger docker build only pushed to main branch
* Tweak tagging imgae
- "edge" is the main branch
- "latest" is the tagged latest release
2021-11-12 05:18:29 +01:00
Claire
18b885ee3a
Fix "bundle exec rails mastodon:setup" crashing in some circumstances ( #16976 )
...
Fix regression from #16896
2021-11-11 14:00:30 +01:00
Shlee
1114935e64
[CircleCI] Test using Postgres 14 ( #16948 )
...
* Update config.yml
* Update config.yml
2021-11-06 17:13:51 +01:00
Eugen Rochko
2251db42ec
Forward port version bumps to 3.4.2 and 3.4.3 ( #16945 )
...
* Bump version to 3.4.2
* Bump version to 3.4.3
2021-11-06 05:32:14 +01:00
Claire
6da135a493
Fix reviving revoked sessions and invalidating login ( #16943 )
...
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.
We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.
In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
of them
This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:13:58 +01:00