* Fix#3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation
* Restore recovery code re-generation
* Improve display of some 2FA elements
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
* Fix#2347 - Bind web UI access token to session
When you logout, session also destroys the access token, so it's no longer
valid. If access token is destroyed some other way, the session is also
destroyed, requiring a re-login.
Fix#1681 - Add scheduler to remove revoked access tokens and grants
* Fix test
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
* Introduce domains method to Account relation
Account had followers_domains method, which was excessively specific.
Let relation of Account have domains method instead.
* Move follow_mapping in Account to AccountInteractions
* Introduce shared examples for AccountAvatar inclusion
* Cover Account more
* Fix regression from #3842
Simplify the query by omitting all direct statuses. Private statuses
are allowed because they are from accounts we are following (so
by definition)
Resolves#3887 (alternative)
* Adjust test
(This patch has been merged as bugfix and reverted, but still valuable as
improvement)
Previously, we've attached IntersectionObserver twice for boosted statuses:
wrapper Status and wrapped Status. but wrapped Status don't need to manage
intersection and visibility by itself, because it's a part of wrapper Status.
* Revert "Bump version to 1.4.4"
This reverts commit 1585b0c6cc.
* Revert "Fix conversations (fixes#3869) (#3870)"
This reverts commit 15b43f555d.
* Revert "Fix streaming server. Redis connection subscribe for each channel. (#3828)"
This reverts commit d8ec832806.
* Revert "Filter direct statuses in Status.as_home_timeline (#3842)"
This reverts commit bab5a18232.
* Revert "Fix RemoteFollow behavior (#3868)"
This reverts commit a20cf3b64e.
* Revert "Update fabricator for MediaAttachment to attach a file according to type (#3862)"
This reverts commit 356df7ae6b.
* Revert "Upgrade React Router (#3677)"
This reverts commit 8f03fdce7f.
* Revert "Do not call setState from unmounted component (#3853)"
This reverts commit 1fc6cb4997.
* Revert "Replace TextIconButton for SensitiveButton to IconButton (#3759)"
This reverts commit eb832e88f4.
* Revert "Fix RTL detection on Ruby side (#3867)"
This reverts commit b16b69350e.
* Revert "i18n: Fixed typo in Polish translation (#3864)"
This reverts commit da6fa029f6.
* Revert "Don't attach IntersectionObserver for wrapped statuses (#3863)"
This reverts commit 94ad0706f5.
The classes using Status.as_home_timeline, namely Feed and
PrecomputeFeedService are expected to filter direct statuses as
FanOutWriteService does, but their filtering were incomplete or missing.
This commit solves the problem by filtering direct statuses in
as_home_timeline as the other similar methods such as as_public_timeline
does.
This fixes a bug that sometimes boosted statuses being hidden on scrolling.
Previously, we've attached IntersectionObserver twice for boosted statuses:
wrapper Status and wrapped Status. This will call intersection handler twice,
so this may results race condition...probably.
* Whitelist allowed classes for federated statuses
Allowed classes are currently:
- Any microformats class (h/p/u/dt/e-*)
- the classes mention, hashtag, ellipses and invisible.
this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text.
resolved#3790
* Fix code style
mergeDeep also merges columns, but it should be replaced simply.
So in the new function, first apply mergeDeep except columns, and set default columns if columns unset.
* Make Pubsubhubbub::DistributionWorker handle both single stream entry
arguments, as well as arrays of stream entries
* Add BatchedRemoveStatusService, make SuspendAccountService use it
* Improve method names
* Add test
* Add more tests
* Use PuSH payloads of 100 to have a clear mapping of
1000 input statuses -> 10 PuSH payloads
It was nice while it lasted
* Add form for account deletion
* If avatar or header are gone from source, remove them
* Add option to have SuspendAccountService remove user record, add tests
* Exclude suspended accounts from search
* Fix#2619 - When redis feed is empty, fall back to database
* Use redis value to return feed from database only while RegenerationWorker
hasn't finished running
* Fix specs
* Replace usage of reject!
TagManager.local_url? was sometimes called with an URI with a nil host,
leading to a crash in TagManager.local_url?. This fixes moves the
already-existing uri.host.blank? check in front to avoid this case.