Commit Graph

12 Commits

Author SHA1 Message Date
Eugen Rochko 964ae8eee5
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.

Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.

After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.

Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
Eugen Rochko b851456139
Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` (#11247) 2019-07-07 16:16:51 +02:00
aus-social 1f98eae1cf Lint pass (#8876) 2018-10-04 12:36:53 +02:00
Jakub Mendyk 6cb3514d64 Add ability to change an instance default theme from the administration panel (#7092) (#8381)
* Add default_settings class method to ScopedSettings

ScopedSettings was extended to use value of unscoped setting instead of
only using defaults set in config/settings.yml for selected settings.
This adds possibility for admins to set default values of users' settings,
for example default theme (as requested in #7092).

* Add ability to change an instance default theme

Closes #7092
2018-08-23 14:17:35 +02:00
Yamagishi Kazutoshi d10447c3a8 Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00
Emelia Smith 2e59751823 Improve require_admin! and require_staff! filters (#7018)
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
2018-04-03 13:07:32 +02:00
Yamagishi Kazutoshi 1d92b90be9 Fix force_ssl conditional (#6201) 2018-01-07 15:19:23 +01:00
unarist 0f1b1d78b1 Use "match_array" only for order independent assertions (#3626) 2017-06-07 12:59:28 -04:00
Akihiko Odaki (@fn_aki@pawoo.net) 10768aa204 Spec response for forgery (#3248)
Remove protect_from_forgery in ApiController, which is disabled by the
following skip_before_action, as well.
2017-06-01 20:56:55 +02:00
Yamagishi Kazutoshi 41fa53253c Keep ENV['LOCAL_HTTPS'] with ApplicationControllerSpec (fix random fail) (#3479)
* Keep ENV['LOCAL_HTTPS'] with ApplicationControllerSpec (fix random fail)

* use climate_control
2017-05-31 17:09:17 +02:00
Akihiko Odaki bda7391221 Cover ApplicationController more in spec (#3230) 2017-05-22 17:58:57 +02:00
Akihiko Odaki aa662cecad single_user_mode? always returns boolean (#3215)
This change also adds a specification for the method.
2017-05-22 06:00:06 +02:00