Commit Graph

14385 Commits

Author SHA1 Message Date
dependabot[bot] 6e0d3c181d
Bump @babel/preset-env from 7.15.0 to 7.15.4 (#16706)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.0 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-10 09:24:39 +09:00
Claire 7aa4d481db Fix media icons not being added in CWs 2021-09-09 17:14:09 +02:00
dependabot[bot] c5606db9da
Bump devise-two-factor from 4.0.0 to 4.0.1 (#16705)
Bumps [devise-two-factor](https://github.com/tinfoil/devise-two-factor) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/tinfoil/devise-two-factor/releases)
- [Changelog](https://github.com/tinfoil/devise-two-factor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tinfoil/devise-two-factor/compare/v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: devise-two-factor
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:43:00 +09:00
dependabot[bot] eb837b3cb3
Bump sass from 1.38.2 to 1.39.0 (#16707)
Bumps [sass](https://github.com/sass/dart-sass) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.38.2...1.39.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:42:38 +09:00
dependabot[bot] b61bdf83f3
Bump axios from 0.21.1 to 0.21.4 (#16709)
Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.4.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.4)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:41:47 +09:00
dependabot[bot] b09b28ce28
Bump @babel/runtime from 7.15.3 to 7.15.4 (#16710)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.15.3 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:41:26 +09:00
dependabot[bot] bcfbd53d5b
Bump react-redux from 7.2.4 to 7.2.5 (#16708)
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.2.4 to 7.2.5.
- [Release notes](https://github.com/reduxjs/react-redux/releases)
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.4...v7.2.5)

---
updated-dependencies:
- dependency-name: react-redux
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:41:03 +09:00
dependabot[bot] 02952bde96
Bump npmlog from 5.0.0 to 5.0.1 (#16704)
Bumps [npmlog](https://github.com/npm/npmlog) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/npm/npmlog/releases)
- [Changelog](https://github.com/npm/npmlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/npmlog/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: npmlog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:40:14 +09:00
dependabot[bot] abed4fe4e5
Bump oj from 3.13.2 to 3.13.4 (#16703)
Bumps [oj](https://github.com/ohler55/oj) from 3.13.2 to 3.13.4.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.13.2...v3.13.4)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:39:49 +09:00
dependabot[bot] ba957156f9
Bump aws-sdk-s3 from 1.100.0 to 1.102.0 (#16702)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.100.0 to 1.102.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:39:21 +09:00
dependabot[bot] da38b11683
Bump @babel/core from 7.15.0 to 7.15.5 (#16712)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.15.0 to 7.15.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.5/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:36:14 +09:00
Holger 209f8f3a60
use relative path for `scope` (#16714)
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
2021-09-08 23:33:36 +02:00
Claire 12cd097e7c
Fix addressing of remote groups' followers (#16700)
Fixes #16699
2021-09-08 23:33:23 +02:00
Claire 4a94f4127b Fix glitch-soc front-end not linking to the provided SOURCE_URL 2021-09-08 16:36:45 +02:00
Claire 6bbcd99f14 Fix media attachments not being displayed on polls
Fixes #1595
2021-09-08 16:36:30 +02:00
Claire e2921375c3
Merge pull request #1597 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-09-08 14:16:17 +02:00
Claire 5d81d621b6 Merge branch 'main' into glitch-soc/merge-upstream 2021-09-08 13:27:37 +02:00
Claire 127aaa8174
Merge pull request #1594 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-09-08 13:24:54 +02:00
Claire 7c7e78d807
Fix suspicious sign-in mail text being out of date (#16690)
Fixes #16687
2021-09-04 16:44:50 +02:00
Claire f9185c72a9 Merge branch 'main' into glitch-soc/merge-upstream 2021-09-02 10:52:09 +02:00
Claire 2b18f7a943
Fix processing mentions to domains with non-ascii TLDs (#16689)
Fixes #16602
2021-09-01 22:06:40 +02:00
dependabot[bot] f81ff4e5ed
Bump eslint-plugin-react from 7.24.0 to 7.25.1 (#16680)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.24.0 to 7.25.1.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-react
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-01 08:18:55 +09:00
dependabot[bot] 6abbae5096
Bump tar from 6.1.3 to 6.1.11 (#16685)
Bumps [tar](https://github.com/npm/node-tar) from 6.1.3 to 6.1.11.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v6.1.3...v6.1.11)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-01 08:18:29 +09:00
dependabot[bot] 30b9630fc7
Bump rqrcode from 2.0.0 to 2.1.0 (#16678)
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/whomwah/rqrcode/releases)
- [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whomwah/rqrcode/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: rqrcode
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:58:34 +09:00
dependabot[bot] dbc59eb2a8
Bump rubocop from 1.19.1 to 1.20.0 (#16674)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.1 to 1.20.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.1...v1.20.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:56:14 +09:00
dependabot[bot] c8ed5dad7c
Bump nokogiri from 1.12.3 to 1.12.4 (#16675)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.3 to 1.12.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.3...v1.12.4)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:56:07 +09:00
dependabot[bot] 56f465e571
Bump aws-sdk-s3 from 1.99.0 to 1.100.0 (#16676)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.99.0 to 1.100.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:56:01 +09:00
dependabot[bot] 6a55db34fb
Bump ws from 8.2.0 to 8.2.1 (#16679)
Bumps [ws](https://github.com/websockets/ws) from 8.2.0 to 8.2.1.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.2.0...8.2.1)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:55:49 +09:00
dependabot[bot] ef61fd4670
Bump sass from 1.38.0 to 1.38.2 (#16671)
Bumps [sass](https://github.com/sass/dart-sass) from 1.38.0 to 1.38.2.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.38.0...1.38.2)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29 09:00:57 +09:00
dependabot[bot] 1b1284afea
Bump eslint-plugin-import from 2.24.1 to 2.24.2 (#16668)
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.1 to 2.24.2.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.1...v2.24.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29 09:00:41 +09:00
dependabot[bot] 63a0cba480
Bump url-parse from 1.5.1 to 1.5.3 (#16666)
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.3)

---
updated-dependencies:
- dependency-name: url-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:18:58 +02:00
dependabot[bot] e617690840
Bump color-string from 1.5.3 to 1.6.0 (#16665)
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/Qix-/color-string/releases)
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Qix-/color-string/commits/1.6.0)

---
updated-dependencies:
- dependency-name: color-string
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:18:35 +02:00
dependabot[bot] 25330a9f04
Bump http from 4.4.1 to 5.0.1 (#16438)
Bumps [http](https://github.com/httprb/http) from 4.4.1 to 5.0.1.
- [Release notes](https://github.com/httprb/http/releases)
- [Changelog](https://github.com/httprb/http/blob/master/CHANGES.md)
- [Commits](https://github.com/httprb/http/compare/v4.4.1...v5.0.1)

---
updated-dependencies:
- dependency-name: http
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:17:59 +02:00
dependabot[bot] 22a9952040
Bump y18n from 4.0.0 to 4.0.3 (#16664)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)

---
updated-dependencies:
- dependency-name: y18n
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:15:05 +02:00
dependabot[bot] 173d2d27e5
Bump jest from 26.6.3 to 27.1.0 (#16376)
* Bump jest from 26.6.3 to 27.0.4

Bumps [jest](https://github.com/facebook/jest) from 26.6.3 to 27.0.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Set test environment for jest

* Remove unnecessary ext

* Bump jest from 27.0.4 to 27.1.0

* Remove --coverage option

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-08-28 09:58:04 +09:00
dependabot[bot] 894605a68c
Bump sidekiq from 6.2.1 to 6.2.2 (#16647)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 08:59:45 +09:00
Claire e7e04b46d7
Merge pull request #1591 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2021-08-27 15:28:00 +02:00
dependabot[bot] 42de346335
Bump webpacker from 5.4.0 to 5.4.2 (#16648)
Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2)

---
updated-dependencies:
- dependency-name: webpacker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:43 +09:00
dependabot[bot] 1c8ce9ae34
Bump faker from 2.18.0 to 2.19.0 (#16646)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:00 +09:00
dependabot[bot] 89d62f23c8
Bump rubocop from 1.19.0 to 1.19.1 (#16649)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:46:28 +09:00
matildepark 39193be1c4 [Glitch] Fix follow request count to dynamically update
Port 79341d0f5f to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-27 11:31:09 +02:00
Claire 463d23dfd5 Merge branch 'main' into glitch-soc/merge-upstream 2021-08-27 11:29:03 +02:00
Truong Nguyen 7283a5d3b9
Explicitly set userVerification to discoraged (#16545) 2021-08-26 09:51:22 -05:00
Claire 94bcf45321
Fix authentication failures after going halfway through a sign-in attempt (#16607)
* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25 22:52:41 +02:00
Daniel 2ed1c92c63
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.

We need a new environment variable like for SAML to assume the email
from CAS is verified.

* config/initializers/omniauth.rb: define CAS option for assuming
  email are always verified.
* .env.nanobox: add new variable as an example.
2021-08-25 18:41:24 +02:00
dependabot[bot] 366e0b82db
Bump rails from 6.1.4 to 6.1.4.1 (#16650)
Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-26 01:39:55 +09:00
matildepark 79341d0f5f
Fix follow request count to dynamically update (#16652) 2021-08-25 17:46:29 +02:00
Daniel 5c21021176
Fix undefined variable for Auth::OmniauthCallbacksController (#16654)
The addition of authentication history broke the omniauth login with
the following error:

  method=GET path=/auth/auth/cas/callback format=html
  controller=Auth::OmniauthCallbacksController action=cas status=500
  error='NameError: undefined local variable or method `user' for
  #<Auth::OmniauthCallbacksController:0x00000000036290>
  Did you mean?  @user' duration=435.93 view=0.00 db=36.19

* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
  name to `@user`
2021-08-25 17:40:56 +02:00
dependabot[bot] 4562ada4b9
Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:53 +09:00
dependabot[bot] dd096568d9
Bump ws from 8.1.0 to 8.2.0 (#16636)
Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:38 +09:00