catstodon/app/controllers
Eugen Rochko daf71573d0
Fix password change/reset not immediately invalidating other sessions (#12928)
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.

This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
2020-01-24 00:20:38 +01:00
..
activitypub Fix incoming federation in whitelist mode (#12185) 2019-10-24 22:45:35 +02:00
admin Fix relationships page not showing results in admin UI (#12934) 2020-01-24 00:20:23 +01:00
api Add announcements (#12662) 2020-01-23 22:00:13 +01:00
auth Fix password change/reset not immediately invalidating other sessions (#12928) 2020-01-24 00:20:38 +01:00
concerns Fix base64-encoded file uploads not being possible (#12748) 2020-01-04 01:54:07 +01:00
oauth Fix settings pages being cacheable by the browser (#12714) 2019-12-30 04:38:30 +01:00
settings Fix base64-encoded file uploads not being possible (#12748) 2020-01-04 01:54:07 +01:00
well_known Fix uncaught unknown format errors in host meta controller (#12747) 2020-01-03 05:28:56 +01:00
about_controller.rb Add table of contents to about page (#11885) 2019-09-19 11:09:05 +02:00
account_follow_controller.rb Restful refactor of accounts/ routes (#2133) 2017-04-19 13:52:37 +02:00
account_unfollow_controller.rb Restful refactor of accounts/ routes (#2133) 2017-04-19 13:52:37 +02:00
accounts_controller.rb Fix RSS caching (but disable localization) (#12054) 2019-10-02 18:30:33 +02:00
application_controller.rb Fix base64-encoded file uploads not being possible (#12748) 2020-01-04 01:54:07 +01:00
authorize_interactions_controller.rb Add remote interaction dialog for toots (#8202) 2018-08-18 03:03:12 +02:00
custom_css_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
directories_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
emojis_controller.rb Add (back) rails-level JSON caching (#11333) 2019-07-21 22:32:16 +02:00
filters_controller.rb Fix missing authentication call in filters controller (#12746) 2020-01-03 05:29:08 +01:00
follower_accounts_controller.rb Hide blocked users from more places (#12733) 2019-12-31 00:55:32 +01:00
following_accounts_controller.rb Hide blocked users from more places (#12733) 2019-12-31 00:55:32 +01:00
home_controller.rb Fix blurhash and autoplay not working on public pages (#11585) 2019-08-16 19:15:05 +02:00
instance_actors_controller.rb Fix reverse-proxy caching of instance actor object (#11561) 2019-08-13 15:30:37 +02:00
intents_controller.rb Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 12:03:45 +02:00
invites_controller.rb Add invite comments (#10465) 2019-08-19 11:40:42 +02:00
manifests_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
media_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
media_proxy_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
public_timelines_controller.rb Fix blurhash and autoplay not working on public pages (#11585) 2019-08-16 19:15:05 +02:00
relationships_controller.rb Change followers page to relationships page in admin UI (#12927) 2020-01-23 20:33:20 +01:00
remote_follow_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
remote_interaction_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
shares_controller.rb Fix blurhash and autoplay not working on public pages (#11585) 2019-08-16 19:15:05 +02:00
statuses_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
tags_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00