* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
* Validate internal actor
* Use “internal.actor” by default for the server actor username
* Fix instance actor username on the fly if it includes ':'
* Change actor name from internal.actor to mastodon.internal
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes#21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
* fix(status): remove send usage for private unlink_from_conversations
- make unlink_from_conversations public method
- rename unlink_from_conversations to unlink_from_conversations!
- fix send call on private method in statuses_vacuum and batched_remove_status_service
* fix(feeds_vacuum): replace find_in_batches with in_batches
because active record query results should be a little more efficient than
itterating with map and each. Postgres can grasp such lists of ids much quicker
than ruby can.
Will probably make allmost no difference, but cannot hurt either.
* Make autosuggest for mentions return followed accounts first
This makes it so that (when elasticsearch is disabled) when a user types '@foo' in the compose box, they are first going to get accounts they follow ordered by the ranking algorithm, and then second they will get accounts they do not follow, also ordered by the ranking algorithm.
This makes behavior more consistent with user expectation and also with results when elasticsearch is enabled.
* Fix ranking order to correct direction
* One more fixup per @gargron suggestion
* Tweak to ranking to no longer include following modifier