gearheads
/
mastodon
Archived
2
0
Fork 0
This repository has been archived on 2024-06-09. You can view files and clone it, but cannot push or open issues/pull-requests.
mastodon/app/views/about
Claire bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
..
_domain_blocks.html.haml Add option to obfuscate domain name in public list of domain blocks (#15355) 2020-12-18 08:30:41 +01:00
_login.html.haml Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288) 2022-01-23 15:52:58 +01:00
_registration.html.haml Add ability to require invite request text (#15326) 2020-12-14 10:03:09 +01:00
more.html.haml Change number_to_human calls to always use 3-digits precision (#16469) 2021-07-07 21:13:08 +02:00
show.html.haml Change number_to_human calls to always use 3-digits precision (#16469) 2021-07-07 21:13:08 +02:00
terms.html.haml Update /terms and /about/more to use public layout (#8142) 2018-08-09 12:58:20 +02:00