1
0
REI-Fixed/config
Claire bddd9ba36d
Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
..
environments Fix SMTP_ENABLE_STARTTLS_AUTO/SMTP_TLS/SMTP_SSL environment variables don't work (#17216) 2022-01-13 12:05:22 +01:00
initializers Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287) 2022-01-23 15:50:41 +01:00
locales Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288) 2022-01-23 15:52:58 +01:00
webpack Bump jest from 26.6.3 to 27.1.0 (#16376) 2021-08-28 09:58:04 +09:00
application.rb Add S3_FORCE_SINGLE_REQUEST env var to work around S3 compatibility issues (#16866) 2021-10-18 18:29:04 +02:00
boot.rb Bump bootsnap from 1.6.0 to 1.8.1 (#16677) 2021-09-19 14:42:32 +09:00
brakeman.ignore Add trending links (#16917) 2021-11-25 13:07:38 +01:00
database.yml config: add DB_SSLMODE for managed/remote PG (#10210) 2019-03-08 14:36:28 +01:00
deploy.rb Change references to tootsuite/mastodon to mastodon/mastodon (#16491) 2021-07-13 15:46:20 +02:00
environment.rb Make PreviewCard records reuseable between statuses (#4642) 2017-09-01 16:20:16 +02:00
i18n-tasks.yml Change move handler to carry blocks over (#14144) 2020-07-01 13:51:15 +02:00
navigation.rb Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
pghero.yml Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595) 2020-05-04 13:52:41 +02:00
puma.rb Add PERSISTENT_TIMEOUT option (#11756) 2019-09-04 20:44:08 +02:00
routes.rb Add support for editing for published statuses (#16697) 2022-01-19 22:37:27 +01:00
secrets.yml Upgrade to Rails 5.0.0.1 2016-08-17 17:58:00 +02:00
settings.yml Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
sidekiq.yml Add trending links (#16917) 2021-11-25 13:07:38 +01:00
storage.yml Update Mastodon to Rails 6.1 (#15910) 2021-03-24 10:44:31 +01:00
themes.yml More polished light theme (#7620) 2018-05-25 18:36:26 +02:00
webpacker.yml Bump webpacker from 3.5.5 to 4.0.2 (#10277) 2019-03-15 15:05:31 +01:00