Conflicts:
- `app/helpers/theme_helper.rb`:
Conflict caused by our different theme systems.
Ported upstream's changes.
- `app/models/account.rb`:
Upstream basically made a change we already made.
Moved constant declaration to match upstream.
Conflicts:
- `spec/requests/api/v2/instance_spec.rb`:
Conflict due to glitch-soc having a different default site name.
Updated the tests as upstream did, keeping glitch-soc's default name.
Conflicts:
- `app/models/user_settings.rb`:
Upstream removed a setting textually adjacent to a glitch-soc-only setting.
Removed the setting glitch-soc removed.
Conflicts:
- `spec/controllers/api/v1/accounts/credentials_controller_spec.rb`
Conflict due to glitch-soc's different note length handling.
Ported the changes in `spec/requests/api/v1/accounts/credentials_spec.rb` instead.
Conflicts:
- `config/routes/api.rb`:
glitch-soc has an extra `:destroy` action on notifications for historical reasons.
Kept it for now, while otherwise updating as upstream did.
Conflicts:
- `.github/workflows/build-security.yml`:
Changes were already cherry-picked and adapted in glitch-soc.
Kept glitch-soc's version.
- `Gemfile.lock`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
- `lib/mastodon/version.rb`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
Conflicts:
- `spec/controllers/api/v1/timelines/direct_controller_spec.rb`:
`spec/controllers/api/v1/timelines` has been renamed, but we had an extra
spec here for a glitch-soc-only endpoint.
Kept glitch-soc's file unchanged (will port to a request spec later).
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth