forked from cybrespace/mastodon
db3ed498b0
Call to warden.authenticate! in resource_owner_from_credentials would make the request redirect to sign-in path, which is a bad response for apps. Now bad credentials just return nil, which leads to HTTP 401 from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into this way. |
||
|---|---|---|
| .. | ||
| active_model_serializers.rb | ||
| application_controller_renderer.rb | ||
| assets.rb | ||
| backtrace_silencers.rb | ||
| blacklists.rb | ||
| cookies_serializer.rb | ||
| devise.rb | ||
| doorkeeper.rb | ||
| fast_blank.rb | ||
| filter_parameter_logging.rb | ||
| httplog.rb | ||
| inflections.rb | ||
| instrumentation.rb | ||
| json_ld.rb | ||
| kaminari_config.rb | ||
| mime_types.rb | ||
| oembed.rb | ||
| open_uri_redirection.rb | ||
| ostatus.rb | ||
| pagination.rb | ||
| paperclip.rb | ||
| rabl_init.rb | ||
| rack_attack.rb | ||
| redis.rb | ||
| session_activations.rb | ||
| session_store.rb | ||
| sidekiq.rb | ||
| simple_form.rb | ||
| single_user_mode.rb | ||
| statsd.rb | ||
| strong_migrations.rb | ||
| timeout.rb | ||
| trusted_proxies.rb | ||
| twitter_regex.rb | ||
| vapid.rb | ||
| wrap_parameters.rb | ||