Merge commit '664efcf4c3f9713894054fb642a252d8752a4123' into glitch-soc/merge-upstream

2026-03-29 03:00:33 +02:00 · 2026-03-25 21:09:30 +01:00
parent 88c7d3bf3f 664efcf4c3
commit 572f18c322
82 changed files with 961 additions and 528 deletions
--- a/app/controllers/activitypub/featured_collections_controller.rb
+++ b/app/controllers/activitypub/featured_collections_controller.rb
@@ -33,7 +33,9 @@ class ActivityPub::FeaturedCollectionsController < ApplicationController

  def set_collections
    authorize @account, :index_collections?
-    @collections = @account.collections.page(params[:page]).per(PER_PAGE)
+    @collections = @account.collections
+      .includes(:accepted_collection_items)
+      .page(params[:page]).per(PER_PAGE)
  rescue Mastodon::NotPermittedError
    not_found
  end
--- a/app/controllers/auth/sessions/security_key_options_controller.rb
+++ b/app/controllers/auth/sessions/security_key_options_controller.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+class Auth::Sessions::SecurityKeyOptionsController < ApplicationController
+  skip_before_action :check_self_destruct!
+  skip_before_action :require_functional!
+  skip_before_action :update_user_sign_in
+
+  def show
+    user = User.find_by(id: session[:attempt_user_id])
+
+    if user&.webauthn_enabled?
+      options_for_get = WebAuthn::Credential.options_for_get(
+        allow: user.webauthn_credentials.pluck(:external_id),
+        user_verification: 'discouraged'
+      )
+
+      session[:webauthn_challenge] = options_for_get.challenge
+
+      render json: options_for_get, status: 200
+    else
+      render json: { error: t('webauthn_credentials.not_enabled') }, status: 401
+    end
+  end
+end
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -38,23 +38,6 @@ class Auth::SessionsController < Devise::SessionsController
    flash.delete(:notice)
  end

-  def webauthn_options
-    user = User.find_by(id: session[:attempt_user_id])
-
-    if user&.webauthn_enabled?
-      options_for_get = WebAuthn::Credential.options_for_get(
-        allow: user.webauthn_credentials.pluck(:external_id),
-        user_verification: 'discouraged'
-      )
-
-      session[:webauthn_challenge] = options_for_get.challenge
-
-      render json: options_for_get, status: 200
-    else
-      render json: { error: t('webauthn_credentials.not_enabled') }, status: 401
-    end
-  end
-
  protected

  def find_user