Merge branch 'auth-improvements' into 'develop'

Cookie auth rework / Auth subsystem refactoring and tweaks Closes pleroma/secteam/pleroma#3 See merge request pleroma/pleroma!3112
author: lain <lain@soykaf.club> 2020-12-09 15:55:45 +0000
committer: lain <lain@soykaf.club> 2020-12-09 15:55:45 +0000
commit: 477c6c8e558c1b1f193caadb6172db840c1910a4 (patch)
tree: 6d7f533436d9de01b4190db1318da98ea719cd49 /CHANGELOG.md
parent: 1436a2fa2dfd5fef6d61d1bba9ba074b359b40a3 (diff)
parent: 055a306380cdfc7b34faeaa90c09e408569f3b92 (diff)
download: pleroma-477c6c8e558c1b1f193caadb6172db840c1910a4.tar.gz
pleroma-477c6c8e558c1b1f193caadb6172db840c1910a4.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d481cb75..919c5a102 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - The site title is now injected as a `title` tag like preloads or metadata.
 - Password reset tokens now are not accepted after a certain age.
 - Mix tasks to help with displaying and removing ConfigDB entries. See `mix pleroma.config`
+- OAuth form improvements: users are remembered by their cookie, the CSS is overridable by the admin, and the style has been improved.
+- OAuth improvements and fixes: more secure session-based authentication (by token that could be revoked anytime), ability to revoke belonging OAuth token from any client etc. 
 
 <details>
   <summary>API Changes</summary>
author	lain <lain@soykaf.club>	2020-12-09 15:55:45 +0000
committer	lain <lain@soykaf.club>	2020-12-09 15:55:45 +0000
commit	477c6c8e558c1b1f193caadb6172db840c1910a4 (patch)
tree	6d7f533436d9de01b4190db1318da98ea719cd49 /CHANGELOG.md
parent	1436a2fa2dfd5fef6d61d1bba9ba074b359b40a3 (diff)
parent	055a306380cdfc7b34faeaa90c09e408569f3b92 (diff)
download	pleroma-477c6c8e558c1b1f193caadb6172db840c1910a4.tar.gz pleroma-477c6c8e558c1b1f193caadb6172db840c1910a4.zip