Merge commit 'b9f59ebcc68e9da0a7158741a1a2ef3564e1321e' into merging-upstream

config/initializers/doorkeeper.rb

@@ -7,15 +7,14 @@ Doorkeeper.configure do
     current_user || redirect_to(new_user_session_url)
   end
 
-  resource_owner_from_credentials do |routes|
-    request.params[:user] = { email: request.params[:username], password: request.params[:password] }
-    request.env["devise.allow_params_authentication"] = true
-    request.env["warden"].authenticate!(scope: :user)
+  resource_owner_from_credentials do |_routes|
+    user = User.find_by(email: request.params[:username])
+    user if !user&.otp_required_for_login? && user&.valid_password?(request.params[:password])
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
   admin_authenticator do
-    (current_user && current_user.admin?) || redirect_to(new_user_session_url)
+    current_user&.admin? || redirect_to(new_user_session_url)
   end
 
   # Authorization Code expiration time (default 10 minutes).

config/initializers/ostatus.rb

@@ -18,7 +18,6 @@ Rails.application.configure do
 
   config.action_mailer.default_url_options = { host: web_host, protocol: https ? 'https://' : 'http://', trailing_slash: false }
   config.x.streaming_api_base_url          = 'ws://localhost:4000'
-  config.x.use_ostatus_privacy             = true
 
   if Rails.env.production?
     config.x.streaming_api_base_url = ENV.fetch('STREAMING_API_BASE_URL') { "ws#{https ? 's' : ''}://#{web_host}" }

config/initializers/strong_migrations.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+StrongMigrations.start_after = 20170924022025 if Rails.env.development?