about summary refs log tree commit diff
path: root/spec/controllers/concerns
AgeCommit message (Collapse)Author
2020-01-20Original upstream mergeThibG
2019-05-21Second round of Rspec fixes.multiple creatures
2019-03-14Admission-based registrations mode (#10250)Eugen Rochko
Fix #6856 Fix #6951
2018-12-18Add spec for AccountableConcern#log_action (#9559)ysksn
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-04lint pass 2 (#8878)aus-social
* Code quality pass * Typofix * Update applications_controller_spec.rb * Update applications_controller_spec.rb
2018-09-14Misc. typos (#8694)luzpaz
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-08-12Update Rails (#8141)S.H
* Update Rails * fix Update Rails
2018-04-22Fix randomly fail (similar #7219) (#7225)Yamagishi Kazutoshi
2018-04-21Use raw status code on have_http_status (#7214)Yamagishi Kazutoshi
2018-03-04Set the default locale in config (#6580)Akihiko Odaki
Previously the default locale was set by Localized concern for controllers, but it was not enforced for mailers. config is enforced throughout the application and an appropriate place to set the default locale.
2018-01-18Fix regeneration marker not expiring (#6290)Eugen Rochko
* Fix regeneration key not getting expired * Add rake task to remove old regeneration markers
2018-01-17Fix home regeneration (#6251)Eugen Rochko
* Fix regeneration marker not being removed after completion * Return HTTP 206 from /api/v1/timelines/home if regeneration in progress Prioritize RegenerationWorker by putting it into default queue * Display loading indicator and poll home timeline while it regenerates * Add graphic to regeneration message * Make "not found" indicator consistent with home regeneration
2017-12-09Rate limit by user instead of IP when API user is authenticated (#5923)Eugen Rochko
* Fix #668 - Rate limit by user instead of IP when API user is authenticated * Fix code style issue * Use request decorator provided by Doorkeeper
2017-10-13Improve spec of Feed and UserTrackingConcern (#5367)Eugen Rochko
2017-08-13Add alternate links to ActivityPub resources from HTML/HEAD variants (#4586)Eugen Rochko
2017-08-09Add Digest header to requests with body, handle acct and URI keyId (#4565)Eugen Rochko
2017-07-14HTTP signatures (#4146)Eugen Rochko
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
2017-06-12Fix locale related specs (#3707)unarist
* Use I18n.locale instead of ":en" * Reset I18n.locale value after locale changing tests
2017-06-10Improve default language decision and spec (#3351)Akihiko Odaki (@fn_aki@pawoo.net)
* Improve default language decision This change allows to takes account of accepted language determined by the user agent even if the custom default locale of the instance is configured. * Cover Localized more * Fix code style
2017-06-07Coverage improvement and concern extraction for rate limit headers in API ↵Matt Jankowski
controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup
2017-05-30Remove exports/base controller in favor of shared concern (#3444)Matt Jankowski
2017-05-29Remove methods from ObfuscateFilename and spec (#3347)Akihiko Odaki
* Remove methods from ObfuscateFilename * Spec ObfuscateFilename
2017-05-29Spec AccountControllerConcern (#3349)Akihiko Odaki
2017-04-30Extract user tracking into concern (#2600)Matt Jankowski