about summary refs log tree commit diff
path: root/spec/controllers
AgeCommit message (Collapse)Author
2019-01-05Add scheduled statuses (#9706)Eugen Rochko
Fix #340
2019-01-02Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts manually resolved: - app/services/post_status_service.rb - config/locales/simple_form.pl.yml - config/routes.rb - config/webpack/loaders/sass.js - config/webpack/shared.js - package.json - yarn.lock
2018-12-24Add REST API for creating an account (#9572)Eugen Rochko
* Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
2018-12-23Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - config/routes.rb Upstream changed some admin routes, conflict was because of an added :show action for statuses on our side. Kept it.
2018-12-22Add moderation warnings (#9519)Eugen Rochko
* Add moderation warnings Replace individual routes for disabling, silencing, and suspending a user, as well as the report update route, with a unified account action controller that allows you to select an action (none, disable, silence, suspend) as well as whether it should generate an e-mail notification with optional custom text. That notification, with the optional custom text, is saved as a warning. Additionally, there are warning presets you can configure to save time when performing the above. * Use Account#local_username_and_domain
2018-12-18Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/admin/base_controller.rb Some refactoring made upstream, no real conflict. - app/javascript/mastodon/features/compose/components/compose_form.js Updated using upstream's code but using maxChars instead of the hardcoded length of 500 characters per toot. - app/javascript/styles/mastodon/components.scss Upstream redesigned the onboarding modal. Not sure why we had a conflict there.
2018-12-18Add spec for AccountableConcern#log_action (#9559)ysksn
2018-12-17Add spec for Api::V1::Timelines::DirectController (#9547)ysksn
2018-12-17Add specs for Api::V1::Instances::PeersController (#9546)ysksn
2018-12-17Add spec for Api::V1::EndorsementsController (#9543)ysksn
2018-12-17Add spec for Api::V1::Instances::ActivityController (#9545)ysksn
2018-12-17Add specs for Accounts::PinsController (#9542)ysksn
2018-12-15Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/directories_controller.rb - app/controllers/settings/applications_controller.rb - app/controllers/settings/base_controller.rb - app/controllers/settings/deletes_controller.rb - app/controllers/settings/exports_controller.rb - app/controllers/settings/follower_domains_controller.rb - app/controllers/settings/imports_controller.rb - app/controllers/settings/migrations_controller.rb - app/controllers/settings/notifications_controller.rb - app/controllers/settings/preferences_controller.rb - app/controllers/settings/sessions_controller.rb - app/controllers/settings/two_factor_authentication/confirmations_controller.rb - app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb - app/controllers/settings/two_factor_authentications_controller.rb Conflicts were due to some refactoring already made in glitch-soc when introducing flavours.
2018-12-14Add spec for Admin::ActionLogsController#index (#9522)ysksn
2018-12-14Add specs for RemoteInteractionController (#9524)ysksn
2018-12-14Add spec for Admin::DashboardController#index (#9523)ysksn
2018-12-14Error message for avatar image that's too large. #9204 (#9518)Sumit Khanna
* Error message for avatar image that's too large. #9204 * Code climate/formatting * Removed avatar error message * Moved valid image dimentions check to update service * removed unnescessary begin block * code climate formatting * code climate indent fix
2018-12-13Add spec for Settings::ExportsController#create (#9512)ysksn
2018-12-10Add specs for activitypub collections controller (#9484)ysksn
* Add specs for ActivityPub::CollectionsController#show * Raise ActiveRecord::RecordNotFound Raising ActiveRecord::NotFound raises NameError: uninitialized constant ActiveRecord::NotFound.
2018-12-10Add spec for Admin::SuspentionsController#new (#9483)ysksn
2018-12-10Fix Admin::TagsController#unhide (#9481)ysksn
2018-12-10Add specs for Admin::InvitesController (#9471)ysksn
2018-12-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/javascript/packs/public.js - app/models/user.rb - config/settings.yml - db/schema.rb Moved public.js changes to settings.js.
2018-12-07Add specs for ActivityPub::InboxesController (#9456)ysksn
2018-12-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-12-05Fix thread depth computation in statuses_controller (#9426)ThibG
* Add test that should currently fail * Fix depth computation (will still fail if statuses have been filtered out) * Fix handling of broken threads
2018-11-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/status.rb Resolved by taking both changes (not a real conflict, just changes too close to each other).
2018-11-26Redesign admin accounts index (#9340)Eugen Rochko
* Improve overview of accounts in admin UI - Display suspended status, role, last activity and IP prominently - Default to showing local accounts - Default to not showing suspended accounts * Remove unused strings * Fix tests * Allow filtering accounts by IP mask
2018-11-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-11-08Optimize the process of following someone (#9220)Eugen Rochko
* Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-20fix: Execute PAM authentication tests on CircleCI (#9029)takayamaki
and use 'if' option of context block
2018-10-20Do not test PAM authentication by default (#9027)Eugen Rochko
* Do not test PAM authentication by default * Disable PAM tests if PAM is not enabled
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-08rubocop issues - Cleaning up (#8912)ashleyhull-versent
* cleanup pass * undo mistakes * fixed. * revert
2018-10-07Add conversations API (#8832)Eugen Rochko
* Add conversations API * Add web UI for conversations * Add test for conversations API * Add tests for ConversationAccount * Improve web UI * Rename ConversationAccount to AccountConversation * Remove conversations on block and mute * Change last_status_id to be a denormalization of status_ids * Add optimistic locking
2018-10-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: db/migrate/20170716191202_add_hide_notifications_to_mute.rb spec/controllers/application_controller_spec.rb Took our version, upstream changes were only minor style linting.
2018-10-04lint pass 2 (#8878)aus-social
* Code quality pass * Typofix * Update applications_controller_spec.rb * Update applications_controller_spec.rb
2018-10-04Change admin accounts default sort to most recent (#8813)Eugen Rochko
2018-10-04Lint pass (#8876)aus-social
2018-10-01Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/lib/user_settings_decorator.rb app/models/user.rb app/serializers/initial_state_serializer.rb app/views/stream_entries/_simple_status.html.haml config/locales/simple_form.en.yml config/locales/simple_form.ja.yml config/locales/simple_form.pl.yml config/routes.rb
2018-09-28Support min_id-based pagination in REST API (#8736)Eugen Rochko
* Allow min_id pagination in Feed#get * Add min_id pagination to home and list timeline APIs * Add min_id pagination to account statuses, public and tag APIs * Remove unused stub in reports API * Use min_id pagination in notifications, favourites, and fix order * Fix HomeFeed#from_database not using paginate_by_id
2018-09-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: Vagrantfile app/javascript/packs/public.js app/views/admin/settings/edit.html.haml app/views/settings/preferences/show.html.haml app/views/settings/profiles/show.html.haml config/locales/es.yml config/locales/simple_form.en.yml config/webpack/configuration.js config/webpack/loaders/babel.js package.json yarn.lock Split new additions to app/javascript/packs/public.js to app/javascript/core/settings.js
2018-09-14Misc. typos (#8694)luzpaz
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-11Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/oauth/authorizations_controller.rb Just two changes being too close to one another. Took both.
2018-09-09Add force_login option to OAuth authorize page (#8655)Eugen Rochko
* Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
2018-08-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/api/v1/mutes_controller.rb config/locales/simple_form.pl.yml
2018-08-26Make Api::V1::MutesController paginate properly (#8472)Jakub Mendyk
Fixes #8463