about summary refs log tree commit diff
path: root/spec/controllers
AgeCommit message (Collapse)Author
2020-02-27**MAJOR**: port tootsuite#13161 to monsterfork: Fix leak of arbitrary ↵Eugen Rochko
statuses through unfavourite action in REST API
2020-02-21port tootsuite#12748 to monsterfork: Fix base64-encoded file uploads not ↵Eugen Rochko
being possible Fix #3804, Fix #5776
2020-02-21port tootsuite#11638 to monsterfork: Fix remote and staff-removed statuses ↵Eugen Rochko
leaving media behind for a day The reason for unattaching media instead of removing it is to support delete & redraft functionality, but remote or staff-removed statuses will never be redrafted, so the media should be deleted immediately
2020-02-21port tootsuite#11375: Change unconfirmed user login behaviourEugen Rochko
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
2020-02-21port tootsuite#11702 to monsterfork: Fix uncaught parameter missing ↵Eugen Rochko
exceptions and missing error templates
2020-02-21port tootsuite#8657: Change locale detection to run once per sessionEugen Rochko
Fix #6462
2020-02-20Change signature verification to ignore signatures with invalid host (#13033)Eugen Rochko
Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011
2020-02-20Add a nodeinfo endpoint (#12002)Eugen Rochko
* Add nodeinfo endpoint * dont commit stuff from my local dev * consistant naming since we implimented 2.1 schema * Add some additional node info stuff * Add nodeinfo endpoint * dont commit stuff from my local dev * consistant naming since we implimented 2.1 schema * expanding this to include federation info * codeclimate feedback * CC feedback * using activeserializers seems like a good idea... * get rid of draft 2.1 version * Reimplement 2.1, also fix metaData -> metadata * Fix metaData -> metadata here too * Fix nodeinfo 2.1 tests * Implement cache for monthly user aggregate * Useless * Remove ostatus from the list of supported protocols * Fix nodeinfo's open_registration reading obsolete setting variable * Only serialize domain blocks with user-facing limitations * Do not needlessly list noop severity in nodeinfo * Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone * Enable caching for nodeinfo endpoints * Fix rendering nodeinfo * CodeClimate fixes * Please CodeClimate * Change InstancePresenter#active_user_count_months for clarity * Refactor NodeInfoSerializer#metadata * Remove nodeinfo 2.1 support as the schema doesn't exist * Clean-up
2020-01-20Original upstream mergeThibG
2019-11-19Fix poll API not requiring authentication on non-public polls (#10960)Eugen Rochko
* Fix poll API not requiring authentication on non-public polls That API does not reveal the content of the status, i.e. the question itself, nor who the author is, nor which status it belongs to, but it does reveal the poll options and how many answers they got Fix #10959 * Add test
2019-11-19Add `account_id` param to `GET /api/v1/notifications` (#10796)Paul Woolcock
* Add `from_account` to notifications API this adds the ability to filter notifications by the account they originated from * passing a non-existent user should cause none to be returned * Fix codeclimate warnings * fix more codeclimate warnings * make requested changes: * use account id instead of user@domain * name the param `account_id` instead of `from_account` * Don't use `return` in a lambda
2019-07-30add a domain policy viewer at `/policies`multiple creatures
2019-05-21Drop remaining OStatus and PuSH code, as well as related database items.multiple creatures
2019-05-21Second round of Rspec fixes.multiple creatures
2019-05-21Drop OStatus support. Fix some of the Rspec tests.multiple creatures
2019-05-15Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-05-14Record account suspend/silence time and keep track of domain blocks (#10660)ThibG
* Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive
2019-05-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/media_attachment.rb
2019-05-03Provide a link to existing domain block when trying to block an ↵ThibG
already-blocked domain (#10663) * When trying to block an already-blocked domain, provide a link to the block * Fix styling for links in flash messages * Allow blocks to be upgraded but not downgraded
2019-05-02Check that an invite link is valid before bypassing approval mode (#10657)ThibG
* Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
2019-04-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-04-10compare usernames case-insensitively on new proof creation flow (#10544)Alex Gessner
* compare usernames case-insensitively on new proof creation flow * Fix code style issue
2019-04-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - config/locales/pl.yml Conflict caused by new upstream string too close to glitch-specific “flavour” string. Took both strings.
2019-04-08Export and import show_reblogs together with following list (#10495)ThibG
* Refactor imports * Export show_reblogs when exporting list of followed users * Add support for importing show_reblogs with following collection * Fix tests
2019-04-07Improve blocked view of profiles (#10491)Eugen Rochko
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)" This reverts commit 120544067fcca4bf6e71ba1ffb276c451c17c656. * Revert "Hide blocking accounts from blocked users (#10442)" This reverts commit 62bafa20a112ccdddaedb25723fc819dbbcd8e9a. * Improve blocked view of profiles - Change "You are blocked" to "Profile unavailable" - Hide following/followers in API when blocked - Disable follow button and show "Profile unavailable" on public profile as well
2019-04-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/following_accounts_controller.rb Conflicts were due to glitch-soc's theming system. - app/javascript/packs/public.js Some code has been change upstream, but it has been moved to app/javascript/core/settings.js in glitch-soc. Applied the changes there.
2019-04-03Export and import `hide_notifications` alongside user mutes (#10335)ThibG
* Export hide_notifications along with user mutes * Import hide_notifications along with muted users list * Add headers for CSV exports
2019-04-01Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/form/admin_settings.rb - config/locales/ja.yml
2019-04-01Hide blocking accounts from blocked users (#10442)ThibG
* Revert "Add indication that you have been blocked in web UI (#10420)" This reverts commit bd02ec6daa974dcd3231e73826a56e08dbeedadc. * Revert "Add `blocked_by` relationship to the REST API (#10373)" This reverts commit 9745de883b198375ba23f7fde879f6d75ce2df0f. * Hide blocking accounts from search results * Filter blocking accouts from account followers * Filter blocking accouts from account's following accounts * Filter blocking accounts from “reblogged by” and “favourited by” lists * Remove blocking account from URL search * Return 410 on trying to fetch user data from a user who blocked us * Return 410 in /api/v1/account/statuses for suspended or blocking accounts * Fix status filtering when performing URL search * Restore some React improvements Restore some cleanup from bd02ec6daa974dcd3231e73826a56e08dbeedadc * Refactor by adding `without_blocking` scope
2019-03-28Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-03-28squashed identity proof updates (#10375)Alex Gessner
2019-03-26Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/admin/settings_controller.rb - app/models/form/admin_settings.rb Conflicts caused by upstream refactoring, while we have flavours and skins, with the flavour_and_skin pseudo-setting.
2019-03-23Add validations to admin settings (#10348)Eugen Rochko
* Add validations to admin settings - Validate correct HTML markup - Validate presence of contact username & e-mail - Validate that all usernames are valid - Validate that enums have expected values * Fix code style issue * Fix tests
2019-03-20Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-03-20Do not try fetching keys of unknown accounts on a Delete from them (#10326)ThibG
2019-03-20Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - config/locales/en.yml Conflict caused by the glitch-soc-specific “flavour” string being too close to the newly introduced “identity_proofs” string. Just included both.
2019-03-18Add Keybase integration (#10297)Eugen Rochko
* create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting
2019-03-16Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/settings/follower_domains_controller.rb Removed upstream. Did the same here. Maybe we should not have? - config/locales/en.yml Upstream removed the “Authorized followers” page and associated translations. This is too close in the file to our glitch-soc-specific “flavour” string. No actual conflict. - config/locales/ja.yml Same as above. - config/locales/pl.yml Same as above. - config/navigation.rb No real conflict. New route added too close to the glitch-soc-specific “flavours” one. - config/webpack/configuration.js Upstream refactored the webpack(er) configuration quite a bit. Tried to keep up. - config/webpack/loaders/babel.js Upstream refactored the webpack(er) configuration quite a bit. Tried to keep up. The contents of this file have been moved to package.json. - config/webpack/shared.js Upstream refactored the webpack(er) configuration quite a bit. Tried to keep up. - config/webpacker.yml Upstream refactored the webpack(er) configuration quite a bit. Tried to keep up. - jest.config.js The contents of this file have been moved to package.json. - package.json Upstream refactored the webpack(er) configuration quite a bit. Tried to keep up. - yarn.lock Upstream refactored the webpack(er) configuration quite a bit. Tried to keep up.
2019-03-16Add relationship manager UI (#10268)Eugen Rochko
2019-03-14Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/views/admin/settings/edit.html.haml: Conflict due to how the theming settings change.
2019-03-14Admission-based registrations mode (#10250)Eugen Rochko
Fix #6856 Fix #6951
2019-03-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/status.rb - db/schema.rb Both conflicts are caused by us having extra database columns.
2019-03-03Add polls (#10111)Eugen Rochko
* Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
2019-01-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
No conflicts.
2019-01-16Redesign public hashtag page to use a masonry layout (#9822)Eugen Rochko
2019-01-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .eslintrc.yml Removed, as upstream removed it. - app/controllers/admin/statuses_controller.rb Minor code cleanup when porting one of our features. - app/models/account.rb Note length validation has changed upstream. We now use upstream's validation (dropped legacy glitch-soc account metadata stuff) but with configurable limit. - app/services/post_status_service.rb Upstream has added support for scheduled toots, refactoring the code a bit. Adapted our changes to this refactoring. - app/views/stream_entries/_detailed_status.html.haml Not a real conflict, changes too close. - app/views/stream_entries/_simple_status.html.haml Not a real conflict, changes too close.
2019-01-10Not to skip executable specs (#9753)ysksn
* Not to skip executable specs * Combine specs Combine specs to one to reduce multiple slow http post.
2019-01-08Redesign admin instances area (#9645)Eugen Rochko
2019-01-05Add scheduled statuses (#9706)Eugen Rochko
Fix #340
2019-01-02Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts manually resolved: - app/services/post_status_service.rb - config/locales/simple_form.pl.yml - config/routes.rb - config/webpack/loaders/sass.js - config/webpack/shared.js - package.json - yarn.lock