about summary refs log tree commit diff
path: root/spec/controllers
AgeCommit message (Collapse)Author
2018-12-14Error message for avatar image that's too large. #9204 (#9518)Sumit Khanna
* Error message for avatar image that's too large. #9204 * Code climate/formatting * Removed avatar error message * Moved valid image dimentions check to update service * removed unnescessary begin block * code climate formatting * code climate indent fix
2018-12-13Add spec for Settings::ExportsController#create (#9512)ysksn
2018-12-10Add specs for activitypub collections controller (#9484)ysksn
* Add specs for ActivityPub::CollectionsController#show * Raise ActiveRecord::RecordNotFound Raising ActiveRecord::NotFound raises NameError: uninitialized constant ActiveRecord::NotFound.
2018-12-10Add spec for Admin::SuspentionsController#new (#9483)ysksn
2018-12-10Fix Admin::TagsController#unhide (#9481)ysksn
2018-12-10Add specs for Admin::InvitesController (#9471)ysksn
2018-12-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/javascript/packs/public.js - app/models/user.rb - config/settings.yml - db/schema.rb Moved public.js changes to settings.js.
2018-12-07Add specs for ActivityPub::InboxesController (#9456)ysksn
2018-12-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-12-05Fix thread depth computation in statuses_controller (#9426)ThibG
* Add test that should currently fail * Fix depth computation (will still fail if statuses have been filtered out) * Fix handling of broken threads
2018-11-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/status.rb Resolved by taking both changes (not a real conflict, just changes too close to each other).
2018-11-26Redesign admin accounts index (#9340)Eugen Rochko
* Improve overview of accounts in admin UI - Display suspended status, role, last activity and IP prominently - Default to showing local accounts - Default to not showing suspended accounts * Remove unused strings * Fix tests * Allow filtering accounts by IP mask
2018-11-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-11-08Optimize the process of following someone (#9220)Eugen Rochko
* Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-20fix: Execute PAM authentication tests on CircleCI (#9029)takayamaki
and use 'if' option of context block
2018-10-20Do not test PAM authentication by default (#9027)Eugen Rochko
* Do not test PAM authentication by default * Disable PAM tests if PAM is not enabled
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-08rubocop issues - Cleaning up (#8912)ashleyhull-versent
* cleanup pass * undo mistakes * fixed. * revert
2018-10-07Add conversations API (#8832)Eugen Rochko
* Add conversations API * Add web UI for conversations * Add test for conversations API * Add tests for ConversationAccount * Improve web UI * Rename ConversationAccount to AccountConversation * Remove conversations on block and mute * Change last_status_id to be a denormalization of status_ids * Add optimistic locking
2018-10-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: db/migrate/20170716191202_add_hide_notifications_to_mute.rb spec/controllers/application_controller_spec.rb Took our version, upstream changes were only minor style linting.
2018-10-04lint pass 2 (#8878)aus-social
* Code quality pass * Typofix * Update applications_controller_spec.rb * Update applications_controller_spec.rb
2018-10-04Change admin accounts default sort to most recent (#8813)Eugen Rochko
2018-10-04Lint pass (#8876)aus-social
2018-10-01Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/lib/user_settings_decorator.rb app/models/user.rb app/serializers/initial_state_serializer.rb app/views/stream_entries/_simple_status.html.haml config/locales/simple_form.en.yml config/locales/simple_form.ja.yml config/locales/simple_form.pl.yml config/routes.rb
2018-09-28Support min_id-based pagination in REST API (#8736)Eugen Rochko
* Allow min_id pagination in Feed#get * Add min_id pagination to home and list timeline APIs * Add min_id pagination to account statuses, public and tag APIs * Remove unused stub in reports API * Use min_id pagination in notifications, favourites, and fix order * Fix HomeFeed#from_database not using paginate_by_id
2018-09-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: Vagrantfile app/javascript/packs/public.js app/views/admin/settings/edit.html.haml app/views/settings/preferences/show.html.haml app/views/settings/profiles/show.html.haml config/locales/es.yml config/locales/simple_form.en.yml config/webpack/configuration.js config/webpack/loaders/babel.js package.json yarn.lock Split new additions to app/javascript/packs/public.js to app/javascript/core/settings.js
2018-09-14Misc. typos (#8694)luzpaz
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-11Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/oauth/authorizations_controller.rb Just two changes being too close to one another. Took both.
2018-09-09Add force_login option to OAuth authorize page (#8655)Eugen Rochko
* Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
2018-08-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/api/v1/mutes_controller.rb config/locales/simple_form.pl.yml
2018-08-26Make Api::V1::MutesController paginate properly (#8472)Jakub Mendyk
Fixes #8463
2018-08-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/application_controller.rb Changed instance theme selection by instance flavour selection.
2018-08-23Add ability to change an instance default theme from the administration ↵Jakub Mendyk
panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
2018-08-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-08-22Add confirmation step to account suspensions (#8353)Eugen Rochko
* Add confirmation page for suspensions * Suspension confirmation closes reports, linked from report UI * Fix tests
2018-08-18Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: .circleci/config.yml app/controllers/authorize_follows_controller.rb app/javascript/packs/public.js Moved new stuff from packs/public.js to core/public.js. Added appropriate use_pack in new controllers.
2018-08-18Add remote interaction dialog for toots (#8202)Eugen Rochko
* Add remote interaction dialog for toots * Change AuthorizeFollow into AuthorizeInteraction, support statuses * Update brakeman.ignore * Adjust how interaction buttons are display on public pages * Fix tests
2018-08-13Update Rails (#8141)S.H
* Update Rails * fix Update Rails
2018-08-12Update Rails (#8141)S.H
* Update Rails * fix Update Rails
2018-08-10Introduce OAuth scopes for bookmarksThibaut Girka
2018-08-01Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Manually-resolved conflicts: .circleci/config.yml app/controllers/accounts_controller.rb app/controllers/auth/passwords_controller.rb app/controllers/statuses_controller.rb app/javascript/packs/public.js app/models/media_attachment.rb app/views/stream_entries/_content_spoiler.html.haml app/views/stream_entries/_media.html.haml config/locales/en.yml config/locales/ja.yml config/locales/pl.yml lib/mastodon/version.rb Some content from app/javascript/packs/public.js has been split to app/javascript/core/settings.js. Translation strings for glitch-soc's keyword mutes were dropped. Everything else was mostly “take both”.
2018-07-31Compensate for scrollbar disappearing when media modal visible (#8100)Eugen Rochko
* Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
2018-07-09Migrate glitch-soc keyword mutes to Mastodon'sThibaut Girka
Completely remove glitch-soc's Keyword Mutes, migrate existing database records to CustomFilters. Handling of client-side filters is still not implemented in the glitch-soc front-end.
2018-07-09Merge branch 'master' into glitch-soc/tentative-mergeThibaut Girka
Conflicts: README.md app/controllers/statuses_controller.rb app/lib/feed_manager.rb config/navigation.rb spec/lib/feed_manager_spec.rb Conflicts were resolved by taking both versions for each change. This means the two filter systems (glitch-soc's keyword mutes and tootsuite's custom filters) are in place, which will be changed in a follow-up commit.
2018-07-05Add more granular OAuth scopes (#7929)Eugen Rochko
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
2018-07-03Re-add follow recommendations API (#7918)Eugen Rochko
* Re-add follow recommendations API GET /api/v1/suggestions Removed in 8efa081f210d72ed450c39ac4cde0fd84fb3d3fb due to Neo4J dependency. The algorithm uses triadic closures, takes into account suspensions, blocks, mutes, domain blocks, excludes locked and moved accounts, and prefers more recently updated accounts. * Track interactions with people you don't follow Replying to, favouriting and reblogging someone you're not following will make them show up in follow recommendations. The interactions have different weights: - Replying is 1 - Favouriting is 10 (decidedly positive interaction, but private) - Reblogging is 20 Following them, muting or blocking will remove them from the list, obviously. * Remove triadic closures, ensure potential friendships are trimmed
2018-06-29Keyword/phrase filtering (#7905)Eugen Rochko
* Add keyword filtering GET|POST /api/v1/filters GET|PUT|DELETE /api/v1/filters/:id - Irreversible filters can drop toots from home or notifications - Other filters can hide toots through the client app - Filters use a phrase valid in particular contexts, expiration * Make sure expired filters don't get applied client-side * Add missing API methods * Remove "regex filter" from column settings * Add tests * Add test for FeedManager * Add CustomFilter test * Add UI for managing filters * Add streaming API event to allow syncing filters * Fix tests