about summary refs log tree commit diff
path: root/spec/services
AgeCommit message (Collapse)Author
2020-03-25Fix media not being marked sensitive when client sets a CW but no text (#13277)ThibG
Mastodon enforces the “sensitive” flag on media attachments whenever a toot is posted with a Content Warning. However, it does so *after* potentially converting the Content Warning to toot text (when there is no toot text), which leads to inconsistent and surprising behavior for API clients. This commit fixes this inconsistency.
2020-01-23Fix media attachments without file being uploadable (#12562)Eugen Rochko
Fix #12554
2019-12-30Fix IDN mentions not being processed, IDN domains not being rendered (#12715)Eugen Rochko
This changes the REST API to return unicode domains in the `acct` attribute instead of punycode, and to render unicode instead of punycode on public HTML pages as well. Fix #7812, fix #12246
2019-12-17Clean up OStatus-related codepaths (#12173)ThibG
* Remove “protocol” argument and return value, as only ActivityPub is supported * Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService * Fix tests
2019-12-16Add Event activity-type support (#12637)Thomas Citharel
This adds support for Event AP type in Mastodon. Events are converted into toots by taking their title (AS name) and their URL (AP ID). Event picture is also brought in if available. Testable by fetching event content from https://test.mobilizon.org Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-11-21Fix FetchLinkCardServices crashing on a tags without a target (#12159)ThibG
* Add test for links without targets * Fix FetchLinkCardServices crashing on a tags without a target
2019-11-17Add cache for OEmbed endpoints to avoid extra HTTP requests (#12403)Eugen Rochko
* add youtube oembed endpoint * add check for oembed endpoint * change unless for a more readable if * clear blank lines * endpoint via https * Fix string literal in condition * use cache for endpoints * use cache for endpoints * clean up and adding check * clean up and remove redundant return * add html check * add false to return * use double quotes * use double quotes * Clean up
2019-10-24Add noopener and/or noreferrer (#12202)BSKY
2019-10-03Add `reason` param to `POST /api/v1/accounts` REST API (#12064)Eugen Rochko
For approval-required registrations mode
2019-10-01Fix BootstrapTimelineService crashing when bootstrapped accounts are invalid ↵ThibG
(#12037) * Add test to handle suspended and missing users in BootstrapTimelineService * Fix BootstrapTimelineService crashing when bootstrapped accounts are invalid
2019-10-01Remove HEAD request from fetching link previews (#12028)Eugen Rochko
It is not really necessary and we need to reduce requests
2019-09-28Add `exclude_unreviewed` param to `GET /api/v2/search` REST API (#11977)Eugen Rochko
Make it so normal search returns even unreviewed matches, but autosuggestions do not. Fix #11960
2019-09-27Change silences to always require approval on follow (#11975)ThibG
* Change silenced accounts to require approval on follow * Also require approval for follows by people explicitly muted by target accounts * Do not auto-accept silenced or muted accounts when switching from locked to unlocked * Add `follow_requests_count` to verify_credentials * Show “Follow requests” menu item if needed even if account is locked * Add tests * Correctly reflect that follow requests weren't auto-accepted when local account is silenced * Accept follow requests from user-muted accounts to avoid leaking mutes
2019-08-16Add more accurate account search (#11537)Eugen Rochko
* Add more accurate account search When ElasticSearch is available, a more accurate search is implemented: - Using edge n-gram index for acct and display name - Using asciifolding and cjk width normalization on display names - Using Gaussian decay on account activity for additional scoring (recency) - Using followers/friends ratio for additional scoring (spamminess) - Using followers number for additional scoring (size) The exact match precedence only takes effect when the input conforms to the username format and the username part of it is complete, i.e. when the user started typing the domain part. * Support single-letter usernames * Fix tests * Fix not picking up account updates * Add weights and normalization for scores, skip zero terms queries * Use local counts for accounts index, adjust search parameters * Fix mistakes * Using updated_at of accounts is inadequate for remote accounts
2019-08-07Add domain block notes (#11515)ThibG
* Add database columns for adding notes to domain blocks/restrctions * Add admin UI to set private and public comments when blocking a domain * Add text for private and public comments on domain blocks * Show domain block comments in admin UI * Add comments to the domain block undo page * Make UnblockDomainService more robust regarding upgraded domain blocks * Allow editing domain blocks * Rename button from “undo domain block” to “view domain block” in account admin UI * Change test to unsilence silenced users from upgraded blocks
2019-07-27Add search syntax for operators and phrases (#11411)Eugen Rochko
2019-07-21Remove WebSub subscriptions (#11303)Eugen Rochko
2019-07-19Add ActivityPub actor representing the entire server (#11321)ThibG
* Add support for an instance actor * Skip username validation for local Application accounts * Add migration script to create instance actor * Make Codeclimate happy * Switch to id -99 for instance actor * Remove unused `icon` and `image` attributes from instance actor * Use if/elsif/else instead of return + ternary operator * Add instance actor to fresh installs * Use instance actor as instance representative Use instance actor for forwarding reports, relay operations, and spam auto-reporting. * Seed database in test environment * Fix single-user mode * Fix tests * Fix specs to accomodate for an extra `Account` * Auto-reject follows on instance actor Following an instance actor might make sense, but we are not handling that right now, so auto-reject. * Fix webfinger lookup and serialization for instance actor * Rename instance actor * Make it clear in the HTML view that the instance actor should not be blocked * Raise cache time for instance actor as there's no dynamic content * Re-use /about/more with a flash message for instance actor profile
2019-07-11Add HTTP signatures to all outgoing ActivityPub GET requests (#11284)Eugen Rochko
2019-07-10Refactor fetching of remote resources (#11251)Eugen Rochko
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-07-07Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ↵Eugen Rochko
(#11247)
2019-07-06Remove Salmon and PubSubHubbub (#11205)Eugen Rochko
* Remove Salmon and PubSubHubbub endpoints * Add error when trying to follow OStatus accounts * Fix new accounts not being created in ResolveAccountService
2019-06-26Add support for Audio activities (#11189)ThibG
Fixes #11127
2019-06-02Fix NotifyService test with regards to reblogs (#10928)ThibG
Fixes #10890
2019-05-18Prevent from publicly boosting one's own private toots (#10775)ThibG
2019-05-14Record account suspend/silence time and keep track of domain blocks (#10660)ThibG
* Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive
2019-05-09Prevent silenced local users from notifying remote users not following them ↵ThibG
(#10575) * Prevent silenced local users from notifying remote users not following them This is an attempt to extend the local restrictions of silenced users to the federation. * Add tests * Add tests for making sure private status don't get sent over OStatus
2019-04-08Export and import show_reblogs together with following list (#10495)ThibG
* Refactor imports * Export show_reblogs when exporting list of followed users * Add support for importing show_reblogs with following collection * Fix tests
2019-04-07Improve blocked view of profiles (#10491)Eugen Rochko
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)" This reverts commit 120544067fcca4bf6e71ba1ffb276c451c17c656. * Revert "Hide blocking accounts from blocked users (#10442)" This reverts commit 62bafa20a112ccdddaedb25723fc819dbbcd8e9a. * Improve blocked view of profiles - Change "You are blocked" to "Profile unavailable" - Hide following/followers in API when blocked - Disable follow button and show "Profile unavailable" on public profile as well
2019-04-03Export and import `hide_notifications` alongside user mutes (#10335)ThibG
* Export hide_notifications along with user mutes * Import hide_notifications along with muted users list * Add headers for CSV exports
2019-04-01Hide blocking accounts from blocked users (#10442)ThibG
* Revert "Add indication that you have been blocked in web UI (#10420)" This reverts commit bd02ec6daa974dcd3231e73826a56e08dbeedadc. * Revert "Add `blocked_by` relationship to the REST API (#10373)" This reverts commit 9745de883b198375ba23f7fde879f6d75ce2df0f. * Hide blocking accounts from search results * Filter blocking accouts from account followers * Filter blocking accouts from account's following accounts * Filter blocking accounts from “reblogged by” and “favourited by” lists * Remove blocking account from URL search * Return 410 on trying to fetch user data from a user who blocked us * Return 410 in /api/v1/account/statuses for suspended or blocking accounts * Fix status filtering when performing URL search * Restore some React improvements Restore some cleanup from bd02ec6daa974dcd3231e73826a56e08dbeedadc * Refactor by adding `without_blocking` scope
2019-04-01Fix more keybase-related test failures (#10443)ThibG
2019-03-30Fix failing keybase-related test (#10428)ThibG
2019-03-30Add ActivityPub representation for identity proofs (#10414)Eugen Rochko
* Add ActivityPub representation for identity proofs * Add tests
2019-03-17Set and store report URIs (#10303)ThibG
Fixes #10271
2019-03-17Fix reblogs privacy (#10302)ThibG
* Fix reblogs privacy * Fix Announce processing specs
2019-03-14Admission-based registrations mode (#10250)Eugen Rochko
Fix #6856 Fix #6951
2019-03-10Reject existing Follows when suspending a remote account (#10230)ThibG
* Reject existing Follows when suspending a remote account Partial fix to #10229 * Add tests
2019-02-28Improved remote thread fetching (#10106)ThibG
* Fetch up to 5 replies when discovering a new remote status This is used for resolving threads downwards. The originating server must add a “replies” attributes with such replies for it to be useful. * Add some tests for ActivityPub::FetchRepliesWorker * Add specs for ActivityPub::FetchRepliesService * Serialize up to 5 public self-replies for ActivityPub notes * Add specs for ActivityPub::NoteSerializer * Move exponential backoff logic to a worker concern * Fetch first page of paginated collections when fetching thread replies * Add specs for paginated collections in replies * Move Note replies serialization to a first CollectionPage The collection isn't actually paginable yet as it has no id nor a `next` field. This may come in another PR. * Use pluck(:uri) instead of map(&:uri) to improve performances * Fix fetching replies when they are in a CollectionPage
2019-02-26Add type, limit, offset, min_id, max_id, account_id to search API (#10091)Eugen Rochko
* Add type, limit, offset, min_id, max_id, account_id to search API Fix #8939 * Make the offset work on accounts and hashtags search as well * Assure brakeman we are not doing mass assignment here * Do not allow paginating unless a type is chosen * Fix search query and index id field on statuses instead of created_at
2019-01-26Prevent posting toots with media attachments from someone else (#9921)ThibG
2019-01-21Fix scheduled toot with media immediately creating a toot (#9894)ThibG
* Add test for not persisting status when attaching media to scheduled toot * Prevent status used for validation from being persisted to the database Fixes #9893 Thanks to tateisu for the help investigating this.
2019-01-18Reject existing Follow in addition to sending a Block (#9811)ThibG
Mastodon expects remote servers to remove follow relationships upon receiving a Block. However, the spec only evokes Block activities in a C2S context, never in a S2S context. This PR, in addition to federating the Block, explicitly sends a Reject for any affected follow relationship, which makes a bit more sense with regards to the spec.
2019-01-14Fix undefined method error in sidekiq (#9807)Renato "Lond" Cerqueira
* Fix undefined method error in sidekiq Body can be not nil but still be empty, which causes a `NoMethodError: undefined method `[]' for nil:NilClass` further in the code. This checks for an empty body to avoid the issue. * Fix codeclimate issue
2019-01-08Remove `pending` (#9752)ysksn
Some specs have already been added.
2019-01-05Add scheduled statuses (#9706)Eugen Rochko
Fix #340
2018-12-30Reduce usage of LD signatures (#9659)ThibG
* Do not LDS-sign Follow, Accept, Reject, Undo, Block * Do not use LDS for Create activities of private toots * Minor cleanup * Ignore unsigned activities instead of misattributing them * Use status.distributable? instead of querying visibility directly
2018-12-24Add REST API for creating an account (#9572)Eugen Rochko
* Add REST API for creating an account The method is available to apps with a token obtained via the client credentials grant. It creates a user and account records, as well as an access token for the app that initiated the request. The user is unconfirmed, and an e-mail is sent as usual. The method returns the access token, which the app should save for later. The REST API is not available to users with unconfirmed accounts, so the app must be smart to wait for the user to click a link in their e-mail inbox. The method is rate-limited by IP to 5 requests per 30 minutes. * Redirect users back to app from confirmation if they were created with an app * Add tests * Return 403 on the method if registrations are not open * Require agreement param to be true in the API when creating an account
2018-12-24Limit maximum visibility of local silenced users to unlisted (#9583)ThibG
Fixes #9580