about summary refs log tree commit diff
path: root/spec/services
AgeCommit message (Collapse)Author
2020-12-22Improve account deletion performances further (#15407)ThibG
* Delete status records by batches of 50 * Do not precompute values that are only used once * Do not generate redis events for removal of public toots older than two weeks * Filter reported toots a priori for polls and status deletion * Do not process reblogs when cleaning up public timelines As in Mastodon proper, reblogs don't appear in public TLs * Clean the deleted account's own feed in one go * Refactor Account#clean_feed_manager and List#clean_feed_manager * Delete instead of destroy a few more associations * Fix preloading Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-22Fix unnecessary queries when batch-removing statuses, 100x faster (#15387)Eugen Rochko
2020-12-21Fix some notifications not being deleted on poll/status deletion (#15402)ThibG
* Fix deleting polls not deleting notifications * Fix fav notification deletion when deleting a toot * Refactor DeleteAccountService spec * Add DeleteAccountService tests for other associations and notifications * Add favourite handling spec in status removal Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18Fix resolving accounts sometimes creating duplicate records for a given AP ↵ThibG
id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-17Improve searching for private toots from URL (#14856)ThibG
* Improve searching for private toots from URL Most of the time, when sharing toots, people use the toot URL rather than the toot URI, which makes sense since it is the user-facing URL. In Mastodon's case, the URL and URI are different, and Mastodon does not have an index on URL, which means searching a private toot by URL is done with a slow query that will only succeed for very recent toots. This change gets rid of the slow query, and attempts to guess the URI from URL instead, as Mastodon's are predictable. * Add tests * Only return status with guessed uri if url matches Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-11-19Fix webfinger redirect handling in ResolveAccountService (#15187)ThibG
* Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19Add import/export feature for bookmarks (#14956)ThibG
* Add ability to export bookmarks * Add support for importing bookmarks * Add bookmark import tests * Add bookmarks export test
2020-11-08Add support for reversible suspensions through ActivityPub (#14989)Eugen Rochko
2020-10-21Add follower synchronization mechanism (#14510)ThibG
* Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
2020-10-12Add IP-based rules (#14963)Eugen Rochko
2020-09-18Add option to be notified when a followed user posts (#13546)Eugen Rochko
* Add bell button Fix #4890 * Remove duplicate type from post-deployment migration * Fix legacy class type mappings * Improve query performance with better index * Fix validation * Remove redundant index from notifications
2020-09-15Change account suspensions to be reversible by default (#14726)Eugen Rochko
2020-09-07Refactor how public and tag timelines are queried (#14728)Eugen Rochko
2020-09-04Fix various warnings in rspec (#14729)Eugen Rochko
2020-07-15Fix removing allowed domains being done synchronously (#14302)ThibG
* Fix removing allowed domains being done synchronously * Add tests
2020-07-07Add test for removing endorsed accounts on account deletion/suspension (#14241)ThibG
2020-06-09Make domain block/silence/reject-media code more robust (#13424)ThibG
* Split media cleanup from reject-media domain blocks to its own service * Slightly improve ClearDomainMediaService error handling * Lower DomainClearMediaWorker to lowest-priority queue * Do not catch ActiveRecord::RecordNotFound in domain block workers * Fix DomainBlockWorker spec labels * Add some specs * Change domain blocks to immediately mark accounts as suspended Rather than doing so sequentially, account after account, while cleaning their data. This doesn't change much about the time the block takes to complete, but it immediately prevents interaction with the blocked domain, while up to now, it would only be guaranteed when the process ends.
2020-05-14Fix hashtag search performing account search as well (#13758)ThibG
2020-04-25Fix not being able to resolve public resources in development environment ↵Eugen Rochko
(#13505)
2020-03-31Fix background jobs not using locks like they are supposed to (#13361)Eugen Rochko
Also: - Fix locks not being removed when jobs go to the dead job queue - Add UI for managing locks to the Sidekiq dashboard - Remove unused Sidekiq workers Fix #13349
2020-03-25Fix media not being marked sensitive when client sets a CW but no text (#13277)ThibG
Mastodon enforces the “sensitive” flag on media attachments whenever a toot is posted with a Content Warning. However, it does so *after* potentially converting the Content Warning to toot text (when there is no toot text), which leads to inconsistent and surprising behavior for API clients. This commit fixes this inconsistency.
2020-01-23Fix media attachments without file being uploadable (#12562)Eugen Rochko
Fix #12554
2019-12-30Fix IDN mentions not being processed, IDN domains not being rendered (#12715)Eugen Rochko
This changes the REST API to return unicode domains in the `acct` attribute instead of punycode, and to render unicode instead of punycode on public HTML pages as well. Fix #7812, fix #12246
2019-12-17Clean up OStatus-related codepaths (#12173)ThibG
* Remove “protocol” argument and return value, as only ActivityPub is supported * Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService * Fix tests
2019-12-16Add Event activity-type support (#12637)Thomas Citharel
This adds support for Event AP type in Mastodon. Events are converted into toots by taking their title (AS name) and their URL (AP ID). Event picture is also brought in if available. Testable by fetching event content from https://test.mobilizon.org Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-11-21Fix FetchLinkCardServices crashing on a tags without a target (#12159)ThibG
* Add test for links without targets * Fix FetchLinkCardServices crashing on a tags without a target
2019-11-17Add cache for OEmbed endpoints to avoid extra HTTP requests (#12403)Eugen Rochko
* add youtube oembed endpoint * add check for oembed endpoint * change unless for a more readable if * clear blank lines * endpoint via https * Fix string literal in condition * use cache for endpoints * use cache for endpoints * clean up and adding check * clean up and remove redundant return * add html check * add false to return * use double quotes * use double quotes * Clean up
2019-10-24Add noopener and/or noreferrer (#12202)BSKY
2019-10-03Add `reason` param to `POST /api/v1/accounts` REST API (#12064)Eugen Rochko
For approval-required registrations mode
2019-10-01Fix BootstrapTimelineService crashing when bootstrapped accounts are invalid ↵ThibG
(#12037) * Add test to handle suspended and missing users in BootstrapTimelineService * Fix BootstrapTimelineService crashing when bootstrapped accounts are invalid
2019-10-01Remove HEAD request from fetching link previews (#12028)Eugen Rochko
It is not really necessary and we need to reduce requests
2019-09-28Add `exclude_unreviewed` param to `GET /api/v2/search` REST API (#11977)Eugen Rochko
Make it so normal search returns even unreviewed matches, but autosuggestions do not. Fix #11960
2019-09-27Change silences to always require approval on follow (#11975)ThibG
* Change silenced accounts to require approval on follow * Also require approval for follows by people explicitly muted by target accounts * Do not auto-accept silenced or muted accounts when switching from locked to unlocked * Add `follow_requests_count` to verify_credentials * Show “Follow requests” menu item if needed even if account is locked * Add tests * Correctly reflect that follow requests weren't auto-accepted when local account is silenced * Accept follow requests from user-muted accounts to avoid leaking mutes
2019-08-16Add more accurate account search (#11537)Eugen Rochko
* Add more accurate account search When ElasticSearch is available, a more accurate search is implemented: - Using edge n-gram index for acct and display name - Using asciifolding and cjk width normalization on display names - Using Gaussian decay on account activity for additional scoring (recency) - Using followers/friends ratio for additional scoring (spamminess) - Using followers number for additional scoring (size) The exact match precedence only takes effect when the input conforms to the username format and the username part of it is complete, i.e. when the user started typing the domain part. * Support single-letter usernames * Fix tests * Fix not picking up account updates * Add weights and normalization for scores, skip zero terms queries * Use local counts for accounts index, adjust search parameters * Fix mistakes * Using updated_at of accounts is inadequate for remote accounts
2019-08-07Add domain block notes (#11515)ThibG
* Add database columns for adding notes to domain blocks/restrctions * Add admin UI to set private and public comments when blocking a domain * Add text for private and public comments on domain blocks * Show domain block comments in admin UI * Add comments to the domain block undo page * Make UnblockDomainService more robust regarding upgraded domain blocks * Allow editing domain blocks * Rename button from “undo domain block” to “view domain block” in account admin UI * Change test to unsilence silenced users from upgraded blocks
2019-07-27Add search syntax for operators and phrases (#11411)Eugen Rochko
2019-07-21Remove WebSub subscriptions (#11303)Eugen Rochko
2019-07-19Add ActivityPub actor representing the entire server (#11321)ThibG
* Add support for an instance actor * Skip username validation for local Application accounts * Add migration script to create instance actor * Make Codeclimate happy * Switch to id -99 for instance actor * Remove unused `icon` and `image` attributes from instance actor * Use if/elsif/else instead of return + ternary operator * Add instance actor to fresh installs * Use instance actor as instance representative Use instance actor for forwarding reports, relay operations, and spam auto-reporting. * Seed database in test environment * Fix single-user mode * Fix tests * Fix specs to accomodate for an extra `Account` * Auto-reject follows on instance actor Following an instance actor might make sense, but we are not handling that right now, so auto-reject. * Fix webfinger lookup and serialization for instance actor * Rename instance actor * Make it clear in the HTML view that the instance actor should not be blocked * Raise cache time for instance actor as there's no dynamic content * Re-use /about/more with a flash message for instance actor profile
2019-07-11Add HTTP signatures to all outgoing ActivityPub GET requests (#11284)Eugen Rochko
2019-07-10Refactor fetching of remote resources (#11251)Eugen Rochko
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-07-07Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ↵Eugen Rochko
(#11247)
2019-07-06Remove Salmon and PubSubHubbub (#11205)Eugen Rochko
* Remove Salmon and PubSubHubbub endpoints * Add error when trying to follow OStatus accounts * Fix new accounts not being created in ResolveAccountService
2019-06-26Add support for Audio activities (#11189)ThibG
Fixes #11127
2019-06-02Fix NotifyService test with regards to reblogs (#10928)ThibG
Fixes #10890
2019-05-18Prevent from publicly boosting one's own private toots (#10775)ThibG
2019-05-14Record account suspend/silence time and keep track of domain blocks (#10660)ThibG
* Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive
2019-05-09Prevent silenced local users from notifying remote users not following them ↵ThibG
(#10575) * Prevent silenced local users from notifying remote users not following them This is an attempt to extend the local restrictions of silenced users to the federation. * Add tests * Add tests for making sure private status don't get sent over OStatus
2019-04-08Export and import show_reblogs together with following list (#10495)ThibG
* Refactor imports * Export show_reblogs when exporting list of followed users * Add support for importing show_reblogs with following collection * Fix tests
2019-04-07Improve blocked view of profiles (#10491)Eugen Rochko
* Revert "Fix filtering of favourited_by, reblogged_by, followers and following (#10447)" This reverts commit 120544067fcca4bf6e71ba1ffb276c451c17c656. * Revert "Hide blocking accounts from blocked users (#10442)" This reverts commit 62bafa20a112ccdddaedb25723fc819dbbcd8e9a. * Improve blocked view of profiles - Change "You are blocked" to "Profile unavailable" - Hide following/followers in API when blocked - Disable follow button and show "Profile unavailable" on public profile as well