Age | Commit message (Collapse) | Author |
|
* Stricter whitelist rules
* Linting
* Added spec for blacklisting
* Test subdomain blacklist on domain whitelist
* No need to split
* Change spec name
|
|
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden.
Warden::Manager can be found in rake middleware. It is outside of the controller.
In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager
delegates request to failure_app to generate response and flash[:alert] after catching it.
Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only
inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
|
|
changes. (#2410)
* Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes.
* Fix code style and test failures for OutboxController.
* Attempt to fix CI errors.
|
|
(#2419)
duplicates. Web UI regenerates UUID for that header every time the compose
form is changed or successfully submitted
Also, fix Farsi i18n overwriting the English one
|
|
|
|
|
|
* Fix #2119 - Whenever about to send a HTTP request, normalize the URI
* Add test for IDN request in FetchLinkCardService
* Perform IDN normalization on domains before they are stored in the DB
|
|
|
|
application controller (#2400)
* Add failing spec for oauth/authorized_applications controller
* Use explicit reference to flashes partial from admin layout
Because some of the controllers which use the admin layout do not inherit from
application controller, this partial is not in their view path.
|
|
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers
* Authorized followers controller, stub for bulk action
* Soft block in the background
* Add simple test for new controller
* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
|
|
|
|
* Add failing spec showing that human_locales does not match what i18n knows about
* Add missing `ar` key for arabic to human locales
* Remove duplicate `id` key from available locales
* Sort keys in human locales list
* Add spec for human_locale helper
|
|
The two methods `StreamEntriesHelper#stream_link_target` and
`StreamEntriesHelper#acct` are based on checking whether we are running
in an embedded view.
This adds some test helper code to make the testing easier. We extracted
some "magic strings" to constants to lower the coupling in the specs.
|
|
The code that generates CSS is based on a lot of boolean conditions.
The possible combinations of these grows exponentially as we add more
conditions.
Since most of the code is conditional on a single boolean, we tested the
following:
1. All `false`
2. All `true`
3. Each individual flag set to `true`
The methods tested are:
* `StreamEntriesHelper#style_classes`
* `StreamEntriesHelper#microformats_classes`
* `StreamEntriesHelper#microformats_h_class`
|
|
Create/Announce Activities (#2197)
* Clean up collapsible components
* Expose user Outboxes and AS2 representations of statuses
* Save work thus far.
* Fix bad merge.
* Save my work
* Clean up pagination.
* First test working.
* Add tests.
* Add Forbidden error template.
* Revert yarn.lock changes.
* Fix code style deviations and use localized instead of hardcoded English text.
|
|
* Shows confirmed status in list.
* Adds ability to confirm users in admin UI.
* Added new english translations.
* Addresses feedback from #2245.
* More feedback.
|
|
* add og:url to stream_item view
* add og:url and text to about/show
* add og:url to profile, followers and follows pages
|
|
* Add html lang attributes around statuses
* Remove urls from language detection
|
|
* Add spec coverage for settings/two_factor_auth area
* extract setup method for qr code
* Move otp required check to before action
* Merge method only used once
* Remove duplicate view
* Consolidate creation of @codes for backup
* Move settings/2fq#recovery_codes to settings/recovery_codes#create
* Rename settings/two_factor_auth#disable to #destroy
* Add coverage for the otp required path on 2fa#show
* Clean up the recovery codes list styles
* Move settings/two_factor_auth to settings/two_factor_authentication
* Reorganize the settings two factor auth area
Updated to use a flow like:
- settings/two_factor_authentication goes to a #show view which has a button
either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
codes
- that create action shares a view with a recovery codes controller which can be
used separately to reset codes if needed
|
|
We used some random Arabic characters to test that the various RTL
conditions got triggered.
|
|
* Add user spec for settings, highlight global default mutation issue
* Fix mutation issue caused by settings/preferences spec
|
|
* Add missing fields group on preferences page
* Clean up settings/preferences controller
* Extract a UserSettingsDecorator
|
|
* Add render_views for admin/settings spec
* Add coverage for admin/settings#update
* Add coverage for admin/settings typecasting open_registrations setting
* Simplify how admin/settings finds the value for updating
* Rely on activerecord to not update a value that hasnt changed
* Add coverage for non-existent setting
* Use a constant for boolean settings
|
|
|
|
* Fix #2108 - Fix gif uploads
Add specs for media attachment gifv conversion
* Add ffmpeg to travis
* Make travis install ffmpeg, not libav
* Switch travis to trusty
|
|
* Fix possibility of unrightful webfinger redirect
* Add more tests for FollowRemoteAccountService
|
|
* fix character escaping in URL
* add tests
* put a comma after the last item
* add HTML escape test
|
|
* Add routing specs for accounts followers and following actions
* Use more restful route naming for public account follow pages
Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index
Adds routing spec to ensure prior URLs are preserved.
|
|
|
|
|
|
* Extract detect_language to separate class
* Use default locale, not just en
* Add spec to confirm that whatlanguage cant identify empty string
* Allow account locale to override default in language detector
* PostStatusService supplies an account to detect language
|
|
|
|
* Add admin/instances index action
* Add link to instances admin page
* View lists instances
* Instances, grouped by domain, ordered by count
* Use Account.remote scope
* Extract method: Account.by_domain_accounts
|
|
* Add a ReportFilter class
* Add reports and targeted_reports relationships to Account
* Use ReportFilter from admin/reports controller
* Link to admin/reports filtered views from admin account show view
* Add indexes to reports.account_id and reports.target_account_id
|
|
* Remove unused method #set_counters_maps from api controller
* Remove unused method #set_account_counters_maps from api controller
* Remove unused method Account#followers_domains
* Remove unused User.prolific scope
* Add mastodon:users:admins task to list all admin emails
* Use interpolated query style in Account.triadic_closures
* Coverage for Account.triadic_closures
|
|
|
|
* Move site title helper to instance helper (name change only)
* Remove newline in <title> tag
* Add site_hostname helper method to wrap up local_domain value
* Use site_hostname helper in places that need local_domain value
|
|
These were being skipped with `xit`, but we also just added the `unused` task to
the CI server, and it will be caught there. That seems good enough for this,
instead of requiring a full keys check on every local spec suite run.
|
|
* Add spec for media controller
* Add MediaAttachment.attached scope
* Simplify methods in media controller
|
|
This change includes:
- Improve the spec coverage for incoming request to the webfinger action
- For requests without an accept header (ie, what a browser might look like),
return a JSON response.
- For requests with an explicit format of xml or json, return that format.
- For requests using an accept header, return that format.
Also adds failing spec showing webfinger does not return xml, which covers the
issue described in: https://github.com/tootsuite/mastodon/issues/1983
|
|
|
|
|
|
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
|
|
* Add option to disable verify partial doubles
* Add show_landing_strip? helper method
* Use show_landing_strip? helper in accounts and stream entries views
* Fix naming in view specs
|
|
|
|
* Correct site_contact_email typo
* Separate about more page into partials, add specs
|
|
Devise changed their approach -
https://github.com/plataformatec/devise/commit/3f3ec236bb50a2ae8b0eede90d8f7ecd201d7dbb
This change silences a deprecation warning about `TestHelpers`
|
|
* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
recovery codes.
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes #563 and fixes #987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
|
|
* Begin coverage for account search service
* Coverage for hashtag query
* Coverage for calling local vs remote find based on domain presence
* Spec to check that exact matches are not duped
* Coverage of resolve option
* Coverage for account being provided
* Start to refactor account search service
* Isolate query username and domain methods
* Isolate exact_match method
* Extract methods for local and remote results
* Simplify local vs remote and account isoliation
* Extract methods for local and remote results
* Simplify de-dupe of exact match
* Simplify logic to check for non exact remotes
* Cache some methods
* Remove nil from exact_match from results array
* Return exact matches first
* Use find_remote even with no domain
Account.find_local is just an alias for Account.find_remote(user, nil) - so we
can not bother with the conditional here, and call find_remote directly.
|
|
* Refresh local info for remote accounts when webfinger returns new values
It only refreshes account info if one of the URLs or the public-key changes,
in which cases it refreshes the full info, re-downloading the feeds from that
user.
Some special handling should probably be done when the public key changes,
but I have been unable to find any use for it in Mastodon yet.
* Re-fetch remote users we aren't subscribed to.
This might induce performance issues, we might want to only do that for users
we explicitly attempted to subscribe but failed to.
* Refactor changes
* Do not refresh existing remote account details more than once a day
* Avoid re-fetching webfinger info in tests unless otherwise specified
|