about summary refs log tree commit diff
path: root/spec
AgeCommit message (Collapse)Author
2020-02-27**MAJOR**: port tootsuite#13161 to monsterfork: Fix leak of arbitrary ↵Eugen Rochko
statuses through unfavourite action in REST API
2020-02-21port tootsuite#12262 to monsterfork: Fix remote media descriptions being cut ↵ThibG
off at 420 chars * Fix remote media descriptions being cut off at 420 chars Fixes #12258 * Fix tests
2020-02-21port tootsuite#12562 to monsterfork: Fix media attachments without file ↵Eugen Rochko
being uploadable Fix #12554
2020-02-21port tootsuite#12748 to monsterfork: Fix base64-encoded file uploads not ↵Eugen Rochko
being possible Fix #3804, Fix #5776
2020-02-21port tootsuite#11138 to monsterfork: Change domain blocks to automatically ↵Eugen Rochko
support subdomains * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style
2020-02-21port tootsuite#11638 to monsterfork: Fix remote and staff-removed statuses ↵Eugen Rochko
leaving media behind for a day The reason for unattaching media instead of removing it is to support delete & redraft functionality, but remote or staff-removed statuses will never be redrafted, so the media should be deleted immediately
2020-02-21port tootsuite#11292 to monsterfork: Add whitelist modeEugen Rochko
2020-02-21port tootsuite#11375: Change unconfirmed user login behaviourEugen Rochko
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
2020-02-21port tootsuite#11702 to monsterfork: Fix uncaught parameter missing ↵Eugen Rochko
exceptions and missing error templates
2020-02-21port tootsuite#8657: Change locale detection to run once per sessionEugen Rochko
Fix #6462
2020-02-20port tootsuite/#12125 to monsterfork: Fix attachment not being re-downloaded ↵Eugen Rochko
even if file is not stored Change the behaviour of remotable concern. Previously, it would skip downloading an attachment if the stored remote URL is identical to the new one. Now it would not be skipped if the attachment is not actually currently stored by Paperclip.
2020-02-20Change signature verification to ignore signatures with invalid host (#13033)Eugen Rochko
Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011
2020-02-20Add a nodeinfo endpoint (#12002)Eugen Rochko
* Add nodeinfo endpoint * dont commit stuff from my local dev * consistant naming since we implimented 2.1 schema * Add some additional node info stuff * Add nodeinfo endpoint * dont commit stuff from my local dev * consistant naming since we implimented 2.1 schema * expanding this to include federation info * codeclimate feedback * CC feedback * using activeserializers seems like a good idea... * get rid of draft 2.1 version * Reimplement 2.1, also fix metaData -> metadata * Fix metaData -> metadata here too * Fix nodeinfo 2.1 tests * Implement cache for monthly user aggregate * Useless * Remove ostatus from the list of supported protocols * Fix nodeinfo's open_registration reading obsolete setting variable * Only serialize domain blocks with user-facing limitations * Do not needlessly list noop severity in nodeinfo * Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone * Enable caching for nodeinfo endpoints * Fix rendering nodeinfo * CodeClimate fixes * Please CodeClimate * Change InstancePresenter#active_user_count_months for clarity * Refactor NodeInfoSerializer#metadata * Remove nodeinfo 2.1 support as the schema doesn't exist * Clean-up
2020-01-20Original upstream mergeThibG
2020-01-10switch (back) to postgres fts engine for fast search & timeline filtersmultiple creatures
2019-12-12add ability for post authors to kick jerks out of their threadsmultiple creatures
2019-12-11move sharekeys & import metadata to own tablesmultiple creatures
2019-12-11move normalized text into own tablemultiple creatures
2019-11-19Do not misattribute inlined boosts if `attributedTo` isn't present (#10967)ThibG
* Do not misattribute inlined boosts if `attributedTo` isn't present Fixes #10950 * Fix tests
2019-11-19Fix poll API not requiring authentication on non-public polls (#10960)Eugen Rochko
* Fix poll API not requiring authentication on non-public polls That API does not reveal the content of the status, i.e. the question itself, nor who the author is, nor which status it belongs to, but it does reveal the poll options and how many answers they got Fix #10959 * Add test
2019-11-19Fix NotifyService test with regards to reblogs (#10928)ThibG
Fixes #10890
2019-11-19Add `account_id` param to `GET /api/v1/notifications` (#10796)Paul Woolcock
* Add `from_account` to notifications API this adds the ability to filter notifications by the account they originated from * passing a non-existent user should cause none to be returned * Fix codeclimate warnings * fix more codeclimate warnings * make requested changes: * use account id instead of user@domain * name the param `account_id` instead of `from_account` * Don't use `return` in a lambda
2019-08-07add option to automatically space out boosts over configurable random intervalsmultiple creatures
2019-08-06added ability to link accounts with `account:link:token` + ↵multiple creatures
`account:link:add` & switch between them with `i:am`/`we:are` bangtags; remove links with `account:link:del:USERNAME` or `account:link:clear`; list links with `account:link:list`
2019-07-30add a domain policy viewer at `/policies`multiple creatures
2019-07-24revert the current unfinished chat implementationmultiple creatures
2019-07-23add self-destructing roars & `live`/`lifespan` bangtagsmultiple creatures
2019-07-15local visibility scope, chat scope+tags, unlisted tagsmultiple creatures
2019-05-21Drop remaining OStatus and PuSH code, as well as related database items.multiple creatures
2019-05-21Second round of Rspec fixes.multiple creatures
2019-05-21RSpec: Test for correct media description limit.multiple creatures
2019-05-21Remove automatic language detection.multiple creatures
2019-05-21Drop OStatus support. Fix some of the Rspec tests.multiple creatures
2019-05-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-05-19Fix “invited by” not showing up for invited accounts in admin interface ↵ThibG
(#10791)
2019-05-18Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-05-18Prevent from publicly boosting one's own private toots (#10775)ThibG
2019-05-15Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-05-14Record account suspend/silence time and keep track of domain blocks (#10660)ThibG
* Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive
2019-05-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/statuses_controller.rb minor conflict because of glitch-soc's theming system - app/controllers/stream_entries_controller.rb minor conflict because of glitch-soc's theming system
2019-05-09Prevent silenced local users from notifying remote users not following them ↵ThibG
(#10575) * Prevent silenced local users from notifying remote users not following them This is an attempt to extend the local restrictions of silenced users to the federation. * Add tests * Add tests for making sure private status don't get sent over OStatus
2019-05-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/media_attachment.rb
2019-05-03Change e-mail whitelist/blacklist to not be checked when invited (#10683)Eugen Rochko
* Change e-mail whitelist/blacklist to not be checked when invited And only when creating an account, not when updating it later Fix #10648 * Fix test
2019-05-03Provide a link to existing domain block when trying to block an ↵ThibG
already-blocked domain (#10663) * When trying to block an already-blocked domain, provide a link to the block * Fix styling for links in flash messages * Allow blocks to be upgraded but not downgraded
2019-05-02Check that an invite link is valid before bypassing approval mode (#10657)ThibG
* Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
2019-04-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-04-10Fix Keybase verification using wrong domain for remote accounts (#10547)Eugen Rochko
2019-04-10compare usernames case-insensitively on new proof creation flow (#10544)Alex Gessner
* compare usernames case-insensitively on new proof creation flow * Fix code style issue
2019-04-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/views/admin/pending_accounts/index.html.haml No real conflict, upstream changes too close to glitch-specific theming system changes. - config/navigation.rb Upstream redesigned the settings navigation, took those changes and re-inserted the flavours menu.
2019-04-10Add invite request to pending account notification e-mail (#10528)Eugen Rochko
Fix sorting of the pending accounts page