about summary refs log tree commit diff
path: root/spec
AgeCommit message (Collapse)Author
2018-10-31Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-31Revert "Fix FetchAtomService content type handling (#9132)" (#9171)Eugen Rochko
This reverts commit c36a4a16178441968715e13c77859b1eb813c2af.
2018-10-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/auth/sessions_controller.rb Upstream reverted something we partially reverted already. Reverted the rest to match upstream.
2018-10-30Fix FetchAtomService content type handling (#9132)valerauko
* Add profile to json+ld in Accept It's required by the ActivityPub spec * Use headers['Content-type'] instead of mime_type mime_type strips the profile from the content type, but it's still available raw in the headers hash * Add test for ld+json with profile
2018-10-30Remove duplicate and outdated specsThibaut Girka
2018-10-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-30Do not hide boost notifications from followed people with hidden boosts (#9147)ThibG
* Do not hide boost notifications from followed people with hidden boosts Not displaying boosts from a followed user in the Home timeline and not having notifications when they reblog your own content are two very separate concerns, tying them together seem counter-intuitive and unwanted. * Update specs accordingly
2018-10-29Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-29Bump sanitize from 4.6.6 to 5.0.0 (#9140)Eugen Rochko
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-20fix: Execute PAM authentication tests on CircleCI (#9029)takayamaki
and use 'if' option of context block
2018-10-20Do not test PAM authentication by default (#9027)Eugen Rochko
* Do not test PAM authentication by default * Disable PAM tests if PAM is not enabled
2018-10-17Improve support for aspects/circles (#8950)Eugen Rochko
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-08rubocop issues - Cleaning up (#8912)ashleyhull-versent
* cleanup pass * undo mistakes * fixed. * revert
2018-10-08Replace SVG asset with Custom mascot (#8766)ashleyhull-versent
2018-10-07Add conversations API (#8832)Eugen Rochko
* Add conversations API * Add web UI for conversations * Add test for conversations API * Add tests for ConversationAccount * Improve web UI * Rename ConversationAccount to AccountConversation * Remove conversations on block and mute * Change last_status_id to be a denormalization of status_ids * Add optimistic locking
2018-10-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-05Leave unknown language as nil if account is remote (#8861)Jeong Arm
* Force use language detector if account is remote * Set unknown remote toot's language as nil
2018-10-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: db/migrate/20170716191202_add_hide_notifications_to_mute.rb spec/controllers/application_controller_spec.rb Took our version, upstream changes were only minor style linting.
2018-10-04lint pass 2 (#8878)aus-social
* Code quality pass * Typofix * Update applications_controller_spec.rb * Update applications_controller_spec.rb
2018-10-04Limit the number of people that can be followed from one account (#8807)Eugen Rochko
Configurable soft limit of 7,500, and above that, configurable ratio of 1.1 * followers, controlled by: - MAX_FOLLOWS_THRESHOLD - MAX_FOLLOWS_RATIO Fix #2311
2018-10-04Change admin accounts default sort to most recent (#8813)Eugen Rochko
2018-10-04Fix link verification for remote accounts (#8868)Eugen Rochko
2018-10-04Lint pass (#8876)aus-social
2018-10-01Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/lib/user_settings_decorator.rb app/models/user.rb app/serializers/initial_state_serializer.rb app/views/stream_entries/_simple_status.html.haml config/locales/simple_form.en.yml config/locales/simple_form.ja.yml config/locales/simple_form.pl.yml config/routes.rb
2018-09-28Support min_id-based pagination in REST API (#8736)Eugen Rochko
* Allow min_id pagination in Feed#get * Add min_id pagination to home and list timeline APIs * Add min_id pagination to account statuses, public and tag APIs * Remove unused stub in reports API * Use min_id pagination in notifications, favourites, and fix order * Fix HomeFeed#from_database not using paginate_by_id
2018-09-28Revert Font Awesome 5 upgrade (#8810)Eugen Rochko
* Revert "Fix some icon names changed by the Font Awesome 5. (#8796)" This reverts commit 3f9ec3de82c1a3879a2b092672f51c1caca76f5c. * Revert "Migrate to font-awesome 5.0. (#8799)" This reverts commit 8bae14591bfb4fc9dd9d89d8082ac0123b03edaa. * Revert "Fix some icons names, unavailable in fontawesome5 (free license). (#8792)" This reverts commit b9c727a945fea5afffb3e3a53279164adfc6e88f. * Revert "Update the icon name changed by the Font Awesome 5. (#8776)" This reverts commit 17af4d27da484fc35ecd4b4dce2443d24aa35d23. * Revert "Add bot icon to bot avatars and migrate to newer version of Font Awesome (#8484)" This reverts commit 4b794e134d427dbc716606324adb9a885a74abec.
2018-09-27Migrate to font-awesome 5.0. (#8799)Naoki Kosaka
2018-09-23Refactor active_nav_class for use with multiple paths (#8757)ThibG
2018-09-20Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-09-20Support link verification with redirects (#8735)Eugen Rochko
(e.g. URL shortener)
2018-09-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: Vagrantfile app/javascript/packs/public.js app/views/admin/settings/edit.html.haml app/views/settings/preferences/show.html.haml app/views/settings/profiles/show.html.haml config/locales/es.yml config/locales/simple_form.en.yml config/webpack/configuration.js config/webpack/loaders/babel.js package.json yarn.lock Split new additions to app/javascript/packs/public.js to app/javascript/core/settings.js
2018-09-19Fix failed profile verification when rel attribute including values other ↵Yamagishi Kazutoshi
than me (#8733)
2018-09-18Redesign forms, verify link ownership with rel="me" (#8703)Eugen Rochko
* Verify link ownership with rel="me" * Add explanation about verification to UI * Perform link verifications * Add click-to-copy widget for verification HTML * Redesign edit profile page * Redesign forms * Improve responsive design of settings pages * Restore landing page sign-up form * Fix typo * Support <link> tags, add spec * Fix links not being verified on first discovery and passive updates
2018-09-14Misc. typos (#8694)luzpaz
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-11Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/oauth/authorizations_controller.rb Just two changes being too close to one another. Took both.
2018-09-09Add force_login option to OAuth authorize page (#8655)Eugen Rochko
* Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
2018-09-08feat(cookies): Use the same-site attribute to lax (#8626)Sorin Davidoi
CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site.
2018-09-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: README.md Discarded upstream changes to the README, kept our version.
2018-09-02Add preference for report notification e-mails, skip for duplicates (#8559)Eugen Rochko
If an unresolved report for the same target account already exists, no new notification is generated
2018-08-31Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/views/stream_entries/_simple_status.html.haml - config/locales/nl.yml Deleted unused translation strings (themes) and adapted minor changes to _simple_status.html.haml
2018-08-31Fix autoplay issue with spoiler tag (#8540)Renato "Lond" Cerqueira
Add tests to avoid similar issues in the future
2018-08-30Add animate custom emoji param to embed pages (#8507)Renato "Lond" Cerqueira
* Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
2018-08-29Fix nil host in remotable (#8508)Renato "Lond" Cerqueira
Host can be nil in urls like 'https:https://example.com/path/file.png'
2018-08-29Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-08-29formatter spec fixes & clarification (#8481)sundevour
updates some "context" and "it" lines to have clearer explanations updates "context" lines to properly describe function input, and "it" lines to describe results
2018-08-28Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka