about summary refs log tree commit diff
path: root/spec
AgeCommit message (Collapse)Author
2022-02-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-08Remove language detection through cld3 (#17478)Eugen Rochko
* Remove language detection through cld3 * Update app/helpers/languages_helper.rb Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-07Fix structured data parsing from links choking on bad data (#17403)Eugen Rochko
* Fix structured data parsing from links choking on bad data - Fix og:url meta tag being prioritized over canonical link tag - Fix structured data parsing choking on commented-out CDATA declarations - Fix HTML entities in title, description, provider_name, author_name - Change structured data parsing to attempt every JSON-LD script tag * Remove unnecessary slash escapes from CDATA regex pattern
2022-02-07Fix replies collection incorrectly looping (#17462)Claire
* Refactor tests * Add tests * Fix replies collection incorrectly looping
2022-02-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `CHANGELOG.md`: Upstream added newlines. Conflicts are because the CHANGELOG was independently merged from 3.4.6 on last security update. Took upstream's version. - `app/helpers/context_helper.rb`: Conflicts because of extra vocabulary in glitch-soc. The conflicts were actually handled in last security merge. Kept our version.
2022-02-06Fix instance actor not being dereferenceable (#17457)Claire
* Add tests * Fix instance actor not being dereferenceable * Fix tests * Fix tests for real
2022-02-03Fix compacted JSON-LD possibly causing compatibility issues on forwarding ↵Claire
(#17428)
2022-02-02Fix compacted JSON-LD possibly causing compatibility issues on forwardingClaire
2022-01-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-28Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `Gemfile.lock`: Upstream-updated lib textually too close to glitch-soc-only dep. Updated like upstream.
2022-01-28Refactor and improve tests (#17386)Claire
* Change account and user fabricators to simplify and improve tests - `Fabricate(:account)` implicitly fabricates an associated `user` if no `domain` attribute is given (an account with `domain: nil` is considered a local account, but no user record was created), unless `user: nil` is passed - `Fabricate(:account, user: Fabricate(:user))` should still be possible but is discouraged. * Fix and refactor tests - avoid passing unneeded attributes to `Fabricate(:user)` or `Fabricate(:account)` - avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other way around - prefer `Fabricate(:user, account_attributes: …)` to `Fabricate(:user, account: Fabricate(:account, …)` - also, some tests were using remote accounts with local user records, which is not representative of production code.
2022-01-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `config/environments/production.rb`: Upstream changed a header but we had different default headers. Applied the same change, and also dropped HSTS headers redundant with Rails'.
2022-01-26Fix poll updates being saved as status edits (#17373)Eugen Rochko
Fix #17344
2022-01-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `spec/models/status_spec.rb`: Upstream added tests too close to glitch-soc-specific tests. Kept both tests.
2022-01-23Fix error-prone SQL queries (#15828)Claire
* Fix error-prone SQL queries in Account search While this code seems to not present an actual vulnerability, one could easily be introduced by mistake due to how the query is built. This PR parameterises the `to_tsquery` input to make the query more robust. * Harden code for Status#tagged_with_all and Status#tagged_with_none Those two scopes aren't used in a way that could be vulnerable to an SQL injection, but keeping them unchanged might be a hazard. * Remove unneeded spaces surrounding tsquery term * Please CodeClimate * Move advanced_search_for SQL template to its own function This avoids one level of indentation while making clearer that the SQL template isn't build from all the dynamic parameters of advanced_search_for. * Add tests covering tagged_with, tagged_with_all and tagged_with_none * Rewrite tagged_with_none to avoid multiple joins and make it more robust * Remove obsolete brakeman warnings * Revert "Remove unneeded spaces surrounding tsquery term" The two queries are not strictly equivalent. This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/lib/activitypub/activity/create.rb`: Upstream refactored how `Create` activities are handled and how values are extracted from `Create`d objects. This conflicted with how glitch-soc supported the `directMessage` flag to explicitly distinguish between limited and direct messages. Ported glitch-soc's changes to latest upstream changes. - `app/services/fan_out_on_write_service.rb`: Upstream largely refactored that file and changed some of the logic. This conflicted with glitch-soc's handling of the direct timeline and the options to allow replies and boosts in public feeds. Ported those glitch-soc changes on top of latest upstream changes. - `app/services/process_mentions_service.rb`: Upstream refactored to move mention-related ActivityPub deliveries to `ActivityPub::DeliveryWorker`, while glitch-soc contained an extra check to not send local-only toots to remote mentioned users. Took upstream's version, as the check is not needed anymore, since it is performed at the `ActivityPub::DeliveryWorker` call site already. - `app/workers/feed_insert_worker.rb`: Upstream added support for `update` toot events, while glitch-soc had support for an extra timeline support, `direct`. Ported upstream changes and extended them to the `direct` timeline. Additional changes: - `app/lib/activitypub/parser/status_parser.rb`: Added code to handle the `directMessage` flag and take it into account to compute visibility. - `app/lib/feed_manager.rb`: Extended upstream's support of `update` toot events to glitch-soc's `direct` timeline.
2022-01-19Add support for editing for published statuses (#16697)Eugen Rochko
* Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake
2022-01-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/views/admin/reports/show.html.haml`: Conflicts due to glitch-soc's theming system.
2022-01-17Add notifications for statuses deleted by moderators (#17204)Eugen Rochko
2022-01-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream introduced support for private pinned toots, but glitch-soc's query was a bit different as it filtered out local-only toots. Used upstream's query, while adding local-only filtering back. - `app/controllers/activitypub/collections_controller.rb`: Same thing with regards to local-only posts. - `app/validators/status_pin_validator.rb`: Not a real conflict, but the line below was different in glitch-soc due to the configurable pinned toots limit.
2022-01-17Add support for private pinned posts (#16954)Claire
* Add support for private pinned toots * Allow local user to pin private toots * Change wording to avoid "direct message"
2022-01-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream added some text, but our README is completely different. Kept our README unchanged.
2022-01-16Remove IP tracking columns from users table (#16409)Eugen Rochko
2021-12-18Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-12-17Add ability for admins to delete canonical email blocks (#16644)Claire
* Add admin option to remove canonical email blocks from a deleted account * Add tootctl canonical_email_blocks to inspect and remove canonical email blocks
2021-12-17Add ability to purge undeliverable domains from admin interface (#16686)Claire
* Add ability to purge undeliverable domains from admin interface * Add tests
2021-12-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/views/admin/pending_accounts/index.html.haml`: Removed upstream, while it had glitch-soc-specific changes to accomodate for glitch-soc's theming system. Removed the file. Additional changes: - `app/views/admin/accounts/index.html.haml': Accomodate for glitch-soc's theming system.
2021-12-05Add batch suspend for accounts in admin UI (#17009)Eugen Rochko
2021-11-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `.env.production.sample`: Copied upstream changes. - `app/controllers/settings/identity_proofs_controller.rb`: Minor conflict due to glitch-soc's extra “enable_keybase” setting. Upstream removed keybase support altogether, so did the same. - `app/controllers/well_known/keybase_proof_config_controller.rb`: Minor conflict due to glitch-soc's extra “enable_keybase” setting. Upstream removed keybase support altogether, so did the same. - `lib/mastodon/statuses_cli.rb`: Minor conflict due to an optimization that wasn't shared between the two versions. Copied upstream's version.
2021-11-26Fix admin statuses order(#16937) (#16969)Jeong Arm
* Fix #16937 * Add test for statuses order
2021-11-26Remove Keybase integration (#17045)Eugen Rochko
2021-11-26Revert "Fix trends admin page crashing"Claire
This reverts commit 5f10e64330635bfd609ba5acdd78fa505c12f5b1.
2021-11-26Fix trends admin page crashingClaire
2021-11-25Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/views/admin/tags/index.html.haml`: Removed upstream while it had changes in glitch-soc to accomodate for the theming system. Additional changes to accomodate for the theming system: - `app/views/admin/trends/links/preview_card_providers/index.html.haml` - `app/views/admin/trends/links/index.html.haml` - `app/views/admin/trends/tags/index.html.haml` - `app/views/admin/tags/show.html.haml`
2021-11-25Fix filtering DMs from non-followed users (#17042)Claire
2021-11-25Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-11-25Add trending links (#16917)Eugen Rochko
* Add trending links * Add overriding specific links trendability * Add link type to preview cards and only trend articles Change trends review notifications from being sent every 5 minutes to being sent every 2 hours Change threshold from 5 unique accounts to 15 unique accounts * Fix tests
2021-11-24Fix error when suspending user with an already-existing canonical email ↵Claire
block (#17036) * Fix error when suspending user with an already-existing canonical email block Fixes #17033 While attempting to create a `CanonicalEmailBlock` with an existing hash would raise an `ActiveRecord::RecordNotUnique` error, this being done within a transaction would cancel the whole transaction. For this reason, checking for uniqueness in Rails would query the database within the transaction and avoid invalidating the whole transaction for this reason. A race condition is still possible, where multiple accounts sharing a canonical email would be blocked in concurrent transactions, in which only one would succeed, but that is way less likely to happen that the current issue, and can always be retried after the first failure, unlike the current situation. * Add tests
2021-11-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-11-06Fix AccountNote not having a maximum length (#16942)Claire
2021-11-05Add support for structured data and more OpenGraph tags to link cards (#16938)Eugen Rochko
Save preview cards under their canonical URL Increase max redirects to follow from 2 to 3
2021-11-05Fix handling announcements with links (#16941)Claire
Broken since #15827
2021-10-25Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `.env.production.sample`: Upstream added new configuration options, uncommented by default. Commented them. - `Gemfile.lock`: Upstream updated dependencies textually close to glitch-soc-specific dependencies. Updated those upstream dependencies.
2021-10-21Fix some link previews being incorrectly generated from other prior links ↵Claire
(#16885) * Add tests * Fix some link previews being incorrectly generated from different prior links PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can be guessed from the URL. This caching mechanism is not perfectly correct as there is no guarantee that all pages from a given domain share the same OEmbed provider endpoint. This PR prevents the FetchOEmbedService from caching OEmbed endpoint that cannot be generalized by replacing a fully-qualified URL from the endpoint's parameters, greatly reducing the number of incorrect cached generalizations.
2021-10-21Add support for fetching Create and Announce activities by URI (#16383)Claire
* Add support for fetching Create and Announce activities by URI This should improve compatibility with ZAP and offer a way to fetch boosts, which is currently not possible. * Add tests
2021-10-18Add remove from followers api (#16864)Takeshi Umeda
* Add followed_by? to account_interactions * Add RemoveFromFollowersService * Fix AccountBatch to use RemoveFromFollowersService * Add remove from followers API
2021-10-14Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `README.md`: Upstream added some documentation in the README, but our README is pretty different and barebone. Kept our README.
2021-10-14Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/controllers/admin/dashboard_controller.rb`: Upstream completely redesigned the admin dashboard. glitch-soc tracked extra features, but that list is gone. Followed upstram. - `app/views/admin/dashboard/index.html.haml` Upstream completely redesigned the admin dashboard. glitch-soc tracked extra features, but that list is gone. Followed upstram.
2021-10-14Allow keeping only 1 boosts/favs on auto deleting posts (#16653)Jeong Arm
* Allow keeping 1 boosts/favs on auto deleting posts * Fix tests