about summary refs log tree commit diff
path: root/spec
AgeCommit message (Collapse)Author
2019-07-28Revert "Remove conversation URI (#11423)" (#11424)Eugen Rochko
This reverts commit 75f7f9930eb2a6f5c4041ec44fe0aa795c9ec449.
2019-07-28Remove conversation URI (#11423)Eugen Rochko
It is not part of ActivityPub and will free up a lot of space
2019-07-27Implement pending tests (#11415)ysksn
2019-07-27Add search syntax for operators and phrases (#11411)Eugen Rochko
2019-07-26Fix invites not being disabled upon account suspension (#11412)ThibG
* Disable invite links from disabled/suspended users * Add has_many invites relationship to users * Destroy unused invites when suspending an account
2019-07-24 Don't delete periods when validating username uniqueness (#11392) (#11400)Rey Tucker
* Check to make sure usernames with '.' cannot be created * Add test for instance actor account name conflicts This makes sure that migration 20190715164535_add_instance_actor won't fail if there's already an account that is named the same as the domain (minus the .) * Put the test into the correct context... * Add another test to split this into two validations * Don't delete periods when validating username uniqueness (#11392) The 20190715164535_add_instance_actor migration fails if there's already a username similar to the domain name, e.g. if you are 'vulpine.club' and have a user named 'vulpineclub', validation fails. Upon further review, usernames with periods are dropped by the regular expression in the Account class, so we don't need to worry about it here. Fixes #11392
2019-07-22Change unconfirmed user login behaviour (#11375)Eugen Rochko
Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
2019-07-21Play animated custom emoji on hover (#11348)ThibG
* Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup
2019-07-21Change locale detection to run once per session (#8657)Eugen Rochko
Fix #6462
2019-07-21Remove WebSub subscriptions (#11303)Eugen Rochko
2019-07-19Disallow numeric-only hashtags (#11363)ThibG
* Add spec covering numeric-only hashtags * Fix hashtag regex
2019-07-19Fix sanitizing lists contents (#11354)ThibG
* Add test * Fix code for sanitizing nested lists stripping all tags
2019-07-19Add ActivityPub actor representing the entire server (#11321)ThibG
* Add support for an instance actor * Skip username validation for local Application accounts * Add migration script to create instance actor * Make Codeclimate happy * Switch to id -99 for instance actor * Remove unused `icon` and `image` attributes from instance actor * Use if/elsif/else instead of return + ternary operator * Add instance actor to fresh installs * Use instance actor as instance representative Use instance actor for forwarding reports, relay operations, and spam auto-reporting. * Seed database in test environment * Fix single-user mode * Fix tests * Fix specs to accomodate for an extra `Account` * Auto-reject follows on instance actor Following an instance actor might make sense, but we are not handling that right now, so auto-reject. * Fix webfinger lookup and serialization for instance actor * Rename instance actor * Make it clear in the HTML view that the instance actor should not be blocked * Raise cache time for instance actor as there's no dynamic content * Re-use /about/more with a flash message for instance actor profile
2019-07-18Fix only one middle dot being recognized in hashtags (#11345)Eugen Rochko
Fix #10934
2019-07-18Change language detection to include hashtags as words (#11341)Eugen Rochko
2019-07-13Add a spam check (#11217)Eugen Rochko
* Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
2019-07-11Add ActivityPub secure mode (#11269)Eugen Rochko
* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
2019-07-11Add HTTP signatures to all outgoing ActivityPub GET requests (#11284)Eugen Rochko
2019-07-10Refactor fetching of remote resources (#11251)Eugen Rochko
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-07-08Remove unused remote unfollow controller (#11250)Eugen Rochko
2019-07-08Refactor controllers for statuses, accounts, and more (#11249)Eugen Rochko
2019-07-07Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ↵Eugen Rochko
(#11247)
2019-07-06Remove Salmon and PubSubHubbub (#11205)Eugen Rochko
* Remove Salmon and PubSubHubbub endpoints * Add error when trying to follow OStatus accounts * Fix new accounts not being created in ResolveAccountService
2019-07-05Remove deprecated REST API `GET /api/v1/statuses/:id/card` (#11213)Eugen Rochko
2019-07-05Remove deprecated REST API `GET /api/v1/timelines/direct` (#11212)Eugen Rochko
2019-07-02Add request pool to improve delivery performance (#10353)Eugen Rochko
* Add request pool to improve delivery performance Fix #7909 * Ensure connection is closed when exception interrupts execution * Remove Timeout#timeout from socket connection * Fix infinite retrial loop on HTTP::ConnectionError * Close sockets on failure, reduce idle time to 90 seconds * Add MAX_REQUEST_POOL_SIZE option to limit concurrent connections to the same server * Use a shared pool size, 512 by default, to stay below open file limit * Add some tests * Add more tests * Reduce MAX_IDLE_TIME from 90 to 30 seconds, reap every 30 seconds * Use a shared pool that returns preferred connection but re-purposes other ones when needed * Fix wrong connection being returned on subsequent calls within the same thread * Reduce mutex calls on flushes from 2 to 1 and add test for reaping
2019-06-28Add categories for custom emojis (#11196)Eugen Rochko
Fix #7940
2019-06-27Fix account URI in UpdatePollSerializer (#11194)ThibG
* Fix account URI in UpdatePollSerializer Fixes #11185 * Add specs
2019-06-26Add support for Audio activities (#11189)ThibG
Fixes #11127
2019-06-25Apply filters to poll options (#11174)ThibG
* Apply filters to poll options in WebUI Fixes #11128 * Apply filters to poll options server-side * Add poll options to searchable text
2019-06-22Change domain blocks to automatically support subdomains (#11138)Eugen Rochko
* Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style
2019-06-20Add moderation API (#9387)Eugen Rochko
Fix #8580 Fix #7143
2019-06-16Fix sanitizer making block level elements unreadable (#10836)Eugen Rochko
Fix #10834
2019-06-07Change /settings/preferences to redirect to appearance, add ↵Eugen Rochko
/settings/preferences/other (#10988)
2019-06-07Change preferences page into appearance, notifications, and other (#10977)Eugen Rochko
2019-06-04Do not misattribute inlined boosts if `attributedTo` isn't present (#10967)ThibG
* Do not misattribute inlined boosts if `attributedTo` isn't present Fixes #10950 * Fix tests
2019-06-04Fix poll API not requiring authentication on non-public polls (#10960)Eugen Rochko
* Fix poll API not requiring authentication on non-public polls That API does not reveal the content of the status, i.e. the question itself, nor who the author is, nor which status it belongs to, but it does reveal the poll options and how many answers they got Fix #10959 * Add test
2019-06-02Fix NotifyService test with regards to reblogs (#10928)ThibG
Fixes #10890
2019-05-21Update remote bio test from 160 to 500 (#10799)trwnh
2019-05-21Add `account_id` param to `GET /api/v1/notifications` (#10796)Paul Woolcock
* Add `from_account` to notifications API this adds the ability to filter notifications by the account they originated from * passing a non-existent user should cause none to be returned * Fix codeclimate warnings * fix more codeclimate warnings * make requested changes: * use account id instead of user@domain * name the param `account_id` instead of `from_account` * Don't use `return` in a lambda
2019-05-19Change bio limit from 160 to 500 (#10790)trwnh
* Change note_length validator from 160 to 500 * Change input maxlength from 160 to 500 * update bio test from 160 to 500 * Multiply a string 30 times instead of 10
2019-05-19Fix “invited by” not showing up for invited accounts in admin interface ↵ThibG
(#10791)
2019-05-18Prevent from publicly boosting one's own private toots (#10775)ThibG
2019-05-14Record account suspend/silence time and keep track of domain blocks (#10660)ThibG
* Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive
2019-05-09Prevent silenced local users from notifying remote users not following them ↵ThibG
(#10575) * Prevent silenced local users from notifying remote users not following them This is an attempt to extend the local restrictions of silenced users to the federation. * Add tests * Add tests for making sure private status don't get sent over OStatus
2019-05-03Change e-mail whitelist/blacklist to not be checked when invited (#10683)Eugen Rochko
* Change e-mail whitelist/blacklist to not be checked when invited And only when creating an account, not when updating it later Fix #10648 * Fix test
2019-05-03Provide a link to existing domain block when trying to block an ↵ThibG
already-blocked domain (#10663) * When trying to block an already-blocked domain, provide a link to the block * Fix styling for links in flash messages * Allow blocks to be upgraded but not downgraded
2019-05-02Check that an invite link is valid before bypassing approval mode (#10657)ThibG
* Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
2019-04-10Fix Keybase verification using wrong domain for remote accounts (#10547)Eugen Rochko