about summary refs log tree commit diff
path: root/spec
AgeCommit message (Collapse)Author
2018-12-10Add specs for Admin::InvitesController (#9471)ysksn
2018-12-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/javascript/packs/public.js - app/models/user.rb - config/settings.yml - db/schema.rb Moved public.js changes to settings.js.
2018-12-07Remove pending spec (#9453)ysksn
2018-12-07Add specs for ActivityPub::InboxesController (#9456)ysksn
2018-12-07Add specs for Admin::AccountModerationNotesHelper (#9455)ysksn
2018-12-07Remove pending spec (#9454)ysksn
Since dots are not allowed in username, this spec is no longer needed.
2018-12-07Add specs for AccountTagStat model (#9452)ysksn
2018-12-06Add profile directory (#9427)Eugen Rochko
Fix #5578
2018-12-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-12-06Remove pending spec (#9442)ysksn
`#from_account` isn't defined.
2018-12-06Add spec for Identity.find_for_oauth (#9441)ysksn
2018-12-05Fix thread depth computation in statuses_controller (#9426)ThibG
* Add test that should currently fail * Fix depth computation (will still fail if statuses have been filtered out) * Fix handling of broken threads
2018-11-28Add specs for list replies policyThibaut Girka
2018-11-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/status.rb Resolved by taking both changes (not a real conflict, just changes too close to each other).
2018-11-27Allow hyphens in the middle of remote user names (#9345)ThibG
Fixes #9309 This only allows hyphens in the middle of a username, much like dots, although I don't have a compelling reason to do so other than keeping the changes minimal.
2018-11-26Redesign admin accounts index (#9340)Eugen Rochko
* Improve overview of accounts in admin UI - Display suspended status, role, last activity and IP prominently - Default to showing local accounts - Default to not showing suspended accounts * Remove unused strings * Fix tests * Allow filtering accounts by IP mask
2018-11-25Ensure replied-to is a status not a boost (#9129)valerauko
* Ensure replied-to is a status not a boost * Consider case of not a reply * Add test case for replying to boost * Move reblog-reply resolution to model * Remove unnecessary comment
2018-11-24Sort self-replies to the top of descendants (#9320)Eugen Rochko
Fix #6463
2018-11-22Fix connect timeout not being enforced (#9329)Eugen Rochko
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
2018-11-22Ignore JSON-LD profile in mime type comparison (#9179)valerauko
Ignore JSON-LD profile in mime type comparison
2018-11-19Extract counters from accounts table to account_stats table (#9295)Eugen Rochko
2018-11-16Remove intermediary arrays when creating hash maps from results (#9291)Eugen Rochko
2018-11-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-11-08Optimize the process of following someone (#9220)Eugen Rochko
* Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
2018-11-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-11-05Allow joining several hashtags in a single column (#8904)James Kiesel
* Nascent tag menu on frontend * Hook up frontend to search * Tag intersection backend first pass * Update yarnlock * WIP * Fix for tags not searching correctly * Make radio buttons function * Simplify radio buttons with modeOption * Better naming * Rearrange options * Add all/any/none functionality on backend * Small PR cleanup * Move to service from scope * Small cleanup, add proper service tests * Don't use send with user input :D * Set appropriate column header * Handle auto updating timeline * Fix up toggle function * Use tag value correctly * A bit more correct to use 'self' rather than 'all' in status scope * Fix some style issues * Fix more code style issues * Style select dropdown more better * Only use to_id'ed value to ensure no SQL injection * Revamp frontend to allow for multiple selects * Update backend / col header to account for more flexible tagging * Update brakeman ignore * Codeclimate suggestions * Fix presenter tag_url * Implement initial PR feedback * Handle additional tag streaming * CodeClimate tweak
2018-10-31Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-31Revert "Fix FetchAtomService content type handling (#9132)" (#9171)Eugen Rochko
This reverts commit c36a4a16178441968715e13c77859b1eb813c2af.
2018-10-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/auth/sessions_controller.rb Upstream reverted something we partially reverted already. Reverted the rest to match upstream.
2018-10-30Fix FetchAtomService content type handling (#9132)valerauko
* Add profile to json+ld in Accept It's required by the ActivityPub spec * Use headers['Content-type'] instead of mime_type mime_type strips the profile from the content type, but it's still available raw in the headers hash * Add test for ld+json with profile
2018-10-30Remove duplicate and outdated specsThibaut Girka
2018-10-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-30Do not hide boost notifications from followed people with hidden boosts (#9147)ThibG
* Do not hide boost notifications from followed people with hidden boosts Not displaying boosts from a followed user in the Home timeline and not having notifications when they reblog your own content are two very separate concerns, tying them together seem counter-intuitive and unwanted. * Update specs accordingly
2018-10-29Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-29Bump sanitize from 4.6.6 to 5.0.0 (#9140)Eugen Rochko
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-20fix: Execute PAM authentication tests on CircleCI (#9029)takayamaki
and use 'if' option of context block
2018-10-20Do not test PAM authentication by default (#9027)Eugen Rochko
* Do not test PAM authentication by default * Disable PAM tests if PAM is not enabled
2018-10-17Improve support for aspects/circles (#8950)Eugen Rochko
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-08Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-08rubocop issues - Cleaning up (#8912)ashleyhull-versent
* cleanup pass * undo mistakes * fixed. * revert
2018-10-08Replace SVG asset with Custom mascot (#8766)ashleyhull-versent
2018-10-07Add conversations API (#8832)Eugen Rochko
* Add conversations API * Add web UI for conversations * Add test for conversations API * Add tests for ConversationAccount * Improve web UI * Rename ConversationAccount to AccountConversation * Remove conversations on block and mute * Change last_status_id to be a denormalization of status_ids * Add optimistic locking
2018-10-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-05Leave unknown language as nil if account is remote (#8861)Jeong Arm
* Force use language detector if account is remote * Set unknown remote toot's language as nil
2018-10-05Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: db/migrate/20170716191202_add_hide_notifications_to_mute.rb spec/controllers/application_controller_spec.rb Took our version, upstream changes were only minor style linting.
2018-10-04lint pass 2 (#8878)aus-social
* Code quality pass * Typofix * Update applications_controller_spec.rb * Update applications_controller_spec.rb
2018-10-04Limit the number of people that can be followed from one account (#8807)Eugen Rochko
Configurable soft limit of 7,500, and above that, configurable ratio of 1.1 * followers, controlled by: - MAX_FOLLOWS_THRESHOLD - MAX_FOLLOWS_RATIO Fix #2311