about summary refs log tree commit diff
path: root/spec
AgeCommit message (Collapse)Author
2021-10-13Fix error when rendering public pages with media attachments (#16763)Claire
* Add tests * Fix error when rendering public pages with media attachments * Add tests * Fix tests * Please CodeClimate
2021-10-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-10-06Fix media attachment size validation not correctly accounting for file type ↵Claire
(#16819) * Fix media attachment size validation not correctly accounting for file type Fixes a regression introduced in #16724 caused by the fact that kt-paperclip now correctly runs validations before processing, meaning that file size verification could not rely on our before_post_processing hook. Moved the `before_post_processing` hooks to `before_validate` to make sure the media attachment type is set correctly before the file gets validated. * Add tests
2021-09-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-30Fix webauthn secure key authentication (#16792)Claire
* Add tests * Fix webauthn secure key authentication Fixes #16769
2021-09-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/models/custom_emoji.rb`: Slight refactor upstream, next to a line that was different in glitch-soc because of our local configurable limits on custom emoji size. Ported upstream changes. - `yarn.lock`: Not really a conflict, upstream dependency textually too close to a glitch-soc-only dependency. Updated upstream dependency as upstream.
2021-09-29Switch from unmaintained paperclip to kt-paperclip (#16724)Claire
* Switch from unmaintained paperclip to kt-paperclip * Drop some compatibility monkey-patches not required by kt-paperclip * Drop media spoof check monkey-patching It's broken with kt-paperclip and hopefully it won't be needed anymore * Fix regression introduced by paperclip 6.1.0 * Do not rely on pathname to call FastImage * Add test for ogg vorbis file with cover art * Add audio/vorbis to the accepted content-types This seems erroneous as this would be the content-type for a vorbis stream without an ogg container, but that's what the `marcel` gem outputs, so… * Restore missing for_as_default method * Refactor Attachmentable concern and delay Paperclip's content-type spoof check Check for content-type spoofing *after* setting the extension ourselves, this fixes a regression with kt-paperclip's validations being more strict than paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown extensions. * Please CodeClimate * Add audio/vorbis to the unreliable set It doesn't correspond to a file format and thus has no extension associated.
2021-09-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `streaming/index.js`: Filtering code for streaming notifications has been refactored upstream, but glitch-soc had similar code for local-only toots in the same places. Ported upstream changes, but did not refactor local-only filtering.
2021-09-26Change routing paths to use usernames in web UI (#16171)Eugen Rochko
2021-09-19Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-15Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16744) Follow-up to #16510, forgot the controller exposing the actual followers…
2021-09-14Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-13Stop setting a shortcode to newly-created media attachments (#16730)Claire
* Stop setting a shortcode to newly-created media attachments The WebUI has stopped using the “short media URL” in ages. This isn't used anywhere except for mail notifications. Deprecating it would allow us to eventually get rid of at least a database column and corruption-prone index, as well as a controller. * Fix tests
2021-09-08Fix addressing of remote groups' followers (#16700)Claire
Fixes #16699
2021-09-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-01Fix processing mentions to domains with non-ascii TLDs (#16689)Claire
Fixes #16602
2021-08-27Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-25Fix authentication failures after going halfway through a sign-in attempt ↵Claire
(#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-20Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-20Add tests for SuspendAccountService and UnsuspendAccountService (#16627)Claire
* Add tests for SuspendAccountService * Add tests for UnsuspendAccountService
2021-08-11Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16510) * Fix followers synchronization mechanism not working when URI has empty path To my knowledge, there is no current implementation on the fediverse that can use bare domains (e.g., actor is at https://example.org instead of something like https://example.org/actor) that also plans to support the followers synchronization mechanism. However, Mastodon's current implementation would exclude such accounts from followers list. Also adds tests and rename them to reflect the proper method names. * Move url prefix regexp to its own constant
2021-08-11Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-11Fix crash when encountering invalid account fields (#16598)Claire
* Add test * Fix crash when encountering invalid account fields
2021-08-09Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `Gemfile.lock`: Not a real conflict, upstream-updated dependency (redis) textually too close to glitch-soc-only dependecy. Updated redis gem like upstream did.
2021-08-09Add feature to automatically delete old toots (#16529)Claire
* Add account statuses cleanup policy model * Record last inspected toot to delete to speed up successive calls to statuses_to_delete * Add service to cleanup a given account's statuses within a budget * Add worker to go through account policies and delete old toots * Fix last inspected status id logic All existing statuses older or equal to last inspected status id must be kept by the current policy. This is an invariant that must be kept so that resuming deletion from the last inspected status remains sound. * Add tests * Refactor scheduler and add tests * Add user interface * Add support for discriminating based on boosts/favs * Add UI support for min_reblogs and min_favs, rework UI * Address first round of review comments * Replace Snowflake#id_at_start with with_random parameter * Add tests * Add tests for StatusesCleanupController * Rework settings page * Adjust load-avoiding mechanisms * Please CodeClimate
2021-08-08Fix owned account notes not being deleted when an account is deleted (#16579)Claire
* Add account_notes relationship * Add tests * Fix owned account notes not being deleted when an account is deleted * Add post-migration to clean up orphaned account notes
2021-07-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-07-14Fix user email address being banned on self-deletion (#16503)Claire
* Add tests * Fix user email address being banned on self-deletion Fixes #16498
2021-07-13Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `CONTRIBUTING.md`: Upstream file has changed and we're quoting it. Ported the changes. - `README.md`: Upstream file has changed but we have a completely different one. Kept our version. - `lib/mastodon/version.rb`: Upstream has changed from `tootsuite/mastodon` to `mastodon/mastodon`, but we're still `glitch-soc/mastodon`. Kept our version. - `spec/presenters/instance_presenter_spec.rb`: Upstream has changed from `tootsuite/mastodon` to `mastodon/mastodon`, but we're still `glitch-soc/mastodon`. Kept our version.
2021-07-13Change references to tootsuite/mastodon to mastodon/mastodon (#16491)Claire
* Change references to tootsuite/mastodon to mastodon/mastodon * Remove obsolete test fixture * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG And a few other places
2021-07-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `app/helpers/accounts_helper.rb`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change. - `app/views/accounts/_header.html.haml`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change. - `app/views/directories/index.html.haml`: Conflict due to upstream changing how followers count is displayed while we have an option to hide followers count. Ported upstream change.
2021-07-08Add ability to skip sign-in token authentication for specific users (#16427)Eugen Rochko
Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-07-07Add tests for BootstrapTimelineService (#16476)Claire
2021-07-05Fix typo in tag_feed_spec.rb (#16466)Ikko Ashimine
existant -> existent
2021-07-03Fix anonymous access to outbox not being cached by the reverse proxy (#16458)Claire
* Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes
2021-06-23Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-06-21Fix serialization of followers/following counts when user hides their ↵Claire
network (#16418) * Add tests * Fix serialization of followers/following counts when user hides their network Fixes #16382 Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-06-21Add authentication history (#16408)Eugen Rochko
2021-05-10Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-05-10Fix blocking someone not clearing up list feeds (#16205)Claire
2021-05-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-05-07Remove PubSubHubbub-related columns from accounts table (#16170)Eugen Rochko
2021-05-07Merge branch 'main' into glitch-soc/merge-upstreamClaire
- `app/views/statuses/_simple_status.html.haml`: Small markup change in glitch-soc, on a line that has been modified by upstream. Ported upstream changes.
2021-05-07Change trending hashtags to be affected be reblogs (#16164)Eugen Rochko
If a status with a hashtag becomes very popular, it stands to reason that the hashtag should have a chance at trending Fix no stats being recorded for hashtags that are not allowed to trend, and stop ignoring bots Remove references to hashtags in profile directory from the code and the admin UI
2021-05-07Add joined date to profiles in web UI (#16169)Eugen Rochko
2021-05-06Add Ruby 3.0 support (#16046)Claire
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0 Also improve the Terrapin monkey-patch for the stderr/stdout issue. * Fix keyword argument handling throughout the codebase * Monkey-patch Paperclip to fix keyword arguments handling in validators * Change validation_extensions to please CodeClimate * Bump microformats from 4.2.1 to 4.3.1 * Allow Ruby 3.0 * Add Ruby 3.0 test target to CircleCI * Add test for admin dashboard warnings * Fix admin dashboard warnings on Ruby 3.0
2021-05-03Change confirmations controller to redirect to / for approved users (#16151)Claire
Clicking the confirmation link multiple times currently leads to entering account settings, which can be confusing. This commit changes that so that it redirects to the root path, so it behaves the same way as clicking only once in most cases.
2021-04-25Improve tag search query (#16104)abcang
2021-04-24Change auto-following admin-selected accounts, show in recommendations (#16078)Eugen Rochko
2021-04-23Fix edge case where accepted follow cannot be processed because of follow ↵Claire
limit (#16098)