Commit graph

1406 commits

Author SHA1 Message Date
Francis Murillo
3a11a90dd3 Revoke all authorized applications on password reset ()
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 15:47:06 +01:00
Meisam
ad2610c413 Validate nodeinfo response by schema ()
* add json-schema to :test in Gemfile

* Create node_info_2.0_schema.json

* test match_response_schema

* Create match_response_schema.rb

* Update nodeinfo_controller_spec.rb

* Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json

* Update match_response_schema.rb

* cleanup

* additionally validate the json schema itself

disable throwing errors

test the schema matcher

* rename nodeinfo schema to nodeinfo_2.0

* use Rails.root.join to construct the path

* prettify json

* sync Gemfile.lock
2022-12-15 15:43:05 +01:00
Claire
d4e4d272e1 Fix 500 error when trying to migrate to an invalid address ()
* Fix 500 error when trying to migrate to an invalid address

* Add tests
2022-12-07 02:35:39 +01:00
Francis Murillo
5ad9fea52a Log admin approve and reject account ()
* Log admin approve and reject account

* Add unit tests for approve and reject logging
2022-12-07 00:25:18 +01:00
Claire
aec7de494f Fix unbounded recursion in account discovery ()
* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
2022-12-07 00:15:24 +01:00
Claire
b97260426b Fix irreversible and whole_word parameters handling in /api/v1/filters ()
Fixes 
2022-12-07 00:10:53 +01:00
Claire
be16e6f26c Fix attachments of edited statuses not being fetched ()
* Fix attachments of edited statuses not being fetched

* Fix tests
2022-11-27 20:39:05 +01:00
Claire
655ad99a37 Fix not being able to follow more than one hashtag ()
Fixes regression from 
2022-11-21 10:35:09 +01:00
David Leadbeater
72a60150de Don't allow URLs that contain non-normalized paths to be verified ()
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since  https is required.

* missing do
2022-11-20 19:28:13 +01:00
Rose
b54c639482 Fix style for hashes ()
* Fix style for hashes

Make the style for hashes consistent.

* New style

More consistency
2022-11-17 11:05:39 +01:00
lenore gilbert
498e9478c7 Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes ()
* Allow import/export of instance-level domain blocks/allows ()

* Allow import/export of instance-level domain blocks/allows.
Fixes 

* Pacify circleci

* Address simple code review feedback

* Add headers to exported CSV

* Extract common import/export functionality to
AdminExportControllerConcern

* Add additional fields to instance-blocked domain export

* Address review feedback

* Split instance domain block/allow import/export into separate pages/controllers

* Address code review feedback

* Pacify DeepSource

* Work around Paperclip::HasAttachmentFile for Rails 6

* Fix deprecated API warning in export tests

* Remove after_commit workaround

(cherry picked from commit b8319d0578)

* Add confirmation page when importing blocked domains ()

* Move glitch-soc-specific strings to glitch-soc-specific locale files

* Add confirmation page when importing blocked domains

(cherry picked from commit 73a2e3326f)

* Fix authorization check in domain blocks controller

(cherry picked from commit 655bac2c3a)

* Fix error strings for domain blocks and email-domain blocks

Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"

* Ran i18n-tasks normalize to address test failure

* Removed unused admin.export_domain_blocks.not_permitted string

Removing unused string as indicated by Check i18n

* Fix tests

(cherry picked from commit 1ba41b34c1)

* Fix domain block export not exporting blocks with only media rejection

(cherry picked from commit 1686374b2f)

* Fix various issues with domain block import

- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded

(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)

Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-17 11:05:09 +01:00
Joshua Wood
e0940d04f1 Handle links with no href in VerifyLinkService ()
Before this change, the following error would cause VerifyAccountLinksWorker to fail:

NoMethodError: undefined method `downcase' for nil:NilClass
  [PROJECT_ROOT]/app/services/verify_link_service.rb:31 :in `block in link_back_present?`
2022-11-17 10:59:35 +01:00
Eugen Rochko
e18c8537e6 Fix rate limiting for paths with formats () 2022-11-14 20:26:31 +01:00
trwnh
72d3607229 Move V2 Filter methods under /api/v2 prefix ()
* Move V2 Filter methods under /api/v2 prefix

* move over the tests too
2022-11-14 08:34:07 +01:00
Eugen Rochko
2b3b063852 Fix error when invalid domain name is submitted ()
Fix 
2022-11-14 08:07:14 +01:00
Eugen Rochko
8b98bebc17 Fix error when passing unknown filter param in REST API ()
Fix 
2022-11-14 08:06:06 +01:00
Hampton Lintorn-Catlin
277e2590e2 Support UTF-8 Characters in Domains During CSV Import ()
* Support UTF-8 Characters in Domains During Import

* Update Changelong
2022-11-14 05:52:13 +01:00
Emily Strickland
2095b41aff Test blank account field verifiability ()
* Test blank account field verifiability

This change tests the need for , which ensures that we guard against a situation in which `at_xpath` returns `nil`.

* Test verifiability of blank fields for remote account profiles

This adds a counterpart test for remote account profiles' fields' verifiability when those fields are blank. I previously added the same test for local accounts.
2022-11-13 21:02:09 +01:00
F
1a8e2f5fb2 Test the native_locale_name of a non-standard locale ()
`:en` is English for both `standard_locale_name` and
`native_locale_name`, and so makes for a poor test candidate for
differentiating between them.
2022-11-11 00:06:18 +01:00
Eugen Rochko
ea7cc10811 Change link verification to ignore IDN domains ()
Fix 
2022-11-10 06:27:45 +01:00
Eugen Rochko
3c80a6e445 Fix being able to spoof link verification ()
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
2022-11-09 08:24:21 +01:00
luzpaz
1edd90fe99 Fix typos ()
Found via `codespell -q 3 -S ./yarn.lock,./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,followings,keypair,medias,pattens,pixelx,rememberable,ro,te`
2022-11-08 17:32:03 +01:00
Roni Laukkarinen
01e5aedf4b Fix grammar () 2022-11-08 16:35:42 +01:00
Claire
5778ba1028 Fix validation error in SynchronizeFeaturedTagsCollectionWorker ()
* Fix followers count not being updated when migrating follows

Fixes 

* Fix validation error in SynchronizeFeaturedTagsCollectionWorker

Also saves remote user's chosen case for hashtags

* Limit remote featured tags before validation
2022-11-07 22:35:53 +01:00
Claire
2ed7a4124b Fix filter handling in status cache hydration () 2022-11-07 19:47:48 +01:00
Claire
5437dda76b Fix followers count not being updated when migrating follows ()
Fixes 
2022-11-07 15:38:55 +01:00
Claire
0735081cc2 Fix additional issues with status cache hydration ()
* Spare one SQL query when hydrating polls

* Improve tests

* Fix more discrepancies

* Fix possible crash when the status has no application set
2022-11-04 20:01:33 +01:00
Claire
e97b0e0700 Fix various issues with store hydration ()
- Improve tests
- Fix possible crash when application of a reblogged post isn't set
- Fix discrepancies around favourited and reblogged attributes
- Fix discrepancies around pinned attribute
- Fix polls not being hydrated
2022-11-04 19:33:16 +01:00
Eugen Rochko
5b639f9e15 Add caching for payload serialization during fan-out () 2022-11-04 13:21:06 +01:00
Claire
ae89367588 Change mentions of blocked users to not be processed ()
Fixes 
2022-11-04 13:19:12 +01:00
Claire
a2d48543b8 Change flaky AccountSearchService test () 2022-11-03 23:12:08 +01:00
Claire
05bb841077 Fix admin action logs page ()
* Add tests

* Fix crash when trying to display orphaned action logs

* Add migration for older admin action logs
2022-11-03 16:06:42 +01:00
pea-sys
066fcb0d41 png optimization(loss less) () 2022-11-01 15:06:52 +01:00
Eugen Rochko
0c0daf7142 Change max. thumbnail dimensions to 640x360px (360p) () 2022-11-01 13:01:39 +01:00
Eugen Rochko
eedf46b243 Fix account action type validation ()
* Fix account action type validation

Fix 

* Fix 

* Fix code style issues
2022-10-30 02:44:32 +02:00
Eugen Rochko
3e5588bf70 Add ability to view previous edits of a status in admin UI ()
* Add ability to view previous edits of a status in admin UI

* Change moderator access to posts to be controlled by a separate policy
2022-10-26 13:42:29 +02:00
Eugen Rochko
d53e1fc6d9 Fix vacuum scheduler missing lock, locks never expiring ()
Remove vacuuming of orphaned preview cards
2022-10-26 12:10:48 +02:00
Eugen Rochko
6c1c7d9d3b Change unauthenticated search to not support pagination in REST API ()
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2022-10-26 12:10:02 +02:00
Eugen Rochko
2130895196 Change settings area to be separated into categories in admin UI ()
And update all descriptions
2022-10-22 11:44:41 +02:00
Yamagishi Kazutoshi
65c91f5cb3 Fix FetchFeaturedCollectionService spec ()
Regression from 
2022-10-21 11:48:22 +02:00
Eugen Rochko
0fdfbe555e Change public accounts pages to mount the web UI ()
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Eugen Rochko
e376f33207 Change about page to be mounted in the web UI () 2022-10-13 14:42:37 +02:00
Eugen Rochko
dd1dc1743c Add image processing and generate blurhash for server thumbnail ()
Remove separate server hero setting
2022-10-13 11:29:19 +02:00
Yamagishi Kazutoshi
f84bee7d78 Redirect non-logged-in user to owner statuses on single user mode () 2022-10-12 21:07:30 +02:00
Eugen Rochko
b24b85b63f Add support for language preferences for trending statuses and links () 2022-10-08 16:45:40 +02:00
Eugen Rochko
ce7d058a91 Remove setting that disables account deletes () 2022-10-06 10:16:47 +02:00
Eugen Rochko
8ad51fba6c Change public statuses pages to mount the web UI () 2022-10-06 02:26:34 +02:00
Eugen Rochko
82d3e178ba Remove previous landing page () 2022-10-06 02:19:45 +02:00
Eugen Rochko
85a10f182e Change public timelines to be filtered by current locale by default ()
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2022-10-05 03:48:06 +02:00
Eugen Rochko
c603978cf6 Add server banner to web app, add GET /api/v2/instance to REST API () 2022-10-05 03:47:56 +02:00