Matt Jankowski
f1300ad284
Rename jobs/attachments rspec tag names ( #29762 )
2024-07-08 16:01:08 +00:00
Claire
502cf75b16
Merge pull request from GHSA-58x8-3qxw-6hm7
...
* Fix insufficient permission checking for public timeline endpoints
Note that this changes unauthenticated access failure code from 401 to 422
* Add more tests for public timelines
* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
7a84b76bb1
Drop favicon.ico generation ( #30375 )
2024-06-26 13:44:08 +00:00
Claire
58ace2e45e
Fix SQL error in admin measures API ( #30753 )
2024-06-18 16:04:58 +00:00
Claire
45abddb302
Fix pagination attributes not being returned in ungroupable-only pages ( #30688 )
2024-06-13 14:10:34 +00:00
Matt Jankowski
b2496177e0
Use correct params in `v1/admin/domain_allows` spec ( #30378 )
2024-06-11 07:35:30 +00:00
Daniel M Brasil
77c2216e47
fix: Return HTTP 422 when scheduled status time is less than 5 minutes ( #30584 )
2024-06-10 13:33:48 +00:00
Matt Jankowski
07cc94e05f
Use `sidekiq_inline` in requests/api/v1/admin/account_actions spec ( #30563 )
2024-06-06 14:19:22 +00:00
Matt Jankowski
9b9b0e25b6
Use `sidekiq_inline` in requests/api/v1/reports spec ( #30564 )
2024-06-06 14:14:33 +00:00
Eugen Rochko
a2505e8611
Add timeline of public posts about a trending link to REST API ( #30381 )
2024-06-06 08:43:04 +00:00
Emelia Smith
e02d23b549
Change `read:me` scope to `profile` scope ( #30357 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-06-06 07:30:10 +00:00
Emelia Smith
4655be0da6
Fix add validation to webpush subscription keys ( #30542 )
2024-06-05 19:16:47 +00:00
Emelia Smith
eef2cc054f
Add url validation to Web::PushSubscription endpoints ( #30540 )
2024-06-05 08:06:06 +00:00
Matt Jankowski
249cbc449c
Use existing config access to `local_domain` value ( #30509 )
2024-06-03 09:15:58 +00:00
Claire
974335e414
Add experimental server-side notification grouping ( #29889 )
2024-06-03 08:35:59 +00:00
Claire
36fe8f8566
Change `ids` param to `id` in `/api/v1/statuses` and `/api/v1/accounts` for consistency ( #30465 )
2024-05-29 09:19:17 +00:00
Matt Jankowski
c61e356475
Add `Status::MEDIA_ATTACHMENTS_LIMIT` configuration constant ( #30433 )
2024-05-27 09:49:44 +00:00
Matt Jankowski
3a862439df
Remove unused account record in api/v2/admin/accounts spec ( #30397 )
2024-05-23 08:26:58 +00:00
Claire
de4815afda
Add more tests for self-destruct mode ( #30374 )
2024-05-20 10:06:51 +00:00
Emelia Smith
2da2a1dae9
Support multiple redirect_uris when creating OAuth 2.0 Applications ( #29192 )
2024-05-17 13:46:12 +00:00
Matt Jankowski
0d397db5dd
Consolidate system specs into single directory, use rspec tags for configuration ( #30206 )
2024-05-10 12:36:09 +00:00
Claire
2fe1b8d169
Add API to get multiple accounts and statuses ( #27871 )
...
Co-authored-by: noellabo <noel.yoshiba@gmail.com>
2024-05-06 15:19:15 +00:00
Emelia Smith
116f01ec7d
Implement RFC 8414 for OAuth 2.0 server metadata ( #29191 )
2024-05-06 13:17:56 +00:00
Claire
253ead3aa7
Fix not being able to block a subdomain of an already-blocked domain through the API ( #30119 )
2024-05-02 20:56:21 +00:00
Emelia Smith
049b159beb
Add read:me OAuth 2.0 scope, allowing more limited access to user data ( #29087 )
2024-04-23 11:47:00 +00:00
Matt Jankowski
449f99e168
Fix repeated concat output buffer duplicating layout markup ( #29918 )
2024-04-11 23:37:07 +00:00
Matt Jankowski
191bf5876e
Add coverage for sanitize failure path in api/web/embeds spec ( #29851 )
2024-04-04 16:07:16 +00:00
Matt Jankowski
f87959ab50
Fix `RSpec/LetSetup` cop in api/v1/timelines/public spec ( #28972 )
2024-04-02 14:05:02 +00:00
Matt Jankowski
34489591ec
Add `max_pinned_statuses` to instances serializer and api response ( #29441 )
2024-04-02 13:54:11 +00:00
Renaud Chaput
b4d991adaa
Use integers and not numbers in notification policy API counters ( #29810 )
2024-04-02 10:06:26 +00:00
Claire
81a04ac25c
Improve specs for severed relationships ( #29688 )
2024-03-22 16:25:36 +00:00
Matt Jankowski
34f293475e
Fix results/query in `api/v1/featured_tags/suggestions` ( #29597 )
2024-03-22 15:08:27 +00:00
Claire
814a48517f
Add some more tests for notification policies ( #29698 )
2024-03-21 16:46:38 +00:00
Claire
7434c9c276
Fix the relationships controller spec, since it requires an extra model now ( #29671 )
2024-03-21 08:28:37 +00:00
Claire
44bf7b8128
Add notifications of severed relationships ( #27511 )
2024-03-20 15:37:21 +00:00
Matt Jankowski
2e91a9bd34
Add `include_pagination_headers` matcher to check `Link` header in api specs ( #29596 )
2024-03-15 10:17:45 +00:00
Matt Jankowski
46e902f1f3
Merge `api/v1/accounts/credentials` controller spec into existing request spec ( #29006 )
2024-03-13 09:22:43 +00:00
Matt Jankowski
71eecbfa1f
Move `api/v2/filters/*` to request spec ( #28956 )
2024-03-13 08:47:09 +00:00
Matt Jankowski
3eaac3af73
Use `before_all` block to setup `requests/cache_spec` data ( #29437 )
2024-03-13 08:38:57 +00:00
Matt Jankowski
96013cd576
Reduce `RSpec/ExampleLength` in CSP request spec ( #29104 )
2024-03-13 08:22:32 +00:00
Matt Jankowski
24319836de
Convert request-based setup into factory setup in push/subscriptions request spec ( #29489 )
2024-03-11 15:46:25 +00:00
Eugen Rochko
50b17f7e10
Add notification policies and notification requests ( #29366 )
2024-03-07 14:53:37 +00:00
Matt Jankowski
18945f62e0
Convert more API specs from controller->request style ( #29004 )
2024-03-01 16:24:45 +00:00
Matt Jankowski
8156113d58
Use `response_vary_headers` method in requests/cache_spec ( #29411 )
2024-02-26 16:27:07 +00:00
Matt Jankowski
64f9939e39
Use `capture_emails` helper to improve email assertions in specs ( #29245 )
2024-02-19 15:57:47 +00:00
Wolfgang Fournès
86627ea2e4
Add a missing thread example to the statuses spec ( #29278 )
2024-02-19 13:35:58 +00:00
Claire
d4d0565b0f
Fix user creation failure handling in OAuth paths ( #29207 )
2024-02-14 21:49:45 +00:00
Claire
bbbbf00084
Fix OmniAuth tests ( #29201 )
2024-02-14 14:57:49 +00:00
Claire
b31af34c97
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Emelia Smith
46142cdbdd
Disable administrative doorkeeper routes ( #29187 )
2024-02-13 18:11:47 +00:00