Merge branch 'master' into glitch-soc/merge-upstream
commit
51d326f852
26
CHANGELOG.md
26
CHANGELOG.md
|
@ -3,6 +3,32 @@ Changelog
|
||||||
|
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
## [v3.1.2] - 2020-02-27
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- Add `--reset-password` option to `tootctl accounts modify` ([ThibG](https://github.com/tootsuite/mastodon/pull/13126))
|
||||||
|
- Add source-mapped stacktrace to error message in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13082))
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- Fix dismissing an announcement twice raising an obscure error ([ThibG](https://github.com/tootsuite/mastodon/pull/13124))
|
||||||
|
- Fix misleading error when attempting to re-send a pending follow request ([ThibG](https://github.com/tootsuite/mastodon/pull/13133))
|
||||||
|
- Fix backups failing when files are missing from media attachments ([ThibG](https://github.com/tootsuite/mastodon/pull/13146))
|
||||||
|
- Fix duplicate accounts being created when fetching an account for its key only ([ThibG](https://github.com/tootsuite/mastodon/pull/13147))
|
||||||
|
- Fix `/web` redirecting to `/web/web` in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13128))
|
||||||
|
- Fix previously OStatus-based accounts not being detected as ActivityPub ([ThibG](https://github.com/tootsuite/mastodon/pull/13129))
|
||||||
|
- Fix account JSON/RSS not being cacheable due to wrong mime type comparison ([ThibG](https://github.com/tootsuite/mastodon/pull/13116))
|
||||||
|
- Fix old browsers crashing because of missing `finally` polyfill in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13115))
|
||||||
|
- Fix account's bio not being shown if there are no proofs/fields in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13075))
|
||||||
|
- Fix sign-ups without checked user agreement being accepted through the web form ([ThibG](https://github.com/tootsuite/mastodon/pull/13088))
|
||||||
|
- Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture ([SaraSmiseth](https://github.com/tootsuite/mastodon/pull/13081))
|
||||||
|
- Fix invite request input not being shown on sign-up error if left empty ([ThibG](https://github.com/tootsuite/mastodon/pull/13089))
|
||||||
|
- Fix some migration hints mentioning GitLab instead of Mastodon ([saper](https://github.com/tootsuite/mastodon/pull/13084))
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
- Fix leak of arbitrary statuses through unfavourite action in REST API ([Gargron](https://github.com/tootsuite/mastodon/pull/13161))
|
||||||
|
|
||||||
## [3.1.1] - 2020-02-10
|
## [3.1.1] - 2020-02-10
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
|
@ -5,35 +5,28 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
|
||||||
|
|
||||||
before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
|
before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
before_action :set_status
|
||||||
|
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@status = bookmarked_status
|
current_account.bookmarks.find_or_create_by!(account: current_account, status: @status)
|
||||||
render json: @status, serializer: REST::StatusSerializer
|
render json: @status, serializer: REST::StatusSerializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
@status = requested_status
|
bookmark = current_account.bookmarks.find_by(status: @status)
|
||||||
@bookmarks_map = { @status.id => false }
|
bookmark&.destroy!
|
||||||
|
|
||||||
bookmark = Bookmark.find_by!(account: current_user.account, status: @status)
|
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, bookmarks_map: { @status.id => false })
|
||||||
bookmark.destroy!
|
|
||||||
|
|
||||||
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, bookmarks_map: @bookmarks_map)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def bookmarked_status
|
def set_status
|
||||||
authorize_with current_user.account, requested_status, :show?
|
@status = Status.find(params[:status_id])
|
||||||
|
authorize @status, :show?
|
||||||
bookmark = Bookmark.find_or_create_by!(account: current_user.account, status: requested_status)
|
rescue Mastodon::NotPermittedError
|
||||||
|
not_found
|
||||||
bookmark.status.reload
|
|
||||||
end
|
|
||||||
|
|
||||||
def requested_status
|
|
||||||
Status.find(params[:status_id])
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -69,8 +69,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
|
||||||
@status = Status.find(params[:status_id])
|
@status = Status.find(params[:status_id])
|
||||||
authorize @status, :show?
|
authorize @status, :show?
|
||||||
rescue Mastodon::NotPermittedError
|
rescue Mastodon::NotPermittedError
|
||||||
# Reraise in order to get a 404 instead of a 403 error code
|
not_found
|
||||||
raise ActiveRecord::RecordNotFound
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def pagination_params(core_params)
|
def pagination_params(core_params)
|
||||||
|
|
|
@ -5,34 +5,26 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
|
||||||
|
|
||||||
before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
|
before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
before_action :set_status
|
||||||
|
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@status = favourited_status
|
FavouriteService.new.call(current_account, @status)
|
||||||
render json: @status, serializer: REST::StatusSerializer
|
render json: @status, serializer: REST::StatusSerializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
@status = requested_status
|
UnfavouriteWorker.perform_async(current_account.id, @status.id)
|
||||||
@favourites_map = { @status.id => false }
|
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false })
|
||||||
|
|
||||||
UnfavouriteWorker.perform_async(current_user.account_id, @status.id)
|
|
||||||
|
|
||||||
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, favourites_map: @favourites_map)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def favourited_status
|
def set_status
|
||||||
service_result.status.reload
|
@status = Status.find(params[:status_id])
|
||||||
end
|
authorize @status, :show?
|
||||||
|
rescue Mastodon::NotPermittedError
|
||||||
def service_result
|
not_found
|
||||||
FavouriteService.new.call(current_user.account, requested_status)
|
|
||||||
end
|
|
||||||
|
|
||||||
def requested_status
|
|
||||||
Status.find(params[:status_id])
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -66,8 +66,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
|
||||||
@status = Status.find(params[:status_id])
|
@status = Status.find(params[:status_id])
|
||||||
authorize @status, :show?
|
authorize @status, :show?
|
||||||
rescue Mastodon::NotPermittedError
|
rescue Mastodon::NotPermittedError
|
||||||
# Reraise in order to get a 404 instead of a 403 error code
|
not_found
|
||||||
raise ActiveRecord::RecordNotFound
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def pagination_params(core_params)
|
def pagination_params(core_params)
|
||||||
|
|
|
@ -5,33 +5,34 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
|
||||||
|
|
||||||
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
|
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
before_action :set_reblog
|
||||||
|
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@status = ReblogService.new.call(current_user.account, status_for_reblog, reblog_params)
|
@status = ReblogService.new.call(current_account, @reblog, reblog_params)
|
||||||
render json: @status, serializer: REST::StatusSerializer
|
render json: @status, serializer: REST::StatusSerializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
@status = status_for_destroy.reblog
|
@status = current_account.statuses.find_by(reblog_of_id: @reblog.id)
|
||||||
@reblogs_map = { @status.id => false }
|
|
||||||
|
|
||||||
authorize status_for_destroy, :unreblog?
|
if @status
|
||||||
status_for_destroy.discard
|
authorize @status, :unreblog?
|
||||||
RemovalWorker.perform_async(status_for_destroy.id)
|
@status.discard
|
||||||
|
RemovalWorker.perform_async(@status.id)
|
||||||
|
end
|
||||||
|
|
||||||
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, reblogs_map: @reblogs_map)
|
render json: @reblog, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false })
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def status_for_reblog
|
def set_reblog
|
||||||
Status.find params[:status_id]
|
@reblog = Status.find(params[:status_id])
|
||||||
end
|
authorize @reblog, :show?
|
||||||
|
rescue Mastodon::NotPermittedError
|
||||||
def status_for_destroy
|
not_found
|
||||||
@status_for_destroy ||= current_user.account.statuses.where(reblog_of_id: params[:status_id]).first!
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def reblog_params
|
def reblog_params
|
||||||
|
|
|
@ -13,7 +13,7 @@ module Mastodon
|
||||||
end
|
end
|
||||||
|
|
||||||
def patch
|
def patch
|
||||||
1
|
2
|
||||||
end
|
end
|
||||||
|
|
||||||
def flags
|
def flags
|
||||||
|
|
|
@ -21,36 +21,67 @@ describe Api::V1::Statuses::BookmarksController do
|
||||||
post :create, params: { status_id: status.id }
|
post :create, params: { status_id: status.id }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
context 'with public status' do
|
||||||
expect(response).to have_http_status(:success)
|
it 'returns http success' do
|
||||||
|
expect(response).to have_http_status(:success)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the bookmarked attribute' do
|
||||||
|
expect(user.account.bookmarked?(status)).to be true
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns json with updated attributes' do
|
||||||
|
hash_body = body_as_json
|
||||||
|
|
||||||
|
expect(hash_body[:id]).to eq status.id.to_s
|
||||||
|
expect(hash_body[:bookmarked]).to be true
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'updates the bookmarked attribute' do
|
context 'with private status of not-followed account' do
|
||||||
expect(user.account.bookmarked?(status)).to be true
|
let(:status) { Fabricate(:status, visibility: :private) }
|
||||||
end
|
|
||||||
|
|
||||||
it 'return json with updated attributes' do
|
it 'returns http not found' do
|
||||||
hash_body = body_as_json
|
expect(response).to have_http_status(404)
|
||||||
|
end
|
||||||
expect(hash_body[:id]).to eq status.id.to_s
|
|
||||||
expect(hash_body[:bookmarked]).to be true
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'POST #destroy' do
|
describe 'POST #destroy' do
|
||||||
let(:status) { Fabricate(:status, account: user.account) }
|
context 'with public status' do
|
||||||
|
let(:status) { Fabricate(:status, account: user.account) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
Bookmark.find_or_create_by!(account: user.account, status: status)
|
Bookmark.find_or_create_by!(account: user.account, status: status)
|
||||||
post :destroy, params: { status_id: status.id }
|
post :destroy, params: { status_id: status.id }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http success' do
|
||||||
|
expect(response).to have_http_status(:success)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the bookmarked attribute' do
|
||||||
|
expect(user.account.bookmarked?(status)).to be false
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns json with updated attributes' do
|
||||||
|
hash_body = body_as_json
|
||||||
|
|
||||||
|
expect(hash_body[:id]).to eq status.id.to_s
|
||||||
|
expect(hash_body[:bookmarked]).to be false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
context 'with private status that was not bookmarked' do
|
||||||
expect(response).to have_http_status(:success)
|
let(:status) { Fabricate(:status, visibility: :private) }
|
||||||
end
|
|
||||||
|
|
||||||
it 'updates the bookmarked attribute' do
|
before do
|
||||||
expect(user.account.bookmarked?(status)).to be false
|
post :destroy, params: { status_id: status.id }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http not found' do
|
||||||
|
expect(response).to have_http_status(404)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -21,45 +21,77 @@ describe Api::V1::Statuses::FavouritesController do
|
||||||
post :create, params: { status_id: status.id }
|
post :create, params: { status_id: status.id }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
context 'with public status' do
|
||||||
expect(response).to have_http_status(200)
|
it 'returns http success' do
|
||||||
|
expect(response).to have_http_status(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the favourites count' do
|
||||||
|
expect(status.favourites.count).to eq 1
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the favourited attribute' do
|
||||||
|
expect(user.account.favourited?(status)).to be true
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns json with updated attributes' do
|
||||||
|
hash_body = body_as_json
|
||||||
|
|
||||||
|
expect(hash_body[:id]).to eq status.id.to_s
|
||||||
|
expect(hash_body[:favourites_count]).to eq 1
|
||||||
|
expect(hash_body[:favourited]).to be true
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'updates the favourites count' do
|
context 'with private status of not-followed account' do
|
||||||
expect(status.favourites.count).to eq 1
|
let(:status) { Fabricate(:status, visibility: :private) }
|
||||||
end
|
|
||||||
|
|
||||||
it 'updates the favourited attribute' do
|
it 'returns http not found' do
|
||||||
expect(user.account.favourited?(status)).to be true
|
expect(response).to have_http_status(404)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'return json with updated attributes' do
|
|
||||||
hash_body = body_as_json
|
|
||||||
|
|
||||||
expect(hash_body[:id]).to eq status.id.to_s
|
|
||||||
expect(hash_body[:favourites_count]).to eq 1
|
|
||||||
expect(hash_body[:favourited]).to be true
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'POST #destroy' do
|
describe 'POST #destroy' do
|
||||||
let(:status) { Fabricate(:status, account: user.account) }
|
context 'with public status' do
|
||||||
|
let(:status) { Fabricate(:status, account: user.account) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
FavouriteService.new.call(user.account, status)
|
FavouriteService.new.call(user.account, status)
|
||||||
post :destroy, params: { status_id: status.id }
|
post :destroy, params: { status_id: status.id }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http success' do
|
||||||
|
expect(response).to have_http_status(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the favourites count' do
|
||||||
|
expect(status.favourites.count).to eq 0
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the favourited attribute' do
|
||||||
|
expect(user.account.favourited?(status)).to be false
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns json with updated attributes' do
|
||||||
|
hash_body = body_as_json
|
||||||
|
|
||||||
|
expect(hash_body[:id]).to eq status.id.to_s
|
||||||
|
expect(hash_body[:favourites_count]).to eq 0
|
||||||
|
expect(hash_body[:favourited]).to be false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
context 'with private status that was not favourited' do
|
||||||
expect(response).to have_http_status(200)
|
let(:status) { Fabricate(:status, visibility: :private) }
|
||||||
end
|
|
||||||
|
|
||||||
it 'updates the favourites count' do
|
before do
|
||||||
expect(status.favourites.count).to eq 0
|
post :destroy, params: { status_id: status.id }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'updates the favourited attribute' do
|
it 'returns http not found' do
|
||||||
expect(user.account.favourited?(status)).to be false
|
expect(response).to have_http_status(404)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -21,45 +21,77 @@ describe Api::V1::Statuses::ReblogsController do
|
||||||
post :create, params: { status_id: status.id }
|
post :create, params: { status_id: status.id }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
context 'with public status' do
|
||||||
expect(response).to have_http_status(200)
|
it 'returns http success' do
|
||||||
|
expect(response).to have_http_status(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the reblogs count' do
|
||||||
|
expect(status.reblogs.count).to eq 1
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the reblogged attribute' do
|
||||||
|
expect(user.account.reblogged?(status)).to be true
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns json with updated attributes' do
|
||||||
|
hash_body = body_as_json
|
||||||
|
|
||||||
|
expect(hash_body[:reblog][:id]).to eq status.id.to_s
|
||||||
|
expect(hash_body[:reblog][:reblogs_count]).to eq 1
|
||||||
|
expect(hash_body[:reblog][:reblogged]).to be true
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'updates the reblogs count' do
|
context 'with private status of not-followed account' do
|
||||||
expect(status.reblogs.count).to eq 1
|
let(:status) { Fabricate(:status, visibility: :private) }
|
||||||
end
|
|
||||||
|
|
||||||
it 'updates the reblogged attribute' do
|
it 'returns http not found' do
|
||||||
expect(user.account.reblogged?(status)).to be true
|
expect(response).to have_http_status(404)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'return json with updated attributes' do
|
|
||||||
hash_body = body_as_json
|
|
||||||
|
|
||||||
expect(hash_body[:reblog][:id]).to eq status.id.to_s
|
|
||||||
expect(hash_body[:reblog][:reblogs_count]).to eq 1
|
|
||||||
expect(hash_body[:reblog][:reblogged]).to be true
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'POST #destroy' do
|
describe 'POST #destroy' do
|
||||||
let(:status) { Fabricate(:status, account: user.account) }
|
context 'with public status' do
|
||||||
|
let(:status) { Fabricate(:status, account: user.account) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
ReblogService.new.call(user.account, status)
|
ReblogService.new.call(user.account, status)
|
||||||
post :destroy, params: { status_id: status.id }
|
post :destroy, params: { status_id: status.id }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http success' do
|
||||||
|
expect(response).to have_http_status(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the reblogs count' do
|
||||||
|
expect(status.reblogs.count).to eq 0
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the reblogged attribute' do
|
||||||
|
expect(user.account.reblogged?(status)).to be false
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns json with updated attributes' do
|
||||||
|
hash_body = body_as_json
|
||||||
|
|
||||||
|
expect(hash_body[:id]).to eq status.id.to_s
|
||||||
|
expect(hash_body[:reblogs_count]).to eq 0
|
||||||
|
expect(hash_body[:reblogged]).to be false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
context 'with private status that was not reblogged' do
|
||||||
expect(response).to have_http_status(200)
|
let(:status) { Fabricate(:status, visibility: :private) }
|
||||||
end
|
|
||||||
|
|
||||||
it 'updates the reblogs count' do
|
before do
|
||||||
expect(status.reblogs.count).to eq 0
|
post :destroy, params: { status_id: status.id }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'updates the reblogged attribute' do
|
it 'returns http not found' do
|
||||||
expect(user.account.reblogged?(status)).to be false
|
expect(response).to have_http_status(404)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue