d4d0565b0f
Fix user creation failure handling in OAuth paths ( #29207 )
2024-02-14 21:49:45 +00:00
53b73ed6a2
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:25:15 +01:00
b31af34c97
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
7efc33b909
Move HTTP Signature parsing code to its own class ( #28932 )
2024-02-07 13:35:37 +00:00
eeabf9af72
Fix compatibility with Redis <6.2 ( #29123 )
2024-02-07 11:52:38 +00:00
2f19ddd1fa
Move status serializer error handling to private method ( #29031 )
2024-02-06 14:54:26 +00:00
93a5b3f9df
Move status serializer chooser to private method ( #29030 )
2024-02-06 13:33:42 +00:00
0877f6fda4
Remove redundant `return` in `IntentsController` ( #29099 )
2024-02-06 12:56:22 +00:00
4cf07ed78c
Add missing action logging to `api/v1/admin/reports#update` ( #29044 )
2024-02-06 11:34:11 +00:00
ff58ec0103
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to 4.3.0-alpha.1
2024-02-01 15:57:08 +01:00
1726085db5
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to 4.3.0-alpha.1
2024-02-01 15:56:46 +01:00
bf153b384b
Merge commit '42ab855b2339c5cea3229c856ab539f883736b12' into glitch-soc/merge-upstream
...
Conflicts:
- `app/controllers/auth/confirmations_controller.rb`:
Upstream refactored, changing lines textually close of glitch-soc-only lines
pertaining to the theming system.
Resolved the conflict.
- `app/controllers/auth/passwords_controller.rb`:
Upstream refactored, changing lines textually close of glitch-soc-only lines
pertaining to the theming system.
Resolved the conflict.
- `app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb`:
Upstream refactored, changing lines textually close of glitch-soc-only lines
pertaining to the theming system.
Resolved the conflict.
2024-01-27 19:06:41 +01:00
dd7a66949a
Fix CSS loading in redirect controller
2024-01-26 21:04:02 +01:00
5fa2821853
Merge commit '3205a654caf903002c2db872f802a3332201678b' into glitch-soc/merge-upstream
2024-01-26 20:47:20 +01:00
70de52c297
Merge commit '7a1f087659204e9d0cbba2de37e45b1921cefe20' into glitch-soc/merge-upstream
2024-01-25 19:51:19 +01:00
42ab855b23
Add specs for `Instance` model scopes and add `with_domain_follows` scope ( #28767 )
2024-01-25 15:28:27 +00:00
17ea22671d
Fix `Style/GuardClause` cop in app/controllers ( #28420 )
2024-01-25 15:13:41 +00:00
7c9c6c7f80
Fix remaining `Rails/WhereExists` cop violations, regenerate todo ( #28892 )
2024-01-25 12:37:07 +00:00
c50274a0ac
Fix redirect confirmation for accounts ( #28902 )
2024-01-25 10:44:25 +00:00
22cfab0ebf
Merge commit '01ce9df88008cee705b7e02a4581802afa07c3df' into glitch-soc/merge-upstream
...
Conflicts:
- `tsconfig.json`:
Upstream made style fixes, while glitch-soc had extra options.
Ported upstream's style fixes.
2024-01-24 20:42:53 +01:00
b19ae521b7
Add confirmation when redirecting logged-out requests to permalink ( #27792 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-24 10:49:19 +00:00
5b1eb09d54
Add annual reports for accounts ( #28693 )
2024-01-24 09:38:10 +00:00
c0e8e457ab
Eager loading fixes for `api/` controllers ( #28848 )
2024-01-23 11:41:54 +00:00
102eff7c05
Merge commit 'e2d9635074ad33cc8144adc434bcd90faae9c424' into glitch-soc/merge-upstream
2024-01-22 19:19:40 +01:00
0700eb58bc
Merge commit '163db814c2b3cf544b78e427e7f7bbd99b94a025' into glitch-soc/merge-upstream
2024-01-22 19:12:05 +01:00
e2d9635074
Add notification email on invalid second authenticator ( #28822 )
2024-01-22 13:55:43 +00:00
18004bf227
Add `Account.matches_uri_prefix` scope and use in activitypub/followers_synchronizations controller ( #28820 )
2024-01-22 13:55:37 +00:00
7ecf7f5403
Move controller->request specs for api/v1/statuses/* ( #28818 )
2024-01-22 11:58:54 +00:00
3593ee2e36
Add rate-limit of TOTP authentication attempts at controller level ( #28801 )
2024-01-19 12:19:49 +00:00
329911b0a3
Migrate controller->request spec for api/v1/follow* ( #28811 )
2024-01-19 09:32:41 +00:00
1480573c83
Add `Account.auditable` scope, fix N+1 in admin/action_logs#index ( #28812 )
2024-01-19 01:39:30 +00:00
528a8fa495
Merge commit 'f866413e724c2e7f8329fbc6e96f56f0b186c62a' into glitch-soc/merge-upstream
2024-01-18 22:16:16 +01:00
0b853678a4
Add coverage for `api/v1/peers/search` endpoint and extract controller query to Instance scope ( #28796 )
2024-01-18 15:57:10 +00:00
278597c161
Merge commit '98b5f85f10a3af50a54fcd79e09fc9fd88f774fa' into glitch-soc/merge-upstream
2024-01-15 20:53:16 +01:00
2f521bc84a
Merge commit 'a2f02a07758c32f0dcc6388b4f30ca5a84e762f3' into glitch-soc/merge-upstream
2024-01-15 20:27:41 +01:00
1323dfac80
Merge commit 'a90696011e563e62100cba56e2d52f6babbaff00' into glitch-soc/merge-upstream
2024-01-15 19:19:04 +01:00
98b5f85f10
Rename and refactor `User#confirm!` to `User#mark_email_as_confirmed!` ( #28735 )
2024-01-15 18:04:58 +00:00
e72676e83a
Improve `api/v1/markers#create` performance against simultaneous requests ( #28718 )
2024-01-15 09:47:25 +00:00
a3b6a85521
Merge commit 'cd37048439f9b324f48e6af1f426a7894c54b4da' into glitch-soc/merge-upstream
...
Conflicts:
- `.prettierignore`:
Conflict due to glitch-soc-only files.
Kept those at the end of the file.
2024-01-13 12:11:29 +01:00
7801db7ba4
Spec coverage for custom css endpoint ( #28706 )
2024-01-12 09:19:25 +00:00
575ab085be
Disable `Rails/ApplicationController` for `HealthController` ( #28705 )
2024-01-12 09:08:17 +00:00
23d8bd8ce1
Merge commit '0a7cff53c2577b3e79599e069eeb344f2613ad8d' into glitch-soc/merge-upstream
2024-01-11 13:24:20 +01:00
0b2c7cdb02
Merge commit 'fe2667bb0d3487a32b9da5250402a90482a85fe2' into glitch-soc/merge-upstream
...
Conflicts:
- `app/lib/content_security_policy.rb`:
Conflict caused by glitch-soc's support for the extra `EXTRA_DATA_HOSTS`
environment variable.
Ported upstream's changes while keeping support for `EXTRA_DATA_HOSTS`.
2024-01-10 17:51:12 +01:00
d7e13e2483
Fix potential redirection loop of streaming endpoint ( #28665 )
2024-01-10 15:05:46 +00:00
5a6d533c53
Enable Rails 7.1 Marshalling format ( #28609 )
2024-01-05 21:57:47 +00:00
419c659bc4
Add fallback redirection when getting a webfinger query `WEB_DOMAIN@WEB_DOMAIN` ( #28592 )
2024-01-04 14:14:46 +00:00
dfdadb92e8
Add ability to require approval when users sign up using specific email domains ( #28468 )
2024-01-04 09:07:05 +00:00
0b5783f3f1
Merge commit 'f92d8c654df654538096efff05e9b1a989d01490' into glitch-soc/merge-upstream
2024-01-03 20:52:19 +01:00
e12d8893f4
Fix intermittent failure from unspecified order in `export_domain_blocks` controller spec ( #28562 )
2024-01-03 13:06:15 +00:00
9d9008666b
Merge commit '092bb8a27af9ee87ff9ebabaf354477470ea3a94' into glitch-soc/merge-upstream
2024-01-03 12:38:49 +01:00
092bb8a27a
Fix Mastodon not correctly processing HTTP Signatures with query strings ( #28476 )
2024-01-03 11:29:26 +00:00
b3542ac57b
Merge commit '1184887b012e863fbf44f65ef5c65e0049123c27' into glitch-soc/merge-upstream
...
Conflicts:
- `README.md`:
Upstream updated its README, we have a completely different one.
Kept our README.
2024-01-02 13:35:11 +01:00
1184887b01
Fix streaming API redirection ignoring the port of `streaming_api_base_url` ( #28558 )
2024-01-02 12:27:51 +00:00
c5b0e6d5a0
Merge branch 'main' into glitch-soc/merge-upstream
2023-12-28 16:57:10 +01:00
92aa6e2ec9
Merge commit 'b7bdcd4f395aaa1e85930940975439d10b570f40' into glitch-soc/merge-upstream
2023-12-21 19:42:13 +01:00
30ee7339d3
Merge commit '7d9b209fe84b00eff348ea9d54905cbfffa79788' into glitch-soc/merge-upstream
...
Conflicts:
- `app/models/form/admin_settings.rb`:
Upstream changed code style change, including on a line modified by glitch-soc.
Kept glitch-soc's line but with the code style change applied.
2023-12-21 19:31:12 +01:00
077e0c6812
Merge commit '0b4a3a04378ce43f2f314b9446b5053f6b374c6d' into glitch-soc/merge-upstream
...
Conflicts:
- `Gemfile.lock`:
Conflict caused by the `json` gem thing once again.
Updated as upstream did, but keeping the most recent `json` version.
- `spec/helpers/application_helper_spec.rb`:
Upstream refactored a bunch of specs, including one place that differs
because of glitch-soc's theming system.
Refactored as upstream did, adapting it for glitch-soc's theming system.
2023-12-20 22:16:50 +01:00
75580360cd
Merge commit '272592d16d40e804ec325ef3b5e6de9bbad5f2dd' into glitch-soc/merge-upstream
...
Conflicts:
- `.rubocop_todo.yml`:
Upstream fixed a bunch lint issues, and changed the `Max` parameter of the
`Metrics/AbcSize` cop.
Glitch-soc has different code and slightly higher `AbcSize` complexity,
modified the `.rubocop_todo.yml` file accordingly.
- `app/policies/status_policy.rb`:
Upstream changed `account.suspended?` to `account.unavailable?` to prepare
for delete flags. Glitch-soc has additional local-only conditions.
Ported upstream's refactor while keeping glitch-soc's additional condition.
- `app/serializers/initial_state_serializer.rb`:
Upstream refactored a bunch of stuff while glitch-soc has more settings.
Refactored as upstream did while keeping glitch-soc's settings.
2023-12-20 22:05:31 +01:00
8a5f2442cc
Merge commit '0530ce5e9575c09464847412f43852f438b0494e' into glitch-soc/merge-upstream
2023-12-20 21:58:18 +01:00
b8209c3b96
Merge commit '85662a5a57531af5402a6777d0b1089e78c56815' into glitch-soc/merge-upstream
...
Conflicts:
- `config/initializers/content_security_policy.rb`:
Upstream reworked the CSP, we kept our version for now.
- `spec/requests/content_security_policy_spec.rb`:
Upstream reworked the CSP, we kept our version for now.
2023-12-20 20:10:45 +01:00
b135b6ba8f
Merge commit '8ebc94dd22a18c28c4c9763b909e92e6ba64e242' into glitch-soc/merge-upstream
...
Conflicts:
- `app/views/admin/custom_emojis/new.html.haml`:
Conflict caused by glitch-soc having a different file size limit constant
name.
Updated like upstream did while keeping glitch-soc's constant name.
2023-12-19 21:24:01 +01:00
2e786e13cb
Merge commit '973597c6f1e25b16c592e5573304319aeaa375e1' into glitch-soc/merge-upstream
...
Conflicts:
- `app/validators/status_pin_validator.rb`:
Upstream refactored that file, while glitch-soc had configurable limits for
pinned statuses.
Updated the code with upstream's refactor, while keeping glitch-soc's
configurability.
2023-12-19 20:51:37 +01:00
3ad92e8d0d
Merge commit 'bd575a1dd69d87ca0f69873f7badf28d38e8b9ed' into glitch-soc/merge-upstream
2023-12-19 20:17:23 +01:00
cd1e3ac2c7
Merge commit '7e1a77ea51e6dc4aecbf678f8928aa96698fa072' into glitch-soc/merge-upstream
...
Conflicts:
- `app/controllers/api/v1/timelines/public_controller.rb`:
Upstream refactored this code, the conflict was because of an extra supported
parameter, `allow_local_only`.
Updated the controller to follow upstream's refactor, and moved the extra
parameter definition accordingly.
2023-12-19 19:51:40 +01:00
b5ac61b2c5
Change algorithm of follow recommendations ( #28314 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-12-19 10:59:43 +00:00
c28976d89e
Handle negative offset param in `api/v2/search` ( #28282 )
2023-12-19 10:55:39 +00:00
a111fd7a0b
Merge commit 'b2c5b20ef27edd948eca8d6bd2014b7a5efaec11' into glitch-soc/merge-upstream
2023-12-18 20:47:27 +01:00
d6ad9d351e
Merge commit 'a36b59be8ad7656b7ceab9751c9ec5b3563e3a30' into glitch-soc/merge-upstream
2023-12-18 19:10:43 +01:00
b474cbbd28
Merge commit '7840c6b75b61e64d89d7fd9f291277fb177e513f' into glitch-soc/merge-upstream
...
Conflicts:
- `app/controllers/api/v1/accounts/relationships_controller.rb`:
We differed by listing suspended users when requesting relationships.
Updated to upstream's code.
2023-12-18 18:40:58 +01:00
46ddaffd40
Merge commit 'b87bfb8c96c8491f1228e0258d05119f3420db05' into glitch-soc/merge-upstream
2023-12-18 18:34:25 +01:00
7d9b209fe8
Fix call to inefficient `delete_matched` cache method in domain blocks ( #28374 )
2023-12-18 16:14:43 +00:00
0e5b8fc46b
Fix `Style/RedundantReturn` cop ( #28391 )
2023-12-18 09:50:51 +00:00
4113fbf6e8
Merge commit 'f476d9dab2f5cca6ae44b95961df6b6557d66dab' into glitch-soc/merge-upstream
...
Conflicts:
- `lib/sanitize_ext/sanitize_config.rb`:
Upstream enforced new code style rules, where we had different code.
Applied the new code style rules.
2023-12-17 23:04:16 +01:00
1474318691
Merge commit 'a916251d8a8fffcaeb6be80eacf50138a53650dc' into glitch-soc/main
...
Conflicts:
- `app/models/trends/statuses.rb`:
Upstream fixed a bug in the trending post condition.
Glitch-soc's condition is different because we potentially allow CWed content
to trend.
Ported upstream's fix while keeping glitch-soc's change.
- `config/initializers/content_security_policy.rb`:
Kept our version for now, we will switch to upstream later down the road.
2023-12-17 15:32:29 +01:00
9f92b05bd2
Merge commit '2e6bf60f1549e5c1f1cfea2d614f978bea17b8a2' into glitch-soc/merge-upstream
...
Conflicts:
- `README.md`:
Upstream has updated their README but we have a completely different one.
Kept our version of `README.md`
2023-12-10 18:05:02 +01:00
73a94c3b3f
Fix self-destruct page not using theme styles ( #2490 )
2023-12-02 14:54:35 +01:00
3bc437b99a
Fix `Style/RedundantParentheses` cop ( #28176 )
2023-12-01 16:00:44 +00:00
d83d01eb1e
Fix `Lint/RedundantSafeNavigation` cop ( #28172 )
2023-12-01 15:52:56 +00:00
963354978a
Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases ( #28053 )
2023-11-30 15:43:26 +00:00
1f1c75bba5
File cleanup/organization in `controllers/concerns` ( #27846 )
2023-11-30 14:39:41 +00:00
e7c340a634
Spec coverage for missing `q` param and error conditions in `api/v2/search` controller ( #27842 )
2023-11-30 13:59:46 +00:00
bb0efe16e6
Remove `default_scope` from `MediaAttachment` class ( #28043 )
2023-11-30 13:30:35 +00:00
e48ecd2929
Remove `default_scope` from `Admin::ActionLog` ( #28026 )
2023-11-29 10:39:59 +00:00
291dc04e67
Remove un-needed `action` and `template` options to `render` in controllers ( #28022 )
2023-11-29 10:38:05 +00:00
baf3b71e3b
Extract `path_without_format` private methd in accounts controller ( #28091 )
2023-11-28 09:17:26 +00:00
9072896ae5
Avoid unnecessary i-var for account rss page url generation ( #28092 )
2023-11-28 08:19:08 +00:00
dfc7154767
Remove unused `cached_filtered_status_page` method from accounts controller ( #28090 )
2023-11-28 07:43:16 +00:00
7877fcd83c
Deduplicate IDs in relationships and familiar_followers APIs ( #27982 )
2023-11-23 10:00:09 +00:00
4be12791e6
Remove `default_scope` from `StatusEdit` class ( #28042 )
2023-11-23 09:26:11 +00:00
9742bccbe7
Add coverage for `api/v2/media` endpoint ( #28027 )
2023-11-22 15:39:34 +00:00
876f5b1d12
Convert `/instances/*` controller specs to request specs ( #27988 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-20 11:05:28 +00:00
fe58ac8d9f
Improve spec coverage for `api/web/push_subscriptions` controller ( #27858 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-15 13:14:51 +00:00
d67bd44ca1
Add profile setup to onboarding in web UI ( #27829 )
2023-11-15 11:13:53 +00:00
7e1a77ea51
Add base class for `api/v1/timelines/*` controllers ( #27840 )
2023-11-14 14:53:31 +00:00
d562fb8459
Specs for minimal CSP policy in `Api::` controllers ( #27845 )
2023-11-14 14:34:30 +00:00
1f8173ac5a
Extract private methods in api/v1/instances/domain_blocks ( #27844 )
2023-11-14 10:31:59 +00:00
0945e25b8f
Add `Api::V1::Statuses::BaseController` base controller class ( #27794 )
2023-11-13 14:53:22 +00:00
07a4059901
Add support for invite codes in the registration API ( #27805 )
2023-11-13 13:27:00 +00:00
0d14fcebae
Change link previews to keep original URL from the status ( #27312 )
2023-11-13 09:58:28 +00:00
ac69f90098
Add `Api::V1::Instances::BaseController` base controller class ( #27797 )
2023-11-10 12:46:00 +00:00
Claire