Commit graph

705 commits

Author SHA1 Message Date
Claire 4fb4721072
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire df974a912b
Merge pull request from GHSA-vp5r-5pgw-jwqx
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
2024-07-04 16:11:28 +02:00
Claire 6cd9bd6ae1 fix: Return HTTP 422 when scheduled status time is less than 5 minutes (#30584) 2024-07-03 10:57:46 +02:00
Claire fcae9435ec Fix /admin/accounts/:account_id/statuses/:id for edited posts with media attachments (#30819) 2024-07-02 15:08:24 +02:00
Claire c3be5a3d2e Remove caching in cache_collection (#29862) 2024-05-17 12:30:00 +02:00
Matt Jankowski 0143c9d3e1 Fix results/query in api/v1/featured_tags/suggestions (#29597) 2024-05-17 12:30:00 +02:00
Claire 6fe2a47357 Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:13 +01:00
Claire 1998c561b2 Convert signature verification specs to request specs (#28443) 2024-01-24 15:31:13 +01:00
Claire c0a9db3611 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:13 +01:00
Eugen Rochko 4d96d716c4 Fix unsupported time zone or locale preventing sign-up (#28035)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-24 15:31:13 +01:00
Claire bece853e3c Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-12-04 15:28:15 +01:00
Claire 94893cf24f
Merge pull request from GHSA-hcqf-fw2r-52g4
* Revert "Fix request URL normalisation for bare domain and 8-bit characters (#26285)"

This reverts commit 8891d8945d.

* Revert "Do not normalize URL before fetching it (#26219)"

This reverts commit fd284311e7.
2023-09-19 16:52:52 +02:00
Claire 81caafbe84
Fix performances of profile directory (#26842) 2023-09-07 18:55:25 +02:00
Claire 355e3fb529
Simplify Account.by_recent_status and Account.by_recent_sign_in scopes (#26840) 2023-09-07 15:38:11 +02:00
Claire b83e487502
Fix moderator rights inconsistencies (#26729) 2023-09-06 16:40:19 +02:00
Daniel M Brasil ccca542db1
Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-08-31 13:53:24 +02:00
Tyler Deitz 336ec503c2
Add avatar image to webfinger responses (#26558) 2023-08-31 13:46:27 +02:00
Nick Schonning b970ed6098
Update rubocop and rubocop-rspec (#26329) 2023-08-22 09:31:40 +02:00
Claire 60b9fa641d
Fix cached posts including stale stats (#26409) 2023-08-17 16:11:48 +02:00
Christian Schmidt fd284311e7
Do not normalize URL before fetching it (#26219) 2023-07-31 23:17:37 +02:00
Claire b4e739ff0f
Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-27 16:11:17 +02:00
Daniel M Brasil 812a84ff5f
Migrate to request specs in /api/v2/filters (#25721) 2023-07-27 14:58:20 +02:00
Matt Jankowski f48d345de1
Use correct naming on controller concern specs (#26197) 2023-07-27 14:27:21 +02:00
Christian Schmidt 4c18928a93
Wrong count in response when removing favourite/reblog (#24365)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-19 09:02:30 +02:00
Daniel M Brasil 59b38f9ee4
Migrate to request specs in /api/v1/mutes (#25622) 2023-07-18 13:05:19 +02:00
Daniel M Brasil 58bfe8c43a
Migrate to request specs in /api/v1/bookmarks (#25520) 2023-07-18 09:15:50 +02:00
Daniel M Brasil 5a7c6c6597
Migrate to request specs in /api/v1/timelines/public (#25746)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-18 09:15:18 +02:00
Daniel M Brasil 19208aa422
Migrate to request specs in /api/v1/statuses/:status_id/favourite (#25626) 2023-07-17 16:53:57 +02:00
Daniel M Brasil 6fb4a756ff
Migrate to request specs in /api/v1/statuses/:status_id/bookmark (#25624) 2023-07-17 16:51:49 +02:00
Daniel M Brasil 4859958a0c
Migrate to request specs in /api/v1/polls (#25596) 2023-07-17 16:50:00 +02:00
Daniel M Brasil 1aea938d3d
Migrate to request specs in /api/v1/statuses/:status_id/pin (#25635) 2023-07-17 16:24:05 +02:00
Daniel M Brasil 6cdc8408a9
Migrate to request specs in /api/v1/emails/confirmations (#25686) 2023-07-17 16:22:33 +02:00
Daniel M Brasil 8a1aabaac1
Migrate to request specs in /api/v1/timelines/home (#25743) 2023-07-17 16:20:11 +02:00
Claire 41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 15:53:03 +02:00
Matt Jankowski 6c5a2233a8
Fix RSpec/StubbedMock cop (#25552)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-12 10:20:10 +02:00
Matt Jankowski 658742b3cd
Fix Lint/AmbiguousBlockAssociation cop (#25921) 2023-07-12 10:02:41 +02:00
Matt Jankowski c75df62ccc
Fix RSpec/SubjectDeclaration cop (#25312) 2023-07-12 09:49:33 +02:00
Matt Jankowski cf33028f35
Admin mailer parameterization (#25759) 2023-07-08 20:03:38 +02:00
Daniel M Brasil 383c00819c
Fix /api/v2/search not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in /api/v1/emails/check_confirmation (#25595) 2023-07-02 00:05:44 +02:00
Matt Jankowski 683ba5ecb1
Fix rails rewhere deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
Claire a5b6f6da80
Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-06-22 14:56:14 +02:00
Matt Jankowski 05f9e39b32
Fix RSpec/VerifiedDoubles cop (#25469) 2023-06-22 14:55:22 +02:00
Matt Jankowski 38433ccd0b
Reduce Admin::Reports::Actions spec db activity (#25465) 2023-06-22 14:53:13 +02:00
Claire 602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00
Matt Jankowski 63d15d5330
Speed-up on StatusesController spec (#25549) 2023-06-22 14:51:53 +02:00
Daniel M Brasil 6ac271c2a0
Migrate to request specs in /api/v1/suggestions (#25540) 2023-06-22 11:49:35 +02:00
Claire ebfeaebedb
Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-06-20 18:32:26 +02:00
Daniel M Brasil e53eb38a8d
Migrate to request specs in /api/v1/admin/account_actions (#25514) 2023-06-20 18:16:48 +02:00
Claire fd23f50243
Fix wrong view being displayed when a webhook fails validation (#25464) 2023-06-20 18:15:35 +02:00