aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,796 Commits
138 Branches
269 Tags
1016 MiB
i18n/crowdin/translations
renovate/ruby-3.x
renovate/ox-2.x-lockfile
renovate/rubocop-(non-major)
renovate/nokogiri-1.x-lockfile
renovate/eslint-(non-major)
renovate/rack-test-2.x-lockfile
renovate/pino-9.x-lockfile
renovate/csv-3.x-lockfile
main
feat/fasp
renovate/definitelytyped-types-(non-major)
features/numeric-identifiers
renovate/omniauth-packages
renovate/major-react-monorepo
fixes/notification-trailing-groups
renovate/reduxjs-toolkit-2.x-lockfile
renovate/webpush-digest
feature-streaming-profile
renovate/formatjs-monorepo
feature-starter-packs
refactor-status-content-typescript
renovate/glob-11.x
renovate/react-test-renderer-19.x
fixes/embed-requestAnimationFrame
renovate/immutable-5.x
stable-4.3
stable-4.1
stable-4.2
renovate/net-http-0.x
renovate/major-formatjs-monorepo
features/lock-icon-on-hover-card
renovate/typescript-5.x-lockfile
feature-language-dropdown-warning
feature-admin-report-forward
feature-reports-batch-actions
fix-admin-dashboard-slow
fix-future-date-trend
redesign/content-warning-filters-4.3
fixes/filtered-follows
remove/trendable-provider-attribution
activitypub/summary-over-name
build-stable-nightly
fixes/notification-excerpt-paragraph
fixes/mastodon-setup-task-redis
fixes/out-of-order-private-posts
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
cleanup/remove-old-notifications
fixes/detect-missing-indexes2
cleanup/simplify-css
feature-post-layout
features/media-description-in-embedded-status
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
fixes/thread-resolve-worker-skip_fetching
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
v4.3.1
v4.3.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'feature-starter-packs'
${ noResults }
Commit Graph

63 Commits (feature-starter-packs)

Author SHA1 Message Date
Matt Jankowski 7efe0bde9d
Add `have_http_link_header` matcher and set header values as strings (#31010) 4 months ago
Matt Jankowski f1003b2560
Enable "zero monkey patching" mode in RSpec (#31614) 4 months ago
Matt Jankowski 5b595b8a5a
Remove usage of `assigns` in controller specs (#30195) 4 months ago
Matt Jankowski f1300ad284
Rename jobs/attachments rspec tag names (#29762) 6 months ago
Matt Jankowski 65e82211cd
Rename `cache_*` methods to `preload_*` in controller concern (#30209) 7 months ago
Matt Jankowski f9100743ec
Add `Api::ErrorHandling` concern for api/base controller (#29574) 10 months ago
Matt Jankowski f91acba70a
Combine repeated requests in account controller concern spec (#28957) 11 months ago
Matt Jankowski 00341c70ff
Use Sidekiq `fake!` instead of `inline!` in specs (#25369) 12 months ago
Claire a2624ff739
Convert signature verification specs to request specs (#28443) 1 year ago
Claire 6fed0fcbaa
Remove unneeded settings cleanup from specs (#28425) 1 year ago
Matt Jankowski 1f1c75bba5
File cleanup/organization in `controllers/concerns` (#27846) 1 year ago
Matt Jankowski 291dc04e67
Remove un-needed `action` and `template` options to `render` in controllers (#28022) 1 year ago
Matt Jankowski 69d00e2721
Fix `RSpec/InstanceVariable` cop (#27766) 1 year ago
Matt Jankowski bcd0171e5e
Fix `Lint/UselessAssignment` cop (#27472) 1 year ago
Claire 94893cf24f
Merge pull request from GHSA-hcqf-fw2r-52g4 
* Revert "Fix request URL normalisation for bare domain and 8-bit characters (#26285)"

This reverts commit 8891d8945d.

* Revert "Do not normalize URL before fetching it (#26219)"

This reverts commit fd284311e7.
 1 year ago
Claire 60b9fa641d
Fix cached posts including stale stats (#26409) 1 year ago
Christian Schmidt fd284311e7
Do not normalize URL before fetching it (#26219) 1 year ago
Matt Jankowski f48d345de1
Use correct naming on controller concern specs (#26197) 1 year ago
Matt Jankowski d2e5430d4a
Fix RSpec/ExpectChange cop (#25101) 2 years ago
Nick Schonning 99e2e9b81f
Fix minor typos in comments and spec names (#21831) 2 years ago
Nick Schonning da3bd913ae
Autofix Rubocop Style/HashSyntax (#23754) 2 years ago
Matt Jankowski c97b611b6b
Fix RSpec/InferredSpecType cop (#24736) 2 years ago
Matt Jankowski 710745e16b
Fix RSpec/ContextWording cop (#24739) 2 years ago
Matt Jankowski 3df665fd23
Fix Lint/ConstantDefinitionInBlock cop (#24763) 2 years ago
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2 years ago
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification (#21617) 
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
 2 years ago
Claire 8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors (#19212) 
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account

* Refactor SignatureVerification to allow non-Account actors

* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors

* Refactor inbound ActivityPub payload processing to accept non-Account actors

* Refactor inbound ActivityPub processing to accept activities relayed through non-Account

* Refactor how Account key URIs are built

* Refactor Request and drop unused key_id_format parameter

* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
 2 years ago
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135) 
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
 3 years ago
Claire f5639e1cbe
Change public profile pages to be disabled for unconfirmed users (#17385) 
Fixes #17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
 3 years ago
Claire e38fc319dc
Refactor and improve tests (#17386) 
* Change account and user fabricators to simplify and improve tests

- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.

* Fix and refactor tests

- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code.
 3 years ago
Claire 5027abecd1
Fix cache_collection crashing when given an empty collection (#15921) 
* Fix cache_collection crashing when given an empty collection

* Add tests
 4 years ago
Claire 43eff898a0
Prepare Mastodon for Rails 6 (#15911) 
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
 4 years ago
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726) 4 years ago
ThibG 4bcef12bad
Fix sr locale being selected over sr-Latn (#13693) 
* Fix sr locale being selected over sr-Latn

* Update tests
 5 years ago
Eugen Rochko 5265df0a8a
Change signature verification to ignore signatures with invalid host (#13033) 
Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched

Fix #13011
 5 years ago
Eugen Rochko 49b2f7c0a2
Fix base64-encoded file uploads not being possible (#12748) 
Fix #3804, Fix #5776
 5 years ago
Eugen Rochko e1066cd431
Add password challenge to 2FA settings, e-mail notifications (#11878) 
Fix #3961
 5 years ago
Eugen Rochko bd1545de5e
Change locale detection to run once per session (#8657) 
Fix #6462
 6 years ago
Eugen Rochko 4e8dcc5dbb
Add HTTP signatures to all outgoing ActivityPub GET requests (#11284) 6 years ago
Eugen Rochko 63c7fe8e48
Refactor controllers for statuses, accounts, and more (#11249) 6 years ago
Eugen Rochko 51e154f5e8
Admission-based registrations mode (#10250) 
Fix #6856
Fix #6951
 6 years ago
ysksn dd85700a3e Add spec for AccountableConcern#log_action (#9559) 6 years ago
Eugen Rochko 21ad21cb50
Improve signature verification safeguards (#8959) 
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
 6 years ago
aus-social 0a4739c732 lint pass 2 (#8878) 
* Code quality pass

* Typofix

* Update applications_controller_spec.rb

* Update applications_controller_spec.rb
 6 years ago
luzpaz 40dd19be37 Misc. typos (#8694) 
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
 6 years ago
S.H 2aeeffc3ec Update Rails (#8141) 
* Update Rails

* fix Update Rails
 6 years ago
Yamagishi Kazutoshi 648d645c2f Fix randomly fail (similar #7219) (#7225) 7 years ago
Yamagishi Kazutoshi d10447c3a8 Use raw status code on have_http_status (#7214) 7 years ago
Akihiko Odaki 51d760960c Set the default locale in config (#6580) 
Previously the default locale was set by Localized concern for controllers,
but it was not enforced for mailers.

config is enforced throughout the application and an appropriate place to
set the default locale.
 7 years ago
Eugen Rochko 9b3b40df66
Fix regeneration marker not expiring (#6290) 
* Fix regeneration key not getting expired

* Add rake task to remove old regeneration markers
 7 years ago