Commit graph

91 commits

Author SHA1 Message Date
9bcb7630b3 Merge tag 'v4.2.12' into chinwag-next 2024-09-24 20:03:33 +10:00
Claire
34aeef3453
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
4fb4721072
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
56b7d1a7b6 Fix not being able to block a subdomain of an already-blocked domain through the API (#30119) 2024-05-17 12:30:00 +02:00
Emelia Smith
f784213c64 Return domain block digests from admin domain blocks API (#29092) 2024-05-17 12:30:00 +02:00
Claire
9e5af6bb58 Fix user creation failure handling in OAuth paths (#29207)
Co-authored-by: Matt Jankowski <matt@jankowski.online>
2024-02-14 23:16:39 +01:00
Claire
870ee80fd3 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 22:55:31 +01:00
Claire
76a37bd040 Fix OmniAuth tests (#29201) 2024-02-14 16:06:38 +01:00
Claire
f1700523f1
Merge pull request from GHSA-vm39-j3vx-pch3
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Emelia Smith
cdbe2855f3 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:34:46 +01:00
Emelia Smith
6d43b63275 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:03:21 +01:00
Claire
3837ec2227 Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:13 +01:00
Claire
1998c561b2 Convert signature verification specs to request specs (#28443) 2024-01-24 15:31:13 +01:00
Claire
9292d998fe Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:06 +01:00
Claire
92643f48de Convert signature verification specs to request specs (#28443) 2024-01-24 15:31:06 +01:00
Claire
2e4d43933d
Fix SQL query in /api/v1/directory (#28412) 2023-12-18 11:03:20 +01:00
Claire
bece853e3c Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-12-04 15:28:15 +01:00
Claire
ff3a9dad0d Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-12-04 15:28:02 +01:00
Claire
eea2654236
Fix format-dependent redirects being cached regardless of requested format (#27634) 2023-11-13 17:58:00 +01:00
Claire
ffcf2c691e Fix Vary headers not being set on some redirects (#27272) 2023-10-10 13:52:41 +02:00
Claire
828eebad48
Add hide_collections, discoverable and indexable attributes to credentials API (#26998) 2023-09-20 18:25:16 +02:00
Robert R George
20666482ef
Added admin api for managing tags (#26872) 2023-09-13 11:22:53 +02:00
Daniel M Brasil
f337008819
Fix timeout on invalid set of exclusionary parameters in /api/v1/timelines/public (#26239) 2023-08-23 15:50:23 +02:00
Claire
191d302b7f
Refactor Api::V1::ProfilesController into two separate controllers (#26573) 2023-08-21 15:47:09 +02:00
Daniel M Brasil
d24a87ce4f
Add ability to delete avatar or header picture via the API (#25124)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-21 08:44:35 +02:00
Daniel M Brasil
3a4d3e9d4b
Add GET /api/v1/instance/languages to REST API (#24443)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-03 11:25:47 +02:00
Emelia Smith
e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 2023-08-02 19:32:48 +02:00
Christian Schmidt
ca342d4838
Add List-Unsubscribe email header (#26085) 2023-08-01 19:34:40 +02:00
Daniel M Brasil
812a84ff5f
Migrate to request specs in /api/v2/filters (#25721) 2023-07-27 14:58:20 +02:00
Matt Jankowski
50ff3d3342
Coverage for Auth::OmniauthCallbacks controller (#26147) 2023-07-25 09:46:57 +02:00
Claire
889102013f Fix CSP headers being unintendedly wide (#26105) 2023-07-21 16:07:43 +02:00
Claire
e5f1000ad1
Fix CSP headers being unintendedly wide (#26105) 2023-07-21 13:34:15 +02:00
Christian Schmidt
4c18928a93
Wrong count in response when removing favourite/reblog (#24365)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-19 09:02:30 +02:00
Daniel M Brasil
59b38f9ee4
Migrate to request specs in /api/v1/mutes (#25622) 2023-07-18 13:05:19 +02:00
Daniel M Brasil
58bfe8c43a
Migrate to request specs in /api/v1/bookmarks (#25520) 2023-07-18 09:15:50 +02:00
Daniel M Brasil
5a7c6c6597
Migrate to request specs in /api/v1/timelines/public (#25746)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-18 09:15:18 +02:00
Daniel M Brasil
19208aa422
Migrate to request specs in /api/v1/statuses/:status_id/favourite (#25626) 2023-07-17 16:53:57 +02:00
Daniel M Brasil
6fb4a756ff
Migrate to request specs in /api/v1/statuses/:status_id/bookmark (#25624) 2023-07-17 16:51:49 +02:00
Daniel M Brasil
4859958a0c
Migrate to request specs in /api/v1/polls (#25596) 2023-07-17 16:50:00 +02:00
Daniel M Brasil
1aea938d3d
Migrate to request specs in /api/v1/statuses/:status_id/pin (#25635) 2023-07-17 16:24:05 +02:00
Daniel M Brasil
6cdc8408a9
Migrate to request specs in /api/v1/emails/confirmations (#25686) 2023-07-17 16:22:33 +02:00
Daniel M Brasil
8a1aabaac1
Migrate to request specs in /api/v1/timelines/home (#25743) 2023-07-17 16:20:11 +02:00
Claire
41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 15:53:03 +02:00
Claire
53b979d5c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:37:21 +02:00
Claire
94fbac77e7
Fix processing of media files with unusual names (#25788) 2023-07-07 13:35:22 +02:00
Daniel M Brasil
6ac271c2a0
Migrate to request specs in /api/v1/suggestions (#25540) 2023-06-22 11:49:35 +02:00
Daniel M Brasil
e53eb38a8d
Migrate to request specs in /api/v1/admin/account_actions (#25514) 2023-06-20 18:16:48 +02:00
Daniel M Brasil
0a0a1f1495
Migrate to request specs in /api/v1/tags (#25439) 2023-06-19 08:51:40 +02:00
Daniel M Brasil
b10c05e702
Migrate to request specs in /api/v1/lists (#25443) 2023-06-15 10:19:51 +02:00
Daniel M Brasil
24015ef0cc
Migrate to request specs in /api/v1/domain_blocks (#25414) 2023-06-14 16:08:53 +02:00