9bcb7630b3
Merge tag 'v4.2.12' into chinwag-next
2024-09-24 20:03:33 +10:00
Claire
34aeef3453
Merge pull request from GHSA-58x8-3qxw-6hm7
...
* Fix insufficient permission checking for public timeline endpoints
Note that this changes unauthenticated access failure code from 401 to 422
* Add more tests for public timelines
* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
4fb4721072
Merge pull request from GHSA-58x8-3qxw-6hm7
...
* Fix insufficient permission checking for public timeline endpoints
Note that this changes unauthenticated access failure code from 401 to 422
* Add more tests for public timelines
* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
56b7d1a7b6
Fix not being able to block a subdomain of an already-blocked domain through the API ( #30119 )
2024-05-17 12:30:00 +02:00
Emelia Smith
f784213c64
Return domain block digests from admin domain blocks API ( #29092 )
2024-05-17 12:30:00 +02:00
Claire
9e5af6bb58
Fix user creation failure handling in OAuth paths ( #29207 )
...
Co-authored-by: Matt Jankowski <matt@jankowski.online>
2024-02-14 23:16:39 +01:00
Claire
870ee80fd3
Fix user creation failure handling in OAuth paths ( #29207 )
2024-02-14 22:55:31 +01:00
Claire
76a37bd040
Fix OmniAuth tests ( #29201 )
2024-02-14 16:06:38 +01:00
Claire
f1700523f1
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Emelia Smith
cdbe2855f3
Disable administrative doorkeeper routes ( #29187 )
2024-02-14 11:34:46 +01:00
Emelia Smith
6d43b63275
Disable administrative doorkeeper routes ( #29187 )
2024-02-14 11:03:21 +01:00
Claire
3837ec2227
Fix Mastodon not correctly processing HTTP Signatures with query strings ( #28476 )
2024-01-24 15:31:13 +01:00
Claire
1998c561b2
Convert signature verification specs to request specs ( #28443 )
2024-01-24 15:31:13 +01:00
Claire
9292d998fe
Fix Mastodon not correctly processing HTTP Signatures with query strings ( #28476 )
2024-01-24 15:31:06 +01:00
Claire
92643f48de
Convert signature verification specs to request specs ( #28443 )
2024-01-24 15:31:06 +01:00
Claire
2e4d43933d
Fix SQL query in /api/v1/directory
( #28412 )
2023-12-18 11:03:20 +01:00
Claire
bece853e3c
Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags
for remote accounts ( #27459 )
2023-12-04 15:28:15 +01:00
Claire
ff3a9dad0d
Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags
for remote accounts ( #27459 )
2023-12-04 15:28:02 +01:00
Claire
eea2654236
Fix format-dependent redirects being cached regardless of requested format ( #27634 )
2023-11-13 17:58:00 +01:00
Claire
ffcf2c691e
Fix Vary headers not being set on some redirects ( #27272 )
2023-10-10 13:52:41 +02:00
Claire
828eebad48
Add hide_collections
, discoverable
and indexable
attributes to credentials API ( #26998 )
2023-09-20 18:25:16 +02:00
Robert R George
20666482ef
Added admin api for managing tags ( #26872 )
2023-09-13 11:22:53 +02:00
Daniel M Brasil
f337008819
Fix timeout on invalid set of exclusionary parameters in /api/v1/timelines/public
( #26239 )
2023-08-23 15:50:23 +02:00
Claire
191d302b7f
Refactor Api::V1::ProfilesController
into two separate controllers ( #26573 )
2023-08-21 15:47:09 +02:00
Daniel M Brasil
d24a87ce4f
Add ability to delete avatar or header picture via the API ( #25124 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-21 08:44:35 +02:00
Daniel M Brasil
3a4d3e9d4b
Add GET /api/v1/instance/languages
to REST API ( #24443 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-03 11:25:47 +02:00
Emelia Smith
e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode ( #26252 )
2023-08-02 19:32:48 +02:00
Christian Schmidt
ca342d4838
Add List-Unsubscribe email header ( #26085 )
2023-08-01 19:34:40 +02:00
Daniel M Brasil
812a84ff5f
Migrate to request specs in /api/v2/filters
( #25721 )
2023-07-27 14:58:20 +02:00
Matt Jankowski
50ff3d3342
Coverage for Auth::OmniauthCallbacks
controller ( #26147 )
2023-07-25 09:46:57 +02:00
Claire
889102013f
Fix CSP headers being unintendedly wide ( #26105 )
2023-07-21 16:07:43 +02:00
Claire
e5f1000ad1
Fix CSP headers being unintendedly wide ( #26105 )
2023-07-21 13:34:15 +02:00
Christian Schmidt
4c18928a93
Wrong count in response when removing favourite/reblog ( #24365 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-19 09:02:30 +02:00
Daniel M Brasil
59b38f9ee4
Migrate to request specs in /api/v1/mutes
( #25622 )
2023-07-18 13:05:19 +02:00
Daniel M Brasil
58bfe8c43a
Migrate to request specs in /api/v1/bookmarks
( #25520 )
2023-07-18 09:15:50 +02:00
Daniel M Brasil
5a7c6c6597
Migrate to request specs in /api/v1/timelines/public
( #25746 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-18 09:15:18 +02:00
Daniel M Brasil
19208aa422
Migrate to request specs in /api/v1/statuses/:status_id/favourite
( #25626 )
2023-07-17 16:53:57 +02:00
Daniel M Brasil
6fb4a756ff
Migrate to request specs in /api/v1/statuses/:status_id/bookmark
( #25624 )
2023-07-17 16:51:49 +02:00
Daniel M Brasil
4859958a0c
Migrate to request specs in /api/v1/polls
( #25596 )
2023-07-17 16:50:00 +02:00
Daniel M Brasil
1aea938d3d
Migrate to request specs in /api/v1/statuses/:status_id/pin
( #25635 )
2023-07-17 16:24:05 +02:00
Daniel M Brasil
6cdc8408a9
Migrate to request specs in /api/v1/emails/confirmations
( #25686 )
2023-07-17 16:22:33 +02:00
Daniel M Brasil
8a1aabaac1
Migrate to request specs in /api/v1/timelines/home
( #25743 )
2023-07-17 16:20:11 +02:00
Claire
41f65edb21
Fix embed dropdown menu item for unauthenticated users ( #25964 )
2023-07-13 15:53:03 +02:00
Claire
53b979d5c7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 19:37:21 +02:00
Claire
94fbac77e7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 13:35:22 +02:00
Daniel M Brasil
6ac271c2a0
Migrate to request specs in /api/v1/suggestions
( #25540 )
2023-06-22 11:49:35 +02:00
Daniel M Brasil
e53eb38a8d
Migrate to request specs in /api/v1/admin/account_actions
( #25514 )
2023-06-20 18:16:48 +02:00
Daniel M Brasil
0a0a1f1495
Migrate to request specs in /api/v1/tags
( #25439 )
2023-06-19 08:51:40 +02:00
Daniel M Brasil
b10c05e702
Migrate to request specs in /api/v1/lists
( #25443 )
2023-06-15 10:19:51 +02:00
Daniel M Brasil
24015ef0cc
Migrate to request specs in /api/v1/domain_blocks
( #25414 )
2023-06-14 16:08:53 +02:00