Commit graph

253 commits

Author SHA1 Message Date
Claire
502cf75b16
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
7a84b76bb1
Drop favicon.ico generation (#30375) 2024-06-26 13:44:08 +00:00
Claire
58ace2e45e
Fix SQL error in admin measures API (#30753) 2024-06-18 16:04:58 +00:00
Claire
45abddb302
Fix pagination attributes not being returned in ungroupable-only pages (#30688) 2024-06-13 14:10:34 +00:00
Matt Jankowski
b2496177e0
Use correct params in v1/admin/domain_allows spec (#30378) 2024-06-11 07:35:30 +00:00
Daniel M Brasil
77c2216e47
fix: Return HTTP 422 when scheduled status time is less than 5 minutes (#30584) 2024-06-10 13:33:48 +00:00
Matt Jankowski
07cc94e05f
Use sidekiq_inline in requests/api/v1/admin/account_actions spec (#30563) 2024-06-06 14:19:22 +00:00
Matt Jankowski
9b9b0e25b6
Use sidekiq_inline in requests/api/v1/reports spec (#30564) 2024-06-06 14:14:33 +00:00
Eugen Rochko
a2505e8611
Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 08:43:04 +00:00
Emelia Smith
e02d23b549
Change read:me scope to profile scope (#30357)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-06-06 07:30:10 +00:00
Emelia Smith
4655be0da6
Fix add validation to webpush subscription keys (#30542) 2024-06-05 19:16:47 +00:00
Emelia Smith
eef2cc054f
Add url validation to Web::PushSubscription endpoints (#30540) 2024-06-05 08:06:06 +00:00
Matt Jankowski
249cbc449c
Use existing config access to local_domain value (#30509) 2024-06-03 09:15:58 +00:00
Claire
974335e414
Add experimental server-side notification grouping (#29889) 2024-06-03 08:35:59 +00:00
Claire
36fe8f8566
Change ids param to id in /api/v1/statuses and /api/v1/accounts for consistency (#30465) 2024-05-29 09:19:17 +00:00
Matt Jankowski
c61e356475
Add Status::MEDIA_ATTACHMENTS_LIMIT configuration constant (#30433) 2024-05-27 09:49:44 +00:00
Matt Jankowski
3a862439df
Remove unused account record in api/v2/admin/accounts spec (#30397) 2024-05-23 08:26:58 +00:00
Claire
de4815afda
Add more tests for self-destruct mode (#30374) 2024-05-20 10:06:51 +00:00
Emelia Smith
2da2a1dae9
Support multiple redirect_uris when creating OAuth 2.0 Applications (#29192) 2024-05-17 13:46:12 +00:00
Matt Jankowski
0d397db5dd
Consolidate system specs into single directory, use rspec tags for configuration (#30206) 2024-05-10 12:36:09 +00:00
Claire
2fe1b8d169
Add API to get multiple accounts and statuses (#27871)
Co-authored-by: noellabo <noel.yoshiba@gmail.com>
2024-05-06 15:19:15 +00:00
Emelia Smith
116f01ec7d
Implement RFC 8414 for OAuth 2.0 server metadata (#29191) 2024-05-06 13:17:56 +00:00
Claire
253ead3aa7
Fix not being able to block a subdomain of an already-blocked domain through the API (#30119) 2024-05-02 20:56:21 +00:00
Emelia Smith
049b159beb
Add read:me OAuth 2.0 scope, allowing more limited access to user data (#29087) 2024-04-23 11:47:00 +00:00
Matt Jankowski
449f99e168
Fix repeated concat output buffer duplicating layout markup (#29918) 2024-04-11 23:37:07 +00:00
Matt Jankowski
191bf5876e
Add coverage for sanitize failure path in api/web/embeds spec (#29851) 2024-04-04 16:07:16 +00:00
Matt Jankowski
f87959ab50
Fix RSpec/LetSetup cop in api/v1/timelines/public spec (#28972) 2024-04-02 14:05:02 +00:00
Matt Jankowski
34489591ec
Add max_pinned_statuses to instances serializer and api response (#29441) 2024-04-02 13:54:11 +00:00
Renaud Chaput
b4d991adaa
Use integers and not numbers in notification policy API counters (#29810) 2024-04-02 10:06:26 +00:00
Claire
81a04ac25c
Improve specs for severed relationships (#29688) 2024-03-22 16:25:36 +00:00
Matt Jankowski
34f293475e
Fix results/query in api/v1/featured_tags/suggestions (#29597) 2024-03-22 15:08:27 +00:00
Claire
814a48517f
Add some more tests for notification policies (#29698) 2024-03-21 16:46:38 +00:00
Claire
7434c9c276
Fix the relationships controller spec, since it requires an extra model now (#29671) 2024-03-21 08:28:37 +00:00
Claire
44bf7b8128
Add notifications of severed relationships (#27511) 2024-03-20 15:37:21 +00:00
Matt Jankowski
2e91a9bd34
Add include_pagination_headers matcher to check Link header in api specs (#29596) 2024-03-15 10:17:45 +00:00
Matt Jankowski
46e902f1f3
Merge api/v1/accounts/credentials controller spec into existing request spec (#29006) 2024-03-13 09:22:43 +00:00
Matt Jankowski
71eecbfa1f
Move api/v2/filters/* to request spec (#28956) 2024-03-13 08:47:09 +00:00
Matt Jankowski
3eaac3af73
Use before_all block to setup requests/cache_spec data (#29437) 2024-03-13 08:38:57 +00:00
Matt Jankowski
96013cd576
Reduce RSpec/ExampleLength in CSP request spec (#29104) 2024-03-13 08:22:32 +00:00
Matt Jankowski
24319836de
Convert request-based setup into factory setup in push/subscriptions request spec (#29489) 2024-03-11 15:46:25 +00:00
Eugen Rochko
50b17f7e10
Add notification policies and notification requests (#29366) 2024-03-07 14:53:37 +00:00
Matt Jankowski
18945f62e0
Convert more API specs from controller->request style (#29004) 2024-03-01 16:24:45 +00:00
Matt Jankowski
8156113d58
Use response_vary_headers method in requests/cache_spec (#29411) 2024-02-26 16:27:07 +00:00
Matt Jankowski
64f9939e39
Use capture_emails helper to improve email assertions in specs (#29245) 2024-02-19 15:57:47 +00:00
Wolfgang Fournès
86627ea2e4
Add a missing thread example to the statuses spec (#29278) 2024-02-19 13:35:58 +00:00
Claire
d4d0565b0f
Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 21:49:45 +00:00
Claire
bbbbf00084
Fix OmniAuth tests (#29201) 2024-02-14 14:57:49 +00:00
Claire
b31af34c97
Merge pull request from GHSA-vm39-j3vx-pch3
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Emelia Smith
46142cdbdd
Disable administrative doorkeeper routes (#29187) 2024-02-13 18:11:47 +00:00
Claire
7ee93b7431
Change source attribute of Suggestion entity in /api/v2/suggestions back to a string (#29108) 2024-02-06 17:10:17 +00:00
Matt Jankowski
df7acdcee5
Update markers API spec for error case (#29096) 2024-02-06 12:47:04 +00:00
Emelia Smith
4fb7f611de
Return domain block digests from admin domain blocks API (#29092) 2024-02-06 12:38:14 +00:00
Matt Jankowski
4cf07ed78c
Add missing action logging to api/v1/admin/reports#update (#29044) 2024-02-06 11:34:11 +00:00
Matt Jankowski
ff8937aa2c
Move api/v1/statuses/* to request spec (#28954) 2024-01-26 17:45:54 +00:00
Matt Jankowski
5119fbc9b7
Move api/v1/admin/trends/links/preview_card_providers to request spec (#28951) 2024-01-26 17:41:39 +00:00
Matt Jankowski
b6baab447d
Move api/v2/admin/accounts to request spec (#28950) 2024-01-26 17:41:13 +00:00
Matt Jankowski
7adcc0aae3
Move api/v1/trends/* to request specs (#28949) 2024-01-26 17:40:39 +00:00
Matt Jankowski
0b0ca6f3b8
Move api/v1/timelines/list to request spec (#28948) 2024-01-26 17:40:15 +00:00
Matt Jankowski
d791bca11b
Combine double subject in well_known/webfinger shared example (#28944) 2024-01-26 16:36:21 +00:00
Matt Jankowski
09a3493fca
Combine double subject in api/v1/media shared example (#28943) 2024-01-26 16:35:49 +00:00
Matt Jankowski
7ecf7f5403
Move controller->request specs for api/v1/statuses/* (#28818) 2024-01-22 11:58:54 +00:00
Matt Jankowski
329911b0a3
Migrate controller->request spec for api/v1/follow* (#28811) 2024-01-19 09:32:41 +00:00
Matt Jankowski
0b853678a4
Add coverage for api/v1/peers/search endpoint and extract controller query to Instance scope (#28796) 2024-01-18 15:57:10 +00:00
Matt Jankowski
e72676e83a
Improve api/v1/markers#create performance against simultaneous requests (#28718) 2024-01-15 09:47:25 +00:00
Matt Jankowski
7801db7ba4
Spec coverage for custom css endpoint (#28706) 2024-01-12 09:19:25 +00:00
Matt Jankowski
2954279e9c
Remove double subject call in api/v1/admin/trends/links/links spec (#28695) 2024-01-11 15:13:11 +00:00
Matt Jankowski
95bd46d32a
Remove double subject call in api/v1/admin/ip_blocks spec (#28696) 2024-01-11 15:11:57 +00:00
Matt Jankowski
00341c70ff
Use Sidekiq fake! instead of inline! in specs (#25369) 2024-01-10 11:06:58 +00:00
Claire
092bb8a27a
Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-03 11:29:26 +00:00
Claire
bd415af9a1
Change streaming API host to not be overridden to localhost in development mode (#28557) 2024-01-03 10:23:58 +00:00
Claire
a2624ff739
Convert signature verification specs to request specs (#28443) 2023-12-22 18:56:22 +00:00
Claire
6fed0fcbaa
Remove unneeded settings cleanup from specs (#28425) 2023-12-19 15:17:22 +00:00
Eugen Rochko
b5ac61b2c5
Change algorithm of follow recommendations (#28314)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-12-19 10:59:43 +00:00
Matt Jankowski
c28976d89e
Handle negative offset param in api/v2/search (#28282) 2023-12-19 10:55:39 +00:00
Matt Jankowski
1820bad646
Fix Performance/StringIdentifierArgument cop (#28399) 2023-12-18 10:26:09 +00:00
Matt Jankowski
adbfd40a1b
Convert api/v1/directories controller spec to request spec (#28356) 2023-12-14 10:38:06 +00:00
Matt Jankowski
28e1a7a394
Improve spec coverage for models/announcement class (#28350) 2023-12-14 10:29:10 +00:00
Matt Jankowski
0e4233de9d
Controller spec to request spec: api/v2/suggestions (#28297) 2023-12-11 08:13:57 +00:00
Matt Jankowski
0c64092500
Controller spec to request spec: api/v1/accounts/search (#28299) 2023-12-11 08:13:28 +00:00
Matt Jankowski
16ede59d0a
Controller spec to request spec: api/v1/featured_tags/suggestions (#28298) 2023-12-11 08:00:41 +00:00
Matt Jankowski
809506bdd4
Controller spec to request spec: api/v1/accounts/pins (#28300) 2023-12-11 07:59:40 +00:00
Matt Jankowski
94cc707ab3
Controller spec to request spec: api/v1/accounts/notes (#28301) 2023-12-11 07:58:48 +00:00
Matt Jankowski
e544b6df42
Controller spec to request spec: api/v1/accounts/lookup (#28302) 2023-12-11 07:57:33 +00:00
Matt Jankowski
a968898dc7
Controller spec to request spec: api/v1/accounts/lists (#28303) 2023-12-11 07:56:47 +00:00
Matt Jankowski
8f94502e7d
Controller spec to request spec: api/v1/accounts/identify_proofs (#28304) 2023-12-11 07:56:13 +00:00
Matt Jankowski
78347d2556
Controller spec to request spec: api/v1/accounts/familiar_followers (#28305) 2023-12-11 07:55:45 +00:00
Matt Jankowski
11d2bd9716
Fix intermittent failure from unspecified order in api/v1/accounts/relationships spec (#28306) 2023-12-11 07:55:07 +00:00
Matt Jankowski
7e514688b3
Convert api/v2/search controller spec to request spec (#28269) 2023-12-08 09:27:33 +00:00
Matt Jankowski
71e5a16eba
Remove triple subject call in api/v1/lists spec (#28210) 2023-12-04 15:28:19 +00:00
Matt Jankowski
cca19f5fbb
Use the Admin::ActionLog fabricator in admin/action_logs spec (#28194) 2023-12-04 12:56:28 +00:00
Matt Jankowski
0530ce5e95
Convert accounts controller spec to request spec (#28126) 2023-11-30 14:28:05 +00:00
Claire
85662a5a57
Change img-src and media-src CSP directives to not include https: (#28025) 2023-11-30 13:47:01 +00:00
Kevin Bongart
7877fcd83c
Deduplicate IDs in relationships and familiar_followers APIs (#27982) 2023-11-23 10:00:09 +00:00
Matt Jankowski
973597c6f1
Consolidate configuration of Sidekiq::Testing.fake! setup (#28046) 2023-11-23 09:43:43 +00:00
Matt Jankowski
9742bccbe7
Add coverage for api/v2/media endpoint (#28027) 2023-11-22 15:39:34 +00:00
Matt Jankowski
30ee4aaff4
Convert measurement api/v1/admin/* controller specs to request specs (#28005) 2023-11-21 14:25:07 +00:00
Matt Jankowski
32e19e3af6
Reduce .times usage in request and controller specs (#27949) 2023-11-21 13:05:59 +00:00
Matt Jankowski
a6d446e6a7
Add coverage for remote_interaction_helper (#28002) 2023-11-21 10:28:55 +00:00
Matt Jankowski
876f5b1d12
Convert /instances/* controller specs to request specs (#27988)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-20 11:05:28 +00:00
Matt Jankowski
718c95e7af
Convert api/v1/custom_emojis controller spec to request spec (#27985)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-20 11:05:24 +00:00