Claire
34aeef3453
Merge pull request from GHSA-58x8-3qxw-6hm7
...
* Fix insufficient permission checking for public timeline endpoints
Note that this changes unauthenticated access failure code from 401 to 422
* Add more tests for public timelines
* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire
122740047a
Merge pull request from GHSA-vp5r-5pgw-jwqx
...
* Fix streaming sessions not being closed when revoking access to an app
* Add tests for GHSA-7w3c-p9j8-mq3x
2024-07-04 16:11:28 +02:00
Emelia Smith
984d7d3dc8
Fix missing destory audit logs for Domain Allows ( #30125 )
2024-05-17 12:30:07 +02:00
Claire
33a50884e5
Fix not being able to block a subdomain of an already-blocked domain through the API ( #30119 )
2024-05-17 12:30:07 +02:00
Claire
5973d7a4b6
Remove caching in cache_collection
( #29862 )
2024-05-17 12:30:07 +02:00
Matt Jankowski
8ce403a85b
Fix results/query in api/v1/featured_tags/suggestions
( #29597 )
2024-05-17 12:30:07 +02:00
Claire
079d3e5189
Add fallback redirection when getting a webfinger query WEB_DOMAIN@WEB_DOMAIN
( #28592 )
2024-05-17 12:30:07 +02:00
Claire
9e5af6bb58
Fix user creation failure handling in OAuth paths ( #29207 )
...
Co-authored-by: Matt Jankowski <matt@jankowski.online>
2024-02-14 23:16:39 +01:00
Claire
6f36b633a7
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Claire
5799bc4af7
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to v4.1.13
2024-02-01 15:56:46 +01:00
Claire
2e8943aecd
Add rate-limit of TOTP authentication attempts at controller level ( #28801 )
2024-01-24 15:31:06 +01:00
Claire
9292d998fe
Fix Mastodon not correctly processing HTTP Signatures with query strings ( #28476 )
2024-01-24 15:31:06 +01:00
Claire
458620bdd4
Fix potential redirection loop of streaming endpoint ( #28665 )
2024-01-24 15:31:06 +01:00
Claire
a1a71263e0
Fix streaming API redirection ignoring the port of streaming_api_base_url
( #28558 )
2024-01-24 15:31:06 +01:00
Claire
3ef0a19bac
Fix report processing notice not mentioning the report number when performing a custom action ( #27442 )
2023-12-04 15:28:02 +01:00
Daniel M Brasil
ea7fa048f3
Fix /api/v1/timelines/tag/:hashtag
allowing for unauthenticated access when public preview is disabled ( #26237 )
2023-09-05 19:16:09 +02:00
Claire
6339806f05
Fix blocking subdomains of an already-blocked domain ( #26392 )
2023-09-05 19:16:09 +02:00
Claire
f8930a67a0
Change /api/v1/statuses/:id/history to always return at least one item ( #25510 )
2023-07-06 13:45:40 +02:00
Claire
e65e3a6d14
Add finer permission requirements for managing webhooks ( #25463 )
2023-07-06 13:45:40 +02:00
Claire
8acbfc6ab1
Fix wrong view being displayed when a webhook fails validation ( #25464 )
2023-07-06 13:45:40 +02:00
Daniel M Brasil
fd1ffd72eb
Fix incorrect pagination headers in /api/v2/admin/accounts
( #25477 )
2023-07-06 13:45:40 +02:00
Claire
2779bce9a2
Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN
( #23600 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-06 13:45:40 +02:00
Claire
1301af60e0
Fix race condition when reblogging a status ( #25016 )
2023-07-06 13:45:40 +02:00
Claire
b3cbcd7447
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
2023-07-06 13:45:40 +02:00
Claire
72d96bf17a
Remove invalid X-Frame-Options: ALLOWALL ( #25070 )
2023-07-06 13:45:40 +02:00
Claire
036ac5b5c9
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:40 +02:00
Claire
3e1724e972
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:45:40 +02:00
Claire
bc8592627b
Fix user archive takeouts when using OpenStack Swift ( #24431 )
2023-07-06 13:45:40 +02:00
Claire
51572ac615
Fix invalid/expired invites being processed on sign-up ( #24337 )
2023-04-04 12:41:27 +02:00
Claire
ae64c5b7ec
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-04-04 12:41:27 +02:00
Eugen Rochko
6db76875fd
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:48:42 +01:00
Claire
8c4ea7d715
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 11:45:53 +01:00
Claire
aff3f850de
Fix server error when failing to follow back followers from /relationships
( #23787 )
2023-03-13 18:39:35 +01:00
Claire
0dc342df81
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-13 18:36:15 +01:00
Claire
832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections ( #23460 )
2023-02-08 17:57:25 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition ( #23451 )
2023-02-08 07:07:36 +01:00
Nick Schonning
2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument ( #23443 )
...
* Apply Rubocop Performance/RedundantSplitRegexpArgument
* Update app/controllers/concerns/signature_verification.rb
2023-02-08 02:25:20 +01:00
Claire
20a479ff7c
Change POST /settings/applications/:id
to regenerate token on scopes change ( #23359 )
...
Fixes #23096
2023-02-02 12:03:49 +01:00
Eugen Rochko
21780c0204
Change notifications per page from 15 to 40 in REST API ( #23348 )
2023-02-01 11:23:54 +01:00
Claire
68dcbcb7bf
Add more specific error messages to HTTP signature verification ( #21617 )
...
* Return specific error on failure to parse Date header
* Add error message when preferredUsername is not set
* Change error report to be JSON and include more details
* Change error report to differentiate unknown account and failed refresh
* Add tests
2023-01-18 16:47:56 +01:00
Claire
343e1fe8e9
Add confirmation screen when handling reports ( #22375 )
...
* Add confirmation screen on moderation actions
* Add flash notice when a report has been processed
* Refactor tests
* Add tests
2023-01-18 16:40:09 +01:00
Claire
4b92e59f4f
Add support for editing media description and focus point of already-posted statuses ( #20878 )
...
* Add backend support for editing media attachments of existing posts
* Allow editing media attachments of already-posted toots
* Add tests
2023-01-18 16:33:55 +01:00
Claire
b034dc42be
Fix /api/v1/admin/trends/tags using wrong serializer ( #18943 )
...
* Fix /api/v1/admin/trends/tags using wrong serializer
Fix regression from #18641
* Only use `REST::Admin::TagSerializer` when the user can `manage_taxonomies`
* Fix admin trending hashtag component to not link if `id` is unknown
2023-01-18 16:28:18 +01:00
Claire
fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists ( #21470 )
...
* Change domain block CSV parsing to be more robust and handle more lists
* Add some tests
* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
Carl Schwan
f33e22ae4c
Allow changing hide_collections setting with the api ( #22790 )
...
* Allow changing hide_collections setting with the api
This is currently only possible with app/controllers/settings/profiles_controller.rb
and is the only difference in the allowed parameter between the two controllers
* Fix the lint issue
* Use normal indent
2023-01-13 16:40:21 +01:00
Claire
aefefc74c4
Change referrer-policy to no-referrer application-wide ( #23014 )
2023-01-10 05:18:43 +01:00
Claire
18d00055f4
Add dropdown menu item to open admin interface for remote domains ( #21895 )
...
* Allow /admin/instances/:domain to handle IDNs
* Add dropdown menu item to open admin interface for remote domains
2023-01-05 14:03:46 +01:00
Claire
42f9693d00
Fix PermalinkRedirector not applying to users with moved accounts ( #22497 )
...
Fixes #22262
2023-01-05 13:40:27 +01:00
Claire
8556a649d5
Fix changing domain block severity not undoing individual account effects ( #22135 )
...
* Fix changing domain block severity not undoing individual account effects
Fixes #22133
* Add tests
2022-12-15 17:45:02 +01:00
David Vega
1b5d207131
Fix single name variables on controller folder ( #20092 )
...
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com>
Co-authored-by: Effy Elden <effy@effy.space>
2022-12-15 17:11:58 +01:00