Compare commits
49 commits
v4.1.12-cw
...
master
Author | SHA1 | Date | |
---|---|---|---|
Mike Barnes | b7ffe81568 | ||
1cad857f14 | |||
95ebcff98e | |||
d770b61a74 | |||
020228ddba | |||
e292a28933 | |||
ba240cea0c | |||
257f9abd56 | |||
b4e3a789b1 | |||
b39fbe7c83 | |||
c717b7da99 | |||
13bbcdf4d4 | |||
3aec33f5a2 | |||
984d7d3dc8 | |||
33a50884e5 | |||
70c4d70dbe | |||
a6089cdfca | |||
5973d7a4b6 | |||
ba5551fd1d | |||
8ce403a85b | |||
3ff575f54c | |||
affbb10566 | |||
209632a0fd | |||
079d3e5189 | |||
57b72cccc4 | |||
37adb144db | |||
142dd34b68 | |||
c2d8666bbf | |||
d3c4441af8 | |||
f0541adbd4 | |||
3fecb36739 | |||
c7312411b8 | |||
2fc87611be | |||
1629ac4c81 | |||
54ae3d5ca5 | |||
Mike Barnes | 372e262c4d | ||
b7b03e8d26 | |||
a07fff079b | |||
6f29d50aa5 | |||
9e5af6bb58 | |||
6499850ac4 | |||
6f36b633a7 | |||
d807b3960e | |||
2f6518cae2 | |||
cdbe2855f3 | |||
fdde3cdb4e | |||
ce9c641d9a | |||
Mike Barnes | 1064e395cb | ||
5799bc4af7 |
153
.github/workflows/test-ruby.yml
vendored
Normal file
153
.github/workflows/test-ruby.yml
vendored
Normal file
|
@ -0,0 +1,153 @@
|
|||
name: Ruby Testing
|
||||
|
||||
on:
|
||||
push:
|
||||
branches-ignore:
|
||||
- 'dependabot/**'
|
||||
- 'renovate/**'
|
||||
pull_request:
|
||||
|
||||
env:
|
||||
BUNDLE_CLEAN: true
|
||||
BUNDLE_FROZEN: true
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
fail-fast: true
|
||||
matrix:
|
||||
mode:
|
||||
- production
|
||||
- test
|
||||
env:
|
||||
RAILS_ENV: ${{ matrix.mode }}
|
||||
BUNDLE_WITH: ${{ matrix.mode }}
|
||||
OTP_SECRET: precompile_placeholder
|
||||
SECRET_KEY_BASE: precompile_placeholder
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
cache: yarn
|
||||
node-version-file: '.nvmrc'
|
||||
|
||||
- name: Install native Ruby dependencies
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y libicu-dev libidn11-dev
|
||||
|
||||
- name: Set up bundler cache
|
||||
uses: ruby/setup-ruby@v1
|
||||
with:
|
||||
ruby-version: .ruby-version
|
||||
bundler-cache: true
|
||||
|
||||
- run: yarn --frozen-lockfile --production
|
||||
- name: Precompile assets
|
||||
# Previously had set this, but it's not supported
|
||||
# export NODE_OPTIONS=--openssl-legacy-provider
|
||||
run: |-
|
||||
./bin/rails assets:precompile
|
||||
|
||||
- uses: actions/upload-artifact@v3
|
||||
if: matrix.mode == 'test'
|
||||
with:
|
||||
path: |-
|
||||
./public/assets
|
||||
./public/packs-test
|
||||
name: ${{ github.sha }}
|
||||
retention-days: 0
|
||||
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
needs:
|
||||
- build
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:14-alpine
|
||||
env:
|
||||
POSTGRES_PASSWORD: postgres
|
||||
POSTGRES_USER: postgres
|
||||
options: >-
|
||||
--health-cmd pg_isready
|
||||
--health-interval 10s
|
||||
--health-timeout 5s
|
||||
--health-retries 5
|
||||
ports:
|
||||
- 5432:5432
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
options: >-
|
||||
--health-cmd "redis-cli ping"
|
||||
--health-interval 10s
|
||||
--health-timeout 5s
|
||||
--health-retries 5
|
||||
ports:
|
||||
- 6379:6379
|
||||
|
||||
env:
|
||||
DB_HOST: localhost
|
||||
DB_USER: postgres
|
||||
DB_PASS: postgres
|
||||
DISABLE_SIMPLECOV: true
|
||||
RAILS_ENV: test
|
||||
ALLOW_NOPAM: true
|
||||
PAM_ENABLED: true
|
||||
PAM_DEFAULT_SERVICE: pam_test
|
||||
PAM_CONTROLLED_SERVICE: pam_test_controlled
|
||||
OIDC_ENABLED: true
|
||||
OIDC_SCOPE: read
|
||||
SAML_ENABLED: true
|
||||
CAS_ENABLED: true
|
||||
BUNDLE_WITH: 'pam_authentication test'
|
||||
CI_JOBS: ${{ matrix.ci_job }}/4
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
ruby-version:
|
||||
- '.ruby-version'
|
||||
ci_job:
|
||||
- 1
|
||||
- 2
|
||||
- 3
|
||||
- 4
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
path: './public'
|
||||
name: ${{ github.sha }}
|
||||
|
||||
- name: Update package index
|
||||
run: sudo apt-get update
|
||||
|
||||
- name: Install native Ruby dependencies
|
||||
run: sudo apt-get install -y libicu-dev libidn11-dev
|
||||
|
||||
- name: Install additional system dependencies
|
||||
run: sudo apt-get install -y ffmpeg imagemagick libpam-dev
|
||||
|
||||
- name: Set up bundler cache
|
||||
uses: ruby/setup-ruby@v1
|
||||
with:
|
||||
ruby-version: ${{ matrix.ruby-version}}
|
||||
bundler-cache: true
|
||||
|
||||
- name: Load database schema
|
||||
run: './bin/rails db:create db:schema:load db:seed'
|
||||
|
||||
- run: bin/rspec
|
88
CHANGELOG.md
88
CHANGELOG.md
|
@ -3,6 +3,94 @@ Changelog
|
|||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## [4.1.17] - 2024-05-30
|
||||
|
||||
### Security
|
||||
|
||||
- Update dependencies
|
||||
- Fix private mention filtering ([GHSA-5fq7-3p3j-9vrf](https://github.com/mastodon/mastodon/security/advisories/GHSA-5fq7-3p3j-9vrf))
|
||||
- Fix password change endpoint not being rate-limited ([GHSA-q3rg-xx5v-4mxh](https://github.com/mastodon/mastodon/security/advisories/GHSA-q3rg-xx5v-4mxh))
|
||||
- Add hardening around rate-limit bypass ([GHSA-c2r5-cfqr-c553](https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553))
|
||||
|
||||
### Added
|
||||
|
||||
- Add fallback redirection when getting a webfinger query `WEB_DOMAIN@WEB_DOMAIN` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28592))
|
||||
- Add `digest` attribute to `Admin::DomainBlock` entity in REST API ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/29092))
|
||||
|
||||
### Removed
|
||||
|
||||
- Remove superfluous application-level caching in some controllers ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29862))
|
||||
|
||||
### Fixed
|
||||
|
||||
- Fix leaking Elasticsearch connections in Sidekiq processes ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30450))
|
||||
- Fix language of remote posts not being recognized when using unusual casing ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30403))
|
||||
- Fix off-by-one in `tootctl media` commands ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30306))
|
||||
- Fix removal of allowed domains (in `LIMITED_FEDERATION_MODE`) not being recorded in the audit log ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/30125))
|
||||
- Fix not being able to block a subdomain of an already-blocked domain through the API ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30119))
|
||||
- Fix `Idempotency-Key` being ignored when scheduling a post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/30084))
|
||||
- Fix crash when supplying the `FFMPEG_BINARY` environment variable ([timothyjrogers](https://github.com/mastodon/mastodon/pull/30022))
|
||||
- Fix improper email address validation ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29838))
|
||||
- Fix results/query in `api/v1/featured_tags/suggestions` ([mjankowski](https://github.com/mastodon/mastodon/pull/29597))
|
||||
- Fix unblocking internationalized domain names under certain conditions ([tribela](https://github.com/mastodon/mastodon/pull/29530))
|
||||
- Fix admin account created by `mastodon:setup` not being auto-approved ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29379))
|
||||
- Fix reference to non-existent var in CLI maintenance command ([mjankowski](https://github.com/mastodon/mastodon/pull/28363))
|
||||
|
||||
## [4.1.16] - 2024-02-23
|
||||
|
||||
### Added
|
||||
|
||||
- Add hourly task to automatically require approval for new registrations in the absence of moderators ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29318), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/29355))
|
||||
In order to prevent future abandoned Mastodon servers from being used for spam, harassment and other malicious activity, Mastodon will now automatically switch new user registrations to require moderator approval whenever they are left open and no activity (including non-moderation actions from apps) from any logged-in user with permission to access moderation reports has been detected in a full week.
|
||||
When this happens, users with the permission to change server settings will receive an email notification.
|
||||
This feature is disabled when `EMAIL_DOMAIN_ALLOWLIST` is used, and can also be disabled with `DISABLE_AUTOMATIC_SWITCHING_TO_APPROVED_REGISTRATIONS=true`.
|
||||
|
||||
### Changed
|
||||
|
||||
- Change registrations to be closed by default on new installations ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29280))
|
||||
If you are running a server and never changed your registrations mode from the default, updating will automatically close your registrations.
|
||||
Simply re-enable them through the administration interface or using `tootctl settings registrations open` if you want to enable them again.
|
||||
|
||||
### Fixed
|
||||
|
||||
- Fix processing of remote ActivityPub actors making use of `Link` objects as `Image` `url` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29335))
|
||||
- Fix link verifications when page size exceeds 1MB ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29358))
|
||||
|
||||
## [4.1.15] - 2024-02-16
|
||||
|
||||
### Fixed
|
||||
|
||||
- Fix OmniAuth tests and edge cases in error handling ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29201), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/29207))
|
||||
|
||||
### Security
|
||||
|
||||
- Fix insufficient checking of remote posts ([GHSA-jhrq-qvrm-qr36](https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36))
|
||||
|
||||
## [4.1.14] - 2024-02-14
|
||||
|
||||
### Security
|
||||
|
||||
- Update the `sidekiq-unique-jobs` dependency (see [GHSA-cmh9-rx85-xj38](https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38))
|
||||
In addition, we have disabled the web interface for `sidekiq-unique-jobs` out of caution.
|
||||
If you need it, you can re-enable it by setting `ENABLE_SIDEKIQ_UNIQUE_JOBS_UI=true`.
|
||||
If you only need to clear all locks, you can now use `bundle exec rake sidekiq_unique_jobs:delete_all_locks`.
|
||||
- Update the `nokogiri` dependency (see [GHSA-xc9x-jj77-9p9j](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j))
|
||||
- Disable administrative Doorkeeper routes ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/29187))
|
||||
- Fix ongoing streaming sessions not being invalidated when applications get deleted in some cases ([GHSA-7w3c-p9j8-mq3x](https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x))
|
||||
In some rare cases, the streaming server was not notified of access tokens revocation on application deletion.
|
||||
- Change external authentication behavior to never reattach a new identity to an existing user by default ([GHSA-vm39-j3vx-pch3](https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3))
|
||||
Up until now, Mastodon has allowed new identities from external authentication providers to attach to an existing local user based on their verified e-mail address.
|
||||
This allowed upgrading users from a database-stored password to an external authentication provider, or move from one authentication provider to another.
|
||||
However, this behavior may be unexpected, and means that when multiple authentication providers are configured, the overall security would be that of the least secure authentication provider.
|
||||
For these reasons, this behavior is now locked under the `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH` environment variable.
|
||||
In addition, regardless of this environment variable, Mastodon will refuse to attach two identities from the same authentication provider to the same account.
|
||||
|
||||
## [4.1.13] - 2024-02-01
|
||||
|
||||
### Security
|
||||
|
||||
- Fix insufficient origin validation (CVE-2024-23832, [GHSA-3fjr-858r-92rw](https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw))
|
||||
|
||||
## [4.1.12] - 2024-01-24
|
||||
|
||||
### Fixed
|
||||
|
|
1
Gemfile
1
Gemfile
|
@ -158,3 +158,4 @@ gem 'concurrent-ruby', require: false
|
|||
gem 'connection_pool', require: false
|
||||
gem 'xorcist', '~> 1.1'
|
||||
gem 'cocoon', '~> 1.2'
|
||||
gem 'mail', '~> 2.8'
|
||||
|
|
141
Gemfile.lock
141
Gemfile.lock
|
@ -10,40 +10,40 @@ GIT
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
actioncable (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
actioncable (6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
nio4r (~> 2.0)
|
||||
websocket-driver (>= 0.6.1)
|
||||
actionmailbox (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
activejob (= 6.1.7.6)
|
||||
activerecord (= 6.1.7.6)
|
||||
activestorage (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
actionmailbox (6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
activejob (= 6.1.7.7)
|
||||
activerecord (= 6.1.7.7)
|
||||
activestorage (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
mail (>= 2.7.1)
|
||||
actionmailer (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
actionview (= 6.1.7.6)
|
||||
activejob (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
actionmailer (6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
actionview (= 6.1.7.7)
|
||||
activejob (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
mail (~> 2.5, >= 2.5.4)
|
||||
rails-dom-testing (~> 2.0)
|
||||
actionpack (6.1.7.6)
|
||||
actionview (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
actionpack (6.1.7.7)
|
||||
actionview (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
rack (~> 2.0, >= 2.0.9)
|
||||
rack-test (>= 0.6.3)
|
||||
rails-dom-testing (~> 2.0)
|
||||
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
||||
actiontext (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
activerecord (= 6.1.7.6)
|
||||
activestorage (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
actiontext (6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
activerecord (= 6.1.7.7)
|
||||
activestorage (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
nokogiri (>= 1.8.5)
|
||||
actionview (6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
actionview (6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
builder (~> 3.1)
|
||||
erubi (~> 1.4)
|
||||
rails-dom-testing (~> 2.0)
|
||||
|
@ -54,22 +54,22 @@ GEM
|
|||
case_transform (>= 0.2)
|
||||
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
|
||||
active_record_query_trace (1.8)
|
||||
activejob (6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
activejob (6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
globalid (>= 0.3.6)
|
||||
activemodel (6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
activerecord (6.1.7.6)
|
||||
activemodel (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
activestorage (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
activejob (= 6.1.7.6)
|
||||
activerecord (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
activemodel (6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
activerecord (6.1.7.7)
|
||||
activemodel (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
activestorage (6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
activejob (= 6.1.7.7)
|
||||
activerecord (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
marcel (~> 1.0)
|
||||
mini_mime (>= 1.1.0)
|
||||
activesupport (6.1.7.6)
|
||||
activesupport (6.1.7.7)
|
||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||
i18n (>= 1.6, < 2)
|
||||
minitest (>= 5.1)
|
||||
|
@ -173,7 +173,7 @@ GEM
|
|||
cocoon (1.2.15)
|
||||
coderay (1.1.3)
|
||||
color_diff (0.1)
|
||||
concurrent-ruby (1.2.2)
|
||||
concurrent-ruby (1.2.3)
|
||||
connection_pool (2.3.0)
|
||||
cose (1.2.1)
|
||||
cbor (~> 0.5.9)
|
||||
|
@ -183,7 +183,7 @@ GEM
|
|||
crass (1.0.6)
|
||||
css_parser (1.12.0)
|
||||
addressable
|
||||
date (3.3.3)
|
||||
date (3.3.4)
|
||||
debug_inspector (1.0.0)
|
||||
devise (4.8.1)
|
||||
bcrypt (~> 3.0)
|
||||
|
@ -330,7 +330,7 @@ GEM
|
|||
jmespath (1.6.2)
|
||||
json (2.6.3)
|
||||
json-canonicalization (0.3.0)
|
||||
json-jwt (1.15.3)
|
||||
json-jwt (1.15.3.1)
|
||||
activesupport (>= 4.2)
|
||||
aes_key_wrap
|
||||
bindata
|
||||
|
@ -405,7 +405,7 @@ GEM
|
|||
mime-types-data (~> 3.2015)
|
||||
mime-types-data (3.2022.0105)
|
||||
mini_mime (1.1.5)
|
||||
mini_portile2 (2.8.4)
|
||||
mini_portile2 (2.8.5)
|
||||
minitest (5.17.0)
|
||||
msgpack (1.6.0)
|
||||
multi_json (1.15.0)
|
||||
|
@ -416,16 +416,16 @@ GEM
|
|||
net-ldap (0.17.1)
|
||||
net-pop (0.1.2)
|
||||
net-protocol
|
||||
net-protocol (0.2.1)
|
||||
net-protocol (0.2.2)
|
||||
timeout
|
||||
net-scp (4.0.0.rc1)
|
||||
net-ssh (>= 2.6.5, < 8.0.0)
|
||||
net-smtp (0.3.3)
|
||||
net-smtp (0.3.4)
|
||||
net-protocol
|
||||
net-ssh (7.0.1)
|
||||
nio4r (2.5.9)
|
||||
nokogiri (1.14.5)
|
||||
mini_portile2 (~> 2.8.0)
|
||||
nokogiri (1.16.5)
|
||||
mini_portile2 (~> 2.8.2)
|
||||
racc (~> 1.4)
|
||||
nsa (0.2.8)
|
||||
activesupport (>= 4.2, < 7)
|
||||
|
@ -468,7 +468,7 @@ GEM
|
|||
parslet (2.0.0)
|
||||
pastel (0.8.0)
|
||||
tty-color (~> 0.5)
|
||||
pg (1.4.5)
|
||||
pg (1.4.6)
|
||||
pghero (3.1.0)
|
||||
activerecord (>= 6)
|
||||
pkg-config (1.5.1)
|
||||
|
@ -491,13 +491,13 @@ GEM
|
|||
pry-rails (0.3.9)
|
||||
pry (>= 0.10.4)
|
||||
public_suffix (5.0.1)
|
||||
puma (5.6.7)
|
||||
puma (5.6.8)
|
||||
nio4r (~> 2.0)
|
||||
pundit (2.3.0)
|
||||
activesupport (>= 3.0.0)
|
||||
raabro (1.4.0)
|
||||
racc (1.6.2)
|
||||
rack (2.2.8)
|
||||
racc (1.7.3)
|
||||
rack (2.2.8.1)
|
||||
rack-attack (6.6.1)
|
||||
rack (>= 1.0, < 3)
|
||||
rack-cors (1.1.1)
|
||||
|
@ -512,20 +512,20 @@ GEM
|
|||
rack
|
||||
rack-test (2.0.2)
|
||||
rack (>= 1.3)
|
||||
rails (6.1.7.6)
|
||||
actioncable (= 6.1.7.6)
|
||||
actionmailbox (= 6.1.7.6)
|
||||
actionmailer (= 6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
actiontext (= 6.1.7.6)
|
||||
actionview (= 6.1.7.6)
|
||||
activejob (= 6.1.7.6)
|
||||
activemodel (= 6.1.7.6)
|
||||
activerecord (= 6.1.7.6)
|
||||
activestorage (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
rails (6.1.7.7)
|
||||
actioncable (= 6.1.7.7)
|
||||
actionmailbox (= 6.1.7.7)
|
||||
actionmailer (= 6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
actiontext (= 6.1.7.7)
|
||||
actionview (= 6.1.7.7)
|
||||
activejob (= 6.1.7.7)
|
||||
activemodel (= 6.1.7.7)
|
||||
activerecord (= 6.1.7.7)
|
||||
activestorage (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
bundler (>= 1.15.0)
|
||||
railties (= 6.1.7.6)
|
||||
railties (= 6.1.7.7)
|
||||
sprockets-rails (>= 2.0.0)
|
||||
rails-controller-testing (1.0.5)
|
||||
actionpack (>= 5.0.1.rc1)
|
||||
|
@ -541,9 +541,9 @@ GEM
|
|||
railties (>= 6.0.0, < 7)
|
||||
rails-settings-cached (0.6.6)
|
||||
rails (>= 4.2.0)
|
||||
railties (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
railties (6.1.7.7)
|
||||
actionpack (= 6.1.7.7)
|
||||
activesupport (= 6.1.7.7)
|
||||
method_source
|
||||
rake (>= 12.2)
|
||||
thor (~> 1.0)
|
||||
|
@ -565,7 +565,8 @@ GEM
|
|||
responders (3.0.1)
|
||||
actionpack (>= 5.0)
|
||||
railties (>= 5.0)
|
||||
rexml (3.2.5)
|
||||
rexml (3.2.8)
|
||||
strscan (>= 3.0.9)
|
||||
rotp (6.2.0)
|
||||
rpam2 (4.0.2)
|
||||
rqrcode (2.1.2)
|
||||
|
@ -634,7 +635,7 @@ GEM
|
|||
activerecord (>= 4.0.0)
|
||||
railties (>= 4.0.0)
|
||||
semantic_range (3.0.0)
|
||||
sidekiq (6.5.11)
|
||||
sidekiq (6.5.12)
|
||||
connection_pool (>= 2.2.5, < 3)
|
||||
rack (~> 2.0)
|
||||
redis (>= 4.5.0, < 5)
|
||||
|
@ -645,7 +646,7 @@ GEM
|
|||
rufus-scheduler (~> 3.2)
|
||||
sidekiq (>= 4, < 7)
|
||||
tilt (>= 1.4.0)
|
||||
sidekiq-unique-jobs (7.1.29)
|
||||
sidekiq-unique-jobs (7.1.33)
|
||||
brpoplpush-redis_script (> 0.1.1, <= 2.0.0)
|
||||
concurrent-ruby (~> 1.0, >= 1.0.5)
|
||||
redis (< 5.0)
|
||||
|
@ -679,6 +680,7 @@ GEM
|
|||
redlock (~> 1.0)
|
||||
strong_migrations (0.7.9)
|
||||
activerecord (>= 5)
|
||||
strscan (3.1.0)
|
||||
swd (1.3.0)
|
||||
activesupport (>= 3)
|
||||
attr_required (>= 0.0.5)
|
||||
|
@ -753,7 +755,7 @@ GEM
|
|||
xorcist (1.1.3)
|
||||
xpath (3.2.0)
|
||||
nokogiri (~> 1.8)
|
||||
zeitwerk (2.6.12)
|
||||
zeitwerk (2.6.13)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
|
@ -816,6 +818,7 @@ DEPENDENCIES
|
|||
letter_opener_web (~> 2.0)
|
||||
link_header (~> 0.0)
|
||||
lograge (~> 0.12)
|
||||
mail (~> 2.8)
|
||||
makara (~> 0.5)
|
||||
mario-redis-lock (~> 1.2)
|
||||
memory_profiler
|
||||
|
|
|
@ -14,6 +14,4 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
|
|||
| ------- | ---------------- |
|
||||
| 4.2.x | Yes |
|
||||
| 4.1.x | Yes |
|
||||
| 4.0.x | No |
|
||||
| 3.5.x | Until 2023-12-31 |
|
||||
| < 3.5 | No |
|
||||
| < 4.1 | No |
|
||||
|
|
|
@ -25,6 +25,8 @@ class Admin::DomainAllowsController < Admin::BaseController
|
|||
def destroy
|
||||
authorize @domain_allow, :destroy?
|
||||
UnallowDomainService.new.call(@domain_allow)
|
||||
log_action :destroy, @domain_allow
|
||||
|
||||
redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
|
||||
end
|
||||
|
||||
|
|
|
@ -19,10 +19,11 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
|
|||
def create
|
||||
authorize :domain_block, :create?
|
||||
|
||||
@domain_block = DomainBlock.new(resource_params)
|
||||
existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
|
||||
return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if existing_domain_block.present?
|
||||
return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if conflicts_with_existing_block?(@domain_block, existing_domain_block)
|
||||
|
||||
@domain_block = DomainBlock.create!(resource_params)
|
||||
@domain_block.save!
|
||||
DomainBlockWorker.perform_async(@domain_block.id)
|
||||
log_action :create, @domain_block
|
||||
render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
|
||||
|
@ -55,6 +56,10 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
|
|||
|
||||
private
|
||||
|
||||
def conflicts_with_existing_block?(domain_block, existing_domain_block)
|
||||
existing_domain_block.present? && (existing_domain_block.domain == TagManager.instance.normalize_domain(domain_block.domain) || !domain_block.stricter_than?(existing_domain_block))
|
||||
end
|
||||
|
||||
def set_domain_blocks
|
||||
@domain_blocks = filtered_domain_blocks.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
|
||||
end
|
||||
|
|
|
@ -12,6 +12,10 @@ class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
|
|||
private
|
||||
|
||||
def set_recently_used_tags
|
||||
@recently_used_tags = Tag.recently_used(current_account).where.not(id: current_account.featured_tags).limit(10)
|
||||
@recently_used_tags = Tag.recently_used(current_account).where.not(id: featured_tag_ids).limit(10)
|
||||
end
|
||||
|
||||
def featured_tag_ids
|
||||
current_account.featured_tags.pluck(:tag_id)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|||
|
||||
def self.provides_callback_for(provider)
|
||||
define_method provider do
|
||||
@user = User.find_for_oauth(request.env['omniauth.auth'], current_user)
|
||||
@user = User.find_for_omniauth(request.env['omniauth.auth'], current_user)
|
||||
|
||||
if @user.persisted?
|
||||
LoginActivity.create(
|
||||
|
@ -24,6 +24,9 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|||
session["devise.#{provider}_data"] = request.env['omniauth.auth']
|
||||
redirect_to new_user_registration_url
|
||||
end
|
||||
rescue ActiveRecord::RecordInvalid
|
||||
flash[:alert] = I18n.t('devise.failure.omniauth_user_creation_failure') if is_navigational_format?
|
||||
redirect_to new_user_session_url
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -28,29 +28,19 @@ module CacheConcern
|
|||
response.headers['Vary'] = public_fetch_mode? ? 'Accept' : 'Accept, Signature'
|
||||
end
|
||||
|
||||
# TODO: Rename this method, as it does not perform any caching anymore.
|
||||
def cache_collection(raw, klass)
|
||||
return raw unless klass.respond_to?(:with_includes)
|
||||
return raw unless klass.respond_to?(:preload_cacheable_associations)
|
||||
|
||||
raw = raw.cache_ids.to_a if raw.is_a?(ActiveRecord::Relation)
|
||||
return [] if raw.empty?
|
||||
records = raw.to_a
|
||||
|
||||
cached_keys_with_value = Rails.cache.read_multi(*raw).transform_keys(&:id)
|
||||
uncached_ids = raw.map(&:id) - cached_keys_with_value.keys
|
||||
klass.preload_cacheable_associations(records)
|
||||
|
||||
klass.reload_stale_associations!(cached_keys_with_value.values) if klass.respond_to?(:reload_stale_associations!)
|
||||
|
||||
unless uncached_ids.empty?
|
||||
uncached = klass.where(id: uncached_ids).with_includes.index_by(&:id)
|
||||
|
||||
uncached.each_value do |item|
|
||||
Rails.cache.write(item, item)
|
||||
end
|
||||
end
|
||||
|
||||
raw.filter_map { |item| cached_keys_with_value[item.id] || uncached[item.id] }
|
||||
records
|
||||
end
|
||||
|
||||
# TODO: Rename this method, as it does not perform any caching anymore.
|
||||
def cache_collection_paginated_by_id(raw, klass, limit, options)
|
||||
cache_collection raw.cache_ids.to_a_paginated_by_id(limit, options), klass
|
||||
cache_collection raw.to_a_paginated_by_id(limit, options), klass
|
||||
end
|
||||
end
|
||||
|
|
|
@ -263,7 +263,7 @@ module SignatureVerification
|
|||
stoplight_wrap_request { ResolveAccountService.new.call(key_id.gsub(/\Aacct:/, ''), suppress_errors: false) }
|
||||
elsif !ActivityPub::TagManager.instance.local_uri?(key_id)
|
||||
account = ActivityPub::TagManager.instance.uri_to_actor(key_id)
|
||||
account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false, suppress_errors: false) }
|
||||
account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) }
|
||||
account
|
||||
end
|
||||
rescue Mastodon::PrivateNetworkAddressError => e
|
||||
|
|
|
@ -20,7 +20,7 @@ module WellKnown
|
|||
def set_account
|
||||
username = username_from_resource
|
||||
@account = begin
|
||||
if username == Rails.configuration.x.local_domain
|
||||
if username == Rails.configuration.x.local_domain || username == Rails.configuration.x.web_domain
|
||||
Account.representative
|
||||
else
|
||||
Account.find_local!(username)
|
||||
|
|
|
@ -157,8 +157,8 @@ module JsonLdHelper
|
|||
end
|
||||
end
|
||||
|
||||
def fetch_resource(uri, id, on_behalf_of = nil, request_options: {})
|
||||
unless id
|
||||
def fetch_resource(uri, id_is_known, on_behalf_of = nil, request_options: {})
|
||||
unless id_is_known
|
||||
json = fetch_resource_without_id_validation(uri, on_behalf_of)
|
||||
|
||||
return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id'])
|
||||
|
@ -176,7 +176,19 @@ module JsonLdHelper
|
|||
build_request(uri, on_behalf_of, options: request_options).perform do |response|
|
||||
raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response) || !raise_on_temporary_error
|
||||
|
||||
body_to_json(response.body_with_limit) if response.code == 200
|
||||
body_to_json(response.body_with_limit) if response.code == 200 && valid_activitypub_content_type?(response)
|
||||
end
|
||||
end
|
||||
|
||||
def valid_activitypub_content_type?(response)
|
||||
return true if response.mime_type == 'application/activity+json'
|
||||
|
||||
# When the mime type is `application/ld+json`, we need to check the profile,
|
||||
# but `http.rb` does not parse it for us.
|
||||
return false unless response.mime_type == 'application/ld+json'
|
||||
|
||||
response.headers[HTTP::Headers::CONTENT_TYPE]&.split(';')&.map(&:strip)&.any? do |str|
|
||||
str.start_with?('profile="') && str[9...-1].split.include?('https://www.w3.org/ns/activitystreams')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -153,7 +153,8 @@ class ActivityPub::Activity
|
|||
def fetch_remote_original_status
|
||||
if object_uri.start_with?('http')
|
||||
return if ActivityPub::TagManager.instance.local_uri?(object_uri)
|
||||
ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
|
||||
|
||||
ActivityPub::FetchRemoteStatusService.new.call(object_uri, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
|
||||
elsif @object['url'].present?
|
||||
::FetchRemoteStatusService.new.call(@object['url'], request_id: @options[:request_id])
|
||||
end
|
||||
|
|
|
@ -19,7 +19,7 @@ class ActivityPub::LinkedDataSignature
|
|||
return unless type == 'RsaSignature2017'
|
||||
|
||||
creator = ActivityPub::TagManager.instance.uri_to_actor(creator_uri)
|
||||
creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri, id: false) if creator&.public_key.blank?
|
||||
creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri) if creator&.public_key.blank?
|
||||
|
||||
return if creator.nil?
|
||||
|
||||
|
|
|
@ -3,6 +3,8 @@
|
|||
class ActivityPub::Parser::StatusParser
|
||||
include JsonLdHelper
|
||||
|
||||
NORMALIZED_LOCALE_NAMES = LanguagesHelper::SUPPORTED_LOCALES.keys.index_by(&:downcase).freeze
|
||||
|
||||
# @param [Hash] json
|
||||
# @param [Hash] magic_values
|
||||
# @option magic_values [String] :followers_collection
|
||||
|
@ -86,6 +88,13 @@ class ActivityPub::Parser::StatusParser
|
|||
end
|
||||
|
||||
def language
|
||||
lang = raw_language_code
|
||||
lang.presence && NORMALIZED_LOCALE_NAMES.fetch(lang.downcase.to_sym, lang)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def raw_language_code
|
||||
if content_language_map?
|
||||
@object['contentMap'].keys.first
|
||||
elsif name_language_map?
|
||||
|
@ -95,8 +104,6 @@ class ActivityPub::Parser::StatusParser
|
|||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def audience_to
|
||||
as_array(@object['to'] || @json['to']).map { |x| value_or_id(x) }
|
||||
end
|
||||
|
|
|
@ -4,12 +4,32 @@ module ApplicationExtension
|
|||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
include Redisable
|
||||
|
||||
validates :name, length: { maximum: 60 }
|
||||
validates :website, url: true, length: { maximum: 2_000 }, if: :website?
|
||||
validates :redirect_uri, length: { maximum: 2_000 }
|
||||
|
||||
# The relationship used between Applications and AccessTokens is using
|
||||
# dependent: delete_all, which means the ActiveRecord callback in
|
||||
# AccessTokenExtension is not run, so instead we manually announce to
|
||||
# streaming that these tokens are being deleted.
|
||||
before_destroy :push_to_streaming_api, prepend: true
|
||||
end
|
||||
|
||||
def confirmation_redirect_uri
|
||||
redirect_uri.lines.first.strip
|
||||
end
|
||||
|
||||
def push_to_streaming_api
|
||||
# TODO: #28793 Combine into a single topic
|
||||
payload = Oj.dump(event: :kill)
|
||||
access_tokens.in_batches do |tokens|
|
||||
redis.pipelined do |pipeline|
|
||||
tokens.ids.each do |id|
|
||||
pipeline.publish("timeline:access_token:#{id}", payload)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -22,7 +22,7 @@ class VideoMetadataExtractor
|
|||
private
|
||||
|
||||
def ffmpeg_command_output
|
||||
command = Terrapin::CommandLine.new('ffprobe', '-i :path -print_format :format -show_format -show_streams -show_error -loglevel :loglevel')
|
||||
command = Terrapin::CommandLine.new(Rails.configuration.x.ffprobe_binary, '-i :path -print_format :format -show_format -show_streams -show_error -loglevel :loglevel')
|
||||
command.run(path: @path, format: 'json', loglevel: 'fatal')
|
||||
end
|
||||
|
||||
|
|
|
@ -47,4 +47,13 @@ class AdminMailer < ApplicationMailer
|
|||
mail to: @me.user_email, subject: I18n.t('admin_mailer.new_trends.subject', instance: @instance)
|
||||
end
|
||||
end
|
||||
|
||||
def auto_close_registrations(recipient)
|
||||
@me = recipient
|
||||
@instance = Rails.configuration.x.local_domain
|
||||
|
||||
locale_for_account(@me) do
|
||||
mail to: @me.user_email, subject: I18n.t('admin_mailer.auto_close_registrations.subject', instance: @instance)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -187,7 +187,7 @@ module AccountInteractions
|
|||
end
|
||||
|
||||
def unblock_domain!(other_domain)
|
||||
block = domain_blocks.find_by(domain: other_domain)
|
||||
block = domain_blocks.find_by(domain: normalized_domain(other_domain))
|
||||
block&.destroy
|
||||
end
|
||||
|
||||
|
@ -299,4 +299,8 @@ module AccountInteractions
|
|||
def remove_potential_friendship(other_account)
|
||||
PotentialFriendshipTracker.remove(id, other_account.id)
|
||||
end
|
||||
|
||||
def normalized_domain(domain)
|
||||
TagManager.instance.normalize_domain(domain)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -14,6 +14,10 @@ module Cacheable
|
|||
includes(@cache_associated)
|
||||
end
|
||||
|
||||
def preload_cacheable_associations(records)
|
||||
ActiveRecord::Associations::Preloader.new.preload(records, @cache_associated)
|
||||
end
|
||||
|
||||
def cache_ids
|
||||
select(:id, :updated_at)
|
||||
end
|
||||
|
|
|
@ -19,17 +19,18 @@ module Omniauthable
|
|||
end
|
||||
|
||||
class_methods do
|
||||
def find_for_oauth(auth, signed_in_resource = nil)
|
||||
def find_for_omniauth(auth, signed_in_resource = nil)
|
||||
# EOLE-SSO Patch
|
||||
auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array
|
||||
identity = Identity.find_for_oauth(auth)
|
||||
identity = Identity.find_for_omniauth(auth)
|
||||
|
||||
# If a signed_in_resource is provided it always overrides the existing user
|
||||
# to prevent the identity being locked with accidentally created accounts.
|
||||
# Note that this may leave zombie accounts (with no associated identity) which
|
||||
# can be cleaned up at a later date.
|
||||
user = signed_in_resource || identity.user
|
||||
user ||= create_for_oauth(auth)
|
||||
user ||= reattach_for_auth(auth)
|
||||
user ||= create_for_auth(auth)
|
||||
|
||||
if identity.user.nil?
|
||||
identity.user = user
|
||||
|
@ -39,19 +40,35 @@ module Omniauthable
|
|||
user
|
||||
end
|
||||
|
||||
def create_for_oauth(auth)
|
||||
# Check if the user exists with provided email. If no email was provided,
|
||||
private
|
||||
|
||||
def reattach_for_auth(auth)
|
||||
# If allowed, check if a user exists with the provided email address,
|
||||
# and return it if they does not have an associated identity with the
|
||||
# current authentication provider.
|
||||
|
||||
# This can be used to provide a choice of alternative auth providers
|
||||
# or provide smooth gradual transition between multiple auth providers,
|
||||
# but this is discouraged because any insecure provider will put *all*
|
||||
# local users at risk, regardless of which provider they registered with.
|
||||
|
||||
return unless ENV['ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH'] == 'true'
|
||||
|
||||
email, email_is_verified = email_from_auth(auth)
|
||||
return unless email_is_verified
|
||||
|
||||
user = User.find_by(email: email)
|
||||
return if user.nil? || Identity.exists?(provider: auth.provider, user_id: user.id)
|
||||
|
||||
user
|
||||
end
|
||||
|
||||
def create_for_auth(auth)
|
||||
# Create a user for the given auth params. If no email was provided,
|
||||
# we assign a temporary email and ask the user to verify it on
|
||||
# the next step via Auth::SetupController.show
|
||||
|
||||
strategy = Devise.omniauth_configs[auth.provider.to_sym].strategy
|
||||
assume_verified = strategy&.security&.assume_email_is_verified
|
||||
email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified
|
||||
email = auth.info.verified_email || auth.info.email
|
||||
|
||||
user = User.find_by(email: email) if email_is_verified
|
||||
|
||||
return user unless user.nil?
|
||||
email, email_is_verified = email_from_auth(auth)
|
||||
|
||||
user = User.new(user_params_from_auth(email, auth))
|
||||
|
||||
|
@ -68,7 +85,14 @@ module Omniauthable
|
|||
user
|
||||
end
|
||||
|
||||
private
|
||||
def email_from_auth(auth)
|
||||
strategy = Devise.omniauth_configs[auth.provider.to_sym].strategy
|
||||
assume_verified = strategy&.security&.assume_email_is_verified
|
||||
email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified
|
||||
email = auth.info.verified_email || auth.info.email
|
||||
|
||||
[email, email_is_verified]
|
||||
end
|
||||
|
||||
def user_params_from_auth(email, auth)
|
||||
{
|
||||
|
|
|
@ -28,7 +28,7 @@ class Feed
|
|||
unhydrated = redis.zrangebyscore(key, "(#{min_id}", "(#{max_id}", limit: [0, limit], with_scores: true).map(&:first).map(&:to_i)
|
||||
end
|
||||
|
||||
Status.where(id: unhydrated).cache_ids
|
||||
Status.where(id: unhydrated)
|
||||
end
|
||||
|
||||
def key
|
||||
|
|
|
@ -16,7 +16,7 @@ class Identity < ApplicationRecord
|
|||
validates :uid, presence: true, uniqueness: { scope: :provider }
|
||||
validates :provider, presence: true
|
||||
|
||||
def self.find_for_oauth(auth)
|
||||
def self.find_for_omniauth(auth)
|
||||
find_or_create_by(uid: auth.uid, provider: auth.provider)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -29,7 +29,7 @@ class PublicFeed
|
|||
scope.merge!(media_only_scope) if media_only?
|
||||
scope.merge!(language_scope) if account&.chosen_languages.present?
|
||||
|
||||
scope.cache_ids.to_a_paginated_by_id(limit, max_id: max_id, since_id: since_id, min_id: min_id)
|
||||
scope.to_a_paginated_by_id(limit, max_id: max_id, since_id: since_id, min_id: min_id)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -344,38 +344,6 @@ class Status < ApplicationRecord
|
|||
StatusPin.select('status_id').where(status_id: status_ids).where(account_id: account_id).each_with_object({}) { |p, h| h[p.status_id] = true }
|
||||
end
|
||||
|
||||
def reload_stale_associations!(cached_items)
|
||||
account_ids = []
|
||||
|
||||
cached_items.each do |item|
|
||||
account_ids << item.account_id
|
||||
account_ids << item.reblog.account_id if item.reblog?
|
||||
end
|
||||
|
||||
account_ids.uniq!
|
||||
|
||||
status_ids = cached_items.map { |item| item.reblog? ? item.reblog_of_id : item.id }.uniq
|
||||
|
||||
return if account_ids.empty?
|
||||
|
||||
accounts = Account.where(id: account_ids).includes(:account_stat, :user).index_by(&:id)
|
||||
|
||||
status_stats = StatusStat.where(status_id: status_ids).index_by(&:status_id)
|
||||
|
||||
cached_items.each do |item|
|
||||
item.account = accounts[item.account_id]
|
||||
item.reblog.account = accounts[item.reblog.account_id] if item.reblog?
|
||||
|
||||
if item.reblog?
|
||||
status_stat = status_stats[item.reblog.id]
|
||||
item.reblog.status_stat = status_stat if status_stat.present?
|
||||
else
|
||||
status_stat = status_stats[item.id]
|
||||
item.status_stat = status_stat if status_stat.present?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def from_text(text)
|
||||
return [] if text.blank?
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ class TagFeed < PublicFeed
|
|||
scope.merge!(account_filters_scope) if account?
|
||||
scope.merge!(media_only_scope) if media_only?
|
||||
|
||||
scope.cache_ids.to_a_paginated_by_id(limit, max_id: max_id, since_id: since_id, min_id: min_id)
|
||||
scope.to_a_paginated_by_id(limit, max_id: max_id, since_id: since_id, min_id: min_id)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -94,6 +94,9 @@ class User < ApplicationRecord
|
|||
validates :invite_request, presence: true, on: :create, if: :invite_text_required?
|
||||
|
||||
validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
|
||||
|
||||
validates :email, presence: true, email_address: true
|
||||
|
||||
validates_with BlacklistedEmailValidator, if: -> { ENV['EMAIL_DOMAIN_LISTS_APPLY_AFTER_CONFIRMATION'] == 'true' || !confirmed? }
|
||||
validates_with EmailMxValidator, if: :validate_email_dns?
|
||||
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
|
||||
|
@ -399,6 +402,16 @@ class User < ApplicationRecord
|
|||
Doorkeeper::AccessToken.by_resource_owner(self).in_batches do |batch|
|
||||
batch.update_all(revoked_at: Time.now.utc)
|
||||
Web::PushSubscription.where(access_token_id: batch).delete_all
|
||||
|
||||
# Revoke each access token for the Streaming API, since `update_all``
|
||||
# doesn't trigger ActiveRecord Callbacks:
|
||||
# TODO: #28793 Combine into a single topic
|
||||
payload = Oj.dump(event: :kill)
|
||||
redis.pipelined do |pipeline|
|
||||
batch.ids.each do |id|
|
||||
pipeline.publish("timeline:access_token:#{id}", payload)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class REST::Admin::DomainBlockSerializer < ActiveModel::Serializer
|
||||
attributes :id, :domain, :created_at, :severity,
|
||||
attributes :id, :domain, :digest, :created_at, :severity,
|
||||
:reject_media, :reject_reports,
|
||||
:private_comment, :public_comment, :obfuscate
|
||||
|
||||
def id
|
||||
object.id.to_s
|
||||
end
|
||||
|
||||
def digest
|
||||
object.domain_digest
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
class ActivityPub::FetchRemoteAccountService < ActivityPub::FetchRemoteActorService
|
||||
# Does a WebFinger roundtrip on each call, unless `only_key` is true
|
||||
def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
|
||||
def call(uri, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
|
||||
actor = super
|
||||
return actor if actor.nil? || actor.is_a?(Account)
|
||||
|
||||
|
|
|
@ -10,15 +10,15 @@ class ActivityPub::FetchRemoteActorService < BaseService
|
|||
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
|
||||
|
||||
# Does a WebFinger roundtrip on each call, unless `only_key` is true
|
||||
def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
|
||||
def call(uri, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
|
||||
return if domain_not_allowed?(uri)
|
||||
return ActivityPub::TagManager.instance.uri_to_actor(uri) if ActivityPub::TagManager.instance.local_uri?(uri)
|
||||
|
||||
@json = begin
|
||||
if prefetched_body.nil?
|
||||
fetch_resource(uri, id)
|
||||
fetch_resource(uri, true)
|
||||
else
|
||||
body_to_json(prefetched_body, compare_id: id ? uri : nil)
|
||||
body_to_json(prefetched_body, compare_id: uri)
|
||||
end
|
||||
rescue Oj::ParseError
|
||||
raise Error, "Error parsing JSON-LD document #{uri}"
|
||||
|
|
|
@ -6,23 +6,10 @@ class ActivityPub::FetchRemoteKeyService < BaseService
|
|||
class Error < StandardError; end
|
||||
|
||||
# Returns actor that owns the key
|
||||
def call(uri, id: true, prefetched_body: nil, suppress_errors: true)
|
||||
def call(uri, suppress_errors: true)
|
||||
raise Error, 'No key URI given' if uri.blank?
|
||||
|
||||
if prefetched_body.nil?
|
||||
if id
|
||||
@json = fetch_resource_without_id_validation(uri)
|
||||
if actor_type?
|
||||
@json = fetch_resource(@json['id'], true)
|
||||
elsif uri != @json['id']
|
||||
raise Error, "Fetched URI #{uri} has wrong id #{@json['id']}"
|
||||
end
|
||||
else
|
||||
@json = fetch_resource(uri, id)
|
||||
end
|
||||
else
|
||||
@json = body_to_json(prefetched_body, compare_id: id ? uri : nil)
|
||||
end
|
||||
@json = fetch_resource(uri, false)
|
||||
|
||||
raise Error, "Unable to fetch key JSON at #{uri}" if @json.nil?
|
||||
raise Error, "Unsupported JSON-LD context for document #{uri}" unless supported_context?(@json)
|
||||
|
|
|
@ -7,13 +7,13 @@ class ActivityPub::FetchRemoteStatusService < BaseService
|
|||
DISCOVERIES_PER_REQUEST = 1000
|
||||
|
||||
# Should be called when uri has already been checked for locality
|
||||
def call(uri, id: true, prefetched_body: nil, on_behalf_of: nil, expected_actor_uri: nil, request_id: nil)
|
||||
def call(uri, prefetched_body: nil, on_behalf_of: nil, expected_actor_uri: nil, request_id: nil)
|
||||
@request_id = request_id || "#{Time.now.utc.to_i}-status-#{uri}"
|
||||
@json = begin
|
||||
if prefetched_body.nil?
|
||||
fetch_resource(uri, id, on_behalf_of)
|
||||
fetch_resource(uri, true, on_behalf_of)
|
||||
else
|
||||
body_to_json(prefetched_body, compare_id: id ? uri : nil)
|
||||
body_to_json(prefetched_body, compare_id: uri)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -63,7 +63,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
|
|||
|
||||
def account_from_uri(uri)
|
||||
actor = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)
|
||||
actor = ActivityPub::FetchRemoteAccountService.new.call(uri, id: true, request_id: @request_id) if actor.nil? || actor.possibly_stale?
|
||||
actor = ActivityPub::FetchRemoteAccountService.new.call(uri, request_id: @request_id) if actor.nil? || actor.possibly_stale?
|
||||
actor
|
||||
end
|
||||
|
||||
|
|
|
@ -199,10 +199,15 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
value = first_of_value(@json[key])
|
||||
|
||||
return if value.nil?
|
||||
return value['url'] if value.is_a?(Hash)
|
||||
|
||||
image = fetch_resource_without_id_validation(value)
|
||||
image['url'] if image
|
||||
if value.is_a?(String)
|
||||
value = fetch_resource_without_id_validation(value)
|
||||
return if value.nil?
|
||||
end
|
||||
|
||||
value = first_of_value(value['url']) if value.is_a?(Hash) && value['type'] == 'Image'
|
||||
value = value['href'] if value.is_a?(Hash)
|
||||
value if value.is_a?(String)
|
||||
end
|
||||
|
||||
def public_key
|
||||
|
@ -274,7 +279,7 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
|
||||
def moved_account
|
||||
account = ActivityPub::TagManager.instance.uri_to_resource(@json['movedTo'], Account)
|
||||
account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true, request_id: @options[:request_id])
|
||||
account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], break_on_redirect: true, request_id: @options[:request_id])
|
||||
account
|
||||
end
|
||||
|
||||
|
|
|
@ -43,11 +43,19 @@ class FetchResourceService < BaseService
|
|||
@response_code = response.code
|
||||
return nil if response.code != 200
|
||||
|
||||
if ['application/activity+json', 'application/ld+json'].include?(response.mime_type)
|
||||
if valid_activitypub_content_type?(response)
|
||||
body = response.body_with_limit
|
||||
json = body_to_json(body)
|
||||
|
||||
[json['id'], { prefetched_body: body, id: true }] if supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
|
||||
return unless supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
|
||||
|
||||
if json['id'] != @url
|
||||
return if terminal
|
||||
|
||||
return process(json['id'], terminal: true)
|
||||
end
|
||||
|
||||
[@url, { prefetched_body: body }]
|
||||
elsif !terminal
|
||||
link_header = response['Link'] && parse_link_header(response)
|
||||
|
||||
|
|
|
@ -62,16 +62,17 @@ class NotifyService < BaseService
|
|||
LEFT JOIN mentions m ON m.silent = FALSE AND m.account_id = :sender_id AND m.status_id = s.id
|
||||
WHERE s.id = :id
|
||||
UNION ALL
|
||||
SELECT s.id, s.in_reply_to_id, m.id, st.path || s.id, st.depth + 1
|
||||
FROM ancestors st
|
||||
JOIN statuses s ON s.id = st.in_reply_to_id
|
||||
LEFT JOIN mentions m ON m.silent = FALSE AND m.account_id = :sender_id AND m.status_id = s.id
|
||||
WHERE st.mention_id IS NULL AND NOT s.id = ANY(path) AND st.depth < :depth_limit
|
||||
SELECT s.id, s.in_reply_to_id, m.id, ancestors.path || s.id, ancestors.depth + 1
|
||||
FROM ancestors
|
||||
JOIN statuses s ON s.id = ancestors.in_reply_to_id
|
||||
/* early exit if we already have a mention matching our requirements */
|
||||
LEFT JOIN mentions m ON m.silent = FALSE AND m.account_id = :sender_id AND m.status_id = s.id AND s.account_id = :recipient_id
|
||||
WHERE ancestors.mention_id IS NULL AND NOT s.id = ANY(path) AND ancestors.depth < :depth_limit
|
||||
)
|
||||
SELECT COUNT(*)
|
||||
FROM ancestors st
|
||||
JOIN statuses s ON s.id = st.id
|
||||
WHERE st.mention_id IS NOT NULL AND s.visibility = 3
|
||||
FROM ancestors
|
||||
JOIN statuses s ON s.id = ancestors.id
|
||||
WHERE ancestors.mention_id IS NOT NULL AND s.account_id = :recipient_id AND s.visibility = 3
|
||||
SQL
|
||||
end
|
||||
|
||||
|
|
|
@ -137,7 +137,7 @@ class PostStatusService < BaseService
|
|||
|
||||
def idempotency_duplicate
|
||||
if scheduled?
|
||||
@account.schedule_statuses.find(@idempotency_duplicate)
|
||||
@account.scheduled_statuses.find(@idempotency_duplicate)
|
||||
else
|
||||
@account.statuses.find(@idempotency_duplicate)
|
||||
end
|
||||
|
@ -189,7 +189,7 @@ class PostStatusService < BaseService
|
|||
end
|
||||
|
||||
def scheduled_options
|
||||
@options.tap do |options_hash|
|
||||
@options.dup.tap do |options_hash|
|
||||
options_hash[:in_reply_to_id] = options_hash.delete(:thread)&.id
|
||||
options_hash[:application_id] = options_hash.delete(:application)&.id
|
||||
options_hash[:scheduled_at] = nil
|
||||
|
|
|
@ -19,7 +19,7 @@ class VerifyLinkService < BaseService
|
|||
|
||||
def perform_request!
|
||||
@body = Request.new(:get, @url).add_headers('Accept' => 'text/html').perform do |res|
|
||||
res.code == 200 ? res.body_with_limit : nil
|
||||
res.code == 200 ? res.truncated_body : nil
|
||||
end
|
||||
end
|
||||
|
||||
|
|
18
app/validators/email_address_validator.rb
Normal file
18
app/validators/email_address_validator.rb
Normal file
|
@ -0,0 +1,18 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# NOTE: I initially wrote this as `EmailValidator` but it ended up clashing
|
||||
# with an indirect dependency of ours, `validate_email`, which, turns out,
|
||||
# has the same approach as we do, but with an extra check disallowing
|
||||
# single-label domains. Decided to not switch to `validate_email` because
|
||||
# we do want to allow at least `localhost`.
|
||||
|
||||
class EmailAddressValidator < ActiveModel::EachValidator
|
||||
def validate_each(record, attribute, value)
|
||||
value = value.strip
|
||||
|
||||
address = Mail::Address.new(value)
|
||||
record.errors.add(attribute, :invalid) if address.address != value
|
||||
rescue Mail::Field::FieldError
|
||||
record.errors.add(attribute, :invalid)
|
||||
end
|
||||
end
|
|
@ -13,6 +13,8 @@
|
|||
|
||||
%p.lead= t('admin.settings.registrations.preamble')
|
||||
|
||||
.flash-message= t('admin.settings.registrations.moderation_recommandation')
|
||||
|
||||
.fields-row
|
||||
.fields-row__column.fields-row__column-6.fields-group
|
||||
= f.input :registrations_mode, collection: %w(open approved none), wrapper: :with_label, include_blank: false, label_method: lambda { |mode| I18n.t("admin.settings.registrations_mode.modes.#{mode}") }
|
||||
|
|
3
app/views/admin_mailer/auto_close_registrations.text.erb
Normal file
3
app/views/admin_mailer/auto_close_registrations.text.erb
Normal file
|
@ -0,0 +1,3 @@
|
|||
<%= raw t('admin_mailer.auto_close_registrations.body', instance: @instance) %>
|
||||
|
||||
<%= raw t('application_mailer.view')%> <%= admin_settings_registrations_url %>
|
33
app/workers/scheduler/auto_close_registrations_scheduler.rb
Normal file
33
app/workers/scheduler/auto_close_registrations_scheduler.rb
Normal file
|
@ -0,0 +1,33 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Scheduler::AutoCloseRegistrationsScheduler
|
||||
include Sidekiq::Worker
|
||||
include Redisable
|
||||
|
||||
sidekiq_options retry: 0
|
||||
|
||||
# Automatically switch away from open registrations if no
|
||||
# moderator had any activity in that period of time
|
||||
OPEN_REGISTRATIONS_MODERATOR_THRESHOLD = 1.week + UserTrackingConcern::SIGN_IN_UPDATE_FREQUENCY
|
||||
|
||||
def perform
|
||||
return if Rails.configuration.x.email_domains_whitelist.present? || ENV['DISABLE_AUTOMATIC_SWITCHING_TO_APPROVED_REGISTRATIONS'] == 'true'
|
||||
return unless Setting.registrations_mode == 'open'
|
||||
|
||||
switch_to_approval_mode! unless active_moderators?
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def active_moderators?
|
||||
User.those_who_can(:manage_reports).exists?(current_sign_in_at: OPEN_REGISTRATIONS_MODERATOR_THRESHOLD.ago...)
|
||||
end
|
||||
|
||||
def switch_to_approval_mode!
|
||||
Setting.registrations_mode = 'approved'
|
||||
|
||||
User.those_who_can(:manage_settings).includes(:account).find_each do |user|
|
||||
AdminMailer.auto_close_registrations(user.account).deliver_later
|
||||
end
|
||||
end
|
||||
end
|
|
@ -44,6 +44,7 @@ require_relative '../lib/chewy/strategy/bypass_with_warning'
|
|||
require_relative '../lib/webpacker/manifest_extensions'
|
||||
require_relative '../lib/webpacker/helper_extensions'
|
||||
require_relative '../lib/rails/engine_extensions'
|
||||
require_relative '../lib/action_dispatch/remote_ip_extensions'
|
||||
require_relative '../lib/active_record/database_tasks_extensions'
|
||||
require_relative '../lib/active_record/batches'
|
||||
require_relative '../lib/simple_navigation/item_extensions'
|
||||
|
|
|
@ -19,9 +19,14 @@ Doorkeeper.configure do
|
|||
user unless user&.otp_required_for_login?
|
||||
end
|
||||
|
||||
# If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
|
||||
# Doorkeeper provides some administrative interfaces for managing OAuth
|
||||
# Applications, allowing creation, edit, and deletion of applications from the
|
||||
# server. At present, these administrative routes are not integrated into
|
||||
# Mastodon, and as such, we've disabled them by always return a 403 forbidden
|
||||
# response for them. This does not affect the ability for users to manage
|
||||
# their own OAuth Applications.
|
||||
admin_authenticator do
|
||||
current_user&.admin? || redirect_to(new_user_session_url)
|
||||
head 403
|
||||
end
|
||||
|
||||
# Authorization Code expiration time (default 10 minutes).
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
if ENV['FFMPEG_BINARY'].present?
|
||||
FFMPEG.ffmpeg_binary = ENV['FFMPEG_BINARY']
|
||||
# frozen_string_literal: true
|
||||
|
||||
Rails.application.configure do
|
||||
config.x.ffmpeg_binary = ENV['FFMPEG_BINARY'] || 'ffmpeg'
|
||||
config.x.ffprobe_binary = ENV['FFPROBE_BINARY'] || 'ffprobe'
|
||||
end
|
||||
|
|
|
@ -37,6 +37,10 @@ class Rack::Attack
|
|||
authenticated_token&.id
|
||||
end
|
||||
|
||||
def warden_user_id
|
||||
@env['warden']&.user&.id
|
||||
end
|
||||
|
||||
def unauthenticated?
|
||||
!authenticated_user_id
|
||||
end
|
||||
|
@ -58,10 +62,6 @@ class Rack::Attack
|
|||
end
|
||||
end
|
||||
|
||||
Rack::Attack.safelist('allow from localhost') do |req|
|
||||
req.remote_ip == '127.0.0.1' || req.remote_ip == '::1'
|
||||
end
|
||||
|
||||
Rack::Attack.blocklist('deny from blocklist') do |req|
|
||||
IpBlock.blocked?(req.remote_ip)
|
||||
end
|
||||
|
@ -137,6 +137,10 @@ class Rack::Attack
|
|||
req.session[:attempt_user_id] || req.params.dig('user', 'email').presence if req.post? && req.path_matches?('/auth/sign_in')
|
||||
end
|
||||
|
||||
throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req|
|
||||
req.warden_user_id if req.put? || (req.patch? && req.path_matches?('/auth'))
|
||||
end
|
||||
|
||||
self.throttled_responder = lambda do |request|
|
||||
now = Time.now.utc
|
||||
match_data = request.env['rack.attack.match_data']
|
||||
|
|
|
@ -12,6 +12,7 @@ en:
|
|||
last_attempt: You have one more attempt before your account is locked.
|
||||
locked: Your account is locked.
|
||||
not_found_in_database: Invalid %{authentication_keys} or password.
|
||||
omniauth_user_creation_failure: Error creating an account for this identity.
|
||||
pending: Your account is still under review.
|
||||
timeout: Your session expired. Please sign in again to continue.
|
||||
unauthenticated: You need to sign in or sign up before continuing.
|
||||
|
|
|
@ -745,6 +745,7 @@ en:
|
|||
disabled: To no one
|
||||
users: To logged-in local users
|
||||
registrations:
|
||||
moderation_recommandation: Please make sure you have an adequate and reactive moderation team before you open registrations to everyone!
|
||||
preamble: Control who can create an account on your server.
|
||||
title: Registrations
|
||||
registrations_mode:
|
||||
|
@ -905,6 +906,9 @@ en:
|
|||
title: Webhooks
|
||||
webhook: Webhook
|
||||
admin_mailer:
|
||||
auto_close_registrations:
|
||||
body: Due to a lack of recent moderator activity, registrations on %{instance} have been automatically switched to requiring manual review, to prevent %{instance} from being used as a platform for potential bad actors. You can switch it back to open registrations at any time.
|
||||
subject: Registrations for %{instance} have been automatically switched to requiring approval
|
||||
new_appeal:
|
||||
actions:
|
||||
delete_statuses: to delete their posts
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'sidekiq_unique_jobs/web'
|
||||
require 'sidekiq_unique_jobs/web' if ENV['ENABLE_SIDEKIQ_UNIQUE_JOBS_UI'] == true
|
||||
require 'sidekiq-scheduler/web'
|
||||
|
||||
Rails.application.routes.draw do
|
||||
|
|
|
@ -9,7 +9,7 @@ defaults: &defaults
|
|||
site_terms: ''
|
||||
site_contact_username: ''
|
||||
site_contact_email: ''
|
||||
registrations_mode: 'open'
|
||||
registrations_mode: 'none'
|
||||
profile_directory: true
|
||||
closed_registrations_message: ''
|
||||
open_deletion: true
|
||||
|
|
|
@ -58,3 +58,7 @@
|
|||
interval: 1 minute
|
||||
class: Scheduler::SuspendedUserCleanupScheduler
|
||||
queue: scheduler
|
||||
auto_close_registrations_scheduler:
|
||||
interval: 1 hour
|
||||
class: Scheduler::AutoCloseRegistrationsScheduler
|
||||
queue: scheduler
|
||||
|
|
|
@ -56,7 +56,7 @@ services:
|
|||
|
||||
web:
|
||||
build: .
|
||||
image: ghcr.io/mastodon/mastodon:v4.1.12
|
||||
image: ghcr.io/mastodon/mastodon:v4.1.17
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||
|
@ -77,7 +77,7 @@ services:
|
|||
|
||||
streaming:
|
||||
build: .
|
||||
image: ghcr.io/mastodon/mastodon:v4.1.12
|
||||
image: ghcr.io/mastodon/mastodon:v4.1.17
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: node ./streaming
|
||||
|
@ -95,7 +95,7 @@ services:
|
|||
|
||||
sidekiq:
|
||||
build: .
|
||||
image: ghcr.io/mastodon/mastodon:v4.1.12
|
||||
image: ghcr.io/mastodon/mastodon:v4.1.17
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: bundle exec sidekiq
|
||||
|
|
72
lib/action_dispatch/remote_ip_extensions.rb
Normal file
72
lib/action_dispatch/remote_ip_extensions.rb
Normal file
|
@ -0,0 +1,72 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# Mastodon is not made to be directly accessed without a reverse proxy.
|
||||
# This monkey-patch prevents remote IP address spoofing when being accessed
|
||||
# directly.
|
||||
#
|
||||
# See PR: https://github.com/rails/rails/pull/51610
|
||||
|
||||
# In addition to the PR above, it also raises an error if a request with
|
||||
# `X-Forwarded-For` or `Client-Ip` comes directly from a client without
|
||||
# going through a trusted proxy.
|
||||
|
||||
# rubocop:disable all -- This is a mostly vendored file
|
||||
|
||||
module ActionDispatch
|
||||
class RemoteIp
|
||||
module GetIpExtensions
|
||||
def calculate_ip
|
||||
# Set by the Rack web server, this is a single value.
|
||||
remote_addr = ips_from(@req.remote_addr).last
|
||||
|
||||
# Could be a CSV list and/or repeated headers that were concatenated.
|
||||
client_ips = ips_from(@req.client_ip).reverse!
|
||||
forwarded_ips = ips_from(@req.x_forwarded_for).reverse!
|
||||
|
||||
# `Client-Ip` and `X-Forwarded-For` should not, generally, both be set. If they
|
||||
# are both set, it means that either:
|
||||
#
|
||||
# 1) This request passed through two proxies with incompatible IP header
|
||||
# conventions.
|
||||
#
|
||||
# 2) The client passed one of `Client-Ip` or `X-Forwarded-For`
|
||||
# (whichever the proxy servers weren't using) themselves.
|
||||
#
|
||||
# Either way, there is no way for us to determine which header is the right one
|
||||
# after the fact. Since we have no idea, if we are concerned about IP spoofing
|
||||
# we need to give up and explode. (If you're not concerned about IP spoofing you
|
||||
# can turn the `ip_spoofing_check` option off.)
|
||||
should_check_ip = @check_ip && client_ips.last && forwarded_ips.last
|
||||
if should_check_ip && !forwarded_ips.include?(client_ips.last)
|
||||
# We don't know which came from the proxy, and which from the user
|
||||
raise IpSpoofAttackError, "IP spoofing attack?! " \
|
||||
"HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \
|
||||
"HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}"
|
||||
end
|
||||
|
||||
# NOTE: Mastodon addition to make sure we don't get requests from a non-trusted client
|
||||
if @check_ip && (forwarded_ips.last || client_ips.last) && !@proxies.any? { |proxy| proxy === remote_addr }
|
||||
raise IpSpoofAttackError, "IP spoofing attack?! client #{remote_addr} is not a trusted proxy " \
|
||||
"HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \
|
||||
"HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}"
|
||||
end
|
||||
|
||||
# We assume these things about the IP headers:
|
||||
#
|
||||
# - X-Forwarded-For will be a list of IPs, one per proxy, or blank
|
||||
# - Client-Ip is propagated from the outermost proxy, or is blank
|
||||
# - REMOTE_ADDR will be the IP that made the request to Rack
|
||||
ips = forwarded_ips + client_ips
|
||||
ips.compact!
|
||||
|
||||
# If every single IP option is in the trusted list, return the IP that's
|
||||
# furthest away
|
||||
filter_proxies([remote_addr] + ips).first || ips.last || remote_addr
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
ActionDispatch::RemoteIp::GetIp.prepend(ActionDispatch::RemoteIp::GetIpExtensions)
|
||||
|
||||
# rubocop:enable all
|
|
@ -234,7 +234,7 @@ module Mastodon
|
|||
users = User.where(id: row['ids'].split(',')).sort_by(&:updated_at).reverse
|
||||
ref_user = users.shift
|
||||
@prompt.warn "Multiple users registered with e-mail address #{ref_user.email}."
|
||||
@prompt.warn "e-mail will be disabled for the following accounts: #{user.map(&:account).map(&:acct).join(', ')}"
|
||||
@prompt.warn "e-mail will be disabled for the following accounts: #{users.map(&:account).map(&:acct).join(', ')}"
|
||||
@prompt.warn 'Please reach out to them and set another address with `tootctl account modify` or delete them.'
|
||||
|
||||
i = 0
|
||||
|
|
|
@ -143,7 +143,7 @@ module Mastodon
|
|||
|
||||
model_name = path_segments.first.classify
|
||||
attachment_name = path_segments[1].singularize
|
||||
record_id = path_segments[2..-2].join.to_i
|
||||
record_id = path_segments[2...-2].join.to_i
|
||||
file_name = path_segments.last
|
||||
record = record_map.dig(model_name, record_id)
|
||||
attachment = record&.public_send(attachment_name)
|
||||
|
@ -186,7 +186,7 @@ module Mastodon
|
|||
end
|
||||
|
||||
model_name = path_segments.first.classify
|
||||
record_id = path_segments[2..-2].join.to_i
|
||||
record_id = path_segments[2...-2].join.to_i
|
||||
attachment_name = path_segments[1].singularize
|
||||
file_name = path_segments.last
|
||||
|
||||
|
@ -322,7 +322,7 @@ module Mastodon
|
|||
end
|
||||
|
||||
model_name = path_segments.first.classify
|
||||
record_id = path_segments[2..-2].join.to_i
|
||||
record_id = path_segments[2...-2].join.to_i
|
||||
|
||||
unless PRELOAD_MODEL_WHITELIST.include?(model_name)
|
||||
say("Cannot find corresponding model: #{model_name}", :red)
|
||||
|
@ -372,7 +372,7 @@ module Mastodon
|
|||
next unless [7, 10].include?(segments.size)
|
||||
|
||||
model_name = segments.first.classify
|
||||
record_id = segments[2..-2].join.to_i
|
||||
record_id = segments[2...-2].join.to_i
|
||||
|
||||
next unless PRELOAD_MODEL_WHITELIST.include?(model_name)
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ class Mastodon::SidekiqMiddleware
|
|||
rescue Mastodon::HostValidationError
|
||||
# Do not retry
|
||||
rescue => e
|
||||
clean_up_elasticsearch_connections!
|
||||
limit_backtrace_and_raise(e)
|
||||
ensure
|
||||
clean_up_sockets!
|
||||
|
@ -25,6 +26,32 @@ class Mastodon::SidekiqMiddleware
|
|||
clean_up_statsd_socket!
|
||||
end
|
||||
|
||||
# This is a hack to immediately free up unused Elasticsearch connections.
|
||||
#
|
||||
# Indeed, Chewy creates one `Elasticsearch::Client` instance per thread,
|
||||
# and each such client manages its long-lasting connection to
|
||||
# Elasticsearch.
|
||||
#
|
||||
# As far as I know, neither `chewy`, `elasticsearch-transport` or even
|
||||
# `faraday` provide a reliable way to immediately close a connection, and
|
||||
# rely on the underlying object to be garbage-collected instead.
|
||||
#
|
||||
# Furthermore, `sidekiq` creates a new thread each time a job throws an
|
||||
# exception, meaning that each failure will create a new connection, and
|
||||
# the old one will only be closed on full garbage collection.
|
||||
def clean_up_elasticsearch_connections!
|
||||
return unless Chewy.enabled? && Chewy.current[:chewy_client].present?
|
||||
|
||||
Chewy.client.transport.connections.each do |connection|
|
||||
# NOTE: This bit of code is tailored for the HTTPClient Faraday adapter
|
||||
connection.connection.app.instance_variable_get(:@client)&.reset_all
|
||||
end
|
||||
|
||||
Chewy.current.delete(:chewy_client)
|
||||
rescue
|
||||
nil
|
||||
end
|
||||
|
||||
def clean_up_redis_socket!
|
||||
RedisConfiguration.pool.checkin if Thread.current[:redis]
|
||||
Thread.current[:redis] = nil
|
||||
|
|
|
@ -13,7 +13,7 @@ module Mastodon
|
|||
end
|
||||
|
||||
def patch
|
||||
12
|
||||
17
|
||||
end
|
||||
|
||||
def flags
|
||||
|
|
|
@ -35,7 +35,7 @@ module Paperclip
|
|||
dst.binmode
|
||||
|
||||
begin
|
||||
command = Terrapin::CommandLine.new('ffmpeg', '-i :source -loglevel :loglevel -y :destination', logger: Paperclip.logger)
|
||||
command = Terrapin::CommandLine.new(Rails.configuration.x.ffmpeg_binary, '-i :source -loglevel :loglevel -y :destination', logger: Paperclip.logger)
|
||||
command.run(source: @file.path, destination: dst.path, loglevel: 'fatal')
|
||||
rescue Terrapin::ExitStatusError
|
||||
dst.close(true)
|
||||
|
|
|
@ -51,7 +51,7 @@ module Paperclip
|
|||
command_arguments, interpolations = prepare_command(destination)
|
||||
|
||||
begin
|
||||
command = Terrapin::CommandLine.new('ffmpeg', command_arguments.join(' '), logger: Paperclip.logger)
|
||||
command = Terrapin::CommandLine.new(Rails.configuration.x.ffmpeg_binary, command_arguments.join(' '), logger: Paperclip.logger)
|
||||
command.run(interpolations)
|
||||
rescue Terrapin::ExitStatusError => e
|
||||
raise Paperclip::Error, "Error while transcoding #{@basename}: #{e}"
|
||||
|
|
|
@ -516,6 +516,7 @@ namespace :mastodon do
|
|||
owner_role = UserRole.find_by(name: 'Owner')
|
||||
user = User.new(email: email, password: password, confirmed_at: Time.now.utc, account_attributes: { username: username }, bypass_invite_request_check: true, role: owner_role)
|
||||
user.save(validate: false)
|
||||
user.approve!
|
||||
|
||||
Setting.site_contact_username = username
|
||||
|
||||
|
|
11
lib/tasks/sidekiq_unique_jobs.rake
Normal file
11
lib/tasks/sidekiq_unique_jobs.rake
Normal file
|
@ -0,0 +1,11 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
namespace :sidekiq_unique_jobs do
|
||||
task delete_all_locks: :environment do
|
||||
digests = SidekiqUniqueJobs::Digests.new
|
||||
digests.delete_by_pattern('*', count: digests.count)
|
||||
|
||||
expiring_digests = SidekiqUniqueJobs::ExpiringDigests.new
|
||||
expiring_digests.delete_by_pattern('*', count: expiring_digests.count)
|
||||
end
|
||||
end
|
|
@ -1,8 +1,6 @@
|
|||
require 'rails_helper'
|
||||
|
||||
describe Rack::Attack do
|
||||
include Rack::Test::Methods
|
||||
|
||||
describe Rack::Attack, type: :request do
|
||||
def app
|
||||
Rails.application
|
||||
end
|
||||
|
@ -12,7 +10,7 @@ describe Rack::Attack do
|
|||
it 'does not change the request status' do
|
||||
limit.times do
|
||||
request.call
|
||||
expect(last_response.status).to_not eq(429)
|
||||
expect(response.status).to_not eq(429)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -21,7 +19,7 @@ describe Rack::Attack do
|
|||
it 'returns http too many requests' do
|
||||
(limit * 2).times do |i|
|
||||
request.call
|
||||
expect(last_response.status).to eq(429) if i > limit
|
||||
expect(response.status).to eq(429) if i > limit
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -32,7 +30,7 @@ describe Rack::Attack do
|
|||
describe 'throttle excessive sign-up requests by IP address' do
|
||||
context 'through the website' do
|
||||
let(:limit) { 25 }
|
||||
let(:request) { ->() { post path, {}, 'REMOTE_ADDR' => remote_ip } }
|
||||
let(:request) { ->() { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
||||
|
||||
context 'for exact path' do
|
||||
let(:path) { '/auth' }
|
||||
|
@ -47,7 +45,7 @@ describe Rack::Attack do
|
|||
|
||||
context 'through the API' do
|
||||
let(:limit) { 5 }
|
||||
let(:request) { ->() { post path, {}, 'REMOTE_ADDR' => remote_ip } }
|
||||
let(:request) { ->() { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
||||
|
||||
context 'for exact path' do
|
||||
let(:path) { '/api/v1/accounts' }
|
||||
|
@ -59,7 +57,7 @@ describe Rack::Attack do
|
|||
|
||||
it 'returns http not found' do
|
||||
request.call
|
||||
expect(last_response.status).to eq(404)
|
||||
expect(response.status).to eq(404)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -67,7 +65,7 @@ describe Rack::Attack do
|
|||
|
||||
describe 'throttle excessive sign-in requests by IP address' do
|
||||
let(:limit) { 25 }
|
||||
let(:request) { ->() { post path, {}, 'REMOTE_ADDR' => remote_ip } }
|
||||
let(:request) { ->() { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
||||
|
||||
context 'for exact path' do
|
||||
let(:path) { '/auth/sign_in' }
|
||||
|
@ -79,4 +77,28 @@ describe Rack::Attack do
|
|||
it_behaves_like 'throttled endpoint'
|
||||
end
|
||||
end
|
||||
|
||||
describe 'throttle excessive password change requests by account' do
|
||||
let(:user) { Fabricate(:user, email: 'user@host.example') }
|
||||
let(:limit) { 10 }
|
||||
let(:period) { 10.minutes }
|
||||
let(:request) { -> { put path, headers: { 'REMOTE_ADDR' => remote_ip } } }
|
||||
let(:path) { '/auth' }
|
||||
|
||||
before do
|
||||
sign_in user, scope: :user
|
||||
|
||||
# Unfortunately, devise's `sign_in` helper causes the `session` to be
|
||||
# loaded in the next request regardless of whether it's actually accessed
|
||||
# by the client code.
|
||||
#
|
||||
# So, we make an extra query to clear issue a session cookie instead.
|
||||
#
|
||||
# A less resource-intensive way to deal with that would be to generate the
|
||||
# session cookie manually, but this seems pretty involved.
|
||||
get '/'
|
||||
end
|
||||
|
||||
it_behaves_like 'throttled endpoint'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -16,6 +16,8 @@ RSpec.describe Api::V1::Admin::DomainBlocksController, type: :controller do
|
|||
let(:scopes) { wrong_scope }
|
||||
|
||||
it 'returns http forbidden' do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
@ -24,6 +26,8 @@ RSpec.describe Api::V1::Admin::DomainBlocksController, type: :controller do
|
|||
let(:role) { UserRole.find_by(name: wrong_role) }
|
||||
|
||||
it 'returns http forbidden' do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
@ -140,39 +144,70 @@ RSpec.describe Api::V1::Admin::DomainBlocksController, type: :controller do
|
|||
|
||||
describe 'POST #create' do
|
||||
let(:existing_block_domain) { 'example.com' }
|
||||
let(:params) { { domain: 'foo.bar.com', severity: :silence } }
|
||||
let!(:block) { Fabricate(:domain_block, domain: existing_block_domain, severity: :suspend) }
|
||||
|
||||
before do
|
||||
post :create, params: { domain: 'foo.bar.com', severity: :silence }
|
||||
subject do
|
||||
post :create, params: params
|
||||
end
|
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
|
||||
it_behaves_like 'forbidden for wrong role', ''
|
||||
it_behaves_like 'forbidden for wrong role', 'Moderator'
|
||||
|
||||
it 'returns http success' do
|
||||
it 'creates a domain block and returns expected domain name', :aggregate_failures do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
end
|
||||
|
||||
it 'returns expected domain name' do
|
||||
json = body_as_json
|
||||
expect(json[:domain]).to eq 'foo.bar.com'
|
||||
end
|
||||
|
||||
it 'creates a domain block' do
|
||||
expect(body_as_json[:domain]).to eq 'foo.bar.com'
|
||||
expect(DomainBlock.find_by(domain: 'foo.bar.com')).to_not be_nil
|
||||
end
|
||||
|
||||
context 'when a stricter domain block already exists' do
|
||||
let(:existing_block_domain) { 'bar.com' }
|
||||
context 'when a looser domain block already exists on a higher level domain' do
|
||||
let(:params) { { domain: 'foo.bar.com', severity: :suspend } }
|
||||
|
||||
it 'returns http unprocessable entity' do
|
||||
expect(response).to have_http_status(422)
|
||||
before do
|
||||
Fabricate(:domain_block, domain: 'bar.com', severity: :silence)
|
||||
end
|
||||
|
||||
it 'renders existing domain block in error' do
|
||||
json = body_as_json
|
||||
expect(json[:existing_domain_block][:domain]).to eq existing_block_domain
|
||||
it 'creates a domain block with the expected domain name and severity', :aggregate_failures do
|
||||
subject
|
||||
|
||||
body = body_as_json
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(body).to match a_hash_including(
|
||||
{
|
||||
domain: 'foo.bar.com',
|
||||
severity: 'suspend',
|
||||
}
|
||||
)
|
||||
|
||||
expect(DomainBlock.find_by(domain: 'foo.bar.com')).to be_present
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a domain block already exists on the same domain' do
|
||||
before do
|
||||
Fabricate(:domain_block, domain: 'foo.bar.com', severity: :silence)
|
||||
end
|
||||
|
||||
it 'returns existing domain block in error', :aggregate_failures do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(422)
|
||||
expect(body_as_json[:existing_domain_block][:domain]).to eq('foo.bar.com')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a stricter domain block already exists on a higher level domain' do
|
||||
let(:existing_block_domain) { 'bar.com' }
|
||||
|
||||
it 'returns http unprocessable entity with existing domain block in error', :aggregate_reblogs do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(422)
|
||||
expect(body_as_json[:existing_domain_block][:domain]).to eq existing_block_domain
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::FeaturedTags::SuggestionsController do
|
||||
render_views
|
||||
|
||||
let(:user) { Fabricate(:user) }
|
||||
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:accounts') }
|
||||
let(:account) { Fabricate(:account, user: user) }
|
||||
|
||||
before do
|
||||
allow(controller).to receive(:doorkeeper_token) { token }
|
||||
end
|
||||
|
||||
describe 'GET #index' do
|
||||
let!(:unused_featured_tag) { Fabricate(:tag, name: 'unused_featured_tag') }
|
||||
let!(:used_tag) { Fabricate(:tag, name: 'used_tag') }
|
||||
let!(:used_featured_tag) { Fabricate(:tag, name: 'used_featured_tag') }
|
||||
|
||||
before do
|
||||
_unused_tag = Fabricate(:tag, name: 'unused_tag')
|
||||
|
||||
# Make relevant tags used by account
|
||||
status = Fabricate(:status, account: account)
|
||||
status.tags << used_tag
|
||||
status.tags << used_featured_tag
|
||||
|
||||
# Feature the relevant tags
|
||||
Fabricate :featured_tag, account: account, name: unused_featured_tag.name
|
||||
Fabricate :featured_tag, account: account, name: used_featured_tag.name
|
||||
end
|
||||
|
||||
it 'returns http success and recently used but not featured tags', :aggregate_failures do
|
||||
get :index, params: { account_id: account.id, limit: 2 }
|
||||
|
||||
expect(response)
|
||||
.to have_http_status(200)
|
||||
expect(body_as_json)
|
||||
.to contain_exactly(
|
||||
include(name: used_tag.name)
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -242,37 +242,4 @@ describe ApplicationController, type: :controller do
|
|||
|
||||
include_examples 'respond_with_error', 422
|
||||
end
|
||||
|
||||
describe 'cache_collection' do
|
||||
class C < ApplicationController
|
||||
public :cache_collection
|
||||
end
|
||||
|
||||
shared_examples 'receives :with_includes' do |fabricator, klass|
|
||||
it 'uses raw if it is not an ActiveRecord::Relation' do
|
||||
record = Fabricate(fabricator)
|
||||
expect(C.new.cache_collection([record], klass)).to eq [record]
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'cacheable' do |fabricator, klass|
|
||||
include_examples 'receives :with_includes', fabricator, klass
|
||||
|
||||
it 'calls cache_ids of raw if it is an ActiveRecord::Relation' do
|
||||
record = Fabricate(fabricator)
|
||||
relation = klass.none
|
||||
allow(relation).to receive(:cache_ids).and_return([record])
|
||||
expect(C.new.cache_collection(relation, klass)).to eq [record]
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns raw unless class responds to :with_includes' do
|
||||
raw = Object.new
|
||||
expect(C.new.cache_collection(raw, Object)).to eq raw
|
||||
end
|
||||
|
||||
context 'Status' do
|
||||
include_examples 'cacheable', :status, Status
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -56,15 +56,15 @@ describe JsonLdHelper do
|
|||
describe '#fetch_resource' do
|
||||
context 'when the second argument is false' do
|
||||
it 'returns resource even if the retrieved ID and the given URI does not match' do
|
||||
stub_request(:get, 'https://bob.test/').to_return body: '{"id": "https://alice.test/"}'
|
||||
stub_request(:get, 'https://alice.test/').to_return body: '{"id": "https://alice.test/"}'
|
||||
stub_request(:get, 'https://bob.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://alice.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
|
||||
expect(fetch_resource('https://bob.test/', false)).to eq({ 'id' => 'https://alice.test/' })
|
||||
end
|
||||
|
||||
it 'returns nil if the object identified by the given URI and the object identified by the retrieved ID does not match' do
|
||||
stub_request(:get, 'https://mallory.test/').to_return body: '{"id": "https://marvin.test/"}'
|
||||
stub_request(:get, 'https://marvin.test/').to_return body: '{"id": "https://alice.test/"}'
|
||||
stub_request(:get, 'https://mallory.test/').to_return(body: '{"id": "https://marvin.test/"}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://marvin.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
|
||||
expect(fetch_resource('https://mallory.test/', false)).to eq nil
|
||||
end
|
||||
|
@ -72,7 +72,7 @@ describe JsonLdHelper do
|
|||
|
||||
context 'when the second argument is true' do
|
||||
it 'returns nil if the retrieved ID and the given URI does not match' do
|
||||
stub_request(:get, 'https://mallory.test/').to_return body: '{"id": "https://alice.test/"}'
|
||||
stub_request(:get, 'https://mallory.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
expect(fetch_resource('https://mallory.test/', true)).to eq nil
|
||||
end
|
||||
end
|
||||
|
@ -80,12 +80,12 @@ describe JsonLdHelper do
|
|||
|
||||
describe '#fetch_resource_without_id_validation' do
|
||||
it 'returns nil if the status code is not 200' do
|
||||
stub_request(:get, 'https://host.test/').to_return status: 400, body: '{}'
|
||||
stub_request(:get, 'https://host.test/').to_return(status: 400, body: '{}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
expect(fetch_resource_without_id_validation('https://host.test/')).to eq nil
|
||||
end
|
||||
|
||||
it 'returns hash' do
|
||||
stub_request(:get, 'https://host.test/').to_return status: 200, body: '{}'
|
||||
stub_request(:get, 'https://host.test/').to_return(status: 200, body: '{}', headers: { 'Content-Type': 'application/activity+json' })
|
||||
expect(fetch_resource_without_id_validation('https://host.test/')).to eq({})
|
||||
end
|
||||
end
|
||||
|
|
|
@ -33,7 +33,7 @@ RSpec.describe ActivityPub::Activity::Announce do
|
|||
context 'when sender is followed by a local account' do
|
||||
before do
|
||||
Fabricate(:account).follow!(sender)
|
||||
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json))
|
||||
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' })
|
||||
subject.perform
|
||||
end
|
||||
|
||||
|
@ -118,7 +118,7 @@ RSpec.describe ActivityPub::Activity::Announce do
|
|||
subject { described_class.new(json, sender, relayed_through_actor: relay_account) }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json))
|
||||
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
context 'and the relay is enabled' do
|
||||
|
|
|
@ -58,7 +58,7 @@ RSpec.describe ActivityPub::LinkedDataSignature do
|
|||
|
||||
allow(ActivityPub::FetchRemoteKeyService).to receive(:new).and_return(service_stub)
|
||||
|
||||
allow(service_stub).to receive(:call).with('http://example.com/alice', id: false) do
|
||||
allow(service_stub).to receive(:call).with('http://example.com/alice') do
|
||||
sender.update!(public_key: old_key)
|
||||
sender
|
||||
end
|
||||
|
@ -66,7 +66,7 @@ RSpec.describe ActivityPub::LinkedDataSignature do
|
|||
|
||||
it 'fetches key and returns creator' do
|
||||
expect(subject.verify_actor!).to eq sender
|
||||
expect(service_stub).to have_received(:call).with('http://example.com/alice', id: false).once
|
||||
expect(service_stub).to have_received(:call).with('http://example.com/alice').once
|
||||
end
|
||||
end
|
||||
|
||||
|
|
50
spec/lib/activitypub/parser/status_parser_spec.rb
Normal file
50
spec/lib/activitypub/parser/status_parser_spec.rb
Normal file
|
@ -0,0 +1,50 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe ActivityPub::Parser::StatusParser do
|
||||
subject { described_class.new(json) }
|
||||
|
||||
let(:sender) { Fabricate(:account, followers_url: 'http://example.com/followers', domain: 'example.com', uri: 'https://example.com/actor') }
|
||||
let(:follower) { Fabricate(:account, username: 'bob') }
|
||||
|
||||
let(:json) do
|
||||
{
|
||||
'@context': 'https://www.w3.org/ns/activitystreams',
|
||||
id: [ActivityPub::TagManager.instance.uri_for(sender), '#foo'].join,
|
||||
type: 'Create',
|
||||
actor: ActivityPub::TagManager.instance.uri_for(sender),
|
||||
object: object_json,
|
||||
}.with_indifferent_access
|
||||
end
|
||||
|
||||
let(:object_json) do
|
||||
{
|
||||
id: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
|
||||
type: 'Note',
|
||||
to: [
|
||||
'https://www.w3.org/ns/activitystreams#Public',
|
||||
ActivityPub::TagManager.instance.uri_for(follower),
|
||||
],
|
||||
content: '@bob lorem ipsum',
|
||||
contentMap: {
|
||||
EN: '@bob lorem ipsum',
|
||||
},
|
||||
published: 1.hour.ago.utc.iso8601,
|
||||
updated: 1.hour.ago.utc.iso8601,
|
||||
tag: {
|
||||
type: 'Mention',
|
||||
href: ActivityPub::TagManager.instance.uri_for(follower),
|
||||
},
|
||||
}
|
||||
end
|
||||
|
||||
it 'correctly parses status' do
|
||||
expect(subject).to have_attributes(
|
||||
text: '@bob lorem ipsum',
|
||||
uri: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
|
||||
reply: false,
|
||||
language: :en
|
||||
)
|
||||
end
|
||||
end
|
|
@ -248,6 +248,24 @@ describe AccountInteractions do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#block_idna_domain!' do
|
||||
subject do
|
||||
[
|
||||
account.block_domain!(idna_domain),
|
||||
account.block_domain!(punycode_domain),
|
||||
]
|
||||
end
|
||||
|
||||
let(:idna_domain) { '대한민국.한국' }
|
||||
let(:punycode_domain) { 'xn--3e0bs9hfvinn1a.xn--3e0b707e' }
|
||||
|
||||
it 'creates single AccountDomainBlock' do
|
||||
expect do
|
||||
expect(subject).to all(be_a AccountDomainBlock)
|
||||
end.to change { account.domain_blocks.count }.by 1
|
||||
end
|
||||
end
|
||||
|
||||
describe '#unfollow!' do
|
||||
subject { account.unfollow!(target_account) }
|
||||
|
||||
|
@ -343,6 +361,28 @@ describe AccountInteractions do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#unblock_idna_domain!' do
|
||||
subject { account.unblock_domain!(punycode_domain) }
|
||||
|
||||
let(:idna_domain) { '대한민국.한국' }
|
||||
let(:punycode_domain) { 'xn--3e0bs9hfvinn1a.xn--3e0b707e' }
|
||||
|
||||
context 'when blocking the domain' do
|
||||
it 'returns destroyed AccountDomainBlock' do
|
||||
account_domain_block = Fabricate(:account_domain_block, domain: idna_domain)
|
||||
account.domain_blocks << account_domain_block
|
||||
expect(subject).to be_a AccountDomainBlock
|
||||
expect(subject).to be_destroyed
|
||||
end
|
||||
end
|
||||
|
||||
context 'when unblocking idna domain' do
|
||||
it 'returns nil' do
|
||||
expect(subject).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#following?' do
|
||||
subject { account.following?(target_account) }
|
||||
|
||||
|
|
|
@ -25,7 +25,6 @@ RSpec.describe HomeFeed, type: :model do
|
|||
results = subject.get(3)
|
||||
|
||||
expect(results.map(&:id)).to eq [3, 2]
|
||||
expect(results.first.attributes.keys).to eq %w(id updated_at)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe Identity, type: :model do
|
||||
describe '.find_for_oauth' do
|
||||
describe '.find_for_omniauth' do
|
||||
let(:auth) { Fabricate(:identity, user: Fabricate(:user)) }
|
||||
|
||||
it 'calls .find_or_create_by' do
|
||||
expect(described_class).to receive(:find_or_create_by).with(uid: auth.uid, provider: auth.provider)
|
||||
described_class.find_for_oauth(auth)
|
||||
described_class.find_for_omniauth(auth)
|
||||
end
|
||||
|
||||
it 'returns an instance of Identity' do
|
||||
expect(described_class.find_for_oauth(auth)).to be_instance_of Identity
|
||||
expect(described_class.find_for_omniauth(auth)).to be_instance_of Identity
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -142,22 +142,12 @@ RSpec.describe Setting, type: :model do
|
|||
context 'records includes nothing' do
|
||||
let(:records) { [] }
|
||||
|
||||
context 'default_value is not a Hash' do
|
||||
it 'includes Setting with value of default_value' do
|
||||
setting = described_class.all_as_records[key]
|
||||
it 'includes Setting with value of default_value' do
|
||||
setting = described_class.all_as_records[key]
|
||||
|
||||
expect(setting).to be_kind_of Setting
|
||||
expect(setting).to have_attributes(var: key)
|
||||
expect(setting).to have_attributes(value: 'default_value')
|
||||
end
|
||||
end
|
||||
|
||||
context 'default_value is a Hash' do
|
||||
let(:default_value) { { 'foo' => 'fuga' } }
|
||||
|
||||
it 'returns {}' do
|
||||
expect(described_class.all_as_records).to eq({})
|
||||
end
|
||||
expect(setting).to be_a described_class
|
||||
expect(setting).to have_attributes(var: key)
|
||||
expect(setting).to have_attributes(value: default_value)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -40,6 +40,12 @@ RSpec.describe User, type: :model do
|
|||
expect(user.valid?).to be true
|
||||
end
|
||||
|
||||
it 'is valid with a localhost e-mail address' do
|
||||
user = Fabricate.build(:user, email: 'admin@localhost')
|
||||
user.valid?
|
||||
expect(user.valid?).to be true
|
||||
end
|
||||
|
||||
it 'cleans out empty string from languages' do
|
||||
user = Fabricate.build(:user, chosen_languages: [''])
|
||||
user.valid?
|
||||
|
@ -439,7 +445,10 @@ RSpec.describe User, type: :model do
|
|||
let!(:access_token) { Fabricate(:access_token, resource_owner_id: user.id) }
|
||||
let!(:web_push_subscription) { Fabricate(:web_push_subscription, access_token: access_token) }
|
||||
|
||||
let(:redis_pipeline_stub) { instance_double(Redis::Namespace, publish: nil) }
|
||||
|
||||
before do
|
||||
allow(redis).to receive(:pipelined).and_yield(redis_pipeline_stub)
|
||||
user.reset_password!
|
||||
end
|
||||
|
||||
|
@ -455,6 +464,10 @@ RSpec.describe User, type: :model do
|
|||
expect(Doorkeeper::AccessToken.active_for(user).count).to eq 0
|
||||
end
|
||||
|
||||
it 'revokes streaming access for all access tokens' do
|
||||
expect(redis_pipeline_stub).to have_received(:publish).with("timeline:access_token:#{access_token.id}", Oj.dump(event: :kill)).once
|
||||
end
|
||||
|
||||
it 'removes push subscriptions' do
|
||||
expect(Web::PushSubscription.where(user: user).or(Web::PushSubscription.where(access_token: access_token)).count).to eq 0
|
||||
end
|
||||
|
|
|
@ -41,6 +41,7 @@ RSpec.configure do |config|
|
|||
|
||||
config.include Devise::Test::ControllerHelpers, type: :controller
|
||||
config.include Devise::Test::ControllerHelpers, type: :view
|
||||
config.include Devise::Test::IntegrationHelpers, type: :request
|
||||
config.include Paperclip::Shoulda::Matchers
|
||||
config.include ActiveSupport::Testing::TimeHelpers
|
||||
config.include Redisable
|
||||
|
|
83
spec/requests/disabled_oauth_endpoints_spec.rb
Normal file
83
spec/requests/disabled_oauth_endpoints_spec.rb
Normal file
|
@ -0,0 +1,83 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe 'Disabled OAuth routes' do
|
||||
# These routes are disabled via the doorkeeper configuration for
|
||||
# `admin_authenticator`, as these routes should only be accessible by server
|
||||
# administrators. For now, these routes are not properly designed and
|
||||
# integrated into Mastodon, so we're disabling them completely
|
||||
describe 'GET /oauth/applications' do
|
||||
it 'returns 403 forbidden' do
|
||||
get oauth_applications_path
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /oauth/applications' do
|
||||
it 'returns 403 forbidden' do
|
||||
post oauth_applications_path
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /oauth/applications/new' do
|
||||
it 'returns 403 forbidden' do
|
||||
get new_oauth_application_path
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /oauth/applications/:id' do
|
||||
let(:application) { Fabricate(:application, scopes: 'read') }
|
||||
|
||||
it 'returns 403 forbidden' do
|
||||
get oauth_application_path(application)
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PATCH /oauth/applications/:id' do
|
||||
let(:application) { Fabricate(:application, scopes: 'read') }
|
||||
|
||||
it 'returns 403 forbidden' do
|
||||
patch oauth_application_path(application)
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PUT /oauth/applications/:id' do
|
||||
let(:application) { Fabricate(:application, scopes: 'read') }
|
||||
|
||||
it 'returns 403 forbidden' do
|
||||
put oauth_application_path(application)
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE /oauth/applications/:id' do
|
||||
let(:application) { Fabricate(:application, scopes: 'read') }
|
||||
|
||||
it 'returns 403 forbidden' do
|
||||
delete oauth_application_path(application)
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /oauth/applications/:id/edit' do
|
||||
let(:application) { Fabricate(:application, scopes: 'read') }
|
||||
|
||||
it 'returns 403 forbidden' do
|
||||
get edit_oauth_application_path(application)
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
end
|
143
spec/requests/omniauth_callbacks_spec.rb
Normal file
143
spec/requests/omniauth_callbacks_spec.rb
Normal file
|
@ -0,0 +1,143 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe 'OmniAuth callbacks' do
|
||||
shared_examples 'omniauth provider callbacks' do |provider|
|
||||
subject { post send :"user_#{provider}_omniauth_callback_path" }
|
||||
|
||||
context 'with full information in response' do
|
||||
before do
|
||||
mock_omniauth(provider, {
|
||||
provider: provider.to_s,
|
||||
uid: '123',
|
||||
info: {
|
||||
verified: 'true',
|
||||
email: 'user@host.example',
|
||||
},
|
||||
})
|
||||
end
|
||||
|
||||
context 'without a matching user' do
|
||||
it 'creates a user and an identity and redirects to root path' do
|
||||
expect { subject }
|
||||
.to change(User, :count)
|
||||
.by(1)
|
||||
.and change(Identity, :count)
|
||||
.by(1)
|
||||
.and change(LoginActivity, :count)
|
||||
.by(1)
|
||||
|
||||
expect(User.last.email).to eq('user@host.example')
|
||||
expect(Identity.find_by(user: User.last).uid).to eq('123')
|
||||
expect(response).to redirect_to(root_path)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a matching user and no matching identity' do
|
||||
before do
|
||||
Fabricate(:user, email: 'user@host.example')
|
||||
end
|
||||
|
||||
context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is set to true' do
|
||||
around do |example|
|
||||
ClimateControl.modify ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH: 'true' do
|
||||
example.run
|
||||
end
|
||||
end
|
||||
|
||||
it 'matches the existing user, creates an identity, and redirects to root path' do
|
||||
expect { subject }
|
||||
.to not_change(User, :count)
|
||||
.and change(Identity, :count)
|
||||
.by(1)
|
||||
.and change(LoginActivity, :count)
|
||||
.by(1)
|
||||
|
||||
expect(Identity.find_by(user: User.last).uid).to eq('123')
|
||||
expect(response).to redirect_to(root_path)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do
|
||||
it 'does not match the existing user or create an identity, and redirects to login page' do
|
||||
expect { subject }
|
||||
.to not_change(User, :count)
|
||||
.and not_change(Identity, :count)
|
||||
.and not_change(LoginActivity, :count)
|
||||
|
||||
expect(response).to redirect_to(new_user_session_url)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a matching user and a matching identity' do
|
||||
before do
|
||||
user = Fabricate(:user, email: 'user@host.example')
|
||||
Fabricate(:identity, user: user, uid: '123', provider: provider)
|
||||
end
|
||||
|
||||
it 'matches the existing records and redirects to root path' do
|
||||
expect { subject }
|
||||
.to not_change(User, :count)
|
||||
.and not_change(Identity, :count)
|
||||
.and change(LoginActivity, :count)
|
||||
.by(1)
|
||||
|
||||
expect(response).to redirect_to(root_path)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a response missing email address' do
|
||||
before do
|
||||
mock_omniauth(provider, {
|
||||
provider: provider.to_s,
|
||||
uid: '123',
|
||||
info: {
|
||||
verified: 'true',
|
||||
},
|
||||
})
|
||||
end
|
||||
|
||||
it 'redirects to the auth setup page' do
|
||||
expect { subject }
|
||||
.to change(User, :count)
|
||||
.by(1)
|
||||
.and change(Identity, :count)
|
||||
.by(1)
|
||||
.and change(LoginActivity, :count)
|
||||
.by(1)
|
||||
|
||||
expect(response).to redirect_to(auth_setup_path(missing_email: '1'))
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a user cannot be built' do
|
||||
before do
|
||||
allow(User).to receive(:find_for_omniauth).and_return(User.new)
|
||||
end
|
||||
|
||||
it 'redirects to the new user signup page' do
|
||||
expect { subject }
|
||||
.to not_change(User, :count)
|
||||
.and not_change(Identity, :count)
|
||||
.and not_change(LoginActivity, :count)
|
||||
|
||||
expect(response).to redirect_to(new_user_registration_url)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#openid_connect', if: ENV['OIDC_ENABLED'] == 'true' && ENV['OIDC_SCOPE'].present? do
|
||||
include_examples 'omniauth provider callbacks', :openid_connect
|
||||
end
|
||||
|
||||
describe '#cas', if: ENV['CAS_ENABLED'] == 'true' do
|
||||
include_examples 'omniauth provider callbacks', :cas
|
||||
end
|
||||
|
||||
describe '#saml', if: ENV['SAML_ENABLED'] == 'true' do
|
||||
include_examples 'omniauth provider callbacks', :saml
|
||||
end
|
||||
end
|
|
@ -60,10 +60,10 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do
|
|||
|
||||
shared_examples 'sets pinned posts' do
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/account/pinned/1').to_return(status: 200, body: Oj.dump(status_json_1))
|
||||
stub_request(:get, 'https://example.com/account/pinned/2').to_return(status: 200, body: Oj.dump(status_json_2))
|
||||
stub_request(:get, 'https://example.com/account/pinned/1').to_return(status: 200, body: Oj.dump(status_json_1), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/account/pinned/2').to_return(status: 200, body: Oj.dump(status_json_2), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/account/pinned/3').to_return(status: 404)
|
||||
stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4))
|
||||
stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' })
|
||||
|
||||
subject.call(actor, note: true, hashtag: false)
|
||||
end
|
||||
|
@ -76,7 +76,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do
|
|||
describe '#call' do
|
||||
context 'when the endpoint is a Collection' do
|
||||
before do
|
||||
stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'sets pinned posts'
|
||||
|
@ -93,7 +93,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'sets pinned posts'
|
||||
|
@ -102,7 +102,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do
|
|||
let(:items) { 'https://example.com/account/pinned/4' }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4))
|
||||
stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' })
|
||||
subject.call(actor, note: true, hashtag: false)
|
||||
end
|
||||
|
||||
|
@ -129,7 +129,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'sets pinned posts'
|
||||
|
@ -138,7 +138,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do
|
|||
let(:items) { 'https://example.com/account/pinned/4' }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4))
|
||||
stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' })
|
||||
subject.call(actor, note: true, hashtag: false)
|
||||
end
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d
|
|||
describe '#call' do
|
||||
context 'when the endpoint is a Collection' do
|
||||
before do
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'sets featured tags'
|
||||
|
@ -44,7 +44,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d
|
|||
|
||||
context 'when the account already has featured tags' do
|
||||
before do
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
|
||||
actor.featured_tags.create!(name: 'FoO')
|
||||
actor.featured_tags.create!(name: 'baz')
|
||||
|
@ -65,7 +65,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'sets featured tags'
|
||||
|
@ -86,7 +86,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'sets featured tags'
|
||||
|
|
|
@ -16,7 +16,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do
|
|||
end
|
||||
|
||||
describe '#call' do
|
||||
let(:account) { subject.call('https://example.com/alice', id: true) }
|
||||
let(:account) { subject.call('https://example.com/alice') }
|
||||
|
||||
shared_examples 'sets profile data' do
|
||||
it 'returns an account' do
|
||||
|
@ -42,7 +42,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do
|
|||
before do
|
||||
actor[:inbox] = nil
|
||||
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
|
@ -65,7 +65,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
|
@ -91,7 +91,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/alice' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
@ -123,7 +123,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/bob' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
|
@ -146,7 +146,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/bob' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
|
|
@ -16,7 +16,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do
|
|||
end
|
||||
|
||||
describe '#call' do
|
||||
let(:account) { subject.call('https://example.com/alice', id: true) }
|
||||
let(:account) { subject.call('https://example.com/alice') }
|
||||
|
||||
shared_examples 'sets profile data' do
|
||||
it 'returns an account' do
|
||||
|
@ -42,7 +42,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do
|
|||
before do
|
||||
actor[:inbox] = nil
|
||||
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
|
@ -65,7 +65,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
|
@ -91,7 +91,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/alice' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
@ -123,7 +123,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/bob' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
|
@ -146,7 +146,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do
|
|||
let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/bob' }] } }
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
|
|
@ -38,16 +38,16 @@ RSpec.describe ActivityPub::FetchRemoteKeyService, type: :service do
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
||||
end
|
||||
|
||||
describe '#call' do
|
||||
let(:account) { subject.call(public_key_id, id: false) }
|
||||
let(:account) { subject.call(public_key_id) }
|
||||
|
||||
context 'when the key is a sub-object from the actor' do
|
||||
before do
|
||||
stub_request(:get, public_key_id).to_return(body: Oj.dump(actor))
|
||||
stub_request(:get, public_key_id).to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'returns the expected account' do
|
||||
|
@ -59,7 +59,7 @@ RSpec.describe ActivityPub::FetchRemoteKeyService, type: :service do
|
|||
let(:public_key_id) { 'https://example.com/alice-public-key.json' }
|
||||
|
||||
before do
|
||||
stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })))
|
||||
stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'returns the expected account' do
|
||||
|
@ -72,7 +72,7 @@ RSpec.describe ActivityPub::FetchRemoteKeyService, type: :service do
|
|||
let(:actor_public_key) { 'https://example.com/alice-public-key.json' }
|
||||
|
||||
before do
|
||||
stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })))
|
||||
stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'returns the nil' do
|
||||
|
|
|
@ -53,7 +53,7 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do
|
|||
|
||||
context 'when passing the URL to the collection' do
|
||||
before do
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'spawns workers for up to 5 replies on the same server' do
|
||||
|
@ -82,7 +82,7 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do
|
|||
|
||||
context 'when passing the URL to the collection' do
|
||||
before do
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'spawns workers for up to 5 replies on the same server' do
|
||||
|
@ -115,7 +115,7 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do
|
|||
|
||||
context 'when passing the URL to the collection' do
|
||||
before do
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'spawns workers for up to 5 replies on the same server' do
|
||||
|
|
|
@ -3,7 +3,7 @@ require 'rails_helper'
|
|||
RSpec.describe ActivityPub::ProcessAccountService, type: :service do
|
||||
subject { described_class.new }
|
||||
|
||||
context 'property values' do
|
||||
context 'with property values, an avatar, and a profile header' do
|
||||
let(:payload) do
|
||||
{
|
||||
id: 'https://foo.test',
|
||||
|
@ -14,19 +14,50 @@ RSpec.describe ActivityPub::ProcessAccountService, type: :service do
|
|||
{ type: 'PropertyValue', name: 'Occupation', value: 'Unit test' },
|
||||
{ type: 'PropertyValue', name: 'non-string', value: ['foo', 'bar'] },
|
||||
],
|
||||
image: {
|
||||
type: 'Image',
|
||||
mediaType: 'image/png',
|
||||
url: 'https://foo.test/image.png',
|
||||
},
|
||||
icon: {
|
||||
type: 'Image',
|
||||
url: [
|
||||
{
|
||||
mediaType: 'image/png',
|
||||
href: 'https://foo.test/icon.png',
|
||||
},
|
||||
],
|
||||
},
|
||||
}.with_indifferent_access
|
||||
end
|
||||
|
||||
it 'parses out of attachment' do
|
||||
before do
|
||||
stub_request(:get, 'https://foo.test/image.png').to_return(request_fixture('avatar.txt'))
|
||||
stub_request(:get, 'https://foo.test/icon.png').to_return(request_fixture('avatar.txt'))
|
||||
end
|
||||
|
||||
it 'parses property values, avatar and profile header as expected' do
|
||||
account = subject.call('alice', 'example.com', payload)
|
||||
expect(account.fields).to be_a Array
|
||||
expect(account.fields.size).to eq 2
|
||||
expect(account.fields[0]).to be_a Account::Field
|
||||
expect(account.fields[0].name).to eq 'Pronouns'
|
||||
expect(account.fields[0].value).to eq 'They/them'
|
||||
expect(account.fields[1]).to be_a Account::Field
|
||||
expect(account.fields[1].name).to eq 'Occupation'
|
||||
expect(account.fields[1].value).to eq 'Unit test'
|
||||
|
||||
expect(account.fields)
|
||||
.to be_an(Array)
|
||||
.and have_attributes(size: 2)
|
||||
expect(account.fields.first)
|
||||
.to be_an(Account::Field)
|
||||
.and have_attributes(
|
||||
name: eq('Pronouns'),
|
||||
value: eq('They/them')
|
||||
)
|
||||
expect(account.fields.last)
|
||||
.to be_an(Account::Field)
|
||||
.and have_attributes(
|
||||
name: eq('Occupation'),
|
||||
value: eq('Unit test')
|
||||
)
|
||||
expect(account).to have_attributes(
|
||||
avatar_remote_url: 'https://foo.test/icon.png',
|
||||
header_remote_url: 'https://foo.test/image.png'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService, type: :service do
|
|||
describe '#call' do
|
||||
context 'when the endpoint is a Collection of actor URIs' do
|
||||
before do
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'synchronizes followers'
|
||||
|
@ -75,7 +75,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService, type: :service do
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'synchronizes followers'
|
||||
|
@ -96,7 +96,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService, type: :service do
|
|||
end
|
||||
|
||||
before do
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload))
|
||||
stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' })
|
||||
end
|
||||
|
||||
it_behaves_like 'synchronizes followers'
|
||||
|
|
|
@ -54,7 +54,7 @@ RSpec.describe FetchResourceService, type: :service do
|
|||
|
||||
let(:json) do
|
||||
{
|
||||
id: 1,
|
||||
id: 'http://example.com/foo',
|
||||
'@context': ActivityPub::TagManager::CONTEXT,
|
||||
type: 'Note',
|
||||
}.to_json
|
||||
|
@ -79,14 +79,14 @@ RSpec.describe FetchResourceService, type: :service do
|
|||
let(:content_type) { 'application/activity+json; charset=utf-8' }
|
||||
let(:body) { json }
|
||||
|
||||
it { is_expected.to eq [1, { prefetched_body: body, id: true }] }
|
||||
it { is_expected.to eq ['http://example.com/foo', { prefetched_body: body }] }
|
||||
end
|
||||
|
||||
context 'when content type is ld+json with profile' do
|
||||
let(:content_type) { 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' }
|
||||
let(:body) { json }
|
||||
|
||||
it { is_expected.to eq [1, { prefetched_body: body, id: true }] }
|
||||
it { is_expected.to eq ['http://example.com/foo', { prefetched_body: body }] }
|
||||
end
|
||||
|
||||
before do
|
||||
|
@ -97,14 +97,14 @@ RSpec.describe FetchResourceService, type: :service do
|
|||
context 'when link header is present' do
|
||||
let(:headers) { { 'Link' => '<http://example.com/foo>; rel="alternate"; type="application/activity+json"', } }
|
||||
|
||||
it { is_expected.to eq [1, { prefetched_body: json, id: true }] }
|
||||
it { is_expected.to eq ['http://example.com/foo', { prefetched_body: json }] }
|
||||
end
|
||||
|
||||
context 'when content type is text/html' do
|
||||
let(:content_type) { 'text/html' }
|
||||
let(:body) { '<html><head><link rel="alternate" href="http://example.com/foo" type="application/activity+json"/></head></html>' }
|
||||
|
||||
it { is_expected.to eq [1, { prefetched_body: json, id: true }] }
|
||||
it { is_expected.to eq ['http://example.com/foo', { prefetched_body: json }] }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -72,11 +72,11 @@ RSpec.describe NotifyService, type: :service do
|
|||
end
|
||||
end
|
||||
|
||||
context 'if the message chain is initiated by recipient, but without a mention to the sender, even if the sender sends multiple messages in a row' do
|
||||
let(:reply_to) { Fabricate(:status, account: recipient) }
|
||||
let!(:mention) { Fabricate(:mention, account: sender, status: reply_to) }
|
||||
let(:dummy_reply) { Fabricate(:status, account: sender, visibility: :direct, thread: reply_to) }
|
||||
let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender, visibility: :direct, thread: dummy_reply)) }
|
||||
context 'when the message chain is initiated by recipient, but without a mention to the sender, even if the sender sends multiple messages in a row' do
|
||||
let(:public_status) { Fabricate(:status, account: recipient) }
|
||||
let(:intermediate_reply) { Fabricate(:status, account: sender, thread: public_status, visibility: :direct) }
|
||||
let!(:intermediate_mention) { Fabricate(:mention, account: sender, status: intermediate_reply) }
|
||||
let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender, visibility: :direct, thread: intermediate_reply)) }
|
||||
|
||||
it 'does not notify' do
|
||||
expect { subject }.to_not change(Notification, :count)
|
||||
|
|
|
@ -52,6 +52,13 @@ RSpec.describe PostStatusService, type: :service do
|
|||
it 'does not change statuses count' do
|
||||
expect { subject.call(account, text: 'Hi future!', scheduled_at: future, thread: previous_status) }.not_to change { [account.statuses_count, previous_status.replies_count] }
|
||||
end
|
||||
|
||||
it 'returns existing status when used twice with idempotency key' do
|
||||
account = Fabricate(:account)
|
||||
status1 = subject.call(account, text: 'test', idempotency: 'meepmeep', scheduled_at: future)
|
||||
status2 = subject.call(account, text: 'test', idempotency: 'meepmeep', scheduled_at: future)
|
||||
expect(status2.id).to eq status1.id
|
||||
end
|
||||
end
|
||||
|
||||
it 'creates response to the original status of boost' do
|
||||
|
|
|
@ -139,6 +139,7 @@ describe ResolveURLService, type: :service do
|
|||
stub_request(:get, url).to_return(status: 302, headers: { 'Location' => status_url })
|
||||
body = ActiveModelSerializers::SerializableResource.new(status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter).to_json
|
||||
stub_request(:get, status_url).to_return(body: body, headers: { 'Content-Type' => 'application/activity+json' })
|
||||
stub_request(:get, uri).to_return(body: body, headers: { 'Content-Type' => 'application/activity+json' })
|
||||
end
|
||||
|
||||
it 'returns status by url' do
|
||||
|
|
|
@ -74,6 +74,20 @@ RSpec.describe VerifyLinkService, type: :service do
|
|||
end
|
||||
|
||||
context 'when a document is truncated but the link back is valid' do
|
||||
let(:html) do
|
||||
"
|
||||
<!doctype html>
|
||||
<body>
|
||||
<a rel=\"me\" href=\"#{ActivityPub::TagManager.instance.url_for(account)}\">
|
||||
"
|
||||
end
|
||||
|
||||
it 'marks the field as verified' do
|
||||
expect(field.verified?).to be true
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a link tag might be truncated' do
|
||||
let(:html) do
|
||||
"
|
||||
<!doctype html>
|
||||
|
@ -87,19 +101,6 @@ RSpec.describe VerifyLinkService, type: :service do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when a link back might be truncated' do
|
||||
let(:html) do
|
||||
"
|
||||
<!doctype html>
|
||||
<body>
|
||||
<a rel=\"me\" href=\"#{ActivityPub::TagManager.instance.url_for(account)}"
|
||||
end
|
||||
|
||||
it 'does not mark the field as verified' do
|
||||
expect(field.verified?).to be false
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a link does not contain a link back' do
|
||||
let(:html) { '' }
|
||||
|
||||
|
|
|
@ -30,6 +30,12 @@ RSpec.configure do |config|
|
|||
config.before :suite do
|
||||
Rails.application.load_seed
|
||||
Chewy.strategy(:bypass)
|
||||
|
||||
# NOTE: we switched registrations mode to closed by default, but the specs
|
||||
# very heavily rely on having it enabled by default, as it relies on users
|
||||
# being approved by default except in select cases where explicitly testing
|
||||
# other registration modes
|
||||
Setting.registrations_mode = 'open'
|
||||
end
|
||||
|
||||
config.after :suite do
|
||||
|
|
7
spec/support/omniauth_mocks.rb
Normal file
7
spec/support/omniauth_mocks.rb
Normal file
|
@ -0,0 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
OmniAuth.config.test_mode = true
|
||||
|
||||
def mock_omniauth(provider, data)
|
||||
OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new(data)
|
||||
end
|
|
@ -21,7 +21,7 @@ describe ActivityPub::FetchRepliesWorker do
|
|||
|
||||
describe 'perform' do
|
||||
it 'performs a request if the collection URI is from the same host' do
|
||||
stub_request(:get, 'https://example.com/statuses_replies/1').to_return(status: 200, body: json)
|
||||
stub_request(:get, 'https://example.com/statuses_replies/1').to_return(status: 200, body: json, headers: { 'Content-Type': 'application/activity+json' })
|
||||
subject.perform(status.id, 'https://example.com/statuses_replies/1')
|
||||
expect(a_request(:get, 'https://example.com/statuses_replies/1')).to have_been_made.once
|
||||
end
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Scheduler::AutoCloseRegistrationsScheduler do
|
||||
subject { described_class.new }
|
||||
|
||||
describe '#perform' do
|
||||
let(:moderator_activity_date) { Time.now.utc }
|
||||
|
||||
before do
|
||||
Fabricate(:user, role: UserRole.find_by(name: 'Owner'), current_sign_in_at: 10.years.ago)
|
||||
Fabricate(:user, role: UserRole.find_by(name: 'Moderator'), current_sign_in_at: moderator_activity_date)
|
||||
end
|
||||
|
||||
context 'when registrations are open' do
|
||||
before do
|
||||
Setting.registrations_mode = 'open'
|
||||
end
|
||||
|
||||
context 'when a moderator has logged in recently' do
|
||||
let(:moderator_activity_date) { Time.now.utc }
|
||||
|
||||
it 'does not change registrations mode' do
|
||||
expect { subject.perform }.to_not change(Setting, :registrations_mode)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a moderator has not recently signed in' do
|
||||
let(:moderator_activity_date) { 1.year.ago }
|
||||
|
||||
it 'changes registrations mode from open to approved' do
|
||||
expect { subject.perform }.to change(Setting, :registrations_mode).from('open').to('approved')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when registrations are closed' do
|
||||
before do
|
||||
Setting.registrations_mode = 'none'
|
||||
end
|
||||
|
||||
context 'when a moderator has logged in recently' do
|
||||
let(:moderator_activity_date) { Time.now.utc }
|
||||
|
||||
it 'does not change registrations mode' do
|
||||
expect { subject.perform }.to_not change(Setting, :registrations_mode)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a moderator has not recently signed in' do
|
||||
let(:moderator_activity_date) { 1.year.ago }
|
||||
|
||||
it 'does not change registrations mode' do
|
||||
expect { subject.perform }.to_not change(Setting, :registrations_mode)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue