Commit Graph

577 Commits (d95f6f4410c28b2f7b9f736c9477936587bd700b)

Author SHA1 Message Date
Matt Jankowski 543d7890fd
Use normalizes to prepare `User` values (#28650)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-10 13:36:06 +00:00
Matt Jankowski 00341c70ff
Use Sidekiq `fake!` instead of `inline!` in specs (#25369) 2024-01-10 11:06:58 +00:00
Claire 10203bd57a
Clean up `Setting` model and remove dead code (#28661) 2024-01-09 14:01:53 +00:00
Jean Boussier 1781849884
Inline what remains of the rails-settings-cached gem (#28618)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-09 11:50:21 +00:00
Matt Jankowski 5dc634796a
Misc coverage improvements re: sidekiq/inline (#28651) 2024-01-09 09:40:08 +00:00
Matt Jankowski e677eb164c
Remove unused `Announcement#time_range?` (#28648) 2024-01-08 15:26:30 +00:00
Matt Jankowski 3e43cd095c
Remove unused scope `Announcement.without_muted` (#28645) 2024-01-08 15:26:14 +00:00
Matt Jankowski aa6d07dbd9
Use normalizes to prepare CustomEmoji `domain` value (#28624) 2024-01-08 11:20:59 +00:00
Matt Jankowski 12bed81187
Add validation specs to `CustomFilter` model (#28600) 2024-01-05 15:13:59 +00:00
Matt Jankowski bb8077e784
Fix `RSpec/LetSetup` cop in models/account_status_cleanup_policy (#28470) 2023-12-22 15:29:50 +00:00
Matt Jankowski e6e217fedd
Clean up `tagged_with_*` Status specs, fix `RSpec/LetSetup` cop (#28462) 2023-12-22 08:32:27 +00:00
Matt Jankowski c753b1ad35
Clean up of `RSpec/LetSetup` within `spec/models` (#28444) 2023-12-21 09:18:38 +00:00
Claire 6fed0fcbaa
Remove unneeded settings cleanup from specs (#28425) 2023-12-19 15:17:22 +00:00
Matt Jankowski af366f65ee
Add spec coverage for `models/form/custom_emoji_batch` class (#28388) 2023-12-18 12:41:37 +00:00
Matt Jankowski 1820bad646
Fix `Performance/StringIdentifierArgument` cop (#28399) 2023-12-18 10:26:09 +00:00
Matt Jankowski 28e1a7a394
Improve spec coverage for `models/announcement` class (#28350) 2023-12-14 10:29:10 +00:00
Matt Jankowski 89a8e6e622
Remove 2x double subject call in `models/form/account_batch` spec (#28209) 2023-12-04 15:41:43 +00:00
Matt Jankowski 5631f139c1
Fix `Lint/SymbolConversion` cop (#28175) 2023-12-01 15:53:35 +00:00
Matt Jankowski 440b80b2e7
Model concerns organization into module namespaces (#28149) 2023-12-01 11:00:41 +00:00
Matt Jankowski e48ecd2929
Remove `default_scope` from `Admin::ActionLog` (#28026) 2023-11-29 10:39:59 +00:00
Matt Jankowski 973597c6f1
Consolidate configuration of `Sidekiq::Testing.fake!` setup (#28046) 2023-11-23 09:43:43 +00:00
Eugen Rochko cdc57c74b7
Fix unsupported time zone or locale preventing sign-up (#28035)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-11-22 11:38:07 +00:00
Matt Jankowski 371f355719
Reduce `.times` usage in `AccountStatusesCleanupPolicy` (#27947) 2023-11-20 09:08:54 +00:00
Matt Jankowski d2aacea8da
Reduce `.times` usage in AccountSearch spec, use constant for default limit (#27946) 2023-11-20 09:08:22 +00:00
Matt Jankowski 00c6ebd86f
Reduce `.times` usage in `StatusPin` and add `PIN_LIMIT` constant in validator (#27945) 2023-11-20 09:07:25 +00:00
Matt Jankowski b2c5b20ef2
Fix `RSpec/AnyInstance` cop (#27810) 2023-11-14 14:52:59 +00:00
Matt Jankowski b7807f3d84
Use `normalizes` to prepare `Webhook#events` value (#27605) 2023-11-13 22:47:44 +00:00
Matt Jankowski 63c9102f8a
Fix `RSpec/MessageChain` cop (#27776) 2023-11-09 12:57:23 +00:00
Matt Jankowski 69d00e2721
Fix `RSpec/InstanceVariable` cop (#27766) 2023-11-08 15:42:30 +00:00
Matt Jankowski ce91d14d48
Fix `Style/WordArray` cop (#27770) 2023-11-08 13:03:44 +00:00
Matt Jankowski 49e2772064
Fix `RSpec/MessageSpies` cop (#27751) 2023-11-07 09:46:28 +00:00
Matt Jankowski cfa14ec6d1
Fix `Lint/EmptyBlock` cop (#27748) 2023-11-07 09:11:04 +00:00
Matt Jankowski b06284c572
Fix `RSpec/HookArgument` cop (#27747) 2023-11-07 09:10:36 +00:00
Matt Jankowski 949f5eb860
Fix `RSpec/MetadataStyle` cop in spec/ (#27729) 2023-11-06 14:28:20 +00:00
Claire 93e4cdc31b
Fix hashtag matching pattern matching some URLs (#27584) 2023-10-27 14:04:51 +00:00
Claire bcae744275
Fix some link anchors being recognized as hashtags (#27271) 2023-10-23 14:19:38 +02:00
Matt Jankowski b0213472df
Validate allowed schemes on preview card URLs (#27485) 2023-10-23 09:50:02 +02:00
Matt Jankowski bcd0171e5e
Fix `Lint/UselessAssignment` cop (#27472) 2023-10-19 16:55:06 +02:00
Matt Jankowski a1b27d8b61
Fix `Naming/VariableNumber` cop (#27447) 2023-10-18 14:26:22 +02:00
Victor Lee c4bddc9855
Add spec for poll model (#23399)
Co-authored-by: Nick Schonning <nschonni@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-17 14:56:24 +02:00
Claire 340c390849
Fix crash when filtering for “dormant” relationships (#27306) 2023-10-06 12:58:16 +02:00
Matt Jankowski c676bc91e9
Dont match mention in url query string (#25656)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-03 17:01:45 +02:00
Claire ceb365c419
Fix boosts of local users being filtered in account timelines (#27204) 2023-10-03 12:21:42 +02:00
Claire 1f99d86287
Fix blocked domain appears from account feed (#26823)
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-09-06 21:04:48 +02:00
Christian Schmidt ea31929776
Fix invalid Content-Type header for WebP images (#26773) 2023-09-04 09:46:33 +02:00
Claire 16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
jsgoldstein 30c191aaa0
Add new public status index (#26344)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-24 16:40:04 +02:00
Nick Schonning b970ed6098
Update rubocop and rubocop-rspec (#26329) 2023-08-22 09:31:40 +02:00
Matt Jankowski c363978782
Spec media attachment speedups (#25416) 2023-08-07 17:58:12 +02:00
Christian Schmidt f2257069b2
Fix AVIF attachments (#26264) 2023-08-01 19:34:11 +02:00
Matt Jankowski 6f1fa1364f
Fix `RSpec/EmptyExampleGroup` cop (#24735) 2023-07-28 23:15:33 +02:00
Claire 1e3b19230a
Add stricter protocol fields validation for accounts (#25937) 2023-07-20 18:23:48 +02:00
Matt Jankowski c75df62ccc
Fix `RSpec/SubjectDeclaration` cop (#25312) 2023-07-12 09:49:33 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Matt Jankowski 05f9e39b32
Fix `RSpec/VerifiedDoubles` cop (#25469) 2023-06-22 14:55:22 +02:00
Claire dd07393e75
Fix user settings not getting validated (#25508) 2023-06-19 14:06:06 +01:00
Matt Jankowski 4c5aa0e470
Update rubocop-rspec to version 2.22.0, fix `RSpec/IndexedLet` cop (#24698) 2023-06-14 16:44:37 +02:00
Daniel M Brasil d9c6f70cc6
Fix `ArgumentError` in `/api/v1/admin/accounts/:id/action` (#25386) 2023-06-14 15:21:36 +02:00
Matt Jankowski ae9f5379d1
Reduce factory data created in spec/models/trends/statuses spec (#25410) 2023-06-14 09:57:06 +02:00
Matt Jankowski 62c996b52d
Reduce `RSpec/MultipleExpectations` cop max to 8 (#25313) 2023-06-10 18:38:22 +02:00
Matt Jankowski c94bb9ba9a
Disable paperclip processing in specs (#25359) 2023-06-10 18:27:35 +02:00
Matt Jankowski 6c0e3f490a
Fix RSpec/MissingExampleGroupArgument cop (#25310) 2023-06-06 15:51:42 +02:00
Matt Jankowski c42591356d
Fix `RSpec/DescribedClass` cop (#25104) 2023-06-06 13:58:33 +02:00
Matt Jankowski b22bfae4f9
Add coverage for `DomainBlock#public_domain` method (#25283) 2023-06-06 13:34:04 +02:00
Claire 8884d1ece0
Add support for importing lists (#25203) 2023-06-01 14:47:31 +02:00
Matt Jankowski d2e5430d4a
Fix RSpec/ExpectChange cop (#25101) 2023-05-24 11:23:40 +02:00
Matt Jankowski b896b16cb3
Fix RSpec/PredicateMatcher cop (#25102) 2023-05-23 16:49:11 +02:00
Emelia Smith 19f9098551
Allow reports with long comments from remote instances, but truncate (#25028) 2023-05-22 13:15:21 +02:00
Nick Schonning 99e2e9b81f
Fix minor typos in comments and spec names (#21831) 2023-05-19 17:13:29 +02:00
Claire 3ed3d54bf3
Fix reports not being closed when performing batch suspensions (#24988) 2023-05-16 14:56:49 +02:00
Matt Jankowski c97b611b6b
Fix RSpec/InferredSpecType cop (#24736) 2023-05-04 05:49:53 +02:00
Matt Jankowski 710745e16b
Fix RSpec/ContextWording cop (#24739) 2023-05-04 05:49:08 +02:00
Claire 1e75eb690d
Fix own posts not getting delivered to own lists (#24810) 2023-05-03 19:17:40 +02:00
Matt Jankowski 3df665fd23
Fix Lint/ConstantDefinitionInBlock cop (#24763) 2023-05-03 10:32:30 +02:00
Matt Jankowski a0c9f2447e
Fix Performance/MethodObjectAsBlock cop (#24798) 2023-05-03 10:30:54 +02:00
Matt Jankowski 570079f8ce
Fix Performance/TimesMap cop (#24789) 2023-05-02 18:07:16 +02:00
Claire 6693a4fe7c
Change lists to be able to include accounts with pending follow requests (#19727) 2023-05-02 14:40:36 +02:00
Claire 32a030dd74
Rewrite import feature (#21054) 2023-05-02 12:08:48 +02:00
Matt Jankowski 274d561430
Enable local account key generation spec (#24728) 2023-04-30 02:28:52 +02:00
Matt Jankowski 4cfe52635c
Add pending spec for User.those_who_can (#24724) 2023-04-29 22:03:36 +02:00
Nick Schonning 5841f1af8c
Autofix Rubocop RSpec/MatchArray (#24675) 2023-04-26 21:29:36 +02:00
Nick Schonning a3393d0d07
Autofix Rubocop RSpec/MatchArray (#24050) 2023-04-26 20:21:54 +02:00
Heitor de Melo Cardozo bc75e62ca6
Change moderation search an account using the username with @ (#24242) 2023-04-17 14:16:36 +02:00
Christian Schmidt b4f38edf74
Wrong type for user setting when default is defined by lambda (#24321) 2023-03-31 07:33:17 +02:00
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Christian Schmidt bd047acc35
Replace `Status#translatable?` with language matrix in separate endpoint (#24037) 2023-03-16 11:07:24 +01:00
Matt Jankowski 688287c59d
Coverage improvement round-out following up previous work (#23987) 2023-03-10 13:33:30 +01:00
Matt Jankowski 506b16cf59
Pending example models minimal coverage (#23912) 2023-03-04 17:16:45 +01:00
Matt Jankowski cd99fa8ceb
Fabricator specs (#23925) 2023-03-04 17:12:09 +01:00
Matt Jankowski c40d5e5a8f
Misc coverage improvements for validators (#23928) 2023-03-04 17:00:00 +01:00
Matt Jankowski f9c2213ae5
Models specs coverage (#23940) 2023-03-04 16:43:47 +01:00
Christian Schmidt 5a8c651e8f
Only offer translation for supported languages (#23879) 2023-03-03 21:06:31 +01:00
Matt Jankowski af578e8ce0
Fix deprecation warning about merging conditions (#23618) 2023-03-02 16:21:04 +01:00
Matt Jankowski 4bb39ac3c3
Fix single-record invalid condition on PollVote (#23810) 2023-02-27 09:31:15 +01:00
Nick Schonning 84cc805cae
Enable Style/FrozenStringLiteralComment for specs (#23790) 2023-02-22 09:55:31 +09:00
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2023-02-20 06:58:28 +01:00
Nick Schonning 5116347eb7
Autofix Rubocop RSpec/BeEq (#23740) 2023-02-20 06:14:50 +01:00
Nick Schonning bf785df9fe
Audofix Rubocop Style/WordArray (#23739) 2023-02-20 06:14:10 +01:00
Nick Schonning 4552685f6b
Autofix Rubocop RSpec/LeadingSubject (#23670) 2023-02-20 13:24:14 +09:00
Nick Schonning 38a1d8bb85
Autofix Rubocop RSpec/ImplicitSubject (#23721) 2023-02-20 05:00:48 +01:00
Nick Schonning bd1d57c230
Autofix Rubocop RSpec/EmptyLineAfterSubject (#23719) 2023-02-20 02:46:00 +01:00
Nick Schonning 65ba0d92ef
Enable Rubocop RSpec/NotToNot (#23723) 2023-02-20 02:33:27 +01:00
Nick Schonning 81ad6c2e39
Autofix Rubocop Style/StringLiterals (#23695) 2023-02-19 07:38:14 +09:00
Nick Schonning ac3561098e
Autofix Rubocop RSpec/LetBeforeExamples (#23671) 2023-02-19 07:17:59 +09:00
Nick Schonning 3680e032b4
Autofix Rubocop RSpec/EmptyLineAfterFinalLet (#23707) 2023-02-19 07:10:19 +09:00
Nick Schonning b4cbfff3eb
Autofix Rubocop RSpec/ExcessiveDocstringSpacing (#23666) 2023-02-18 12:47:37 +01:00
Nick Schonning a7db0b41cd
Autofix Rubocop Lint/ParenthesesAsGroupedExpression (#23682) 2023-02-18 04:00:05 +01:00
Nick Schonning c0a645f647
Autofix Rubocop RSpec/ExampleWording (#23667) 2023-02-18 03:26:20 +01:00
Nick Schonning 54318dcd6d
Autofix Rubocop RSpec/ClassCheck (#23685) 2023-02-18 03:24:16 +01:00
Nick Schonning 6d42820e5d
Autofix Rubocop Lint/AmbiguousOperator (#23680) 2023-02-18 03:22:01 +01:00
Nick Schonning 669f6d2c0a
Run rubocop formatting except line length (#23632) 2023-02-18 06:56:20 +09:00
Nick Schonning 68b1071f86
Autofix Rubocop RSpec/BeNil (#23653) 2023-02-17 21:45:27 +09:00
Nick Schonning 0592937264
Apply Rubocop Rails/WhereNot (#23448)
* Apply Rubocop Rails/WhereNot

* Update spec for where.not
2023-02-08 10:39:57 +01:00
Nick Schonning ed570050c6
Autofix Rails/EagerEvaluationLogMessage (#23429)
* Autofix Rails/EagerEvaluationLogMessage

* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Claire 6883fddb19
Fix account activation being triggered before email confirmation (#23245)
* Add tests

* Fix account activation being triggered before email confirmation

Fixes #23098
2023-01-24 19:40:21 +01:00
Partho Ghosh 115ab2869b
Fix ・ detection in hashtag regex to construct hashtag correctly (#22888)
* Fix ・ detection in hashtag regex to construct hashtag correctly

* Fixed rubocop liniting issues

* More rubocop linting fix
2023-01-04 02:12:48 +01:00
Claire 70415714f1
Add follow request banner on account header (#20785)
* Add requested_by to relationship maps

* Display whether an account has requested to follow you on their profile
2022-12-15 18:50:11 +01:00
Jeong Arm d412147d02
Save avatar or header correctly even if other one fails (#18465)
* Save avatar or header correctly if other one fails

* Fix test
2022-12-15 17:11:14 +01:00
Claire b59fb28e90
Fix 500 error when trying to migrate to an invalid address (#21462)
* Fix 500 error when trying to migrate to an invalid address

* Add tests
2022-12-07 02:35:39 +01:00
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
2022-11-20 19:28:13 +01:00
Eugen Rochko b31afc6294
Fix error when passing unknown filter param in REST API (#20626)
Fix #19156
2022-11-14 08:06:06 +01:00
Emily Strickland c2231539c7
Test blank account field verifiability (#20458)
* Test blank account field verifiability

This change tests the need for #20428, which ensures that we guard against a situation in which `at_xpath` returns `nil`.

* Test verifiability of blank fields for remote account profiles

This adds a counterpart test for remote account profiles' fields' verifiability when those fields are blank. I previously added the same test for local accounts.
2022-11-13 21:02:09 +01:00
Eugen Rochko 9965a23b04
Change link verification to ignore IDN domains (#20295)
Fix #3833
2022-11-10 06:27:45 +01:00
Eugen Rochko e98833748e
Fix being able to spoof link verification (#20217)
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
2022-11-09 08:24:21 +01:00
luzpaz 6ba52306f9
Fix typos (#19849)
Found via `codespell -q 3 -S ./yarn.lock,./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,followings,keypair,medias,pattens,pixelx,rememberable,ro,te`
2022-11-08 17:32:03 +01:00
Roni Laukkarinen 36b0ff57b7
Fix grammar (#20106) 2022-11-08 16:35:42 +01:00
Eugen Rochko d0ba77047e
Change max. thumbnail dimensions to 640x360px (360p) (#19619) 2022-11-01 13:01:39 +01:00
Eugen Rochko 45ebdb72ca
Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
Eugen Rochko 9f65909f42
Change public timelines to be filtered by current locale by default (#19291)
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2022-10-05 03:48:06 +02:00
Eugen Rochko 50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
Eugen Rochko 0412a4d03e
Change e-mail domain blocks to match subdomains of blocked domains (#18979) 2022-08-24 19:00:55 +02:00
Eugen Rochko c3f0621a59
Add ability to follow hashtags (#18809) 2022-07-17 13:49:29 +02:00
Eugen Rochko e7aa2be828
Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
2022-07-13 15:03:28 +02:00
Eugen Rochko 44b2ee3485
Add customizable user roles (#18641)
* Add customizable user roles

* Various fixes and improvements

* Add migration for old settings and fix tootctl role management
2022-07-05 02:41:40 +02:00
Claire 02851848e9
Revamp post filtering system (#18058)
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
2022-06-28 09:42:13 +02:00
Eugen Rochko a2871cd747
Add administrative webhooks (#18510)
* Add administrative webhooks

* Fix error when webhook is deleted before delivery worker runs
2022-06-09 21:57:36 +02:00
Claire 440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
2022-05-26 15:50:33 +02:00
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135)
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
2022-04-28 17:47:34 +02:00
Eugen Rochko 71f2b95106
Fix edits with no actual changes being allowed (#17843)
* Fix edits with no actual changes being allowed locally

* Fix edits with no actual changes being allowed through ActivityPub

* Fix false positive changes caused by description processing in model

* Fix not recording poll expiration update

* Fix test

* Revert changes to ProcessStatusUpdateService

* Various fixes and improvements

* Fix code style issues

* Various changes and improvements

* Add guard clause
2022-03-26 00:38:44 +01:00
Eugen Rochko d17fb70131
Change how changes to media attachments are stored for edits (#17696)
* Change how changes to media attachments are stored for edits

Fix not being able to re-order media attachments

* Fix not broadcasting updates when polls/media is changed through ActivityPub

* Various fixes and improvements

* Update app/models/report.rb

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Add tracking of media attachment description changes

* Change poll in status edit to have a structure closer to the real one

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-09 09:06:17 +01:00
Eugen Rochko 8f6c67bfde
Fix performance of account timelines (#17709)
* Fix performance of account timelines

* Various fixes and improvements

* Fix duplicate results being returned

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Fix grouping for pinned statuses scope

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-08 09:14:39 +01:00
Josh Soref b5329e0035
Spelling (#17705)
* spelling: account

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: affiliated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: appearance

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: autosuggest

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: cacheable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: component

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: conversations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: domain.example

Clarify what's distinct and use RFC friendly domain space.

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: environment

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: exceeds

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: functional

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: inefficiency

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: not

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: notifications

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: occurring

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: position

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: progress

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: promotable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: reblogging

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: repetitive

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: resolve

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: saturated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: similar

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: strategies

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: success

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: targeting

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: thumbnails

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unauthorized

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unsensitizes

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: validations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: various

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2022-03-06 22:51:40 +01:00
Eugen Rochko 27965ce5ed
Add trending statuses (#17431)
* Add trending statuses

* Fix dangling items with stale scores in localized sets

* Various fixes and improvements

- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction

* Add tests for trending statuses filtering behaviour

* Fix not applying filtering scope in controller
2022-02-25 00:34:14 +01:00
Eugen Rochko a29a982eaa
Change e-mail domain blocks to block IPs dynamically (#17635)
* Change e-mail domain blocks to block IPs dynamically

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-24 17:28:23 +01:00
luzpaz 73f5e4a1d9
Fix various typos (#17621)
Found via `codespell -q 3 -S ./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,keypair,medias,ro`
2022-02-22 20:14:17 +01:00
Jeong Arm 2fd2666eea
Add test for user matching ip (#17572) 2022-02-16 13:14:53 +01:00
Eugen Rochko 564efd0651
Add appeals (#17364)
* Add appeals

* Add ability to reject appeals and ability to browse pending appeals in admin UI

* Add strikes to account page in settings

* Various fixes and improvements

- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes

* Change appealed_at to overruled_at

* Fix missing method error
2022-02-14 21:27:53 +01:00
Claire 472bc89611
Fix some flaky tests that randomly failed because of item ordering (#17509) 2022-02-10 22:00:10 +01:00
Claire e38fc319dc
Refactor and improve tests (#17386)
* Change account and user fabricators to simplify and improve tests

- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.

* Fix and refactor tests

- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code.
2022-01-28 00:46:42 +01:00
Claire 0a120d86d2
Fix error-prone SQL queries (#15828)
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e.
2022-01-23 18:10:10 +01:00