Commit graph

226 commits

Author SHA1 Message Date
nullkal dfcd2834f9 Redirect to PasswordController#new when reset_password_token is invalid () 2017-08-03 17:45:45 +02:00
Akihiko Odaki 0f92119ceb Cover Api::V1:FavouritesController more () 2017-07-28 04:37:44 +02:00
Akihiko Odaki 4f0b638cda Introduce access token fabricators () 2017-07-27 15:16:07 +02:00
Akihiko Odaki bdf573d140 Remove redundant fabrication in the spec for Api::V1::FavouritesController () 2017-07-27 15:13:10 +02:00
Sorin Davidoi 9075c90c46 feat: Enable push subscription for mobile devices by default () 2017-07-23 23:27:23 +02:00
Eugen Rochko 1fcdaafa6f Fix webfinger retries ()
* Do not raise unretryable exceptions in ResolveRemoteAccountService

* Removed fatal exceptions from ResolveRemoteAccountService

Exceptions that cannot be retried should not be raised. New exception
class for those that can be retried (Mastodon::UnexpectedResponseError)
2017-07-20 01:59:07 +02:00
abcang 4d42a38954 Improve admin page ()
* Improve admin page

* Fix test

* Add spec

* Improve select style
2017-07-18 16:38:22 +02:00
Eugen Rochko 8c45cd0e36 Improve ActivityPub representations ()
* Improve webfinger templates and make tests more flexible

* Clean up AS2 representation of actor

* Refactor outbox

* Create activities representation

* Add representations of followers/following collections, do not redirect /users/:username route if format is empty

* Remove unused translations

* ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better
URL/URI generation

* Add ActivityPub::TagManager#to

* Represent all attachments as Document instead of Image/Video specifically
(Because for remote ones we may not know for sure)

Add mentions and hashtags representation to AP notes

* Add AP-resolvable hashtag URIs

* Use ActiveModelSerializers for ActivityPub

* Clean up unused translations

* Separate route for object and activity

* Adjust cc/to matrices

* Add to/cc to activities, ensure announce activity embeds target status and
not the wrapper status, add "id" to all collections
2017-07-15 03:01:39 +02:00
Eugen Rochko cd9b2ab2f7 Fix - Connect signed PuSH subscription requests to instance domain ()
* Fix  - Connect signed PuSH subscription requests to instance domain

Resolves 

* Fix return of locate_subscription

* Fix tests
2017-07-14 23:01:20 +02:00
Eugen Rochko 1618b68bfa HTTP signatures ()
* Add Request class with HTTP signature generator

Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06

* Add HTTP signature verification concern

* Add test for SignatureVerification concern

* Add basic test for Request class

* Make PuSH subscribe/unsubscribe requests use new Request class

Accidentally fix lease_seconds not being set and sent properly, and
change the new minimum subscription duration to 1 day

* Make all PuSH workers use new Request class

* Make Salmon sender use new Request class

* Make FetchLinkService use new Request class

* Make FetchAtomService use the new Request class

* Make Remotable use the new Request class

* Make ResolveRemoteAccountService use the new Request class

* Add more tests

* Allow +-30 seconds window for signed request to remain valid

* Disable time window validation for signed requests, restore 7 days
as PuSH subscription duration (which was previous default due to a bug)
2017-07-14 20:41:49 +02:00
Sorin Davidoi 0c7c188c45 Web Push Notifications ()
* feat: Register push subscription

* feat: Notify when mentioned

* feat: Boost, favourite, reply, follow, follow request

* feat: Notification interaction

* feat: Handle change of public key

* feat: Unsubscribe if things go wrong

* feat: Do not send normal notifications if push is enabled

* feat: Focus client if open

* refactor: Move push logic to WebPushSubscription

* feat: Better title and body

* feat: Localize messages

* chore: Fix lint errors

* feat: Settings

* refactor: Lazy load

* fix: Check if push settings exist

* feat: Device-based preferences

* refactor: Simplify logic

* refactor: Pull request feedback

* refactor: Pull request feedback

* refactor: Create /api/web/push_subscriptions endpoint

* feat: Spec PushSubscriptionController

* refactor: WebPushSubscription => Web::PushSubscription

* feat: Spec Web::PushSubscription

* feat: Display first media attachment

* feat: Support direction

* fix: Stuff broken while rebasing

* refactor: Integration with session activations

* refactor: Cleanup

* refactor: Simplify implementation

* feat: Set VAPID keys via environment

* chore: Comments

* fix: Crash when no alerts

* fix: Set VAPID keys in testing environment

* fix: Follow link

* feat: Notification actions

* fix: Delete previous subscription

* chore: Temporary logs

* refactor: Move migration to a later date

* fix: Fetch the correct session activation and misc bugs

* refactor: Move migration to a later date

* fix: Remove follow request (no notifications)

* feat: Send administrator contact to push service

* feat: Set time-to-live

* fix: Do not show sensitive images

* fix: Reducer crash in error handling

* feat: Add badge

* chore: Fix lint error

* fix: Checkbox label overlap

* fix: Check for payload support

* fix: Rename action "type" (crash in latest Chrome)

* feat: Action to expand notification

* fix: Lint errors

* fix: Unescape notification body

* fix: Do not allow boosting if the status is hidden

* feat: Add VAPID keys to the production sample environment

* fix: Strip HTML tags from status

* refactor: Better error messages

* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)

* fix: Error when target_status is nil

* fix: Handle lack of image

* fix: Delete reference to invalid subscriptions

* feat: Better error handling

* fix: Unescape HTML characters after tags are striped

* refactor: Simpify code

* fix: Modify to work with 

* Sort strings alphabetically

* i18n: Updated Polish translation

it annoys me that it's not fully localized :P

* refactor: Use current_session in PushSubscriptionController

* fix: Rebase mistake

* fix: Set cacheName to mastodon

* refactor: Pull request feedback

* refactor: Remove logging statements

* chore(yarn): Fix conflicts with master

* chore(yarn): Copy latest from master

* chore(yarn): Readd offline-plugin

* refactor: Use save! and update!

* refactor: Send notifications async

* fix: Allow retry when push fails

* fix: Save track for failed pushes

* fix: Minify sw.js

* fix: Remove account_id from fabricator
2017-07-13 22:15:32 +02:00
Eugen Rochko 056b5ed72f Improve UI of admin site settings () 2017-07-12 03:24:04 +02:00
STJrInuyasha 7a889a8e12 Remote following success page ()
* Added a success page to remote following
Includes follow-through links to web (the old redirect target) and back to the remote user's profile

* Use Account.new in spec instead of a fake with only id
(fixes spec)

* Fabricate(:account) over Account.new

* Remove self from the success text
(and all HTML with it)
2017-07-10 18:05:06 +02:00
Eugen Rochko 864e3f8d9c Replace OEmbed and initial state Rabl templates with serializers ()
* Replace OEmbed Rabl template with serializer

* Replace initial state rabl with serializer
2017-07-08 14:51:05 +02:00
Matt Jankowski 6dd5eac7fc Add controller spec for manifests controller () 2017-06-30 13:43:34 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 0a53ca444a Cover Admin::AccountsController more () 2017-06-29 01:43:10 +02:00
Eugen Rochko 42b8220632 Fix - Send e-mail notifications to admins about new reports () 2017-06-27 00:04:00 +02:00
Eugen Rochko 5e8d037e27 Fix - Require OTP authentication to disable 2FA ()
* Fix  - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation

* Restore recovery code re-generation

* Improve display of some 2FA elements
2017-06-25 23:51:46 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 67243bda31 Cover Auth::RegistrationsController more () 2017-06-25 21:42:55 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 8f991831b8 Cover Admin::DomainBlocksController more ()
Also domain_block fabricator now sets unique domains
2017-06-25 21:42:36 +02:00
masarakki ff142eb64d setting-for-account-deletable () 2017-06-19 15:12:31 +02:00
Eugen Rochko f3be605286 Rename FollowRemoteAccountService to ResolveRemoteAccountService ()
Rename Activitypub to ActivityPub
2017-06-19 01:51:04 +02:00
Eugen Rochko 91c71471ab Fix account delete form not accepting password, update suspended ()
account before removing content for quicker feedback to end-users
2017-06-14 20:30:12 +02:00
Eugen Rochko 4a618908e8 Account deletion ()
* Add form for account deletion

* If avatar or header are gone from source, remove them

* Add option to have SuspendAccountService remove user record, add tests

* Exclude suspended accounts from search
2017-06-14 18:01:27 +02:00
unarist abbdacedc5 Fix locale related specs ()
* Use I18n.locale instead of ":en"
* Reset I18n.locale value after locale changing tests
2017-06-12 10:58:03 +02:00
René Klačan dcf0530218 Make sure email is case insensitive on all places ()
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.

More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
2017-06-11 02:29:08 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 4919b89ab8 Improve default language decision and spec ()
* Improve default language decision

This change allows to takes account of accepted language determined by
the user agent even if the custom default locale of the instance is
configured.

* Cover Localized more

* Fix code style
2017-06-10 09:44:02 +02:00
Matt Jankowski 2925372ff4 Move create/destroy actions for api/v1/statuses to namespace ()
Each of mute, favourite, reblog has been updated to:

- Have a separate controller with just a create and destroy action
- Preserve historical route names to not break the API
- Mild refactoring to break up long methods
2017-06-10 09:39:26 +02:00
Matt Jankowski 5282ba862a Move reblogged_by and favourited_by actions out of api/v1/statuses and into unique controllers ()
* Add specs for api statuses routes

* Update favourited_by and reblogged_by api routes

* Move methods into new controllers

* Use load_accounts methods to simplify index actions

* Clean up load_accounts methods

* Clean up link header generation

* Check for link headers in specs

* Remove unused actions from api/v1/statuses controller

* Remove specs for moved actions
2017-06-09 14:12:40 -04:00
Matt Jankowski 73540ffe6b Clean up for api/base controller ()
* Move ApiController to Api/BaseController

* API controllers inherit from Api::BaseController

* Add coverage for various error cases in api/base controller
2017-06-07 20:09:25 +02:00
unarist 0f1b1d78b1 Use "match_array" only for order independent assertions () 2017-06-07 12:59:28 -04:00
Matt Jankowski f0634ba876 Coverage improvement and concern extraction for rate limit headers in API controller ()
* Coverage for rate limit headers

* Move rate limit headers methods to concern

* Move throttle check to condition on before_action

* Move match_data variable into method

* Move utc timestamp to separate method

* Move header setting into smaller methods

* specs cleanup
2017-06-07 17:23:26 +02:00
Daigo 3 Dango 2985d08951 Redirect to streaming_api_base_url ()
* Redirect to streaming_api_base_url

When Rails receives a request to streaming API, it most likely
means that there is another host which is configured to respond
to it. This is to redirect clients to that host if
`STREAMING_API_BASE_URL` is set as another host.

* Use the new Ruby 1.9 hash syntax
2017-06-05 12:09:29 +02:00
Yamagishi Kazutoshi e878ddb7c0 Fix spec for () 2017-06-03 14:40:55 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 10768aa204 Spec response for forgery ()
Remove protect_from_forgery in ApiController, which is disabled by the
following skip_before_action, as well.
2017-06-01 20:56:55 +02:00
Matt Jankowski 5c63523972 Spec coverage and refactor for the api/v1/accounts controllers () 2017-05-31 21:36:24 +02:00
Matt Jankowski de4681b2be Move admin/pubsubhubbub controller to admin/subscriptions () 2017-05-31 20:39:35 +02:00
Matt Jankowski 5236a62861 Improve spec coverage and clean up api/v1/blocks controller () 2017-05-31 20:34:51 +02:00
Matt Jankowski 0f155829b7 Improve spec coverage and clean up api/v1/follow_requests controller () 2017-05-31 20:32:11 +02:00
Matt Jankowski 84dda45df9 Improve spec coverage and clean up api/v1/domain_blocks controller () 2017-05-31 20:31:14 +02:00
Matt Jankowski 75cad1d9d6 Improve spec coverage and clean up api/v1/favourites controller () 2017-05-31 20:30:39 +02:00
Matt Jankowski bf811e4d4a Improve spec coverage and clean up api/v1/mutes controller () 2017-05-31 20:27:34 +02:00
Yamagishi Kazutoshi 41fa53253c Keep ENV['LOCAL_HTTPS'] with ApplicationControllerSpec (fix random fail) ()
* Keep ENV['LOCAL_HTTPS'] with ApplicationControllerSpec (fix random fail)

* use climate_control
2017-05-31 17:09:17 +02:00
Matt Jankowski 8235623362 Improve spec coverage and clean up api/v1/media controller () 2017-05-30 21:11:29 -04:00
Matt Jankowski 83435c49ea Clean up api/subscriptions controller () 2017-05-31 02:15:09 +02:00
Matt Jankowski 3576fa0d59 Improve api oembed controller ()
* Add StreamEntryFinder class to parse URLs

* Use StreamEntryFinder and clean up api/oembed controller
2017-05-30 16:30:06 -04:00
Matt Jankowski 1dcfb90202 Clean up api/salmon controller () 2017-05-30 16:28:58 -04:00
Matt Jankowski 0ebe7d6d23 Remove exports/base controller in favor of shared concern () 2017-05-30 19:06:01 +02:00
Akihiko Odaki 67bc58dd60 Use around hook to restore context in Admin::SettingsController spec () 2017-05-30 06:32:09 -04:00
Jack Jennings 3a2003ba86 Extract authorization policy for viewing statuses () 2017-05-29 18:22:22 +02:00