asonix
/
mastodon
1
1
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
15,190 Commits 36 Branches 245 Tags 214 MiB
Commit Graph

1803 Commits

Author SHA1 Message Date
Claire 15de520201
Merge pull request from GHSA-jhrq-qvrm-qr36 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
 2024-02-16 11:56:12 +01:00
Claire 870ee80fd3 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 22:55:31 +01:00
Claire 76a37bd040 Fix OmniAuth tests (#29201) 2024-02-14 16:06:38 +01:00
Claire f1700523f1
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire 0b0c7af2c1
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Emelia Smith 6d43b63275 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:03:21 +01:00
Claire a6641f828b
Merge pull request from GHSA-3fjr-858r-92rw 
* Fix insufficient origin validation

* Bump version to v4.2.5
 2024-02-01 15:56:46 +01:00
Claire b377f82b1d Fix processing of compacted single-item JSON-LD collections (#28816) 2024-01-24 15:31:13 +01:00
Claire 6fe2a47357 Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:13 +01:00
Claire 3837ec2227 Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:13 +01:00
Claire 1998c561b2 Convert signature verification specs to request specs (#28443) 2024-01-24 15:31:13 +01:00
Claire c0a9db3611 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:13 +01:00
Eugen Rochko 4d96d716c4 Fix unsupported time zone or locale preventing sign-up (#28035) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:13 +01:00
MitarashiDango 0a01bc01d2 Fix Undo Announce activity is not sent, when not followed by the reblogged post author (#18482) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:13 +01:00
Claire d7875adad2
Fix call to inefficient `delete_matched` cache method in domain blocks (#28367) 2023-12-19 11:27:37 +01:00
Claire 1076a6cd62 Fix incoming status creation date not being restricted to standard ISO8601 (#27655) 2023-12-04 15:28:15 +01:00
Claire 54a07731d1 Fix posts from threads received out-of-order sometimes not being inserted into timelines (#27653) 2023-12-04 15:28:15 +01:00
Claire e6f4c91c5c Fix hashtag matching pattern matching some URLs (#27584) 2023-12-04 15:28:15 +01:00
Claire c66ade7de8 Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-12-04 15:28:15 +01:00
Claire bece853e3c Fix error and incorrect URLs in `/api/v1/accounts/:id/featured_tags` for remote accounts (#27459) 2023-12-04 15:28:15 +01:00
Claire 13205b54fd Fix handling of `inLanguage` attribute in preview card processing (#27423) 2023-12-04 15:28:15 +01:00
KMY(雪あすか) 8be33d4316 Fix when unfollow a tag, my post also disappears from the home timeline (#27391) 2023-12-04 15:28:15 +01:00
Claire cdedae6d63 Fix some link anchors being recognized as hashtags (#27271) 2023-12-04 15:28:15 +01:00
Claire aa69ca74ed Fix incorrect serialization of regional languages in `contentMap` (#27207) 2023-12-04 15:28:15 +01:00
Claire eea2654236
Fix format-dependent redirects being cached regardless of requested format (#27634) 2023-11-13 17:58:00 +01:00
Claire 74dd325112
Fix duplicate reports being sent when reporting some remote posts (port to v4.2.1) (#27356) 2023-10-10 18:23:31 +02:00
Claire ffcf2c691e Fix Vary headers not being set on some redirects (#27272) 2023-10-10 13:52:41 +02:00
Matt Jankowski a9588065b2 Dont match mention in url query string (#25656) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-10-10 13:52:41 +02:00
Claire 0619ec1592 Fix boosts of local users being filtered in account timelines (#27204) 2023-10-10 13:52:41 +02:00
Claire fa98c9b077 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:52:41 +02:00
Claire 828eebad48
Add `hide_collections`, `discoverable` and `indexable` attributes to credentials API (#26998) 2023-09-20 18:25:16 +02:00
Claire 94893cf24f
Merge pull request from GHSA-hcqf-fw2r-52g4 
* Revert "Fix request URL normalisation for bare domain and 8-bit characters (#26285)"

This reverts commit 8891d8945d.

* Revert "Do not normalize URL before fetching it (#26219)"

This reverts commit fd284311e7.
 2023-09-19 16:52:52 +02:00
Claire 6273416292
Fix post edits not being forwarded as expected (#26936) 2023-09-15 19:54:32 +02:00
Robert R George 20666482ef
Added admin api for managing tags (#26872) 2023-09-13 11:22:53 +02:00
jsgoldstein 4d9186a48c
Add search tests (#26703) 2023-09-08 16:17:55 +02:00
Eugen Rochko 3a679844e4
Fix `account_id`, `max_id` and `min_id` params not working in search (#26847) 2023-09-08 14:25:00 +02:00
Claire 81caafbe84
Fix performances of profile directory (#26842) 2023-09-07 18:55:25 +02:00
Claire 355e3fb529
Simplify `Account.by_recent_status` and `Account.by_recent_sign_in` scopes (#26840) 2023-09-07 15:38:11 +02:00
Claire 1f99d86287
Fix blocked domain appears from account feed (#26823) 
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-09-06 21:04:48 +02:00
Claire b83e487502
Fix moderator rights inconsistencies (#26729) 2023-09-06 16:40:19 +02:00
Eugen Rochko ece1ff77d6
Add `in:library` syntax to search (#26760) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-09-04 17:20:35 +02:00
Christian Schmidt ea31929776
Fix invalid Content-Type header for WebP images (#26773) 2023-09-04 09:46:33 +02:00
Claire 16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
Eugen Rochko e754083e8a
Fix unmatched quotes and prefixes causing search to fail (#26701) 2023-09-01 09:43:12 +02:00
Daniel M Brasil ccca542db1
Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237) 2023-08-31 13:53:24 +02:00
Tyler Deitz 336ec503c2
Add avatar image to webfinger responses (#26558) 2023-08-31 13:46:27 +02:00
Eugen Rochko 2304cc6456
Fix bad search type heuristic (#26673) 2023-08-28 17:08:37 +02:00
Claire e3825a13c1
Add PublicStatusesCheck to Elasticsearch index check on admin dashboard (#26650) 2023-08-25 12:01:55 +02:00
jsgoldstein 30c191aaa0
Add new public status index (#26344) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-08-24 16:40:04 +02:00
Daniel M Brasil f337008819
Fix timeout on invalid set of exclusionary parameters in `/api/v1/timelines/public` (#26239) 2023-08-23 15:50:23 +02:00