From c41639d7e887d4194b7e049369475adea01812bd Mon Sep 17 00:00:00 2001 From: 204504bySE <204504byse@204504byse.info> Date: Sun, 18 Feb 2024 08:15:30 +0900 Subject: [PATCH] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit b7b03e8d26a4344ef331ba667c16311110a0d6dd Author: Claire Date: Thu Feb 15 11:57:34 2024 +0100 Bump version to v4.1.15 commit a07fff079b184435b156cd9d4fb155cf02694fe9 Author: Claire Date: Fri Feb 16 11:56:12 2024 +0100 Merge pull request from GHSA-jhrq-qvrm-qr36 * Fix insufficient Content-Type checking of fetched ActivityStreams objects * Allow JSON-LD documents with multiple profiles commit 6f29d50aa51ab81ea4ab9d2b390549cae697927d Author: Claire Date: Fri Feb 16 09:42:31 2024 +0100 Update dependency pg to 1.5.5 commit 9e5af6bb58241134a8ff313e40768b1b067e5715 Author: Claire Date: Wed Feb 14 22:49:45 2024 +0100 Fix user creation failure handling in OAuth paths (#29207) Co-authored-by: Matt Jankowski commit 6499850ac45128a7f5836f4c97e5ce032130a5bd Author: Claire Date: Wed Feb 14 13:30:32 2024 +0100 Bump version to v4.1.14 commit 6f36b633a7545a2cbbe5f28dc5c8e512aeb98ea9 Author: Claire Date: Wed Feb 14 15:16:07 2024 +0100 Merge pull request from GHSA-vm39-j3vx-pch3 * Prevent different identities from a same SSO provider from accessing a same account * Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true` * Rename methods to avoid confusion between OAuth and OmniAuth commit d807b3960e96dc29669b7767cea1246ac68d508d Author: Claire Date: Wed Feb 14 15:15:34 2024 +0100 Merge pull request from GHSA-7w3c-p9j8-mq3x * Ensure destruction of OAuth Applications notifies streaming Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens. * Ensure password resets revoke access to Streaming API * Improve performance of deleting OAuth tokens --------- Co-authored-by: Emelia Smith commit 2f6518cae2c5d19bfb5ccf46f7b1946f5dac6caf Author: Claire Date: Wed Feb 14 13:12:13 2024 +0100 Add `sidekiq_unique_jobs:delete_all_locks` task and disable `sidekiq-unique-jobs` UI by default (#29199) commit cdbe2855f3e33db3cea84b0c91a5f93c782125e2 Author: Emelia Smith Date: Tue Feb 13 19:11:47 2024 +0100 Disable administrative doorkeeper routes (#29187) commit fdde3cdb4e0c9b2d625e22a2957317cae066e1fe Author: blah Date: Wed Feb 14 10:33:42 2024 +0000 Update dependency sidekiq-unique-jobs to 7.1.33 commit ce9c641d9a0f55d3c718e701b220da272b0edc69 Author: blah Date: Wed Feb 14 10:22:28 2024 +0000 Update dependency nokogiri to 1.16.2 commit 5799bc4af76813294a9eee8164d64a96612c0c0d Author: Claire Date: Thu Feb 1 15:56:46 2024 +0100 Merge pull request from GHSA-3fjr-858r-92rw * Fix insufficient origin validation * Bump version to v4.1.13 commit fc4e2eca9f48c2c50842e24453f3ad1d8e8e2238 Author: Claire Date: Tue Jan 23 15:28:21 2024 +0100 Bump version to v4.1.12 commit 2e8943aecd0462e8642befe4d1395c1fda9767d3 Author: Claire Date: Fri Jan 19 13:19:49 2024 +0100 Add rate-limit of TOTP authentication attempts at controller level (#28801) commit e6072a8d13272179671128fa319e4f617106eb00 Author: Claire Date: Fri Jan 19 19:52:59 2024 +0100 Fix error when processing remote files with unusually long names (#28823) commit 460e4fbdd62ed6bb8b04e037fb1359618f9150a7 Author: Claire Date: Fri Jan 19 13:43:10 2024 +0100 Fix processing of compacted single-item JSON-LD collections (#28816) commit de6032271198e3c50852acc22447d7cc8732e00b Author: Jonathan de Jong Date: Fri Jan 19 10:18:21 2024 +0100 Retry 401 errors on replies fetching (#28788) Co-authored-by: Claire commit 90bb87068009121fe2824b0e3ef7d2229c895c46 Author: Jeong Arm Date: Tue Jan 16 17:35:54 2024 +0900 Ignore RecordNotUnique errors in LinkCrawlWorker (#28748) commit 9292d998fe2ab523bb8ffbf6418e8cf7810b487d Author: Claire Date: Wed Jan 3 12:29:26 2024 +0100 Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) commit 92643f48de80992f1598a97250954c52897b3479 Author: Claire Date: Fri Dec 22 19:56:22 2023 +0100 Convert signature verification specs to request specs (#28443) commit 458620bdd4d0b8af49b6eef02050b32814acf6e8 Author: Claire Date: Wed Jan 10 16:05:46 2024 +0100 Fix potential redirection loop of streaming endpoint (#28665) commit a1a71263e09704ca84d30763a03512e2a59091bf Author: Claire Date: Tue Jan 2 13:27:51 2024 +0100 Fix streaming API redirection ignoring the port of `streaming_api_base_url` (#28558) commit 4c5575e8e050e69860dd775e8fa98be00d86008c Author: MitarashiDango Date: Sat Jan 13 00:58:28 2024 +0900 Fix Undo Announce activity is not sent, when not followed by the reblogged post author (#18482) Co-authored-by: Claire commit a2ddd849e273d6d28e5c85f8b0059a93146ba1a5 Author: Claire Date: Tue Dec 12 09:29:46 2023 +0100 Fix `LinkCrawlWorker` error when encountering empty OEmbed response (#28268) commit 2e4d43933d2775be21bbdce6e904ca8d08c6cc0a Author: Claire Date: Mon Dec 18 11:03:20 2023 +0100 Fix SQL query in `/api/v1/directory` (#28412) commit 363bedd0504a29d444a585cd914e7f741915eb8f Author: Claire Date: Mon Nov 27 15:00:52 2023 +0100 Bump version to v4.1.11 commit cc94c7097084bf8213130dfba96317ecada58c5f Author: Claire Date: Mon Nov 27 14:25:54 2023 +0100 Clamp dates when serializing to Elasticsearch API (#28081) commit 613d00706c3177b345feeafd0f797e31fd5ba2fe Author: Claire Date: Fri Nov 24 10:31:28 2023 +0100 Change GIF max matrix size error to explicitly mention GIF files (#27927) commit 8bbe2b970f8cd0c62c83616886c7084d9c93c167 Author: Jonathan de Jong Date: Fri Oct 27 16:55:00 2023 +0200 Have `Follow` activities bypass availability (#27586) Co-authored-by: Claire commit 803e15a3cfe1a21661258b40e5276af29b676481 Author: Claire Date: Mon Nov 6 10:28:14 2023 +0100 Fix incoming status creation date not being restricted to standard ISO8601 (#27655) commit 1d835c94232ede532f89d87fdcf573db2832d9a9 Author: Claire Date: Mon Oct 30 23:32:25 2023 +0100 Fix posts from force-sensitized accounts being able to trend (#27620) commit ab68df9af087ac8fa0261a5de4c0d5a383de229c Author: Claire Date: Fri Oct 27 16:04:51 2023 +0200 Fix hashtag matching pattern matching some URLs (#27584) commit a89a25714dc07ace7dc1762f87faad5c9470f620 Author: Claire Date: Mon Oct 23 14:19:38 2023 +0200 Fix some link anchors being recognized as hashtags (#27271) commit 1210524a3d897565e1de9dc0d3051d68f94f9c70 Author: Claire Date: Fri Oct 20 10:45:46 2023 +0200 Fix processing LDSigned activities from actors with unknown public keys (#27474) commit ff3a9dad0de79dff981ded4a3691917521e90b4e Author: Claire Date: Fri Oct 27 10:35:21 2023 +0200 Fix error and incorrect URLs in `/api/v1/accounts/:id/featured_tags` for remote accounts (#27459) commit 3ef0a19baceb6ace5201fa1f8a39a324feef11ac Author: Claire Date: Thu Oct 26 19:03:31 2023 +0200 Fix report processing notice not mentioning the report number when performing a custom action (#27442) commit 78e457614cae328f73555f11d77dc4cf341019b1 Author: Claire Date: Mon Oct 23 14:27:07 2023 +0200 Change Content-Security-Policy to be tighter on media paths (#26889) commit 1e896e99d2b85968eaee87b601bd04b8cf0f35bc Author: Claire Date: Tue Oct 10 15:32:42 2023 +0200 Update dependencies (#27354) commit df60d04dc170edf9d1203894958a181caf1910f1 Author: Claire Date: Sun Oct 8 16:27:12 2023 +0200 Bump version to v4.1.10 commit 335982325e32430858da8112cb86e382e1eaeaa2 Author: Matt Jankowski Date: Tue Oct 3 11:01:45 2023 -0400 Dont match mention in url query string (#25656) Co-authored-by: Claire commit 15c5727f71eeeb321802f3d3ed264a15e1934c01 Author: Claire Date: Tue Oct 3 12:21:32 2023 +0200 Add a short-lived lock to trend refresh scheduler (#27253) commit f8154cf732ed07b276fc303e620943e15caf70d6 Author: David Aaron <1858430+suddjian@users.noreply.github.com> Date: Tue Oct 3 02:48:57 2023 -0700 Change min age of backup policy from 1 week to 6 days (#27200) commit 45669ac5e6564301446ab5b22217cc4fbc653b12 Author: Jakob Gillich Date: Tue Oct 3 10:47:50 2023 +0200 Fix importer returning negative row estimates (#27258) commit 8d73fbee87c18300c1b088ae4cb55912075588e2 Author: Claire Date: Tue Oct 3 10:09:00 2023 +0200 Change some worker lock TTLs (#27246) commit f1d3eda159fcc9341a19d1d8060a556f8801d7d4 Author: Claire Date: Thu Sep 28 13:41:24 2023 +0200 Fix filtering audit log for entries about disabling 2FA (#27186) commit c97fbabb614e6b775a2d13e187ab0375414deb06 Author: Essem Date: Mon Sep 25 12:21:07 2023 -0500 Properly remove tIME chunk from PNG uploads (#27111) commit f2fff6be669d6fcf66a8bd5f46f9db3e3492bc37 Author: Claire Date: Fri Oct 6 12:58:16 2023 +0200 Fix crash when filtering for “dormant” relationships (#27306) commit b40c42fd1ef57f24a56cc17b20da8aa151e3b117 Author: Claire Date: Mon Sep 25 15:06:43 2023 +0200 Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) commit 9950e59578f59f7e0d2edbb7e4eb26273087c2c4 Author: Claire Date: Thu Sep 21 18:14:24 2023 +0200 Disable setting the `latest` tag for 4.1 docker builds (#27023) commit e4c0aaf6264907de2efd46924946d2281d80e3d4 Author: Claire Date: Wed Sep 20 17:25:05 2023 +0200 Bump version to v4.1.9 (#26997) commit 5d93c5f0196b556c1faf18fe6cc7ad38ae6e0fc2 Author: Claire Date: Wed Sep 20 15:59:57 2023 +0200 Fix post translation erroring out (v4.1.x) (#26990) commit af0ee129082bc9c57ec0606dc1899ec13d2dfffb Author: Claire Date: Wed Sep 20 12:54:08 2023 +0200 Disable ruby linting for 4.1.x branch (#26993) commit 46bd58f74d11591a0180319285b0c79b2212ef69 Author: Claire Date: Tue Sep 19 12:11:33 2023 +0200 Bump version to v4.1.8 commit d6c0ae995c45fe5e5e0a8acfc10dff04a774fa75 Author: Claire Date: Fri Sep 15 19:54:32 2023 +0200 Fix post edits not being forwarded as expected (#26936) commit 5fd89e53d2039cf3062fcae3b25fcbdfa7da0333 Author: Claire Date: Wed Sep 6 16:40:19 2023 +0200 Fix moderator rights inconsistencies (#26729) commit 5caade9fb0754fa13ae11f86145cd0ca1dcb830b Author: Claire Date: Wed Sep 6 12:17:51 2023 +0200 Fix crash when encountering invalid URL (#26814) commit 34959eccd2094500539bbad5c5f03a3723debc18 Author: Claire Date: Thu Aug 17 16:11:48 2023 +0200 Fix cached posts including stale stats (#26409) commit 21bf42bca14907284cb03ad3ba1be47124d66866 Author: Nicolai Søborg Date: Fri Aug 18 08:32:47 2023 +0200 Fix `frame_rate` for videos where `ffprobe` reports 0/0 (#26500) commit 780283788515bb13007f4574fb6d9f8c82281da2 Author: yufushiro <62991447+yufushiro@users.noreply.github.com> Date: Wed Aug 23 15:44:56 2023 +0900 Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough (#26608) Co-authored-by: Claire commit 48ee3ae13de9125beaee726ac737a770a5160961 Author: Claire Date: Tue Sep 19 16:53:58 2023 +0200 Merge pull request from GHSA-v3xf-c9qf-j667 commit 5f9511c389041570d21c383ce07dd2786df9cc2d Author: Claire Date: Tue Sep 19 16:53:21 2023 +0200 Merge pull request from GHSA-2693-xr3m-jhqr commit 38a5d92f3814b071803c046144d94643a3ecb934 Author: Claire Date: Mon Sep 18 08:32:04 2023 +0200 Change Dockerfile to upgrade packages when building (#26929) Co-authored-by: Renaud Chaput commit 7f7e068975315b094a67b49d52241480e6b5db76 Author: Claire Date: Wed Sep 6 12:19:02 2023 +0200 Update actions for stable-4.1 (#26815) Co-authored-by: Renaud Chaput commit 5f88a2d70bee2a48b43bb34f0fde780ae9749162 Author: Claire Date: Tue Sep 5 14:50:09 2023 +0200 Bump version to v4.1.7 commit cf80d54cbae952705af250a9764c6e25e77cc3c7 Author: Emelia Smith Date: Mon May 22 13:15:21 2023 +0200 Allow reports with long comments from remote instances, but truncate (#25028) commit ea7fa048f374b31956211b87e265800e83574476 Author: Daniel M Brasil Date: Thu Aug 31 08:53:24 2023 -0300 Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled (#26237) commit 6339806f05cbbe630639df69421394119433896a Author: Claire Date: Wed Aug 9 09:39:36 2023 +0200 Fix blocking subdomains of an already-blocked domain (#26392) commit 86afbf25d01349bd2fe0ee98f1d60890ef71b7b9 Author: Claire Date: Wed Aug 30 17:36:16 2023 +0200 Change text extraction in `PlainTextFormatter` to be faster (#26727) commit 1ad64b5557f8980b8ec54ac09cd79ac51223a2ea Author: Claire Date: Thu Aug 31 19:54:10 2023 +0200 Backport container build changes to the stable-4.1 branch (#26738) Co-authored-by: Renaud Chaput commit ac7d40b561101084baf4688167d155600eefe9dc Author: Claire Date: Thu Jul 27 17:08:09 2023 +0200 Bump version to v4.1.6 commit 2fc6117d1b5643c0de908706d22702a35388a2a4 Author: Renaud Chaput Date: Fri Jul 28 19:11:58 2023 +0200 Fix missing return values in streaming (#26233) commit 2eb1a5b7b6d8b6a0b9426e7ee5a1fd04519dd7e2 Author: Emelia Smith Date: Fri Jul 28 12:06:29 2023 +0200 Fix: Streaming server memory leak in HTTP EventSource cleanup (#26228) commit 6c321bb5e1543c78dbd0fa8e4962e95e544e1f63 Author: Claire Date: Sat Jul 22 20:42:31 2023 +0200 Fix incorrect connect timeout in outgoing requests (#26116) commit da230600acda1d1a151eab4caa3d536ce828a097 Author: Emelia Smith Date: Thu Jul 27 15:38:18 2023 +0200 Refactor streaming's filtering logic & improve documentation (#26213) commit 1792be342a3cfad7bdfa54311b3962a8051962bb Author: Claire Date: Thu Jul 27 15:12:10 2023 +0200 Fix wrong filters sometimes applying in streaming (#26159) commit ebf4f034c2e3841fde2d0109667c036fb352f3a8 Author: Claire Date: Fri Jul 21 14:30:46 2023 +0200 Bump version to v4.1.5 commit 889102013fd687113cec75fe252b5328707e8cc1 Author: Claire Date: Fri Jul 21 13:34:15 2023 +0200 Fix CSP headers being unintendedly wide (#26105) commit d94a2c8aca731b4986e20401ae8ce5255e041b80 Author: Claire Date: Tue Jul 18 20:51:20 2023 +0200 Change request timeout handling to use a longer deadline (#26055) commit efd066670d67676d5f5e73a75c268a2bd09c59c7 Author: Claire Date: Mon Jul 10 18:42:10 2023 +0200 Fix moderation interface for remote instances with a .zip TLD (#25885) commit 13ec425b721c959415921046d7a24ed8c9994cee Author: Claire Date: Mon Jul 10 18:42:19 2023 +0200 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) commit 7a99f0744d7c69a69b7552e31f6bb3914a6a03e8 Author: Michael Stanclift Date: Thu Jul 13 04:12:51 2023 -0500 Fix trending publishers table not rendering correctly on narrow screens (#25945) commit 69c8f26946a5cdeff09ca8fe410bc11be78c158c Author: Claire Date: Fri Jul 21 14:18:04 2023 +0200 Add check preventing Sidekiq workers from running with Makara configured (#25850) Co-authored-by: Eugen Rochko commit 3f5af768c8f1401f77d14ad5b6aeccdb7e02a9f0 Author: Claire Date: Fri Jul 7 18:21:10 2023 +0200 Bump version to v4.1.4 commit cb8ab46302ad783869078ab4a26de04c09417a09 Author: Claire Date: Fri Jul 7 18:22:50 2023 +0200 Update dependencies commit 53b979d5c73f0b28b161581ec3e824d89f66633c Author: Claire Date: Fri Jul 7 13:35:22 2023 +0200 Fix processing of media files with unusual names (#25788) commit f2bbac3f9fb37f6f870f25362e140d647d60caf5 Author: Claire Date: Fri Jul 7 18:10:17 2023 +0200 Fix crash in admin interface when viewing a remote user with verified links (#25796) commit 015ed99612241b8dbf2810db478b1485f4c31031 Author: Claire Date: Fri Jul 7 18:10:00 2023 +0200 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) commit cf58535193708d9a4bd584266423168cda75f415 Author: nemobis Date: Fri Jul 7 15:15:54 2023 +0300 Fix typo in CHANGELOG.md (#25764) commit 0d5781ca7609590a6d5340bb685bb1804056bb46 Author: Claire Date: Wed Jun 21 09:13:30 2023 +0200 Bump version to v4.1.3 commit 32ebeed59ba424732130073474fe03699efe07fc Author: Claire Date: Thu Jul 6 15:06:50 2023 +0200 Merge pull request from GHSA-55j9-c3mp-6fcq commit e75ad1de0f95f38b45748cafb1212560fe7587f5 Author: Claire Date: Thu Jul 6 15:06:24 2023 +0200 Merge pull request from GHSA-9pxv-6qvf-pjwc * Fix timeout handling of outbound HTTP requests * Use CLOCK_MONOTONIC instead of Time.now commit 0aa0b71f2cae9e35cff613b13d05ee3aeaf9f944 Author: Claire Date: Thu Jul 6 15:05:05 2023 +0200 Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged commit c4f2609f7a604daef1648e164ef8181d858bd058 Author: Claire Date: Thu Jul 6 15:03:33 2023 +0200 Merge pull request from GHSA-ccm4-vgcc-73hp * Tighten allowed HTML in oEmbed-based preview cards * Sanitize preview cards at render time * Add `sandbox` attribute to preview card iframes commit 9b6c0cac7d435905bdbea6e3b0cbb47da9490270 Author: Claire Date: Thu Jul 6 14:31:37 2023 +0200 Add hardened headers to user-uploaded files (#25756) commit fac2c9eb7d904e44244e20a8e1e8f6feb3b9db5b Author: Claire Date: Wed Jun 28 12:47:00 2023 +0200 Update rack, rails, nokogiri and doorkeeper gems commit a3d69a2c5d3fcc0df61929684fe31567860e7f2e Author: Claire Date: Tue Jul 4 18:58:23 2023 +0200 Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713) commit 8eb1bb8ba697bce5b72027a0a5263db29fa5e34b Author: Renaud Chaput Date: Thu Jun 1 12:14:49 2023 +0200 Allow carets in URL search params (#25216) commit 652ff76462f33f90e257e331009f89c41d600409 Author: Vyr Cossont Date: Fri Mar 31 23:28:35 2023 -0700 Fix Redis client and type errors introduced in #24285 (#24342) commit 6f484fbbd280294bd8e43b5a9d0e54d6e34604b9 Author: Vyr Cossont Date: Fri Mar 31 05:38:47 2023 -0700 IndexingScheduler: fetch and import in batches (#24285) Co-authored-by: Claire commit 79f5b8f156f65c25ada4712f8415c8d5f1f6dde7 Author: Claire Date: Thu Jun 29 14:48:54 2023 +0200 Fix ResolveURLService not resolving local URLs for remote content (#25637) commit f8930a67a05f9adcaef5bc3f6e874d86f3228415 Author: Claire Date: Thu Jun 22 14:56:14 2023 +0200 Change /api/v1/statuses/:id/history to always return at least one item (#25510) commit e65e3a6d14174378b8bf58f5997cde3de40c3ca7 Author: Claire Date: Thu Jun 22 14:52:25 2023 +0200 Add finer permission requirements for managing webhooks (#25463) commit 8acbfc6ab1b1a1f026fd85208089b9f31255aba6 Author: Claire Date: Tue Jun 20 18:15:35 2023 +0200 Fix wrong view being displayed when a webhook fails validation (#25464) commit 3ef53958b27da2edd1f1eba27ef2316fef64099f Author: Emelia Smith Date: Tue Jun 20 18:04:35 2023 +0200 Prevent UserCleanupScheduler from overwhelming streaming (#25519) commit fd1ffd72ebec4c435b5e4406c1eafa80da69b317 Author: Daniel M Brasil Date: Mon Jun 19 03:53:05 2023 -0300 Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) commit 7bd34f8b23f26fc4ebd10bcc3f2e0bae7cdd6520 Author: Claire Date: Thu May 4 10:13:00 2023 +0200 Fix infinite loop in AccountsStatusesCleanupScheduler (#24840) commit 7012bf6ed3188148e91870d83c446c529d46907d Author: Claire Date: Wed May 3 10:31:40 2023 +0200 Improve automatic post cleanup worker performances (#24785) commit d9e45f2fa94449fe367a92b34f12775a0c85a8ee Author: Claire Date: Sun Apr 23 22:25:40 2023 +0200 Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607) commit 0e139e3c4d8faa94fe0357d235f84a3f4c2abb50 Author: Claire Date: Fri Apr 21 18:14:19 2023 +0200 Change automatic post deletion thresholds and load detection (#24614) commit 23e7b4d28dc94ef927f6db4e5832a45e333b252e Author: Emelia Smith Date: Sat Jun 10 18:24:37 2023 +0200 Fix logging of messages that are binary before closing their connection (#25361) commit e78ee582f7b845c16cdcada44c96ed7053f07ff1 Author: Emelia Smith Date: Fri Jun 9 19:29:16 2023 +0200 Fix performance of streaming by parsing message JSON once (#25278) commit a197fc094f9f55379d34a46bb530a7ce97d530b6 Author: Claire Date: Mon Jun 5 17:35:05 2023 +0200 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) commit bd7cbeeadfbb7d087c71cd6e0a016d44ca39a786 Author: Daniel M Brasil Date: Sun Apr 30 01:50:58 2023 -0300 Fix `tootctl accounts approve --number N` not aproving N earliest registrations (#24605) commit 2779bce9a22f556b6c7a2e39eab82ab7438ac240 Author: Claire Date: Tue May 2 17:42:42 2023 +0200 Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` (#23600) Co-authored-by: Eugen Rochko commit 210ff368605c6752dcd8740b088570f393d322cf Author: Claire Date: Thu May 11 04:40:03 2023 +0200 Change AccessTokensVacuum to also delete expired tokens (#24868) commit 99c2bbbec9bb004fd54d4f0920c1109e960ebb04 Author: Claire Date: Fri May 12 13:13:04 2023 +0200 Change profile updates to be sent to recently-mentioned servers (#24852) commit 7e587793004c0558d5131ff8eff359a77617a206 Author: Claire Date: Tue May 16 14:56:49 2023 +0200 Fix reports not being closed when performing batch suspensions (#24988) commit cca464bce3c2ac43e2759d6a0ab0c977b4098d90 Author: Claire Date: Wed May 17 00:08:42 2023 +0200 Fix being able to vote on your own polls (#25015) commit 1301af60e042fb9db39172977fb3a5d720ca7a31 Author: Claire Date: Wed May 17 00:09:21 2023 +0200 Fix race condition when reblogging a status (#25016) commit f962e838567143640036c9a4f01e161e2a88941b Author: Claire Date: Mon May 22 12:25:56 2023 +0200 Change OpenGraph-based embeds to allow fullscreen (#25058) commit b3cbcd744719cd3a8a65f6dbefbc0f3912827a55 Author: Claire Date: Mon May 22 14:03:38 2023 +0200 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) commit 72d96bf17a6c44344f5896b2b26d751315650f0e Author: Claire Date: Tue May 23 14:27:17 2023 +0200 Remove invalid X-Frame-Options: ALLOWALL (#25070) commit b1ac3562dff4c2e21a51bacf7cf963e3203097b8 Author: Claire Date: Tue May 23 15:00:36 2023 +0200 Change Identity to not destroy associated User on destroy (#25098) commit 4c6c790f80f598d80e4fce44c06309a17dfd65e6 Author: Claire Date: Tue Jun 20 18:32:26 2023 +0200 Fix /api/v1/conversations sometimes returning empty accounts (#25499) commit 036ac5b5c9597f8a2042a102439f14eaa9474f6c Author: Claire Date: Wed Jun 14 08:54:52 2023 +0200 Fix ArgumentError when loading newer Private Mentions (#25399) commit 3e1724e97282a2725778eccdf46d7756773d2771 Author: Claire Date: Thu Jun 1 02:41:51 2023 +0200 Fix multiple N+1s in ConversationsController (#25134) commit bc8592627bc7effa94c12d17bd8ee7e0b6ff52be Author: Claire Date: Wed Apr 5 19:31:49 2023 +0200 Fix user archive takeouts when using OpenStack Swift (#24431) --- CHANGELOG.md | 10 ++ Gemfile.lock | 2 +- .../auth/omniauth_callbacks_controller.rb | 3 + app/helpers/jsonld_helper.rb | 14 +- app/services/fetch_resource_service.rb | 2 +- config/locales/devise.en.yml | 1 + docker-compose.yml | 6 +- lib/mastodon/version.rb | 2 +- spec/helpers/jsonld_helper_spec.rb | 14 +- .../lib/activitypub/activity/announce_spec.rb | 4 +- spec/requests/omniauth_callbacks_spec.rb | 143 ++++++++++++++++++ .../fetch_featured_collection_service_spec.rb | 16 +- ...h_featured_tags_collection_service_spec.rb | 8 +- .../fetch_remote_account_service_spec.rb | 10 +- .../fetch_remote_actor_service_spec.rb | 10 +- .../fetch_remote_key_service_spec.rb | 8 +- .../activitypub/fetch_replies_service_spec.rb | 6 +- .../synchronize_followers_service_spec.rb | 6 +- spec/support/omniauth_mocks.rb | 7 + .../activitypub/fetch_replies_worker_spec.rb | 2 +- 20 files changed, 225 insertions(+), 49 deletions(-) create mode 100644 spec/requests/omniauth_callbacks_spec.rb create mode 100644 spec/support/omniauth_mocks.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b5308e656..57fabea9f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,16 @@ Changelog All notable changes to this project will be documented in this file. +## [4.1.15] - 2024-02-16 + +### Fixed + +- Fix OmniAuth tests and edge cases in error handling ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29201), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/29207)) + +### Security + +- Fix insufficient checking of remote posts ([GHSA-jhrq-qvrm-qr36](https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36)) + ## [4.1.14] - 2024-02-14 ### Security diff --git a/Gemfile.lock b/Gemfile.lock index 73b0fdc1bd..e9ad842aa6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -472,7 +472,7 @@ GEM parslet (2.0.0) pastel (0.8.0) tty-color (~> 0.5) - pg (1.4.5) + pg (1.4.6) pghero (3.1.0) activerecord (>= 6) pkg-config (1.5.1) diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb index 3c4984b3f3..3968537ad3 100644 --- a/app/controllers/auth/omniauth_callbacks_controller.rb +++ b/app/controllers/auth/omniauth_callbacks_controller.rb @@ -24,6 +24,9 @@ def self.provides_callback_for(provider) session["devise.#{provider}_data"] = request.env['omniauth.auth'] redirect_to new_user_registration_url end + rescue ActiveRecord::RecordInvalid + flash[:alert] = I18n.t('devise.failure.omniauth_user_creation_failure') if is_navigational_format? + redirect_to new_user_session_url end end diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb index 430ec33063..28ca7fd82a 100644 --- a/app/helpers/jsonld_helper.rb +++ b/app/helpers/jsonld_helper.rb @@ -176,7 +176,19 @@ def fetch_resource_without_id_validation(uri, on_behalf_of = nil, raise_on_tempo build_request(uri, on_behalf_of, options: request_options).perform do |response| raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response) || !raise_on_temporary_error - body_to_json(response.body_with_limit) if response.code == 200 + body_to_json(response.body_with_limit) if response.code == 200 && valid_activitypub_content_type?(response) + end + end + + def valid_activitypub_content_type?(response) + return true if response.mime_type == 'application/activity+json' + + # When the mime type is `application/ld+json`, we need to check the profile, + # but `http.rb` does not parse it for us. + return false unless response.mime_type == 'application/ld+json' + + response.headers[HTTP::Headers::CONTENT_TYPE]&.split(';')&.map(&:strip)&.any? do |str| + str.start_with?('profile="') && str[9...-1].split.include?('https://www.w3.org/ns/activitystreams') end end diff --git a/app/services/fetch_resource_service.rb b/app/services/fetch_resource_service.rb index c6f3828763..01b602124b 100644 --- a/app/services/fetch_resource_service.rb +++ b/app/services/fetch_resource_service.rb @@ -43,7 +43,7 @@ def process_response(response, terminal = false) @response_code = response.code return nil if response.code != 200 - if ['application/activity+json', 'application/ld+json'].include?(response.mime_type) + if valid_activitypub_content_type?(response) body = response.body_with_limit json = body_to_json(body) diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 458fa6d759..d47b38321b 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -12,6 +12,7 @@ en: last_attempt: You have one more attempt before your account is locked. locked: Your account is locked. not_found_in_database: Invalid %{authentication_keys} or password. + omniauth_user_creation_failure: Error creating an account for this identity. pending: Your account is still under review. timeout: Your session expired. Please sign in again to continue. unauthenticated: You need to sign in or sign up before continuing. diff --git a/docker-compose.yml b/docker-compose.yml index 74ac79a800..3e4a14413a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -56,7 +56,7 @@ services: web: build: . - image: ghcr.io/mastodon/mastodon:v4.1.14 + image: ghcr.io/mastodon/mastodon:v4.1.15 restart: always env_file: .env.production command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" @@ -77,7 +77,7 @@ services: streaming: build: . - image: ghcr.io/mastodon/mastodon:v4.1.14 + image: ghcr.io/mastodon/mastodon:v4.1.15 restart: always env_file: .env.production command: node ./streaming @@ -95,7 +95,7 @@ services: sidekiq: build: . - image: ghcr.io/mastodon/mastodon:v4.1.14 + image: ghcr.io/mastodon/mastodon:v4.1.15 restart: always env_file: .env.production command: bundle exec sidekiq diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 82e26b4ccc..29a22eff3b 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ def minor end def patch - 14 + 15 end def flags diff --git a/spec/helpers/jsonld_helper_spec.rb b/spec/helpers/jsonld_helper_spec.rb index 744a14f260..54355b8482 100644 --- a/spec/helpers/jsonld_helper_spec.rb +++ b/spec/helpers/jsonld_helper_spec.rb @@ -56,15 +56,15 @@ describe '#fetch_resource' do context 'when the second argument is false' do it 'returns resource even if the retrieved ID and the given URI does not match' do - stub_request(:get, 'https://bob.test/').to_return body: '{"id": "https://alice.test/"}' - stub_request(:get, 'https://alice.test/').to_return body: '{"id": "https://alice.test/"}' + stub_request(:get, 'https://bob.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) + stub_request(:get, 'https://alice.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) expect(fetch_resource('https://bob.test/', false)).to eq({ 'id' => 'https://alice.test/' }) end it 'returns nil if the object identified by the given URI and the object identified by the retrieved ID does not match' do - stub_request(:get, 'https://mallory.test/').to_return body: '{"id": "https://marvin.test/"}' - stub_request(:get, 'https://marvin.test/').to_return body: '{"id": "https://alice.test/"}' + stub_request(:get, 'https://mallory.test/').to_return(body: '{"id": "https://marvin.test/"}', headers: { 'Content-Type': 'application/activity+json' }) + stub_request(:get, 'https://marvin.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) expect(fetch_resource('https://mallory.test/', false)).to eq nil end @@ -72,7 +72,7 @@ context 'when the second argument is true' do it 'returns nil if the retrieved ID and the given URI does not match' do - stub_request(:get, 'https://mallory.test/').to_return body: '{"id": "https://alice.test/"}' + stub_request(:get, 'https://mallory.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) expect(fetch_resource('https://mallory.test/', true)).to eq nil end end @@ -80,12 +80,12 @@ describe '#fetch_resource_without_id_validation' do it 'returns nil if the status code is not 200' do - stub_request(:get, 'https://host.test/').to_return status: 400, body: '{}' + stub_request(:get, 'https://host.test/').to_return(status: 400, body: '{}', headers: { 'Content-Type': 'application/activity+json' }) expect(fetch_resource_without_id_validation('https://host.test/')).to eq nil end it 'returns hash' do - stub_request(:get, 'https://host.test/').to_return status: 200, body: '{}' + stub_request(:get, 'https://host.test/').to_return(status: 200, body: '{}', headers: { 'Content-Type': 'application/activity+json' }) expect(fetch_resource_without_id_validation('https://host.test/')).to eq({}) end end diff --git a/spec/lib/activitypub/activity/announce_spec.rb b/spec/lib/activitypub/activity/announce_spec.rb index e9cd6c68c1..2ca70712a8 100644 --- a/spec/lib/activitypub/activity/announce_spec.rb +++ b/spec/lib/activitypub/activity/announce_spec.rb @@ -33,7 +33,7 @@ context 'when sender is followed by a local account' do before do Fabricate(:account).follow!(sender) - stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json)) + stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' }) subject.perform end @@ -118,7 +118,7 @@ subject { described_class.new(json, sender, relayed_through_actor: relay_account) } before do - stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json)) + stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' }) end context 'and the relay is enabled' do diff --git a/spec/requests/omniauth_callbacks_spec.rb b/spec/requests/omniauth_callbacks_spec.rb new file mode 100644 index 0000000000..095535e485 --- /dev/null +++ b/spec/requests/omniauth_callbacks_spec.rb @@ -0,0 +1,143 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe 'OmniAuth callbacks' do + shared_examples 'omniauth provider callbacks' do |provider| + subject { post send :"user_#{provider}_omniauth_callback_path" } + + context 'with full information in response' do + before do + mock_omniauth(provider, { + provider: provider.to_s, + uid: '123', + info: { + verified: 'true', + email: 'user@host.example', + }, + }) + end + + context 'without a matching user' do + it 'creates a user and an identity and redirects to root path' do + expect { subject } + .to change(User, :count) + .by(1) + .and change(Identity, :count) + .by(1) + .and change(LoginActivity, :count) + .by(1) + + expect(User.last.email).to eq('user@host.example') + expect(Identity.find_by(user: User.last).uid).to eq('123') + expect(response).to redirect_to(root_path) + end + end + + context 'with a matching user and no matching identity' do + before do + Fabricate(:user, email: 'user@host.example') + end + + context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is set to true' do + around do |example| + ClimateControl.modify ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH: 'true' do + example.run + end + end + + it 'matches the existing user, creates an identity, and redirects to root path' do + expect { subject } + .to not_change(User, :count) + .and change(Identity, :count) + .by(1) + .and change(LoginActivity, :count) + .by(1) + + expect(Identity.find_by(user: User.last).uid).to eq('123') + expect(response).to redirect_to(root_path) + end + end + + context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do + it 'does not match the existing user or create an identity, and redirects to login page' do + expect { subject } + .to not_change(User, :count) + .and not_change(Identity, :count) + .and not_change(LoginActivity, :count) + + expect(response).to redirect_to(new_user_session_url) + end + end + end + + context 'with a matching user and a matching identity' do + before do + user = Fabricate(:user, email: 'user@host.example') + Fabricate(:identity, user: user, uid: '123', provider: provider) + end + + it 'matches the existing records and redirects to root path' do + expect { subject } + .to not_change(User, :count) + .and not_change(Identity, :count) + .and change(LoginActivity, :count) + .by(1) + + expect(response).to redirect_to(root_path) + end + end + end + + context 'with a response missing email address' do + before do + mock_omniauth(provider, { + provider: provider.to_s, + uid: '123', + info: { + verified: 'true', + }, + }) + end + + it 'redirects to the auth setup page' do + expect { subject } + .to change(User, :count) + .by(1) + .and change(Identity, :count) + .by(1) + .and change(LoginActivity, :count) + .by(1) + + expect(response).to redirect_to(auth_setup_path(missing_email: '1')) + end + end + + context 'when a user cannot be built' do + before do + allow(User).to receive(:find_for_omniauth).and_return(User.new) + end + + it 'redirects to the new user signup page' do + expect { subject } + .to not_change(User, :count) + .and not_change(Identity, :count) + .and not_change(LoginActivity, :count) + + expect(response).to redirect_to(new_user_registration_url) + end + end + end + + describe '#openid_connect', if: ENV['OIDC_ENABLED'] == 'true' && ENV['OIDC_SCOPE'].present? do + include_examples 'omniauth provider callbacks', :openid_connect + end + + describe '#cas', if: ENV['CAS_ENABLED'] == 'true' do + include_examples 'omniauth provider callbacks', :cas + end + + describe '#saml', if: ENV['SAML_ENABLED'] == 'true' do + include_examples 'omniauth provider callbacks', :saml + end +end diff --git a/spec/services/activitypub/fetch_featured_collection_service_spec.rb b/spec/services/activitypub/fetch_featured_collection_service_spec.rb index e0153225d8..398fa510a7 100644 --- a/spec/services/activitypub/fetch_featured_collection_service_spec.rb +++ b/spec/services/activitypub/fetch_featured_collection_service_spec.rb @@ -60,10 +60,10 @@ shared_examples 'sets pinned posts' do before do - stub_request(:get, 'https://example.com/account/pinned/1').to_return(status: 200, body: Oj.dump(status_json_1)) - stub_request(:get, 'https://example.com/account/pinned/2').to_return(status: 200, body: Oj.dump(status_json_2)) + stub_request(:get, 'https://example.com/account/pinned/1').to_return(status: 200, body: Oj.dump(status_json_1), headers: { 'Content-Type': 'application/activity+json' }) + stub_request(:get, 'https://example.com/account/pinned/2').to_return(status: 200, body: Oj.dump(status_json_2), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/account/pinned/3').to_return(status: 404) - stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4)) + stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' }) subject.call(actor, note: true, hashtag: false) end @@ -76,7 +76,7 @@ describe '#call' do context 'when the endpoint is a Collection' do before do - stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'sets pinned posts' @@ -93,7 +93,7 @@ end before do - stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'sets pinned posts' @@ -102,7 +102,7 @@ let(:items) { 'https://example.com/account/pinned/4' } before do - stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4)) + stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' }) subject.call(actor, note: true, hashtag: false) end @@ -129,7 +129,7 @@ end before do - stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'sets pinned posts' @@ -138,7 +138,7 @@ let(:items) { 'https://example.com/account/pinned/4' } before do - stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4)) + stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' }) subject.call(actor, note: true, hashtag: false) end diff --git a/spec/services/activitypub/fetch_featured_tags_collection_service_spec.rb b/spec/services/activitypub/fetch_featured_tags_collection_service_spec.rb index 6ca22c9fc6..ba02f92591 100644 --- a/spec/services/activitypub/fetch_featured_tags_collection_service_spec.rb +++ b/spec/services/activitypub/fetch_featured_tags_collection_service_spec.rb @@ -36,7 +36,7 @@ describe '#call' do context 'when the endpoint is a Collection' do before do - stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'sets featured tags' @@ -44,7 +44,7 @@ context 'when the account already has featured tags' do before do - stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) actor.featured_tags.create!(name: 'FoO') actor.featured_tags.create!(name: 'baz') @@ -65,7 +65,7 @@ end before do - stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'sets featured tags' @@ -86,7 +86,7 @@ end before do - stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'sets featured tags' diff --git a/spec/services/activitypub/fetch_remote_account_service_spec.rb b/spec/services/activitypub/fetch_remote_account_service_spec.rb index 9ee2c15248..2b8024cca3 100644 --- a/spec/services/activitypub/fetch_remote_account_service_spec.rb +++ b/spec/services/activitypub/fetch_remote_account_service_spec.rb @@ -42,7 +42,7 @@ before do actor[:inbox] = nil - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -65,7 +65,7 @@ let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -91,7 +91,7 @@ let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -123,7 +123,7 @@ let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -146,7 +146,7 @@ let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end diff --git a/spec/services/activitypub/fetch_remote_actor_service_spec.rb b/spec/services/activitypub/fetch_remote_actor_service_spec.rb index 56805b3325..ad7bf0d1b2 100644 --- a/spec/services/activitypub/fetch_remote_actor_service_spec.rb +++ b/spec/services/activitypub/fetch_remote_actor_service_spec.rb @@ -42,7 +42,7 @@ before do actor[:inbox] = nil - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -65,7 +65,7 @@ let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -91,7 +91,7 @@ let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -123,7 +123,7 @@ let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -146,7 +146,7 @@ let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end diff --git a/spec/services/activitypub/fetch_remote_key_service_spec.rb b/spec/services/activitypub/fetch_remote_key_service_spec.rb index 9c818d12c0..5358278998 100644 --- a/spec/services/activitypub/fetch_remote_key_service_spec.rb +++ b/spec/services/activitypub/fetch_remote_key_service_spec.rb @@ -38,7 +38,7 @@ end before do - stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) + stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) end @@ -47,7 +47,7 @@ context 'when the key is a sub-object from the actor' do before do - stub_request(:get, public_key_id).to_return(body: Oj.dump(actor)) + stub_request(:get, public_key_id).to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) end it 'returns the expected account' do @@ -59,7 +59,7 @@ let(:public_key_id) { 'https://example.com/alice-public-key.json' } before do - stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] }))) + stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })), headers: { 'Content-Type': 'application/activity+json' }) end it 'returns the expected account' do @@ -72,7 +72,7 @@ let(:actor_public_key) { 'https://example.com/alice-public-key.json' } before do - stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] }))) + stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })), headers: { 'Content-Type': 'application/activity+json' }) end it 'returns the nil' do diff --git a/spec/services/activitypub/fetch_replies_service_spec.rb b/spec/services/activitypub/fetch_replies_service_spec.rb index 264f305d7d..00ce1ab0f5 100644 --- a/spec/services/activitypub/fetch_replies_service_spec.rb +++ b/spec/services/activitypub/fetch_replies_service_spec.rb @@ -53,7 +53,7 @@ context 'when passing the URL to the collection' do before do - stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it 'spawns workers for up to 5 replies on the same server' do @@ -82,7 +82,7 @@ context 'when passing the URL to the collection' do before do - stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it 'spawns workers for up to 5 replies on the same server' do @@ -115,7 +115,7 @@ context 'when passing the URL to the collection' do before do - stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it 'spawns workers for up to 5 replies on the same server' do diff --git a/spec/services/activitypub/synchronize_followers_service_spec.rb b/spec/services/activitypub/synchronize_followers_service_spec.rb index 75dcf204b7..7b4a5f8ffe 100644 --- a/spec/services/activitypub/synchronize_followers_service_spec.rb +++ b/spec/services/activitypub/synchronize_followers_service_spec.rb @@ -58,7 +58,7 @@ describe '#call' do context 'when the endpoint is a Collection of actor URIs' do before do - stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'synchronizes followers' @@ -75,7 +75,7 @@ end before do - stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'synchronizes followers' @@ -96,7 +96,7 @@ end before do - stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) + stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) end it_behaves_like 'synchronizes followers' diff --git a/spec/support/omniauth_mocks.rb b/spec/support/omniauth_mocks.rb new file mode 100644 index 0000000000..9883adec7a --- /dev/null +++ b/spec/support/omniauth_mocks.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +OmniAuth.config.test_mode = true + +def mock_omniauth(provider, data) + OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new(data) +end diff --git a/spec/workers/activitypub/fetch_replies_worker_spec.rb b/spec/workers/activitypub/fetch_replies_worker_spec.rb index 91ef3c4b92..64cfcd8cbf 100644 --- a/spec/workers/activitypub/fetch_replies_worker_spec.rb +++ b/spec/workers/activitypub/fetch_replies_worker_spec.rb @@ -21,7 +21,7 @@ describe 'perform' do it 'performs a request if the collection URI is from the same host' do - stub_request(:get, 'https://example.com/statuses_replies/1').to_return(status: 200, body: json) + stub_request(:get, 'https://example.com/statuses_replies/1').to_return(status: 200, body: json, headers: { 'Content-Type': 'application/activity+json' }) subject.perform(status.id, 'https://example.com/statuses_replies/1') expect(a_request(:get, 'https://example.com/statuses_replies/1')).to have_been_made.once end