mastodon/spec/controllers
Claire 34aeef3453
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
..
activitypub Refactor ActivityPub handling to prepare for non-Account actors (#19212) 2022-09-21 22:45:57 +02:00
admin Fix /admin/accounts/:account_id/statuses/:id for edited posts with media attachments (#30819) 2024-07-02 16:20:04 +02:00
api Merge pull request from GHSA-58x8-3qxw-6hm7 2024-07-04 16:26:49 +02:00
auth Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:06 +01:00
concerns Convert signature verification specs to request specs (#28443) 2024-01-24 15:31:06 +01:00
disputes Add customizable user roles (#18641) 2022-07-05 02:41:40 +02:00
oauth Merge pull request from GHSA-vp5r-5pgw-jwqx 2024-07-04 16:11:28 +02:00
settings Merge pull request from GHSA-vp5r-5pgw-jwqx 2024-07-04 16:11:28 +02:00
well_known Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (#23600) 2023-07-06 13:45:40 +02:00
about_controller_spec.rb Change about page to be mounted in the web UI (#19345) 2022-10-13 14:42:37 +02:00
accounts_controller_spec.rb Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
application_controller_spec.rb Remove caching in cache_collection (#29862) 2024-05-17 12:30:07 +02:00
authorize_interactions_controller_spec.rb Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
emojis_controller_spec.rb Misc. typos (#8694) 2018-09-14 00:53:09 +02:00
follower_accounts_controller_spec.rb Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
following_accounts_controller_spec.rb Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
home_controller_spec.rb Add logged-out access to the web UI (#18961) 2022-09-29 04:39:33 +02:00
instance_actors_controller_spec.rb Fix instance actor not being dereferenceable (#17457) 2022-02-06 15:31:03 +01:00
intents_controller_spec.rb Add remote interaction dialog for toots (#8202) 2018-08-18 03:03:12 +02:00
invites_controller_spec.rb Add customizable user roles (#18641) 2022-07-05 02:41:40 +02:00
manifests_controller_spec.rb Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00
media_controller_spec.rb Fix error when rendering public pages with media attachments (#16763) 2021-10-13 15:27:19 +02:00
media_proxy_controller_spec.rb Fix media attachments enumeration (#14254) 2020-07-07 15:26:51 +02:00
relationships_controller_spec.rb Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2023-03-13 18:36:15 +01:00
shares_controller_spec.rb Fix blurhash and autoplay not working on public pages (#11585) 2019-08-16 19:15:05 +02:00
statuses_cleanup_controller_spec.rb Add feature to automatically delete old toots (#16529) 2021-08-09 23:11:50 +02:00
statuses_controller_spec.rb Refactor ActivityPub handling to prepare for non-Account actors (#19212) 2022-09-21 22:45:57 +02:00
tags_controller_spec.rb Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00