* Fix insufficient permission checking for public timeline endpoints
Note that this changes unauthenticated access failure code from 401 to 422
* Add more tests for public timelines
* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
Conflicts:
- `yarn.lock`:
Not a real conflict, just a line adjacent to a glitch-soc only dependency
getting updated.
Updated dependencies as upstream did.
Conflicts:
- `app/controllers/activitypub/collections_controller.rb`:
Upstream renamed a helper method everywhere.
There was one glitch-soc line involving changes because of the local-only post
feature.
Ported upstream's change.
Conflicts:
- `app/helpers/application_helper.rb`:
Not a real conflict, upstream added helpers right next to glitch-soc only
helpers.
Added upstream's helpers.
- `spec/models/status_spec.rb`:
Not a real conflict, upstream added specs right next to glitch-soc only
specs.
Added upstream's tests.
Conflicts:
- `spec/validators/status_length_validator_spec.rb`:
Upstream refactored tests to stub `StatusLengthValidator::MAX_CHARS`
while glitch-soc had custom code to read from `MAX_TOOT_CHARS`.
Switched to using upstream's implementation of the tests.
Conflicts:
- `app/controllers/accounts_controller.rb`:
Conflict due to glitch-soc's local-only posting feature.
Refactored as upstream did but kept local changes.
- `app/lib/account_statuses_filter.rb`:
Conflict due to glitch-soc's local-only posting feature.
Refactored as upstream did but kept local changes.
Conflicts:
- `package.json`:
Upstream updated a dependency that is on an adjacent line to a
glitch-soc-only dependency in that file.
Updated as upstream did.
- `yarn.lock`:
Upstream updated a dependency that is on an adjacent line to a
glitch-soc-only dependency in that file.
Updated as upstream did.
Conflicts:
- `config/routes/api.rb`:
glitch-soc has an extra `:destroy` action on notifications for historical reasons.
Kept it for now, while otherwise updating as upstream did.
Conflicts:
- `.github/workflows/build-security.yml`:
Changes were already cherry-picked and adapted in glitch-soc.
Kept glitch-soc's version.
- `Gemfile.lock`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
- `lib/mastodon/version.rb`:
Changes were already cherry-picked and updated further in glitch-soc.
Kept glitch-soc's version.
Conflicts:
- `app/lib/content_security_policy.rb`:
Conflict caused by glitch-soc's support for the extra `EXTRA_DATA_HOSTS`
environment variable.
Ported upstream's changes while keeping support for `EXTRA_DATA_HOSTS`.
Conflicts:
- `app/models/form/admin_settings.rb`:
Upstream changed code style change, including on a line modified by glitch-soc.
Kept glitch-soc's line but with the code style change applied.
Conflicts:
- `Gemfile.lock`:
Conflict caused by the `json` gem thing once again.
Updated as upstream did, but keeping the most recent `json` version.
- `spec/helpers/application_helper_spec.rb`:
Upstream refactored a bunch of specs, including one place that differs
because of glitch-soc's theming system.
Refactored as upstream did, adapting it for glitch-soc's theming system.
Conflicts:
- `.rubocop_todo.yml`:
Upstream fixed a bunch lint issues, and changed the `Max` parameter of the
`Metrics/AbcSize` cop.
Glitch-soc has different code and slightly higher `AbcSize` complexity,
modified the `.rubocop_todo.yml` file accordingly.
- `app/policies/status_policy.rb`:
Upstream changed `account.suspended?` to `account.unavailable?` to prepare
for delete flags. Glitch-soc has additional local-only conditions.
Ported upstream's refactor while keeping glitch-soc's additional condition.
- `app/serializers/initial_state_serializer.rb`:
Upstream refactored a bunch of stuff while glitch-soc has more settings.
Refactored as upstream did while keeping glitch-soc's settings.
Conflicts:
- `app/views/admin/custom_emojis/new.html.haml`:
Conflict caused by glitch-soc having a different file size limit constant
name.
Updated like upstream did while keeping glitch-soc's constant name.
Conflicts:
- `app/validators/status_pin_validator.rb`:
Upstream refactored that file, while glitch-soc had configurable limits for
pinned statuses.
Updated the code with upstream's refactor, while keeping glitch-soc's
configurability.
Conflicts:
- `app/controllers/api/v1/timelines/public_controller.rb`:
Upstream refactored this code, the conflict was because of an extra supported
parameter, `allow_local_only`.
Updated the controller to follow upstream's refactor, and moved the extra
parameter definition accordingly.
Conflicts:
- `app/controllers/api/v1/accounts/relationships_controller.rb`:
We differed by listing suspended users when requesting relationships.
Updated to upstream's code.