fix test

.gitignore

@@ -25,6 +25,7 @@
 .env
 .env.production
 .env.development
+.env.test
 /node_modules/
 /build/
 
@@ -66,3 +67,10 @@ yarn-debug.log
 
 # Ignore Docker option files
 docker-compose.override.yml
+
+/public/packs
+/public/packs-test
+/node_modules
+/yarn-error.log
+yarn-debug.log*
+.yarn-integrity

app/controllers/auth/registrations_controller.rb

@@ -50,7 +50,6 @@ def build_resource(hash = nil)
     resource.registration_form_time = session[:registration_form_time]
     resource.sign_up_ip             = request.remote_ip
 
-    resource.current_sign_in_ip = request.remote_ip if resource.current_sign_in_ip.nil?
     resource.build_account if resource.account.nil?
   end
 

app/controllers/concerns/signature_verification.rb

@@ -84,6 +84,7 @@ def signed_request_actor
     raise SignatureVerificationError, 'Signed request date outside acceptable time window' unless matches_time_window?
 
     verify_signature_strength!
+    verify_body_digest!
 
     actor = actor_from_key_id(signature_params['keyId'])
 
@@ -154,7 +155,7 @@ def signed_headers
   def verify_signature_strength!
     raise SignatureVerificationError, 'Mastodon requires the Date header or (created) pseudo-header to be signed' unless signed_headers.include?('date') || signed_headers.include?('(created)')
     raise SignatureVerificationError, 'Mastodon requires the Digest header or (request-target) pseudo-header to be signed' unless signed_headers.include?(Request::REQUEST_TARGET) || signed_headers.include?('digest')
-    raise SignatureVerificationError, 'Mastodon requires the Host header to be signed' unless signed_headers.include?('host')
+    raise SignatureVerificationError, 'Mastodon requires the Host header to be signed when doing a GET request' if request.get? && !signed_headers.include?('host')
     raise SignatureVerificationError, 'Mastodon requires the Digest header to be signed when doing a POST request' if request.post? && !signed_headers.include?('digest')
   end
 
@@ -210,8 +211,6 @@ def build_signed_string(include_query_string: true)
         raise SignatureVerificationError, 'Pseudo-header (expires) used but corresponding argument missing' if signature_params['expires'].blank?
 
         "(expires): #{signature_params['expires']}"
-      elsif signed_header == 'digest'
-        "digest: #{body_digest}"
       else
         "#{signed_header}: #{request.headers[to_header_name(signed_header)]}"
       end
@@ -244,7 +243,7 @@ def matches_time_window?
   end
 
   def body_digest
-    "SHA-256=#{Digest::SHA256.base64digest(request_body)}"
+    @body_digest ||= Digest::SHA256.base64digest(request_body)
   end
 
   def to_header_name(name)

app/controllers/oauth/authorized_applications_controller.rb

@@ -11,8 +11,6 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
 
   before_action :set_last_used_at_by_app, only: :index, unless: -> { request.format == :json }
 
-  before_action :set_last_used_at_by_app, only: :index, unless: -> { request.format == :json }
-
   skip_before_action :require_functional!
 
   include Localized

app/lib/activitypub/activity/add.rb

@@ -20,7 +20,7 @@ def perform
   def add_featured
     status = status_from_object
 
-    return unless !status.nil? && status.account_id == @account.id && !@account.pinned?(status) && status.distributable?
+    return unless !status.nil? && status.account_id == @account.id && !@account.pinned?(status)
 
     StatusPin.create!(account: @account, status: status)
   end

app/lib/plain_text_formatter.rb

@@ -28,8 +28,4 @@ def to_s
   def insert_newlines
     text.gsub(NEWLINE_TAGS_RE) { |match| "#{match}\n" }
   end
-
-  def html_entities
-    HTMLEntities.new
-  end
 end

app/lib/request.rb

@@ -32,11 +32,7 @@ def reset_counter
 
   # Read data from the socket
   def readpartial(size, buffer = nil)
-<<<<<<< HEAD
-    @deadline ||= Process.clock_gettime(Process::CLOCK_MONOTONIC) + @read_timeout
-=======
     @deadline ||= Process.clock_gettime(Process::CLOCK_MONOTONIC) + @read_deadline
->>>>>>> v4.2.0
 
     timeout = false
     loop do
@@ -45,12 +41,8 @@ def readpartial(size, buffer = nil)
       return :eof if result.nil?
 
       remaining_time = @deadline - Process.clock_gettime(Process::CLOCK_MONOTONIC)
-<<<<<<< HEAD
-      raise HTTP::TimeoutError, "Read timed out after #{@read_timeout} seconds" if timeout || remaining_time <= 0
-=======
       raise HTTP::TimeoutError, "Read timed out after #{@read_timeout} seconds" if timeout
       raise HTTP::TimeoutError, "Read timed out after a total of #{@read_deadline} seconds" if remaining_time <= 0
->>>>>>> v4.2.0
       return result if result != :wait_readable
 
       # marking the socket for timeout. Why is this not being raised immediately?
@@ -63,11 +55,7 @@ def readpartial(size, buffer = nil)
       # timeout. Else, the first timeout was a proper timeout.
       # This hack has to be done because io/wait#wait_readable doesn't provide a value for when
       # the socket is closed by the server, and HTTP::Parser doesn't provide the limit for the chunks.
-<<<<<<< HEAD
-      timeout = true unless @socket.to_io.wait_readable(remaining_time)
-=======
       timeout = true unless @socket.to_io.wait_readable([remaining_time, @read_timeout].min)
->>>>>>> v4.2.0
     end
   end
 end

app/lib/webfinger.rb

@@ -107,22 +107,11 @@ def standard_url
     end
   end
 
-  def host_meta_url
-    "https://#{@domain}/.well-known/host-meta"
-=======
-    if @domain.end_with? '.onion'
-      "http://#{@domain}/.well-known/webfinger?resource=#{@uri}"
-    else
-      "https://#{@domain}/.well-known/webfinger?resource=#{@uri}"
-    end
-  end
-
   def host_meta_url
     if @domain.end_with? '.onion'
       "http://#{@domain}/.well-known/host-meta"
     else
       "https://#{@domain}/.well-known/host-meta"
     end
->>>>>>> v4.2.0
   end
 end

app/mailers/application_mailer.rb

@@ -20,10 +20,4 @@ def set_autoreply_headers!
     headers['X-Auto-Response-Suppress'] = 'All'
     headers['Auto-Submitted'] = 'auto-generated'
   end
-
-  def set_autoreply_headers!
-    headers['Precedence'] = 'list'
-    headers['X-Auto-Response-Suppress'] = 'All'
-    headers['Auto-Submitted'] = 'auto-generated'
-  end
 end

app/models/webhook.rb

@@ -88,10 +88,6 @@ def validate_template
     end
   end
 
-  def validate_permissions
-    errors.add(:events, :invalid_permissions) if defined?(@current_account) && required_permissions.any? { |permission| !@current_account.user_role.can?(permission) }
-  end
-
   def strip_events
     self.events = events.filter_map { |str| str.strip.presence } if events.present?
   end

app/services/activitypub/process_collection_service.rb

@@ -29,15 +29,6 @@ def call(body, actor, **options)
       @json.delete('signature') unless safe_for_forwarding?(original_json, @json)
     end
 
-    if @json['signature'].present?
-      # We have verified the signature, but in the compaction step above, might
-      # have introduced incompatibilities with other servers that do not
-      # normalize the JSON-LD documents (for instance, previous Mastodon
-      # versions), so skip redistribution if we can't get a safe document.
-      patch_for_forwarding!(original_json, @json)
-      @json.delete('signature') unless safe_for_forwarding?(original_json, @json)
-    end
-
     case @json['type']
     when 'Collection', 'CollectionPage'
       process_items @json['items']

bin/webpack

@@ -7,7 +7,6 @@ require "pathname"
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
   Pathname.new(__FILE__).realpath)
 
-require "rubygems"
 require "bundler/setup"
 
 require "webpacker"

bin/webpack-dev-server

@@ -7,7 +7,6 @@ require "pathname"
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
   Pathname.new(__FILE__).realpath)
 
-require "rubygems"
 require "bundler/setup"
 
 require "webpacker"

config/webpack/environment.js

@@ -0,0 +1,3 @@
+const { environment } = require('@rails/webpacker')
+
+module.exports = environment

config/webpack/test.js

@@ -0,0 +1,5 @@
+process.env.NODE_ENV = process.env.NODE_ENV || 'development'
+
+const environment = require('./environment')
+
+module.exports = environment.toWebpackConfig()

spec/controllers/activitypub/outboxes_controller_spec.rb

@@ -59,10 +59,6 @@
           expect(response.headers['Vary']).to be_nil
         end
 
-        it 'does not have a Vary header' do
-          expect(response.headers['Vary']).to be_nil
-        end
-
         context 'when account is permanently suspended' do
           before do
             account.suspend!
@@ -108,10 +104,6 @@
           expect(response.headers['Vary']).to include 'Signature'
         end
 
-        it 'returns Vary header with Signature' do
-          expect(response.headers['Vary']).to include 'Signature'
-        end
-
         context 'when account is permanently suspended' do
           before do
             account.suspend!

spec/controllers/auth/sessions_controller_spec.rb

@@ -297,21 +297,6 @@
           end
         end
 
-        context 'using a valid OTP, attempting to leverage previous half-login to bypass password auth' do
-          let!(:other_user) do
-            Fabricate(:user, email: 'z@y.com', password: 'abcdefgh', otp_required_for_login: false, current_sign_in_at: 1.month.ago)
-          end
-
-          before do
-            post :create, params: { user: { email: other_user.email, password: other_user.password } }
-            post :create, params: { user: { email: user.email, otp_attempt: user.current_otp } }, session: { attempt_user_updated_at: user.updated_at.to_s }
-          end
-
-          it "doesn't log the user in" do
-            expect(controller.current_user).to be_nil
-          end
-        end
-
         context 'when the server has an decryption error' do
           before do
             allow_any_instance_of(User).to receive(:validate_and_consume_otp!).and_raise(OpenSSL::Cipher::CipherError)
@@ -462,33 +447,4 @@
       end
     end
   end
-
-  describe 'GET #webauthn_options' do
-    context 'with WebAuthn and OTP enabled as second factor' do
-      let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" }
-
-      let(:fake_client) { WebAuthn::FakeClient.new(domain) }
-
-      let!(:user) do
-        Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
-      end
-
-      before do
-        user.update(webauthn_id: WebAuthn.generate_user_id)
-        public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
-        user.webauthn_credentials.create(
-          nickname: 'SecurityKeyNickname',
-          external_id: public_key_credential.id,
-          public_key: public_key_credential.public_key,
-          sign_count: '1000'
-        )
-        post :create, params: { user: { email: user.email, password: user.password } }
-      end
-
-      it 'returns http success' do
-        get :webauthn_options
-        expect(response).to have_http_status :ok
-      end
-    end
-  end
 end

spec/controllers/relationships_controller_spec.rb

@@ -84,6 +84,7 @@
           expect(response).to redirect_to '/auth/sign_in'
         end
       end
+
       include_examples 'redirects back to followers page'
     end
   end

spec/lib/activitypub/activity/create_spec.rb

@@ -888,6 +888,12 @@ def activity_for_object(json)
           }
         end
 
+        it 'does not add a vote to the poll' do
+          expect(poll.votes.first).to be_nil
+        end
+      end
+    end
+
     context 'with an encrypted message' do
       subject { described_class.new(json, sender, delivery: true, delivered_to_account_id: recipient.id) }
 

spec/models/media_attachment_spec.rb

@@ -207,6 +207,26 @@
     end
   end
 
+  describe 'mp3 with large cover art' do
+    let(:media) { Fabricate(:media_attachment, file: attachment_fixture('boop.mp3')) }
+
+    it 'detects it as an audio file' do
+      expect(media.type).to eq 'audio'
+    end
+
+    it 'sets meta for the duration' do
+      expect(media.file.meta['original']['duration']).to be_within(0.05).of(0.235102)
+    end
+
+    it 'extracts thumbnail' do
+      expect(media.thumbnail.present?).to be true
+    end
+
+    it 'gives the file a random name' do
+      expect(media.file_file_name).to_not eq 'boop.mp3'
+    end
+  end
+
   it 'is invalid without file' do
     media = described_class.new