Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
Showing
- app/controllers/api/v1/scheduled_statuses_controller.rb 1 addition, 0 deletionsapp/controllers/api/v1/scheduled_statuses_controller.rb
- app/controllers/api/v1/statuses/translations_controller.rb 1 addition, 0 deletionsapp/controllers/api/v1/statuses/translations_controller.rb
- app/controllers/api/v1/timelines/public_controller.rb 1 addition, 0 deletionsapp/controllers/api/v1/timelines/public_controller.rb
- app/controllers/api/v1/timelines/tag_controller.rb 2 additions, 1 deletionapp/controllers/api/v1/timelines/tag_controller.rb
- spec/controllers/api/v1/scheduled_statuses_controller_spec.rb 11 additions, 0 deletions.../controllers/api/v1/scheduled_statuses_controller_spec.rb
- spec/controllers/api/v1/statuses/translations_controller_spec.rb 20 additions, 0 deletions...ntrollers/api/v1/statuses/translations_controller_spec.rb
- spec/controllers/api/v1/timelines/tag_controller_spec.rb 15 additions, 4 deletionsspec/controllers/api/v1/timelines/tag_controller_spec.rb
- spec/requests/api/v1/timelines/public_spec.rb 19 additions, 5 deletionsspec/requests/api/v1/timelines/public_spec.rb
Loading
Please register or sign in to comment