Commit Graph

14286 Commits

Author SHA1 Message Date
lain 75f912c63f Merge branch 'hackney_reenable_TLSv1.3' into 'develop'
hackney adapter helper: enable TLSv1.3

See merge request pleroma/pleroma!3661
2022-06-06 11:36:21 +00:00
Tusooa Zhu d2d3532e5f
Lint 2022-06-05 16:35:01 -04:00
Tusooa Zhu 532f6ae3ed
Return update notification in mastodon api 2022-06-05 16:34:42 -04:00
Tusooa Zhu 06a3998013
Create Update notifications 2022-06-05 15:02:25 -04:00
Tusooa Zhu 97eabb2047
Fix CommonAPITest 2022-06-04 13:15:07 -04:00
Tusooa Zhu fe2d4778ee
Expose content type of status sources 2022-06-04 12:57:30 -04:00
Tusooa Zhu 72ac940618
Fix SideEffectsTest 2022-06-03 21:50:49 -04:00
Tusooa Zhu 3249ac1f12
Show edited_at in MastodonAPI/show 2022-06-03 21:47:40 -04:00
Tusooa Zhu fdaa864083
Test that own edits are streamed 2022-06-03 21:17:16 -04:00
Tusooa Zhu 8bac8147d4
Stream out edits 2022-06-03 21:15:17 -04:00
Tusooa Zhu fa31ae50e6
Inject history when object is refetched 2022-06-01 19:49:04 -04:00
Tusooa Zhu 410e177b2a
Strip internal fields in formerRepresentation 2022-06-01 12:02:03 -04:00
Tusooa Zhu b613a9ec6b
Implement mastodon api for editing status 2022-05-31 14:32:28 -04:00
Pierre-Louis Bonicoli 6f23fc8e08
Add tlsv1.3 to suggestions 2022-05-31 00:51:48 +02:00
Pierre-Louis Bonicoli a158774364
hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).

It looks like the same issue already occurred before:
0cb7b0ea84.

A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):

   $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
   iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
    {:tls_alert,
     {:protocol_version,
      'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}

With this patch, the output is the expected one:

   iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
   {:ok,
    %{
      "@context" => [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        %{
          "Emoji" => "toot:Emoji",
          "Hashtag" => "as:Hashtag",
          "atomUri" => "ostatus:atomUri",
          "conversation" => "ostatus:conversation",
          "featured" => "toot:featured",
          "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
          "inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
          "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
          "movedTo" => "as:movedTo",
          "ostatus" => "http://ostatus.org#",
          "sensitive" => "as:sensitive",
          "toot" => "http://joinmastodon.org/ns#"
        }
      ],
      "endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
      "followers" => "https://example.com/@/Nick/followers",
      "following" => nil,
      "icon" => %{
        "type" => "Image",
        "url" => "https://example.com/static/media/[...].png"
      },
      "id" => "https://example.com/@/Nick/",
      "inbox" => "https://example.com/@/Nick/inbox",
      "liked" => nil,
      "name" => "Nick",
      "outbox" => "https://example.com/@/Nick/outbox",
      "preferredUsername" => "Nick",
      "publicKey" => %{
        "id" => "https://example.com/@/Nick/#main-key",
        "owner" => "https://example.com/@/Nick/",
        "publicKeyPem" => "[...]
      },
      "summary" => "",
      "type" => "Person",
      "url" => "https://example.com/@/Nick/"
    }}

A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):

    iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
    {:error,
     {:tls_alert,
      {:protocol_version,
       'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-31 00:51:45 +02:00
Tusooa Zhu 393b508846
Implement viewing source 2022-05-30 00:59:23 -04:00
Tusooa Zhu c004eb0fa2
Implement mastodon api for showing edit history 2022-05-29 23:50:31 -04:00
Tusooa Zhu 8acfe95f3e
Allow updating polls 2022-05-29 22:16:03 -04:00
Tusooa Zhu 5e8aac0e07
Record edit history for Note and Question Updates 2022-05-29 13:54:16 -04:00
Tusooa Zhu 0f6a5eb9a2
Handle Note and Question Updates 2022-05-29 12:54:57 -04:00
Tusooa Zhu 547def67a7
Allow Updates by every actor on the same origin 2022-05-29 11:36:00 -04:00
Haelwenn 7466136ad3 Merge branch 'lewdthewides-develop-patch-48691' into 'develop'
Instruct users to run 'git pull' as the pleroma user

See merge request pleroma/pleroma!3667
2022-05-22 17:09:54 +00:00
lain bdca5f5d68 Merge branch 'fix/mrf-steal-emoji-regex' into 'develop'
StealEmojiPolicy: fix String rejected_shortcodes

See merge request pleroma/pleroma!3673
2022-05-19 08:55:39 +00:00
Hélène a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
lewdthewides 7977dd6ac7 Instruct users to run 'git pull' as the pleroma user 2022-05-12 16:02:58 +00:00
Haelwenn 4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Pete aa51fd068b Add index hotspots
squash
2022-05-06 18:48:08 -07:00
Haelwenn 214ef7ff73 Merge branch 'security/2.4.3-develop' into 'develop'
Merge back 2.4.3

See merge request pleroma/pleroma!3663
2022-05-06 08:27:03 +00:00
Haelwenn (lanodan) Monnier f9943b2065 mix: Bump to 2.4.52 for 2.4.3 mergeback 2022-05-06 10:23:43 +02:00
Tusooa Zhu 57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Ilja c3b2b71ea2 update sweet_xml [Security] 2022-05-06 10:23:25 +02:00
Haelwenn 8517bc18aa Merge branch 'from/upstream-develop/tusooa/fix-en-fallback' into 'develop'
Fix incorrect fallback when English is set to first language

See merge request pleroma/pleroma!3656
2022-04-18 03:31:44 +00:00
Tusooa Zhu be08d9305b
Fix incorrect fallback when English is set to first language 2022-04-17 22:39:52 -04:00
Haelwenn a5d7e98de0 Merge branch 'fix_eratic_test_for_report_notes' into 'develop'
Fix eratic test for POST /api/pleroma/admin/reports/:id/notes

See merge request pleroma/pleroma!3653
2022-04-05 12:11:53 +00:00
Ilja 5f37db330f Fix eratic test for POST /api/pleroma/admin/reports/:id/notes
It retrieved two ReportNotes and then checked one of them. But the order isn't guaranteed, while the test tested on the content of the first ReportNote.

I made the test on the content more generic
2022-04-05 13:21:09 +02:00
Tusooa Zhu 7d1dae3bef
Restrict mastodon api announcements to logged-in users only 2022-04-02 02:25:13 -04:00
Haelwenn d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop'
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
2022-03-20 18:14:37 +00:00
Haelwenn e63d49d238 Merge branch 'caddyfile-v2' into 'develop'
Update Caddyfile to Caddy v2

Closes #2764

See merge request pleroma/pleroma!3641
2022-03-20 18:14:00 +00:00
Haelwenn b76340511d Merge branch 'delete_report_notifs_when_demoting_from_superuser' into 'develop'
Delete report notifs when demoting from superuser

Closes #2840

See merge request pleroma/pleroma!3642
2022-03-20 18:13:19 +00:00
Tusooa Zhu 0c78ab4a88
Use utc_datetime in db schema 2022-03-18 11:17:22 -04:00
Haelwenn (lanodan) Monnier 83338c25a5 Transmogrifier: Use validating regex for "mediaType" 2022-03-17 22:37:26 +01:00
Haelwenn (lanodan) Monnier 030183b35f AttachmentValidator: Use custom ecto type and regex for "mediaType" 2022-03-17 22:37:26 +01:00
Haelwenn (lanodan) Monnier 4ea9886faa EctoType: Add MIME validator 2022-03-17 22:37:26 +01:00
Haelwenn 2db640632b Merge branch 'bugfix/mix-dotgit' into 'develop'
mix: Check `.git` presence

See merge request pleroma/pleroma!3638
2022-03-17 21:21:59 +00:00
Tusooa Zhu ebcda5265b
Format announcements into html 2022-03-08 23:00:51 -05:00
Tusooa Zhu 0e0a1758f7
Add doc for Admin Announcement APIs 2022-03-08 21:48:41 -05:00
Tusooa Zhu eb1a29640f
Add pagination to AdminAPI.AnnouncementController.index 2022-03-08 21:26:05 -05:00
Tusooa Zhu 11a1996bf5
Implement update announcement admin api 2022-03-08 20:55:41 -05:00