Commit Graph

16137 Commits

Author SHA1 Message Date
Pierre-Louis Bonicoli a158774364
hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).

It looks like the same issue already occurred before:
0cb7b0ea84.

A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):

   $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
   iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
    {:tls_alert,
     {:protocol_version,
      'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}

With this patch, the output is the expected one:

   iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
   {:ok,
    %{
      "@context" => [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        %{
          "Emoji" => "toot:Emoji",
          "Hashtag" => "as:Hashtag",
          "atomUri" => "ostatus:atomUri",
          "conversation" => "ostatus:conversation",
          "featured" => "toot:featured",
          "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
          "inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
          "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
          "movedTo" => "as:movedTo",
          "ostatus" => "http://ostatus.org#",
          "sensitive" => "as:sensitive",
          "toot" => "http://joinmastodon.org/ns#"
        }
      ],
      "endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
      "followers" => "https://example.com/@/Nick/followers",
      "following" => nil,
      "icon" => %{
        "type" => "Image",
        "url" => "https://example.com/static/media/[...].png"
      },
      "id" => "https://example.com/@/Nick/",
      "inbox" => "https://example.com/@/Nick/inbox",
      "liked" => nil,
      "name" => "Nick",
      "outbox" => "https://example.com/@/Nick/outbox",
      "preferredUsername" => "Nick",
      "publicKey" => %{
        "id" => "https://example.com/@/Nick/#main-key",
        "owner" => "https://example.com/@/Nick/",
        "publicKeyPem" => "[...]
      },
      "summary" => "",
      "type" => "Person",
      "url" => "https://example.com/@/Nick/"
    }}

A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):

    iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
    {:error,
     {:tls_alert,
      {:protocol_version,
       'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-31 00:51:45 +02:00
marcin mikołajczak 0ecd6ba35e AdminAPI: Allow filtering reports by rule_id
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-30 13:24:39 +02:00
marcin mikołajczak b354d70e85 Apply, suggestions, use strings for actual Mastodon API compatibility
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-30 12:30:03 +02:00
Tusooa Zhu 393b508846
Implement viewing source 2022-05-30 00:59:23 -04:00
Tusooa Zhu c004eb0fa2
Implement mastodon api for showing edit history 2022-05-29 23:50:31 -04:00
Tusooa Zhu 8acfe95f3e
Allow updating polls 2022-05-29 22:16:03 -04:00
Tusooa Zhu 5e8aac0e07
Record edit history for Note and Question Updates 2022-05-29 13:54:16 -04:00
Tusooa Zhu 0f6a5eb9a2
Handle Note and Question Updates 2022-05-29 12:54:57 -04:00
Tusooa Zhu 547def67a7
Allow Updates by every actor on the same origin 2022-05-29 11:36:00 -04:00
Haelwenn 7466136ad3 Merge branch 'lewdthewides-develop-patch-48691' into 'develop'
Instruct users to run 'git pull' as the pleroma user

See merge request pleroma/pleroma!3667
2022-05-22 17:09:54 +00:00
duponin 5ca1ac041f BBS: add repeat functionality 2022-05-22 03:19:24 +02:00
duponin 5951d637a9 BBS: show post ID when posted 2022-05-22 02:40:56 +02:00
duponin fffd9059d6 BBS: add post favourite feature 2022-05-22 02:39:56 +02:00
Hélène a4659d993d Apply Hélène suggestions 2022-05-21 23:23:55 +00:00
duponin e3e8ff06f9 BBS: mark notification as read 2022-05-21 05:10:48 +02:00
duponin c04c7f9e45 BBS: show notifactions 2022-05-21 05:10:22 +02:00
duponin 33ced2c2ed BBS: put a new line for each HTML break in an activity
Otherwise it would just put each line on the first one, which is not
really readable
2022-05-21 04:17:34 +02:00
lain bdca5f5d68 Merge branch 'fix/mrf-steal-emoji-regex' into 'develop'
StealEmojiPolicy: fix String rejected_shortcodes

See merge request pleroma/pleroma!3673
2022-05-19 08:55:39 +00:00
duponin b128e1d6c5 decode HTML to be human readable in BBS 2022-05-19 01:38:13 +02:00
duponin 5086d6d5e9 add thread show in BBS frontend 2022-05-19 00:56:20 +02:00
Hélène a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
duponin 39c47073a3 fix Ctrl-c catch on SSH BBS 2022-05-18 20:06:16 +02:00
duponin e606b9ab3f add missing extra application to start the SSH BBS 2022-05-18 20:05:42 +02:00
marcin mikołajczak 5c383ada8a Correctly order rules by id/creation date
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:08:02 +02:00
marcin mikołajczak d26aadb743 Add tests
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:06:53 +02:00
marcin mikołajczak 574db5b988 Allow submitting an array of rule_ids to /api/v1/reports
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:06:49 +02:00
marcin mikołajczak bbf3bc2228 Add RuleTest
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:03:06 +02:00
marcin mikołajczak 384f8bfa78 Instance rules: Use render_many
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:02:40 +02:00
marcin mikołajczak 432599311d Add GET /api/v1/instance/rules
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:02:36 +02:00
marcin mikołajczak bd52e2aec7 Instance rules
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-05-16 14:02:32 +02:00
lewdthewides 7977dd6ac7 Instruct users to run 'git pull' as the pleroma user 2022-05-12 16:02:58 +00:00
Tusooa Zhu f1722a9f4a
Make lint happy
Ref: fix-local-public
2022-05-09 18:53:32 -04:00
Tusooa Zhu 6e5ef7f2eb
Test local-only in ap c2s outbox
Ref: fix-local-public
2022-05-09 18:53:32 -04:00
Tusooa Zhu 38444aa92a
Allow authenticated users to access local-only posts in MastoAPI
Ref: fix-local-public
2022-05-09 18:53:18 -04:00
Haelwenn 4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Tusooa Zhu 221cb3fb81
Allow users to create backups without providing email address
Ref: backup-without-email
2022-05-07 00:23:55 -04:00
Pete aa51fd068b Add index hotspots
squash
2022-05-06 18:48:08 -07:00
Tusooa Zhu fe933b9bf2
Prevent remote access of local-only posts via /objects
Ref: fix-local-public
2022-05-06 13:54:21 -04:00
Tusooa Zhu 466568ae36
Lint
Ref: fix-local-public
2022-05-06 13:54:13 -04:00
Tusooa Zhu 826deb7375
Make local-only statuses searchable
Ref: fix-local-public
2022-05-06 13:54:13 -04:00
Tusooa Zhu 38af42968d
Test that anonymous users cannot see local-only posts
Ref: fix-local-public
2022-05-06 13:54:12 -04:00
Tusooa Zhu c48be59f58
Show local-only statuses in public timeline for authenticated users
Ref: fix-local-public
2022-05-06 13:54:02 -04:00
Haelwenn 214ef7ff73 Merge branch 'security/2.4.3-develop' into 'develop'
Merge back 2.4.3

See merge request pleroma/pleroma!3663
2022-05-06 08:27:03 +00:00
Haelwenn (lanodan) Monnier f9943b2065 mix: Bump to 2.4.52 for 2.4.3 mergeback 2022-05-06 10:23:43 +02:00
Tusooa Zhu 57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Ilja c3b2b71ea2 update sweet_xml [Security] 2022-05-06 10:23:25 +02:00
Haelwenn b22843a982 Merge branch 'security/2.4.3' into 'stable'
Release: 2.4.3

See merge request pleroma/pleroma!3662
2022-05-06 08:19:03 +00:00
Haelwenn (lanodan) Monnier 57c486014c Release 2.4.3 2022-05-06 09:01:33 +02:00