Commit Graph

6517 Commits

Author SHA1 Message Date
Ariadne Conill 739bbe0d3b security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
Moonman f98f7ad1b9 detect and use sha512-crypt for stored password hash. 2019-07-14 09:48:42 -07:00
kaniini 93701c3399 Merge branch 'chore/remove-cc-by-nc-nd-license' into 'develop'
remove CC-BY-NC-ND license.

See merge request pleroma/pleroma!1415
2019-07-14 16:43:55 +00:00
Ariadne Conill 26f265fb0e remove CC-BY-NC-ND license.
we moved branding assets (mascot etc) to CC-BY-SA a while back.
2019-07-14 16:43:00 +00:00
kaniini cef4337f95 Merge branch 'bugfix/llal-object-containment' into 'develop'
Object.Fetcher: Handle error on Containment.contain_origin/2

See merge request pleroma/pleroma!1414
2019-07-14 16:39:17 +00:00
Haelwenn (lanodan) Monnier 2592934480
Object.Fetcher: Keep the with-do block as per kaniini proposition 2019-07-14 17:28:25 +02:00
Haelwenn (lanodan) Monnier a2c601acb5
FetcherTest: Containment refute called(OStatus.fetch_activity_from_url) 2019-07-14 17:05:32 +02:00
Haelwenn (lanodan) Monnier e1c08a67d6
Object.Fetcher: Fallback to OStatus only if AP actually fails 2019-07-14 17:05:31 +02:00
kaniini 1589b170e8 Merge branch 'feature/1072-muting-notifications' into 'develop'
Feature/1072 muting notifications

Closes #1072

See merge request pleroma/pleroma!1398
2019-07-14 13:29:32 +00:00
Alexander Strizhakov e7c39b7ac8 Feature/1072 muting notifications 2019-07-14 13:29:31 +00:00
Haelwenn (lanodan) Monnier 40d0a198e2
Object.Fetcher: Handle error on Containment.contain_origin/2 2019-07-14 14:58:47 +02:00
Haelwenn (lanodan) Monnier f00562ed6b
HttpRequestMock: Add 404s on OStatus fetching for info.pleroma.site 2019-07-14 13:55:41 +02:00
Haelwenn (lanodan) Monnier efa9a13d4e
HttpRequestMock: Add missing mocks for object containment tests 2019-07-14 13:55:41 +02:00
kaniini 9f211838ec Merge branch 'rich_media_parsers_configurable' into 'develop'
parsers configurable

See merge request pleroma/pleroma!1400
2019-07-14 09:53:42 +00:00
Alex S 7af27c143d changelog & docs 2019-07-14 09:23:43 +03:00
Alex S f4447d82b8 parsers configurable 2019-07-14 09:21:56 +03:00
rinpatch 0c2dcb4c69 Add follow information refetching after following/unfollowing 2019-07-14 01:58:39 +03:00
rinpatch 183da33e00 Add tests for fetch_follow_information_for_user and check object type
when fetching the page
2019-07-14 00:56:02 +03:00
Maxim Filippov 418ae6638d Merge branch 'develop' into feature/admin-api-user-statuses 2019-07-14 00:39:06 +03:00
Maxim Filippov a9459ff98f Admin API: Endpoint for fetching latest user's statuses 2019-07-14 00:37:26 +03:00
rinpatch d06d1b751d Use atoms when updating user info 2019-07-14 00:21:35 +03:00
rinpatch e5b850a991 Refactor fetching follow information to a separate function 2019-07-13 23:56:10 +03:00
kaniini 592411e4fe Merge branch 'feature/mrf-transparency-filter' into 'develop'
nodeinfo: implement MRF transparency exclusions

See merge request pleroma/pleroma!1412
2019-07-13 19:06:54 +00:00
Ariadne Conill 0cc638b968 docs: note that exclusions usage will be included in the transparency metrics if used 2019-07-13 19:00:03 +00:00
Ariadne Conill 80c46d6d8b nodeinfo: implement MRF transparency exclusions 2019-07-13 18:53:14 +00:00
rinpatch e8fa477793 Refactor Follows/Followers counter syncronization
- Actually sync counters in the database instead of info cache (which got
overriden after user update was finished anyway)
- Add following count field to user info
- Set hide_followers/hide_follows for remote users based on http status
codes for the first collection page
2019-07-13 19:27:49 +03:00
kaniini f4c001062e Merge branch '1041-status-actions-rate-limit' into 'develop'
Rate-limited status actions (per user and per user+status).

Closes #1041

See merge request pleroma/pleroma!1410
2019-07-13 14:17:17 +00:00
Ivan Tashkinov d72876c57d [#1041] Minor refactoring. 2019-07-13 15:21:50 +03:00
Ivan Tashkinov b74d11e20a [#1041] Added documentation on existing rate limiters. 2019-07-13 15:13:26 +03:00
Haelwenn 9497d14f09 Merge branch 'fix/hackney-global-options' into 'develop'
Merge the default options with custom ones in ReverseProxy and Pleroma.HTTP and workaround for remote server certificate chain issues

See merge request pleroma/pleroma!1409
2019-07-13 11:55:09 +00:00
Ivan Tashkinov 369e9bb42f [#1041] Rate-limited status actions (per user and per user+status). 2019-07-13 14:49:39 +03:00
rinpatch 29ffe81c2e Add a changelog entry for tolerating incorrect chain order 2019-07-13 13:38:53 +03:00
Haelwenn 02cdedbf9f Merge branch 'fix/ap-hide-follows' into 'develop'
ActivityPub Controller: Change how hiding follows/followers is represented

See merge request pleroma/pleroma!1406
2019-07-13 10:22:19 +00:00
rinpatch fa7e0c4262 Workaround for remote server certificate chain issues 2019-07-12 23:53:21 +03:00
rinpatch b001b8891a Merge the default options with custom ones in ReverseProxy and
Pleroma.HTTP
2019-07-12 23:52:26 +03:00
rinpatch f40004e746 Add changelog entries for follower/following collection behaviour changes 2019-07-12 21:49:16 +03:00
rinpatch 095117a58c Merge branch 'develop' into fix/ap-hide-follows 2019-07-12 21:43:06 +03:00
rinpatch 97b79efbcd ActivityPub Controller: Actually pass for_user to following/followers
views and give 403 errors when trying to request hidden follower pages
when unauthenticated
2019-07-12 20:54:20 +03:00
Sachin Joshi f8e3ae6154 try to always match the filename for proxy url 2019-07-12 22:56:14 +05:45
kaniini 5999780e82 Merge branch 'tests/web_metadata' into 'develop'
Pleroma.Web.Metadata - tests

See merge request pleroma/pleroma!1401
2019-07-12 16:42:54 +00:00
Maksim 92055941bd Pleroma.Web.Metadata - tests 2019-07-12 16:42:54 +00:00
rinpatch 1f6ac7680d ActivityPub User view: Following/Followers refactoring
- Render the collection items if the user requesting == the user
rendered
- Do not render the first page if hide_{followers,follows} is set, just
give the URI to it
2019-07-12 19:41:55 +03:00
kaniini 71cc0d5c17 Merge branch 'fix/pleroma-extensions' into 'develop'
Move new endpoints to pleroma namespace in Mastodon API

See merge request pleroma/pleroma!1404
2019-07-12 16:33:58 +00:00
Mark Felder 360e4cdaa2 Move these to pleroma namespace in Mastodon API 2019-07-12 11:25:58 -05:00
rinpatch 27ed260eed AP user view: Add a test for hiding totalItems in following/followers 2019-07-12 18:36:14 +03:00
kaniini b6567c9f4e Merge branch 'url-parser-proxy' into 'develop'
preserve the original path/filename (no encoding/decoding) for proxy

See merge request pleroma/pleroma!1403
2019-07-12 15:34:00 +00:00
Sachin Joshi 6a6c4d134b preserve the original path/filename (no encoding/decoding) for proxy 2019-07-12 21:05:01 +05:45
Roman Chvanikov 0384459ce5 Update mix.lock 2019-07-12 18:16:54 +03:00
Roman Chvanikov eae991b06a merge develop 2019-07-12 18:08:27 +03:00
kaniini db75288b71 Merge branch 'search-limit-offset-type' into 'develop'
Add account_id, type, limit, and offset to GET /api/v1/search and /api/v2/search

See merge request pleroma/pleroma!1386
2019-07-11 13:55:31 +00:00