Commit Graph

2461 Commits

Author SHA1 Message Date
Alexander Strizhakov 26e2076659
fix for feed page pagination 2020-03-16 12:33:55 +03:00
Haelwenn (lanodan) Monnier 0ac6e29654 static_fe: Sanitize HTML in posts
Note: Seems to have different sanitization with TwitterCard generator giving
the following:

<meta content=\"“alert(&#39;xss&#39;)”\" property=\"twitter:description\">
2020-03-15 20:44:04 +01:00
lain fa4ec17c84 Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'
[#1560] Restricted AP- & OStatus-related routes for non-federating instances

Closes #1560

See merge request pleroma/pleroma!2235
2020-03-15 19:15:20 +00:00
Haelwenn d84670b9e1 Merge branch 'f' into 'develop'
rip out fetch_initial_posts

Closes #1422 and #1595

See merge request pleroma/pleroma!2297
2020-03-15 16:14:54 +00:00
Haelwenn 67a27825b1 Merge branch 'fix/rate-limiter-remoteip-behavior' into 'develop'
rate limiter: disable based on if remote ip was found, not on if the plug was enabled

Closes #1620

See merge request pleroma/pleroma!2296
2020-03-15 14:22:10 +00:00
rinpatch e87a32bcd7 rip out fetch_initial_posts
Every time someone tries to use it, it goes mad and tries to scrape the
entire fediverse for no visible reason, it's better to just remove it
than continue shipping it in it's current state.

idea acked by lain and feld on irc

Closes #1595 #1422
2020-03-15 15:59:17 +03:00
Ivan Tashkinov ecb7809e92 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
# Conflicts:
#	lib/pleroma/plugs/static_fe_plug.ex
2020-03-14 15:37:02 +03:00
rinpatch fc4496d4fa rate limiter: disable based on if remote ip was found, not on if the plug was enabled
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable  when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.

Also closes #1620
2020-03-13 21:41:17 +03:00
Haelwenn (lanodan) Monnier d1379c4de8
Formatting: Do not use \n and prefer <br> instead
It moves bbcode to bbcode_pleroma as the former is owned by kaniini
and transfering ownership wasn't done in a timely manner.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
2020-03-13 16:07:17 +01:00
feld 802b991814 Merge branch 'exclude-posts-visible-to-admin' into 'develop'
Exclude private and direct statuses visible to the admin when using godmode

Closes #1599

See merge request pleroma/pleroma!2272
2020-03-12 20:29:51 +00:00
Alexander Strizhakov 39ed608b13
Merge branch 'develop' into gun 2020-03-12 18:31:10 +03:00
Ivan Tashkinov bd40880fa0 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
# Conflicts:
#	test/web/activity_pub/activity_pub_controller_test.exs
2020-03-12 12:07:07 +03:00
feld 2019f3b3ff Merge branch 'fix/signup-without-email' into 'develop'
Allow account registration without an email

See merge request pleroma/pleroma!2246
2020-03-11 16:53:05 +00:00
feld f92c447bbc Merge branch 'relay-list-change' into 'develop'
Relay list shows hosts without accepted follow

See merge request pleroma/pleroma!2240
2020-03-11 15:10:09 +00:00
Haelwenn (lanodan) Monnier 863ec33ba2
Add support for funkwhale Audio activity
reel2bits fixture not included as it lacks the Actor fixture for it.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1624
Closes: https://git.pleroma.social/pleroma/pleroma/issues/764
2020-03-11 13:46:42 +01:00
Ivan Tashkinov 5b696a8ac1 [#1560] Enforced authentication for non-federating instances in StaticFEController. 2020-03-11 14:05:56 +03:00
Ivan Tashkinov 972889550d Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-11 09:15:55 +03:00
Mark Felder 5af798f246 Fix enforcement of character limits 2020-03-10 13:08:00 -05:00
Alexander Strizhakov 426f5ee48a
tesla adapter can't be changed in adminFE 2020-03-10 15:31:44 +03:00
Ivan Tashkinov 5fc92deef3 [#1560] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring. 2020-03-09 20:51:44 +03:00
Maksim Pechnikov edb659dc57 Merge branch 'develop' into issue/1276 2020-03-08 14:10:59 +03:00
Alexander Strizhakov b2eb1124d1
Merge branch 'develop' into gun 2020-03-07 12:41:37 +03:00
Ivan Tashkinov 027714b519 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-06 11:48:30 +03:00
Ivan Tashkinov 40765875d4 [#1560] Misc. improvements in ActivityPubController federation state restrictions. 2020-03-05 21:19:21 +03:00
Alexander Strizhakov f0753eed0f
removing try block in tesla request
added mocks for tests which fail with Tesla.Mock.Error
2020-03-05 17:31:06 +03:00
eugenijm ad22e94f33 Exclude private and direct statuses visible to the admin when using godmode 2020-03-05 15:15:27 +03:00
lain f1750b4658 Admin API tests: Fix wrong test. 2020-03-05 12:42:02 +01:00
lain 4bce13fa2f MastodonController: Return 404 errors correctly. 2020-03-04 18:09:06 +01:00
lain 6f7a8c43a2 Merge branch 'fix/no-email-no-fail' into 'develop'
Do not fail when user has no email

See merge request pleroma/pleroma!2249
2020-03-04 12:43:06 +00:00
Alexander Strizhakov 22d52f5691
same copyright date format 2020-03-04 09:41:23 +03:00
Mark Felder 4427161ca3 Merge branch 'develop' into gun 2020-03-03 17:15:49 -06:00
Mark Felder 05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Ivan Tashkinov b6fc98d9cd [#1560] ActivityPubController federation state restrictions adjustments. Adjusted tests. 2020-03-03 22:22:02 +03:00
Alexander Strizhakov 509c81e4b1
Merge branch 'develop' into gun 2020-03-03 10:08:07 +03:00
Ivan Tashkinov bd8624d649 [#1560] Added tests for non-federating instance bahaviour to OStatusControllerTest. 2020-03-02 22:02:21 +03:00
Ivan Tashkinov b4367125e9 [#1560] Added tests for non-federating instance bahaviour to ActivityPubControllerTest. 2020-03-02 21:43:18 +03:00
Ivan Tashkinov 99a6c660a9 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-02 18:41:12 +03:00
Egor Kislitsyn 4a45b96a91
Merge branch 'develop' into fix/signup-without-email 2020-03-02 15:35:49 +04:00
Haelwenn 764a50f8a6 Merge branch 'feature/1482-activity_pub_transactions' into 'develop'
ActivityPub actions & side-effects in transaction

Closes #1482

See merge request pleroma/pleroma!2089
2020-03-02 07:58:01 +00:00
Alexander Strizhakov cc98d010ed
relay list shows hosts without accepted follow 2020-03-02 09:27:20 +03:00
Haelwenn (lanodan) Monnier 6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Haelwenn (lanodan) Monnier 6c0d869d9d
Bump copyright years of files changed after 2019-01-01
Done via the following command:
git diff 1e6c102b --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2020-03-02 05:54:56 +01:00
Alexander Strizhakov d9e4b77f8b
Merge branch 'develop' into gun 2020-03-01 12:48:49 +03:00
Alexander Strizhakov 32d1e04817
ActivityPub actions & side-effects in transaction 2020-03-01 12:01:39 +03:00
rinpatch 19e559fe51 Merge branch 'rate-limiter-runtime-settings' into 'develop'
RateLimiter improvements: runtime configurability, no default limits in tests

See merge request pleroma/pleroma!2250
2020-02-29 21:52:33 +00:00
Alexander Strizhakov 814b275af7
Merge branch 'develop' into gun 2020-02-29 11:34:50 +03:00
feld f2216287a7 Merge branch 'admin-status-list' into 'develop'
Admin API: `/api/pleroma/admin/statuses` (accepts `godmode` and `local_only`)

Closes #1550

See merge request pleroma/pleroma!2192
2020-02-27 18:11:04 +00:00
Ivan Tashkinov 6f2efb1c45 Runtime configurability of RateLimiter. Refactoring. Disabled default rate limits in tests. 2020-02-27 18:46:05 +03:00
Egor Kislitsyn cb60a9c42f
Do not fail when user has no email 2020-02-27 17:27:49 +04:00
eugenijm 4ab07cf0d5 Admin API: Exclude boosts from `GET /api/pleroma/admin/users/:nickname/statuses` and `GET /api/pleroma/admin/instance/:instance/statuses` 2020-02-26 22:35:57 +03:00
eugenijm e2a6a40367 Admin API: `GET /api/pleroma/admin/statuses` - list all statuses (accepts `godmode` and `local_only`) 2020-02-26 20:21:38 +03:00
Egor Kislitsyn f446744a6a
Allow account registration without an email 2020-02-26 20:13:53 +04:00
Egor Kislitsyn c495e6d387
Add a test to ensure OAuth tokens are tied to Push subscriptions 2020-02-25 18:04:28 +04:00
Maksim Pechnikov 10f452ad1f Merge branch 'develop' into issue/1276 2020-02-25 07:22:56 +03:00
eugenijm 7ad5c51f23 Admin API: `GET /api/pleroma/admin/stats` to get status count by visibility scope 2020-02-24 21:46:37 +03:00
Ivan Tashkinov 0cf1d4fcd0 [#1560] Restricted AP- & OStatus-related routes for non-federating instances. 2020-02-22 19:48:41 +03:00
Ivan Tashkinov 8f0ca19b9c Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
# Conflicts:
#	CHANGELOG.md
#	config/config.exs
2020-02-22 09:31:43 +03:00
Alexander Strizhakov 13918cb545
Merge branch 'develop' into gun 2020-02-21 10:02:37 +03:00
Haelwenn c5570e0493 Merge branch 'single_emoji_reaction' into 'develop'
Single emoji reaction

Closes #1578

See merge request pleroma/pleroma!2226
2020-02-20 23:50:40 +00:00
lain c69b04c490 Merge branch 'features/remote-follow-userpage-redirect' into 'develop'
remote_follow_controller.ex: Redirect to the user page on success

Closes #1245

See merge request pleroma/pleroma!2123
2020-02-20 12:04:29 +00:00
Ivan Tashkinov 0c65a8c3d0 Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
# Conflicts:
#	config/config.exs
2020-02-20 15:00:48 +03:00
lain cf4ecffcea Merge branch 'tests-clear-config-tweaks' into 'develop'
Tweaks to `clear_config` calls in tests

See merge request pleroma/pleroma!2209
2020-02-20 11:36:48 +00:00
lain 314928333a Pleroma API: Add endpoint to get reaction information on a single emoji 2020-02-19 17:16:45 +01:00
Mark Felder cf94349287 Merge branch 'develop' into gun 2020-02-18 09:06:27 -06:00
lain cf8307e71c Merge branch 'fix/status-view/expires_at' into 'develop'
Fix `status.expires_at` type

Closes #1573

See merge request pleroma/pleroma!2222
2020-02-18 14:56:59 +00:00
Ivan Tashkinov 226f4d5ef9 Merge remote-tracking branch 'remotes/origin/develop' into tests-clear-config-tweaks
# Conflicts:
#	test/web/admin_api/admin_api_controller_test.exs
2020-02-18 17:52:31 +03:00
Ivan Tashkinov 61d9f43e46 Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation 2020-02-18 17:46:09 +03:00
lain c07efd5b42 Merge branch 'need-reboot-flag' into 'develop'
need_reboot flag for adminFE

See merge request pleroma/pleroma!2188
2020-02-18 14:32:03 +00:00
Egor Kislitsyn ca7ac068f0
Add a test 2020-02-18 17:09:50 +04:00
Alexander Strizhakov 514c899275
adding gun adapter 2020-02-18 08:19:01 +03:00
Maksim Pechnikov 28701c08ad Merge branch 'develop' into issue/1276 2020-02-17 08:56:03 +03:00
rinpatch 472132215e Use floki's new APIs for parsing fragments 2020-02-16 01:55:26 +03:00
Ivan Tashkinov 269d592181 [#1505] Restricted max thread distance for fetching replies on incoming federation (in addition to reply-to depth restriction). 2020-02-15 20:41:38 +03:00
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
Ivan Tashkinov 4f8c3462a8 Tweaks to `clear_config` calls in tests in order to prevent side effects on config during test suite execution. 2020-02-13 21:55:47 +03:00
Maksim Pechnikov 6f9839c73c Merge branch 'develop' into issue/1276 2020-02-13 20:43:34 +03:00
feld b312c36b8e Merge branch 'develop' into 'fix/rename-no_attachment_links-setting'
# Conflicts:
#   config/description.exs
2020-02-13 14:37:55 +00:00
Maksim Pechnikov da44ee5b0f Merge branch 'develop' into issue/1276 2020-02-13 09:20:34 +03:00
Egor Kislitsyn 19516af74e
Fix `status.expires_in` validation 2020-02-12 20:20:44 +04:00
Mark Felder ff9fd4ca89 Fix the confusingly named and inverted logic of "no_attachment_links"
The setting is now simply "attachment_links" and the boolean value does
what you expect. A double negative is never possible and describing the
functionality is no longer a philospher's worst nightmare.
2020-02-11 15:39:19 -06:00
Egor Kislitsyn 58b2017aa0
Restore TwitterAPI tests 2020-02-12 00:51:05 +04:00
feld 237b2068f9 Revert "Merge branch 'feat/floki-fasthtml' into 'develop'"
This reverts merge request !2194
2020-02-11 16:55:18 +00:00
rinpatch ea1631d7e6 Make Floki use fast_html 2020-02-11 16:17:21 +03:00
lain 24c526a0b1 Merge remote-tracking branch 'origin/develop' into uguu-uwu-notices-bulge 2020-02-11 13:58:36 +01:00
Maksim Pechnikov 58574ef156 Merge branch 'develop' into issue/1276 2020-02-11 08:35:26 +03:00
Maksim Pechnikov 6813c0302c Merge branch 'develop' into issue/1383 2020-02-10 20:49:20 +03:00
Ivan Tashkinov b95dd5e217 [#1505] Improved replies-handling tests: updated Mastodon message fixture, used exact Pleroma federation message. 2020-02-10 11:46:16 +03:00
Maksim Pechnikov b87533760b Merge branch 'develop' into issue/1276 2020-02-10 07:59:52 +03:00
Ivan Tashkinov 24e49d14f2 [#1505] Removed wrapping of reply URIs into `first` element, added comments to transmogrifier tests. 2020-02-09 17:34:48 +03:00
Ivan Tashkinov 7c3991f59e [#1505] Fixed `replies` serialization (included objects' ids instead of activities' ids). 2020-02-09 10:17:21 +03:00
Ivan Tashkinov 4e6bbdc7b5 Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation 2020-02-08 19:59:37 +03:00
Ivan Tashkinov d458f4fdca [#1505] Added tests, changelog entry, tweaked config settings related to replies output on outgoing federation. 2020-02-08 19:58:02 +03:00
Alexander Strizhakov dad23e3766
need_reboot flag 2020-02-08 13:00:02 +03:00
Haelwenn 1262357ddb Merge branch 'cancel-follow-request' into 'develop'
Add support for cancellation of a follow request

Closes #1522

See merge request pleroma/pleroma!2175
2020-02-07 16:10:43 +00:00
Lain Soykaf d85bcc8627 Questions: Add timezone to `closed` property 2020-02-07 16:57:46 +01:00
Lain Soykaf 4538a1ee01 EmojiReactions: Remove old API endpoints 2020-02-07 15:01:45 +01:00
Lain Soykaf f875b9650a EmojiReactions: Add Mastodon-aligned reaction endpoints, change response 2020-02-07 14:52:13 +01:00
Egor Kislitsyn bc2e98b200
Add User.get_follow_state/2 2020-02-07 16:17:34 +04:00
Lain Soykaf 8a79f20c21 EmojiReactions: Rename to EmojiReacts 2020-02-06 18:09:57 +01:00
feld df0b00b32d Merge branch 'mastoapi-non-html-strings' into 'develop'
mastodon API: do not sanitize html in non-html fields

See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00