Commit Graph

8197 Commits

Author SHA1 Message Date
Sean King 6e7b919637
Make validation functions for restricted nicknames and blacklisted domains; do restricted nickname validation in LDAP account registration 2022-07-06 20:15:49 -06:00
Sean King 0d4aceb9b0
Make checking blacklisted domains and restricted nicknames case-insenstive 2022-07-05 20:36:47 -06:00
Haelwenn de37583c49 Merge branch 'image_description_from_exif_data' into 'develop'
Use EXIF data of image for image description

See merge request pleroma/pleroma!3535
2022-07-03 21:14:25 +00:00
Haelwenn a15b45a589 Merge branch 'bugfix/mime-validation-no-list' into 'develop'
Bugfix: Validate mediaType only by it's format

See merge request pleroma/pleroma!3597
2022-07-03 21:04:41 +00:00
Haelwenn 6b937d1473 Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop'
Server announcements (1st pass)

See merge request pleroma/pleroma!3643
2022-07-03 20:58:20 +00:00
Ilja 56227ef7ba Descriptions from exif data with only whitespeces are considered empty
I noticed that pictures taken with Ubuntu-Touch have whitespace in one of the fields
This should just be ignored imo
2022-07-01 13:47:23 +02:00
Ilja 8c761942b1 update moduledoc 2022-07-01 12:15:02 +02:00
Ilja 81afaee374 Better way of getting keys
I used keyword_list[:key], but if the key doesn't exist, it will return nil. I actually expect a list and further down the code I use that list.
I believe the key should always be present, but in case it's not, it's better to return an empty list instead of nil. That way the code wont fail further down the line.
2022-07-01 12:15:02 +02:00
Ilja d0d48a9e88 Add deprecation warnings 2022-07-01 12:15:02 +02:00
Ilja 8303af84ce Rename the Exiftool module
No migrations or checks yet
2022-07-01 12:15:02 +02:00
Ilja 551721e41a Rename the new module 2022-07-01 12:13:46 +02:00
Ilja cd316d7269 Use EXIF data of image to prefill image description
During attachment upload Pleroma returns a "description" field. Pleroma-fe has an MR to use that to pre-fill the image description field, <https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1399>

* This MR allows Pleroma to read the EXIF data during upload and return the description to the FE
    * If a description is already present (e.g. because a previous module added it), it will use that
    * Otherwise it will read from the EXIF data. First it will check -ImageDescription, if that's empty, it will check -iptc:Caption-Abstract
    * If no description is found, it will simply return nil, just like before
* When people set up a new instance, they will be asked if they want to read metadata and this module will be activated if so

This was taken from an MR i did on Pleroma and isn't finished yet.
2022-07-01 12:13:46 +02:00
Pierre-Louis Bonicoli a158774364
hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).

It looks like the same issue already occurred before:
0cb7b0ea84.

A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):

   $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
   iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
    {:tls_alert,
     {:protocol_version,
      'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}

With this patch, the output is the expected one:

   iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
   {:ok,
    %{
      "@context" => [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        %{
          "Emoji" => "toot:Emoji",
          "Hashtag" => "as:Hashtag",
          "atomUri" => "ostatus:atomUri",
          "conversation" => "ostatus:conversation",
          "featured" => "toot:featured",
          "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
          "inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
          "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
          "movedTo" => "as:movedTo",
          "ostatus" => "http://ostatus.org#",
          "sensitive" => "as:sensitive",
          "toot" => "http://joinmastodon.org/ns#"
        }
      ],
      "endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
      "followers" => "https://example.com/@/Nick/followers",
      "following" => nil,
      "icon" => %{
        "type" => "Image",
        "url" => "https://example.com/static/media/[...].png"
      },
      "id" => "https://example.com/@/Nick/",
      "inbox" => "https://example.com/@/Nick/inbox",
      "liked" => nil,
      "name" => "Nick",
      "outbox" => "https://example.com/@/Nick/outbox",
      "preferredUsername" => "Nick",
      "publicKey" => %{
        "id" => "https://example.com/@/Nick/#main-key",
        "owner" => "https://example.com/@/Nick/",
        "publicKeyPem" => "[...]
      },
      "summary" => "",
      "type" => "Person",
      "url" => "https://example.com/@/Nick/"
    }}

A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):

    iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
    {:error,
     {:tls_alert,
      {:protocol_version,
       'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-31 00:51:45 +02:00
Hélène a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
Haelwenn 4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Tusooa Zhu 57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu be08d9305b
Fix incorrect fallback when English is set to first language 2022-04-17 22:39:52 -04:00
Tusooa Zhu 7d1dae3bef
Restrict mastodon api announcements to logged-in users only 2022-04-02 02:25:13 -04:00
Haelwenn d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop'
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
2022-03-20 18:14:37 +00:00
Haelwenn b76340511d Merge branch 'delete_report_notifs_when_demoting_from_superuser' into 'develop'
Delete report notifs when demoting from superuser

Closes #2840

See merge request pleroma/pleroma!3642
2022-03-20 18:13:19 +00:00
Tusooa Zhu 0c78ab4a88
Use utc_datetime in db schema 2022-03-18 11:17:22 -04:00
Haelwenn (lanodan) Monnier 83338c25a5 Transmogrifier: Use validating regex for "mediaType" 2022-03-17 22:37:26 +01:00
Haelwenn (lanodan) Monnier 030183b35f AttachmentValidator: Use custom ecto type and regex for "mediaType" 2022-03-17 22:37:26 +01:00
Haelwenn (lanodan) Monnier 4ea9886faa EctoType: Add MIME validator 2022-03-17 22:37:26 +01:00
Tusooa Zhu ebcda5265b
Format announcements into html 2022-03-08 23:00:51 -05:00
Tusooa Zhu eb1a29640f
Add pagination to AdminAPI.AnnouncementController.index 2022-03-08 21:26:05 -05:00
Tusooa Zhu 11a1996bf5
Implement update announcement admin api 2022-03-08 20:55:41 -05:00
Tusooa Zhu 881179ec72
Remove GET /api/v1/announcements/:id 2022-03-08 19:22:28 -05:00
Tusooa Zhu d569694ae9
Show only visible announcements in MastodonAPI 2022-03-08 19:20:29 -05:00
Tusooa Zhu cf8334dbc1
Add starts_at, ends_at and all_day parameters 2022-03-08 19:12:01 -05:00
Tusooa Zhu fcf3c9057e
Implement visibility filtering for announcements 2022-03-08 18:21:20 -05:00
Tusooa Zhu 009817c9ee
Correct docstring for AnnouncementController.show 2022-03-08 17:00:49 -05:00
Tusooa Zhu 2b39b36e49
Implement POST /api/v1/announcements/:id/dismiss 2022-03-08 16:59:20 -05:00
Tusooa Zhu aa1fff279e
Implement GET /api/v1/announcements/:id 2022-03-08 16:19:35 -05:00
Tusooa Zhu 5169ad8f14
Implement announcement read relationships 2022-03-08 13:09:49 -05:00
Tusooa Zhu c867d23250
Fill properties of announcements from Mastodon API spec 2022-03-08 09:35:35 -05:00
Tusooa Zhu d7af67012f
Implement first pass of announcement admin api
CCBUG: https://git.pleroma.social/pleroma/pleroma/-/issues/2836
CCBUG: https://git.pleroma.social/pleroma/pleroma/-/issues/1470
2022-03-08 01:01:27 -05:00
Ilja cdc5bbe836 After code review
Use patern matching to see if someone was superuser before
2022-03-07 14:00:42 +01:00
Tusooa Zhu 79ccb6b999
Support fallbacking to other languages 2022-03-06 11:43:31 -05:00
Ilja 89667189b8 Delete report notifs when demoting from superuser
When someone isn't a superuser any more, they shouldn't see the reporsts any more either.
Here we delete the report notifications from a user when that user gets updated from being a superuser to a non-superuser.
2022-03-06 17:36:30 +01:00
Tusooa Zhu cd42e2bed0
Lint 2022-03-03 09:49:55 -05:00
Tusooa Zhu aca11fb70e
Support multiple locales from userLanguage cookie 2022-03-03 02:31:36 -05:00
Tusooa Zhu 7ea330b4fe
Support multiple locales formally
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-03-03 02:03:44 -05:00
Tusooa Zhu d3f3f30c6a
Make lint happy 2022-03-02 22:56:19 -05:00
Tusooa Zhu 8de573b047
Fallback to a variant if the language in general is not supported
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-03-02 19:59:11 -05:00
Tusooa Zhu e644f8dea5
Allow user to register with custom language 2022-03-02 01:41:13 -05:00
Tusooa Zhu 396f036b13
Allow update_credentials to update User.language 2022-03-02 00:58:02 -05:00
Tusooa Zhu 0149ea4538
Send emails i18n'd using backend-stored user language 2022-03-01 22:19:13 -05:00