Commit Graph

1747 Commits

Author SHA1 Message Date
Haelwenn 79b1e4465f Merge branch 'bugfix/233-handle-missing-StatusView' into 'develop'
[Pleroma.Web.MastodonAPI.StatusView]: Add fallback on missing handler for status.json

Closes #233

See merge request pleroma/pleroma!257
2018-10-25 04:35:29 +00:00
William Pitcock 5383887bd4 transmogrifier: do not try to contain origin of something which doesn't have one 2018-10-25 04:27:33 +00:00
Haelwenn (lanodan) Monnier b386888a0e
[Pleroma.Web.MastodonAPI.MastodonAPIController]: fallback for try_render/4
Better be sure than sorry
2018-10-25 06:21:11 +02:00
William Pitcock 1ed25c963a twitterapi: activity view: add the other in_reply_to fields 2018-10-25 04:04:04 +00:00
William Pitcock 1b480e3514 user: add helper for fetching profile url (which may be different than ap id) 2018-10-25 04:01:59 +00:00
Haelwenn (lanodan) Monnier b112112c11
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Wrap around render/4 2018-10-25 05:52:45 +02:00
Haelwenn (lanodan) Monnier b0a940d5a2
[Pleroma.Web.MastodonAPI.StatusView]: Remove unused arguments 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier 2da0ffeb28
lib/pleroma/web/mastodon_api/mastodon_api_controller.ex: Output an error when render(status.json) gives a nil 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier 0c10be8731
[Pleroma.Web.MastodonAPI.StatusView]: Remove nils from lists.json 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier 3b0e9287a5
[Pleroma.Web.MastodonAPI.StatusView]: Return nil as fallback for missing views 2018-10-25 05:24:01 +02:00
William Pitcock fee43ae5e7 twitterapi: activity view: implement in_reply_to_screen_name using the new graph walking helper 2018-10-25 02:59:04 +00:00
William Pitcock f3f736afc4 activity: add helper to fetch an activity's parent 2018-10-25 02:47:55 +00:00
kaniini 945ce9910d Merge branch 'bugfix/html-scrub-comments' into 'develop'
html: ensure comments are correctly scrubbed

See merge request pleroma/pleroma!384
2018-10-23 00:56:09 +00:00
William Pitcock 8613db0e3b html: ensure comments are correctly scrubbed 2018-10-23 00:48:49 +00:00
scarlett a253c1466e New frontend options 2018-10-21 12:52:52 +01:00
AkiraFukushima a249cbf187 Add a test for List.get_lists_account_belongs 2018-10-19 21:24:15 +09:00
AkiraFukushima e8c698af41 Add an endpoint /api/v1/accounts/:id/lists to get lists to which account belongs 2018-10-19 01:46:26 +09:00
kaniini ad3181895c Merge branch 'bugfix/html-scrub-schemes' into 'develop'
lib/pleroma/html.ex: Fix scheme lists

See merge request pleroma/pleroma!377
2018-10-18 14:36:40 +00:00
William Pitcock 595d855f0e html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility 2018-10-18 14:29:31 +00:00
Haelwenn (lanodan) Monnier 2154c5dcd8
lib/pleroma/html.ex: Use macros for valid_schemes, change config for schemes 2018-10-18 07:58:15 +02:00
William Pitcock 582dbe5c8d formatter: fix matching osada users 2018-10-17 19:15:20 +00:00
scarlett 7562912f6a Use maybe_direct_follow for follow imports 2018-10-17 04:16:11 +01:00
Haelwenn (lanodan) Monnier d7654c77de
lib/pleroma/html.ex: Use a function as a variable (broken for some reason) 2018-10-16 03:34:33 +02:00
Haelwenn (lanodan) Monnier 50e0a9ae56
lib/pleroma/html.ex: Fix scheme lists
Gosh please don’t break ourselves…

Also this is copy-paste of the list in lib/pleroma/formatter.ex,
I think this should be put in a common variable, but where?
2018-10-16 03:00:37 +02:00
William Pitcock 30efa86c05 common api: enable tag linking in markdown mode 2018-10-14 20:36:11 +00:00
Haelwenn (lanodan) Monnier eacab0fb05
Delete Tokens and Authorizations on password change
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
2018-10-14 02:14:54 +02:00
William Pitcock 51eaece3ea user: break out local cases for maybe_direct_follow 2018-10-11 10:49:54 +00:00
William Pitcock 2c29329d39 user: local users are always AP-enabled (closes #316) 2018-10-11 10:35:11 +00:00
William Pitcock 111841ad34 common api: take the combination of the subject and content for length limit enforcement
closes #315
2018-10-10 07:53:44 +00:00
William Pitcock 08d5ad71b6 nodeinfo: allow opting out of MRF transparency 2018-10-07 01:23:38 +00:00
William Pitcock 7b3fff9af8 {mastodon api, twitter api}: make the follow handshake timeout configurable 2018-10-07 01:05:59 +00:00
William Pitcock 7f530f6f80 mastodon api: relationship view: better handle no pre-existing follow activity 2018-10-05 23:50:13 +00:00
William Pitcock e69faf550c user: add wait_and_refresh() for async three-way handshake case 2018-10-05 23:40:49 +00:00
William Pitcock 3e751496e3 mastodon api: account view: fetch follow state and use it to populate `requested` field 2018-10-05 23:31:49 +00:00
William Pitcock a71b822013 activitypub: always track following state for async reasons 2018-10-05 23:31:00 +00:00
William Pitcock 8ce217776d activitypub transmogrifier: better manage follow state 2018-10-05 23:30:34 +00:00
William Pitcock 4f7a468659 user: only pre-create follow relationships on OStatus
closes #306
2018-10-05 22:58:03 +00:00
William Pitcock bd76d9cee6 nodeinfo: add accepted post formats to metadata 2018-10-05 21:05:37 +00:00
William Pitcock 285ac80c36 config: allow for accepted post formats to be configured 2018-10-05 21:02:17 +00:00
William Pitcock 52b05137c5 formatter: use Pleroma.HTML module instead of HtmlSanitizeEx directly 2018-10-05 20:49:34 +00:00
William Pitcock 16307da311 twitterapi: frontend config: add formattingOptionsEnabled 2018-10-05 20:49:34 +00:00
William Pitcock b1be9415ef Revert "Merge branch 'revert-a26d5e6b' into 'develop'"
This reverts commit d31bbb1cfe, reversing
changes made to 340ab3cb90.
2018-10-05 20:49:34 +00:00
Haelwenn (lanodan) Monnier f2efc8dcfb
nodeinfo_controller: Fix JSON rendering
This is the last noedinfo difference from my own branch
2018-10-05 22:32:53 +02:00
Haelwenn (lanodan) Monnier 28651df478
MRF Transparency 2018-10-05 20:09:08 +02:00
Haelwenn (lanodan) Monnier 56d31db130
Pleroma.Web.Nodeinfo.NodeinfoController: Further transparency, breaks API of previous one 2018-10-05 20:08:55 +02:00
Haelwenn (lanodan) Monnier 8226953f1d
[Pleroma.Web.Nodeinfo.NodeinfoController]: Transparency on MRF Simple 2018-10-05 20:02:13 +02:00
kaniini 4f03bb2299 Merge branch 'bugfix/fix-mrf-reject-match' into 'develop'
activitypub: fix error condition match

See merge request pleroma/pleroma!365
2018-09-30 05:32:56 +00:00
William Pitcock 4db1bc2c0e activitypub: fix error condition match 2018-09-30 05:26:13 +00:00
Haelwenn (lanodan) Monnier a3cffd3566
formatter: Stop using phoenix HTML and format it ourselves
* Pheonix has an extra scheme whitelist conflicting with ours
* Pheonix doesn’t seems to do URL encoding, just HTML encoding

Closes: https://git.pleroma.social/pleroma/pleroma/issues/307
2018-09-28 17:32:27 +02:00
Haelwenn 34b6d444d6 Merge branch 'feature/twitter_api/fields' into 'develop'
[Pleroma.Web.TwitterAPI.UserView]: Add mastodon-fields in "fields"

See merge request pleroma/pleroma!360
2018-09-28 09:25:27 +00:00
Haelwenn (lanodan) Monnier 82b57ebad1
[Pleroma.Web.TwitterAPI.UserView]: Add mastodon-fields in "fields" 2018-09-28 10:44:45 +02:00
William Pitcock 707077edde activitypub: don't fall back to OStatus fetching when MRF rejects an object 2018-09-28 00:45:10 +00:00
William Pitcock 5c312ad677 activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else
although the previous handling assumed any unsigned/invalid signature message was a Create,
lets make it more explicit
2018-09-28 00:03:59 +00:00
Haelwenn (lanodan) Monnier c739737998
transmogrifier: get_actor called without casting attributedTo in actor and actor is nil 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier 9446b02bdf
transmogrifier: Just make attachement maps into a list and reroll 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier e53da692fb
transmogrifier: Use the correct variable and prefer inspect in case of a bad type being passed on 2018-09-27 20:00:48 +02:00
William Pitcock d830a243a3
transmogrifier: more robustly handle dereferencing pointer URIs 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier 4c3a80de96
transmogrifier: Use oneliners when applicable 2018-09-27 20:00:47 +02:00
William Pitcock ed8dfa3029
transmogrifier: reformat `cond` block by hand 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier eebe33e86a
transmogrifier: Add support for array-less hashtags, add broken announce, harden get_actor 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier f3291acc91
transmogrifier: pro-actively add support for Hashtag without array in tag 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier 22927f3a34
transmogrifier: Use a cond, add proactive support for arrays 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier 0aac72f1d3
[Pleroma.Web.ActivityPub.Transmogrifier]: quick fix when tag is a Map 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier 28e8a8ab36
[Pleroma.Web.ActivityPub.Transmogrifier]: fix emoji in tag when it’s not in a array [kroeg]
Also simplified the code for name trimming.

And not copying the Map.merge part as it looks buggy.
See: https://queer.hacktivis.me/objects/a9f21ebc-9a12-4a6c-89d5-3d46955c6ee8
2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier f8a0cb9c0b
[Pleroma.Web.ActivityPub.Transmogrifier]: fix when attachment contain is just a Map [kroeg] 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier a4abb124ea
[Pleroma.Web.ActivityPub.Transmogrifier]: Fix when inReplyTo is a inlined post [kroeg] 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier 523757be52
[Pleroma.Web.ActivityPub.ActivityPub]: Harden getting endpoints [kroeg] 2018-09-27 20:00:45 +02:00
Martin Kühl f77ec96707 Uploaders.S3: Replace unsafe characters in object key
According to [the S3 docs][s3], the characters safe for use in object keys are:

* 0-9
* a-z
* A-Z
* !
* -
* _
* .
* *
* '
* (
* )

(The / character is not listed but mentioned being safe outside of the list.)

Several characters that are valid in filenames can cause problems, for example
spaces are not valid in URLs and need to be escaped,
sequences of spaces can become squeezed by S3,
some characters like \ are documented to require “significant special handling”.

To avoid these problems, this change encodes the filename
before using it as part of the S3 object name
by replacing all characters except those documented as “safe” with dashes.

[s3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html
2018-09-24 15:38:32 +02:00
William Pitcock 7f0e291483 html: twittertext: add missing catchall scrub function 2018-09-22 03:45:35 +00:00
William Pitcock 56577d8b48 twitter api: add no_rich_text option to userview for account prefs 2018-09-22 03:24:40 +00:00
William Pitcock df00a364fb mastodon api: formatting 2018-09-22 02:53:04 +00:00
William Pitcock c2b69798dd twitter api: add support for disabling rich text 2018-09-22 02:53:02 +00:00
William Pitcock 958e085acb mastodon api: add support for user-supplied html policy 2018-09-22 02:53:02 +00:00
William Pitcock 2f5b026548 twitter api: add support for user-specified html policy 2018-09-22 02:53:01 +00:00
William Pitcock 735cdfb848 user: add User.html_filter_policy() 2018-09-22 02:53:00 +00:00
William Pitcock 8ae9424edb html: default to using normal scrub policy if provided scrub policy is nil 2018-09-22 02:52:59 +00:00
kaniini 4cb6331843 Merge branch 'feature/dynamic-user-refresh' into 'develop'
user: implement dynamic refresh of profiles

See merge request pleroma/pleroma!350
2018-09-21 00:00:28 +00:00
kaniini 0fe165165f Merge branch 'task-204-on-options-request' into 'develop'
Return 204 response on options request

See merge request pleroma/pleroma!347
2018-09-20 23:54:51 +00:00
William Pitcock c9f6eb9a41 user: implement dynamic refresh of profiles (gets rid of need for fix_ap_users task) 2018-09-20 23:50:56 +00:00
Haelwenn (lanodan) Monnier 40c51f118f
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.5.0 2018-09-20 16:48:12 +02:00
Haelwenn (lanodan) Monnier f74725df41
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Remove unused variables 2018-09-20 16:37:18 +02:00
Haelwenn (lanodan) Monnier 33a1e92584
[Pleroma.Web.Router]: Fake /api/v1/endorsements 2018-09-20 16:25:07 +02:00
Haelwenn (lanodan) Monnier a8eaecadee
[Pleroma.Web.MastodonAPI.AccountView]: relationship.json: fake endorsed value (false) 2018-09-20 16:24:29 +02:00
Haelwenn (lanodan) Monnier 43d0b7bf7a
[Pleroma.Web.MastodonAPI.StatusView] add replies_count 2018-09-20 16:10:46 +02:00
William Pitcock c9585ec007 twitter api: fix mimetype fallback when attachments use a URI instead of a URL object 2018-09-19 04:59:26 +00:00
William Pitcock 0cac493fdc mastodon api: default attachment type to image if one is not present 2018-09-19 04:59:25 +00:00
Martin Kühl f4fcea5258 Revert "Mastodon API: Fake support for loading filters"
This reverts commit c1d07da4e1.

The fake support was superseded by 6e030129fb which actually implements the faked filters API.

This change removes the fake support and ensures that the actual implementation is used.
2018-09-18 11:59:10 +02:00
Dominique Feyer 9b0f2d572b Return 204 response on options request 2018-09-17 12:21:01 +02:00
William Pitcock a7d0ecdc7c html: add policy which transforms inline images to pass through the media proxy 2018-09-16 02:16:16 +00:00
William Pitcock cd13fa17fd html: allow scrubbing policies to be stackable 2018-09-16 02:16:14 +00:00
William Pitcock 342ed84446 MRF: add policy for normalizing HTML markup (local and remote) to a specific policy 2018-09-16 01:25:36 +00:00
William Pitcock 95376ac1fe html: add the ability to override the default scrub policy 2018-09-16 01:25:35 +00:00
kaniini c2650f0ffb Merge branch 'feature/html-scrub-policy' into 'develop'
html scrub policy

See merge request pleroma/pleroma!339
2018-09-16 01:05:09 +00:00
shadowfacts 39aed5348a Add visible_in_picker to status emojis 2018-09-10 23:32:19 +00:00
William Pitcock d3248e13e3 activitypub: transmogrifier: allow profile updates from bots 2018-09-10 01:57:03 +00:00
William Pitcock e0b8c0ccba MRF: reject non-public: use pattern match to remove unnecessary if block 2018-09-10 01:16:03 +00:00
William Pitcock 88094c266d MRF: simple policy: refactor module to use guards and pattern matching 2018-09-10 01:16:02 +00:00
William Pitcock 97253df3ee MRF: simple policy: contain media removal/nsfw ops to create activities only 2018-09-10 01:16:01 +00:00
William Pitcock e82ce2a4b3 formatting 2018-09-10 00:28:40 +00:00
William Pitcock 358f88e10a html: allow inline images by default (because of custom emoji) 2018-09-10 00:24:19 +00:00
William Pitcock 40e2f6e500 html: add default scrubbing profile and configuration knobs 2018-09-10 00:14:57 +00:00
William Pitcock ac486fc59b everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly 2018-09-10 00:14:47 +00:00
William Pitcock 255f46d7ab html: new module providing a configurable markup scrubbing policy 2018-09-10 00:13:57 +00:00
Dominique Feyer 801d645c6b TASK: Fix formatting 2018-09-09 23:42:28 +02:00
Dominique Feyer b79c126ee0 Add missing URL encoding in create authorization redirect 2018-09-09 23:31:47 +02:00
Hakaba Hitoyo 4e1bb7bccb make limit for /api/v1/suggestions 2018-09-09 13:57:23 +09:00
lambda 045953225e Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'
auth overhaul and legacy GS auth

See merge request pleroma/pleroma!331
2018-09-08 09:20:34 +00:00
kaniini 530561a091 Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
Add Secure and SameSite cookie flags

See merge request pleroma/pleroma!302
2018-09-07 23:55:42 +00:00
kaniini 3e4f39116b Merge branch 'feature/custom_media_url' into 'develop'
[Pleroma.Uploaders.Local]: Add configuration for custom url path

See merge request pleroma/pleroma!318
2018-09-07 23:49:36 +00:00
Martin Kühl c1d07da4e1 Mastodon API: Fake support for loading filters 2018-09-07 16:12:44 +02:00
Martin Kühl 619f67768a Mastodon API: Add unsupported attributes to relationship responses
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
2018-09-07 16:12:44 +02:00
lain 70163aec9b Add LegacyAuthenticationPlug to router. 2018-09-05 22:31:57 +02:00
lain 44b094908c Update legacy passwords automatically. 2018-09-05 22:30:14 +02:00
lain 3aba585e7a Add Plugs to router. 2018-09-05 21:57:56 +02:00
lain e601165426 Add UserEnabledPlug. 2018-09-05 21:53:53 +02:00
lain 5ce1ebb179 Add SetUserSessionIdPlug. 2018-09-05 21:42:42 +02:00
Haelwenn 4a3dbd9d4e Merge branch 'fix/sign-in-with-toot' into 'develop'
Fix sign-in and sign-out with Toot!

See merge request pleroma/pleroma!306
2018-09-05 18:20:26 +00:00
lain 636ad3e155 Add new plugs to router. 2018-09-05 19:13:53 +02:00
lain 12bc73dd28 Add EnsureUserKeyPlug, smaller fixes 2018-09-05 19:06:28 +02:00
lain 32465b9939 Simplify AuthenticationPlug 2018-09-05 18:53:38 +02:00
lain 9a96c93be7 Add SessionAuthenticationPlug. 2018-09-05 18:37:02 +02:00
lain a3f54fca4d Add LegacyAuthenticationPlug 2018-09-05 18:17:33 +02:00
lain 3cf17dc402 Add EnsureAuthenticatedPlug 2018-09-05 17:59:19 +02:00
lain faf5347748 Add UserFetcherPlug. 2018-09-05 17:44:38 +02:00
lain 42bd985e66 Add BasicAuthDecoderPlug 2018-09-05 17:30:05 +02:00
Moon Man 8b020e03a6 change cond to if else 2018-09-05 01:37:48 -04:00
Moon Man 1a8bc26e52 auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 00:21:44 -04:00
kaniini 76c67a41c1 Merge branch 'develop' into 'feature/staff-discovery-api'
# Conflicts:
#   lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
2018-09-03 14:55:42 +00:00
William Pitcock 9a21ff5f61 nodeinfo: add staffAccounts field to metadata 2018-09-03 14:48:31 +00:00
kaniini 1c9e539b47 Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
Add/Fix Mastodon endpoints for 2.4.3 compatibility

See merge request pleroma/pleroma!266
2018-09-03 12:33:36 +00:00
Hakaba Hitoyo b1124f1605 report chat and gopher support at /nodeinfo/2.0.json 2018-09-03 21:13:30 +09:00
William Pitcock b61430163b user: add moderator_user_query() 2018-09-03 12:03:23 +00:00
kaniini 7ca2a2ddea Merge branch 'nil-bio-emojis' into 'develop'
add nil clause for Formatter.get_emoji/1 to return an empty result

Closes #274

See merge request pleroma/pleroma!315
2018-09-03 05:54:11 +00:00
shadowfacts 35515cfa66 Update mastodon_api_controller.ex 2018-09-03 01:58:55 +00:00
shadowfacts 26f8697400 Update mastodon_api_controller.ex 2018-09-03 01:52:02 +00:00
shadowfacts 2b2bd0e047 Render notification IDs as strings, not numbers 2018-09-03 01:40:05 +00:00
Thurloat 4257f784bc sloop around get_emoji/1 to check is_binary and have a fallthrough
default that returns empty
2018-09-02 20:44:37 -03:00
Haelwenn (lanodan) Monnier 754deb26dd
[Pleroma.Uploaders.Local]: Add configuration for custom url path
One use-case being an external caching proxy
2018-09-02 19:00:16 +02:00
kaniini b7923aa304 Merge branch 'hotfix_broken_likes' into 'develop'
hotfix for broken like completely breaking the notifications API

See merge request pleroma/pleroma!284
2018-09-02 12:37:00 +00:00
William Pitcock 834515fb51 formatter: don't add XSS emoji 2018-09-02 00:04:09 +00:00
kaniini 3c7280934e Merge branch 'security/activitypub-spoofing' into 'develop'
security: activitypub spoofing

See merge request pleroma/pleroma!321
2018-09-01 23:48:55 +00:00
William Pitcock 03e92977cb transmogrifier: fix peertube/plume actor handling 2018-09-01 23:44:19 +00:00
William Pitcock 0b2c051a04 activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor 2018-09-01 23:20:02 +00:00
William Pitcock e2ce0e9e05 run `mix format`. 2018-09-01 21:12:42 +00:00
Martin Kühl 84d84e4ca4 OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl ad2a7972e7 OAuth: Set `created_at` in token exchange response
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl b60d232719 AccountView: `sensitive` is supposed to be a boolean, not a string 2018-09-01 23:10:48 +02:00
William Pitcock c921d99898 config: add ability to disable Pleroma FE config management (closes #276) 2018-09-01 21:05:32 +00:00
kaniini 2e2f458705 Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
Clean code duplication in MastoAPI search(v1/v2)

See merge request pleroma/pleroma!316
2018-09-01 09:12:59 +00:00
Will Pearson 0c2a0e3551 Specify default scope in verify_credentials
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.

Currently, Pleroma hardcodes this value to "public".

This patch changes it to the user's default_scope value.
2018-08-31 21:04:46 -07:00