Commit Graph

101 Commits

Author SHA1 Message Date
Lain Soykaf 221f18dc33 Tests: Don't run tests that use clear_config asynchronously. 2023-12-10 16:27:23 +04:00
Haelwenn (lanodan) Monnier dd9f8150fc Merge Revert "Merge branch 'validate-host' into 'develop'"
This reverts commit d998a114e2, reversing
changes made to da6b4003ac.
2023-06-22 21:28:25 +02:00
Mark Felder 46c799f528 Use Phoenix.ConnTest.redirected_to/2 2023-05-31 09:54:37 -04:00
Mark Felder b3c3bd99c3 Switch from serving a 400 to a 302 2023-05-30 16:56:09 -04:00
Mark Felder a60dd0d92d Validate Host header matches expected value before allowing access to Uploads 2023-05-29 14:16:03 -04:00
Haelwenn (lanodan) Monnier 2148ef5e2f UploadedMedia: Increase readability via ~s sigil 2023-04-18 00:12:42 +02:00
Haelwenn (lanodan) Monnier 8f0f58e28b UploadedMedia: Add missing disposition_type to Content-Disposition
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
2023-04-18 00:09:19 +02:00
Haelwenn (lanodan) Monnier 5716654d12 Remove crypt(3) support
This was used to support migration from GNU Social, which was used by at least
shitposter.club, should be entirely irrelevant now.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3030
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3062
2023-03-05 01:37:57 +01:00
lain e853cfe7c3 Revert "Merge branch 'copyright-bump' into 'develop'"
This reverts merge request !3825
2023-01-02 20:38:50 +00:00
marcin mikołajczak 10886eeaa2 Bump copyright year
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-01-01 12:13:06 +01:00
Sean King 60df2d8a97
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into fine_grained_moderation_privileges 2022-12-18 22:03:48 -07:00
Thomas Citharel bdedc41cbc
Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 09:43:13 +01:00
tusooa 84a573877a Merge branch 'fix_erratic_tests' into 'develop'
Fix flaky rate_limiter_test.exs test "it restricts based on config values"

See merge request pleroma/pleroma!3688
2022-08-25 18:39:38 +00:00
Sean King 64e16e6a4b
Document way to do notice compatibility routes with Nginx reverse-proxy instead 2022-07-16 23:44:37 -06:00
Ilja 26080b4b5c Fix rate_limiter_test.exs test "it restricts based on config values"
It used a timer to sleep.
But time also goes on when doing other things, so depending on hardware, the timings could be off.
I slightly changed the tests so we still test what we functionally want.
Instead of waiting until the cache expires I now have a function to expire the test and use that.

That means we're not testing any more if the cache really expires after a certain amount of time,
but that's the responsability of the dependency imo, so shouldn't be a problem.

I also changed `Pleroma.Web.Endpoint, :http, :ip` to `127.0.0.1` because that's the setting people typically have,
and I see no reason to do it differently.
Especially since it's an exernal ip, which may come over as weird or suspicious to people.
2022-07-09 07:19:18 +02:00
Ilja c0e4b1b3e2 Fix typo's
priviledge |-> privilege
2022-07-02 07:52:39 +02:00
Ilja 5a65e2dac5 Remove privileged_staff
Everything that was done through this setting, can now be set by giving the proper privileges to the roles.
2022-06-21 12:10:27 +02:00
Ilja 5b19543f0a Add new setting and Plug to allow for privilege settings for staff 2022-06-21 12:10:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Haelwenn d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop'
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
2022-03-20 18:14:37 +00:00
Tusooa Zhu cd42e2bed0
Lint 2022-03-03 09:49:55 -05:00
Tusooa Zhu aca11fb70e
Support multiple locales from userLanguage cookie 2022-03-03 02:31:36 -05:00
Tusooa Zhu 7ea330b4fe
Support multiple locales formally
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-03-03 02:03:44 -05:00
Tusooa Zhu bc59da96c5
Add test for fallbacking to a general language 2022-03-02 20:04:30 -05:00
Tusooa Zhu 8de573b047
Fallback to a variant if the language in general is not supported
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-03-02 19:59:11 -05:00
Sean King 17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Tusooa Zhu 0fd3695b9c
Prefer userLanguage cookie over Accept-Language header in detecting locale
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-02-21 18:02:19 -05:00
Alex Gleason 479fc5fff8
EnsureStaffPrivilegedPlug: add tests 2021-12-27 10:39:59 -06:00
Alex Gleason db2bf55e9b
Merge remote-tracking branch 'origin/develop' into notice-routes 2021-12-25 19:57:53 -06:00
Alex Gleason 9c1cb87eff Merge branch 'erratic-tests' into 'develop'
Skip erratic tests

See merge request pleroma/pleroma!3572
2021-12-22 04:14:31 +00:00
Alex Gleason 2ce7dae6de
Skip erratic tests 2021-12-21 22:04:15 -06:00
Alex Gleason b0d2b53934 Merge branch 'manifest' into 'develop'
Expose /manifest.json for PWA

Closes #882

See merge request pleroma/pleroma!3544
2021-12-19 18:18:59 +00:00
Alex Gleason e4f9cb1c1b
Merge remote-tracking branch 'origin/develop' into manifest 2021-12-19 11:33:10 -06:00
Alex Gleason e1b89fe3aa
Merge remote-tracking branch 'origin/develop' into live-dashboard 2021-12-15 19:05:36 -05:00
Alex Gleason 29d80b39f2
Add Phoenix LiveDashboard
Co-authored-by: Egor Kislitsyn <egor@kislitsyn.com>
2021-12-15 19:05:27 -05:00
Alex Gleason ba2ed3c255
Fix frontend_status_plug_test.exs 2021-12-03 07:56:26 -06:00
Alex Gleason 720198d569
Merge remote-tracking branch 'pleroma/develop' into manifest 2021-11-24 17:58:58 -06:00
Alex Gleason cb9359335f
Expose /manifest.json for PWA 2021-11-24 17:50:55 -06:00
Sean King 1841bd8383 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remove/mastofe 2021-08-06 08:08:20 -06:00
Alex Gleason 44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug 2021-08-04 11:48:57 -05:00
Alex Gleason 9bc1e79c56
Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
Sean King dc4814f0cd
Fix merge conflicts with upstream 2021-06-04 14:42:44 -06:00
Alex Gleason c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0
Reduce recompilation time by breaking compile-time cycles
2021-05-28 13:51:01 -05:00
Alex Gleason 50e3750758
Add notice compatibility routes for other frontends
Fixes: https://git.pleroma.social/pleroma/pleroma/-/issues/1785
2021-05-05 14:50:10 -05:00
Sean King 8afa3f2d1b
Remove no longer necessary unit tests for MastoFE 2021-04-15 23:12:42 -06:00
Mark Felder 902d4e4a4a Leave a note for future explorers 2021-02-25 13:06:43 -06:00
Mark Felder 2da71a526f No need to filter out Mix.env() from the API routes. 2021-02-25 13:04:08 -06:00
Mark Felder 6b87dfad5d Filter out MIX_ENV from route list and add a test 2021-02-25 09:23:10 -06:00
rinpatch 6d66fadea7 Remove `:auth, :enforce_oauth_admin_scope_usage`
`admin` scope has been required by default for more than a year now
and all apps that use the API seems to request a proper scope by now.
2021-02-17 20:47:38 +03:00
Egor Kislitsyn bddb01bded
Add tests 2021-01-27 18:20:07 +04:00