Merge branch 'fix/raise-registration-api-ratelimit' into 'develop'

Make rate limiting for Mastodon Registration API less agressive and enable it by default.

See merge request pleroma/pleroma!1154

CHANGELOG.md

@@ -22,16 +22,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Admin API: Endpoints for listing/revoking invite tokens
 - Admin API: Endpoints for making users follow/unfollow each other
 - Admin API: added filters (role, tags, email, name) for users endpoint
+- AdminFE: initial release with basic user management accessible at /pleroma/admin/
 - Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)
 - Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
 - Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
 - Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
-- Mastodon API: REST API for creating an account
+- Mastodon API: `POST /api/v1/accounts` (account creation API)
 - ActivityPub C2S: OAuth endpoints
-- Metadata RelMe provider
+- Metadata: RelMe provider
 - OAuth: added support for refresh tokens
 - Emoji packs and emoji pack manager
-- AdminFE: initial release with basic user management accessible at /pleroma/admin/
 
 ### Changed
 - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer
@@ -44,8 +44,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Federation: Removed `inReplyToStatusId` from objects
 - Configuration: Dedupe enabled by default
 - Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.
-- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
 - Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.
+- Admin API: Move the user related API to `api/pleroma/admin/users`
+- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
 - Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`
 - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`
 - Mastodon API: Provide plaintext versions of cw/content in the Status entity
@@ -63,7 +64,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Deps: Updated Cowboy to 2.6
 - Deps: Updated Ecto to 3.0.7
 - Don't ship finmoji by default, they can be installed as an emoji pack
-- Admin API: Move the user related API to `api/pleroma/admin/users`
 - Hide deactivated users and their statuses
 
 ### Fixed
@@ -71,7 +71,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Followers counter not being updated when a follower is blocked
 - Deactivated users being able to request an access token
 - Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak
-- proper Twitter Card generation instead of a dummy
+- Proper Twitter Card generation instead of a dummy
 - Deletions failing for users with a large number of posts
 - NodeInfo: Include admins in `staffAccounts`
 - ActivityPub: Crashing when requesting empty local user's outbox

config/config.exs

@@ -239,7 +239,7 @@ config :pleroma, :instance,
   safe_dm_mentions: false,
   healthcheck: false
 
-config :pleroma, :app_account_creation, enabled: false, max_requests: 5, interval: 1800
+config :pleroma, :app_account_creation, enabled: true, max_requests: 25, interval: 1800
 
 config :pleroma, :markup,
   # XXX - unfortunately, inline images must be enabled by default right now, because

config/test.exs

@@ -59,6 +59,8 @@ config :pleroma, Pleroma.ScheduledActivity,
   total_user_limit: 3,
   enabled: false
 
+config :pleroma, :app_account_creation, max_requests: 5
+
 try do
   import_config "test.secret.exs"
 rescue