0ec62acb9d
Always insert Dedupe upload filter
...
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee
. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.
Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.
While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.
Dedupe was already included in the default list in config.exs
since 28cfb2c37a
, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.
Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
64e233ca20
Tag Mock
-tests as "mocked" and run them seperately
2023-08-04 12:50:50 +01:00
98cb255d12
Support elixir1.15
...
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/docs unknown status
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7
.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
2023-08-03 17:44:09 +01:00
sfr
20cd8a0fc4
URL encode remote emoji pack names ( #362 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
fix #246
Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: #362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
07a48b9293
giant massive dep upgrade and dialyxir-found error emporium ( #371 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #371
2022-12-14 12:38:48 +00:00
6b882a2c0b
Purge Rejected Follow requests in daily task ( #334 )
...
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #334
2022-12-03 23:17:43 +00:00
ee7059c9cf
Spin off imports into n oban jobs
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
2022-11-27 21:45:41 +00:00
561e1f2470
Make backups require its own scope ( #218 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721 .
This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: #218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
1b826eea54
Allow reacting with remote emoji when they exist on the post ( #200 )
...
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #200
2022-09-04 23:31:41 +00:00
11ec9daa5b
API compatibility with fedibird, frontend config ( #163 )
...
ci/woodpecker/push/woodpecker Pipeline failed
Reviewed-on: #163
2022-08-17 00:22:59 +00:00
Tusooa Zhu
f08241c8ab
Allow users to create backups without providing email address
...
ci/woodpecker/pr/woodpecker Pipeline was successful
Ref: backup-without-email
2022-08-02 22:16:54 -04:00
0f132b802d
purge chat and shout endpoints
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/release Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/release Pipeline was successful
ci/woodpecker/pr/docs Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
2022-07-21 11:29:28 +01:00
dc9f66749c
remove all endpoints marked as deprecated ( #91 )
...
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/release Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
Reviewed-on: #91
2022-07-20 12:00:58 +00:00
cf0ad02ea9
Remove scrobbling support
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/release Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2022-07-19 15:07:45 +01:00
5b4d77eaa7
maintenance: dependency upgrade ( #81 )
...
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/release Pipeline was successful
Reviewed-on: #81
2022-07-18 00:56:35 +00:00
cac39ef817
Bugfix: standardise scheme for emoji reactions
2022-06-25 15:27:46 +01:00
c3ed86cd1e
fix emoji controller tests
2022-06-11 14:21:50 +01:00
Alex Gleason
5c80d4087d
PleromaAPI.AppView: add test
2021-12-27 18:52:34 -06:00
Alex Gleason
f5c3d45120
Merge remote-tracking branch 'origin/develop' into apps-api-endpoint
2021-12-27 18:01:25 -06:00
Haelwenn (lanodan) Monnier
a17910a6c6
CI: Bump lint stage to elixir-1.12
...
Elixir 1.12 changed formatting rules, this allows to avoid having to rollback to run `mix format`
2021-10-06 08:11:05 +02:00
Sean King
33f063204e
Add unit test for Pleroma API app controller
2021-08-28 23:18:12 -06:00
Haelwenn (lanodan) Monnier
e4743847a1
OpenAPI: PleromaAPI UserImport Controller
2021-03-15 06:47:07 +01:00
lain
4a9d3a1f28
Merge branch 'features/reports-enhancements' into 'develop'
...
Enhance reports in Pleroma API: index, show
See merge request pleroma/pleroma!3280
2021-02-28 16:45:15 +00:00
rinpatch
6d66fadea7
Remove :auth, :enforce_oauth_admin_scope_usage
...
`admin` scope has been required by default for more than a year now
and all apps that use the API seems to request a proper scope by now.
2021-02-17 20:47:38 +03:00
Haelwenn (lanodan) Monnier
ff72ce31ca
Enhance reports in Pleroma API: index, show
2021-02-17 18:46:53 +01:00
rinpatch
d7ad288c84
Chats: Introduce /api/v2/pleroma/chats which implements pagination
...
Also removes incorrect claim that /api/v1/pleroma/chats supports
pagination and deprecates it.
Closes #2140
2021-02-17 16:03:24 +03:00
Egor Kislitsyn
793fc77b16
Add active user count
2021-01-27 18:20:06 +04:00
e854c35e65
Convert tests to all use clear_config instead of Pleroma.Config.put
2021-01-26 11:58:43 -06:00
Mark Felder
2c0fe2ea9e
Remove toggle_confirmation; require explicit state change
...
Also cosmetic changes to make the code clearer
2021-01-15 13:11:51 -06:00
Mark Felder
d36182c088
Change user.confirmation_pending field to user.is_confirmed
2021-01-15 12:44:41 -06:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
lain
e1a547d7d3
ChatMessages: Fix pagination headers.
...
They used to contain the path parameter `id` as query param,
which would break the link.
2021-01-11 15:30:40 +01:00
Alex Gleason
3342f6a7ef
Backups: render ID in API
2021-01-07 13:06:22 -06:00
lain
e1e7e4d379
Object: Rework how Object.normalize works
...
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
lain
0ef0aed205
Tests: Add a helper method to reduce sleeping times in test.
...
This will 'time travel', i.e. change the inserted_at and update_at
fields of the object in question. This is used to backdate things
were we used sleeping before to ensure time differences.
2020-12-21 16:31:23 +01:00
lain
9ba60f70d2
Tests: Make as many tests as possible async.
...
In general, tests that match these criteria can be made async:
- Doesn't use real Cachex.
- Doesn't write to the Config / Application Environment.
- Uses Mock. Using Mox is fine.
- Uses the streamer.
2020-12-21 12:21:40 +01:00
lain
6bb4f4e172
Merge branch 'support/2255_posix_errors' into 'develop'
...
[#2255 ] added error messages for posix error code
See merge request pleroma/pleroma!3138
2020-12-15 15:16:03 +00:00
lain
477c6c8e55
Merge branch 'auth-improvements' into 'develop'
...
Cookie auth rework / Auth subsystem refactoring and tweaks
Closes pleroma/secteam/pleroma#3
See merge request pleroma/pleroma!3112
2020-12-09 15:55:45 +00:00
Ivan Tashkinov
e9859b68fc
[ #3112 ] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions.
2020-12-06 13:59:10 +03:00
Egor Kislitsyn
35ba48494f
Stream follow updates
2020-12-02 00:18:58 +04:00
cd1b4155d5
Merge branch 'oban-jobs-to-simple-tasks' into 'develop'
...
Moving some background jobs into simple tasks
Closes #1790
See merge request pleroma/pleroma!3129
2020-11-19 20:32:32 +00:00
Maksim Pechnikov
9c5d1cb9ed
fix tests
2020-11-18 09:58:51 +03:00
Maksim Pechnikov
e4b202d905
added test
2020-11-16 22:23:28 +03:00
Egor Kislitsyn
fb41bd1a85
Hide reactions from muted and blocked users
2020-11-16 22:50:14 +04:00
Maksim Pechnikov
e1d25bad0c
fix tests
2020-11-16 21:45:37 +03:00
Maksim Pechnikov
36ec604521
added test
2020-11-14 08:30:22 +03:00
Alexander Strizhakov
8d218ebaf5
Moving some background jobs into simple tasks
...
- fetching activity data
- attachment prefetching
- using limiter to prevent overload
2020-11-11 13:39:49 +03:00
lain
504a829edb
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/federation-status
2020-11-04 15:38:10 +01:00
Egor Kislitsyn
ca95cbe0b4
Add with_muted
param to ChatController.index/2
2020-11-04 16:40:12 +04:00
Egor Kislitsyn
be52819a11
Hide chats from muted users
2020-11-02 17:51:54 +04:00