Commit graph

62 commits

Author SHA1 Message Date
0ec62acb9d Always insert Dedupe upload filter
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
64e233ca20 Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
98cb255d12 Support elixir1.15
Some checks failed
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/docs unknown status
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
sfr
20cd8a0fc4 URL encode remote emoji pack names (#362)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
fix #246

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: #362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #371
2022-12-14 12:38:48 +00:00
6b882a2c0b Purge Rejected Follow requests in daily task (#334)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #334
2022-12-03 23:17:43 +00:00
ee7059c9cf Spin off imports into n oban jobs
Some checks failed
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
2022-11-27 21:45:41 +00:00
561e1f2470 Make backups require its own scope (#218)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721.

This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: #218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
1b826eea54 Allow reacting with remote emoji when they exist on the post (#200)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #200
2022-09-04 23:31:41 +00:00
11ec9daa5b API compatibility with fedibird, frontend config (#163)
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Reviewed-on: #163
2022-08-17 00:22:59 +00:00
Tusooa Zhu
f08241c8ab
Allow users to create backups without providing email address
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
Ref: backup-without-email
2022-08-02 22:16:54 -04:00
0f132b802d purge chat and shout endpoints
All checks were successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/release Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/release Pipeline was successful
ci/woodpecker/pr/docs Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
2022-07-21 11:29:28 +01:00
dc9f66749c remove all endpoints marked as deprecated (#91)
Some checks are pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/release Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
Reviewed-on: #91
2022-07-20 12:00:58 +00:00
cf0ad02ea9 Remove scrobbling support
Some checks are pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/release Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2022-07-19 15:07:45 +01:00
5b4d77eaa7 maintenance: dependency upgrade (#81)
All checks were successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/release Pipeline was successful
Reviewed-on: #81
2022-07-18 00:56:35 +00:00
cac39ef817 Bugfix: standardise scheme for emoji reactions 2022-06-25 15:27:46 +01:00
c3ed86cd1e fix emoji controller tests 2022-06-11 14:21:50 +01:00
Alex Gleason
f5c3d45120
Merge remote-tracking branch 'origin/develop' into apps-api-endpoint 2021-12-27 18:01:25 -06:00
Haelwenn (lanodan) Monnier
a17910a6c6
CI: Bump lint stage to elixir-1.12
Elixir 1.12 changed formatting rules, this allows to avoid having to rollback to run `mix format`
2021-10-06 08:11:05 +02:00
Sean King
33f063204e
Add unit test for Pleroma API app controller 2021-08-28 23:18:12 -06:00
Haelwenn (lanodan) Monnier
e4743847a1
OpenAPI: PleromaAPI UserImport Controller 2021-03-15 06:47:07 +01:00
lain
4a9d3a1f28 Merge branch 'features/reports-enhancements' into 'develop'
Enhance reports in Pleroma API: index, show

See merge request pleroma/pleroma!3280
2021-02-28 16:45:15 +00:00
rinpatch
6d66fadea7 Remove :auth, :enforce_oauth_admin_scope_usage
`admin` scope has been required by default for more than a year now
and all apps that use the API seems to request a proper scope by now.
2021-02-17 20:47:38 +03:00
Haelwenn (lanodan) Monnier
ff72ce31ca
Enhance reports in Pleroma API: index, show 2021-02-17 18:46:53 +01:00
rinpatch
d7ad288c84 Chats: Introduce /api/v2/pleroma/chats which implements pagination
Also removes incorrect claim that /api/v1/pleroma/chats supports
pagination and deprecates it.

Closes #2140
2021-02-17 16:03:24 +03:00
Egor Kislitsyn
793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
e854c35e65 Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
Mark Felder
2c0fe2ea9e Remove toggle_confirmation; require explicit state change
Also cosmetic changes to make the code clearer
2021-01-15 13:11:51 -06:00
Mark Felder
d36182c088 Change user.confirmation_pending field to user.is_confirmed 2021-01-15 12:44:41 -06:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain
e1a547d7d3 ChatMessages: Fix pagination headers.
They used to contain the path parameter `id` as query param,
which would break the link.
2021-01-11 15:30:40 +01:00
lain
e1e7e4d379 Object: Rework how Object.normalize works
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
lain
0ef0aed205 Tests: Add a helper method to reduce sleeping times in test.
This will 'time travel', i.e. change the inserted_at and update_at
fields of the object in question. This is used to backdate things
were we used sleeping before to ensure time differences.
2020-12-21 16:31:23 +01:00
lain
9ba60f70d2 Tests: Make as many tests as possible async.
In general, tests that match these criteria can be made async:

- Doesn't use real Cachex.
- Doesn't write to the Config / Application Environment.
- Uses Mock. Using Mox is fine.
- Uses the streamer.
2020-12-21 12:21:40 +01:00
lain
6bb4f4e172 Merge branch 'support/2255_posix_errors' into 'develop'
[#2255] added error messages for posix error code

See merge request pleroma/pleroma!3138
2020-12-15 15:16:03 +00:00
lain
477c6c8e55 Merge branch 'auth-improvements' into 'develop'
Cookie auth rework / Auth subsystem refactoring and tweaks

Closes pleroma/secteam/pleroma#3

See merge request pleroma/pleroma!3112
2020-12-09 15:55:45 +00:00
Ivan Tashkinov
e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Egor Kislitsyn
35ba48494f
Stream follow updates 2020-12-02 00:18:58 +04:00
Maksim Pechnikov
9c5d1cb9ed fix tests 2020-11-18 09:58:51 +03:00
Maksim Pechnikov
e4b202d905 added test 2020-11-16 22:23:28 +03:00
Egor Kislitsyn
fb41bd1a85 Hide reactions from muted and blocked users 2020-11-16 22:50:14 +04:00
Maksim Pechnikov
e1d25bad0c fix tests 2020-11-16 21:45:37 +03:00
Maksim Pechnikov
36ec604521 added test 2020-11-14 08:30:22 +03:00
lain
504a829edb Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/federation-status 2020-11-04 15:38:10 +01:00
Egor Kislitsyn
ca95cbe0b4
Add with_muted param to ChatController.index/2 2020-11-04 16:40:12 +04:00
Egor Kislitsyn
be52819a11
Hide chats from muted users 2020-11-02 17:51:54 +04:00
38b481d112 Merge branch 'feature/account-export' into 'develop'
Add account export

Closes #847

See merge request pleroma/pleroma!2918
2020-10-31 17:03:40 +00:00
eugenijm
8e41baff40 Add idempotency_key to the chat_message entity. 2020-10-31 05:50:59 +03:00
Egor Kislitsyn
a2a7a1f2ff
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-31 00:17:33 +04:00
Egor Kislitsyn
d2113428c0
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-30 19:34:02 +04:00