6d003e1acd
test/steal_emoji: consolidate configuration setup
2024-03-18 22:33:10 -01:00
d1ce5fd911
test/steal_emoji: reduce code duplication with mock macro
2024-03-18 22:33:10 -01:00
ee5ce87825
test: use pack functions to check for emoji
...
The hardocded path and filenames assumptions
will be broken with the next commit.
2024-03-18 22:33:10 -01:00
a8c6c780b4
StealEmoji: use Content-Type and reject non-images
...
E.g. *key’s emoji URLs typically don’t have file extensions, but
until now we just slapped ".png" at its end hoping for the best.
Furthermore, this gives us a chance to actually reject non-images,
which before was not feasible exatly due to those extension-less URLs
2024-03-18 22:33:10 -01:00
11ae8344eb
Sanitise Content-Type of media proxy URLs
...
Just as with uploads and emoji before, this can otherwise be used
to place counterfeit AP objects or other malicious payloads.
In this case, even if we never assign a priviliged type to content,
the remote server can and until now we just mimcked whatever it told us.
Preview URLs already handle only specific, safe content types
and redirect to the external host for all else; thus no additional
sanitisiation is needed for them.
Non-previews are all delegated to the modified ReverseProxy module.
It already has consolidated logic for building response headers
making it easy to slip in sanitisation.
Although proxy urls are prefixed by a MAC built from a server secret,
attackers can still achieve a perfect id match when they are able to
change the contents of the pointed to URL. After sending an posts
containing an attachment at a controlled destination, the proxy URL can
be read back and inserted into the payload. After injection of
counterfeits in the target server the content can again be changed
to something innocuous lessening chance of detection.
2024-03-18 22:33:10 -01:00
0ec62acb9d
Always insert Dedupe upload filter
...
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee
. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.
Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.
While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.
Dedupe was already included in the default list in config.exs
since 28cfb2c37a
, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.
Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
Helge
5d89e0c917
Allow for url to be a list
...
ci/woodpecker/pr/lint Pipeline failed
ci/woodpecker/pr/test unknown status
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
This solves interoperability issues, see:
- https://git.pleroma.social/pleroma/pleroma/-/issues/3253
- https://socialhub.activitypub.rocks/t/fep-fffd-proxy-objects/3172/30?u=helge
- https://data.funfedi.dev/0.1.1/#url-parameter
2024-03-03 09:11:45 +01:00
7d61fb0906
Merge pull request 'Fix static-fe Twitter metadata / URL previews' ( #700 ) from Oneric/akkoma:staticfe-metadata into develop
...
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
Reviewed-on: #700
2024-02-24 13:42:55 +00:00
c08f49d88e
Add tests for static-fe metadata tags
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
2024-02-21 00:33:32 +00:00
Haelwenn (lanodan) Monnier
7d94476dd6
StealEmojiPolicy: Sanitize shortcodes
...
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
2024-02-20 11:19:00 +01:00
1a7839eaf2
Prune old Update activities
...
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
Once processed they serve no purpose anymore afaict.
Therefor, lets prune them like other transient activities
to not unnecessarily bloat the table.
2024-02-17 16:57:40 +01:00
289f93f5a2
Merge pull request 'Return last_status_at as date, not datetime' ( #681 ) from katafrakt/akkoma:fix-last-status-at into develop
...
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
Reviewed-on: #681
2024-02-17 11:37:19 +00:00
e99e2407f3
Add background_removal to SimplePolicy MRF
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
2024-02-16 16:36:45 +01:00
7622aa27ca
Federate user profile background
...
Currently our own frontend doesn’t show backgrounds of other users, this
property is already publicly readable via REST API and likely was always
intended to be shown and federated.
Recently Sharkey added support for profile backgrounds and
immediately made them federate and be displayed to others.
We use the same AP field as Sharkey here which should make
it interoperable both ways out-of-the-box.
Ref.: 4e64397635
2024-02-16 16:35:51 +01:00
0ed815b8a1
Merge branch 'followback' into develop
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2024-02-16 13:27:40 +00:00
c5dcd07e08
Merge pull request 'Fix OpenAPI spec for preferred_frontend endpoint' ( #680 ) from katafrakt/akkoma:fix-openapi-spec-for-preferred-frontend into develop
...
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
Reviewed-on: #680
2024-02-16 12:21:00 +00:00
376f6b15ca
Add ability to auto-approve followbacks
...
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
Resolves: #148
2024-02-13 15:42:37 +01:00
df21b61829
Return last_status_at as date, not datetime
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
2024-02-05 21:42:15 +01:00
e97d08ee98
Merge pull request 'MRF transparency: don’t forget to obfuscate short domains' ( #676 ) from Oneric/akkoma:mrf-obfuscation into develop
...
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
Reviewed-on: #676
2024-02-05 08:43:43 +00:00
d7d159c49f
Fix OpenAPI spec for preferred_frontend endpoint
...
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
The spec was copied from another endpoint, including the operation id,
leading to scrubbing the valid parameters from the request and simply
not working.
2024-02-03 14:27:45 +01:00
e47c50666d
Fix obfuscation of short domains
...
Fixes #645
2024-02-02 14:50:13 +00:00
77000b8ffd
update tests for oauth consumer
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
2023-12-17 21:48:19 +00:00
Lain Soykaf
c3098e9c56
UserViewTest: Add basice service actor test.
2023-12-15 16:31:51 +00:00
6cc523bd23
Correct email links to be absolute URLs
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-11-02 11:49:03 +00:00
033b7b04e0
update captcha version
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-10-20 13:30:29 +01:00
c8e08e9cc3
fix issue with API cascading domain blocks but not honouring them
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-08-25 11:00:49 +01:00
063e3c0d34
Disallow nil hosts in should_federate
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2023-08-15 23:12:04 +01:00
6cb40bee26
Migrate to phoenix 1.7 ( #626 )
...
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
Closes #612
Co-authored-by: tusooa <tusooa@kazv.moe>
Reviewed-on: #626
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Co-committed-by: FloatingGhost <hannah@coffee-and-dreams.uk>
2023-08-15 10:22:18 +00:00
c22ecac567
mastodon_api: Add /api/v1/preferences endpoint
...
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
Implements the preferences endpoint in the Mastodon API, but returns
default values for most of the preferences right now. The only supported
preference we can access is default post visibility, and a relevant test
is added as well.
2023-08-12 09:28:24 -04:00
0c21341156
Fix signature checking
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
2023-08-07 16:17:17 +01:00
7825798e32
Add XML matcher
2023-08-07 11:12:14 +01:00
650c0c0f62
Allow max_id to be at the end of the querystring
2023-08-06 16:44:25 +01:00
7956cfb091
Another keyword.equal? check
2023-08-06 16:36:18 +01:00
215b550317
Fix keyword ordering reliance
2023-08-06 16:27:15 +01:00
866672b6a7
Add unordered list equality matcher
2023-08-06 15:58:11 +01:00
ef422a8385
Put matchers in matchers subpackage
2023-08-06 15:53:04 +01:00
9723264fe5
Add URI matchers
2023-08-06 15:51:21 +01:00
mae
d868348fac
Completely disable xml entity resolution
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
2023-08-05 12:32:05 +00:00
b4399574ca
Merge remote-tracking branch 'norm/config-permissions' into develop
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-08-04 22:31:11 +01:00
9c7409808f
Add unit test for external entity loading
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-08-04 22:24:32 +01:00
Haelwenn (lanodan) Monnier
749e9f2229
release_runtime_provider_test: chmod config for hardened permissions
...
Git doesn't manages file permissions precisely enough for us.
Original: 65ef8f19c5
2023-08-04 14:14:04 -04:00
0b2ec0ccee
Enable AnonymizeFilenames on all uploads
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline failed
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/build-arm64 Pipeline was successful
2023-08-04 15:37:15 +01:00
723bd123a0
Correct ordering for block/mutes
2023-08-04 15:18:07 +01:00
1dc8cc731c
Merge branch 'elixir1.15' into develop
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-08-04 15:16:14 +01:00
64e233ca20
Tag Mock
-tests as "mocked" and run them seperately
2023-08-04 12:50:50 +01:00
7e45343f81
Resolve information disclosure vulnerability through emoji pack archive download endpoint
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2023-08-04 11:34:19 +01:00
f4fe4fcbcc
More static stuff
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
2023-08-03 23:00:30 +01:00
02071ab9b4
bah
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
2023-08-03 18:40:13 +01:00
98cb255d12
Support elixir1.15
...
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/docs unknown status
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7
.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
2023-08-03 17:44:09 +01:00
b65aafe1e3
Fix tests breaking on config changes
2023-08-02 12:05:30 +01:00
c38f1aefb1
Add unit tests for Utils.user_name_string
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
2023-07-28 07:35:00 -07:00
1377ec33fe
Add a unit test for custom WebFinger domain
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
2023-07-27 09:01:46 -07:00
Weblate
eba3cce77b
Update translation files
...
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline failed
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/build-amd64 Pipeline failed
Updated by "Squash Git commits" hook in Weblate.
Translation: Pleroma fe/Akkoma Backend (Config Descriptions)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/
2023-07-27 13:14:05 +00:00
6db8ab7c94
Merge pull request 'Varied selection of Pleroma cherry-picks' ( #567 ) from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop
...
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #567
2023-07-27 12:53:56 +00:00
c63ae73bc0
Add embed controller tests
2023-07-17 19:18:21 +01:00
8fe29bf5d2
Exclude deactivated users from emoji reaction lists
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
2023-07-17 17:53:03 +01:00
5144d6f4ba
Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, and video types
...
Original: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3897
2023-06-28 01:56:14 +01:00
XxXCertifiedForkliftDriverXxX
07b478dc49
Implement blocklists for MediaProxy
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-06-26 15:18:31 +02:00
tusooa
c0a01e73cf
Enforce unauth restrictions for public streaming endpoints
ci/woodpecker/pr/woodpecker Pipeline failed
2023-06-14 22:45:19 +00:00
tusooa
fee6e2aac4
Fix deleting banned users' statuses
2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier
8669a0abcb
UploadedMedia: Increase readability via ~s sigil
2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier
37b0d774fa
UploadedMedia: Add missing disposition_type to Content-Disposition
...
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
2023-06-14 22:45:19 +00:00
tusooa
1def80c2e7
Fix existing tests
2023-06-14 22:45:19 +00:00
tusooa
3095251e6c
Dedupe poll options
2023-06-14 22:45:19 +00:00
tusooa
79a18f761b
Allow with_relationships param for blocks
2023-06-14 22:45:19 +00:00
kPherox
8fb235e71b
fix: append field values to bio before parsing
2023-06-14 19:44:07 +00:00
kPherox
d6271e7613
feat: build rel me tags with profile fields
2023-06-14 19:44:07 +00:00
5adce547d0
Require related object for notifications to filter on content
2023-06-14 19:41:48 +00:00
tusooa
05e80d1879
Fix block_from_stranger setting
2023-06-14 19:41:44 +00:00
tusooa
651979217a
Fix failure when registering a user with no email when approval required
2023-06-14 19:33:58 +00:00
997551bac9
Fix TwitterCard meta tags
...
TwitterCard meta tags are supposed to use the attributes "name" and "content".
OpenGraph tags use the attributes "property" and "content".
Twitter itself is smart enough to detect broken meta tags and discover the TwitterCard
using "property" and "content", but other platforms that only implement parsing of TwitterCards
and not OpenGraph may fail to correctly detect the tags as they're under the wrong attributes.
> "Open Graph protocol also specifies the use of property and content attributes for markup while
> Twitter cards use name and content. Twitter’s parser will fall back to using property and content,
> so there is no need to modify existing Open Graph protocol markup if it already exists." [0]
[0] https://developer.twitter.com/en/docs/twitter-for-websites/cards/guides/getting-started
2023-06-14 19:30:19 +00:00
Tusooa Zhu
2a290cb331
Lint
2023-06-14 17:20:55 +00:00
Tusooa Zhu
dfd6c96808
Fix SideEffectsTest
2023-06-14 17:20:55 +00:00
Tusooa Zhu
fd38756e92
Do not stream out Announces to public timelines
2023-06-14 17:20:55 +00:00
Tusooa Zhu
5ef7c15d92
Make local-only posts stream in local timeline
2023-06-14 17:18:26 +00:00
3227ebf1e1
CommonFixes: more predictable context generation
...
`context` fields for objects and activities can now be generated based
on the object/activity `inReplyTo` field or its ActivityPub ID, as a
fallback method in cases where `context` fields are missing for incoming
activities and objects.
2023-06-14 16:22:26 +00:00
XxXCertifiedForkliftDriverXxX
1b560d547a
Stop exposing if a user blocks you over the API.
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-05-28 23:42:27 +02:00
Haelwenn (lanodan) Monnier
70b0f93865
Apply oembed patch
ci/woodpecker/push/woodpecker Pipeline is pending
2023-05-26 20:45:57 +01:00
8c208f751d
Fix filtering out incorrect addresses
ci/woodpecker/push/woodpecker Pipeline is pending
2023-05-23 13:46:25 +01:00
037f881187
Fix create processing in direct message disabled
2023-05-23 13:16:20 +01:00
ab34680554
switch to using an enum system for DM acceptance
2023-05-23 10:29:08 +01:00
d310f99d6a
Add MRFs for direct message manipulation
2023-05-22 23:53:44 +01:00
f72d773cc3
Merge pull request 'Make UserNote comment default to the empty string.' ( #530 ) from provable_ascent/akkoma:provable_ascent-patch-1 into develop
...
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #530
2023-05-22 21:33:01 +00:00
9c4203632d
Add user_note_test.exs.
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-05-12 02:18:24 +00:00
f1e66b39c7
Return empty string in the event of no detected language
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-05-08 18:52:19 -04:00
b86b3a9e29
Support public key URIs that incomprehensibly have GET args
...
ci/woodpecker/push/woodpecker Pipeline was successful
Fixes #528
2023-04-25 13:30:20 +01:00
f2b4e7f86b
Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
ci/woodpecker/push/woodpecker Pipeline is pending
2023-04-14 17:56:56 +01:00
522221f7fb
Mix format
2023-04-14 17:56:34 +01:00
Atsuko Karagi
1fa3c0b485
Remove support for outdated Create format
2023-04-14 17:46:22 +01:00
Atsuko Karagi
d2b0d86471
HTTP signatures respect allowlist federation
2023-04-14 17:46:06 +01:00
8c86a06ed1
Merge pull request 'Remove "default" image description' ( #493 ) from ilja/akkoma:remove_default_image_description into develop
...
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #493
2023-04-14 16:27:41 +00:00
4c9c959bb3
Merge branch 'develop' into frontend-switcher-9000
2023-04-14 16:56:10 +01:00
1b2c24a19e
fix tests
2023-04-14 15:20:55 +01:00
dd44387f1a
Add timeline visibility options
2023-03-17 15:33:28 +00:00
2c9e02429a
mix format
ci/woodpecker/push/woodpecker Pipeline is pending
2023-03-15 22:19:52 +00:00
9464d50562
Add publicTimelineVisibility to nodeinfo
2023-03-15 22:13:18 +00:00
377d1483b6
Merge pull request 'Apply security patch from pleroma to prevent nested file names being uploaded to the server.' ( #507 ) from foxing/akkoma:foxing-patch-2 into develop
...
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #507
2023-03-13 00:29:51 +00:00
3f76de76da
Apply Patch
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-03-12 19:13:56 +00:00
0c77be9308
don't crash on malformed avatar and banner values
...
ci/woodpecker/pr/woodpecker Pipeline was successful
weird values in href will cause base64 encoding to fail later down the
line, so let's make sure the value we're passing on is somewhat sane, or
at the very least a binary
this fixes #482
2023-03-12 18:14:05 +01:00
ilja
6c396fcab4
Remove "default" image description
...
ci/woodpecker/pr/woodpecker Pipeline is pending
When no image description is filled in, Pleroma allowed fallbacks.
Those were (based on a setting) either the filename, or a fixed description.
Neither are good options for image descriptions imo, so here we remove this.
Note that there's two tests removed who supposedly tested something else.
But examining closer, they didn't seem to test what they claimed to test,
so I removed them rather than try to "fix" them.
2023-03-12 08:42:33 +01:00
e124a109c1
Remove _misskey_reaction matching ( #500 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #500
2023-03-10 18:46:49 +00:00
b2112302ce
Add more information about failed verifications
2023-03-10 03:51:24 +00:00
8a4437d2be
Allow expires_at in filter requests
...
ci/woodpecker/push/woodpecker Pipeline is pending
Fixes #492
2023-03-09 19:13:14 +00:00
87d5e5b06a
Allow moderators to get the admin scope again
...
ci/woodpecker/push/woodpecker Pipeline is pending
Fixes #463
2023-03-08 17:39:35 +00:00
b88e6560e0
Reblog content should be ""
...
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline is pending
Fixes #450
2023-03-02 11:04:27 +00:00
ilja
b4952a81fe
Interpret \n
as newline for MFM
...
Markdown doesn't generally consider `\n` a newline,
but Misskey does for MFM.
Now we do to for MFM (and not for Markdown) :)
2023-02-18 19:56:11 +01:00
ilja
b71db2f82d
create_service_actor is now type Application
...
ci/woodpecker/push/woodpecker Pipeline was successful
This is used for internal fetch and for relay. Both represent the instance and therefore are an aplication.
2023-02-04 21:00:21 +00:00
aeb68a0ad1
paginate follow requests ( #460 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
matches https://docs.joinmastodon.org/methods/follow_requests/#get mostly
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #460
2023-02-04 20:51:17 +00:00
d394ab0a8a
Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-15 18:58:26 +00:00
90088cce11
Support TLD wildcards in MRF matches
...
Fixes #431
2023-01-15 18:57:49 +00:00
sfr
20cd8a0fc4
URL encode remote emoji pack names ( #362 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
fix #246
Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: #362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
975bc6d7e8
Merge pull request 'fix: Give error message to users when address has already been validated' ( #435 ) from cheerfulstoic/akkoma:develop into develop
...
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #435
2023-01-15 18:06:12 +00:00
f3c118ca23
Mix format
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-15 18:00:03 +00:00
7ca9ce9d67
fix: Give error message to users when address has already been validated
...
ci/woodpecker/pr/woodpecker Pipeline failed
Plus other errors.
2023-01-12 22:08:10 +01:00
ff5793198f
add inbound language test
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-11 15:42:13 +00:00
cc63a89b5d
Fix tests
2023-01-10 10:29:17 +00:00
f86bf16430
Add language support on /api/v1/statuses
2023-01-10 10:29:17 +00:00
a8cd859ef9
Use actual ISO8601 timestamps for masto API ( #425 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
Some users post posts with spoofed timestamp, and some clients will have issues with certain dates. Tusky for example crashes if the date is any sooner than 1 BCE (“year zero” in the representation).
I limited the range of what is considered a valid date to be somewhere between the years 1583 and 9999 (inclusive).
The numbers have been chosen because:
- ISO 8601 only allows years before 1583 with “mutual agreement”
- Years after 9999 could cause issues with certain clients as well
Co-authored-by: Charlotte 🦝 Delenk <lotte@chir.rs>
Reviewed-on: #425
Co-authored-by: darkkirb <lotte@chir.rs>
Co-committed-by: darkkirb <lotte@chir.rs>
2023-01-09 22:12:28 +00:00
336d06b2a8
Significantly tighten HTTP CSP
ci/woodpecker/push/woodpecker Pipeline was successful
2023-01-02 15:21:19 +00:00
6e646c4cbc
Use a genserver to periodically fetch metrics
...
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline was successful
Ref https://github.com/beam-telemetry/telemetry_metrics_prometheus_core/issues/52
2023-01-01 18:32:14 +00:00
c4b46ca460
Add /api/v1/followed_tags
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline was successful
2022-12-31 18:09:34 +00:00
745e15468e
Use same context for quote posts as the post that's being quoted ( #379 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
See #350 (comment)
When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg >.
An example from Akkoma:
Co-authored-by: ilja <git@ilja.space>
Reviewed-on: #379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
bf7ff6a337
Put rich media processing in a Task
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-30 20:11:53 +00:00
9be6caf125
argon2 password hashing ( #406 )
...
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #406
2022-12-30 02:46:58 +00:00
a5e98083f2
Add link verification in profile fields ( #405 )
...
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #405
2022-12-29 20:56:06 +00:00
af7c3fab98
Do not crash on invalid atom in configDB
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-21 00:16:39 +00:00
Atsuko Karagi
4a78c431cf
Simplified HTTP signature processing
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-19 20:41:48 +00:00
Atsuko Karagi
e17c71a389
Respect restrict_unauthenticated in /api/v1/accounts/lookup
2022-12-19 20:32:16 +00:00
c092fc9fd6
Add translation module for Argos Translate ( #351 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
Argos Translate is a Python module for translation and can be used as a command line tool.
This is also the engine for LibreTranslate, for which we already have a module.
Here we can use the engine directly from our server without doing requests to a third party or having to install our own LibreTranslate webservice (obviously you do have to install Argos Translate).
One thing that's currently still missing from Argos Translate is auto-detection of languages (see <https://github.com/argosopentech/argos-translate/issues/9 >). For now, when no source language is provided, we just return the text unchanged, supposedly translated from the target language. That way you get a near immediate response in pleroma-fe when clicking Translate, after which you can select the source language from a dropdown.
Argos Translate also doesn't seem to handle html very well. Therefore we give admins the option to strip the html before translating. I made this an option because I'm unsure if/how this will change in the future.
Co-authored-by: ilja <git@ilja.space>
Reviewed-on: #351
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-19 13:06:39 +00:00
3d546409b2
remove now-unused test
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-17 23:21:24 +00:00
52d8183787
drop admin scopes on create app instead of rejecting
2022-12-17 23:14:49 +00:00
dcac8adb3d
Add option to modify HTTP pool size
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-16 18:33:00 +00:00
372eea4e7c
add changelog entry for custom emoji
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-16 13:20:48 +00:00
20e3cb2b25
fix csp-induced HTML match error
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline failed
2022-12-16 12:19:24 +00:00
ca70d42541
mix format
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-16 11:18:14 +00:00
48d302a60f
allow disabling prometheus entirely
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-16 11:17:04 +00:00
6d8e4d5e05
add test for metrics controller
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-16 10:56:17 +00:00
b8be8192fb
do not allow non-admins to register tokens with admin scopes
...
this didn't actually _do_ anything in the past,
the users would be prevented from accessing the resource,
but they shouldn't be able to even create them
2022-12-16 03:25:14 +00:00
07a48b9293
giant massive dep upgrade and dialyxir-found error emporium ( #371 )
...
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #371
2022-12-14 12:38:48 +00:00
duponin
3e9c0b380a
Return 413 when an actor's banner or background exceeds the size limit
2022-12-12 17:28:14 -05:00
duponin
c9304962c3
Uploading an avatar media exceeding max size returns a 413
...
Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.
2022-12-12 17:28:09 -05:00
77e9a52450
allow http AS profile in ld+json header
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-12 19:06:04 +00:00
9c71782861
Test removed HTTP adapter
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-11 23:50:31 +00:00
f752126427
Remove quack, ensure adapter is finch
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-11 23:22:35 +00:00
affc910372
Remove hackney/gun in favour of finch
2022-12-11 19:19:31 +00:00
68894089e8
Do not fetch anything from blocked instances
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-10 00:09:45 +00:00
739ed14f54
Revert "mandate published on notes"
...
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline was successful
This reverts commit e49b583147
.
2022-12-09 20:59:26 +00:00
e49b583147
mandate published on notes
...
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
fixes #356
2022-12-09 20:27:54 +00:00
f5a315f04c
Add URL and code to :not_found errors
...
Ref #355
2022-12-09 20:13:31 +00:00
9db4c2429f
Remove FollowBotPolicy
2022-12-09 19:59:27 +00:00