akkoma

Author	SHA1	Message	Date
Floatingghost	58d5d9d7bf	fix tests, contain object Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details	2024-10-26 06:58:47 +01:00
Floatingghost	b6e8fde4dd	Merge branch 'develop' into keys-extraction	2024-10-26 06:11:29 +01:00
Floatingghost	bee10eab5e	correct minor zip behaviour All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details	2024-10-26 06:11:12 +01:00
Floatingghost	430b376ded	mix format Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-10-26 05:05:48 +01:00
Floatingghost	ccf1007883	Fix about a million tests	2024-10-26 05:05:48 +01:00
Floatingghost	6da783b84d	Fix http signature plug tests	2024-10-26 05:05:48 +01:00
Floatingghost	9c876cea21	Fix some tests	2024-10-26 05:05:48 +01:00
Floatingghost	9728e2f8f7	adjust logic to use relation :signing_key	2024-10-26 05:05:47 +01:00
floatingghost	f101886709	Merge pull request 'Federate emoji as anonymous objects' (#815 ) from Oneric/akkoma:emoji-id into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #815	2024-10-16 14:58:46 +00:00
Oneric	d5b0720596	Allow cross-domain redirects on AP requests Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Since we now remember the final location redirects lead to and use it for all further checks since `3e134b07fa`, these redirects can no longer be exploited to serve counterfeit objects. This fixes: - display URLs from independent webapp clients redirecting to the canonical domain - Peertube display URLs for remote content (acting like the above)	2024-10-14 01:42:51 +02:00
Oneric	940792f8ba	Refetch on AP ID mismatch As hinted at in the commit message when strict checking was added in `8684964c5d`, refetching is more robust than display URL comparison but in exchange is harder to implement correctly. A similar refetch approach is also employed by e.g. Mastodon, IceShrimp and FireFish. To make sure no checks can be bypassed by forcing a refetch, id checking is placed at the very end. This will fix: - Peertube display URL arrays our transmogrifier fails to normalise - non-canonical display URLs from alternative frontends (theoretical; we didnt’t get any actual reports about this) It will also be helpful in the planned key handling overhaul. The modified user collision test was introduced in https://git.pleroma.social/pleroma/pleroma/-/merge_requests/461 and unfortunately the issues this fixes aren’t public. Afaict it was just meant to guard against someone serving faked data belonging to an unrelated domain. Since we now refetch and the id actually is mocked, lookup now succeeds but will use the real data from the authorative server making it unproblematic. Instead modify the fake data further and make sure we don’t end up using the spoofed version.	2024-10-14 01:42:43 +02:00
floatingghost	3bb31117e6	Merge pull request 'Handle domain mutes on the backend' (#804 ) from domain-mute-backend-processing into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #804	2024-08-20 10:32:47 +00:00
Oneric	4ff5293093	Federate emoji as anonymous objects All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details Usually an id should point to another AP object and the image file isn’t an AP object. We currently do not provide standalone AP objects for emoji and don't keep track of remote emoji at all. Thus just federate them as anonymous objects, i.e. objects only existing within a parent context and using an explicit null id. IceShrimp.NET previously adopted anonymous objects for remote emoji without any apparent issues. See: `333611f65e` Fixes: #694	2024-06-23 20:46:59 +02:00
floatingghost	5992e8bb16	Merge pull request 'Update http-signatures dep, allow created header' (#800 ) from created-pseudoheader into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #800	2024-06-17 21:52:59 +00:00
Floatingghost	57273754b7	we may as well handle (expires) as well All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details	2024-06-17 22:30:14 +01:00
Oneric	bf8f493ffd	Remove proxy_remote vestiges All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details Ever since `364b6969eb` this setting wasn't used by the backend and a noop. The stated usecase is better served by setting the base_url to a local subdomain and using proxying in nginx/Caddy/...	2024-06-16 01:21:52 +02:00
Floatingghost	c0b2bba55e	revert subdomain change until i can look at why i did that Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-06-15 15:14:42 +01:00
Floatingghost	4b765b1886	mix format Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-15 15:06:28 +01:00
Floatingghost	cba2c5725f	Filter emoji reaction accounts by domain blocks	2024-06-15 15:05:52 +01:00
Floatingghost	2b96c3b224	Update http-signatures dep, allow created header Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-12 18:40:44 +01:00
floatingghost	b03edb4ff4	Merge pull request 'Fix StealEmoji’s max size check' (#793 ) from Oneric/akkoma:emojistealer_contentlength into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #793	2024-06-12 17:09:05 +00:00
Floatingghost	ad52135bf5	Convert rich media backfill to oban task Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-11 18:06:51 +01:00
Floatingghost	9c5feb81aa	fix tests Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details	2024-06-09 21:26:29 +01:00
Floatingghost	16bed0562d	Fix tests	2024-06-09 18:28:00 +01:00
Mark Felder	2f5eb79473	Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint Removed back in 2019 https://github.com/mastodon/mastodon/pull/11213	2024-06-09 17:38:06 +01:00
Mark Felder	f4daa90bd8	Remove test validating missing descriptions are returned as an empty string	2024-06-09 17:37:59 +01:00
Mark Felder	688748b531	Improve test description	2024-06-09 17:37:32 +01:00
Mark Felder	2e5aa71176	Rich Media Cards are fetched asynchonously and not guaranteed to be available on first post render	2024-06-09 17:37:22 +01:00
Mark Felder	7ca655a999	Rich Media Cards are cached by URL not per status	2024-06-09 17:36:57 +01:00
Mark Felder	765c7e98d2	Respect the TTL returned in OpenGraph tags	2024-06-09 17:36:15 +01:00
Mark Felder	ddbe989461	Fix broken tests	2024-06-09 17:35:47 +01:00
Floatingghost	a924e117fd	Add pool timeouts	2024-06-09 17:20:29 +01:00
Oneric	a3840e7d1f	Raise minimum PostgreSQL version to 12 This lets us: - avoid issues with broken hash indices for PostgreSQL <10 - drop runtime checks and legacy codepaths for <11 in db search - always enable custom query plans for performance optimisation PostgreSQL 11 is already EOL since 2023-11-09, so in theory everyone should already have moved on to 12 anyway.	2024-06-07 16:21:09 +02:00
Oneric	be5440c5e8	mrf/steal_emoji: fix size limit check Headers are strings, but this expected to already get an int thus always failing the comparison if the header was set. Fixes mistake in `d6d838cbe8`	2024-06-05 20:11:53 +02:00
Oneric	68fe0a9633	test: fix content-length value type All headers are strings, always. In this case it didn't matter atm, but let’s not provide confusing examples.	2024-06-05 19:59:59 +02:00
Floatingghost	c9a03af7c1	Move rescue to the HTTP request itself Some checks failed ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-06-04 14:30:16 +01:00
Floatingghost	30e13a8785	Don't error on rich media fail Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 14:21:40 +01:00
floatingghost	8f97c15b07	Merge pull request 'Preserve Meilisearch’s result ranking' (#772 ) from Oneric/akkoma:search-meili-order into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #772	2024-05-31 14:12:05 +00:00
Floatingghost	3af0c53a86	use proper workers for fetching pins instead of an ad-hoc task (#788 ) Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #788 Co-authored-by: Floatingghost <hannah@coffee-and-dreams.uk> Co-committed-by: Floatingghost <hannah@coffee-and-dreams.uk>	2024-05-31 08:58:52 +00:00
Oneric	65aeaefa41	meilisearch: respect meili’s result ranking Meilisearch is already configured to return results sorted by a particular ranking configured in the meilisearch CLI task. Resorting the returned top results by date partially negates this and runs counter to what someone with tweaked settings expects. Issue and fix identified by AdamK2003 in #579 But instead of using a O(n^2) resorting, this commit directly retrieves results in the correct order from the database. Closes: #579	2024-05-29 23:17:27 +00:00
Floatingghost	66b3248dd3	mix tests probably shouldn't be async Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-05-27 04:03:13 +01:00
Floatingghost	73ead8656a	don't allow emoji formatter to be async Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 03:25:18 +01:00
Floatingghost	f15eded3e1	Add extra test case for nonsense field, increase timeouts Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 02:09:48 +01:00
Floatingghost	da67e69af5	Allow for attachment to be a single object in user data Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-26 17:09:26 +01:00
Floatingghost	b72127b45a	Merge remote-tracking branch 'oneric-sec/media-owner' into develop	2024-05-22 19:36:10 +01:00
Oneric	9a91299f96	Don't try to handle non-media objects as media Trying to display non-media as media crashed the renderer, but when posting a status with a valid, non-media object id the post was still created, but then crashed e.g. timeline rendering. It also crashed C2S inbox reads, so this could not be used to leak private posts.	2024-05-22 20:30:23 +02:00
Oneric	0c2b33458d	Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma `1afde067b1`	2024-05-22 20:30:18 +02:00
Floatingghost	842cac2a50	ensure we mock_global	2024-05-22 19:30:03 +01:00
Lain Soykaf	3e1f5e5372	WebFingerControllerTest: Restore host after test.	2024-05-22 19:27:51 +01:00
marcin mikołajczak	3a21293970	Fix tests Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:27:31 +01:00

1 2 3 4 5 ...

1167 commits