Commit graph

420 commits

Author SHA1 Message Date
Ariadne Conill
739bbe0d3b security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
Alex S
f8786fa6f2 adding following_address field to user 2019-07-10 17:42:18 +03:00
Sergey Suprunenko
2d2b50ccca Send and handle "Delete" activity for deleted users 2019-07-10 05:16:08 +00:00
Eugenij
f2c03425b0 Broadcast conversation update when DM is deleted 2019-06-24 07:14:04 +00:00
Maksim Pechnikov
1e7bb69a95 update ActivityPub#fetch_activities_query 2019-06-04 15:21:18 +03:00
Maksim Pechnikov
0acfcf6c52 update ActivityPub#fetch_activities_query 2019-06-04 15:04:36 +03:00
Maksim Pechnikov
4f2e359687 Merge branch 'develop' into issue/941 2019-06-04 09:49:08 +03:00
Maksim Pechnikov
080e1aa70e add option skip_thread_containment 2019-06-03 16:13:37 +03:00
rinpatch
5bd41fef8b Change query order in fetch_activities_for_context_query to make poll vote exclusion work 2019-06-03 10:58:37 +03:00
rinpatch
65db5e9f52 Resolve merge conflicts 2019-06-01 16:29:58 +03:00
rinpatch
300d94c628 Add poll votes
Also in this commit by accident:
- Fix query ordering causing exclude_poll_votes to not work
- Do not create notifications for Answer objects
2019-06-01 16:17:46 +03:00
lambda
2993361075 Merge branch 'hotfix/leaking-lists' into 'develop'
Mastodon API: Fix lists leaking private posts

See merge request pleroma/pleroma!1222
2019-05-31 13:26:48 +00:00
rinpatch
d9c0650ff9 Mastodon API: Fix lists leaking private posts
Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).

Reported by @kurisu@iscute.moe via a DM
2019-05-31 15:25:17 +03:00
Egor Kislitsyn
99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
rinpatch
8b2d39c1ec Change the order of preloading when fetching activities for context 2019-05-23 14:03:16 +03:00
William Pitcock
60f882b09f activitypub: run user objects through MRF filters 2019-05-22 18:53:12 +00:00
rinpatch
ac7702f800 Exclude Answers from fetching by default 2019-05-22 21:52:12 +03:00
rinpatch
19c90d47c4 Normalize poll votes to Answer objects 2019-05-22 21:17:57 +03:00
rinpatch
ee68244141 Do not stream out poll replies 2019-05-21 16:58:15 +03:00
rinpatch
d7c4d029c8 Restrict poll replies when fetching activiites for context 2019-05-21 14:35:20 +03:00
rinpatch
aafe30d94e Handle poll votes 2019-05-21 14:12:10 +03:00
Aaron Tinio
eb02edcad9 Add virtual :thread_muted? field
that may be set when fetching activities
2019-05-21 00:35:46 +08:00
rinpatch
6430cb1bf7 Restrict poll replies from fetch queries by default 2019-05-19 17:44:18 +03:00
Sergey Suprunenko
e2b3a27204 Add Reports to Admin API 2019-05-16 19:09:18 +00:00
e190b3022b Merge branch 'fix/domain-unblocked-reblogs' into 'develop'
Fix domain-unblocked reblogs

Closes #892

See merge request pleroma/pleroma!1157
2019-05-16 18:57:14 +00:00
Mark Felder
ebb0482116 Merge branch 'develop' into conversations-import 2019-05-16 13:11:17 -05:00
Aaron Tinio
793f1834d2 Use named binding to conditionally join object 2019-05-16 06:25:14 +08:00
Aaron Tinio
2b6119dfbf Restrict reblogs of activities from blocked domains 2019-05-16 05:53:51 +08:00
William Pitcock
a591ab6112 activity pub: remove Ecto SQL query dumps 2019-05-15 16:56:46 +00:00
William Pitcock
de114ffbb0 activitypub: remove contain_timeline() 2019-05-15 15:53:06 +00:00
William Pitcock
0387f52138 activitypub: add restrict_thread_visibility() 2019-05-15 15:53:06 +00:00
lain
f168a1cbdc Merge remote-tracking branch 'origin/develop' into conversations-import 2019-05-15 17:47:29 +02:00
lambda
692919c7d2 Merge branch 'refactor/use-job-queue-everywhere' into 'develop'
use job queue everywhere

Closes #862

See merge request pleroma/pleroma!1142
2019-05-14 15:27:34 +00:00
Egor Kislitsyn
5e2b491276 Merge remote-tracking branch 'pleroma/develop' into feature/disable-account 2019-05-14 18:15:56 +07:00
William Pitcock
57d11ac9db activitypub: move post rich media fetching to job queue 2019-05-13 19:36:00 +00:00
William Pitcock
ef1f9e8d4e activitypub: split out outgoing federation into a federation module 2019-05-12 05:04:11 +00:00
lain
a33bec7d58 Conversations: Import order, import as read. 2019-05-09 16:39:28 +02:00
lain
e6d7f8d223 Credo fixes. 2019-05-08 18:19:20 +02:00
lain
920bd47055 ActivityPub: Remove leftover printf debugging. 2019-05-08 17:40:24 +02:00
lain
fcf2f38d20 Conversations: Add a function to 'import' old DMs. 2019-05-08 17:37:00 +02:00
William Pitcock
6020ff3fb6 activitypub: add optional order constraint to timeline query builder 2019-05-07 19:33:22 +00:00
rinpatch
4c5125dedc Remove bookmarks assoc and add a fake bookmark assoc instead 2019-05-07 19:33:22 +00:00
rinpatch
f841eb7cdb Preload bookmarks wherever the object is preloaded 2019-05-07 19:33:22 +00:00
Egor Kislitsyn
1557b99beb Merge remote-tracking branch 'pleroma/develop' into feature/disable-account 2019-05-07 16:51:11 +07:00
lain
81d1aa424d Streamer: Stream out Conversations/Participations. 2019-05-03 13:39:14 +02:00
lain
45f790becc Merge remote-tracking branch 'origin/develop' into conversations_three 2019-05-01 18:40:41 +02:00
rinpatch
ce4825c1dc Do not normalize objects in stream_out unless the activity type is
Create

Saves quite a bit of time with delete activities because they would
always query the db
2019-04-30 20:21:28 +03:00
Egor Kislitsyn
c157e27a00 Merge branch 'develop' into feature/disable-account 2019-04-25 13:41:10 +07:00
rinpatch
d21d921def Replace Object.normalize(activity.data[object] with Object.normalize(acitivty) to benefit from preloading 2019-04-22 11:27:29 +03:00
Egor
b9cdf6d3b9 Use User.get_cached* everywhere 2019-04-22 07:20:43 +00:00