Merge remote-tracking branch 'origin/stable' into suyaplace

Update .woodpecker/build-amd64.yml
Merge branch 'stable' of https://akkoma.dev/AkkomaGang/akkoma into suyaplace
2023-09-25 21:48:20 +02:00 · 2023-08-26 13:41:52 +00:00 · 2023-08-16 14:54:54 +02:00 · 2023-08-16 10:44:57 +01:00 · 2023-08-16 00:35:08 +01:00 · 2023-08-16 00:34:59 +01:00
6 changed files with 23 additions and 3 deletions
--- a/.woodpecker/build-amd64.yml
+++ b/.woodpecker/build-amd64.yml
@ -76,6 +76,7 @@ pipeline:
      - *clean
      - echo "import Config" > config/prod.secret.exs
      - *setup-hex
+      - *mix-clean
      - *tag-build
      - mix deps.get --only prod
      - mix release --path release
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

+## Unreleased
+
+## Fixed
+- Issue where a bad inbox URL could break federation
+
 ## 2023.08

 ## Added
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -115,13 +115,18 @@ defp allowed_instances do
  def should_federate?(url) do
    %{host: host} = URI.parse(url)

-    with allowed <- allowed_instances(),
+    with {nil, false} <- {nil, is_nil(host)},
+         allowed <- allowed_instances(),
         false <- Enum.empty?(allowed) do
      allowed
      |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
      |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
      |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host)
    else
+      # oi!
+      {nil, true} ->
+        false
+
      _ ->
        quarantined_instances =
          blocked_instances()
--- a/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
+++ b/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
@ -34,7 +34,9 @@ def perform(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
        permissions = Enum.join(missing_scopes, " #{op} ")

        error_message =
-          dgettext("errors", "Insufficient permissions: %{permissions}.", permissions: permissions)
+          dgettext("errors", "Insufficient permissions: %{permissions}.",
+            permissions: permissions
+          )

        conn
        |> put_resp_content_type("application/json")
--- a/mix.exs
+++ b/mix.exs
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
  def project do
    [
      app: :pleroma,
-      version: version("3.10.3"),
+      version: version("3.10.4"),
      elixir: "~> 1.14",
      elixirc_paths: elixirc_paths(Mix.env()),
      compilers: [:phoenix] ++ Mix.compilers(),
--- a/test/pleroma/web/activity_pub/publisher_test.exs
+++ b/test/pleroma/web/activity_pub/publisher_test.exs
@ -487,4 +487,11 @@ test "publish to url with with different ports" do
             )
    end
  end
+
+  describe "should_federate/1" do
+    test "should not obliterate itself if the inbox URL is bad" do
+      url = "/inbox"
+      refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url)
+    end
+  end
 end
Author	SHA1	Message	Date
Alibek Omarov	74f94627f1	Merge remote-tracking branch 'origin/stable' into suyaplace	2023-09-25 21:48:20 +02:00
floatingghost	ebfb617b26	Update .woodpecker/build-amd64.yml	2023-08-26 13:41:52 +00:00
Alibek Omarov	98a1092b5b	Merge branch 'stable' of https://akkoma.dev/AkkomaGang/akkoma into suyaplace	2023-08-16 14:54:54 +02:00
FloatingGhost	0af8e93135	bump version	2023-08-16 10:44:57 +01:00
FloatingGhost	98a64ab145	Mix format	2023-08-16 00:35:08 +01:00
FloatingGhost	94d1af2c4c	Disallow nil hosts in should_federate	2023-08-16 00:34:59 +01:00