Commit graph

436 commits

Author SHA1 Message Date
rinpatch
6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
Egor Kislitsyn
d2113428c0
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-30 19:34:02 +04:00
Ivan Tashkinov
ba50dc05a8 Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
#	CHANGELOG.md
2020-10-28 19:03:40 +03:00
Mark Felder
9e54ef086b Merge branch 'develop' into feature/account-export 2020-10-27 12:51:31 -05:00
Egor Kislitsyn
e87901c424
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-20 17:27:29 +04:00
Ivan Tashkinov
9ea31b373f Merge remote-tracking branch 'remotes/origin/develop' into chore/elixir-1.11 2020-10-17 17:53:47 +03:00
Ivan Tashkinov
049ece1ef3 Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
#	lib/pleroma/web/feed/user_controller.ex
#	lib/pleroma/web/o_status/o_status_controller.ex
#	lib/pleroma/web/router.ex
#	lib/pleroma/web/static_fe/static_fe_controller.ex
2020-10-17 13:12:39 +03:00
Mark Felder
1fb9452131 Merge branch 'develop' into feature/account-export 2020-10-14 15:27:15 -05:00
Mark Felder
64553ebae2 Merge branch 'develop' into chore/elixir-1.11 2020-10-13 09:54:53 -05:00
Mark Felder
4ead0d564f Merge branch 'develop' into refactor/discoverable_user_field 2020-10-13 09:54:11 -05:00
Mark Felder
8bacdc3680 Change user.discoverable field to user.is_discoverable 2020-10-13 09:45:08 -05:00
Alexander Strizhakov
7dffaef479
tests consistency 2020-10-13 16:35:09 +03:00
Mark Felder
8156940a49 Compatibility with phoenix_pubsub 2.0.0 2020-10-07 13:28:39 -05:00
Mark Felder
570a406b7a use Phoenix.ConnTest is deprecated 2020-10-07 10:31:08 -05:00
Egor Kislitsyn
739cb1463b
Add backups deletion 2020-10-07 18:34:29 +04:00
Ivan Tashkinov
f6024252ae [#3053] No auth check in StaticFEController, even on non-federating instances. Adjusted tests. 2020-10-02 22:18:02 +03:00
Alexander Strizhakov
cbdaabad34
web push http_client fix 2020-10-01 13:32:11 +03:00
Ivan Tashkinov
60b025b782 [#2074] OAuth scope checking in Streaming API. 2020-09-19 19:16:55 +03:00
stwf
41939e3175 User search respect discoverable flag 2020-09-17 12:15:50 -04:00
rinpatch
f70335002d RichMedia: Do a HEAD request to check content type/length
This shouldn't be too expensive, since the connections are pooled,
but it should save us some bandwidth since we won't fetch non-html
files and files that are too large for us to process (especially
since you can't cancel a request without closing the connection
with HTTP1).
2020-09-14 14:45:58 +03:00
Alexander Strizhakov
9bf1065a06 schedule activity expiration in Oban 2020-09-10 21:50:40 +03:00
Haelwenn (lanodan) Monnier
921f926e96
Remove OStatus in testsuite 2020-09-08 18:43:57 +02:00
Alexander Strizhakov
79f65b4374
correct pool and uniform headers format 2020-09-02 09:16:51 +03:00
lain
9a9121805c Apply 1 suggestion(s) to 1 file(s) 2020-08-11 09:08:27 +00:00
Alex Gleason
673e8e3ac1
Force 204 responses to be empty, fixes #2029 2020-08-07 13:02:39 -05:00
lain
34cbe9f44a Merge branch 'features/poll-validation' into 'develop'
Poll and votes pipeline ingestion

Closes #1362 and #1852

See merge request pleroma/pleroma!2635
2020-08-07 10:44:06 +00:00
Roman Chvanikov
97b5701449 Update clear_config macro 2020-08-05 17:46:14 +03:00
lain
878c7f3f30 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/poll-validation 2020-08-04 15:28:41 +02:00
Roman Chvanikov
56e9bf3393 Unify Config.get behaviour for atom/list key param 2020-08-04 14:35:47 +03:00
Alex Gleason
f9301044ed
Add ReportNote test 2020-08-02 17:45:15 -05:00
Alex Gleason
77b48cb4ce
Factory: Add report_activity_factory 2020-08-02 16:36:55 -05:00
Haelwenn (lanodan) Monnier
ac2598307d
Merge remote-tracking branch 'pleroma/develop' into features/poll-validation 2020-07-31 13:57:21 +02:00
Mark Felder
33f0427809 Expose seconds_valid in Pleroma Captcha API endpoint 2020-07-29 16:07:22 -05:00
Alex Gleason
b87a1f8eaf
Refactor require_migration/1 into a test helper function 2020-07-22 14:32:44 -05:00
Haelwenn (lanodan) Monnier
c19bdc811e
Fix attachments in polls 2020-07-15 12:32:42 +02:00
Mark Felder
3c0c1fd2ef Merge branch 'develop' into issue/1790-updated-oban 2020-07-10 11:34:53 -05:00
lain
4d809144d8 Merge branch 'cluster-test-ci' into 'develop'
RE-enable cluster tests on CI

See merge request pleroma/pleroma!2743
2020-07-10 08:56:12 +00:00
stwf
08211eff22 Re-enable the federated tests, increase timeout 2020-07-09 13:49:30 -04:00
Haelwenn (lanodan) Monnier
6a679d80c9
Move get_favicon to Pleroma.Instances, use / 2020-07-08 06:28:39 +02:00
Haelwenn (lanodan) Monnier
f6d09fafee
Add support for remote favicons 2020-07-08 06:28:39 +02:00
lain
9ad305209a Merge branch 'bugfix/peertube-videos' into 'develop'
Fix getting videos from peertube

See merge request pleroma/pleroma!2728
2020-07-07 09:14:50 +00:00
Haelwenn (lanodan) Monnier
fbb9743a70
Fix getting videos from peertube 2020-07-07 09:38:38 +02:00
Sergey Suprunenko
4a8c26654e
Restrict statuses that contain user's irreversible filters 2020-07-06 09:28:21 +03:00
Mark Felder
4695bdd81b Merge branch 'develop' into issue/1790-updated-oban 2020-07-03 10:36:41 -05:00
Haelwenn (lanodan) Monnier
244655e884
MastoAPI: Show source field when deleting 2020-06-26 19:52:20 +02:00
Maksim Pechnikov
a8d967762e migrate to oban 2.0-rc1 2020-06-23 15:09:01 +03:00
rinpatch
4ec2fb967e Merge branch 'features/users-raw_bio' into 'develop'
User: Add raw_bio, storing unformatted bio

See merge request pleroma/pleroma!2326
2020-06-17 10:34:23 +00:00
Alexander Strizhakov
9a4fde9766
Mogrify args as custom tuples 2020-06-16 15:53:28 +03:00
Haelwenn (lanodan) Monnier
e1b07402ab
User: Add raw_bio, storing unformatted bio
Related: https://git.pleroma.social/pleroma/pleroma/issues/1643
2020-06-06 16:23:16 +02:00
lain
3bec0d2e50 Factory: Set users to be ap_enabled by default. 2020-05-25 12:59:42 +02:00
lain
a42a0716ec Merge branch 'features/emoji_stealer' into 'develop'
MRF.StealEmojiPolicy: New Policy

See merge request pleroma/pleroma!2385
2020-05-21 13:31:49 +00:00
Egor Kislitsyn
490a3a34b6
Add OpenAPI spec for PleromaAPI.PleromaAPIController 2020-05-20 15:15:13 +04:00
Haelwenn (lanodan) Monnier
e688d4ee69
MRF.StealEmojiPolicy: New Policy
Inspired by https://git.pleroma.social/moonman/emoji-stealer-mrf/-/blob/master/steal_emoji_policy.ex
2020-05-14 09:59:56 +02:00
Alex Gleason
b46811a074
Upgrade Comeonin to v5
https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md
2020-05-12 17:14:59 -05:00
lain
4061841846 Merge branch 'streamer-worker-registry' into 'develop'
Streamer rework

See merge request pleroma/pleroma!2426
2020-05-07 09:13:32 +00:00
href
9491ba3e49 Streamer rework 2020-05-07 09:13:32 +00:00
Maksim
3d0c567fbc Pleroma.Web.TwitterAPI.TwoFactorAuthenticationController -> Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController 2020-05-07 08:14:54 +00:00
lain
f84c8f2f0d Merge branch 'feature/1728-webfinger-acct-scheme' into 'develop'
Webfinger: Request account info with the acct scheme

Closes #1728

See merge request pleroma/pleroma!2465
2020-05-06 08:46:45 +00:00
lain
7fdc7078ae Merge branch 'openapi/lists' into 'develop'
Add OpenAPI spec for ListController

See merge request pleroma/pleroma!2453
2020-05-06 08:43:21 +00:00
Egor Kislitsyn
332e016bcd
Add OpenAPI spec for ScheduledActivityController 2020-05-05 23:42:24 +04:00
Egor Kislitsyn
5ec6aad567
Add OpenAPI spec for ListController 2020-05-05 17:05:34 +04:00
lain
335aabc39c Transmogrifier tests: Extract like tests. 2020-05-04 14:45:28 +02:00
lain
a7966f2080 Webfinger: Request account info with the acct scheme 2020-05-03 13:48:01 +02:00
lain
44fbd09709 Merge branch 'issue/1577' into 'develop'
[#1577] fix mediaType of object

See merge request pleroma/pleroma!2372
2020-05-01 12:38:46 +00:00
Egor Kislitsyn
7b0c8f0fde
Add tests for account registration with captcha enabled and improve errors 2020-04-29 21:26:07 +04:00
Maksim Pechnikov
ea5142b94b convert markdown content to html 2020-04-28 09:32:43 +03:00
Egor Kislitsyn
2efc00b3cf
Use json_response_and_validate_schema/2 in tests to validate OpenAPI schema 2020-04-27 20:46:52 +04:00
Egor Kislitsyn
f1ca917bb0
Merge branch 'develop' into openapi/account 2020-04-27 14:33:00 +04:00
Egor Kislitsyn
f362836742
Support validation for inline OpenAPI schema and automatic tests for examples 2020-04-24 15:16:15 +04:00
Egor Kislitsyn
736fead494 Merge branch 'develop' into openapi/account 2020-04-20 18:40:02 +04:00
Haelwenn
a17bfb5fab Merge branch 'feature/1584-client-captcha-options' into 'develop'
Creating trusted app from adminFE & mix task

Closes #1584

See merge request pleroma/pleroma!2252
2020-04-17 09:19:35 +00:00
Egor Kislitsyn
260cbddc94
Add spec for AccountController.update_credentials 2020-04-13 18:16:07 +04:00
Maksim Pechnikov
c5c09fc61b fix mediaType of object 2020-04-13 07:02:57 +03:00
Alexander Strizhakov
f497cf2f7c
Merge branch 'develop' into gun 2020-03-30 12:15:23 +03:00
Haelwenn
e999c67cee Merge branch 'feature/funkwhale-audio' into 'develop'
Add support for funkwhale Audio activity

Closes #764 and #1624

See merge request pleroma/pleroma!2287
2020-03-29 19:18:22 +00:00
Alexander Strizhakov
a6ee6784bc
creating trusted app from adminFE & mix task 2020-03-23 10:44:47 +03:00
Alexander Strizhakov
9bae9b1b1b
Merge branch 'develop' into gun 2020-03-20 20:47:54 +03:00
Ivan Tashkinov
1c05f539aa Improved in-test clear_config/n applicability (setup / setup_all / in-test usage). 2020-03-20 18:33:00 +03:00
Ivan Tashkinov
ec3719f539 Improved in-test config management functions. 2020-03-18 20:30:31 +03:00
Alexander Strizhakov
f0651730bd
Merge branch 'develop' into gun 2020-03-16 14:25:55 +03:00
Alexander Strizhakov
39ed608b13
Merge branch 'develop' into gun 2020-03-12 18:31:10 +03:00
Ivan Tashkinov
bd40880fa0 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
# Conflicts:
#	test/web/activity_pub/activity_pub_controller_test.exs
2020-03-12 12:07:07 +03:00
f92c447bbc Merge branch 'relay-list-change' into 'develop'
Relay list shows hosts without accepted follow

See merge request pleroma/pleroma!2240
2020-03-11 15:10:09 +00:00
Haelwenn (lanodan) Monnier
863ec33ba2
Add support for funkwhale Audio activity
reel2bits fixture not included as it lacks the Actor fixture for it.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1624
Closes: https://git.pleroma.social/pleroma/pleroma/issues/764
2020-03-11 13:46:42 +01:00
Ivan Tashkinov
5b696a8ac1 [#1560] Enforced authentication for non-federating instances in StaticFEController. 2020-03-11 14:05:56 +03:00
Ivan Tashkinov
5fc92deef3 [#1560] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring. 2020-03-09 20:51:44 +03:00
Alexander Strizhakov
56ff02f2ef
removing GunMock to use Mox 2020-03-06 20:23:58 +03:00
Mark Felder
d9c5ae7c09 Update Copyrights for gun related files 2020-03-03 17:16:24 -06:00
Mark Felder
4427161ca3 Merge branch 'develop' into gun 2020-03-03 17:15:49 -06:00
Mark Felder
5592db4757 Older copyright updates 2020-03-03 16:46:45 -06:00
Mark Felder
05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Alexander Strizhakov
884d9710b2
refactoring for gun api modules 2020-03-03 19:24:14 +03:00
Alexander Strizhakov
509c81e4b1
Merge branch 'develop' into gun 2020-03-03 10:08:07 +03:00
Alexander Strizhakov
cc98d010ed
relay list shows hosts without accepted follow 2020-03-02 09:27:20 +03:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Haelwenn (lanodan) Monnier
6c0d869d9d
Bump copyright years of files changed after 2019-01-01
Done via the following command:
git diff 1e6c102b --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2020-03-02 05:54:56 +01:00
Alexander Strizhakov
814b275af7
Merge branch 'develop' into gun 2020-02-29 11:34:50 +03:00
lain
81f29e7c6a Merge branch 'bugfix/captcha-nil-answer_data' into 'develop'
Bugfix: return invalid when answer_data is nil

Closes #1585

See merge request pleroma/pleroma!2236
2020-02-24 14:54:22 +00:00
Haelwenn (lanodan) Monnier
f9fe6a9e30
Captcha: return invalid when answer_data is nil 2020-02-24 02:49:53 +01:00
Alexander Strizhakov
13918cb545
Merge branch 'develop' into gun 2020-02-21 10:02:37 +03:00