Commit graph

6417 commits

Author SHA1 Message Date
Ariadne Conill
739bbe0d3b security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
Moonman
f98f7ad1b9 detect and use sha512-crypt for stored password hash. 2019-07-14 09:48:42 -07:00
kaniini
93701c3399 Merge branch 'chore/remove-cc-by-nc-nd-license' into 'develop'
remove CC-BY-NC-ND license.

See merge request pleroma/pleroma!1415
2019-07-14 16:43:55 +00:00
Ariadne Conill
26f265fb0e remove CC-BY-NC-ND license.
we moved branding assets (mascot etc) to CC-BY-SA a while back.
2019-07-14 16:43:00 +00:00
kaniini
cef4337f95 Merge branch 'bugfix/llal-object-containment' into 'develop'
Object.Fetcher: Handle error on Containment.contain_origin/2

See merge request pleroma/pleroma!1414
2019-07-14 16:39:17 +00:00
Haelwenn (lanodan) Monnier
2592934480
Object.Fetcher: Keep the with-do block as per kaniini proposition 2019-07-14 17:28:25 +02:00
Haelwenn (lanodan) Monnier
a2c601acb5
FetcherTest: Containment refute called(OStatus.fetch_activity_from_url) 2019-07-14 17:05:32 +02:00
Haelwenn (lanodan) Monnier
e1c08a67d6
Object.Fetcher: Fallback to OStatus only if AP actually fails 2019-07-14 17:05:31 +02:00
kaniini
1589b170e8 Merge branch 'feature/1072-muting-notifications' into 'develop'
Feature/1072 muting notifications

Closes #1072

See merge request pleroma/pleroma!1398
2019-07-14 13:29:32 +00:00
Alexander Strizhakov
e7c39b7ac8 Feature/1072 muting notifications 2019-07-14 13:29:31 +00:00
Haelwenn (lanodan) Monnier
40d0a198e2
Object.Fetcher: Handle error on Containment.contain_origin/2 2019-07-14 14:58:47 +02:00
Haelwenn (lanodan) Monnier
f00562ed6b
HttpRequestMock: Add 404s on OStatus fetching for info.pleroma.site 2019-07-14 13:55:41 +02:00
Haelwenn (lanodan) Monnier
efa9a13d4e
HttpRequestMock: Add missing mocks for object containment tests 2019-07-14 13:55:41 +02:00
kaniini
9f211838ec Merge branch 'rich_media_parsers_configurable' into 'develop'
parsers configurable

See merge request pleroma/pleroma!1400
2019-07-14 09:53:42 +00:00
Alex S
7af27c143d changelog & docs 2019-07-14 09:23:43 +03:00
Alex S
f4447d82b8 parsers configurable 2019-07-14 09:21:56 +03:00
rinpatch
0c2dcb4c69 Add follow information refetching after following/unfollowing 2019-07-14 01:58:39 +03:00
rinpatch
183da33e00 Add tests for fetch_follow_information_for_user and check object type
when fetching the page
2019-07-14 00:56:02 +03:00
Maxim Filippov
418ae6638d Merge branch 'develop' into feature/admin-api-user-statuses 2019-07-14 00:39:06 +03:00
Maxim Filippov
a9459ff98f Admin API: Endpoint for fetching latest user's statuses 2019-07-14 00:37:26 +03:00
rinpatch
d06d1b751d Use atoms when updating user info 2019-07-14 00:21:35 +03:00
rinpatch
e5b850a991 Refactor fetching follow information to a separate function 2019-07-13 23:56:10 +03:00
kaniini
592411e4fe Merge branch 'feature/mrf-transparency-filter' into 'develop'
nodeinfo: implement MRF transparency exclusions

See merge request pleroma/pleroma!1412
2019-07-13 19:06:54 +00:00
Ariadne Conill
0cc638b968 docs: note that exclusions usage will be included in the transparency metrics if used 2019-07-13 19:00:03 +00:00
Ariadne Conill
80c46d6d8b nodeinfo: implement MRF transparency exclusions 2019-07-13 18:53:14 +00:00
rinpatch
e8fa477793 Refactor Follows/Followers counter syncronization
- Actually sync counters in the database instead of info cache (which got
overriden after user update was finished anyway)
- Add following count field to user info
- Set hide_followers/hide_follows for remote users based on http status
codes for the first collection page
2019-07-13 19:27:49 +03:00
kaniini
f4c001062e Merge branch '1041-status-actions-rate-limit' into 'develop'
Rate-limited status actions (per user and per user+status).

Closes #1041

See merge request pleroma/pleroma!1410
2019-07-13 14:17:17 +00:00
Ivan Tashkinov
d72876c57d [#1041] Minor refactoring. 2019-07-13 15:21:50 +03:00
Ivan Tashkinov
b74d11e20a [#1041] Added documentation on existing rate limiters. 2019-07-13 15:13:26 +03:00
Haelwenn
9497d14f09 Merge branch 'fix/hackney-global-options' into 'develop'
Merge the default options with custom ones in ReverseProxy and Pleroma.HTTP and workaround for remote server certificate chain issues

See merge request pleroma/pleroma!1409
2019-07-13 11:55:09 +00:00
Ivan Tashkinov
369e9bb42f [#1041] Rate-limited status actions (per user and per user+status). 2019-07-13 14:49:39 +03:00
rinpatch
29ffe81c2e Add a changelog entry for tolerating incorrect chain order 2019-07-13 13:38:53 +03:00
Haelwenn
02cdedbf9f Merge branch 'fix/ap-hide-follows' into 'develop'
ActivityPub Controller: Change how hiding follows/followers is represented

See merge request pleroma/pleroma!1406
2019-07-13 10:22:19 +00:00
rinpatch
fa7e0c4262 Workaround for remote server certificate chain issues 2019-07-12 23:53:21 +03:00
rinpatch
b001b8891a Merge the default options with custom ones in ReverseProxy and
Pleroma.HTTP
2019-07-12 23:52:26 +03:00
rinpatch
f40004e746 Add changelog entries for follower/following collection behaviour changes 2019-07-12 21:49:16 +03:00
rinpatch
095117a58c Merge branch 'develop' into fix/ap-hide-follows 2019-07-12 21:43:06 +03:00
rinpatch
97b79efbcd ActivityPub Controller: Actually pass for_user to following/followers
views and give 403 errors when trying to request hidden follower pages
when unauthenticated
2019-07-12 20:54:20 +03:00
Sachin Joshi
f8e3ae6154 try to always match the filename for proxy url 2019-07-12 22:56:14 +05:45
kaniini
5999780e82 Merge branch 'tests/web_metadata' into 'develop'
Pleroma.Web.Metadata - tests

See merge request pleroma/pleroma!1401
2019-07-12 16:42:54 +00:00
Maksim
92055941bd Pleroma.Web.Metadata - tests 2019-07-12 16:42:54 +00:00
rinpatch
1f6ac7680d ActivityPub User view: Following/Followers refactoring
- Render the collection items if the user requesting == the user
rendered
- Do not render the first page if hide_{followers,follows} is set, just
give the URI to it
2019-07-12 19:41:55 +03:00
kaniini
71cc0d5c17 Merge branch 'fix/pleroma-extensions' into 'develop'
Move new endpoints to pleroma namespace in Mastodon API

See merge request pleroma/pleroma!1404
2019-07-12 16:33:58 +00:00
Mark Felder
360e4cdaa2 Move these to pleroma namespace in Mastodon API 2019-07-12 11:25:58 -05:00
rinpatch
27ed260eed AP user view: Add a test for hiding totalItems in following/followers 2019-07-12 18:36:14 +03:00
kaniini
b6567c9f4e Merge branch 'url-parser-proxy' into 'develop'
preserve the original path/filename (no encoding/decoding) for proxy

See merge request pleroma/pleroma!1403
2019-07-12 15:34:00 +00:00
Sachin Joshi
6a6c4d134b preserve the original path/filename (no encoding/decoding) for proxy 2019-07-12 21:05:01 +05:45
Roman Chvanikov
0384459ce5 Update mix.lock 2019-07-12 18:16:54 +03:00
Roman Chvanikov
eae991b06a merge develop 2019-07-12 18:08:27 +03:00
kaniini
db75288b71 Merge branch 'search-limit-offset-type' into 'develop'
Add account_id, type, limit, and offset to GET /api/v1/search and /api/v2/search

See merge request pleroma/pleroma!1386
2019-07-11 13:55:31 +00:00