Haelwenn (lanodan) Monnier
523757be52
[Pleroma.Web.ActivityPub.ActivityPub]: Harden getting endpoints [kroeg]
2018-09-27 20:00:45 +02:00
Martin Kühl
f77ec96707
Uploaders.S3: Replace unsafe characters in object key
...
According to [the S3 docs][s3], the characters safe for use in object keys are:
* 0-9
* a-z
* A-Z
* !
* -
* _
* .
* *
* '
* (
* )
(The / character is not listed but mentioned being safe outside of the list.)
Several characters that are valid in filenames can cause problems, for example
spaces are not valid in URLs and need to be escaped,
sequences of spaces can become squeezed by S3,
some characters like \ are documented to require “significant special handling”.
To avoid these problems, this change encodes the filename
before using it as part of the S3 object name
by replacing all characters except those documented as “safe” with dashes.
[s3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html
2018-09-24 15:38:32 +02:00
William Pitcock
7f0e291483
html: twittertext: add missing catchall scrub function
2018-09-22 03:45:35 +00:00
William Pitcock
56577d8b48
twitter api: add no_rich_text option to userview for account prefs
2018-09-22 03:24:40 +00:00
William Pitcock
df00a364fb
mastodon api: formatting
2018-09-22 02:53:04 +00:00
William Pitcock
c2b69798dd
twitter api: add support for disabling rich text
2018-09-22 02:53:02 +00:00
William Pitcock
958e085acb
mastodon api: add support for user-supplied html policy
2018-09-22 02:53:02 +00:00
William Pitcock
2f5b026548
twitter api: add support for user-specified html policy
2018-09-22 02:53:01 +00:00
William Pitcock
735cdfb848
user: add User.html_filter_policy()
2018-09-22 02:53:00 +00:00
William Pitcock
8ae9424edb
html: default to using normal scrub policy if provided scrub policy is nil
2018-09-22 02:52:59 +00:00
kaniini
4cb6331843
Merge branch 'feature/dynamic-user-refresh' into 'develop'
...
user: implement dynamic refresh of profiles
See merge request pleroma/pleroma!350
2018-09-21 00:00:28 +00:00
kaniini
0fe165165f
Merge branch 'task-204-on-options-request' into 'develop'
...
Return 204 response on options request
See merge request pleroma/pleroma!347
2018-09-20 23:54:51 +00:00
William Pitcock
8e28e8a18f
mix: remove fix_ap_users task, now obsolete
2018-09-20 23:50:56 +00:00
William Pitcock
c9f6eb9a41
user: implement dynamic refresh of profiles (gets rid of need for fix_ap_users task)
2018-09-20 23:50:56 +00:00
Haelwenn (lanodan) Monnier
40c51f118f
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.5.0
2018-09-20 16:48:12 +02:00
Haelwenn (lanodan) Monnier
f74725df41
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Remove unused variables
2018-09-20 16:37:18 +02:00
Haelwenn (lanodan) Monnier
33a1e92584
[Pleroma.Web.Router]: Fake /api/v1/endorsements
2018-09-20 16:25:07 +02:00
Haelwenn (lanodan) Monnier
a8eaecadee
[Pleroma.Web.MastodonAPI.AccountView]: relationship.json: fake endorsed value (false)
2018-09-20 16:24:29 +02:00
Haelwenn (lanodan) Monnier
43d0b7bf7a
[Pleroma.Web.MastodonAPI.StatusView] add replies_count
2018-09-20 16:10:46 +02:00
William Pitcock
c9585ec007
twitter api: fix mimetype fallback when attachments use a URI instead of a URL object
2018-09-19 04:59:26 +00:00
William Pitcock
0cac493fdc
mastodon api: default attachment type to image if one is not present
2018-09-19 04:59:25 +00:00
Martin Kühl
f4fcea5258
Revert "Mastodon API: Fake support for loading filters"
...
This reverts commit c1d07da4e1
.
The fake support was superseded by 6e030129fb
which actually implements the faked filters API.
This change removes the fake support and ensures that the actual implementation is used.
2018-09-18 11:59:10 +02:00
Dominique Feyer
9b0f2d572b
Return 204 response on options request
2018-09-17 12:21:01 +02:00
William Pitcock
a7d0ecdc7c
html: add policy which transforms inline images to pass through the media proxy
2018-09-16 02:16:16 +00:00
William Pitcock
cd13fa17fd
html: allow scrubbing policies to be stackable
2018-09-16 02:16:14 +00:00
William Pitcock
342ed84446
MRF: add policy for normalizing HTML markup (local and remote) to a specific policy
2018-09-16 01:25:36 +00:00
William Pitcock
95376ac1fe
html: add the ability to override the default scrub policy
2018-09-16 01:25:35 +00:00
kaniini
c2650f0ffb
Merge branch 'feature/html-scrub-policy' into 'develop'
...
html scrub policy
See merge request pleroma/pleroma!339
2018-09-16 01:05:09 +00:00
39aed5348a
Add visible_in_picker to status emojis
2018-09-10 23:32:19 +00:00
William Pitcock
d3248e13e3
activitypub: transmogrifier: allow profile updates from bots
2018-09-10 01:57:03 +00:00
William Pitcock
e0b8c0ccba
MRF: reject non-public: use pattern match to remove unnecessary if block
2018-09-10 01:16:03 +00:00
William Pitcock
88094c266d
MRF: simple policy: refactor module to use guards and pattern matching
2018-09-10 01:16:02 +00:00
William Pitcock
97253df3ee
MRF: simple policy: contain media removal/nsfw ops to create activities only
2018-09-10 01:16:01 +00:00
William Pitcock
e82ce2a4b3
formatting
2018-09-10 00:28:40 +00:00
William Pitcock
358f88e10a
html: allow inline images by default (because of custom emoji)
2018-09-10 00:24:19 +00:00
William Pitcock
40e2f6e500
html: add default scrubbing profile and configuration knobs
2018-09-10 00:14:57 +00:00
William Pitcock
ac486fc59b
everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly
2018-09-10 00:14:47 +00:00
William Pitcock
255f46d7ab
html: new module providing a configurable markup scrubbing policy
2018-09-10 00:13:57 +00:00
Dominique Feyer
801d645c6b
TASK: Fix formatting
2018-09-09 23:42:28 +02:00
Dominique Feyer
b79c126ee0
Add missing URL encoding in create authorization redirect
2018-09-09 23:31:47 +02:00
Hakaba Hitoyo
4e1bb7bccb
make limit for /api/v1/suggestions
2018-09-09 13:57:23 +09:00
lambda
045953225e
Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'
...
auth overhaul and legacy GS auth
See merge request pleroma/pleroma!331
2018-09-08 09:20:34 +00:00
kaniini
530561a091
Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
...
Add Secure and SameSite cookie flags
See merge request pleroma/pleroma!302
2018-09-07 23:55:42 +00:00
kaniini
3e4f39116b
Merge branch 'feature/custom_media_url' into 'develop'
...
[Pleroma.Uploaders.Local]: Add configuration for custom url path
See merge request pleroma/pleroma!318
2018-09-07 23:49:36 +00:00
Martin Kühl
c1d07da4e1
Mastodon API: Fake support for loading filters
2018-09-07 16:12:44 +02:00
Martin Kühl
619f67768a
Mastodon API: Add unsupported attributes to relationship responses
...
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
2018-09-07 16:12:44 +02:00
lain
70163aec9b
Add LegacyAuthenticationPlug to router.
2018-09-05 22:31:57 +02:00
lain
44b094908c
Update legacy passwords automatically.
2018-09-05 22:30:14 +02:00
lain
3aba585e7a
Add Plugs to router.
2018-09-05 21:57:56 +02:00
lain
e601165426
Add UserEnabledPlug.
2018-09-05 21:53:53 +02:00
lain
5ce1ebb179
Add SetUserSessionIdPlug.
2018-09-05 21:42:42 +02:00
Haelwenn
4a3dbd9d4e
Merge branch 'fix/sign-in-with-toot' into 'develop'
...
Fix sign-in and sign-out with Toot!
See merge request pleroma/pleroma!306
2018-09-05 18:20:26 +00:00
lain
636ad3e155
Add new plugs to router.
2018-09-05 19:13:53 +02:00
lain
12bc73dd28
Add EnsureUserKeyPlug, smaller fixes
2018-09-05 19:06:28 +02:00
lain
32465b9939
Simplify AuthenticationPlug
2018-09-05 18:53:38 +02:00
lain
9a96c93be7
Add SessionAuthenticationPlug.
2018-09-05 18:37:02 +02:00
lain
a3f54fca4d
Add LegacyAuthenticationPlug
2018-09-05 18:17:33 +02:00
lain
3cf17dc402
Add EnsureAuthenticatedPlug
2018-09-05 17:59:19 +02:00
lain
faf5347748
Add UserFetcherPlug.
2018-09-05 17:44:38 +02:00
lain
42bd985e66
Add BasicAuthDecoderPlug
2018-09-05 17:30:05 +02:00
Moon Man
8b020e03a6
change cond to if else
2018-09-05 01:37:48 -04:00
Moon Man
1a8bc26e52
auth against sha512-crypt password hashes, upgrade to pbkdf2
2018-09-05 00:21:44 -04:00
kaniini
76c67a41c1
Merge branch 'develop' into 'feature/staff-discovery-api'
...
# Conflicts:
# lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
2018-09-03 14:55:42 +00:00
William Pitcock
9a21ff5f61
nodeinfo: add staffAccounts field to metadata
2018-09-03 14:48:31 +00:00
kaniini
1c9e539b47
Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
...
Add/Fix Mastodon endpoints for 2.4.3 compatibility
See merge request pleroma/pleroma!266
2018-09-03 12:33:36 +00:00
Hakaba Hitoyo
b1124f1605
report chat and gopher support at /nodeinfo/2.0.json
2018-09-03 21:13:30 +09:00
William Pitcock
b61430163b
user: add moderator_user_query()
2018-09-03 12:03:23 +00:00
kaniini
7ca2a2ddea
Merge branch 'nil-bio-emojis' into 'develop'
...
add nil clause for Formatter.get_emoji/1 to return an empty result
Closes #274
See merge request pleroma/pleroma!315
2018-09-03 05:54:11 +00:00
35515cfa66
Update mastodon_api_controller.ex
2018-09-03 01:58:55 +00:00
26f8697400
Update mastodon_api_controller.ex
2018-09-03 01:52:02 +00:00
2b2bd0e047
Render notification IDs as strings, not numbers
2018-09-03 01:40:05 +00:00
Thurloat
4257f784bc
sloop around get_emoji/1 to check is_binary and have a fallthrough
...
default that returns empty
2018-09-02 20:44:37 -03:00
Haelwenn (lanodan) Monnier
754deb26dd
[Pleroma.Uploaders.Local]: Add configuration for custom url path
...
One use-case being an external caching proxy
2018-09-02 19:00:16 +02:00
kaniini
b7923aa304
Merge branch 'hotfix_broken_likes' into 'develop'
...
hotfix for broken like completely breaking the notifications API
See merge request pleroma/pleroma!284
2018-09-02 12:37:00 +00:00
William Pitcock
834515fb51
formatter: don't add XSS emoji
2018-09-02 00:04:09 +00:00
kaniini
3c7280934e
Merge branch 'security/activitypub-spoofing' into 'develop'
...
security: activitypub spoofing
See merge request pleroma/pleroma!321
2018-09-01 23:48:55 +00:00
William Pitcock
03e92977cb
transmogrifier: fix peertube/plume actor handling
2018-09-01 23:44:19 +00:00
William Pitcock
0b2c051a04
activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor
2018-09-01 23:20:02 +00:00
William Pitcock
e2ce0e9e05
run mix format
.
2018-09-01 21:12:42 +00:00
Martin Kühl
84d84e4ca4
OAuth: Support /revoke endpoint for revoking tokens
...
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
ad2a7972e7
OAuth: Set created_at
in token exchange response
...
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
b60d232719
AccountView: sensitive
is supposed to be a boolean, not a string
2018-09-01 23:10:48 +02:00
William Pitcock
c921d99898
config: add ability to disable Pleroma FE config management ( closes #276 )
2018-09-01 21:05:32 +00:00
kaniini
2e2f458705
Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
...
Clean code duplication in MastoAPI search(v1/v2)
See merge request pleroma/pleroma!316
2018-09-01 09:12:59 +00:00
Will Pearson
0c2a0e3551
Specify default scope in verify_credentials
...
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.
Currently, Pleroma hardcodes this value to "public".
This patch changes it to the user's default_scope value.
2018-08-31 21:04:46 -07:00
Haelwenn (lanodan) Monnier
8885d16e1b
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication
2018-09-01 03:11:58 +02:00
Thurloat
a9c0f395cb
add nil clause for Formatter.get_emoji/1 to return an empty result
2018-08-31 14:29:23 -03:00
lambda
58539e1357
Revert "Merge branch 'feature/rich-text' into 'develop'"
...
This reverts merge request !309
2018-08-31 09:51:20 +00:00
William Pitcock
856b5e1ca4
config: chase pleroma-fe updates from MR pleroma-fe!324.
2018-08-31 04:01:21 +00:00
kaniini
a26d5e6b2a
Merge branch 'feature/rich-text' into 'develop'
...
rich text support
See merge request pleroma/pleroma!309
2018-08-31 03:41:00 +00:00
William Pitcock
6aa65b68b8
common api: add support for formatting messages outside of twitter-style plain text
2018-08-31 03:13:59 +00:00
kaniini
e838969495
Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
...
use media proxy for the suggestions api
See merge request pleroma/pleroma!305
2018-08-30 23:06:30 +00:00
kaniini
65e8d47cfb
Merge branch 'backendhack' into 'develop'
...
Flexible Storage Backends
See merge request pleroma/pleroma!304
2018-08-30 23:05:01 +00:00
Thurloat
adffad5502
increase uploader behaviour documentation accuracy.
2018-08-30 09:20:29 -03:00
Thurloat
af01f0196a
Add backend failure handling with :ok | :error so the uploader can handle it.
...
defaulting to :ok, since that's the currently level of error handling.
2018-08-29 22:07:28 -03:00
William Pitcock
29b5e30c46
activity: drop recipients_to/recipients_cc fields
2018-08-29 18:41:02 +00:00
William Pitcock
de9acebbf3
activitypub: use jsonb query for containment instead of recipients_to/recipients_cc.
2018-08-29 18:41:02 +00:00
href
ddc6f32b75
Fix Mastodon API when actor's nickname is null
2018-08-29 16:32:50 +02:00
William Pitcock
cce9d008f9
streamer: contain list updates in the same way as we do with the database query
2018-08-29 09:23:05 +00:00
William Pitcock
ded9091206
mastodon api: use bounded AP object graph query to enforce containment of private statuses
2018-08-29 08:51:51 +00:00