William Pitcock
342ed84446
MRF: add policy for normalizing HTML markup (local and remote) to a specific policy
2018-09-16 01:25:36 +00:00
William Pitcock
95376ac1fe
html: add the ability to override the default scrub policy
2018-09-16 01:25:35 +00:00
kaniini
c2650f0ffb
Merge branch 'feature/html-scrub-policy' into 'develop'
...
html scrub policy
See merge request pleroma/pleroma!339
2018-09-16 01:05:09 +00:00
39aed5348a
Add visible_in_picker to status emojis
2018-09-10 23:32:19 +00:00
William Pitcock
d3248e13e3
activitypub: transmogrifier: allow profile updates from bots
2018-09-10 01:57:03 +00:00
William Pitcock
e0b8c0ccba
MRF: reject non-public: use pattern match to remove unnecessary if block
2018-09-10 01:16:03 +00:00
William Pitcock
88094c266d
MRF: simple policy: refactor module to use guards and pattern matching
2018-09-10 01:16:02 +00:00
William Pitcock
97253df3ee
MRF: simple policy: contain media removal/nsfw ops to create activities only
2018-09-10 01:16:01 +00:00
William Pitcock
e82ce2a4b3
formatting
2018-09-10 00:28:40 +00:00
William Pitcock
358f88e10a
html: allow inline images by default (because of custom emoji)
2018-09-10 00:24:19 +00:00
William Pitcock
40e2f6e500
html: add default scrubbing profile and configuration knobs
2018-09-10 00:14:57 +00:00
William Pitcock
ac486fc59b
everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly
2018-09-10 00:14:47 +00:00
William Pitcock
255f46d7ab
html: new module providing a configurable markup scrubbing policy
2018-09-10 00:13:57 +00:00
Dominique Feyer
801d645c6b
TASK: Fix formatting
2018-09-09 23:42:28 +02:00
Dominique Feyer
b79c126ee0
Add missing URL encoding in create authorization redirect
2018-09-09 23:31:47 +02:00
Hakaba Hitoyo
4e1bb7bccb
make limit for /api/v1/suggestions
2018-09-09 13:57:23 +09:00
lambda
045953225e
Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'
...
auth overhaul and legacy GS auth
See merge request pleroma/pleroma!331
2018-09-08 09:20:34 +00:00
kaniini
530561a091
Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
...
Add Secure and SameSite cookie flags
See merge request pleroma/pleroma!302
2018-09-07 23:55:42 +00:00
kaniini
3e4f39116b
Merge branch 'feature/custom_media_url' into 'develop'
...
[Pleroma.Uploaders.Local]: Add configuration for custom url path
See merge request pleroma/pleroma!318
2018-09-07 23:49:36 +00:00
Martin Kühl
c1d07da4e1
Mastodon API: Fake support for loading filters
2018-09-07 16:12:44 +02:00
Martin Kühl
619f67768a
Mastodon API: Add unsupported attributes to relationship responses
...
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
2018-09-07 16:12:44 +02:00
lain
70163aec9b
Add LegacyAuthenticationPlug to router.
2018-09-05 22:31:57 +02:00
lain
44b094908c
Update legacy passwords automatically.
2018-09-05 22:30:14 +02:00
lain
3aba585e7a
Add Plugs to router.
2018-09-05 21:57:56 +02:00
lain
e601165426
Add UserEnabledPlug.
2018-09-05 21:53:53 +02:00
lain
5ce1ebb179
Add SetUserSessionIdPlug.
2018-09-05 21:42:42 +02:00
Haelwenn
4a3dbd9d4e
Merge branch 'fix/sign-in-with-toot' into 'develop'
...
Fix sign-in and sign-out with Toot!
See merge request pleroma/pleroma!306
2018-09-05 18:20:26 +00:00
lain
636ad3e155
Add new plugs to router.
2018-09-05 19:13:53 +02:00
lain
12bc73dd28
Add EnsureUserKeyPlug, smaller fixes
2018-09-05 19:06:28 +02:00
lain
32465b9939
Simplify AuthenticationPlug
2018-09-05 18:53:38 +02:00
lain
9a96c93be7
Add SessionAuthenticationPlug.
2018-09-05 18:37:02 +02:00
lain
a3f54fca4d
Add LegacyAuthenticationPlug
2018-09-05 18:17:33 +02:00
lain
3cf17dc402
Add EnsureAuthenticatedPlug
2018-09-05 17:59:19 +02:00
lain
faf5347748
Add UserFetcherPlug.
2018-09-05 17:44:38 +02:00
lain
42bd985e66
Add BasicAuthDecoderPlug
2018-09-05 17:30:05 +02:00
Moon Man
8b020e03a6
change cond to if else
2018-09-05 01:37:48 -04:00
Moon Man
1a8bc26e52
auth against sha512-crypt password hashes, upgrade to pbkdf2
2018-09-05 00:21:44 -04:00
kaniini
76c67a41c1
Merge branch 'develop' into 'feature/staff-discovery-api'
...
# Conflicts:
# lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
2018-09-03 14:55:42 +00:00
William Pitcock
9a21ff5f61
nodeinfo: add staffAccounts field to metadata
2018-09-03 14:48:31 +00:00
kaniini
1c9e539b47
Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
...
Add/Fix Mastodon endpoints for 2.4.3 compatibility
See merge request pleroma/pleroma!266
2018-09-03 12:33:36 +00:00
Hakaba Hitoyo
b1124f1605
report chat and gopher support at /nodeinfo/2.0.json
2018-09-03 21:13:30 +09:00
William Pitcock
b61430163b
user: add moderator_user_query()
2018-09-03 12:03:23 +00:00
kaniini
7ca2a2ddea
Merge branch 'nil-bio-emojis' into 'develop'
...
add nil clause for Formatter.get_emoji/1 to return an empty result
Closes #274
See merge request pleroma/pleroma!315
2018-09-03 05:54:11 +00:00
35515cfa66
Update mastodon_api_controller.ex
2018-09-03 01:58:55 +00:00
26f8697400
Update mastodon_api_controller.ex
2018-09-03 01:52:02 +00:00
2b2bd0e047
Render notification IDs as strings, not numbers
2018-09-03 01:40:05 +00:00
Thurloat
4257f784bc
sloop around get_emoji/1 to check is_binary and have a fallthrough
...
default that returns empty
2018-09-02 20:44:37 -03:00
Haelwenn (lanodan) Monnier
754deb26dd
[Pleroma.Uploaders.Local]: Add configuration for custom url path
...
One use-case being an external caching proxy
2018-09-02 19:00:16 +02:00
kaniini
b7923aa304
Merge branch 'hotfix_broken_likes' into 'develop'
...
hotfix for broken like completely breaking the notifications API
See merge request pleroma/pleroma!284
2018-09-02 12:37:00 +00:00
William Pitcock
834515fb51
formatter: don't add XSS emoji
2018-09-02 00:04:09 +00:00
kaniini
3c7280934e
Merge branch 'security/activitypub-spoofing' into 'develop'
...
security: activitypub spoofing
See merge request pleroma/pleroma!321
2018-09-01 23:48:55 +00:00
William Pitcock
03e92977cb
transmogrifier: fix peertube/plume actor handling
2018-09-01 23:44:19 +00:00
William Pitcock
0b2c051a04
activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor
2018-09-01 23:20:02 +00:00
William Pitcock
e2ce0e9e05
run mix format
.
2018-09-01 21:12:42 +00:00
Martin Kühl
84d84e4ca4
OAuth: Support /revoke endpoint for revoking tokens
...
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
ad2a7972e7
OAuth: Set created_at
in token exchange response
...
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
b60d232719
AccountView: sensitive
is supposed to be a boolean, not a string
2018-09-01 23:10:48 +02:00
William Pitcock
c921d99898
config: add ability to disable Pleroma FE config management ( closes #276 )
2018-09-01 21:05:32 +00:00
kaniini
2e2f458705
Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
...
Clean code duplication in MastoAPI search(v1/v2)
See merge request pleroma/pleroma!316
2018-09-01 09:12:59 +00:00
Will Pearson
0c2a0e3551
Specify default scope in verify_credentials
...
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.
Currently, Pleroma hardcodes this value to "public".
This patch changes it to the user's default_scope value.
2018-08-31 21:04:46 -07:00
Haelwenn (lanodan) Monnier
8885d16e1b
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication
2018-09-01 03:11:58 +02:00
Thurloat
a9c0f395cb
add nil clause for Formatter.get_emoji/1 to return an empty result
2018-08-31 14:29:23 -03:00
lambda
58539e1357
Revert "Merge branch 'feature/rich-text' into 'develop'"
...
This reverts merge request !309
2018-08-31 09:51:20 +00:00
William Pitcock
856b5e1ca4
config: chase pleroma-fe updates from MR pleroma-fe!324.
2018-08-31 04:01:21 +00:00
kaniini
a26d5e6b2a
Merge branch 'feature/rich-text' into 'develop'
...
rich text support
See merge request pleroma/pleroma!309
2018-08-31 03:41:00 +00:00
William Pitcock
6aa65b68b8
common api: add support for formatting messages outside of twitter-style plain text
2018-08-31 03:13:59 +00:00
kaniini
e838969495
Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
...
use media proxy for the suggestions api
See merge request pleroma/pleroma!305
2018-08-30 23:06:30 +00:00
kaniini
65e8d47cfb
Merge branch 'backendhack' into 'develop'
...
Flexible Storage Backends
See merge request pleroma/pleroma!304
2018-08-30 23:05:01 +00:00
Thurloat
adffad5502
increase uploader behaviour documentation accuracy.
2018-08-30 09:20:29 -03:00
Thurloat
af01f0196a
Add backend failure handling with :ok | :error so the uploader can handle it.
...
defaulting to :ok, since that's the currently level of error handling.
2018-08-29 22:07:28 -03:00
William Pitcock
29b5e30c46
activity: drop recipients_to/recipients_cc fields
2018-08-29 18:41:02 +00:00
William Pitcock
de9acebbf3
activitypub: use jsonb query for containment instead of recipients_to/recipients_cc.
2018-08-29 18:41:02 +00:00
href
ddc6f32b75
Fix Mastodon API when actor's nickname is null
2018-08-29 16:32:50 +02:00
William Pitcock
cce9d008f9
streamer: contain list updates in the same way as we do with the database query
2018-08-29 09:23:05 +00:00
William Pitcock
ded9091206
mastodon api: use bounded AP object graph query to enforce containment of private statuses
2018-08-29 08:51:51 +00:00
William Pitcock
643fae6e36
activitypub: allow querying the activity/object graph bounded to a specific to/cc set
2018-08-29 08:51:23 +00:00
William Pitcock
81673b8136
activity: add recipients_to and recipients_cc fields
2018-08-29 08:42:33 +00:00
Thurloat
d424e9fa5f
fix S3 ref in sample config to generate proper path.
2018-08-28 23:49:23 -03:00
Thurloat
ab9e5d64d6
add a sample swift config
2018-08-28 22:39:33 -03:00
Thurloat
2ff25ac0ce
A hobbldey-working swift client.
...
apparently, all elixir openstack libraries are trash
luckily, the APIs are stupid easy.
2018-08-28 22:32:24 -03:00
Thurloat
9fc20ed572
works now, tested with profile photo upload on local backend.
2018-08-28 20:04:26 -03:00
Thurloat
dad39b24a1
add the behaviour, work on actually making it work.
2018-08-28 19:48:03 -03:00
shibayashi
18ad8aaecf
Explicitly set 'http_only' to true
2018-08-28 22:34:31 +02:00
Thurloat
8d2d7a8859
Implement uploader behaviour
...
run formatter <#
2018-08-28 09:57:41 -03:00
shibayashi
4656a07e9e
Set SameSite flag to 'Strict'
2018-08-28 14:03:29 +02:00
Hakaba Hitoyo
6cbfb5ab5d
use media proxy for suggestions api
2018-08-28 17:01:17 +09:00
Thurloat
0df558a6a5
cleaning up a bit.
2018-08-27 22:45:53 -03:00
Thurloat
709816a0f8
example of flexible storage backends
2018-08-27 22:20:54 -03:00
William Pitcock
d22f66655b
upload: formatting
2018-08-28 00:25:30 +00:00
William Pitcock
1596185ac6
upload: add the S3 support itself
2018-08-28 00:18:44 +00:00
William Pitcock
03c35e579b
sample config: add S3 public endpoint option
2018-08-28 00:18:24 +00:00
William Pitcock
86c007ddd2
upload: strip exif data before finalizing the file path
2018-08-27 23:36:30 +00:00
William Pitcock
e95d958b52
sample config: show how amazon s3 support is activated, including third-party clones like wasabi
2018-08-27 23:30:53 +00:00
shibayashi
0c4493f144
Fix formatting
2018-08-28 00:47:34 +02:00
shibayashi
b9a642da1e
Add Secure and SameSite cookie flags
2018-08-28 00:40:58 +02:00
Henry Jameson
0f1c629d65
better solution, added test.
2018-08-27 17:07:26 +03:00
Haelwenn (lanodan) Monnier
6973b77e94
[Pleroma.Web.MastodonAPI.FilterView] fix expires_at being a unsafe variable
2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
9bddb39ff0
[Pleroma.Web.MastodonAPI.FilterView]: expires_at should be null when N/A
2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
d571a571fe
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.4.3
2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
6e030129fb
[MastodonAPI] Add filters
2018-08-27 15:09:05 +02:00