Commit graph

419 commits

Author SHA1 Message Date
Ivan Tashkinov
2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov
027adbc9e5 [#468] Refactored OAuth scopes parsing / defaults handling. 2019-02-14 17:03:19 +03:00
Ivan Tashkinov
063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages. 2019-02-14 00:29:29 +03:00
Ivan Tashkinov
2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
Mark Felder
74518d0b60 hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
This was a dirty regex replace which worked on my server
2019-02-06 22:34:44 +00:00
William Pitcock
65a4b9fbea mastodon api: rich media: don't clobber %URI struct with a string 2019-02-06 18:02:15 +00:00
kaniini
eb2b1960e0 Merge branch 'feature/split-hide-network-v2' into 'develop'
Split hide_network into hide_followers & hide_followings (fixed)

See merge request pleroma/pleroma!765
2019-02-05 18:56:59 +00:00
William Pitcock
1d94b67e40 mastodon api: fix rendering of cards without image URLs (closes #597) 2019-02-05 18:30:27 +00:00
rinpatch
00835bf678 Merge branch 'fix/rich-media-relative-path' into 'develop'
Fix rich media relative path

Closes #588

See merge request pleroma/pleroma!759
2019-02-04 16:01:34 +00:00
Maxim Filippov
16ce129e38 Split hide_network into hide_followers & hide_followings (fixed) 2019-02-03 21:55:04 +03:00
rinpatch
68d461b3a9 Check if rich media uri is relative 2019-02-02 12:24:24 +03:00
rinpatch
833404f0f5 Use with instead of if in the card 2019-02-02 12:04:18 +03:00
rinpatch
e4d18f328b merge only if page_url is an absolute path 2019-02-02 11:53:46 +03:00
rinpatch
cbadf9d333 Fix rich media relative path 2019-02-02 11:38:37 +03:00
kaniini
486749064f Revert "Merge branch 'feature/split-hide-network' into 'develop'"
This reverts merge request !733
2019-02-01 20:22:58 +00:00
eugenijm
d747bd9870 Use String.replace_leading instead of String.replace for getting websocket streaming api url.
Extract the login responsible for obtaining websocket URL into the corresponding
Endpoint function.
2019-02-01 21:58:43 +03:00
Haelwenn (lanodan) Monnier
74c6119f28
MastodonAPI.MastodonAPIController: Return a 404 when we fail to get a list 2019-02-01 18:21:16 +01:00
kaniini
0a82a7e6d6 Merge branch 'feature/split-hide-network' into 'develop'
Split hide_network into hide_followers & hide_followings

See merge request pleroma/pleroma!733
2019-02-01 17:05:29 +00:00
Haelwenn
00d4333373 Merge branch 'features/glitch-soc-frontend' into 'develop'
Features/glitch soc frontend

See merge request pleroma/pleroma!192
2019-01-31 10:16:11 +00:00
href
4aff4efa8d
Use multiple hackney pools
* federation (ap, salmon)
* media (rich media, media proxy)
* upload (uploader proxy)

Each "part" will stop fighting others ones -- a huge federation outbound
could before make the media proxy fail to checkout a connection in time.

splitted media and uploaded media for the good reason than an upload
pool will have all connections to the same host (the uploader upstream).
it also has a longer default retention period for connections.
2019-01-30 15:06:46 +01:00
Haelwenn
ebb3496386 Merge branch 'feature/rich-media-part-2-electric-boogaloo' into 'develop'
Rich Media support, part 2.

See merge request pleroma/pleroma!719
2019-01-29 05:11:08 +00:00
Maxim Filippov
50d6183893 Split hide_network into hide_followers & hide_followings 2019-01-28 21:40:08 +03:00
Haelwenn
de0fb88a9c Merge branch 'safe-render-activities' into 'develop'
remove unnecessary filter (re !723)

See merge request pleroma/pleroma!729
2019-01-28 11:48:03 +00:00
href
df2f7b39dd
re f83bae7c: remove unnecessary filter 2019-01-28 12:24:14 +01:00
William Pitcock
ddc7ae2c1a mastodon api: card: force OGP images through mediaproxy 2019-01-28 06:42:27 +00:00
William Pitcock
8e42251e06 rich media: add helpers module, use instead of MastodonAPI module 2019-01-28 06:04:54 +00:00
William Pitcock
24a103a1fe mastodon api: formatting 2019-01-28 05:53:17 +00:00
William Pitcock
5a37ddc2dc mastodon api: embed card in status object 2019-01-28 05:53:17 +00:00
William Pitcock
132d815f1f mastodon api: factor out status card fetching, move status card rendering to statusview, add opengraph extended data 2019-01-28 05:53:17 +00:00
Haelwenn (lanodan) Monnier
cda1470e02
[MastoAPI][GlitchAPI] Add bookmarks 2019-01-28 04:47:32 +01:00
lambda
16ab1437d6 Merge branch 'safe-render-activities' into 'develop'
Views: wrap activity rendering in a rescue

See merge request pleroma/pleroma!723
2019-01-27 20:10:09 +00:00
href
f83bae7c22
Views: wrap activity rendering in a rescue
this avoids complete timeline breakage when an activity fucks up
rendering.
2019-01-27 19:16:20 +01:00
kaniini
5eb81d2c72 Merge branch 'features/mastoapi-multi-hashtag' into 'develop'
MastodonAPI multi-hashtag

See merge request pleroma/pleroma!652
2019-01-27 12:45:50 +00:00
Haelwenn (lanodan) Monnier
a65c188593
Web.MastodonAPI.AccountView: Add is_moderator and is_admin
Closes: https://git.pleroma.social/pleroma/pleroma/issues/557
2019-01-27 10:33:22 +01:00
Haelwenn (lanodan) Monnier
de956b9e04
Web.MastodonAPI.MastodonAPIController: tag+any bookmark params in a array and flatten it 2019-01-26 16:46:20 +01:00
William Pitcock
1f7843b9b8 mastodon api: use OGP uri instead of page_url for deducing domain name, fix test 2019-01-26 15:24:16 +00:00
William Pitcock
86037e9c39 mastodon api: use HTML.extract_first_external_url() 2019-01-26 15:13:27 +00:00
William Pitcock
78047d57bf mastodon api: provider_name setting is required too on the card 2019-01-26 14:47:32 +00:00
Haelwenn (lanodan) Monnier
39863236eb Web.MastodonAPI.MastodonAPIController: generic get_status_card/1 function for MastoAPI 2.6.x
Mastodon API 2.6.x added a card key to the Status object so the Card can be shown in the timeline without an extra request at each status.
2019-01-26 14:18:23 +00:00
Haelwenn (lanodan) Monnier
3f64379b13 Web.MastodonAPI.MastodonAPIController: Add Rich-Media support 2019-01-26 14:18:23 +00:00
Haelwenn (lanodan) Monnier
5a84def6a6
Fix the logic in multi-hashtag TLs 2019-01-26 04:46:02 +01:00
Haelwenn (lanodan) Monnier
f9cae0d04f
[WIP,MastoAPI] Multi-tag timelines 2019-01-26 04:45:36 +01:00
lain
2de208817c Merge branch 'develop' into rename/pleroma_activity_consistency 2019-01-23 13:05:58 +01:00
lambda
69454c8345 Merge branch 'feature/dm-sanity' into 'develop'
DM sanitization

See merge request pleroma/pleroma!458
2019-01-21 12:35:10 +00:00
Haelwenn (lanodan) Monnier
98c8184c1f
Activity: get_create_activity_by_object_ap_id/1 → get_create_by_object_ap_id/1 2019-01-21 08:00:41 +01:00
Haelwenn (lanodan) Monnier
2fdbd4d137
Activity: create_activity_by_object_id_query/1 → create_by_object_ap_id/1 when is_list 2019-01-21 08:00:40 +01:00
lambda
f3045a179e Merge branch 'i1t/pleroma-477_user_search_improvements' into 'develop'
I1t/pleroma 477 user search improvements

See merge request pleroma/pleroma!685
2019-01-20 10:24:05 +00:00
William Pitcock
75dfa1f0b0 mastodon api: get_visibility(): DMs never have a cc list. 2019-01-20 02:27:48 +00:00
Mark Felder
8c368d42a2 Make attachment links configurable
Thanks @href!
2019-01-17 15:48:14 +00:00
lain
943324b661 MastoAPI: Don't break on missing users. 2019-01-16 15:13:09 +01:00