Commit graph

946 commits

Author SHA1 Message Date
Ariadne Conill 739bbe0d3b security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
rinpatch 0c2dcb4c69 Add follow information refetching after following/unfollowing 2019-07-14 01:58:39 +03:00
rinpatch 183da33e00 Add tests for fetch_follow_information_for_user and check object type
when fetching the page
2019-07-14 00:56:02 +03:00
rinpatch d06d1b751d Use atoms when updating user info 2019-07-14 00:21:35 +03:00
rinpatch e5b850a991 Refactor fetching follow information to a separate function 2019-07-13 23:56:10 +03:00
rinpatch e8fa477793 Refactor Follows/Followers counter syncronization
- Actually sync counters in the database instead of info cache (which got
overriden after user update was finished anyway)
- Add following count field to user info
- Set hide_followers/hide_follows for remote users based on http status
codes for the first collection page
2019-07-13 19:27:49 +03:00
rinpatch 97b79efbcd ActivityPub Controller: Actually pass for_user to following/followers
views and give 403 errors when trying to request hidden follower pages
when unauthenticated
2019-07-12 20:54:20 +03:00
rinpatch 1f6ac7680d ActivityPub User view: Following/Followers refactoring
- Render the collection items if the user requesting == the user
rendered
- Do not render the first page if hide_{followers,follows} is set, just
give the URI to it
2019-07-12 19:41:55 +03:00
Egor Kislitsyn 9e06873d58 Add list to Visibility 2019-07-11 19:29:24 +07:00
Egor Kislitsyn 958fb9aa80 Add "listMessage" 2019-07-11 16:36:08 +07:00
Egor Kislitsyn 182f7bbb11 Merge branch 'develop' into feature/addressable-lists 2019-07-11 13:26:59 +07:00
Alex S beba7bbc85 removing synchronization worker 2019-07-10 17:42:18 +03:00
Alex S f8786fa6f2 adding following_address field to user 2019-07-10 17:42:18 +03:00
Egor Kislitsyn 5104f65b69 Wrap error messages into gettext helpers 2019-07-10 18:10:09 +07:00
Sergey Suprunenko 2d2b50ccca Send and handle "Delete" activity for deleted users 2019-07-10 05:16:08 +00:00
feld 93a0eeab16 Add license/copyright to all project files 2019-07-10 05:13:23 +00:00
Maksim bb8065a1fd tests MRF filters 2019-07-10 05:12:21 +00:00
Haelwenn 95c085174d Merge branch 'test-speedup' into 'develop'
Testing: Don't federate in testing.

See merge request pleroma/pleroma!1391
2019-07-09 15:35:28 +00:00
lain abe2e8881f Testing: Don't federate in testing. 2019-07-09 15:30:51 +09:00
Ivan Tashkinov 2b9d914089 [#161] Refactoring, documentation. 2019-06-30 15:58:50 +03:00
Ivan Tashkinov 5b7b1040b3 [#161] Limited replies depth on incoming federation in order to prevent memory leaks on recursive replies fetching. 2019-06-29 20:04:50 +03:00
William Pitcock 034986e1fd MRF: add mediaproxy warming policy 2019-06-28 23:19:20 +00:00
Sergey Suprunenko 2c63c67512 Rework user deletion 2019-06-24 18:59:12 +00:00
Eugenij f2c03425b0 Broadcast conversation update when DM is deleted 2019-06-24 07:14:04 +00:00
William Pitcock 127a5a7d65 change the anti-link-spam MRF implementation to use old_user? instead of the previous name 2019-06-21 22:27:14 +00:00
William Pitcock 21dacd4b15 unbreak polls 2019-06-19 16:33:49 +00:00
William Pitcock 736d8ad6be implement anti link spam MRF 2019-06-19 15:58:32 +00:00
Alexander Strizhakov c2ca1f22a2 it is changed in compile time
we can't change module attributes and endpoint settings in runtime
2019-06-14 15:45:05 +00:00
rinpatch d020f68e87 Transmogrifier: Do not crash if inReplyTo does not exist and can't be fetched 2019-06-07 20:40:38 +03:00
lain e1370ba131 Utils: Use update_follow_state_for_all when appropriate. 2019-06-05 16:51:28 +02:00
lain ad19bfc7fe Utils: Split update_follow_state and update_follow_state_for_all. 2019-06-05 16:43:35 +02:00
lain 076c9ae40e User: Remove superfluous maybe_follow. 2019-06-05 14:24:31 +02:00
lain 3115b64cfe Transmogrifier: Add tests for incoming follows to locked accounts. 2019-06-05 14:10:46 +02:00
Egor Kislitsyn 6ba9055b51 Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-06-05 12:54:30 +07:00
Maksim Pechnikov 1e7bb69a95 update ActivityPub#fetch_activities_query 2019-06-04 15:21:18 +03:00
Maksim Pechnikov d3d1704e84 Merge branch 'develop' into issue/941 2019-06-04 15:06:58 +03:00
Maksim Pechnikov 0acfcf6c52 update ActivityPub#fetch_activities_query 2019-06-04 15:04:36 +03:00
rinpatch 29b022bb59 Restrict get_existing_votes to only get Create activities 2019-06-04 12:42:10 +03:00
Egor Kislitsyn 9ce928d823 Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-06-04 16:28:23 +07:00
William Pitcock 37a4ba0624 utils: access inReplyTo as an explicit string when fetching poll results` 2019-06-04 08:45:03 +00:00
Maksim Pechnikov 4f2e359687 Merge branch 'develop' into issue/941 2019-06-04 09:49:08 +03:00
kaniini 9f0d0d0805 Merge branch 'feature/mrf-subchain' into 'develop'
MRF: subchain policy

See merge request pleroma/pleroma!1233
2019-06-04 05:49:54 +00:00
Maksim Pechnikov 080e1aa70e add option skip_thread_containment 2019-06-03 16:13:37 +03:00
rinpatch 026b245dbc Merge branch 'develop' into feature/polls-2-electric-boogalo 2019-06-03 11:14:52 +03:00
rinpatch 5bd41fef8b Change query order in fetch_activities_for_context_query to make poll vote exclusion work 2019-06-03 10:58:37 +03:00
William Pitcock 561a21986d formatting 2019-06-02 10:29:15 +00:00
William Pitcock 4087ccdab8 mrf: add subchain policy 2019-06-02 10:07:42 +00:00
William Pitcock edf772d41e mrf: allow a policy chain to be specified when filtering 2019-06-02 09:44:42 +00:00
rinpatch 65db5e9f52 Resolve merge conflicts 2019-06-01 16:29:58 +03:00
rinpatch 300d94c628 Add poll votes
Also in this commit by accident:
- Fix query ordering causing exclude_poll_votes to not work
- Do not create notifications for Answer objects
2019-06-01 16:17:46 +03:00
kaniini e706b42f51 Merge branch 'bugfix/visibility-indicator-litepub-dm' into 'develop'
visibility: if litepub:directMessage is asserted, always report the object as "direct" visibility

See merge request pleroma/pleroma!1230
2019-06-01 03:39:13 +00:00
Sergey Suprunenko 2bbc2a801f Remove all follower collections but actor's from "cc" 2019-06-01 03:26:45 +00:00
William Pitcock f2efe24cf8 visibility: if litepub:directMessage is asserted, always report the object as "direct" visibility 2019-06-01 03:24:08 +00:00
lambda 2993361075 Merge branch 'hotfix/leaking-lists' into 'develop'
Mastodon API: Fix lists leaking private posts

See merge request pleroma/pleroma!1222
2019-05-31 13:26:48 +00:00
rinpatch d9c0650ff9 Mastodon API: Fix lists leaking private posts
Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).

Reported by @kurisu@iscute.moe via a DM
2019-05-31 15:25:17 +03:00
rinpatch a9eaa55885 Fix fix_explicit_addressing moving follower collection to cc and add tests for it 2019-05-31 14:17:05 +03:00
Egor Kislitsyn 99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
lambda 5bb843ceec Merge branch 'refactor/die-httpoison-die' into 'develop'
remove @httpoison, @ostatus and @websub compile-time constants

See merge request pleroma/pleroma!1203
2019-05-26 13:33:11 +00:00
William Pitcock 79503ce90f mrf: simple policy: fix matching imported activitypub and ostatus statuses 2019-05-26 02:01:24 +00:00
William Pitcock 9bec891eb4 kill @httpoison 2019-05-25 04:24:21 +00:00
Egor Kislitsyn f333041a0a Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-05-24 21:05:57 +07:00
rinpatch 8b2d39c1ec Change the order of preloading when fetching activities for context 2019-05-23 14:03:16 +03:00
William Pitcock baf72d6c58 mrf: simple policy: add the ability to strip avatars and banners from user profiles 2019-05-22 18:53:12 +00:00
William Pitcock 60f882b09f activitypub: run user objects through MRF filters 2019-05-22 18:53:12 +00:00
William Pitcock 75b6c4b004 mrf: defang policy modules for filtering user profile objects 2019-05-22 18:53:12 +00:00
rinpatch ac7702f800 Exclude Answers from fetching by default 2019-05-22 21:52:12 +03:00
rinpatch 19c90d47c4 Normalize poll votes to Answer objects 2019-05-22 21:17:57 +03:00
William Pitcock 045803346d move key generation functions into Pleroma.Keys module 2019-05-22 03:58:15 +00:00
rinpatch ee68244141 Do not stream out poll replies 2019-05-21 16:58:15 +03:00
rinpatch d7c4d029c8 Restrict poll replies when fetching activiites for context 2019-05-21 14:35:20 +03:00
rinpatch aafe30d94e Handle poll votes 2019-05-21 14:12:10 +03:00
Aaron Tinio eb02edcad9 Add virtual :thread_muted? field
that may be set when fetching activities
2019-05-21 00:35:46 +08:00
Aaron Tinio 2375e9a95b Add report filtering to MRF.SimplePolicy 2019-05-20 06:02:50 +08:00
rinpatch 6430cb1bf7 Restrict poll replies from fetch queries by default 2019-05-19 17:44:18 +03:00
rinpatch 5ece901af3 Resolve merge conflicts and remove IO.inspects 2019-05-18 13:37:38 +03:00
William Pitcock 78588dbd80 mrf: simple policy: mark all posts instead of posts with media as sensitive if they match media_nsfw 2019-05-17 18:49:10 +00:00
Egor Kislitsyn 3b71612d3d Improve Pleroma.Web.ActivityPub.ActivityPub.maybe_update_cc/3 2019-05-18 01:17:14 +07:00
Egor Kislitsyn 557f0e33a7 Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-05-17 19:57:14 +07:00
Alexander Strizhakov 7ed682213f Fix/902 random compile failing 2019-05-17 07:25:20 +00:00
Aaron Tinio 70235ce840 Fix typo: s/"tags"/"tag"/g 2019-05-17 09:02:34 +08:00
Sergey Suprunenko e2b3a27204 Add Reports to Admin API 2019-05-16 19:09:18 +00:00
feld e190b3022b Merge branch 'fix/domain-unblocked-reblogs' into 'develop'
Fix domain-unblocked reblogs

Closes #892

See merge request pleroma/pleroma!1157
2019-05-16 18:57:14 +00:00
Mark Felder ebb0482116 Merge branch 'develop' into conversations-import 2019-05-16 13:11:17 -05:00
Egor Kislitsyn fc7246d715 Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-05-16 17:54:24 +07:00
Aaron Tinio 793f1834d2 Use named binding to conditionally join object 2019-05-16 06:25:14 +08:00
Aaron Tinio 2b6119dfbf Restrict reblogs of activities from blocked domains 2019-05-16 05:53:51 +08:00
rinpatch 62e42b03ab Handle incoming Question objects 2019-05-15 20:10:16 +03:00
William Pitcock a591ab6112 activity pub: remove Ecto SQL query dumps 2019-05-15 16:56:46 +00:00
William Pitcock 31db31c587 activitypub: visibility: use SQL thread_visibility() function instead of manually walking the thread 2019-05-15 15:54:10 +00:00
William Pitcock de114ffbb0 activitypub: remove contain_timeline() 2019-05-15 15:53:06 +00:00
William Pitcock 0387f52138 activitypub: add restrict_thread_visibility() 2019-05-15 15:53:06 +00:00
lain f168a1cbdc Merge remote-tracking branch 'origin/develop' into conversations-import 2019-05-15 17:47:29 +02:00
lambda 4440e23547 Merge branch 'chore/extricate-http-signatures' into 'develop'
switch to pleroma/http_signatures library

See merge request pleroma/pleroma!1155
2019-05-15 15:37:31 +00:00
lain cbb3451023 CommonAPI: Refactor visibility, forbid public to private replies. 2019-05-15 16:30:08 +02:00
Egor Kislitsyn a7a8f3bc2c Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-05-15 14:31:24 +07:00
William Pitcock 071f78733a switch to pleroma/http_signatures library 2019-05-14 20:03:13 +00:00
lambda 692919c7d2 Merge branch 'refactor/use-job-queue-everywhere' into 'develop'
use job queue everywhere

Closes #862

See merge request pleroma/pleroma!1142
2019-05-14 15:27:34 +00:00
Egor Kislitsyn e82e73478e Merge remote-tracking branch 'pleroma/develop' into feature/addressable-lists 2019-05-14 19:00:07 +07:00
Egor Kislitsyn 5e2b491276 Merge remote-tracking branch 'pleroma/develop' into feature/disable-account 2019-05-14 18:15:56 +07:00
Mark Felder 498bfdf403 Switch to Jason over Poison 2019-05-13 15:37:38 -05:00