Haelwenn (lanodan) Monnier
0ac6e29654
static_fe: Sanitize HTML in posts
...
Note: Seems to have different sanitization with TwitterCard generator giving
the following:
<meta content=\"“alert('xss')”\" property=\"twitter:description\">
2020-03-15 20:44:04 +01:00
lain
fa4ec17c84
Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'
...
[#1560 ] Restricted AP- & OStatus-related routes for non-federating instances
Closes #1560
See merge request pleroma/pleroma!2235
2020-03-15 19:15:20 +00:00
Haelwenn
d84670b9e1
Merge branch 'f' into 'develop'
...
rip out fetch_initial_posts
Closes #1422 and #1595
See merge request pleroma/pleroma!2297
2020-03-15 16:14:54 +00:00
Haelwenn
67a27825b1
Merge branch 'fix/rate-limiter-remoteip-behavior' into 'develop'
...
rate limiter: disable based on if remote ip was found, not on if the plug was enabled
Closes #1620
See merge request pleroma/pleroma!2296
2020-03-15 14:22:10 +00:00
rinpatch
e87a32bcd7
rip out fetch_initial_posts
...
Every time someone tries to use it, it goes mad and tries to scrape the
entire fediverse for no visible reason, it's better to just remove it
than continue shipping it in it's current state.
idea acked by lain and feld on irc
Closes #1595 #1422
2020-03-15 15:59:17 +03:00
Ivan Tashkinov
ecb7809e92
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
...
# Conflicts:
# lib/pleroma/plugs/static_fe_plug.ex
2020-03-14 15:37:02 +03:00
rinpatch
fc4496d4fa
rate limiter: disable based on if remote ip was found, not on if the plug was enabled
...
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.
Also closes #1620
2020-03-13 21:41:17 +03:00
Haelwenn (lanodan) Monnier
d1379c4de8
Formatting: Do not use \n and prefer <br> instead
...
It moves bbcode to bbcode_pleroma as the former is owned by kaniini
and transfering ownership wasn't done in a timely manner.
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
2020-03-13 16:07:17 +01:00
802b991814
Merge branch 'exclude-posts-visible-to-admin' into 'develop'
...
Exclude private and direct statuses visible to the admin when using godmode
Closes #1599
See merge request pleroma/pleroma!2272
2020-03-12 20:29:51 +00:00
Alexander Strizhakov
39ed608b13
Merge branch 'develop' into gun
2020-03-12 18:31:10 +03:00
Ivan Tashkinov
bd40880fa0
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
...
# Conflicts:
# test/web/activity_pub/activity_pub_controller_test.exs
2020-03-12 12:07:07 +03:00
2019f3b3ff
Merge branch 'fix/signup-without-email' into 'develop'
...
Allow account registration without an email
See merge request pleroma/pleroma!2246
2020-03-11 16:53:05 +00:00
f92c447bbc
Merge branch 'relay-list-change' into 'develop'
...
Relay list shows hosts without accepted follow
See merge request pleroma/pleroma!2240
2020-03-11 15:10:09 +00:00
Haelwenn (lanodan) Monnier
863ec33ba2
Add support for funkwhale Audio activity
...
reel2bits fixture not included as it lacks the Actor fixture for it.
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1624
Closes: https://git.pleroma.social/pleroma/pleroma/issues/764
2020-03-11 13:46:42 +01:00
Ivan Tashkinov
5b696a8ac1
[ #1560 ] Enforced authentication for non-federating instances in StaticFEController.
2020-03-11 14:05:56 +03:00
Ivan Tashkinov
972889550d
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
2020-03-11 09:15:55 +03:00
Mark Felder
5af798f246
Fix enforcement of character limits
2020-03-10 13:08:00 -05:00
Alexander Strizhakov
426f5ee48a
tesla adapter can't be changed in adminFE
2020-03-10 15:31:44 +03:00
Ivan Tashkinov
5fc92deef3
[ #1560 ] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring.
2020-03-09 20:51:44 +03:00
Alexander Strizhakov
b2eb1124d1
Merge branch 'develop' into gun
2020-03-07 12:41:37 +03:00
Ivan Tashkinov
027714b519
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
2020-03-06 11:48:30 +03:00
Ivan Tashkinov
40765875d4
[ #1560 ] Misc. improvements in ActivityPubController federation state restrictions.
2020-03-05 21:19:21 +03:00
Alexander Strizhakov
f0753eed0f
removing try block in tesla request
...
added mocks for tests which fail with Tesla.Mock.Error
2020-03-05 17:31:06 +03:00
eugenijm
ad22e94f33
Exclude private and direct statuses visible to the admin when using godmode
2020-03-05 15:15:27 +03:00
lain
f1750b4658
Admin API tests: Fix wrong test.
2020-03-05 12:42:02 +01:00
lain
4bce13fa2f
MastodonController: Return 404 errors correctly.
2020-03-04 18:09:06 +01:00
lain
6f7a8c43a2
Merge branch 'fix/no-email-no-fail' into 'develop'
...
Do not fail when user has no email
See merge request pleroma/pleroma!2249
2020-03-04 12:43:06 +00:00
Alexander Strizhakov
22d52f5691
same copyright date format
2020-03-04 09:41:23 +03:00
Mark Felder
4427161ca3
Merge branch 'develop' into gun
2020-03-03 17:15:49 -06:00
Mark Felder
05da5f5cca
Update Copyrights
2020-03-03 16:44:49 -06:00
Ivan Tashkinov
b6fc98d9cd
[ #1560 ] ActivityPubController federation state restrictions adjustments. Adjusted tests.
2020-03-03 22:22:02 +03:00
Alexander Strizhakov
509c81e4b1
Merge branch 'develop' into gun
2020-03-03 10:08:07 +03:00
Ivan Tashkinov
bd8624d649
[ #1560 ] Added tests for non-federating instance bahaviour to OStatusControllerTest.
2020-03-02 22:02:21 +03:00
Ivan Tashkinov
b4367125e9
[ #1560 ] Added tests for non-federating instance bahaviour to ActivityPubControllerTest.
2020-03-02 21:43:18 +03:00
Ivan Tashkinov
99a6c660a9
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
2020-03-02 18:41:12 +03:00
Egor Kislitsyn
4a45b96a91
Merge branch 'develop' into fix/signup-without-email
2020-03-02 15:35:49 +04:00
Haelwenn
764a50f8a6
Merge branch 'feature/1482-activity_pub_transactions' into 'develop'
...
ActivityPub actions & side-effects in transaction
Closes #1482
See merge request pleroma/pleroma!2089
2020-03-02 07:58:01 +00:00
Alexander Strizhakov
cc98d010ed
relay list shows hosts without accepted follow
2020-03-02 09:27:20 +03:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
...
Done via the following command:
git diff fcd5dd259a
--stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Haelwenn (lanodan) Monnier
6c0d869d9d
Bump copyright years of files changed after 2019-01-01
...
Done via the following command:
git diff 1e6c102b
--stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2020-03-02 05:54:56 +01:00
Alexander Strizhakov
d9e4b77f8b
Merge branch 'develop' into gun
2020-03-01 12:48:49 +03:00
Alexander Strizhakov
32d1e04817
ActivityPub actions & side-effects in transaction
2020-03-01 12:01:39 +03:00
rinpatch
19e559fe51
Merge branch 'rate-limiter-runtime-settings' into 'develop'
...
RateLimiter improvements: runtime configurability, no default limits in tests
See merge request pleroma/pleroma!2250
2020-02-29 21:52:33 +00:00
Alexander Strizhakov
814b275af7
Merge branch 'develop' into gun
2020-02-29 11:34:50 +03:00
f2216287a7
Merge branch 'admin-status-list' into 'develop'
...
Admin API: `/api/pleroma/admin/statuses` (accepts `godmode` and `local_only`)
Closes #1550
See merge request pleroma/pleroma!2192
2020-02-27 18:11:04 +00:00
Ivan Tashkinov
6f2efb1c45
Runtime configurability of RateLimiter. Refactoring. Disabled default rate limits in tests.
2020-02-27 18:46:05 +03:00
Egor Kislitsyn
cb60a9c42f
Do not fail when user has no email
2020-02-27 17:27:49 +04:00
eugenijm
4ab07cf0d5
Admin API: Exclude boosts from GET /api/pleroma/admin/users/:nickname/statuses
and GET /api/pleroma/admin/instance/:instance/statuses
2020-02-26 22:35:57 +03:00
eugenijm
e2a6a40367
Admin API: GET /api/pleroma/admin/statuses
- list all statuses (accepts godmode
and local_only
)
2020-02-26 20:21:38 +03:00
Egor Kislitsyn
f446744a6a
Allow account registration without an email
2020-02-26 20:13:53 +04:00
Egor Kislitsyn
c495e6d387
Add a test to ensure OAuth tokens are tied to Push subscriptions
2020-02-25 18:04:28 +04:00
eugenijm
7ad5c51f23
Admin API: GET /api/pleroma/admin/stats
to get status count by visibility scope
2020-02-24 21:46:37 +03:00
Ivan Tashkinov
0cf1d4fcd0
[ #1560 ] Restricted AP- & OStatus-related routes for non-federating instances.
2020-02-22 19:48:41 +03:00
Ivan Tashkinov
8f0ca19b9c
Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
...
# Conflicts:
# CHANGELOG.md
# config/config.exs
2020-02-22 09:31:43 +03:00
Alexander Strizhakov
13918cb545
Merge branch 'develop' into gun
2020-02-21 10:02:37 +03:00
Haelwenn
c5570e0493
Merge branch 'single_emoji_reaction' into 'develop'
...
Single emoji reaction
Closes #1578
See merge request pleroma/pleroma!2226
2020-02-20 23:50:40 +00:00
lain
c69b04c490
Merge branch 'features/remote-follow-userpage-redirect' into 'develop'
...
remote_follow_controller.ex: Redirect to the user page on success
Closes #1245
See merge request pleroma/pleroma!2123
2020-02-20 12:04:29 +00:00
Ivan Tashkinov
0c65a8c3d0
Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
...
# Conflicts:
# config/config.exs
2020-02-20 15:00:48 +03:00
lain
cf4ecffcea
Merge branch 'tests-clear-config-tweaks' into 'develop'
...
Tweaks to `clear_config` calls in tests
See merge request pleroma/pleroma!2209
2020-02-20 11:36:48 +00:00
lain
314928333a
Pleroma API: Add endpoint to get reaction information on a single emoji
2020-02-19 17:16:45 +01:00
Mark Felder
cf94349287
Merge branch 'develop' into gun
2020-02-18 09:06:27 -06:00
lain
cf8307e71c
Merge branch 'fix/status-view/expires_at' into 'develop'
...
Fix `status.expires_at` type
Closes #1573
See merge request pleroma/pleroma!2222
2020-02-18 14:56:59 +00:00
Ivan Tashkinov
226f4d5ef9
Merge remote-tracking branch 'remotes/origin/develop' into tests-clear-config-tweaks
...
# Conflicts:
# test/web/admin_api/admin_api_controller_test.exs
2020-02-18 17:52:31 +03:00
Ivan Tashkinov
61d9f43e46
Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
2020-02-18 17:46:09 +03:00
lain
c07efd5b42
Merge branch 'need-reboot-flag' into 'develop'
...
need_reboot flag for adminFE
See merge request pleroma/pleroma!2188
2020-02-18 14:32:03 +00:00
Egor Kislitsyn
ca7ac068f0
Add a test
2020-02-18 17:09:50 +04:00
Alexander Strizhakov
514c899275
adding gun adapter
2020-02-18 08:19:01 +03:00
rinpatch
472132215e
Use floki's new APIs for parsing fragments
2020-02-16 01:55:26 +03:00
Ivan Tashkinov
269d592181
[ #1505 ] Restricted max thread distance for fetching replies on incoming federation (in addition to reply-to depth restriction).
2020-02-15 20:41:38 +03:00
Haelwenn (lanodan) Monnier
1257331291
MastodonAPI.StatusView: Do not use site_name
...
site_name allow to spoof the origin of the domain and so hacks like:
<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg " />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/ ">
2020-02-15 00:36:09 +01:00
Ivan Tashkinov
4f8c3462a8
Tweaks to clear_config
calls in tests in order to prevent side effects on config during test suite execution.
2020-02-13 21:55:47 +03:00
b312c36b8e
Merge branch 'develop' into 'fix/rename-no_attachment_links-setting'
...
# Conflicts:
# config/description.exs
2020-02-13 14:37:55 +00:00
Egor Kislitsyn
19516af74e
Fix status.expires_in
validation
2020-02-12 20:20:44 +04:00
Mark Felder
ff9fd4ca89
Fix the confusingly named and inverted logic of "no_attachment_links"
...
The setting is now simply "attachment_links" and the boolean value does
what you expect. A double negative is never possible and describing the
functionality is no longer a philospher's worst nightmare.
2020-02-11 15:39:19 -06:00
Egor Kislitsyn
58b2017aa0
Restore TwitterAPI tests
2020-02-12 00:51:05 +04:00
237b2068f9
Revert "Merge branch 'feat/floki-fasthtml' into 'develop'"
...
This reverts merge request !2194
2020-02-11 16:55:18 +00:00
rinpatch
ea1631d7e6
Make Floki use fast_html
2020-02-11 16:17:21 +03:00
lain
24c526a0b1
Merge remote-tracking branch 'origin/develop' into uguu-uwu-notices-bulge
2020-02-11 13:58:36 +01:00
Maksim Pechnikov
6813c0302c
Merge branch 'develop' into issue/1383
2020-02-10 20:49:20 +03:00
Ivan Tashkinov
b95dd5e217
[ #1505 ] Improved replies-handling tests: updated Mastodon message fixture, used exact Pleroma federation message.
2020-02-10 11:46:16 +03:00
Ivan Tashkinov
24e49d14f2
[ #1505 ] Removed wrapping of reply URIs into first
element, added comments to transmogrifier tests.
2020-02-09 17:34:48 +03:00
Ivan Tashkinov
7c3991f59e
[ #1505 ] Fixed replies
serialization (included objects' ids instead of activities' ids).
2020-02-09 10:17:21 +03:00
Ivan Tashkinov
4e6bbdc7b5
Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
2020-02-08 19:59:37 +03:00
Ivan Tashkinov
d458f4fdca
[ #1505 ] Added tests, changelog entry, tweaked config settings related to replies output on outgoing federation.
2020-02-08 19:58:02 +03:00
Alexander Strizhakov
dad23e3766
need_reboot flag
2020-02-08 13:00:02 +03:00
Haelwenn
1262357ddb
Merge branch 'cancel-follow-request' into 'develop'
...
Add support for cancellation of a follow request
Closes #1522
See merge request pleroma/pleroma!2175
2020-02-07 16:10:43 +00:00
Lain Soykaf
d85bcc8627
Questions: Add timezone to closed
property
2020-02-07 16:57:46 +01:00
Lain Soykaf
4538a1ee01
EmojiReactions: Remove old API endpoints
2020-02-07 15:01:45 +01:00
Lain Soykaf
f875b9650a
EmojiReactions: Add Mastodon-aligned reaction endpoints, change response
2020-02-07 14:52:13 +01:00
Egor Kislitsyn
bc2e98b200
Add User.get_follow_state/2
2020-02-07 16:17:34 +04:00
Lain Soykaf
8a79f20c21
EmojiReactions: Rename to EmojiReacts
2020-02-06 18:09:57 +01:00
df0b00b32d
Merge branch 'mastoapi-non-html-strings' into 'develop'
...
mastodon API: do not sanitize html in non-html fields
See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00
Egor Kislitsyn
8b9742ecf5
Cancellation of a follow request for a remote user
2020-02-06 18:02:33 +04:00
Alexander Strizhakov
c85aa6e87f
removing confusing error
2020-02-06 12:50:36 +03:00
rinpatch
15cb1f6804
Merge branch 'fix/unpinnable-polls' into 'develop'
...
fix not being able to pin polls
See merge request pleroma/pleroma!2172
2020-02-05 21:04:16 +00:00
Alexander Strizhakov
5db6ac8ee4
removing migrate_from_db endpoint from admin api
2020-02-05 20:36:21 +03:00
rinpatch
49e80a1537
Merge branch 'feature/restart-pleroma-from-outside-application' into 'develop'
...
Restarting pleroma from outside application
See merge request pleroma/pleroma!2144
2020-02-05 16:59:21 +00:00
Egor Kislitsyn
8c71f7e11a
Add support for cancellation of a follow request
2020-02-05 20:22:15 +04:00
Ivan Tashkinov
e84fee5b86
Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
2020-02-05 07:56:36 +03:00
Maksim Pechnikov
2c40c8b4a2
Merge branch 'develop' into issue/1383
2020-02-03 21:42:36 +03:00