Commit graph

538 commits

Author SHA1 Message Date
scarlett
3dff61ebec Harden re: detection. 2018-12-06 13:48:12 +00:00
scarlett
6a6aaa0e1a Use object.normalize. 2018-12-06 11:37:29 +00:00
Hakaba Hitoyo
a09ed0f5af avoid mix format bug 2018-12-06 18:41:29 +09:00
kaniini
ccf0b46dd6 Merge branch '210_twitter_api_uploads_alt_text' into 'develop'
[#210] TwitterAPI: alt text support for uploaded images. Mastodon API uploads security fix.

See merge request pleroma/pleroma!496
2018-12-06 07:36:21 +00:00
Ivan Tashkinov
3e90f688f1 [#210] Mastodon: actor storing for media uploads, ownership check to update_media.
Refactoring.
2018-12-06 10:26:17 +03:00
Hakaba Hitoyo
96ba95df2e remove follow_redirect options 2018-12-06 11:38:33 +09:00
Hakaba Hitoyo
27792b2d77 remove pool and timeout options which duplicate with the default 2018-12-06 11:23:15 +09:00
lain
76d6b1c6ab Merge remote-tracking branch 'origin' into follower-hiding 2018-12-05 21:27:56 +01:00
Ivan Tashkinov
3b5be09f45 [#210] Stylistic change. 2018-12-05 21:48:21 +03:00
Ivan Tashkinov
c4f3c5e939 [#210] Stylistic change. 2018-12-05 20:23:28 +03:00
Ivan Tashkinov
848151f7cb [#210] [TwitterAPI] Made actor be stored for uploads. Added ownership check
to `update_media` action. Added controller tests for `upload` and `update_media` actions.
Refactoring.
2018-12-05 13:37:06 +03:00
scarlett
8a1df182cf Add a MRF Policy for appending re: to identical subjects in replies. 2018-12-04 23:35:07 +00:00
kaniini
114b95cee2 Merge branch 'feature/integration_tesla' into 'develop'
[#354] Move all http interactions to Tesla

See merge request pleroma/pleroma!487
2018-12-04 18:41:00 +00:00
William Pitcock
b57d83e3c9 MRF: simple policy: fix media removal 2018-12-04 18:30:01 +00:00
Maksim Pechnikov
87109482f3 status_code -> status 2018-12-04 14:04:06 +03:00
lain
6be0ab1e55 Hide network in ap. 2018-12-02 17:35:32 +01:00
lain
c443c9bd72 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into validate-user-info 2018-12-01 09:55:46 +01:00
href
b19597f602
reverse proxy / uploads 2018-11-30 18:00:47 +01:00
lain
d0ec2812bd Merge remote-tracking branch 'origin' into validate-user-info 2018-11-30 17:34:20 +01:00
lain
8f1fffebc6 Fix transmogrifier test. 2018-11-30 17:31:05 +01:00
William Pitcock
8c05d19c7f MRF: add user allowlist module 2018-11-26 23:51:58 +00:00
kaniini
675653ceb7 Merge branch 'feature/admin-api' into 'develop'
Add a admin API

See merge request pleroma/pleroma!366
2018-11-22 00:28:04 +00:00
lain
0896cf4c0f Fix most mastodon api bugs. 2018-11-20 20:12:39 +01:00
lain
40d9d2098c Fix user updating from AP. 2018-11-18 22:15:03 +01:00
lain
4c918392c6 Fix most User tests. 2018-11-18 21:40:52 +01:00
William Pitcock
f6be980f4f activitypub: object view: avoid leaking private details 2018-11-17 22:30:53 +00:00
William Pitcock
dfcfb184b1 activitypub: transmogrifier: make deletes secure 2018-11-17 21:22:57 +00:00
Haelwenn (lanodan) Monnier
12ccf0c4f8
Change Relay from status to {status, message} 2018-11-17 22:12:13 +01:00
William Pitcock
c88533209c activitypub: user fetching: use fetch_and_contain_remote_object_from_id() 2018-11-17 20:16:03 +00:00
William Pitcock
daa8ec3d62 activitypub: factor out AP object fetching to it's own function and add ID-based containment 2018-11-17 20:15:59 +00:00
Haelwenn (lanodan) Monnier
265c8c5209
Pleroma.Web.ActivityPub.Relay: make {un,}follow return :ok only if it worked, :error if it didn’t 2018-11-17 20:25:56 +01:00
William Pitcock
603fccf175 activitypub: fetch_object_from_id(): prefer actor over attributedTo to avoid spoofing 2018-11-17 18:17:17 +00:00
William Pitcock
97e50f3191 activitypub: transmogrifier: sanitize internal representation details from outgoing objects
this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside
projects which tried to parse our internal data.  accordingly, it seems better to just remove
it.
2018-11-10 12:24:20 +00:00
William Pitcock
f8310114a6 activitypub: object view: sanitize both the activity and the object when an activity is given for rendering 2018-11-10 12:04:09 +00:00
kaniini
7daa102fa4 Merge branch 'bugfix/local-jsonld-context' into 'develop'
Host LitePub JSON-LD context locally

See merge request pleroma/pleroma!435
2018-11-10 11:37:44 +00:00
William Pitcock
e4971553c7 activitypub: utils: use same object type list for mention extraction as insertion 2018-11-09 13:40:39 +00:00
William Pitcock
b9871e7e5a activitypub: utils: wrap Note objects in a Create when extracting mentions 2018-11-09 09:01:40 +00:00
William Pitcock
6cadfcb21e activitypub: utils: switch to using new Notification.get_notified_from_activity(). 2018-11-09 09:01:40 +00:00
William Pitcock
6b4064fa5d activitypub: transmogrifier: unify mention extraction 2018-11-08 19:41:36 +00:00
Haelwenn (lanodan) Monnier
934125695d
Move /litepub-1.0.jsonld to /schemas/litepub-0.1.jsonld 2018-11-08 20:21:45 +01:00
William Pitcock
3e33479c05 activitypub: transmogrifier: only consider to users as mention targets 2018-11-08 18:58:27 +00:00
Haelwenn (lanodan) Monnier
abcacec97d
Pleroma.Web.ActivityPub.Utils: Use locally-served JSON-LD Litepub context instead of Github-hosted one 2018-11-08 19:38:38 +01:00
William Pitcock
da16ada424 utils: use litepub @context instead of that huge mess 2018-11-08 16:52:14 +00:00
William Pitcock
f733470037 user view: unify a @context entry that was missed 2018-11-08 16:51:48 +00:00
lambda
59cf7cf235 Merge branch 'small-jsonld-refactor' into 'develop'
Small jsonld refactor

See merge request pleroma/pleroma!433
2018-11-08 16:23:58 +00:00
lain
34bd411781 Unify json ld header handling. 2018-11-08 16:39:38 +01:00
lain
3b02fd9fb7 Small refactor. 2018-11-08 16:05:28 +01:00
kaniini
b451a92d78 Merge branch 'runtime-config' into 'develop'
Runtime configuration

See merge request pleroma/pleroma!430
2018-11-07 22:32:34 +00:00
href
9070588493
Runtime config: MRF changes 2018-11-07 10:40:24 +01:00
href
5bb88fd174
Runtime configuration
Related to #85

Everything should now be configured at runtime, with the exception of
the `Pleroma.HTML` scrubbers (the scrubbers used can be
changed at runtime, but their configuration is compile-time) because
it's building a module with a macro.
2018-11-06 19:41:15 +01:00
kaniini
0f3e78addb Merge branch 'runtime-router' into 'develop'
Runtime configured router

See merge request pleroma/pleroma!426
2018-11-06 15:35:19 +00:00
href
2bc924ba45
Get rid of Pleroma.Config in favor of Application
Discussed in https://git.pleroma.social/pleroma/pleroma/merge_requests/426#note_7232
2018-11-06 15:12:53 +01:00
href
6fe23c5458
Runtime configured router 2018-11-05 15:19:03 +01:00
William Pitcock
9f03b5c4f7 activitypub: transmogrifier: add support for Page objects 2018-11-01 09:59:43 +00:00
kaniini
eba9a62024 Merge branch 'feature/relay-tests' into 'develop'
relay tests

See merge request pleroma/pleroma!411
2018-11-01 09:10:51 +00:00
Haelwenn
40676d7683 Merge branch 'bugfix/prismo.news_article_url' into 'develop'
Bugfix/prismo.news article url

Closes #352

See merge request pleroma/pleroma!410
2018-11-01 09:05:16 +00:00
lain
1e9ced5af4 Test Relay, switch to runtime configuration. 2018-11-01 09:01:43 +00:00
Haelwenn (lanodan) Monnier
b2da5262ea
Pleroma.Web.ActivityPub.Transmogrifier: fix_url when not a string/empty
Thanks prismo.news, I hate it
2018-11-01 09:56:37 +01:00
William Pitcock
10f3958468 object: return the deleted object as well 2018-11-01 07:47:50 +00:00
William Pitcock
2bf358d7b4 activitypub: use Object.delete() instead of mutating the database and cache directly 2018-11-01 07:29:12 +00:00
scarlett
b92e38d2d4 Add user reactivation task. 2018-10-29 23:13:15 +00:00
William Pitcock
167d3789a5 activitypub: upload: pass through an upload limit if one is provided 2018-10-29 16:43:05 +00:00
William Pitcock
72ea54de6e activitypub: fix possible false positives with broken thread filtering 2018-10-28 05:45:33 +00:00
William Pitcock
26eb11c172 activitypub: add support for filtering broken threads out of timelines 2018-10-26 06:16:51 +00:00
William Pitcock
f6cb963df2 activitypub utils: fix recipient check when the message is unaddressed (mastodon) 2018-10-26 01:24:22 +00:00
William Pitcock
ce70eb8c00 activitypub utils: fix user splicing 2018-10-25 05:24:01 +00:00
William Pitcock
2f1f1a4f30 activitypub: splice users into recipient lists when they receive messages at their personal inbox
closes #343
2018-10-25 05:02:21 +00:00
William Pitcock
5383887bd4 transmogrifier: do not try to contain origin of something which doesn't have one 2018-10-25 04:27:33 +00:00
William Pitcock
a71b822013 activitypub: always track following state for async reasons 2018-10-05 23:31:00 +00:00
William Pitcock
8ce217776d activitypub transmogrifier: better manage follow state 2018-10-05 23:30:34 +00:00
William Pitcock
4db1bc2c0e activitypub: fix error condition match 2018-09-30 05:26:13 +00:00
William Pitcock
707077edde activitypub: don't fall back to OStatus fetching when MRF rejects an object 2018-09-28 00:45:10 +00:00
William Pitcock
5c312ad677 activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else
although the previous handling assumed any unsigned/invalid signature message was a Create,
lets make it more explicit
2018-09-28 00:03:59 +00:00
Haelwenn (lanodan) Monnier
c739737998
transmogrifier: get_actor called without casting attributedTo in actor and actor is nil 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier
9446b02bdf
transmogrifier: Just make attachement maps into a list and reroll 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier
e53da692fb
transmogrifier: Use the correct variable and prefer inspect in case of a bad type being passed on 2018-09-27 20:00:48 +02:00
William Pitcock
d830a243a3
transmogrifier: more robustly handle dereferencing pointer URIs 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier
4c3a80de96
transmogrifier: Use oneliners when applicable 2018-09-27 20:00:47 +02:00
William Pitcock
ed8dfa3029
transmogrifier: reformat cond block by hand 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier
eebe33e86a
transmogrifier: Add support for array-less hashtags, add broken announce, harden get_actor 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier
f3291acc91
transmogrifier: pro-actively add support for Hashtag without array in tag 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier
22927f3a34
transmogrifier: Use a cond, add proactive support for arrays 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
0aac72f1d3
[Pleroma.Web.ActivityPub.Transmogrifier]: quick fix when tag is a Map 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
28e8a8ab36
[Pleroma.Web.ActivityPub.Transmogrifier]: fix emoji in tag when it’s not in a array [kroeg]
Also simplified the code for name trimming.

And not copying the Map.merge part as it looks buggy.
See: https://queer.hacktivis.me/objects/a9f21ebc-9a12-4a6c-89d5-3d46955c6ee8
2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
f8a0cb9c0b
[Pleroma.Web.ActivityPub.Transmogrifier]: fix when attachment contain is just a Map [kroeg] 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
a4abb124ea
[Pleroma.Web.ActivityPub.Transmogrifier]: Fix when inReplyTo is a inlined post [kroeg] 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
523757be52
[Pleroma.Web.ActivityPub.ActivityPub]: Harden getting endpoints [kroeg] 2018-09-27 20:00:45 +02:00
William Pitcock
342ed84446 MRF: add policy for normalizing HTML markup (local and remote) to a specific policy 2018-09-16 01:25:36 +00:00
William Pitcock
d3248e13e3 activitypub: transmogrifier: allow profile updates from bots 2018-09-10 01:57:03 +00:00
William Pitcock
e0b8c0ccba MRF: reject non-public: use pattern match to remove unnecessary if block 2018-09-10 01:16:03 +00:00
William Pitcock
88094c266d MRF: simple policy: refactor module to use guards and pattern matching 2018-09-10 01:16:02 +00:00
William Pitcock
97253df3ee MRF: simple policy: contain media removal/nsfw ops to create activities only 2018-09-10 01:16:01 +00:00
kaniini
1c9e539b47 Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
Add/Fix Mastodon endpoints for 2.4.3 compatibility

See merge request pleroma/pleroma!266
2018-09-03 12:33:36 +00:00
William Pitcock
03e92977cb transmogrifier: fix peertube/plume actor handling 2018-09-01 23:44:19 +00:00
William Pitcock
0b2c051a04 activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor 2018-09-01 23:20:02 +00:00
William Pitcock
29b5e30c46 activity: drop recipients_to/recipients_cc fields 2018-08-29 18:41:02 +00:00
William Pitcock
de9acebbf3 activitypub: use jsonb query for containment instead of recipients_to/recipients_cc. 2018-08-29 18:41:02 +00:00
William Pitcock
643fae6e36 activitypub: allow querying the activity/object graph bounded to a specific to/cc set 2018-08-29 08:51:23 +00:00
William Pitcock
81673b8136 activity: add recipients_to and recipients_cc fields 2018-08-29 08:42:33 +00:00
Haelwenn (lanodan) Monnier
97e20d2932
[MastodonAPI] the tag field isn’t fixed to a static type in pleroma 2018-08-27 15:08:25 +02:00