Commit graph

2834 commits

Author SHA1 Message Date
lambda
d73c7cc0ca Merge branch 'security/spoofing-hardening' into 'develop'
security: spoofing hardening

Closes #380, #381, and #382

See merge request pleroma/pleroma!461
2018-11-17 21:52:51 +00:00
William Pitcock
e10f839e9b tests: federator: fix formatting 2018-11-17 21:41:08 +00:00
William Pitcock
dfcfb184b1 activitypub: transmogrifier: make deletes secure 2018-11-17 21:22:57 +00:00
Haelwenn (lanodan) Monnier
52681f7fd0
Web.AdminAPI.AdminAPIControllerTest: New Test 2018-11-17 22:12:14 +01:00
Haelwenn (lanodan) Monnier
0ca00b3a07
Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit 2018-11-17 22:12:14 +01:00
Haelwenn (lanodan) Monnier
76bd80d462
test/plugs/user_is_admin_plug_test: New test 2018-11-17 22:12:13 +01:00
Haelwenn (lanodan) Monnier
44b6200103
lib/mix/tasks/relay*: Use a with block 2018-11-17 22:12:13 +01:00
Haelwenn (lanodan) Monnier
12ccf0c4f8
Change Relay from status to {status, message} 2018-11-17 22:12:13 +01:00
Haelwenn (lanodan) Monnier
4634d99d0d
Web.Router: Change right to permission group (except for function names) 2018-11-17 22:12:13 +01:00
William Pitcock
b1a6e8d80d test: add sanity tests for federator handling of AP docs 2018-11-17 21:01:19 +00:00
William Pitcock
0d1375f274 federator: return :ok or :error depending on if an AP doc was accepted or not 2018-11-17 21:00:37 +00:00
William Pitcock
3d9266a8cb federator: do origin containment when processing inbound messages 2018-11-17 20:43:43 +00:00
William Pitcock
55640c4804 tests: add a test to verify the general fake direction protection works in all cases 2018-11-17 20:31:20 +00:00
William Pitcock
dc1d8e13b4 tests: add a testcase for user collision 2018-11-17 20:20:45 +00:00
William Pitcock
c88533209c activitypub: user fetching: use fetch_and_contain_remote_object_from_id() 2018-11-17 20:16:03 +00:00
William Pitcock
1a940cb46e tests: add tests for contain_origin_from_id() 2018-11-17 20:16:03 +00:00
William Pitcock
daa8ec3d62 activitypub: factor out AP object fetching to it's own function and add ID-based containment 2018-11-17 20:15:59 +00:00
Haelwenn (lanodan) Monnier
e0b0fde713
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) 2018-11-17 20:25:57 +01:00
Haelwenn (lanodan) Monnier
1a31d71187
lib/mix/tasks/relay_{un,}follow.ex: Use a with block 2018-11-17 20:25:57 +01:00
Haelwenn (lanodan) Monnier
ccd6b1956d
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
7fbfd2db96
lib/mix/tasks/relay_{un,}follow.ex: Support status reply of Relay.{un,}follow 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
265c8c5209
Pleroma.Web.ActivityPub.Relay: make {un,}follow return :ok only if it worked, :error if it didn’t 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
4a79b89dba
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.” 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
f9d05902fe
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
a87ed2fad6
Pleroma.Web.AdminAPI.AdminAPIController: user_create statement format 2018-11-17 20:25:55 +01:00
Haelwenn (lanodan) Monnier
f48062488e
Add get endpoints for rights [AdminAPI] 2018-11-17 20:25:55 +01:00
Haelwenn (lanodan) Monnier
59ce7fedce
Fix connection returns make generic right endpoint [AdminAPI] 2018-11-17 20:25:55 +01:00
Haelwenn (lanodan) Monnier
c5a2bd6a65
admin_api_controller.ex: fix remaining params at once 2018-11-17 20:25:54 +01:00
Haelwenn (lanodan) Monnier
95b107b6cc
admin_api_controller.ex: Add documentation, fix get_invite_token 2018-11-17 20:25:54 +01:00
Haelwenn (lanodan) Monnier
578a911737
admin_api_controller.ex: get_password_reset: fix params and response 2018-11-17 20:25:54 +01:00
Haelwenn (lanodan) Monnier
5732eef16b
lib/pleroma/web/admin_api/admin_api_controller.ex: Pleroma.Web.AdminAPI.Controller → Pleroma.Web.AdminAPI.AdminAPIController 2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier
c8b8f1d32c
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting 2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier
011a2e36b1
lib/mix/tasks/make_admin.ex: New task 2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier
7076d45cb6
lib/pleroma/plugs/user_is_admin_plug.ex: Create 2018-11-17 20:25:52 +01:00
Haelwenn (lanodan) Monnier
77d2fd54dd
admin_api_controller: Have some basic code 2018-11-17 20:25:52 +01:00
Haelwenn (lanodan) Monnier
ee2e1328ad
admin_api_controller.ex: Create 2018-11-17 20:25:52 +01:00
lambda
a960983815 Merge branch 'security/actor-containment' into 'develop'
security hotfix: actor containment

See merge request pleroma/pleroma!460
2018-11-17 18:33:09 +00:00
William Pitcock
b483ae0a72 tests: add a second spoofing variant 2018-11-17 18:25:32 +00:00
William Pitcock
603fccf175 activitypub: fetch_object_from_id(): prefer actor over attributedTo to avoid spoofing 2018-11-17 18:17:17 +00:00
William Pitcock
9c8adfb6ef test: fix more test defects 2018-11-17 18:16:55 +00:00
William Pitcock
d9cb081f07 tests: add additional spoofing tests 2018-11-17 18:12:11 +00:00
William Pitcock
2ab8e28728 transmogrifier tests: fix defective spoofing test 2018-11-17 18:11:46 +00:00
William Pitcock
010fcb73d7 test: httpoison mock: add second spoofing activity test 2018-11-17 18:11:17 +00:00
kaniini
05967472f2 Merge branch 'feature/uploader-mdii' into 'develop'
Feature / MDII Uploader

See merge request pleroma/pleroma!454
2018-11-17 16:41:09 +00:00
hakabahitoyo
59e079f641 fallbacking into local uploader 2018-11-17 20:16:25 +09:00
hakabahitoyo
8fd0556c78 better config reading 2018-11-17 18:14:42 +09:00
kaniini
e4f57f89de Merge branch 'bugfix/dm-timeline-scope' into 'develop'
TwitterAPI: Fix dm_timeline displaying only half of the conversation.

See merge request pleroma/pleroma!457
2018-11-16 23:34:43 +00:00
lain
f87b315618 TwitterAPI: Fix dm_timeline displaying only half of the conversation. 2018-11-16 19:47:36 +01:00
lambda
2f639ea129 Merge branch 'feature/pleromafe-usersearch' into 'develop'
Add Twitter / Pleroma API user search

See merge request pleroma/pleroma!452
2018-11-16 18:13:47 +00:00
kaniini
38f76d964f Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions

Closes #379

See merge request pleroma/pleroma!456
2018-11-16 17:47:22 +00:00