norm/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Packages Projects Releases Wiki Activity
15641 commits 28 branches 57 tags 278 MiB
Commit graph

5775 commits

Author SHA1 Message Date
Lain Soykaf 3e1f5e5372 WebFingerControllerTest: Restore host after test. 2024-05-22 19:27:51 +01:00
marcin mikołajczak 3a21293970 Fix tests 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2024-05-22 19:27:31 +01:00
marcin mikołajczak 0d66237205 Fix validate_webfinger when running a different domain for Webfinger 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
 2024-05-22 19:20:02 +01:00
lain 50403351f4 add impostor test for webfinger 2024-05-22 19:17:34 +01:00
Alex Gleason a953b1d927 Prevent spoofing webfinger 2024-05-22 19:08:37 +01:00
Floatingghost 4457928e32 duct-tape fix for #438 
we really need to make this less manual
 2024-05-11 05:30:18 +01:00
Floatingghost 828158ef49 Merge remote-tracking branch 'oneric/fedfix-public-ld' into develop 2024-04-26 18:49:31 +01:00
Oneric 5ee0fb18cb exiftool: make stripped tags configurable 2024-04-26 18:57:24 +02:00
Oneric b0a46c1e2e Normalise public adressing to fix federation 
Due to JSON-LD compaction the full address of public scope
may also occur in shorter forms and the spec requires us to treat them
all equivalently. To save us the pain of repeatedly checking for all
variants internally, normalise inbound data to just one form.
See note at: https://www.w3.org/TR/activitypub/#public-addressing

This needs to happen very early, even before the other addressing fixes
else an earlier validator will reject the object. This in turn required
to move the list-tpye normalisation earlier as well, but since I was
unsure about putting empty lists into the data when no such field
existed before, I excluded this case and thus the later fixing had to be
kept as well.

Fixes: AkkomaGang/akkoma#670
 2024-04-25 18:45:16 +02:00
floatingghost b1c6621e66 Merge pull request 'Read image description from EXIF data' (#744) from timorl/akkoma:elseinspe into develop 
Reviewed-on: AkkomaGang/akkoma#744
 2024-04-25 12:52:31 +00:00
floatingghost 764dbeded4 Merge pull request 'Accept all standard actor types' (#751) from Oneric/akkoma:all-actor-types into develop 
Reviewed-on: AkkomaGang/akkoma#751
 2024-04-24 17:09:02 +00:00
floatingghost 1e48a37545 Merge pull request 'Remove unused AP C2S endpoints' (#749) from who-wants-to-yeet-c2s-i-want-to-yeet-c2s into develop 
Reviewed-on: AkkomaGang/akkoma#749
 2024-04-24 16:59:58 +00:00
Oneric 83f75c3e93 Accept all standard actor types 2024-04-23 18:14:34 +02:00
Floatingghost 92168fa5a1 Merge remote-tracking branch 'origin/develop' into who-wants-to-yeet-c2s-i-want-to-yeet-c2s 2024-04-23 14:37:05 +01:00
Oneric 20c22eb159 Fix flaky expires_at tests 
The API parameter is not a timestamp but an offset.
If a sufficient amount of time passes between the tests
expires_at calculation and the internal calculation during processing
of the request the strict equality assertion fails. (Either a direct
assertion or indirect via job lookup).

To avoid this lower comparison granularity.
 2024-04-21 21:08:53 +00:00
timorl 3f54945033
Fix the one test that wasn't just being flaky 2024-04-21 19:43:26 +02:00
timorl 2a9db73b4c
Merge branch 'develop' into elseinspe 2024-04-19 17:11:55 +02:00
Floatingghost 1ed975636b Keep READ endpoints, purge WRITE 2024-04-19 11:06:01 +01:00
timorl cd7af81896
Rename StripLocation to StripMetadata for temporal-proofing reasons 2024-04-16 20:37:00 +02:00
Floatingghost ddb8a5ef73 yeet AP C2S support 
literally nothing uses C2S AP, and it's another route into core
systems which requires analysis and maintenance. A second API
is just extra surface for potentially bad things so let's take
it out back and obliterate it
 2024-04-16 13:55:03 +01:00
Floatingghost 123db1abc4 Merge branch 'develop' into failed-fetch-processing 2024-04-16 12:35:54 +01:00
timorl 59d32c10d9
Formatting 2024-04-16 08:02:13 +02:00
timorl b144218dce
Merge branch 'develop' into elseinspe 2024-04-14 20:31:33 +02:00
Floatingghost 2fc25980d1 fix pattern matching in fetch errors 2024-04-13 23:55:26 +01:00
floatingghost c1f0b6b875 Merge pull request 'Accept body parameters for /api/pleroma/notification_settings' (#738) from Oneric/akkoma:notif-setting-parameters into develop 
Reviewed-on: AkkomaGang/akkoma#738
 2024-04-13 22:55:02 +00:00
Floatingghost 18442dcc7e Fix quote test 2024-04-13 23:05:52 +01:00
Floatingghost 33fb74043d Bring our adjustments into line with atom-failure 2024-04-13 22:56:04 +01:00
Floatingghost 7f6e35ece4 formatting 2024-04-12 20:33:33 +01:00
Mark Felder 2e369aef71 Allow the Remote Fetcher to attempt fetching an unreachable instance 2024-04-12 20:33:21 +01:00
Mark Felder fed7a78c77 Oban jobs should be discarded on permanent errors 2024-04-12 20:33:17 +01:00
Mark Felder f31b262aec Improve test descriptions 2024-04-12 20:32:38 +01:00
Mark Felder ff515c05c3 Prevent requeuing Remote Fetcher jobs that exceed thread depth 2024-04-12 20:32:31 +01:00
Mark Felder 7e5004b3e2 Leverage existing atoms as return errors for the object fetcher 2024-04-12 20:32:13 +01:00
Mark Felder 3c54f407c5 Conslidate log messages for object fetcher failures and leverage Logger.metadata 2024-04-12 20:30:38 +01:00
Mark Felder 331710b6bb RemoteFetcherWorker Oban job tests 2024-04-12 20:29:28 +01:00
Mark Felder 30d63aaa6e Revert "Mark instances as unreachable when returning a 403 from an object fetch" 
This reverts commit d472bafec19cee269e7c943bafae7c805785acd7.
 2024-04-12 20:28:56 +01:00
Mark Felder 4c29366fe5 Mark instances as unreachable when returning a 403 from an object fetch 
This is a definite sign the instance is blocked and they are enforcing authorized_fetch
 2024-04-12 20:27:33 +01:00
floatingghost 6f3c955aa0 Merge pull request 'elixir1.16 testing' (#742) from elixir1.16 into develop 
Reviewed-on: AkkomaGang/akkoma#742
 2024-04-12 18:49:33 +00:00
floatingghost 024ffadd80 Merge pull request 'Don't list old accounts as aliases in WebFinger' (#713) from erincandescent/akkoma:no-old-account-alias into develop 
Reviewed-on: AkkomaGang/akkoma#713
 2024-04-12 18:34:14 +00:00
floatingghost e2e4f53585 Merge pull request 'Use standard-compliant Accept header when fetching' (#740) from Oneric/akkoma:fetch_std-accept-hdr into develop 
Reviewed-on: AkkomaGang/akkoma#740
 2024-04-12 18:28:26 +00:00
Floatingghost df25d86999 Cleaned up FEP-fffd commits a bit 2024-04-12 18:50:57 +01:00
floatingghost 4887df12d7 Merge pull request 'Allow for url to be a list' (#718) from helge/akkoma:develop into develop 
Reviewed-on: AkkomaGang/akkoma#718
 2024-04-12 17:39:38 +00:00
floatingghost e6ca2b4d2a Merge pull request 'Fix array-less EmojiReacts' (#739) from Oneric/akkoma:tag-arrayless into develop 
Reviewed-on: AkkomaGang/akkoma#739
 2024-04-12 17:26:07 +00:00
floatingghost 6ba80aaff5 Merge pull request 'Check if data is visible before embedding it in OG tags' (#741) from ograph-restrictions into develop 
Reviewed-on: AkkomaGang/akkoma#741
 2024-04-12 17:22:59 +00:00
floatingghost 8e60177466 Merge pull request 'MRF.InlineQuotePolicy: Add link to post URL, not ID' (#733) from erincandescent/akkoma:quote-url into develop 
Reviewed-on: AkkomaGang/akkoma#733
 2024-04-12 17:02:52 +00:00
Erin Shepherd 75d9e2b375 MRF.InlineQuotePolicy: Add link to post URL, not ID 
"id" is used for the canonical link to the AS2 representation of an object.
"url" is typically used for the canonical link to the HTTP representation.
It is what we use, for example, when following the "external source" link
in the frontend. However, it's not the link we include in the post contents
for quote posts.

Using URL instead means we include a more user-friendly URL for Mastodon,
and a working (in the browser) URL for Threads
 2024-04-12 13:23:50 +02:00
Floatingghost 05f8179d08 check if data is visible before embedding it in OG tags 
previously we would uncritically take data and format it into
tags for static-fe and the like - however, instances can be
configured to disallow unauthenticated access to these resources.

this means that OG tags as a vector for information leakage.

_technically_ this should only occur if you have both
restrict_unauthenticated *AND* you run static-fe, which makes no
sense since static-fe is for unauthenticated people in particular,
but hey ho.
 2024-04-12 05:16:47 +01:00
Oneric fae0a14ee8 Use standard-compliant Accept header when fetching 
Spec says clients MUST use this header and servers MUST respond to it,
while servers merely SHOULD respond to the one we used before.
https://www.w3.org/TR/activitypub/#retrieving-objects

The old value is kept as a fallback since at least two years ago
not every implementation correctly dealt with the spec-compliant
variant, see: https://github.com/owncast/owncast/issues/1827

Fixes: AkkomaGang/akkoma#730
 2024-04-12 00:22:37 +02:00
Oneric bd74ad9ce4 Accept body parameters for /api/pleroma/notification_settings 
This brings it in line with its documentation and akkoma-fe’s
expectations. For backwards compatibility URL parameters are still
accept with lower priority. Unfortunately this means duplicating
parameters and descriptions in the API spec.

Usually Plug already pre-merges parameters from different sources into
the plain 'params' parameter which then gets forwarded by Phoenix.
However, OpenApiSpex 3.x prevents this; 4.x is set to change this
  https://github.com/open-api-spex/open_api_spex/issues/334
  https://github.com/open-api-spex/open_api_spex/issues/92

Fixes: AkkomaGang/akkoma#691
Fixes: AkkomaGang/akkoma#722
 2024-04-09 04:11:28 +02:00
Oneric 462225880a Accept EmojiReacts with non-array tag 
JSON-LD compaction strips the array since it’s just one object

Fixes: AkkomaGang/akkoma#720
 2024-04-09 04:04:16 +02:00