842cac2a50
ensure we mock_global
2024-05-22 19:30:03 +01:00
Lain Soykaf
3e1f5e5372
WebFingerControllerTest: Restore host after test.
2024-05-22 19:27:51 +01:00
marcin mikołajczak
3a21293970
Fix tests
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-05-22 19:27:31 +01:00
marcin mikołajczak
0d66237205
Fix validate_webfinger when running a different domain for Webfinger
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-05-22 19:20:02 +01:00
lain
50403351f4
add impostor test for webfinger
2024-05-22 19:17:34 +01:00
Alex Gleason
a953b1d927
Prevent spoofing webfinger
2024-05-22 19:08:37 +01:00
4457928e32
duct-tape fix for #438
...
we really need to make this less manual
2024-05-11 05:30:18 +01:00
828158ef49
Merge remote-tracking branch 'oneric/fedfix-public-ld' into develop
2024-04-26 18:49:31 +01:00
5ee0fb18cb
exiftool: make stripped tags configurable
2024-04-26 18:57:24 +02:00
b0a46c1e2e
Normalise public adressing to fix federation
...
Due to JSON-LD compaction the full address of public scope
may also occur in shorter forms and the spec requires us to treat them
all equivalently. To save us the pain of repeatedly checking for all
variants internally, normalise inbound data to just one form.
See note at: https://www.w3.org/TR/activitypub/#public-addressing
This needs to happen very early, even before the other addressing fixes
else an earlier validator will reject the object. This in turn required
to move the list-tpye normalisation earlier as well, but since I was
unsure about putting empty lists into the data when no such field
existed before, I excluded this case and thus the later fixing had to be
kept as well.
Fixes: AkkomaGang/akkoma#670
2024-04-25 18:45:16 +02:00
b1c6621e66
Merge pull request 'Read image description from EXIF data' ( #744 ) from timorl/akkoma:elseinspe into develop
...
Reviewed-on: AkkomaGang/akkoma#744
2024-04-25 12:52:31 +00:00
764dbeded4
Merge pull request 'Accept all standard actor types' ( #751 ) from Oneric/akkoma:all-actor-types into develop
...
Reviewed-on: AkkomaGang/akkoma#751
2024-04-24 17:09:02 +00:00
1e48a37545
Merge pull request 'Remove unused AP C2S endpoints' ( #749 ) from who-wants-to-yeet-c2s-i-want-to-yeet-c2s into develop
...
Reviewed-on: AkkomaGang/akkoma#749
2024-04-24 16:59:58 +00:00
83f75c3e93
Accept all standard actor types
2024-04-23 18:14:34 +02:00
92168fa5a1
Merge remote-tracking branch 'origin/develop' into who-wants-to-yeet-c2s-i-want-to-yeet-c2s
2024-04-23 14:37:05 +01:00
20c22eb159
Fix flaky expires_at tests
...
The API parameter is not a timestamp but an offset.
If a sufficient amount of time passes between the tests
expires_at calculation and the internal calculation during processing
of the request the strict equality assertion fails. (Either a direct
assertion or indirect via job lookup).
To avoid this lower comparison granularity.
2024-04-21 21:08:53 +00:00
timorl
3f54945033
Fix the one test that wasn't just being flaky
2024-04-21 19:43:26 +02:00
timorl
2a9db73b4c
Merge branch 'develop' into elseinspe
2024-04-19 17:11:55 +02:00
1ed975636b
Keep READ endpoints, purge WRITE
2024-04-19 11:06:01 +01:00
timorl
cd7af81896
Rename StripLocation to StripMetadata for temporal-proofing reasons
2024-04-16 20:37:00 +02:00
ddb8a5ef73
yeet AP C2S support
...
literally nothing uses C2S AP, and it's another route into core
systems which requires analysis and maintenance. A second API
is just extra surface for potentially bad things so let's take
it out back and obliterate it
2024-04-16 13:55:03 +01:00
123db1abc4
Merge branch 'develop' into failed-fetch-processing
2024-04-16 12:35:54 +01:00
timorl
59d32c10d9
Formatting
2024-04-16 08:02:13 +02:00
timorl
b144218dce
Merge branch 'develop' into elseinspe
2024-04-14 20:31:33 +02:00
2fc25980d1
fix pattern matching in fetch errors
2024-04-13 23:55:26 +01:00
c1f0b6b875
Merge pull request 'Accept body parameters for /api/pleroma/notification_settings' ( #738 ) from Oneric/akkoma:notif-setting-parameters into develop
...
Reviewed-on: AkkomaGang/akkoma#738
2024-04-13 22:55:02 +00:00
18442dcc7e
Fix quote test
2024-04-13 23:05:52 +01:00
33fb74043d
Bring our adjustments into line with atom-failure
2024-04-13 22:56:04 +01:00
7f6e35ece4
formatting
2024-04-12 20:33:33 +01:00
2e369aef71
Allow the Remote Fetcher to attempt fetching an unreachable instance
2024-04-12 20:33:21 +01:00
fed7a78c77
Oban jobs should be discarded on permanent errors
2024-04-12 20:33:17 +01:00
f31b262aec
Improve test descriptions
2024-04-12 20:32:38 +01:00
ff515c05c3
Prevent requeuing Remote Fetcher jobs that exceed thread depth
2024-04-12 20:32:31 +01:00
7e5004b3e2
Leverage existing atoms as return errors for the object fetcher
2024-04-12 20:32:13 +01:00
3c54f407c5
Conslidate log messages for object fetcher failures and leverage Logger.metadata
2024-04-12 20:30:38 +01:00
331710b6bb
RemoteFetcherWorker Oban job tests
2024-04-12 20:29:28 +01:00
30d63aaa6e
Revert "Mark instances as unreachable when returning a 403 from an object fetch"
...
This reverts commit d472bafec19cee269e7c943bafae7c805785acd7.
2024-04-12 20:28:56 +01:00
4c29366fe5
Mark instances as unreachable when returning a 403 from an object fetch
...
This is a definite sign the instance is blocked and they are enforcing authorized_fetch
2024-04-12 20:27:33 +01:00
6f3c955aa0
Merge pull request 'elixir1.16 testing' ( #742 ) from elixir1.16 into develop
...
Reviewed-on: AkkomaGang/akkoma#742
2024-04-12 18:49:33 +00:00
024ffadd80
Merge pull request 'Don't list old accounts as aliases in WebFinger' ( #713 ) from erincandescent/akkoma:no-old-account-alias into develop
...
Reviewed-on: AkkomaGang/akkoma#713
2024-04-12 18:34:14 +00:00
e2e4f53585
Merge pull request 'Use standard-compliant Accept header when fetching' ( #740 ) from Oneric/akkoma:fetch_std-accept-hdr into develop
...
Reviewed-on: AkkomaGang/akkoma#740
2024-04-12 18:28:26 +00:00
df25d86999
Cleaned up FEP-fffd commits a bit
2024-04-12 18:50:57 +01:00
4887df12d7
Merge pull request 'Allow for url to be a list' ( #718 ) from helge/akkoma:develop into develop
...
Reviewed-on: AkkomaGang/akkoma#718
2024-04-12 17:39:38 +00:00
e6ca2b4d2a
Merge pull request 'Fix array-less EmojiReacts' ( #739 ) from Oneric/akkoma:tag-arrayless into develop
...
Reviewed-on: AkkomaGang/akkoma#739
2024-04-12 17:26:07 +00:00
6ba80aaff5
Merge pull request 'Check if data is visible before embedding it in OG tags' ( #741 ) from ograph-restrictions into develop
...
Reviewed-on: AkkomaGang/akkoma#741
2024-04-12 17:22:59 +00:00
8e60177466
Merge pull request 'MRF.InlineQuotePolicy: Add link to post URL, not ID' ( #733 ) from erincandescent/akkoma:quote-url into develop
...
Reviewed-on: AkkomaGang/akkoma#733
2024-04-12 17:02:52 +00:00
75d9e2b375
MRF.InlineQuotePolicy: Add link to post URL, not ID
...
"id" is used for the canonical link to the AS2 representation of an object.
"url" is typically used for the canonical link to the HTTP representation.
It is what we use, for example, when following the "external source" link
in the frontend. However, it's not the link we include in the post contents
for quote posts.
Using URL instead means we include a more user-friendly URL for Mastodon,
and a working (in the browser) URL for Threads
2024-04-12 13:23:50 +02:00
05f8179d08
check if data is visible before embedding it in OG tags
...
previously we would uncritically take data and format it into
tags for static-fe and the like - however, instances can be
configured to disallow unauthenticated access to these resources.
this means that OG tags as a vector for information leakage.
_technically_ this should only occur if you have both
restrict_unauthenticated *AND* you run static-fe, which makes no
sense since static-fe is for unauthenticated people in particular,
but hey ho.
2024-04-12 05:16:47 +01:00
fae0a14ee8
Use standard-compliant Accept header when fetching
...
Spec says clients MUST use this header and servers MUST respond to it,
while servers merely SHOULD respond to the one we used before.
https://www.w3.org/TR/activitypub/#retrieving-objects
The old value is kept as a fallback since at least two years ago
not every implementation correctly dealt with the spec-compliant
variant, see: https://github.com/owncast/owncast/issues/1827
Fixes: AkkomaGang/akkoma#730
2024-04-12 00:22:37 +02:00
bd74ad9ce4
Accept body parameters for /api/pleroma/notification_settings
...
This brings it in line with its documentation and akkoma-fe’s
expectations. For backwards compatibility URL parameters are still
accept with lower priority. Unfortunately this means duplicating
parameters and descriptions in the API spec.
Usually Plug already pre-merges parameters from different sources into
the plain 'params' parameter which then gets forwarded by Phoenix.
However, OpenApiSpex 3.x prevents this; 4.x is set to change this
https://github.com/open-api-spex/open_api_spex/issues/334
https://github.com/open-api-spex/open_api_spex/issues/92
Fixes: AkkomaGang/akkoma#691
Fixes: AkkomaGang/akkoma#722
2024-04-09 04:11:28 +02:00