Commit graph

1651 commits

Author SHA1 Message Date
William Pitcock
cd13fa17fd html: allow scrubbing policies to be stackable 2018-09-16 02:16:14 +00:00
William Pitcock
342ed84446 MRF: add policy for normalizing HTML markup (local and remote) to a specific policy 2018-09-16 01:25:36 +00:00
William Pitcock
95376ac1fe html: add the ability to override the default scrub policy 2018-09-16 01:25:35 +00:00
kaniini
c2650f0ffb Merge branch 'feature/html-scrub-policy' into 'develop'
html scrub policy

See merge request pleroma/pleroma!339
2018-09-16 01:05:09 +00:00
39aed5348a Add visible_in_picker to status emojis 2018-09-10 23:32:19 +00:00
William Pitcock
d3248e13e3 activitypub: transmogrifier: allow profile updates from bots 2018-09-10 01:57:03 +00:00
William Pitcock
e0b8c0ccba MRF: reject non-public: use pattern match to remove unnecessary if block 2018-09-10 01:16:03 +00:00
William Pitcock
88094c266d MRF: simple policy: refactor module to use guards and pattern matching 2018-09-10 01:16:02 +00:00
William Pitcock
97253df3ee MRF: simple policy: contain media removal/nsfw ops to create activities only 2018-09-10 01:16:01 +00:00
William Pitcock
e82ce2a4b3 formatting 2018-09-10 00:28:40 +00:00
William Pitcock
358f88e10a html: allow inline images by default (because of custom emoji) 2018-09-10 00:24:19 +00:00
William Pitcock
40e2f6e500 html: add default scrubbing profile and configuration knobs 2018-09-10 00:14:57 +00:00
William Pitcock
ac486fc59b everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly 2018-09-10 00:14:47 +00:00
William Pitcock
255f46d7ab html: new module providing a configurable markup scrubbing policy 2018-09-10 00:13:57 +00:00
Dominique Feyer
801d645c6b TASK: Fix formatting 2018-09-09 23:42:28 +02:00
Dominique Feyer
b79c126ee0 Add missing URL encoding in create authorization redirect 2018-09-09 23:31:47 +02:00
Hakaba Hitoyo
4e1bb7bccb make limit for /api/v1/suggestions 2018-09-09 13:57:23 +09:00
lambda
045953225e Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'
auth overhaul and legacy GS auth

See merge request pleroma/pleroma!331
2018-09-08 09:20:34 +00:00
kaniini
530561a091 Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
Add Secure and SameSite cookie flags

See merge request pleroma/pleroma!302
2018-09-07 23:55:42 +00:00
kaniini
3e4f39116b Merge branch 'feature/custom_media_url' into 'develop'
[Pleroma.Uploaders.Local]: Add configuration for custom url path

See merge request pleroma/pleroma!318
2018-09-07 23:49:36 +00:00
Martin Kühl
c1d07da4e1 Mastodon API: Fake support for loading filters 2018-09-07 16:12:44 +02:00
Martin Kühl
619f67768a Mastodon API: Add unsupported attributes to relationship responses
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
2018-09-07 16:12:44 +02:00
lain
70163aec9b Add LegacyAuthenticationPlug to router. 2018-09-05 22:31:57 +02:00
lain
44b094908c Update legacy passwords automatically. 2018-09-05 22:30:14 +02:00
lain
3aba585e7a Add Plugs to router. 2018-09-05 21:57:56 +02:00
lain
e601165426 Add UserEnabledPlug. 2018-09-05 21:53:53 +02:00
lain
5ce1ebb179 Add SetUserSessionIdPlug. 2018-09-05 21:42:42 +02:00
Haelwenn
4a3dbd9d4e Merge branch 'fix/sign-in-with-toot' into 'develop'
Fix sign-in and sign-out with Toot!

See merge request pleroma/pleroma!306
2018-09-05 18:20:26 +00:00
lain
636ad3e155 Add new plugs to router. 2018-09-05 19:13:53 +02:00
lain
12bc73dd28 Add EnsureUserKeyPlug, smaller fixes 2018-09-05 19:06:28 +02:00
lain
32465b9939 Simplify AuthenticationPlug 2018-09-05 18:53:38 +02:00
lain
9a96c93be7 Add SessionAuthenticationPlug. 2018-09-05 18:37:02 +02:00
lain
a3f54fca4d Add LegacyAuthenticationPlug 2018-09-05 18:17:33 +02:00
lain
3cf17dc402 Add EnsureAuthenticatedPlug 2018-09-05 17:59:19 +02:00
lain
faf5347748 Add UserFetcherPlug. 2018-09-05 17:44:38 +02:00
lain
42bd985e66 Add BasicAuthDecoderPlug 2018-09-05 17:30:05 +02:00
Moon Man
8b020e03a6 change cond to if else 2018-09-05 01:37:48 -04:00
Moon Man
1a8bc26e52 auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 00:21:44 -04:00
kaniini
76c67a41c1 Merge branch 'develop' into 'feature/staff-discovery-api'
# Conflicts:
#   lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
2018-09-03 14:55:42 +00:00
William Pitcock
9a21ff5f61 nodeinfo: add staffAccounts field to metadata 2018-09-03 14:48:31 +00:00
kaniini
1c9e539b47 Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
Add/Fix Mastodon endpoints for 2.4.3 compatibility

See merge request pleroma/pleroma!266
2018-09-03 12:33:36 +00:00
Hakaba Hitoyo
b1124f1605 report chat and gopher support at /nodeinfo/2.0.json 2018-09-03 21:13:30 +09:00
William Pitcock
b61430163b user: add moderator_user_query() 2018-09-03 12:03:23 +00:00
kaniini
7ca2a2ddea Merge branch 'nil-bio-emojis' into 'develop'
add nil clause for Formatter.get_emoji/1 to return an empty result

Closes #274

See merge request pleroma/pleroma!315
2018-09-03 05:54:11 +00:00
35515cfa66 Update mastodon_api_controller.ex 2018-09-03 01:58:55 +00:00
26f8697400 Update mastodon_api_controller.ex 2018-09-03 01:52:02 +00:00
2b2bd0e047 Render notification IDs as strings, not numbers 2018-09-03 01:40:05 +00:00
Thurloat
4257f784bc sloop around get_emoji/1 to check is_binary and have a fallthrough
default that returns empty
2018-09-02 20:44:37 -03:00
Haelwenn (lanodan) Monnier
754deb26dd
[Pleroma.Uploaders.Local]: Add configuration for custom url path
One use-case being an external caching proxy
2018-09-02 19:00:16 +02:00
kaniini
b7923aa304 Merge branch 'hotfix_broken_likes' into 'develop'
hotfix for broken like completely breaking the notifications API

See merge request pleroma/pleroma!284
2018-09-02 12:37:00 +00:00
William Pitcock
834515fb51 formatter: don't add XSS emoji 2018-09-02 00:04:09 +00:00
kaniini
3c7280934e Merge branch 'security/activitypub-spoofing' into 'develop'
security: activitypub spoofing

See merge request pleroma/pleroma!321
2018-09-01 23:48:55 +00:00
William Pitcock
03e92977cb transmogrifier: fix peertube/plume actor handling 2018-09-01 23:44:19 +00:00
William Pitcock
0b2c051a04 activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor 2018-09-01 23:20:02 +00:00
William Pitcock
e2ce0e9e05 run mix format. 2018-09-01 21:12:42 +00:00
Martin Kühl
84d84e4ca4 OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
ad2a7972e7 OAuth: Set created_at in token exchange response
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
b60d232719 AccountView: sensitive is supposed to be a boolean, not a string 2018-09-01 23:10:48 +02:00
William Pitcock
c921d99898 config: add ability to disable Pleroma FE config management (closes #276) 2018-09-01 21:05:32 +00:00
kaniini
2e2f458705 Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
Clean code duplication in MastoAPI search(v1/v2)

See merge request pleroma/pleroma!316
2018-09-01 09:12:59 +00:00
Will Pearson
0c2a0e3551 Specify default scope in verify_credentials
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.

Currently, Pleroma hardcodes this value to "public".

This patch changes it to the user's default_scope value.
2018-08-31 21:04:46 -07:00
Haelwenn (lanodan) Monnier
8885d16e1b
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication 2018-09-01 03:11:58 +02:00
Thurloat
a9c0f395cb add nil clause for Formatter.get_emoji/1 to return an empty result 2018-08-31 14:29:23 -03:00
lambda
58539e1357 Revert "Merge branch 'feature/rich-text' into 'develop'"
This reverts merge request !309
2018-08-31 09:51:20 +00:00
William Pitcock
856b5e1ca4 config: chase pleroma-fe updates from MR pleroma-fe!324. 2018-08-31 04:01:21 +00:00
kaniini
a26d5e6b2a Merge branch 'feature/rich-text' into 'develop'
rich text support

See merge request pleroma/pleroma!309
2018-08-31 03:41:00 +00:00
William Pitcock
6aa65b68b8 common api: add support for formatting messages outside of twitter-style plain text 2018-08-31 03:13:59 +00:00
kaniini
e838969495 Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
use media proxy for the suggestions api

See merge request pleroma/pleroma!305
2018-08-30 23:06:30 +00:00
kaniini
65e8d47cfb Merge branch 'backendhack' into 'develop'
Flexible Storage Backends

See merge request pleroma/pleroma!304
2018-08-30 23:05:01 +00:00
Thurloat
adffad5502 increase uploader behaviour documentation accuracy. 2018-08-30 09:20:29 -03:00
Thurloat
af01f0196a Add backend failure handling with :ok | :error so the uploader can handle it.
defaulting to :ok, since that's the currently level of error handling.
2018-08-29 22:07:28 -03:00
William Pitcock
29b5e30c46 activity: drop recipients_to/recipients_cc fields 2018-08-29 18:41:02 +00:00
William Pitcock
de9acebbf3 activitypub: use jsonb query for containment instead of recipients_to/recipients_cc. 2018-08-29 18:41:02 +00:00
href
ddc6f32b75
Fix Mastodon API when actor's nickname is null 2018-08-29 16:32:50 +02:00
William Pitcock
cce9d008f9 streamer: contain list updates in the same way as we do with the database query 2018-08-29 09:23:05 +00:00
William Pitcock
ded9091206 mastodon api: use bounded AP object graph query to enforce containment of private statuses 2018-08-29 08:51:51 +00:00
William Pitcock
643fae6e36 activitypub: allow querying the activity/object graph bounded to a specific to/cc set 2018-08-29 08:51:23 +00:00
William Pitcock
81673b8136 activity: add recipients_to and recipients_cc fields 2018-08-29 08:42:33 +00:00
Thurloat
d424e9fa5f fix S3 ref in sample config to generate proper path. 2018-08-28 23:49:23 -03:00
Thurloat
ab9e5d64d6 add a sample swift config 2018-08-28 22:39:33 -03:00
Thurloat
2ff25ac0ce A hobbldey-working swift client.
apparently, all elixir openstack libraries are trash
luckily, the APIs are stupid easy.
2018-08-28 22:32:24 -03:00
Thurloat
9fc20ed572 works now, tested with profile photo upload on local backend. 2018-08-28 20:04:26 -03:00
Thurloat
dad39b24a1 add the behaviour, work on actually making it work. 2018-08-28 19:48:03 -03:00
shibayashi
18ad8aaecf
Explicitly set 'http_only' to true 2018-08-28 22:34:31 +02:00
Thurloat
8d2d7a8859 Implement uploader behaviour
run formatter <#
2018-08-28 09:57:41 -03:00
shibayashi
4656a07e9e
Set SameSite flag to 'Strict' 2018-08-28 14:03:29 +02:00
Hakaba Hitoyo
6cbfb5ab5d use media proxy for suggestions api 2018-08-28 17:01:17 +09:00
Thurloat
0df558a6a5 cleaning up a bit. 2018-08-27 22:45:53 -03:00
Thurloat
709816a0f8 example of flexible storage backends 2018-08-27 22:20:54 -03:00
William Pitcock
d22f66655b upload: formatting 2018-08-28 00:25:30 +00:00
William Pitcock
1596185ac6 upload: add the S3 support itself 2018-08-28 00:18:44 +00:00
William Pitcock
03c35e579b sample config: add S3 public endpoint option 2018-08-28 00:18:24 +00:00
William Pitcock
86c007ddd2 upload: strip exif data before finalizing the file path 2018-08-27 23:36:30 +00:00
William Pitcock
e95d958b52 sample config: show how amazon s3 support is activated, including third-party clones like wasabi 2018-08-27 23:30:53 +00:00
shibayashi
0c4493f144
Fix formatting 2018-08-28 00:47:34 +02:00
shibayashi
b9a642da1e
Add Secure and SameSite cookie flags 2018-08-28 00:40:58 +02:00
Henry Jameson
0f1c629d65 better solution, added test. 2018-08-27 17:07:26 +03:00
Haelwenn (lanodan) Monnier
6973b77e94
[Pleroma.Web.MastodonAPI.FilterView] fix expires_at being a unsafe variable 2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
9bddb39ff0
[Pleroma.Web.MastodonAPI.FilterView]: expires_at should be null when N/A 2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
d571a571fe
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.4.3 2018-08-27 15:09:06 +02:00