Commit graph

268 commits

Author SHA1 Message Date
Ivan Tashkinov
2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov
027adbc9e5 [#468] Refactored OAuth scopes parsing / defaults handling. 2019-02-14 17:03:19 +03:00
Ivan Tashkinov
063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages. 2019-02-14 00:29:29 +03:00
Ivan Tashkinov
2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
Mark Felder
74518d0b60 hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
This was a dirty regex replace which worked on my server
2019-02-06 22:34:44 +00:00
Maxim Filippov
16ce129e38 Split hide_network into hide_followers & hide_followings (fixed) 2019-02-03 21:55:04 +03:00
kaniini
486749064f Revert "Merge branch 'feature/split-hide-network' into 'develop'"
This reverts merge request !733
2019-02-01 20:22:58 +00:00
eugenijm
d747bd9870 Use String.replace_leading instead of String.replace for getting websocket streaming api url.
Extract the login responsible for obtaining websocket URL into the corresponding
Endpoint function.
2019-02-01 21:58:43 +03:00
Haelwenn (lanodan) Monnier
74c6119f28
MastodonAPI.MastodonAPIController: Return a 404 when we fail to get a list 2019-02-01 18:21:16 +01:00
kaniini
0a82a7e6d6 Merge branch 'feature/split-hide-network' into 'develop'
Split hide_network into hide_followers & hide_followings

See merge request pleroma/pleroma!733
2019-02-01 17:05:29 +00:00
Haelwenn
00d4333373 Merge branch 'features/glitch-soc-frontend' into 'develop'
Features/glitch soc frontend

See merge request pleroma/pleroma!192
2019-01-31 10:16:11 +00:00
href
4aff4efa8d
Use multiple hackney pools
* federation (ap, salmon)
* media (rich media, media proxy)
* upload (uploader proxy)

Each "part" will stop fighting others ones -- a huge federation outbound
could before make the media proxy fail to checkout a connection in time.

splitted media and uploaded media for the good reason than an upload
pool will have all connections to the same host (the uploader upstream).
it also has a longer default retention period for connections.
2019-01-30 15:06:46 +01:00
Maxim Filippov
50d6183893 Split hide_network into hide_followers & hide_followings 2019-01-28 21:40:08 +03:00
William Pitcock
8e42251e06 rich media: add helpers module, use instead of MastodonAPI module 2019-01-28 06:04:54 +00:00
William Pitcock
24a103a1fe mastodon api: formatting 2019-01-28 05:53:17 +00:00
William Pitcock
132d815f1f mastodon api: factor out status card fetching, move status card rendering to statusview, add opengraph extended data 2019-01-28 05:53:17 +00:00
Haelwenn (lanodan) Monnier
cda1470e02
[MastoAPI][GlitchAPI] Add bookmarks 2019-01-28 04:47:32 +01:00
kaniini
5eb81d2c72 Merge branch 'features/mastoapi-multi-hashtag' into 'develop'
MastodonAPI multi-hashtag

See merge request pleroma/pleroma!652
2019-01-27 12:45:50 +00:00
Haelwenn (lanodan) Monnier
de956b9e04
Web.MastodonAPI.MastodonAPIController: tag+any bookmark params in a array and flatten it 2019-01-26 16:46:20 +01:00
William Pitcock
1f7843b9b8 mastodon api: use OGP uri instead of page_url for deducing domain name, fix test 2019-01-26 15:24:16 +00:00
William Pitcock
86037e9c39 mastodon api: use HTML.extract_first_external_url() 2019-01-26 15:13:27 +00:00
William Pitcock
78047d57bf mastodon api: provider_name setting is required too on the card 2019-01-26 14:47:32 +00:00
Haelwenn (lanodan) Monnier
39863236eb Web.MastodonAPI.MastodonAPIController: generic get_status_card/1 function for MastoAPI 2.6.x
Mastodon API 2.6.x added a card key to the Status object so the Card can be shown in the timeline without an extra request at each status.
2019-01-26 14:18:23 +00:00
Haelwenn (lanodan) Monnier
3f64379b13 Web.MastodonAPI.MastodonAPIController: Add Rich-Media support 2019-01-26 14:18:23 +00:00
Haelwenn (lanodan) Monnier
5a84def6a6
Fix the logic in multi-hashtag TLs 2019-01-26 04:46:02 +01:00
Haelwenn (lanodan) Monnier
f9cae0d04f
[WIP,MastoAPI] Multi-tag timelines 2019-01-26 04:45:36 +01:00
Haelwenn (lanodan) Monnier
98c8184c1f
Activity: get_create_activity_by_object_ap_id/1 → get_create_by_object_ap_id/1 2019-01-21 08:00:41 +01:00
lambda
f3045a179e Merge branch 'i1t/pleroma-477_user_search_improvements' into 'develop'
I1t/pleroma 477 user search improvements

See merge request pleroma/pleroma!685
2019-01-20 10:24:05 +00:00
Mark Felder
8c368d42a2 Make attachment links configurable
Thanks @href!
2019-01-17 15:48:14 +00:00
Ivan Tashkinov
dc45ec62c2 [#477] User search improvements: tsquery search with field weights, friends & followers boosting. 2019-01-14 20:04:45 +03:00
Sadposter
9daf162461 Honour parameters on MastoAPI /favourites 2019-01-12 14:42:52 +00:00
Sadposter
144b48da95 Add link headers to MastoAPI /favourites
As documented at https://docs.joinmastodon.org/api/rest/favourites/
2019-01-12 14:03:35 +00:00
Egor Kislitsyn
f24087f96e Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into feature/pinned-posts 2019-01-07 20:55:32 +07:00
Egor Kislitsyn
380e9fba21 add pinned posts 2019-01-07 20:45:33 +07:00
scarlett
36fa5e8802 Check visible_for_user when performing a search using a direct link. 2019-01-07 10:36:31 +00:00
kaniini
90e157ef80 Merge branch 'features/admin-api-user-views' into 'develop'
User/Account views: Add rights.admin

Closes #472

See merge request pleroma/pleroma!589
2018-12-31 15:49:34 +00:00
William Pitcock
980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
Ivan Tashkinov
6e9a15b181 [#483] Blocked users export for TwitterAPI. 2018-12-28 21:08:07 +03:00
Haelwenn (lanodan) Monnier
b43d630f30
Web.TwitterAPI.UserView: Add rights.admin 2018-12-28 17:38:32 +01:00
William Pitcock
2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
Ivan Tashkinov
279096228c [#114] Made MastodonAPI and TwitterAPI user show actions return 404 for auth-inactive users
unless requested by admin or moderator.
2018-12-19 18:56:52 +03:00
href
5dcb7aecea
More put_view. 2018-12-16 17:51:22 +01:00
eal
28478a9c4f Merge branch 'fix/masto-put-settings' into 'develop'
Mastodon API: Fix PUT /api/web/settings

See merge request pleroma/pleroma!557
2018-12-16 11:21:26 +00:00
eal
4c783e35c0 Mastodon API: Fix PUT /api/web/settings 2018-12-16 13:15:34 +02:00
href
0b4c61e8d5
Fix warning 2018-12-14 13:56:42 +01:00
href
ec0e613eca
Pleroma.Activity.mastodon_notification_type/1 2018-12-14 13:22:10 +01:00
href
331396cbcd
Properly disable Web Push if no VAPID key is set 2018-12-14 13:05:51 +01:00
Maksim Pechnikov
074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
kaniini
1d531fd2f3 Merge branch 'fix/mastodon-api-settings' into 'develop'
Fix put_settings and remove info_changeset

See merge request pleroma/pleroma!507
2018-12-06 16:01:58 +00:00
kaniini
abead01ab6 Merge branch 'correct-and-improve-http-options' into 'develop'
Correct and improve http options

See merge request pleroma/pleroma!505
2018-12-06 15:57:56 +00:00