Commit Graph

3826 Commits

Author SHA1 Message Date
Ivan Tashkinov
1a46a13d15 [#161] Limited replies depth on incoming federation in order to prevent memory leaks on recursive replies fetching. 2019-08-14 02:08:52 +00:00
Ariadne Conill
c7a3a15c3d mrf_vocabulary: add describe API support 2019-08-14 01:50:26 +00:00
Ariadne Conill
eed36278a6 MRF: add vocabulary policy module 2019-08-14 01:50:26 +00:00
Ariadne Conill
fb77dc50aa fix credo 2019-08-14 01:50:26 +00:00
Ariadne Conill
4ccd3410a8 nodeinfo: use MRF.describe() instead of hardcoded MRF transparency stuff 2019-08-14 01:50:26 +00:00
Ariadne Conill
7e2bc39f3c MRF: add describe() to all modules, add base MRF configuration to base describe() 2019-08-14 01:50:26 +00:00
Ariadne Conill
e13edc2d3b MRF: add describe() for gathering and describing the MRF configuration 2019-08-14 01:50:26 +00:00
Ariadne Conill
29db8dc799 config: remove legacy activitypub accept_blocks setting
Anyone who is interested in dropping blocks can write their own MRF
policy at this point.  This setting predated the MRF framework.

Disabling the side effect (unsubscription) is still a config option
per policy.
2019-08-14 01:50:26 +00:00
rinpatch
5af3c00072 Do not fetch the reply object in fix_type unless the object has the
`name` key and use a depth limit when fetching it
2019-08-14 01:50:22 +00:00
Maksim
60c75d6740 #1110 fixed /api/pleroma/healthcheck 2019-08-14 01:50:22 +00:00
Ariadne Conill
4d0dd04653 MRF: ensure that subdomain_match calls are case-insensitive 2019-08-14 01:50:22 +00:00
Sergey Suprunenko
25c818ed6f Redirect not logged-in users to the MastoFE login page on private instances 2019-08-14 01:50:22 +00:00
Sergey Suprunenko
48bd4ee933 Strip internal fields including likes from incoming and outgoing activities 2019-08-14 01:50:22 +00:00
rinpatch
7e412fd88a Do not rembed the object after updating it 2019-08-14 01:50:22 +00:00
rinpatch
1807d3a115 OStatus Announce Representer: Do not depend on the object being embedded
in the Create activity
2019-08-14 01:50:21 +00:00
rinpatch
b85840b536 Stop depending on the embedded object in restrict_favorited_by 2019-08-14 01:50:21 +00:00
Alexander Strizhakov
b9def3758a Feature/1087 wildcard option for blocks 2019-08-14 01:50:21 +00:00
Sachin Joshi
e08b97853f add listener port and ip option for 'pleroma.instance gen' and enable its test 2019-08-14 01:50:21 +00:00
Ariadne Conill
8a8fe57670 tasks: relay: add list task 2019-08-14 01:50:21 +00:00
Sergey Suprunenko
1310cdc24f Handle MRF rejections of incoming AP activities 2019-08-14 01:50:21 +00:00
Haelwenn (lanodan) Monnier
54d4ceec5c tasks/pleroma/user.ex: Fix documentation of --max-use and --expire-at
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1155

[ci skip]
2019-08-14 01:50:21 +00:00
Haelwenn (lanodan) Monnier
f270e33208 tasks/pleroma/instance.ex: Change :upload_dir to :uploads_dir
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1058
2019-08-14 01:50:21 +00:00
Haelwenn (lanodan) Monnier
65bd927cf2 templates/layout/app.html.eex: Style anchors
[ci skip]
2019-08-14 01:50:21 +00:00
Thibaut Girka
a3654d9479 Return profile URL in MastodonAPI's url field 2019-08-14 01:50:21 +00:00
Thibaut Girka
b29dcc8c1b Simplify logic to mention.js url field
`User.profile_url` already fallbacks to ap_id
2019-08-14 01:50:21 +00:00
Thibaut Girka
6525fbac95 Return profile URL when available instead of actor URI for MastodonAPI mention URL
Fixes #1165
2019-08-14 01:50:21 +00:00
rinpatch
ba21d515d6 Mastodon API: Fix thread mute detection
It was calling CommonAPI.thread_muted? with post author's account
instead of viewer's one.
2019-08-14 01:50:21 +00:00
rinpatch
dcd30e3ceb Mastodon API: Set follower/following counters to 0 when hiding
followers/following is enabled

We are already doing that in AP representation, so I think we should do
it here as well for consistency.
2019-08-14 01:50:21 +00:00
Ariadne Conill
e5cb15ce2b twitter api: utils: rework do_remote_follow() to use CommonAPI
Closes #1138
2019-07-31 20:12:25 +00:00
rinpatch
2c2c075fd6 Disallow following locked accounts over OStatus 2019-07-31 20:08:59 +00:00
Ariadne Conill
59e60c6db1 ostatus: explicitly disallow protocol downgrade from activitypub
This closes embargoed bug #1135.
2019-07-31 18:57:52 +00:00
Ariadne Conill
f685e887b3 transmogrifier: use User.delete() instead of handrolled user deletion code for remote users
Closes #1104
2019-07-28 23:09:55 +00:00
Sergey Suprunenko
2b38961bf6 Handle 303 redirects 2019-07-28 22:50:47 +00:00
rinpatch
2914f8a749 Merge the default options with custom ones in ReverseProxy and
Pleroma.HTTP
2019-07-28 22:47:41 +00:00
rinpatch
67c5e6541e Formatting 2019-07-28 22:44:14 +00:00
rinpatch
48aed88dbd FallbackRedirector: Do not crash on Metadata rendering errors 2019-07-28 22:43:11 +00:00
rinpatch
fd4963006a OGP/TwitterCard: Add fallbacks in case the attachment key is nonexistent 2019-07-28 22:42:38 +00:00
rinpatch
6a35c151c6 Fix not being able to pin unlisted posts
Closes #1038
2019-07-28 22:39:10 +00:00
Sachin Joshi
1e5d889aec preserve the original path/filename (no encoding/decoding) for proxy 2019-07-28 22:37:18 +00:00
Sachin Joshi
ccafecf9be try to always match the filename for proxy url 2019-07-28 22:36:42 +00:00
lain
8123578bf8 Status View: Poll ids are strings.
All ids in mastodon are strings, in general.
2019-07-28 22:33:09 +00:00
Ariadne Conill
f1147a3d7f fix backport 2019-07-14 20:02:39 +00:00
Haelwenn (lanodan) Monnier
3e298cc85a HttpRequestMock: Add missing mocks for object containment tests 2019-07-14 20:00:17 +00:00
Ariadne Conill
7523ab1495 object: fix backport 2019-07-14 19:39:37 +00:00
Ariadne Conill
cdf2ff8176 nodeinfo: implement MRF transparency exclusions 2019-07-14 19:31:55 +00:00
Haelwenn (lanodan) Monnier
48927b1d3b Object.Fetcher: Keep the with-do block as per kaniini proposition 2019-07-14 19:30:39 +00:00
Haelwenn (lanodan) Monnier
e7a472a11f Object.Fetcher: Fallback to OStatus only if AP actually fails 2019-07-14 19:30:13 +00:00
Ariadne Conill
6d715b7702 security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 19:28:47 +00:00
lain
2286f62a36 Merge branch 'release-docs' into 'develop'
Docs on OTP releases

See merge request pleroma/pleroma!1315
2019-06-28 15:26:09 +00:00
kaniini
0369a5db16 Merge branch 'idempotency-plug' into 'develop'
Add IdempotencyPlug and use it in all of the api

Closes #1003

See merge request pleroma/pleroma!1339
2019-06-27 04:20:17 +00:00