Commit Graph

2697 Commits

Author SHA1 Message Date
William Pitcock
e9ef4b8da6 oauth: never use base64 padding when returning tokens to applications
The normal Base64 alphabet uses the equals sign (=) as a padding character.  Since
Base64 strings are self-synchronizing, padding characters are unnecessary, so don't
generate them in the first place.
2019-02-14 01:10:04 +00:00
Mark Felder
f62c1d6266 Improve login error for OAuth flow 2019-02-13 22:33:22 +00:00
lain
88a4de24f9 User.follow_all: Respect blocks in both directions. 2019-02-13 13:52:27 +01:00
hakabahitoyo
b7bc666200 bugfix mdii uploader 2019-02-13 15:46:42 +09:00
Haelwenn (lanodan) Monnier
da4c662af3
Plugs.HTTPSecurityPlug: Add webpacker to connect-src 2019-02-12 22:12:12 +01:00
Haelwenn (lanodan) Monnier
00e8f0b07d
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
This is needed to run dev mode mastofe at the same time
2019-02-12 22:12:11 +01:00
shibayashi
ea1058929c
Use url[:scheme] instead of protocol to determine if https is enabled 2019-02-12 00:08:52 +01:00
rinpatch
379d04692c Filter summary in keywordpolicy 2019-02-11 21:35:40 +03:00
rinpatch
39383a6b79 Merge branch 'feature/thread-muting' into 'develop'
Feature/thread muting

See merge request pleroma/pleroma!796
2019-02-11 15:02:14 +00:00
lambda
044616292b Merge branch 'feature/rich-media-limits' into 'develop'
rich media: tighten fetching timeouts and size limits

See merge request pleroma/pleroma!809
2019-02-11 12:33:58 +00:00
Karen Konou
ac72b578da Merge branch 'develop' into feature/thread-muting 2019-02-11 12:10:49 +01:00
Karen Konou
c01ef574c1 Refactor as per Rin's suggestions, add endpoint tests 2019-02-11 12:04:02 +01:00
lambda
d53e36bf1e Revert "Merge branch 'object-creation' into 'develop'"
This reverts merge request !802
2019-02-11 08:07:39 +00:00
William Pitcock
45e57dd187 rich media: tighten fetching timeouts and size limits 2019-02-10 21:54:08 +00:00
kaniini
6c8d15da11 Merge branch 'fix/credo-issues' into 'develop'
Fix credo issues

See merge request pleroma/pleroma!786
2019-02-10 20:54:21 +00:00
Karen Konou
cc21fc5f53 refactor, status view updating, error handling 2019-02-10 10:42:30 +01:00
rinpatch
e0de0fcf22 Merge branch 'object-creation' into 'develop'
Do object insertion through Cachex

See merge request pleroma/pleroma!802
2019-02-10 07:39:27 +00:00
kaniini
d5fe05c37e Merge branch 'follow-enhancements' into 'develop'
Respect blocks in mass follow.

See merge request pleroma/pleroma!797
2019-02-09 21:03:42 +00:00
lain
f8388be9c6 Do object insertion through Cachex
So we don't flood our postgres logs with errors. Should also make things
slightly faster.
2019-02-09 22:01:08 +01:00
Karen Konou
6a150de3bd Add unique index and unique constraint check, uniqueness test fails 2019-02-09 20:52:11 +01:00
Karen Konou
638456ce8f elixir too new for CI's mix format lol 2019-02-09 18:08:46 +01:00
Karen Konou
a0d732ec55 it works!! 2019-02-09 17:47:57 +01:00
Haelwenn (lanodan) Monnier
6ca633ddd3
Mix.Tasks.Pleroma.Uploads: Disable Enum.reduce warning on line 100 (unsure) 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier
d924dc73ba
de-group import/s 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier
6a6a5b3251
de-group alias/es 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier
381fe44172
HTML.Scrubber.Default: Consistency 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
2272934a5e
Stash 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
d2e4eb7c74
Web.ActivityPub.ActivityPub: assign the Enum.filter to recipients & simplify it 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
bd9b5fffbc
Mix.Tasks.Pleroma.Uploads: Fix typo in documentation 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
473095faf2
Web.Federator: Fix unused variable 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
60ea29dfe6
Credo fixes: alias grouping/ordering 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
106f4e7a0f
Credo fixes: parameter consistency 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
8bcfac93a8
Make credo happy 2019-02-09 14:59:20 +01:00
lain
563f04e81b Do autofollow first. 2019-02-09 13:39:57 +01:00
lain
bbd0049fae Respect blocks in mass follow. 2019-02-09 13:24:23 +01:00
lambda
1eecbc1cd1 Merge branch 'feature/keyword-policy' into 'develop'
Add keyword policy

See merge request pleroma/pleroma!794
2019-02-09 11:38:37 +00:00
Karen Konou
7e47a810a2 help i am not good with git 2019-02-08 13:22:29 +01:00
Karen Konou
5c5b228f21 Added thread unmuting (still a bit buggy maybe) 2019-02-08 13:20:40 +01:00
Karen Konou
a44e532fb1 Added thread unmuting (still a bit buggy maybe) 2019-02-08 13:17:11 +01:00
rinpatch
7356659273 wow 2019-02-08 15:12:13 +03:00
Karen Konou
98ec578f4d Merge branch 'develop' into feature/thread-muting 2019-02-08 12:44:02 +01:00
rinpatch
f88dec8b33 What idiot did that? (me) 2019-02-08 13:16:50 +03:00
rinpatch
6c21f5aa16 Merge branch 'develop' into feature/keyword-policy 2019-02-08 13:12:33 +03:00
rinpatch
8a0b755c19 rename ftl_removal to federated_timeline_removal to keep consistent naming with SimplePolicy 2019-02-08 13:12:09 +03:00
rinpatch
2174f6eb4f Add default config for keyword policy 2019-02-08 12:48:39 +03:00
rinpatch
46aa8c18a2 Add keyword policy 2019-02-08 12:38:24 +03:00
Karen Konou
c43f414a79 Somehow fixed the repo insert [skip-ci] 2019-02-07 23:44:49 +01:00
Karen Konou
7e3ec93ed0 made a silly oopsie 2019-02-07 22:59:53 +01:00
Karen Konou
77448de492 ugghhhh 2019-02-07 22:25:07 +01:00
Ivan Tashkinov
2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00