Commit graph

5920 commits

Author SHA1 Message Date
Ariadne Conill 739bbe0d3b security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
Moonman f98f7ad1b9 detect and use sha512-crypt for stored password hash. 2019-07-14 09:48:42 -07:00
kaniini 93701c3399 Merge branch 'chore/remove-cc-by-nc-nd-license' into 'develop'
remove CC-BY-NC-ND license.

See merge request pleroma/pleroma!1415
2019-07-14 16:43:55 +00:00
Ariadne Conill 26f265fb0e remove CC-BY-NC-ND license.
we moved branding assets (mascot etc) to CC-BY-SA a while back.
2019-07-14 16:43:00 +00:00
kaniini cef4337f95 Merge branch 'bugfix/llal-object-containment' into 'develop'
Object.Fetcher: Handle error on Containment.contain_origin/2

See merge request pleroma/pleroma!1414
2019-07-14 16:39:17 +00:00
Haelwenn (lanodan) Monnier 2592934480
Object.Fetcher: Keep the with-do block as per kaniini proposition 2019-07-14 17:28:25 +02:00
Haelwenn (lanodan) Monnier a2c601acb5
FetcherTest: Containment refute called(OStatus.fetch_activity_from_url) 2019-07-14 17:05:32 +02:00
Haelwenn (lanodan) Monnier e1c08a67d6
Object.Fetcher: Fallback to OStatus only if AP actually fails 2019-07-14 17:05:31 +02:00
kaniini 1589b170e8 Merge branch 'feature/1072-muting-notifications' into 'develop'
Feature/1072 muting notifications

Closes #1072

See merge request pleroma/pleroma!1398
2019-07-14 13:29:32 +00:00
Alexander Strizhakov e7c39b7ac8 Feature/1072 muting notifications 2019-07-14 13:29:31 +00:00
Haelwenn (lanodan) Monnier 40d0a198e2
Object.Fetcher: Handle error on Containment.contain_origin/2 2019-07-14 14:58:47 +02:00
Haelwenn (lanodan) Monnier f00562ed6b
HttpRequestMock: Add 404s on OStatus fetching for info.pleroma.site 2019-07-14 13:55:41 +02:00
Haelwenn (lanodan) Monnier efa9a13d4e
HttpRequestMock: Add missing mocks for object containment tests 2019-07-14 13:55:41 +02:00
kaniini 9f211838ec Merge branch 'rich_media_parsers_configurable' into 'develop'
parsers configurable

See merge request pleroma/pleroma!1400
2019-07-14 09:53:42 +00:00
Alex S 7af27c143d changelog & docs 2019-07-14 09:23:43 +03:00
Alex S f4447d82b8 parsers configurable 2019-07-14 09:21:56 +03:00
kaniini 592411e4fe Merge branch 'feature/mrf-transparency-filter' into 'develop'
nodeinfo: implement MRF transparency exclusions

See merge request pleroma/pleroma!1412
2019-07-13 19:06:54 +00:00
Ariadne Conill 0cc638b968 docs: note that exclusions usage will be included in the transparency metrics if used 2019-07-13 19:00:03 +00:00
Ariadne Conill 80c46d6d8b nodeinfo: implement MRF transparency exclusions 2019-07-13 18:53:14 +00:00
kaniini f4c001062e Merge branch '1041-status-actions-rate-limit' into 'develop'
Rate-limited status actions (per user and per user+status).

Closes #1041

See merge request pleroma/pleroma!1410
2019-07-13 14:17:17 +00:00
Ivan Tashkinov d72876c57d [#1041] Minor refactoring. 2019-07-13 15:21:50 +03:00
Ivan Tashkinov b74d11e20a [#1041] Added documentation on existing rate limiters. 2019-07-13 15:13:26 +03:00
Haelwenn 9497d14f09 Merge branch 'fix/hackney-global-options' into 'develop'
Merge the default options with custom ones in ReverseProxy and Pleroma.HTTP and workaround for remote server certificate chain issues

See merge request pleroma/pleroma!1409
2019-07-13 11:55:09 +00:00
Ivan Tashkinov 369e9bb42f [#1041] Rate-limited status actions (per user and per user+status). 2019-07-13 14:49:39 +03:00
rinpatch 29ffe81c2e Add a changelog entry for tolerating incorrect chain order 2019-07-13 13:38:53 +03:00
Haelwenn 02cdedbf9f Merge branch 'fix/ap-hide-follows' into 'develop'
ActivityPub Controller: Change how hiding follows/followers is represented

See merge request pleroma/pleroma!1406
2019-07-13 10:22:19 +00:00
rinpatch fa7e0c4262 Workaround for remote server certificate chain issues 2019-07-12 23:53:21 +03:00
rinpatch b001b8891a Merge the default options with custom ones in ReverseProxy and
Pleroma.HTTP
2019-07-12 23:52:26 +03:00
rinpatch f40004e746 Add changelog entries for follower/following collection behaviour changes 2019-07-12 21:49:16 +03:00
rinpatch 095117a58c Merge branch 'develop' into fix/ap-hide-follows 2019-07-12 21:43:06 +03:00
rinpatch 97b79efbcd ActivityPub Controller: Actually pass for_user to following/followers
views and give 403 errors when trying to request hidden follower pages
when unauthenticated
2019-07-12 20:54:20 +03:00
Sachin Joshi f8e3ae6154 try to always match the filename for proxy url 2019-07-12 22:56:14 +05:45
kaniini 5999780e82 Merge branch 'tests/web_metadata' into 'develop'
Pleroma.Web.Metadata - tests

See merge request pleroma/pleroma!1401
2019-07-12 16:42:54 +00:00
Maksim 92055941bd Pleroma.Web.Metadata - tests 2019-07-12 16:42:54 +00:00
rinpatch 1f6ac7680d ActivityPub User view: Following/Followers refactoring
- Render the collection items if the user requesting == the user
rendered
- Do not render the first page if hide_{followers,follows} is set, just
give the URI to it
2019-07-12 19:41:55 +03:00
kaniini 71cc0d5c17 Merge branch 'fix/pleroma-extensions' into 'develop'
Move new endpoints to pleroma namespace in Mastodon API

See merge request pleroma/pleroma!1404
2019-07-12 16:33:58 +00:00
Mark Felder 360e4cdaa2 Move these to pleroma namespace in Mastodon API 2019-07-12 11:25:58 -05:00
rinpatch 27ed260eed AP user view: Add a test for hiding totalItems in following/followers 2019-07-12 18:36:14 +03:00
kaniini b6567c9f4e Merge branch 'url-parser-proxy' into 'develop'
preserve the original path/filename (no encoding/decoding) for proxy

See merge request pleroma/pleroma!1403
2019-07-12 15:34:00 +00:00
Sachin Joshi 6a6c4d134b preserve the original path/filename (no encoding/decoding) for proxy 2019-07-12 21:05:01 +05:45
kaniini db75288b71 Merge branch 'search-limit-offset-type' into 'develop'
Add account_id, type, limit, and offset to GET /api/v1/search and /api/v2/search

See merge request pleroma/pleroma!1386
2019-07-11 13:55:31 +00:00
Eugenij 4198c3ac39 Extend Pleroma.Pagination to support offset-based pagination, use async/await to execute status and account search in parallel 2019-07-11 13:55:31 +00:00
Egor Kislitsyn 9991254c06 Update CHANGELOG 2019-07-11 20:17:03 +07:00
kaniini 4d382d1347 Merge branch 'admin-configure' into 'develop'
admin api configure changes

See merge request pleroma/pleroma!1345
2019-07-11 13:02:13 +00:00
Alexander Strizhakov 846ad9a463 admin api configure changes 2019-07-11 13:02:13 +00:00
kaniini e4e3fd7e55 Merge branch 'fix/1019-refactor' into 'develop'
Fix/1019 refactor

See merge request pleroma/pleroma!1397
2019-07-11 13:01:11 +00:00
Egor Kislitsyn 9e06873d58 Add list to Visibility 2019-07-11 19:29:24 +07:00
Egor Kislitsyn 958fb9aa80 Add "listMessage" 2019-07-11 16:36:08 +07:00
kaniini 6c491b2006 Merge branch 'chore/mailmap' into 'develop'
add mailmap [ci skip]

See merge request pleroma/pleroma!1399
2019-07-11 09:03:17 +00:00
Ariadne Conill 347a1823fd add mailmap [ci skip] 2019-07-11 08:57:51 +00:00