Commit graph

428 commits

Author SHA1 Message Date
Ivan Tashkinov bc4f77b10b [#468] Merged upstream/develop, resolved conflicts. 2019-02-17 14:07:04 +03:00
Ivan Tashkinov dcf24a3233 [#468] Refactored OAuth scopes' defaults & missing selection handling. 2019-02-17 13:49:14 +03:00
Ivan Tashkinov 2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov 027adbc9e5 [#468] Refactored OAuth scopes parsing / defaults handling. 2019-02-14 17:03:19 +03:00
Ivan Tashkinov 063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages. 2019-02-14 00:29:29 +03:00
Karen Konou ac72b578da Merge branch 'develop' into feature/thread-muting 2019-02-11 12:10:49 +01:00
Karen Konou c01ef574c1 Refactor as per Rin's suggestions, add endpoint tests 2019-02-11 12:04:02 +01:00
Karen Konou cc21fc5f53 refactor, status view updating, error handling 2019-02-10 10:42:30 +01:00
Haelwenn (lanodan) Monnier 6a6a5b3251
de-group alias/es 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier 8bcfac93a8
Make credo happy 2019-02-09 14:59:20 +01:00
Karen Konou 98ec578f4d Merge branch 'develop' into feature/thread-muting 2019-02-08 12:44:02 +01:00
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
Karen Konou f4ff4ffba2 Migration and some boilerplate stuff 2019-02-07 17:36:14 +01:00
Mark Felder 74518d0b60 hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
This was a dirty regex replace which worked on my server
2019-02-06 22:34:44 +00:00
William Pitcock 65a4b9fbea mastodon api: rich media: don't clobber %URI struct with a string 2019-02-06 18:02:15 +00:00
kaniini eb2b1960e0 Merge branch 'feature/split-hide-network-v2' into 'develop'
Split hide_network into hide_followers & hide_followings (fixed)

See merge request pleroma/pleroma!765
2019-02-05 18:56:59 +00:00
William Pitcock 1d94b67e40 mastodon api: fix rendering of cards without image URLs (closes #597) 2019-02-05 18:30:27 +00:00
rinpatch 00835bf678 Merge branch 'fix/rich-media-relative-path' into 'develop'
Fix rich media relative path

Closes #588

See merge request pleroma/pleroma!759
2019-02-04 16:01:34 +00:00
Maxim Filippov 16ce129e38 Split hide_network into hide_followers & hide_followings (fixed) 2019-02-03 21:55:04 +03:00
rinpatch 68d461b3a9 Check if rich media uri is relative 2019-02-02 12:24:24 +03:00
rinpatch 833404f0f5 Use with instead of if in the card 2019-02-02 12:04:18 +03:00
rinpatch e4d18f328b merge only if page_url is an absolute path 2019-02-02 11:53:46 +03:00
rinpatch cbadf9d333 Fix rich media relative path 2019-02-02 11:38:37 +03:00
kaniini 486749064f Revert "Merge branch 'feature/split-hide-network' into 'develop'"
This reverts merge request !733
2019-02-01 20:22:58 +00:00
eugenijm d747bd9870 Use String.replace_leading instead of String.replace for getting websocket streaming api url.
Extract the login responsible for obtaining websocket URL into the corresponding
Endpoint function.
2019-02-01 21:58:43 +03:00
Haelwenn (lanodan) Monnier 74c6119f28
MastodonAPI.MastodonAPIController: Return a 404 when we fail to get a list 2019-02-01 18:21:16 +01:00
kaniini 0a82a7e6d6 Merge branch 'feature/split-hide-network' into 'develop'
Split hide_network into hide_followers & hide_followings

See merge request pleroma/pleroma!733
2019-02-01 17:05:29 +00:00
Haelwenn 00d4333373 Merge branch 'features/glitch-soc-frontend' into 'develop'
Features/glitch soc frontend

See merge request pleroma/pleroma!192
2019-01-31 10:16:11 +00:00
href 4aff4efa8d
Use multiple hackney pools
* federation (ap, salmon)
* media (rich media, media proxy)
* upload (uploader proxy)

Each "part" will stop fighting others ones -- a huge federation outbound
could before make the media proxy fail to checkout a connection in time.

splitted media and uploaded media for the good reason than an upload
pool will have all connections to the same host (the uploader upstream).
it also has a longer default retention period for connections.
2019-01-30 15:06:46 +01:00
Haelwenn ebb3496386 Merge branch 'feature/rich-media-part-2-electric-boogaloo' into 'develop'
Rich Media support, part 2.

See merge request pleroma/pleroma!719
2019-01-29 05:11:08 +00:00
Maxim Filippov 50d6183893 Split hide_network into hide_followers & hide_followings 2019-01-28 21:40:08 +03:00
Haelwenn de0fb88a9c Merge branch 'safe-render-activities' into 'develop'
remove unnecessary filter (re !723)

See merge request pleroma/pleroma!729
2019-01-28 11:48:03 +00:00
href df2f7b39dd
re f83bae7c: remove unnecessary filter 2019-01-28 12:24:14 +01:00
William Pitcock ddc7ae2c1a mastodon api: card: force OGP images through mediaproxy 2019-01-28 06:42:27 +00:00
William Pitcock 8e42251e06 rich media: add helpers module, use instead of MastodonAPI module 2019-01-28 06:04:54 +00:00
William Pitcock 24a103a1fe mastodon api: formatting 2019-01-28 05:53:17 +00:00
William Pitcock 5a37ddc2dc mastodon api: embed card in status object 2019-01-28 05:53:17 +00:00
William Pitcock 132d815f1f mastodon api: factor out status card fetching, move status card rendering to statusview, add opengraph extended data 2019-01-28 05:53:17 +00:00
Haelwenn (lanodan) Monnier cda1470e02
[MastoAPI][GlitchAPI] Add bookmarks 2019-01-28 04:47:32 +01:00
lambda 16ab1437d6 Merge branch 'safe-render-activities' into 'develop'
Views: wrap activity rendering in a rescue

See merge request pleroma/pleroma!723
2019-01-27 20:10:09 +00:00
href f83bae7c22
Views: wrap activity rendering in a rescue
this avoids complete timeline breakage when an activity fucks up
rendering.
2019-01-27 19:16:20 +01:00
kaniini 5eb81d2c72 Merge branch 'features/mastoapi-multi-hashtag' into 'develop'
MastodonAPI multi-hashtag

See merge request pleroma/pleroma!652
2019-01-27 12:45:50 +00:00
Haelwenn (lanodan) Monnier a65c188593
Web.MastodonAPI.AccountView: Add is_moderator and is_admin
Closes: https://git.pleroma.social/pleroma/pleroma/issues/557
2019-01-27 10:33:22 +01:00
Haelwenn (lanodan) Monnier de956b9e04
Web.MastodonAPI.MastodonAPIController: tag+any bookmark params in a array and flatten it 2019-01-26 16:46:20 +01:00
William Pitcock 1f7843b9b8 mastodon api: use OGP uri instead of page_url for deducing domain name, fix test 2019-01-26 15:24:16 +00:00
William Pitcock 86037e9c39 mastodon api: use HTML.extract_first_external_url() 2019-01-26 15:13:27 +00:00
William Pitcock 78047d57bf mastodon api: provider_name setting is required too on the card 2019-01-26 14:47:32 +00:00
Haelwenn (lanodan) Monnier 39863236eb Web.MastodonAPI.MastodonAPIController: generic get_status_card/1 function for MastoAPI 2.6.x
Mastodon API 2.6.x added a card key to the Status object so the Card can be shown in the timeline without an extra request at each status.
2019-01-26 14:18:23 +00:00
Haelwenn (lanodan) Monnier 3f64379b13 Web.MastodonAPI.MastodonAPIController: Add Rich-Media support 2019-01-26 14:18:23 +00:00
Haelwenn (lanodan) Monnier 5a84def6a6
Fix the logic in multi-hashtag TLs 2019-01-26 04:46:02 +01:00