Commit graph

420 commits

Author SHA1 Message Date
Ariadne Conill 739bbe0d3b security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers.  OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.

Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
Alex S f8786fa6f2 adding following_address field to user 2019-07-10 17:42:18 +03:00
Sergey Suprunenko 2d2b50ccca Send and handle "Delete" activity for deleted users 2019-07-10 05:16:08 +00:00
Eugenij f2c03425b0 Broadcast conversation update when DM is deleted 2019-06-24 07:14:04 +00:00
Maksim Pechnikov 1e7bb69a95 update ActivityPub#fetch_activities_query 2019-06-04 15:21:18 +03:00
Maksim Pechnikov 0acfcf6c52 update ActivityPub#fetch_activities_query 2019-06-04 15:04:36 +03:00
Maksim Pechnikov 4f2e359687 Merge branch 'develop' into issue/941 2019-06-04 09:49:08 +03:00
Maksim Pechnikov 080e1aa70e add option skip_thread_containment 2019-06-03 16:13:37 +03:00
rinpatch 5bd41fef8b Change query order in fetch_activities_for_context_query to make poll vote exclusion work 2019-06-03 10:58:37 +03:00
rinpatch 65db5e9f52 Resolve merge conflicts 2019-06-01 16:29:58 +03:00
rinpatch 300d94c628 Add poll votes
Also in this commit by accident:
- Fix query ordering causing exclude_poll_votes to not work
- Do not create notifications for Answer objects
2019-06-01 16:17:46 +03:00
lambda 2993361075 Merge branch 'hotfix/leaking-lists' into 'develop'
Mastodon API: Fix lists leaking private posts

See merge request pleroma/pleroma!1222
2019-05-31 13:26:48 +00:00
rinpatch d9c0650ff9 Mastodon API: Fix lists leaking private posts
Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).

Reported by @kurisu@iscute.moe via a DM
2019-05-31 15:25:17 +03:00
Egor Kislitsyn 99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
rinpatch 8b2d39c1ec Change the order of preloading when fetching activities for context 2019-05-23 14:03:16 +03:00
William Pitcock 60f882b09f activitypub: run user objects through MRF filters 2019-05-22 18:53:12 +00:00
rinpatch ac7702f800 Exclude Answers from fetching by default 2019-05-22 21:52:12 +03:00
rinpatch 19c90d47c4 Normalize poll votes to Answer objects 2019-05-22 21:17:57 +03:00
rinpatch ee68244141 Do not stream out poll replies 2019-05-21 16:58:15 +03:00
rinpatch d7c4d029c8 Restrict poll replies when fetching activiites for context 2019-05-21 14:35:20 +03:00
rinpatch aafe30d94e Handle poll votes 2019-05-21 14:12:10 +03:00
Aaron Tinio eb02edcad9 Add virtual :thread_muted? field
that may be set when fetching activities
2019-05-21 00:35:46 +08:00
rinpatch 6430cb1bf7 Restrict poll replies from fetch queries by default 2019-05-19 17:44:18 +03:00
Sergey Suprunenko e2b3a27204 Add Reports to Admin API 2019-05-16 19:09:18 +00:00
feld e190b3022b Merge branch 'fix/domain-unblocked-reblogs' into 'develop'
Fix domain-unblocked reblogs

Closes #892

See merge request pleroma/pleroma!1157
2019-05-16 18:57:14 +00:00
Mark Felder ebb0482116 Merge branch 'develop' into conversations-import 2019-05-16 13:11:17 -05:00
Aaron Tinio 793f1834d2 Use named binding to conditionally join object 2019-05-16 06:25:14 +08:00
Aaron Tinio 2b6119dfbf Restrict reblogs of activities from blocked domains 2019-05-16 05:53:51 +08:00
William Pitcock a591ab6112 activity pub: remove Ecto SQL query dumps 2019-05-15 16:56:46 +00:00
William Pitcock de114ffbb0 activitypub: remove contain_timeline() 2019-05-15 15:53:06 +00:00
William Pitcock 0387f52138 activitypub: add restrict_thread_visibility() 2019-05-15 15:53:06 +00:00
lain f168a1cbdc Merge remote-tracking branch 'origin/develop' into conversations-import 2019-05-15 17:47:29 +02:00
lambda 692919c7d2 Merge branch 'refactor/use-job-queue-everywhere' into 'develop'
use job queue everywhere

Closes #862

See merge request pleroma/pleroma!1142
2019-05-14 15:27:34 +00:00
Egor Kislitsyn 5e2b491276 Merge remote-tracking branch 'pleroma/develop' into feature/disable-account 2019-05-14 18:15:56 +07:00
William Pitcock 57d11ac9db activitypub: move post rich media fetching to job queue 2019-05-13 19:36:00 +00:00
William Pitcock ef1f9e8d4e activitypub: split out outgoing federation into a federation module 2019-05-12 05:04:11 +00:00
lain a33bec7d58 Conversations: Import order, import as read. 2019-05-09 16:39:28 +02:00
lain e6d7f8d223 Credo fixes. 2019-05-08 18:19:20 +02:00
lain 920bd47055 ActivityPub: Remove leftover printf debugging. 2019-05-08 17:40:24 +02:00
lain fcf2f38d20 Conversations: Add a function to 'import' old DMs. 2019-05-08 17:37:00 +02:00
William Pitcock 6020ff3fb6 activitypub: add optional order constraint to timeline query builder 2019-05-07 19:33:22 +00:00
rinpatch 4c5125dedc Remove bookmarks assoc and add a fake bookmark assoc instead 2019-05-07 19:33:22 +00:00
rinpatch f841eb7cdb Preload bookmarks wherever the object is preloaded 2019-05-07 19:33:22 +00:00
Egor Kislitsyn 1557b99beb Merge remote-tracking branch 'pleroma/develop' into feature/disable-account 2019-05-07 16:51:11 +07:00
lain 81d1aa424d Streamer: Stream out Conversations/Participations. 2019-05-03 13:39:14 +02:00
lain 45f790becc Merge remote-tracking branch 'origin/develop' into conversations_three 2019-05-01 18:40:41 +02:00
rinpatch ce4825c1dc Do not normalize objects in stream_out unless the activity type is
Create

Saves quite a bit of time with delete activities because they would
always query the db
2019-04-30 20:21:28 +03:00
Egor Kislitsyn c157e27a00 Merge branch 'develop' into feature/disable-account 2019-04-25 13:41:10 +07:00
rinpatch d21d921def Replace Object.normalize(activity.data[object] with Object.normalize(acitivty) to benefit from preloading 2019-04-22 11:27:29 +03:00
Egor b9cdf6d3b9 Use User.get_cached* everywhere 2019-04-22 07:20:43 +00:00