Commit graph

67 commits

Author SHA1 Message Date
Oneric
0ec62acb9d Always insert Dedupe upload filter
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
FloatingGhost
64e233ca20 Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
FloatingGhost
98cb255d12 Support elixir1.15
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b74ea5e33150529385215b7a531f3999.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
sfr
20cd8a0fc4 URL encode remote emoji pack names (#362)
fix #246

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
floatingghost
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
2022-12-14 12:38:48 +00:00
floatingghost
6b882a2c0b Purge Rejected Follow requests in daily task (#334)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/334
2022-12-03 23:17:43 +00:00
FloatingGhost
ee7059c9cf Spin off imports into n oban jobs 2022-11-27 21:45:41 +00:00
Norm
561e1f2470 Make backups require its own scope (#218)
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721.

This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
floatingghost
1b826eea54 Allow reacting with remote emoji when they exist on the post (#200)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/200
2022-09-04 23:31:41 +00:00
floatingghost
11ec9daa5b API compatibility with fedibird, frontend config (#163)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/163
2022-08-17 00:22:59 +00:00
Tusooa Zhu
f08241c8ab
Allow users to create backups without providing email address
Ref: backup-without-email
2022-08-02 22:16:54 -04:00
FloatingGhost
0f132b802d purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
floatingghost
dc9f66749c remove all endpoints marked as deprecated (#91)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/91
2022-07-20 12:00:58 +00:00
FloatingGhost
cf0ad02ea9 Remove scrobbling support 2022-07-19 15:07:45 +01:00
floatingghost
5b4d77eaa7 maintenance: dependency upgrade (#81)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/81
2022-07-18 00:56:35 +00:00
FloatingGhost
cac39ef817 Bugfix: standardise scheme for emoji reactions 2022-06-25 15:27:46 +01:00
FloatingGhost
c3ed86cd1e fix emoji controller tests 2022-06-11 14:21:50 +01:00
Alex Gleason
5c80d4087d
PleromaAPI.AppView: add test 2021-12-27 18:52:34 -06:00
Alex Gleason
f5c3d45120
Merge remote-tracking branch 'origin/develop' into apps-api-endpoint 2021-12-27 18:01:25 -06:00
Haelwenn (lanodan) Monnier
a17910a6c6
CI: Bump lint stage to elixir-1.12
Elixir 1.12 changed formatting rules, this allows to avoid having to rollback to run `mix format`
2021-10-06 08:11:05 +02:00
Sean King
33f063204e
Add unit test for Pleroma API app controller 2021-08-28 23:18:12 -06:00
Haelwenn (lanodan) Monnier
e4743847a1
OpenAPI: PleromaAPI UserImport Controller 2021-03-15 06:47:07 +01:00
lain
4a9d3a1f28 Merge branch 'features/reports-enhancements' into 'develop'
Enhance reports in Pleroma API: index, show

See merge request pleroma/pleroma!3280
2021-02-28 16:45:15 +00:00
rinpatch
6d66fadea7 Remove :auth, :enforce_oauth_admin_scope_usage
`admin` scope has been required by default for more than a year now
and all apps that use the API seems to request a proper scope by now.
2021-02-17 20:47:38 +03:00
Haelwenn (lanodan) Monnier
ff72ce31ca
Enhance reports in Pleroma API: index, show 2021-02-17 18:46:53 +01:00
rinpatch
d7ad288c84 Chats: Introduce /api/v2/pleroma/chats which implements pagination
Also removes incorrect claim that /api/v1/pleroma/chats supports
pagination and deprecates it.

Closes #2140
2021-02-17 16:03:24 +03:00
Egor Kislitsyn
793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
Mark Felder
e854c35e65 Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
Mark Felder
2c0fe2ea9e Remove toggle_confirmation; require explicit state change
Also cosmetic changes to make the code clearer
2021-01-15 13:11:51 -06:00
Mark Felder
d36182c088 Change user.confirmation_pending field to user.is_confirmed 2021-01-15 12:44:41 -06:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain
e1a547d7d3 ChatMessages: Fix pagination headers.
They used to contain the path parameter `id` as query param,
which would break the link.
2021-01-11 15:30:40 +01:00
Alex Gleason
3342f6a7ef
Backups: render ID in API 2021-01-07 13:06:22 -06:00
lain
e1e7e4d379 Object: Rework how Object.normalize works
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
lain
0ef0aed205 Tests: Add a helper method to reduce sleeping times in test.
This will 'time travel', i.e. change the inserted_at and update_at
fields of the object in question. This is used to backdate things
were we used sleeping before to ensure time differences.
2020-12-21 16:31:23 +01:00
lain
9ba60f70d2 Tests: Make as many tests as possible async.
In general, tests that match these criteria can be made async:

- Doesn't use real Cachex.
- Doesn't write to the Config / Application Environment.
- Uses Mock. Using Mox is fine.
- Uses the streamer.
2020-12-21 12:21:40 +01:00
lain
6bb4f4e172 Merge branch 'support/2255_posix_errors' into 'develop'
[#2255] added error messages for posix error code

See merge request pleroma/pleroma!3138
2020-12-15 15:16:03 +00:00
lain
477c6c8e55 Merge branch 'auth-improvements' into 'develop'
Cookie auth rework / Auth subsystem refactoring and tweaks

Closes pleroma/secteam/pleroma#3

See merge request pleroma/pleroma!3112
2020-12-09 15:55:45 +00:00
Ivan Tashkinov
e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Egor Kislitsyn
35ba48494f
Stream follow updates 2020-12-02 00:18:58 +04:00
feld
cd1b4155d5 Merge branch 'oban-jobs-to-simple-tasks' into 'develop'
Moving some background jobs into simple tasks

Closes #1790

See merge request pleroma/pleroma!3129
2020-11-19 20:32:32 +00:00
Maksim Pechnikov
9c5d1cb9ed fix tests 2020-11-18 09:58:51 +03:00
Maksim Pechnikov
e4b202d905 added test 2020-11-16 22:23:28 +03:00
Egor Kislitsyn
fb41bd1a85 Hide reactions from muted and blocked users 2020-11-16 22:50:14 +04:00
Maksim Pechnikov
e1d25bad0c fix tests 2020-11-16 21:45:37 +03:00
Maksim Pechnikov
36ec604521 added test 2020-11-14 08:30:22 +03:00
Alexander Strizhakov
8d218ebaf5
Moving some background jobs into simple tasks
- fetching activity data
- attachment prefetching
- using limiter to prevent overload
2020-11-11 13:39:49 +03:00
lain
504a829edb Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/federation-status 2020-11-04 15:38:10 +01:00
Egor Kislitsyn
ca95cbe0b4
Add with_muted param to ChatController.index/2 2020-11-04 16:40:12 +04:00
Egor Kislitsyn
be52819a11
Hide chats from muted users 2020-11-02 17:51:54 +04:00