Commit graph

2800 commits

Author SHA1 Message Date
Ivan Tashkinov
2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
lambda
1ce1b7b58d Merge branch 'bugfix/oauth-token-padding' into 'develop'
oauth: never use base64 padding when returning tokens to applications

See merge request pleroma/pleroma!825
2019-02-15 14:58:13 +00:00
rinpatch
921571c19b Merge branch 'hellthread-filter-fix' into 'develop'
Hellthread filter fix

Closes #634

See merge request pleroma/pleroma!831
2019-02-15 13:18:35 +00:00
Karen Konou
c2e0a0c8d4 Readd threshold is not 0 check, optmization? 2019-02-15 14:05:20 +01:00
Karen Konou
dca6bee2f7 Rename test, add check for follower collection when delisting 2019-02-15 13:43:14 +01:00
rinpatch
b63a5e309d Merge branch 'bugfix/actor-containment' into 'develop'
activitypub: correctly handle bare URIs in user lookup

Closes #645

See merge request pleroma/pleroma!829
2019-02-15 12:27:03 +00:00
Karen Konou
d943c90249 Add tests, change default config values, fix a bug 2019-02-15 12:47:50 +01:00
eugenijm
ecdf0657ba Add logic for keeping follow_request_count up-to-date on the follow,
`approve_friend_request`, and `deny_friend_request` actions.
Add follow_request_count to the user view.
2019-02-15 12:20:20 +03:00
William Pitcock
da44cdd381 user: search: use get_or_fetch() instead of get_or_fetch_by_nickname()
get_or_fetch() handles the nickname verses URI differences transparently.
2019-02-14 20:00:04 +00:00
lambda
ea2698beb7 Merge branch 'bugfix/activitypub-reserialization' into 'develop'
activitypub transmogrifier: fix reserialization edge cases

See merge request pleroma/pleroma!826
2019-02-14 19:54:16 +00:00
William Pitcock
56862f4ce1 activitypub: clean up logging statements a little 2019-02-14 19:42:33 +00:00
Wim Vanderbauwhede
04b1c13554 Merge remote-tracking branch 'upstream/develop' into patch-image-description 2019-02-14 16:41:40 +00:00
Ivan Tashkinov
027adbc9e5 [#468] Refactored OAuth scopes parsing / defaults handling. 2019-02-14 17:03:19 +03:00
Egor Kislitsyn
3f32d7b937 Fix queue name 2019-02-14 17:02:47 +07:00
Egor Kislitsyn
907306174b fix S3 links encoding in Mediaproxy 2019-02-14 15:55:21 +07:00
William Pitcock
72ba5b4ab7 activitypub: user view: formatting 2019-02-14 03:13:07 +00:00
William Pitcock
5307c211b8 activitypub: user view: report totalItems=0 for follows/followers when hidden 2019-02-14 03:10:00 +00:00
William Pitcock
6542b86292 activitypub: user view: remove totalItems from user outbox
(this is based on a counter in User.Info, but the counter is not reliable.)
2019-02-14 03:02:45 +00:00
William Pitcock
ee2fa1a314 activitypub: user view: remove totalInbox from user inbox view
It is not really feasible to quickly calculate the totalItems value and
it shouldn't be trusted anyway.
2019-02-14 03:01:39 +00:00
kaniini
bc9e5e6b65 Merge branch 'feature/activitypub-oauth-endpoints' into 'develop'
ActivityPub C2S oauth endpoints

See merge request pleroma/pleroma!821
2019-02-14 02:50:06 +00:00
William Pitcock
64620d8980 activitypub: user view: do not expose oAuth endpoints for instance users 2019-02-14 02:41:21 +00:00
William Pitcock
e9ef4b8da6 oauth: never use base64 padding when returning tokens to applications
The normal Base64 alphabet uses the equals sign (=) as a padding character.  Since
Base64 strings are self-synchronizing, padding characters are unnecessary, so don't
generate them in the first place.
2019-02-14 01:10:04 +00:00
William Pitcock
e05bf2940f activitypub: transmogrifier: correctly handle nil inReplyTo value 2019-02-14 00:35:54 +00:00
William Pitcock
94cbbb0e3a activitypub: transmogrifier: do not attempt to expand pre-existing AS2 tag objects 2019-02-14 00:35:53 +00:00
Mark Felder
f62c1d6266 Improve login error for OAuth flow 2019-02-13 22:33:22 +00:00
Ivan Tashkinov
063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages. 2019-02-14 00:29:29 +03:00
William Pitcock
9bd6ed975e activitypub: user view: use route helpers instead of hardcoded URIs 2019-02-13 19:34:43 +00:00
William Pitcock
29e946ace4 activitypub: user view: add oauthRegistrationEndpoint to user profiles 2019-02-13 19:34:43 +00:00
William Pitcock
db8abd958d activitypub: user view: fix up endpoints rendering 2019-02-13 19:34:43 +00:00
William Pitcock
90facd3598 user view: add AP C2S oauth endpoints to local user profiles 2019-02-13 19:34:43 +00:00
Karen Konou
bef9b9cb66 refactored code 2019-02-13 16:23:09 +01:00
Karen Konou
adcdd21f16 Merge branch 'develop' into hellthread-filter-fix 2019-02-13 16:22:14 +01:00
lain
88a4de24f9 User.follow_all: Respect blocks in both directions. 2019-02-13 13:52:27 +01:00
Maxim Filippov
760fec4cb8 Update token.ex 2019-02-13 12:59:56 +03:00
Maxim Filippov
62a45bdc11 Add revoke token 2019-02-13 12:59:56 +03:00
Maxim Filippov
61a4bc5095 Add OAuth tokens endpoint 2019-02-13 12:59:56 +03:00
hakabahitoyo
b7bc666200 bugfix mdii uploader 2019-02-13 15:46:42 +09:00
Karen Konou
1d727cd069 added checks for public url and follower collections 2019-02-13 00:01:34 +01:00
Haelwenn (lanodan) Monnier
da4c662af3
Plugs.HTTPSecurityPlug: Add webpacker to connect-src 2019-02-12 22:12:12 +01:00
Haelwenn (lanodan) Monnier
00e8f0b07d
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
This is needed to run dev mode mastofe at the same time
2019-02-12 22:12:11 +01:00
Mark Felder
c984e8272a Formatting 2019-02-12 00:37:22 +00:00
Mark Felder
4956ab5ea3 Fix compile 2019-02-12 00:25:12 +00:00
Mark Felder
ac7ef0999d WIP: Fix Twitter Cards
Twitter cards were not passing any useful metadata. A few things were
being handled on Twitter's end by trying to match OpenGraph tags with
their own, but it wasn't working at all for media. This is an attempt to
fix that.

Common functions have been pulled out of opengraph and put into
utils. Twitter's functionality was entirely replaced with a direct copy
of Opengraph's and then modified as needed.

Profiles are now represented as Summary Cards

Posts with images are now represented as Summart with Large Image Cards

Posts with video and audio attachments are represented as Player Cards.

This now passes the Twitter Card Validator.

Validator and Docs are below

https://cards-dev.twitter.com/validator
https://developer.twitter.com/en/docs/tweets/optimize-with-cards/overview/abouts-cards
2019-02-11 23:59:04 +00:00
shibayashi
ea1058929c
Use url[:scheme] instead of protocol to determine if https is enabled 2019-02-12 00:08:52 +01:00
rinpatch
379d04692c Filter summary in keywordpolicy 2019-02-11 21:35:40 +03:00
rinpatch
39383a6b79 Merge branch 'feature/thread-muting' into 'develop'
Feature/thread muting

See merge request pleroma/pleroma!796
2019-02-11 15:02:14 +00:00
lambda
044616292b Merge branch 'feature/rich-media-limits' into 'develop'
rich media: tighten fetching timeouts and size limits

See merge request pleroma/pleroma!809
2019-02-11 12:33:58 +00:00
Karen Konou
ac72b578da Merge branch 'develop' into feature/thread-muting 2019-02-11 12:10:49 +01:00
Karen Konou
c01ef574c1 Refactor as per Rin's suggestions, add endpoint tests 2019-02-11 12:04:02 +01:00
lambda
d53e36bf1e Revert "Merge branch 'object-creation' into 'develop'"
This reverts merge request !802
2019-02-11 08:07:39 +00:00
Egor Kislitsyn
305d219413 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into feature/jobs
# Conflicts:
#	lib/pleroma/web/federator/federator.ex
#	lib/pleroma/web/websub/websub.ex
2019-02-11 13:54:21 +07:00
William Pitcock
45e57dd187 rich media: tighten fetching timeouts and size limits 2019-02-10 21:54:08 +00:00
kaniini
6c8d15da11 Merge branch 'fix/credo-issues' into 'develop'
Fix credo issues

See merge request pleroma/pleroma!786
2019-02-10 20:54:21 +00:00
Karen Konou
cc21fc5f53 refactor, status view updating, error handling 2019-02-10 10:42:30 +01:00
rinpatch
e0de0fcf22 Merge branch 'object-creation' into 'develop'
Do object insertion through Cachex

See merge request pleroma/pleroma!802
2019-02-10 07:39:27 +00:00
kaniini
d5fe05c37e Merge branch 'follow-enhancements' into 'develop'
Respect blocks in mass follow.

See merge request pleroma/pleroma!797
2019-02-09 21:03:42 +00:00
lain
f8388be9c6 Do object insertion through Cachex
So we don't flood our postgres logs with errors. Should also make things
slightly faster.
2019-02-09 22:01:08 +01:00
Karen Konou
6a150de3bd Add unique index and unique constraint check, uniqueness test fails 2019-02-09 20:52:11 +01:00
Karen Konou
638456ce8f elixir too new for CI's mix format lol 2019-02-09 18:08:46 +01:00
Karen Konou
a0d732ec55 it works!! 2019-02-09 17:47:57 +01:00
Haelwenn (lanodan) Monnier
6ca633ddd3
Mix.Tasks.Pleroma.Uploads: Disable Enum.reduce warning on line 100 (unsure) 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier
d924dc73ba
de-group import/s 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier
6a6a5b3251
de-group alias/es 2019-02-09 16:31:17 +01:00
Ivan Tashkinov
a337bd114c [#468] MastodonAPI scope restrictions. Removed obsolete "POST /web/login" route. 2019-02-09 17:32:33 +03:00
Ivan Tashkinov
4ad843fb9d [#468] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions. 2019-02-09 17:09:08 +03:00
Haelwenn (lanodan) Monnier
381fe44172
HTML.Scrubber.Default: Consistency 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
2272934a5e
Stash 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
d2e4eb7c74
Web.ActivityPub.ActivityPub: assign the Enum.filter to recipients & simplify it 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
bd9b5fffbc
Mix.Tasks.Pleroma.Uploads: Fix typo in documentation 2019-02-09 14:59:21 +01:00
Haelwenn (lanodan) Monnier
473095faf2
Web.Federator: Fix unused variable 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
60ea29dfe6
Credo fixes: alias grouping/ordering 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
106f4e7a0f
Credo fixes: parameter consistency 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
8bcfac93a8
Make credo happy 2019-02-09 14:59:20 +01:00
lain
563f04e81b Do autofollow first. 2019-02-09 13:39:57 +01:00
lain
bbd0049fae Respect blocks in mass follow. 2019-02-09 13:24:23 +01:00
lambda
1eecbc1cd1 Merge branch 'feature/keyword-policy' into 'develop'
Add keyword policy

See merge request pleroma/pleroma!794
2019-02-09 11:38:37 +00:00
Karen Konou
7e47a810a2 help i am not good with git 2019-02-08 13:22:29 +01:00
Karen Konou
5c5b228f21 Added thread unmuting (still a bit buggy maybe) 2019-02-08 13:20:40 +01:00
Karen Konou
a44e532fb1 Added thread unmuting (still a bit buggy maybe) 2019-02-08 13:17:11 +01:00
rinpatch
7356659273 wow 2019-02-08 15:12:13 +03:00
Karen Konou
98ec578f4d Merge branch 'develop' into feature/thread-muting 2019-02-08 12:44:02 +01:00
rinpatch
f88dec8b33 What idiot did that? (me) 2019-02-08 13:16:50 +03:00
rinpatch
6c21f5aa16 Merge branch 'develop' into feature/keyword-policy 2019-02-08 13:12:33 +03:00
rinpatch
8a0b755c19 rename ftl_removal to federated_timeline_removal to keep consistent naming with SimplePolicy 2019-02-08 13:12:09 +03:00
rinpatch
2174f6eb4f Add default config for keyword policy 2019-02-08 12:48:39 +03:00
rinpatch
46aa8c18a2 Add keyword policy 2019-02-08 12:38:24 +03:00
Karen Konou
c43f414a79 Somehow fixed the repo insert [skip-ci] 2019-02-07 23:44:49 +01:00
Karen Konou
7e3ec93ed0 made a silly oopsie 2019-02-07 22:59:53 +01:00
Karen Konou
77448de492 ugghhhh 2019-02-07 22:25:07 +01:00
Ivan Tashkinov
2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
Karen Konou
f4ff4ffba2 Migration and some boilerplate stuff 2019-02-07 17:36:14 +01:00
Mark Felder
74518d0b60 hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
This was a dirty regex replace which worked on my server
2019-02-06 22:34:44 +00:00
Haelwenn
1220a17146 Merge branch 'bugfix/rich-media-card' into 'develop'
rich media cards: bugfixes and regression tests

See merge request pleroma/pleroma!785
2019-02-06 18:39:13 +00:00
kaniini
18e783bcb2 Merge branch 'add-admin-and-moderator-fields' into 'develop'
Add admin and moderator badges to user view and make their visibility configurable

See merge request pleroma/pleroma!767
2019-02-06 18:19:47 +00:00
William Pitcock
65a4b9fbea mastodon api: rich media: don't clobber %URI struct with a string 2019-02-06 18:02:15 +00:00
rinpatch
f7aedbcc55 Merge branch 'fix/activitypub-user-view-badmap' into 'develop'
Fix if clause in activity_pub user_view

See merge request pleroma/pleroma!783
2019-02-06 17:47:58 +00:00
href
f753043ce0
Fix if clause in activity_pub user_view 2019-02-06 18:42:19 +01:00
Egor Kislitsyn
6f05f448f8 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into feature/jobs 2019-02-06 11:33:00 +07:00
eugenijm
035eaeb9b8 Allow to configure visibility for admin and moderator badges 2019-02-06 06:18:05 +03:00
eugenijm
398c81f9c8 Add is_admin and is_moderator boolean fields to the user view 2019-02-06 02:10:06 +03:00