rinpatch
d9c0650ff9
Mastodon API: Fix lists leaking private posts
...
Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).
Reported by @kurisu@iscute.moe via a DM
2019-05-31 15:25:17 +03:00
rinpatch
a9eaa55885
Fix fix_explicit_addressing moving follower collection to cc and add tests for it
2019-05-31 14:17:05 +03:00
lain
97fb50d9fa
Mastodon Conversation API: Don't return own account in 'accounts'.
2019-05-31 11:27:14 +02:00
lain
4e45f7bc87
CI: Add auto-deployment via dokku.
2019-05-31 10:55:35 +02:00
feld
3cc00fd2e9
Merge branch 'fix/install-guide' into 'develop'
...
Formatting
See merge request pleroma/pleroma!1219
2019-05-30 21:35:31 +00:00
feld
88414151b4
Formatting
2019-05-30 21:35:31 +00:00
feld
3c1c478125
Merge branch 'fix/install-guide' into 'develop'
...
Install docs should clone from master branch
See merge request pleroma/pleroma!1218
2019-05-30 21:30:42 +00:00
feld
75a37a68d4
Install docs should clone from master branch
2019-05-30 21:30:42 +00:00
feld
73a7420c23
Merge branch 'fix/ogp-missing-data' into 'develop'
...
Replace missing non-nullable Card attributes with empty strings
See merge request pleroma/pleroma!1217
2019-05-30 21:03:31 +00:00
Sergey Suprunenko
1690be991e
Replace missing non-nullable Card attributes with empty strings
2019-05-30 21:03:31 +00:00
lambda
91ac8b075b
Merge branch 'use-pleroma-config' into 'develop'
...
Use Pleroma.Config everywhere
See merge request pleroma/pleroma!1214
2019-05-30 13:16:08 +00:00
Egor Kislitsyn
99f70c7e20
Use Pleroma.Config everywhere
2019-05-30 15:33:58 +07:00
kaniini
ab3f3af7cf
Merge branch 'revert-57e58d26' into 'develop'
...
Revert "Merge branch 'feature/search-authenticated-only' into 'develop'"
See merge request pleroma/pleroma!1212
2019-05-29 22:19:13 +00:00
kaniini
6aec0d1b58
Revert "Merge branch 'feature/search-authenticated-only' into 'develop'"
...
This reverts merge request !1209
2019-05-29 22:10:16 +00:00
Roman Chvanikov
5cee2fe9fe
Replace Application.get_env/2 with Pleroma.Config.get/1
2019-05-29 21:31:27 +03:00
Mark Felder
e912f81c82
Update docs to reflect we accept nickname for id for both of these endpoints
2019-05-29 12:22:14 -05:00
Mark Felder
e7edfd9fec
Permit fetching statuses from API with nickname or id
2019-05-29 12:20:18 -05:00
Roman Chvanikov
ce47017c89
Merge develop
2019-05-29 18:18:22 +03:00
lambda
7e889786b8
Merge branch 'fix/mastodon-search-limit' into 'develop'
...
Default search limit should be 40
See merge request pleroma/pleroma!1210
2019-05-29 14:25:53 +00:00
lambda
6fb67b74da
Merge branch 'issue/936' into 'develop'
...
[#936 ] fix tests
See merge request pleroma/pleroma!1208
2019-05-29 14:04:58 +00:00
Maksim
db94294dfb
[ #936 ] fix tests
2019-05-29 14:04:58 +00:00
Mark Felder
672fddb721
Default search limit should be 40
...
https://docs.joinmastodon.org/api/rest/search/
2019-05-29 08:06:26 -05:00
kaniini
57e58d2602
Merge branch 'feature/search-authenticated-only' into 'develop'
...
router: require oauth_read for searching
Closes #935
See merge request pleroma/pleroma!1209
2019-05-29 11:33:37 +00:00
William Pitcock
0159a6dbe9
router: require oauth_read for searching
...
Search calls are generally expensive and allow unauthenticated users to
crawl the instance for user profiles or posts which contain specified
keywords. An adversary can build a distributed search engine which not
only will consume significant instance resources, but also can be used
for undesirable purposes such as datamining.
Accordingly, require authenticated access to use the search API endpoints.
This acts as a nice balance as it allows guest users to make use of most
functionality available in Pleroma FE while ensuring that Pleroma
instances are reasonably protected from resource exhaustion. It also
removes Pleroma as a potential vector in distributed search engines.
2019-05-29 10:58:45 +00:00
feld
26e7613824
Merge branch 'varnish-improvements' into 'develop'
...
More Varnish improvements
See merge request pleroma/pleroma!667
2019-05-28 21:20:24 +00:00
feld
abc15b6dcc
Improve Varnish config. We set sane headers from the backend now.
2019-05-28 21:20:24 +00:00
kaniini
b949a37ef5
Merge branch 'respect-proxy-settings-federation' into 'develop'
...
Respect proxy settings federation
See merge request pleroma/pleroma!1206
2019-05-28 06:49:54 +00:00
jeff
9f3bcf0efe
Respect proxy settings federation
2019-05-28 06:49:53 +00:00
Sachin Joshi
1452a96ad6
ability to set and reset avatar, profile banner and backgroud in Mastodon API
2019-05-27 15:31:01 +05:45
lambda
5bb843ceec
Merge branch 'refactor/die-httpoison-die' into 'develop'
...
remove @httpoison, @ostatus and @websub compile-time constants
See merge request pleroma/pleroma!1203
2019-05-26 13:33:11 +00:00
kaniini
d66cf4b2c4
Merge branch 'fix/mrf-simple' into 'develop'
...
mrf: simple policy: fix matching imported activitypub and ostatus statuses
Closes #915
See merge request pleroma/pleroma!1205
2019-05-26 02:10:31 +00:00
William Pitcock
79503ce90f
mrf: simple policy: fix matching imported activitypub and ostatus statuses
2019-05-26 02:01:24 +00:00
William Pitcock
45e4642a58
tests: chase remote/local removal
2019-05-26 00:20:54 +00:00
William Pitcock
750ede5764
notification: remove local/remote match rules (too complicated)
2019-05-26 00:05:47 +00:00
William Pitcock
5fbbc57c1b
add migration to add notification settings to user accounts
2019-05-25 07:25:13 +00:00
William Pitcock
e7e2e7a1a6
user info: allow formdata for notification settings like every other API
2019-05-25 05:54:02 +00:00
William Pitcock
59a703fcbe
twitter api: user view: expose user notification settings under pleroma object
2019-05-25 05:31:13 +00:00
William Pitcock
0f7eeb0943
tests: add tests for non-follows/non-followers settings
2019-05-25 05:25:40 +00:00
William Pitcock
1542cccbbc
tests: chase notification setting changes
2019-05-25 05:22:13 +00:00
William Pitcock
4030837d91
notification: add non_follows/non_followers notification control settings
2019-05-25 05:19:47 +00:00
William Pitcock
56fd7dbdd7
remove @websub and @ostatus module-level constants
2019-05-25 04:43:11 +00:00
William Pitcock
80d55d428f
tests: websub: check only that signature validation succeeds or fails
2019-05-25 04:34:16 +00:00
William Pitcock
9bec891eb4
kill @httpoison
2019-05-25 04:24:21 +00:00
kaniini
9f44fa0686
Merge branch 'fix/nodeinfo-unavailable-when-not-federating' into 'develop'
...
Keep nodeinfo available when not federating
Closes #923
See merge request pleroma/pleroma!1202
2019-05-25 01:45:17 +00:00
Aaron Tinio
9415932af5
Keep nodeinfo available when not federating
2019-05-25 08:15:12 +08:00
kaniini
625fec58ff
Merge branch 'bugfix/mention-all-people-in-beginning-dm' into 'develop'
...
Mention all people in the beginning of DM
Closes #924
See merge request pleroma/pleroma!1194
2019-05-24 20:34:23 +00:00
Sergey Suprunenko
bbea5691da
Mention all people in the beginning of DM
2019-05-24 20:34:23 +00:00
kaniini
8a0ee011ac
Merge branch 'feature/static-headers' into 'develop'
...
Improve serving of static assets
See merge request pleroma/pleroma!1200
2019-05-24 20:33:55 +00:00
feld
f916e4cdd9
Move the Cache Control header test to its own file
...
We can consolidate our cache control header tests here
2019-05-24 20:33:55 +00:00
Egor Kislitsyn
a7affbdd6d
Fix tests
2019-05-24 21:41:11 +07:00