Haelwenn (lanodan) Monnier
30063c5914
MRF.DropPolicy: Add id_filter/1
2024-09-21 14:06:26 +02:00
Haelwenn (lanodan) Monnier
3dd6f65859
Object.Fetcher: Hook to MRF.id_filter
2024-09-21 14:06:26 +02:00
Haelwenn (lanodan) Monnier
03e14e759d
MRF: Add filtering against AP id
2024-09-21 14:06:24 +02:00
marcin mikołajczak
23e5eed4e0
Include session scopes in TokenView
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-09-19 10:57:50 +02:00
Mark Felder
73204c1bca
LDAP: fix compile warning
...
Sometimes the compile will emit the following warning, so we'll just avoid it by making it call a function in the LDAP module which will never have this problem.
warning: :GenServer.call/2 is undefined (module :GenServer is not available or is yet to be defined)
2024-09-18 11:58:52 -04:00
Mark Felder
2b482e34eb
Improve matching on bind errors
2024-09-17 13:54:57 -04:00
Mark Felder
ea63533cf2
Change :connection to :handle to match upstream nomenclature
2024-09-17 13:46:56 -04:00
Mark Felder
21bf229731
Reduce LDAP timeouts
...
10 seconds is way too long for any login attempt or search result. LDAP should always be fast.
2024-09-17 13:43:22 -04:00
Mark Felder
363b462c54
Make the email attribute configurable
...
While here, fix the System.get_env usage to use the normal fallback value method and improve the UID label description
2024-09-17 13:40:15 -04:00
Mark Felder
a1972d57e3
Link the eldap connection process
...
Ensure if LDAP GenServer crashes it gets cleaned up, and we should crash and restart if somehow the eldap connection process crashes unexpectedly as we can't seem to receive any DOWN messages from it, etc.
2024-09-17 13:40:15 -04:00
Mark Felder
164ffbcab8
Fix return value when not doing STARTTLS
2024-09-17 13:40:15 -04:00
Mark Felder
d0ee899ab9
Only close connection if it is not nil
2024-09-17 13:40:15 -04:00
Mark Felder
123093a186
Ensure :ssl is started before we attempt to make the LDAP connection
2024-09-17 13:40:15 -04:00
Mark Felder
65a7b387c3
Require a reboot if LDAP configuration changes
2024-09-17 13:40:15 -04:00
Mark Felder
7c04098dde
Catchall for when LDAP is not enabled
2024-09-17 13:40:15 -04:00
Mark Felder
ead287d623
Credo
2024-09-17 13:40:08 -04:00
Mark Felder
9264b21907
Pleroma.LDAP
...
This adds a GenServer which will keep an LDAP connection open and auto reconnect on failure with a 5 second wait between retries. Another benefit is this prevents parsing the Root CAs for every login attempt as we only need to do it once per connection.
2024-09-17 13:40:08 -04:00
Mark Felder
e24e107f3d
Merge remote-tracking branch 'origin/develop' into retry-tests
2024-09-16 11:51:22 -04:00
feld
3a0d4e9837
Merge branch 'ldap-tls' into 'develop'
...
LDAP: permit overriding the CA root, improve SSL/TLS
See merge request pleroma/pleroma!4265
2024-09-16 15:50:58 +00:00
Mark Felder
e59706c201
Reapply "Custom mix task to retry failed tests once in CI pipeline"
...
This reverts commit b281ad06de
.
2024-09-16 11:42:55 -04:00
marcin mikołajczak
e74e0089bf
Repesct :restrict_unauthenticated for hashtag rss/atom feeds
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-09-16 17:19:21 +02:00
Mark Felder
91d1d7260b
Retain the try do so an LDAP failure can fall back to local database.
...
This fixes tests but the automatic fallback may not be well documented behavior.
2024-09-15 23:18:18 -04:00
Mark Felder
af3bf8a462
Support implicit TLS connections
...
Update docs to clarify that the :ssl option is also for modern TLS, but the :tls option is only for STARTTLS
These options may benefit from being renamed but they match upstream terminology.
2024-09-15 14:00:19 -04:00
marcin mikołajczak
8250a9764e
Merge branch 'notifications-group-key' into 'develop'
...
Add `group_key` to notifications
See merge request pleroma/pleroma!4262
2024-09-15 10:07:52 +00:00
Mark Felder
5539fea3bb
LDAP: permit overriding the CA root
2024-09-14 20:36:24 -04:00
marcin mikołajczak
1a120d0130
Federate avatar/header descriptions
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-09-14 21:32:32 +02:00
marcin mikołajczak
c1a1150888
Merge branch 'profile-image-descriptions' into 'develop'
...
Allow providing avatar/header descriptions
See merge request pleroma/pleroma!4227
2024-09-14 17:46:33 +00:00
marcin mikołajczak
0111659a1f
Merge branch 'list-id-visibility' into 'develop'
...
Include list id in StatusView
See merge request pleroma/pleroma!4246
2024-09-14 17:46:09 +00:00
marcin mikołajczak
17b69c43d5
Add group_key
to notifications
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-09-12 14:37:37 +02:00
Mark Felder
7def11d7c3
LDAP Auth: fix TLS certificate verification
...
Currently we only support STARTTLS and it was not verifying certificate and hostname correctly. We must pass a custom fqdn_fun/1 function so it knows what value to compare against.
2024-09-11 12:47:46 -04:00
Mint
9de522ce50
Authentication: convert argon2 passwords, add tests
2024-09-08 05:32:40 +03:00
marcin mikołajczak
c9b28eaf9a
Argon2 password support
2024-09-08 05:23:46 +03:00
feld
bb0cb06d8a
Merge branch 'well-known' into 'develop'
...
NodeInfo: Accept application/activity+json requests
See merge request pleroma/pleroma!4242
2024-09-06 16:30:07 +00:00
feld
80f3e507d4
Merge branch 'dialyzer' into 'develop'
...
Dialyzer fixes
See merge request pleroma/pleroma!4254
2024-09-06 16:12:28 +00:00
Mark Felder
06ce5e3b43
Dialyzer: pattern_match The pattern can never match the type {:diff, false}.
2024-09-06 11:27:07 -04:00
Mark Felder
1d0e3b1355
Dialyzer: The pattern variable _ can never match the type, because it is covered by previous clauses.
2024-09-06 11:24:37 -04:00
Mark Felder
06d6febff9
Dialyzer: The pattern variable _e@1 can never match the type, because it is covered by previous clauses.
2024-09-06 11:19:24 -04:00
Mark Felder
7eb579c191
Dialyzer: invalid contract
2024-09-06 11:18:12 -04:00
Mark Felder
bc16f09d7b
Dialyzer: the pattern can never match the type
...
The original error was for the chat controller:
lib/pleroma/web/pleroma_api/controllers/chat_controller.ex:104:pattern_match The pattern can never match the type {:error, :content_too_long | :forbidden | :no_content | :not_found} | {:user, nil}.
Improve typespecs for the Pipeline and apply them where it could be encountered
2024-09-06 11:12:15 -04:00
Mark Felder
fc3ea94a1c
Dialyzer: the pattern can never match the type
2024-09-06 09:58:03 -04:00
Mark Felder
a887188890
Oban: more unique job constraints
2024-09-06 09:42:53 -04:00
feld
2c916ccd89
Merge branch 'following-state-bug' into 'develop'
...
Fix Following status bug
See merge request pleroma/pleroma!4251
2024-09-06 13:27:06 +00:00
Mark Felder
1797f5958a
App orphans should only be removed if they are older than 15 mins
2024-09-05 20:55:28 +00:00
Mark Felder
4d76692db3
Fix Following status bug
2024-09-05 16:14:13 -04:00
Mark Felder
53744bf146
Limit the number of orphaned to delete at 100 every 10 mins due to the cascading queries that have to check oauth_authorizations and oauth_tokens tables.
...
This should keep ahead of most app registration spam and not overwhelm lower powered servers.
2024-09-04 11:45:05 -04:00
Mark Felder
a1951f3af7
Add Cron worker to clean up orphaned apps hourly
2024-09-04 10:59:58 -04:00
Mark Felder
7bd0750787
Ensure apps are assigned to users
2024-09-04 10:40:37 -04:00
Mark Felder
427da7a99a
Rate Limit the OAuth App spam
2024-09-04 09:22:58 -04:00
feld
92d5f0ac14
Revert "Merge branch 'oauth-app-spam' into 'develop'"
...
This reverts merge request !4244
2024-09-04 02:22:25 +00:00
marcin mikołajczak
6d5ae4d2e9
Include list id in StatusView
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-09-03 15:17:45 +02:00
feld
9077d0925b
Merge branch 'oauth-app-spam' into 'develop'
...
Fix OAuth app spam
See merge request pleroma/pleroma!4244
2024-09-01 18:24:06 +00:00
feld
61e4be396f
Merge branch 'drop-unknown-deletes' into 'develop'
...
Drop unwanted activities from unknown actors
See merge request pleroma/pleroma!4236
2024-09-01 18:08:07 +00:00
Mark Felder
751d63d4bb
Support OAuth App updating the website URL
2024-09-01 13:55:45 -04:00
Mark Felder
5a1144208d
Prevent OAuth App flow from creating duplicate entries
2024-09-01 12:27:16 -04:00
Mark Felder
4ae17c6294
NodeInfo: Accept application/activity+json requests
2024-08-30 15:25:21 -04:00
Mark Felder
11ee94ae17
InboxGuardPlug: Add early rejection of unknown activity types
2024-08-30 10:05:09 -04:00
Mark Felder
e38f5f1a81
Add recognized activity types to a constant and use it in the test
2024-08-30 09:47:45 -04:00
feld
5205e846eb
Update allowed activity types from strangers
...
Move is emitted from the old account
EmojiReact is ~ Like
Announced TBD
2024-08-30 09:30:33 -04:00
Mark Felder
990b2058df
Remove unnecessary error match in ReceiverWorker
2024-08-29 16:05:40 -04:00
Mark Felder
e2cdae2c88
Change relay inbox response when not federating to a 403 for consistency
2024-08-29 16:05:40 -04:00
Mark Felder
16a9b34876
Convert to an Plug called InboxGuard
2024-08-29 16:05:36 -04:00
Mark Felder
06deacd58e
Formatting
2024-08-29 11:59:42 -04:00
feld
27fcc42171
Use Pleroma.Object.Containment.get_actor/1 to reliably find the actor of an incoming activity or object
2024-08-29 11:59:42 -04:00
Mark Felder
1c394dd18c
Move the check to the inbox
2024-08-29 11:59:42 -04:00
Mark Felder
4bc6f334f4
Revert unintentional change
2024-08-29 11:59:42 -04:00
Mark Felder
ceffb8a891
Drop incoming Delete activities from unknown actors
2024-08-29 11:59:42 -04:00
feld
62856ab18f
Merge branch 'todo-fixes' into 'develop'
...
Clean up Elixir 1.13 TODOs
See merge request pleroma/pleroma!4233
2024-08-29 15:27:53 +00:00
Mark Felder
b5814dc9b3
Merge remote-tracking branch 'origin/develop' into todo-fixes
2024-08-29 11:01:02 -04:00
feld
8d07034608
Merge branch 'pleroma-http-stream' into 'develop'
...
Pleroma.HTTP: support streaming response bodies
See merge request pleroma/pleroma!4239
2024-08-29 14:54:01 +00:00
Mark Felder
c17a78c55a
Rich Media: add stream byte counting as an extra protection against malicious URLs
2024-08-29 09:37:11 -04:00
Mark Felder
8ab4dd20df
Update comments, remove solved TODO
2024-08-28 19:52:29 -04:00
Mark Felder
0bf82a1745
Add an AdapterHelper for Finch so we can support streaming request bodies
2024-08-28 19:50:51 -04:00
Mark Felder
1821ef4f15
Move user active check into Federator.perform/1
2024-08-28 18:35:09 -04:00
Mark Felder
8a3efa7152
More error annotations
2024-08-28 18:02:35 -04:00
Mark Felder
c5ca806aa0
Add back one of the duplicate checks to fix a test, document where it comes from
2024-08-28 17:57:34 -04:00
Mark Felder
380a6a6df3
:validate_object is not a real error returned from anywhere
2024-08-28 17:45:31 -04:00
Mark Felder
2346807ac9
Annotate error cases
2024-08-28 17:44:33 -04:00
Mark Felder
6ae629cfe0
Cancel ReceiverWorker jobs if the user account has been disabled / deactivated
2024-08-28 17:24:59 -04:00
Mark Felder
fc450fdefc
ReceiverWorker: cancel job if user fetch is forbidden
...
An instance block with authenticated fetch being required can cause this as we couldn't get the user to find their public key to verify the signature. Commonly observed if someone boosts/Announces a post from an instance that blocked you.
2024-08-28 15:45:16 -04:00
Mark Felder
0804b73c0a
This error is not returned by Tesla
...
Upstream has a bug filed for this as they aren't handling this error internally, so it was raising
2024-08-27 22:08:31 -04:00
Mark Felder
44901502ff
Fix incorrect identifier for the with statement
2024-08-27 21:56:02 -04:00
Mark Felder
116fe77b77
Tesla.Middleware.Timeout breaks streaming bodies
...
These are executed by Oban now and Oban can enforce the timeout if the regular HTTP timeout is not sufficient.
2024-08-27 21:55:07 -04:00
Mark Felder
0a86d2b3ac
Handle streaming response errors
2024-08-27 21:22:59 -04:00
Mark Felder
ec8db9d4ee
RichMedia: skip the HTTP HEAD request for adapters that support streaming the response body
2024-08-27 21:09:15 -04:00
Mark Felder
bb279c2802
Pleroma.HTTP add AdapterHelper.can_stream? to assist with discovering if the current adapter supports returning a Stream body
2024-08-27 21:08:25 -04:00
Mark Felder
5f6506d864
Pleroma.HTTP: option stream: true will return a stream as the body for Gun adapter
2024-08-27 20:39:32 -04:00
Mark Felder
39108c5f12
Remove unnecessary re-fetch of the actor
2024-08-22 13:43:01 -04:00
Mark Felder
a9aa810d3d
Change imports to generate an Oban job per each task
2024-08-22 13:24:07 -04:00
Mark Felder
649e51b581
Fix Oban jobs for imports
2024-08-22 11:35:55 -04:00
Mark Felder
e65555e8c5
Remove workaround for URI.merge bug on nil fields before Elixir 1.13
...
https://github.com/elixir-lang/elixir/issues/10771
2024-08-21 15:11:42 -04:00
Mark Felder
010edcbcb5
Use Map.filter now that minimum Elixir version is 1.13
2024-08-21 14:50:19 -04:00
feld
08a444f6c3
Merge branch 'reachability' into 'develop'
...
Fix reachability based on results of publishing attempts
See merge request pleroma/pleroma!4231
2024-08-19 16:49:08 +00:00
Mark Felder
1b8141b506
Address case where instance reachability status couldn't be updated
2024-08-19 11:12:28 -04:00
Mark Felder
089fa4d146
Improve Remote Object Fetcher error handling, Oban
2024-08-17 20:42:33 -04:00
marcin mikołajczak
3498662712
Move new fields to pleroma object
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 19:59:39 +02:00
marcin mikołajczak
c802f3b7f6
Validate media description length
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 19:58:32 +02:00
marcin mikołajczak
855c5a234f
Update docs
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 17:06:39 +02:00
marcin mikołajczak
681765669c
Add test for avatar description
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 17:02:44 +02:00
marcin mikołajczak
71ef9f9519
Allow providing avatar/header descriptions
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 16:36:27 +02:00
feld
fcf9ad5573
Merge branch 'bugfix-truncate-remote-user-fields' into 'develop'
...
User: truncate remote user fields instead of rejecting
See merge request pleroma/pleroma!4220
2024-08-16 00:37:10 +00:00