Commit Graph

14471 Commits

Author SHA1 Message Date
Tusooa Zhu
44613db853
Show original status at the first of history 2022-06-11 19:52:07 -04:00
Tusooa Zhu
95b3922328
Workaround with_index does not support function in Elixir 1.9 2022-06-11 17:02:29 -04:00
Tusooa Zhu
7451f0e81f
Send the correct update in streamer
get_create_by_ap_id_with_object() seems to fetch the old object.
Why this happens needs further investigation.
2022-06-11 12:02:16 -04:00
Tusooa Zhu
27f3d802f2
Expose history and source apis to anon users 2022-06-11 10:35:36 -04:00
Tusooa Zhu
c3593639ad
Fix incorrectly cached content after editing 2022-06-09 11:39:51 -04:00
Tusooa Zhu
aafd7a687d
Return the corresponding object id in attachment view 2022-06-08 11:45:24 -04:00
Tusooa Zhu
237b220d71
Add object id to uploaded attachments 2022-06-08 11:05:48 -04:00
lain
75f912c63f Merge branch 'hackney_reenable_TLSv1.3' into 'develop'
hackney adapter helper: enable TLSv1.3

See merge request pleroma/pleroma!3661
2022-06-06 11:36:21 +00:00
Tusooa Zhu
d2d3532e5f
Lint 2022-06-05 16:35:01 -04:00
Tusooa Zhu
532f6ae3ed
Return update notification in mastodon api 2022-06-05 16:34:42 -04:00
Tusooa Zhu
06a3998013
Create Update notifications 2022-06-05 15:02:25 -04:00
Tusooa Zhu
97eabb2047
Fix CommonAPITest 2022-06-04 13:15:07 -04:00
Tusooa Zhu
fe2d4778ee
Expose content type of status sources 2022-06-04 12:57:30 -04:00
Tusooa Zhu
72ac940618
Fix SideEffectsTest 2022-06-03 21:50:49 -04:00
Tusooa Zhu
3249ac1f12
Show edited_at in MastodonAPI/show 2022-06-03 21:47:40 -04:00
Tusooa Zhu
fdaa864083
Test that own edits are streamed 2022-06-03 21:17:16 -04:00
Tusooa Zhu
8bac8147d4
Stream out edits 2022-06-03 21:15:17 -04:00
Tusooa Zhu
b096fbba1a
Fix long report notes giving errors on creation 2022-06-02 01:28:39 -04:00
Tusooa Zhu
fa31ae50e6
Inject history when object is refetched 2022-06-01 19:49:04 -04:00
Tusooa Zhu
410e177b2a
Strip internal fields in formerRepresentation 2022-06-01 12:02:03 -04:00
Tusooa Zhu
b613a9ec6b
Implement mastodon api for editing status 2022-05-31 14:32:28 -04:00
Pierre-Louis Bonicoli
6f23fc8e08
Add tlsv1.3 to suggestions 2022-05-31 00:51:48 +02:00
Pierre-Louis Bonicoli
a158774364
hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).

It looks like the same issue already occurred before:
0cb7b0ea84.

A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):

   $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
   iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
    {:tls_alert,
     {:protocol_version,
      'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}

With this patch, the output is the expected one:

   iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
   {:ok,
    %{
      "@context" => [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        %{
          "Emoji" => "toot:Emoji",
          "Hashtag" => "as:Hashtag",
          "atomUri" => "ostatus:atomUri",
          "conversation" => "ostatus:conversation",
          "featured" => "toot:featured",
          "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
          "inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
          "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
          "movedTo" => "as:movedTo",
          "ostatus" => "http://ostatus.org#",
          "sensitive" => "as:sensitive",
          "toot" => "http://joinmastodon.org/ns#"
        }
      ],
      "endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
      "followers" => "https://example.com/@/Nick/followers",
      "following" => nil,
      "icon" => %{
        "type" => "Image",
        "url" => "https://example.com/static/media/[...].png"
      },
      "id" => "https://example.com/@/Nick/",
      "inbox" => "https://example.com/@/Nick/inbox",
      "liked" => nil,
      "name" => "Nick",
      "outbox" => "https://example.com/@/Nick/outbox",
      "preferredUsername" => "Nick",
      "publicKey" => %{
        "id" => "https://example.com/@/Nick/#main-key",
        "owner" => "https://example.com/@/Nick/",
        "publicKeyPem" => "[...]
      },
      "summary" => "",
      "type" => "Person",
      "url" => "https://example.com/@/Nick/"
    }}

A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):

    iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
    {:error,
     {:tls_alert,
      {:protocol_version,
       'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-31 00:51:45 +02:00
Tusooa Zhu
393b508846
Implement viewing source 2022-05-30 00:59:23 -04:00
Tusooa Zhu
c004eb0fa2
Implement mastodon api for showing edit history 2022-05-29 23:50:31 -04:00
Tusooa Zhu
8acfe95f3e
Allow updating polls 2022-05-29 22:16:03 -04:00
Tusooa Zhu
5e8aac0e07
Record edit history for Note and Question Updates 2022-05-29 13:54:16 -04:00
Tusooa Zhu
0f6a5eb9a2
Handle Note and Question Updates 2022-05-29 12:54:57 -04:00
Tusooa Zhu
547def67a7
Allow Updates by every actor on the same origin 2022-05-29 11:36:00 -04:00
Haelwenn
7466136ad3 Merge branch 'lewdthewides-develop-patch-48691' into 'develop'
Instruct users to run 'git pull' as the pleroma user

See merge request pleroma/pleroma!3667
2022-05-22 17:09:54 +00:00
lain
bdca5f5d68 Merge branch 'fix/mrf-steal-emoji-regex' into 'develop'
StealEmojiPolicy: fix String rejected_shortcodes

See merge request pleroma/pleroma!3673
2022-05-19 08:55:39 +00:00
Hélène
a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
lewdthewides
7977dd6ac7 Instruct users to run 'git pull' as the pleroma user 2022-05-12 16:02:58 +00:00
Tusooa Zhu
f1722a9f4a
Make lint happy
Ref: fix-local-public
2022-05-09 18:53:32 -04:00
Tusooa Zhu
6e5ef7f2eb
Test local-only in ap c2s outbox
Ref: fix-local-public
2022-05-09 18:53:32 -04:00
Tusooa Zhu
38444aa92a
Allow authenticated users to access local-only posts in MastoAPI
Ref: fix-local-public
2022-05-09 18:53:18 -04:00
Haelwenn
4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja
a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Tusooa Zhu
221cb3fb81
Allow users to create backups without providing email address
Ref: backup-without-email
2022-05-07 00:23:55 -04:00
Pete
aa51fd068b Add index hotspots
squash
2022-05-06 18:48:08 -07:00
Tusooa Zhu
fe933b9bf2
Prevent remote access of local-only posts via /objects
Ref: fix-local-public
2022-05-06 13:54:21 -04:00
Tusooa Zhu
466568ae36
Lint
Ref: fix-local-public
2022-05-06 13:54:13 -04:00
Tusooa Zhu
826deb7375
Make local-only statuses searchable
Ref: fix-local-public
2022-05-06 13:54:13 -04:00
Tusooa Zhu
38af42968d
Test that anonymous users cannot see local-only posts
Ref: fix-local-public
2022-05-06 13:54:12 -04:00
Tusooa Zhu
c48be59f58
Show local-only statuses in public timeline for authenticated users
Ref: fix-local-public
2022-05-06 13:54:02 -04:00
Haelwenn
214ef7ff73 Merge branch 'security/2.4.3-develop' into 'develop'
Merge back 2.4.3

See merge request pleroma/pleroma!3663
2022-05-06 08:27:03 +00:00
Haelwenn (lanodan) Monnier
f9943b2065 mix: Bump to 2.4.52 for 2.4.3 mergeback 2022-05-06 10:23:43 +02:00
Tusooa Zhu
57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu
e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Ilja
c3b2b71ea2 update sweet_xml [Security] 2022-05-06 10:23:25 +02:00