kaniini [Fri, 7 Sep 2018 23:55:42 +0000 (23:55 +0000)]
Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
Add Secure and SameSite cookie flags
See merge request pleroma/pleroma!302
kaniini [Fri, 7 Sep 2018 23:55:01 +0000 (23:55 +0000)]
Merge branch 'improve-server-config-examples' into 'develop'
Improve server config examples
See merge request pleroma/pleroma!307
kaniini [Fri, 7 Sep 2018 23:49:36 +0000 (23:49 +0000)]
Merge branch 'feature/custom_media_url' into 'develop'
[Pleroma.Uploaders.Local]: Add configuration for custom url path
See merge request pleroma/pleroma!318
kaniini [Fri, 7 Sep 2018 23:47:43 +0000 (23:47 +0000)]
Merge branch 'fix/tusk' into 'develop'
Fix signin and initial loading with Tusk
See merge request pleroma/pleroma!333
Martin Kühl [Wed, 5 Sep 2018 18:14:16 +0000 (20:14 +0200)]
Mastodon API: Fake support for loading filters
Martin Kühl [Wed, 5 Sep 2018 18:13:50 +0000 (20:13 +0200)]
Mastodon API: Add unsupported attributes to relationship responses
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
lambda [Thu, 6 Sep 2018 06:50:15 +0000 (06:50 +0000)]
Merge branch 'fix/test-failure-due-to/306' into 'develop'
Fix the tests
See merge request pleroma/pleroma!332
Martin Kühl [Wed, 5 Sep 2018 20:20:59 +0000 (22:20 +0200)]
Fix the tests
Haelwenn [Wed, 5 Sep 2018 18:20:26 +0000 (18:20 +0000)]
Merge branch 'fix/sign-in-with-toot' into 'develop'
Fix sign-in and sign-out with Toot!
See merge request pleroma/pleroma!306
shibayashi [Mon, 3 Sep 2018 19:41:21 +0000 (21:41 +0200)]
installation/pleroma-apache.conf: OCSP stapling needs to be outside of the virtualhost directive
kaniini [Mon, 3 Sep 2018 15:00:56 +0000 (15:00 +0000)]
Merge branch 'feature/staff-discovery-api' into 'develop'
staff discovery api
See merge request pleroma/pleroma!326
kaniini [Mon, 3 Sep 2018 14:55:42 +0000 (14:55 +0000)]
Merge branch 'develop' into 'feature/staff-discovery-api'
# Conflicts:
# lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
William Pitcock [Mon, 3 Sep 2018 14:40:14 +0000 (14:40 +0000)]
tests: add test for staffAccounts presence in nodeinfo
William Pitcock [Mon, 3 Sep 2018 14:35:51 +0000 (14:35 +0000)]
nodeinfo: add staffAccounts field to metadata
kaniini [Mon, 3 Sep 2018 12:33:36 +0000 (12:33 +0000)]
Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
Add/Fix Mastodon endpoints for 2.4.3 compatibility
See merge request pleroma/pleroma!266
kaniini [Mon, 3 Sep 2018 12:32:19 +0000 (12:32 +0000)]
Merge branch 'report-chat-and-gopher-support' into 'develop'
Report chat and gopher support at /nodeinfo/2.0.json
See merge request pleroma/pleroma!327
Hakaba Hitoyo [Mon, 3 Sep 2018 12:13:30 +0000 (21:13 +0900)]
report chat and gopher support at /nodeinfo/2.0.json
William Pitcock [Mon, 3 Sep 2018 12:03:23 +0000 (12:03 +0000)]
user: add moderator_user_query()
William Pitcock [Mon, 3 Sep 2018 11:55:12 +0000 (11:55 +0000)]
migrations: add is_moderator index for users table
kaniini [Mon, 3 Sep 2018 05:54:11 +0000 (05:54 +0000)]
Merge branch 'nil-bio-emojis' into 'develop'
add nil clause for Formatter.get_emoji/1 to return an empty result
Closes #274
See merge request pleroma/pleroma!315
Haelwenn [Mon, 3 Sep 2018 02:03:51 +0000 (02:03 +0000)]
Merge branch 'patch-2' into 'develop'
Render notification IDs as strings, not numbers
See merge request pleroma/pleroma!325
shadowfacts [Mon, 3 Sep 2018 01:58:55 +0000 (01:58 +0000)]
Update mastodon_api_controller.ex
shadowfacts [Mon, 3 Sep 2018 01:52:02 +0000 (01:52 +0000)]
Update mastodon_api_controller.ex
shadowfacts [Mon, 3 Sep 2018 01:40:05 +0000 (01:40 +0000)]
Render notification IDs as strings, not numbers
Thurloat [Sun, 2 Sep 2018 23:44:37 +0000 (20:44 -0300)]
sloop around get_emoji/1 to check is_binary and have a fallthrough
default that returns empty
Haelwenn (lanodan) Monnier [Sat, 1 Sep 2018 15:14:14 +0000 (17:14 +0200)]
[Pleroma.Uploaders.Local]: Add configuration for custom url path
One use-case being an external caching proxy
kaniini [Sun, 2 Sep 2018 12:37:00 +0000 (12:37 +0000)]
Merge branch 'hotfix_broken_likes' into 'develop'
hotfix for broken like completely breaking the notifications API
See merge request pleroma/pleroma!284
kaniini [Sun, 2 Sep 2018 00:08:56 +0000 (00:08 +0000)]
Merge branch 'security/emoji-xss' into 'develop'
formatter: don't add XSS emoji
See merge request pleroma/pleroma!322
William Pitcock [Sun, 2 Sep 2018 00:04:09 +0000 (00:04 +0000)]
formatter: don't add XSS emoji
kaniini [Sat, 1 Sep 2018 23:48:55 +0000 (23:48 +0000)]
Merge branch 'security/activitypub-spoofing' into 'develop'
security: activitypub spoofing
See merge request pleroma/pleroma!321
William Pitcock [Sat, 1 Sep 2018 23:44:19 +0000 (23:44 +0000)]
transmogrifier: fix peertube/plume actor handling
William Pitcock [Sat, 1 Sep 2018 23:33:10 +0000 (23:33 +0000)]
tests: add regression tests
William Pitcock [Sat, 1 Sep 2018 23:20:02 +0000 (23:20 +0000)]
activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor
Haelwenn [Sat, 1 Sep 2018 21:47:35 +0000 (21:47 +0000)]
Merge branch 'feature/disable-config-management' into 'develop'
config: add ability to disable Pleroma FE config management (closes #276)
Closes #276
See merge request pleroma/pleroma!320
William Pitcock [Sat, 1 Sep 2018 21:12:42 +0000 (21:12 +0000)]
run `mix format`.
Martin Kühl [Tue, 28 Aug 2018 23:25:40 +0000 (01:25 +0200)]
OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
Martin Kühl [Tue, 28 Aug 2018 23:07:17 +0000 (01:07 +0200)]
OAuth: Set `created_at` in token exchange response
(for compatibility with Mastodon)
Martin Kühl [Tue, 28 Aug 2018 22:51:25 +0000 (00:51 +0200)]
AccountView: `sensitive` is supposed to be a boolean, not a string
William Pitcock [Sat, 1 Sep 2018 21:03:35 +0000 (21:03 +0000)]
config: add ability to disable Pleroma FE config management (closes #276)
kaniini [Sat, 1 Sep 2018 09:12:59 +0000 (09:12 +0000)]
Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
Clean code duplication in MastoAPI search(v1/v2)
See merge request pleroma/pleroma!316
kaniini [Sat, 1 Sep 2018 08:48:40 +0000 (08:48 +0000)]
Merge branch 'verify-credentials-default-scope' into 'develop'
Specify default scope in verify_credentials
See merge request pleroma/pleroma!317
Will Pearson [Sat, 1 Sep 2018 03:59:43 +0000 (20:59 -0700)]
Specify default scope in verify_credentials
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.
Currently, Pleroma hardcodes this value to "public".
This patch changes it to the user's default_scope value.
Haelwenn (lanodan) Monnier [Sat, 1 Sep 2018 01:08:54 +0000 (03:08 +0200)]
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication
Thurloat [Fri, 31 Aug 2018 17:28:39 +0000 (14:28 -0300)]
add nil clause for Formatter.get_emoji/1 to return an empty result
lambda [Fri, 31 Aug 2018 09:53:00 +0000 (09:53 +0000)]
Merge branch 'revert-
a26d5e6b' into 'develop'
Revert "Merge branch 'feature/rich-text' into 'develop'"
See merge request pleroma/pleroma!313
lambda [Fri, 31 Aug 2018 09:51:20 +0000 (09:51 +0000)]
Revert "Merge branch 'feature/rich-text' into 'develop'"
This reverts merge request !309
kaniini [Fri, 31 Aug 2018 04:50:44 +0000 (04:50 +0000)]
Merge branch 'bugfix/s3-configuration' into 'develop'
config: fix up defaults for s3 endpoint configuration
See merge request pleroma/pleroma!312
William Pitcock [Fri, 31 Aug 2018 04:43:15 +0000 (04:43 +0000)]
config: fix up defaults for s3 endpoint configuration
kaniini [Fri, 31 Aug 2018 04:36:04 +0000 (04:36 +0000)]
Merge branch 'update/pleroma-fe-
20180831' into 'develop'
update pleroma frontend
See merge request pleroma/pleroma!311
William Pitcock [Fri, 31 Aug 2018 04:35:18 +0000 (04:35 +0000)]
update pleroma frontend
kaniini [Fri, 31 Aug 2018 04:06:18 +0000 (04:06 +0000)]
Merge branch 'update/pleroma-fe-config-
20180831' into 'develop'
config: chase pleroma-fe updates from MR pleroma-fe!324.
See merge request pleroma/pleroma!310
William Pitcock [Fri, 31 Aug 2018 04:01:21 +0000 (04:01 +0000)]
config: chase pleroma-fe updates from MR pleroma-fe!324.
kaniini [Fri, 31 Aug 2018 03:41:00 +0000 (03:41 +0000)]
Merge branch 'feature/rich-text' into 'develop'
rich text support
See merge request pleroma/pleroma!309
William Pitcock [Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)]
tests: add tests for evil HTML filtering
William Pitcock [Fri, 31 Aug 2018 03:13:59 +0000 (03:13 +0000)]
common api: add support for formatting messages outside of twitter-style plain text
kaniini [Thu, 30 Aug 2018 23:06:30 +0000 (23:06 +0000)]
Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
use media proxy for the suggestions api
See merge request pleroma/pleroma!305
kaniini [Thu, 30 Aug 2018 23:05:01 +0000 (23:05 +0000)]
Merge branch 'backendhack' into 'develop'
Flexible Storage Backends
See merge request pleroma/pleroma!304
Thurloat [Thu, 30 Aug 2018 12:20:29 +0000 (09:20 -0300)]
increase uploader behaviour documentation accuracy.
shibayashi [Thu, 30 Aug 2018 09:10:16 +0000 (11:10 +0200)]
Add frame-ancestors 'none' to all configs
Thurloat [Thu, 30 Aug 2018 01:07:28 +0000 (22:07 -0300)]
Add backend failure handling with :ok | :error so the uploader can handle it.
defaulting to :ok, since that's the currently level of error handling.
William Pitcock [Wed, 29 Aug 2018 18:38:51 +0000 (18:38 +0000)]
migrations: add index creation migration and recipients_to/cc removal migration
William Pitcock [Wed, 29 Aug 2018 18:38:30 +0000 (18:38 +0000)]
activity: drop recipients_to/recipients_cc fields
William Pitcock [Wed, 29 Aug 2018 18:33:09 +0000 (18:33 +0000)]
migrations: drop filler migration
William Pitcock [Wed, 29 Aug 2018 18:32:04 +0000 (18:32 +0000)]
activitypub: use jsonb query for containment instead of recipients_to/recipients_cc.
shibayashi [Wed, 29 Aug 2018 17:00:40 +0000 (19:00 +0200)]
installation/pleroma.nginx: Add 'always' to the security headers, so that they are included regardless of the status code
Haelwenn [Wed, 29 Aug 2018 14:43:45 +0000 (14:43 +0000)]
Merge branch 'fix-mastodon-notifications-without-nickname' into 'develop'
Fix Mastodon API when actor's nickname is null
See merge request pleroma/pleroma!308
href [Wed, 29 Aug 2018 14:26:36 +0000 (16:26 +0200)]
Fix Mastodon API when actor's nickname is null
William Pitcock [Wed, 29 Aug 2018 09:23:05 +0000 (09:23 +0000)]
streamer: contain list updates in the same way as we do with the database query
William Pitcock [Wed, 29 Aug 2018 08:51:51 +0000 (08:51 +0000)]
mastodon api: use bounded AP object graph query to enforce containment of private statuses
William Pitcock [Wed, 29 Aug 2018 08:51:23 +0000 (08:51 +0000)]
activitypub: allow querying the activity/object graph bounded to a specific to/cc set
William Pitcock [Wed, 29 Aug 2018 08:50:23 +0000 (08:50 +0000)]
test: add testcase proving lists system does not leak non-public posts
William Pitcock [Wed, 29 Aug 2018 08:43:24 +0000 (08:43 +0000)]
migrations: add migration to fill in recipients_to/recipients_cc fields
William Pitcock [Wed, 29 Aug 2018 08:37:36 +0000 (08:37 +0000)]
activity: add recipients_to and recipients_cc fields
Thurloat [Wed, 29 Aug 2018 02:49:23 +0000 (23:49 -0300)]
fix S3 ref in sample config to generate proper path.
Thurloat [Wed, 29 Aug 2018 01:39:33 +0000 (22:39 -0300)]
add a sample swift config
Thurloat [Wed, 29 Aug 2018 01:32:24 +0000 (22:32 -0300)]
A hobbldey-working swift client.
apparently, all elixir openstack libraries are trash
luckily, the APIs are stupid easy.
shibayashi [Tue, 28 Aug 2018 23:29:04 +0000 (01:29 +0200)]
installation/pleroma-apache.conf: Add TLS configuration and security headers
shibayashi [Tue, 28 Aug 2018 23:28:10 +0000 (01:28 +0200)]
installation/pleroma.vcl: Add HTTP security headers
shibayashi [Tue, 28 Aug 2018 23:16:13 +0000 (01:16 +0200)]
installation/caddyfile-pleroma.example: Add Content-Security-Policy
Thurloat [Tue, 28 Aug 2018 23:04:26 +0000 (20:04 -0300)]
works now, tested with profile photo upload on local backend.
Thurloat [Tue, 28 Aug 2018 22:48:03 +0000 (19:48 -0300)]
add the behaviour, work on actually making it work.
shibayashi [Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)]
Explicitly set 'http_only' to true
Haelwenn (lanodan) Monnier [Tue, 28 Aug 2018 18:54:50 +0000 (20:54 +0200)]
installation/pleroma.nginx: Add Content-Security-Policy
Closes: https://git.pleroma.social/pleroma/pleroma/issues/266
Thurloat [Tue, 28 Aug 2018 12:57:41 +0000 (09:57 -0300)]
Implement uploader behaviour
run formatter <#
shibayashi [Tue, 28 Aug 2018 12:03:29 +0000 (14:03 +0200)]
Set SameSite flag to 'Strict'
Hakaba Hitoyo [Tue, 28 Aug 2018 08:01:17 +0000 (17:01 +0900)]
use media proxy for suggestions api
Thurloat [Tue, 28 Aug 2018 01:45:53 +0000 (22:45 -0300)]
cleaning up a bit.
Thurloat [Tue, 28 Aug 2018 01:20:54 +0000 (22:20 -0300)]
example of flexible storage backends
kaniini [Tue, 28 Aug 2018 00:29:49 +0000 (00:29 +0000)]
Merge branch 'feature/s3' into 'develop'
S3 support
Closes #65
See merge request pleroma/pleroma!303
William Pitcock [Tue, 28 Aug 2018 00:25:30 +0000 (00:25 +0000)]
upload: formatting
William Pitcock [Tue, 28 Aug 2018 00:18:44 +0000 (00:18 +0000)]
upload: add the S3 support itself
William Pitcock [Tue, 28 Aug 2018 00:18:24 +0000 (00:18 +0000)]
sample config: add S3 public endpoint option
William Pitcock [Mon, 27 Aug 2018 23:36:30 +0000 (23:36 +0000)]
upload: strip exif data before finalizing the file path
William Pitcock [Mon, 27 Aug 2018 23:30:53 +0000 (23:30 +0000)]
sample config: show how amazon s3 support is activated, including third-party clones like wasabi
William Pitcock [Mon, 27 Aug 2018 23:24:35 +0000 (23:24 +0000)]
mix: add ex_aws and ex_aws_s3 dependencies
shibayashi [Mon, 27 Aug 2018 22:47:34 +0000 (00:47 +0200)]
Fix formatting
shibayashi [Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)]
Add Secure and SameSite cookie flags
Henry Jameson [Mon, 27 Aug 2018 14:07:26 +0000 (17:07 +0300)]
better solution, added test.
Haelwenn (lanodan) Monnier [Tue, 21 Aug 2018 18:35:14 +0000 (20:35 +0200)]
[Pleroma.Web.MastodonAPI.FilterView] fix expires_at being a unsafe variable
Haelwenn (lanodan) Monnier [Tue, 21 Aug 2018 17:45:58 +0000 (19:45 +0200)]
[Pleroma.Web.MastodonAPI.FilterView]: expires_at should be null when N/A
projects / akkoma / log