William Pitcock [Tue, 20 Nov 2018 19:08:41 +0000 (19:08 +0000)]
tests: fix up some more broken mastodon api testcases
William Pitcock [Tue, 20 Nov 2018 19:02:23 +0000 (19:02 +0000)]
mastodon api: fix up quite a few test failures
William Pitcock [Tue, 20 Nov 2018 18:58:08 +0000 (18:58 +0000)]
activitypub: fix restrict_blocked()
William Pitcock [Tue, 20 Nov 2018 18:54:48 +0000 (18:54 +0000)]
mastodon api: account view: fix tests
William Pitcock [Tue, 20 Nov 2018 18:47:12 +0000 (18:47 +0000)]
streamer: fix fetching the user's block list
William Pitcock [Tue, 20 Nov 2018 18:47:00 +0000 (18:47 +0000)]
oauth plug: fix deactivated check
William Pitcock [Tue, 20 Nov 2018 18:42:28 +0000 (18:42 +0000)]
common api: fix moderator check when deleting posts
William Pitcock [Tue, 20 Nov 2018 18:41:44 +0000 (18:41 +0000)]
user: fix user.info lookup in User.locked?()
lain [Tue, 20 Nov 2018 18:07:01 +0000 (19:07 +0100)]
Fix formatter tests.
lain [Sun, 18 Nov 2018 21:36:47 +0000 (22:36 +0100)]
Several twitter api fixes.
lain [Sun, 18 Nov 2018 21:15:03 +0000 (22:15 +0100)]
Fix user updating from AP.
lain [Sun, 18 Nov 2018 20:41:35 +0000 (21:41 +0100)]
Mix format.
lain [Sun, 18 Nov 2018 20:40:52 +0000 (21:40 +0100)]
Fix most User tests.
lain [Sun, 18 Nov 2018 18:33:43 +0000 (19:33 +0100)]
Fix setting of keys.
lain [Sun, 18 Nov 2018 17:53:50 +0000 (18:53 +0100)]
Fix following locked users.
lain [Sun, 18 Nov 2018 17:52:21 +0000 (18:52 +0100)]
Fix note count update.
lain [Sun, 18 Nov 2018 17:46:04 +0000 (18:46 +0100)]
Fix follower count test.
lain [Sun, 18 Nov 2018 17:40:58 +0000 (18:40 +0100)]
Fix user deactivation test.
lain [Sun, 18 Nov 2018 17:40:31 +0000 (18:40 +0100)]
Fix blocking.
lain [Sun, 18 Nov 2018 17:27:04 +0000 (18:27 +0100)]
Formatting.
lain [Sun, 18 Nov 2018 17:24:16 +0000 (18:24 +0100)]
Fix follower count setting.
lain [Sun, 18 Nov 2018 17:17:56 +0000 (18:17 +0100)]
Fix note counting.
lain [Sun, 18 Nov 2018 17:06:02 +0000 (18:06 +0100)]
Fix User deactivation.
lain [Sun, 18 Nov 2018 17:04:42 +0000 (18:04 +0100)]
Add User.Info module
To validate and mutate the user.info field.
lambda [Sat, 17 Nov 2018 22:43:45 +0000 (22:43 +0000)]
Merge branch 'security/as2-object-render-hardening' into 'develop'
activitypub: object view: avoid leaking private details
See merge request pleroma/pleroma!463
William Pitcock [Sat, 17 Nov 2018 22:29:08 +0000 (22:29 +0000)]
activitypub: object view: avoid leaking private details
lambda [Sat, 17 Nov 2018 22:20:08 +0000 (22:20 +0000)]
Merge branch 'bugfix/notice-urls-should-return-objects' into 'develop'
ostatus controller: respond with AS2 objects instead of activities to notice URIs
Closes #289 and #383
See merge request pleroma/pleroma!462
William Pitcock [Sat, 17 Nov 2018 22:10:15 +0000 (22:10 +0000)]
ostatus controller: respond with AS2 objects instead of activities to notice URIs
lambda [Sat, 17 Nov 2018 21:52:51 +0000 (21:52 +0000)]
Merge branch 'security/spoofing-hardening' into 'develop'
security: spoofing hardening
Closes #380, #381, and #382
See merge request pleroma/pleroma!461
William Pitcock [Sat, 17 Nov 2018 21:41:08 +0000 (21:41 +0000)]
tests: federator: fix formatting
William Pitcock [Sat, 17 Nov 2018 21:22:30 +0000 (21:22 +0000)]
activitypub: transmogrifier: make deletes secure
William Pitcock [Sat, 17 Nov 2018 21:01:19 +0000 (21:01 +0000)]
test: add sanity tests for federator handling of AP docs
William Pitcock [Sat, 17 Nov 2018 21:00:37 +0000 (21:00 +0000)]
federator: return :ok or :error depending on if an AP doc was accepted or not
William Pitcock [Sat, 17 Nov 2018 20:43:43 +0000 (20:43 +0000)]
federator: do origin containment when processing inbound messages
William Pitcock [Sat, 17 Nov 2018 20:31:20 +0000 (20:31 +0000)]
tests: add a test to verify the general fake direction protection works in all cases
William Pitcock [Sat, 17 Nov 2018 20:20:45 +0000 (20:20 +0000)]
tests: add a testcase for user collision
William Pitcock [Sat, 17 Nov 2018 20:13:38 +0000 (20:13 +0000)]
activitypub: user fetching: use fetch_and_contain_remote_object_from_id()
William Pitcock [Sat, 17 Nov 2018 20:07:49 +0000 (20:07 +0000)]
tests: add tests for contain_origin_from_id()
William Pitcock [Sat, 17 Nov 2018 20:02:02 +0000 (20:02 +0000)]
activitypub: factor out AP object fetching to it's own function and add ID-based containment
lambda [Sat, 17 Nov 2018 18:33:09 +0000 (18:33 +0000)]
Merge branch 'security/actor-containment' into 'develop'
security hotfix: actor containment
See merge request pleroma/pleroma!460
William Pitcock [Sat, 17 Nov 2018 18:24:58 +0000 (18:24 +0000)]
tests: add a second spoofing variant
William Pitcock [Sat, 17 Nov 2018 18:17:17 +0000 (18:17 +0000)]
activitypub: fetch_object_from_id(): prefer `actor` over `attributedTo` to avoid spoofing
William Pitcock [Sat, 17 Nov 2018 18:16:55 +0000 (18:16 +0000)]
test: fix more test defects
William Pitcock [Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)]
tests: add additional spoofing tests
William Pitcock [Sat, 17 Nov 2018 18:11:31 +0000 (18:11 +0000)]
transmogrifier tests: fix defective spoofing test
William Pitcock [Sat, 17 Nov 2018 17:42:47 +0000 (17:42 +0000)]
test: httpoison mock: add second spoofing activity test
kaniini [Sat, 17 Nov 2018 16:41:09 +0000 (16:41 +0000)]
Merge branch 'feature/uploader-mdii' into 'develop'
Feature / MDII Uploader
See merge request pleroma/pleroma!454
hakabahitoyo [Sat, 17 Nov 2018 11:16:25 +0000 (20:16 +0900)]
fallbacking into local uploader
hakabahitoyo [Sat, 17 Nov 2018 09:14:42 +0000 (18:14 +0900)]
better config reading
kaniini [Fri, 16 Nov 2018 23:34:43 +0000 (23:34 +0000)]
Merge branch 'bugfix/dm-timeline-scope' into 'develop'
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
See merge request pleroma/pleroma!457
lain [Fri, 16 Nov 2018 18:47:36 +0000 (19:47 +0100)]
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
lambda [Fri, 16 Nov 2018 18:13:47 +0000 (18:13 +0000)]
Merge branch 'feature/pleromafe-usersearch' into 'develop'
Add Twitter / Pleroma API user search
See merge request pleroma/pleroma!452
kaniini [Fri, 16 Nov 2018 17:47:22 +0000 (17:47 +0000)]
Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions
Closes #379
See merge request pleroma/pleroma!456
William Pitcock [Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)]
http security: remove form-action from CSP definitions
lain [Fri, 16 Nov 2018 17:31:32 +0000 (18:31 +0100)]
Add better test for user search functionlity.
lambda [Fri, 16 Nov 2018 15:52:38 +0000 (15:52 +0000)]
Merge branch 'fix/test' into 'develop'
Reset http security settings to fix plug test
See merge request pleroma/pleroma!455
AkiraFukushima [Fri, 16 Nov 2018 15:45:21 +0000 (00:45 +0900)]
Reset http security settings to fix plug test
hakabahitoyo [Fri, 16 Nov 2018 11:41:12 +0000 (20:41 +0900)]
better config
hakabahitoyo [Fri, 16 Nov 2018 11:22:36 +0000 (20:22 +0900)]
better extension detection
hakabahitoyo [Thu, 15 Nov 2018 07:08:55 +0000 (16:08 +0900)]
debug
hakabahitoyo [Thu, 15 Nov 2018 06:11:59 +0000 (15:11 +0900)]
format
Hakaba Hitoyo [Thu, 15 Nov 2018 05:46:43 +0000 (14:46 +0900)]
debuf
Hakaba Hitoyo [Thu, 15 Nov 2018 05:38:45 +0000 (14:38 +0900)]
omplement mdii uploader
Hakaba Hitoyo [Thu, 15 Nov 2018 05:19:10 +0000 (14:19 +0900)]
add mdii uploader
Hakaba Hitoyo [Thu, 15 Nov 2018 05:04:09 +0000 (14:04 +0900)]
Merge remote-tracking branch 'official/develop' into develop
Hakaba Hitoyo [Thu, 15 Nov 2018 05:03:52 +0000 (14:03 +0900)]
Revert "update pleroma frontend"
This reverts commit
025301546702a6fe9167e49453c3a9b44607fb75.
lain [Wed, 14 Nov 2018 19:41:12 +0000 (20:41 +0100)]
Format.
lain [Wed, 14 Nov 2018 19:33:23 +0000 (20:33 +0100)]
Add Pleroma user search api for PleromaFE.
lambda [Wed, 14 Nov 2018 18:17:10 +0000 (18:17 +0000)]
Merge branch 'fix-media-proxy-filename' into 'develop'
media_proxy: use path only to retrieve filename
See merge request pleroma/pleroma!450
kaniini [Wed, 14 Nov 2018 16:10:27 +0000 (16:10 +0000)]
Merge branch 'update/pleroma-fe-
20181114' into 'develop'
update pleroma frontend
See merge request pleroma/pleroma!451
William Pitcock [Wed, 14 Nov 2018 16:08:22 +0000 (16:08 +0000)]
update pleroma frontend
kaniini [Wed, 14 Nov 2018 08:52:08 +0000 (08:52 +0000)]
Merge branch 'twitter-api-direct-messages' into 'develop'
Twitter api direct messages
See merge request pleroma/pleroma!449
href [Tue, 13 Nov 2018 22:41:33 +0000 (23:41 +0100)]
media_proxy: use path only to retrieve filename
lain [Tue, 13 Nov 2018 19:08:50 +0000 (20:08 +0100)]
TwitterApi: Add direct message endpoint
lain [Tue, 13 Nov 2018 18:46:34 +0000 (19:46 +0100)]
MastodonAPI: Add pagination to private messages.
lambda [Tue, 13 Nov 2018 15:15:05 +0000 (15:15 +0000)]
Merge branch 'media-proxy-safety' into 'develop'
media_proxy: CSP, content-disposition
See merge request pleroma/pleroma!448
href [Tue, 13 Nov 2018 14:58:02 +0000 (15:58 +0100)]
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint
* Sends `content-disposition: attachment; …` for non-image/video/audio
content types
The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.
* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
lambda [Tue, 13 Nov 2018 13:23:04 +0000 (13:23 +0000)]
Merge branch 'security/cookie-hardening' into 'develop'
Add __Host- prefix when secure flag is enabled
See merge request pleroma/pleroma!446
lambda [Tue, 13 Nov 2018 12:24:29 +0000 (12:24 +0000)]
Merge branch 'add-MIX_ENV-to-systemd-example' into 'develop'
Add MIX_ENV=prod to systemd example file
See merge request pleroma/pleroma!445
lambda [Tue, 13 Nov 2018 12:22:41 +0000 (12:22 +0000)]
Merge branch 'whalebird' into 'develop'
Add Whalebird as a client application in README
See merge request pleroma/pleroma!447
shibayashi [Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)]
Add __Host- prefix when secure flag is enabled
shibayashi [Mon, 12 Nov 2018 22:01:06 +0000 (23:01 +0100)]
Add MIX_ENV=prod
scarlett [Mon, 12 Nov 2018 17:08:54 +0000 (17:08 +0000)]
Merge branch 'twitter-api-null-display-name' into 'develop'
Twitter API: Fall back to user.nickname if user has no name
Closes #375
See merge request pleroma/pleroma!444
scarlett [Mon, 12 Nov 2018 16:40:34 +0000 (16:40 +0000)]
Twitter API: Add tests for nil names.
AkiraFukushima [Mon, 12 Nov 2018 16:02:49 +0000 (01:02 +0900)]
Add Whalebird as a client application in README
scarlett [Mon, 12 Nov 2018 15:38:39 +0000 (15:38 +0000)]
Twitter API: Fall back to user.nickname if user has no name
kaniini [Mon, 12 Nov 2018 15:30:42 +0000 (15:30 +0000)]
Merge branch 'feature/csp-plug' into 'develop'
migrate CSP management to CSPPlug
See merge request pleroma/pleroma!441
William Pitcock [Mon, 12 Nov 2018 15:17:04 +0000 (15:17 +0000)]
sample config: chase http_security change
William Pitcock [Mon, 12 Nov 2018 15:14:46 +0000 (15:14 +0000)]
http security: allow referrer-policy to be configured
William Pitcock [Mon, 12 Nov 2018 15:08:02 +0000 (15:08 +0000)]
rename CSPPlug to HTTPSecurityPlug.
Haelwenn [Sun, 11 Nov 2018 16:44:04 +0000 (16:44 +0000)]
Merge branch 'update-readme' into 'develop'
Update README.md
See merge request pleroma/pleroma!443
shibayashi [Sun, 11 Nov 2018 16:31:16 +0000 (17:31 +0100)]
Update README.md
kaniini [Sun, 11 Nov 2018 13:41:48 +0000 (13:41 +0000)]
Merge branch 'fix-list-streaming' into 'develop'
Mastodon API: Fix list streaming
See merge request pleroma/pleroma!442
KokaKiwi [Sun, 11 Nov 2018 03:33:14 +0000 (04:33 +0100)]
Mastodon API: Fix list streaming
William Pitcock [Sun, 11 Nov 2018 07:27:36 +0000 (07:27 +0000)]
config docs: typo fix
William Pitcock [Sun, 11 Nov 2018 07:26:31 +0000 (07:26 +0000)]
tests: add tests for CSPPlug
William Pitcock [Sun, 11 Nov 2018 06:56:46 +0000 (06:56 +0000)]
example configs: kill STS/CT headers
William Pitcock [Sun, 11 Nov 2018 06:53:42 +0000 (06:53 +0000)]
csp plug: add support for certificate transparency
William Pitcock [Sun, 11 Nov 2018 06:50:28 +0000 (06:50 +0000)]
csp plug: add sts support
William Pitcock [Sun, 11 Nov 2018 06:42:14 +0000 (06:42 +0000)]
sample config: document how to make CSPPlug send STS headers (off by default to allow for SSL debugging)