shibayashi [Fri, 28 Dec 2018 20:09:48 +0000 (21:09 +0100)]
Security/Drops the sysadmin privilege from the daemon
Haelwenn [Mon, 26 Nov 2018 19:56:49 +0000 (19:56 +0000)]
Merge branch 'add-manifest-src-to-csp' into 'develop'
Add manifest-src to CSP to allow manifest.json
See merge request pleroma/pleroma!474
shibayashi [Mon, 26 Nov 2018 19:48:24 +0000 (20:48 +0100)]
Add manifest-src to allow manifest.json
kaniini [Sun, 25 Nov 2018 02:54:54 +0000 (02:54 +0000)]
Merge branch 'bugfix/public-mastoapi-websocket' into 'develop'
Web.MastodonAPI.MastodonSocket: Add unauthentified websocket endpoints
See merge request pleroma/pleroma!471
Haelwenn (lanodan) Monnier [Sat, 24 Nov 2018 07:47:35 +0000 (08:47 +0100)]
Web.MastodonApi.MastodonSocketTest: Add test for unauthenticated websocket
Haelwenn (lanodan) Monnier [Sat, 24 Nov 2018 07:45:45 +0000 (08:45 +0100)]
Web.Streamer: Get unauthenticated statuses representation
Haelwenn (lanodan) Monnier [Sat, 24 Nov 2018 05:43:03 +0000 (06:43 +0100)]
Web.MastodonAPI.MastodonSocket: Put access_token at function-level
Haelwenn (lanodan) Monnier [Sat, 24 Nov 2018 05:13:36 +0000 (06:13 +0100)]
Web.MastodonAPI.MastodonSocket: Add unauthentified websocket endpoints
reported by soka on CRTNet
kaniini [Thu, 22 Nov 2018 00:28:04 +0000 (00:28 +0000)]
Merge branch 'feature/admin-api' into 'develop'
Add a admin API
See merge request pleroma/pleroma!366
kaniini [Wed, 21 Nov 2018 16:53:38 +0000 (16:53 +0000)]
Merge branch 'feature/improve-version' into 'develop'
Improved version string
See merge request pleroma/pleroma!467
kaniini [Tue, 20 Nov 2018 22:25:35 +0000 (22:25 +0000)]
Merge branch 'runtime-fixes' into 'develop'
Various runtime configuration fixes
See merge request pleroma/pleroma!468
Haelwenn [Tue, 20 Nov 2018 19:04:52 +0000 (19:04 +0000)]
Merge branch 'feature/retry-queue' into 'develop'
Federator: add retry queue.
See merge request pleroma/pleroma!323
kaniini [Tue, 20 Nov 2018 18:09:46 +0000 (18:09 +0000)]
Merge branch 'fix/mediaproxy-empty-url' into 'develop'
mediaproxy: fix empty url & add some tests
See merge request pleroma/pleroma!466
href [Tue, 20 Nov 2018 16:55:03 +0000 (17:55 +0100)]
Improved version string
href [Tue, 20 Nov 2018 16:46:54 +0000 (17:46 +0100)]
mediaproxy: fix empty url & add some tests
eal [Mon, 19 Nov 2018 16:08:41 +0000 (18:08 +0200)]
RetryQueue: tiny refractor, add tests
href [Fri, 16 Nov 2018 20:35:08 +0000 (21:35 +0100)]
Various runtime configuration fixes
kaniini [Sun, 18 Nov 2018 17:29:25 +0000 (17:29 +0000)]
Merge branch 'update/pleroma-fe-
20181118' into 'develop'
update pleroma frontend
See merge request pleroma/pleroma!464
William Pitcock [Sun, 18 Nov 2018 17:27:48 +0000 (17:27 +0000)]
update pleroma frontend
eal [Sun, 26 Aug 2018 18:17:13 +0000 (21:17 +0300)]
Federator: add retry queue.
lambda [Sat, 17 Nov 2018 22:43:45 +0000 (22:43 +0000)]
Merge branch 'security/as2-object-render-hardening' into 'develop'
activitypub: object view: avoid leaking private details
See merge request pleroma/pleroma!463
William Pitcock [Sat, 17 Nov 2018 22:29:08 +0000 (22:29 +0000)]
activitypub: object view: avoid leaking private details
lambda [Sat, 17 Nov 2018 22:20:08 +0000 (22:20 +0000)]
Merge branch 'bugfix/notice-urls-should-return-objects' into 'develop'
ostatus controller: respond with AS2 objects instead of activities to notice URIs
Closes #289 and #383
See merge request pleroma/pleroma!462
William Pitcock [Sat, 17 Nov 2018 22:10:15 +0000 (22:10 +0000)]
ostatus controller: respond with AS2 objects instead of activities to notice URIs
lambda [Sat, 17 Nov 2018 21:52:51 +0000 (21:52 +0000)]
Merge branch 'security/spoofing-hardening' into 'develop'
security: spoofing hardening
Closes #380, #381, and #382
See merge request pleroma/pleroma!461
William Pitcock [Sat, 17 Nov 2018 21:41:08 +0000 (21:41 +0000)]
tests: federator: fix formatting
William Pitcock [Sat, 17 Nov 2018 21:22:30 +0000 (21:22 +0000)]
activitypub: transmogrifier: make deletes secure
Haelwenn (lanodan) Monnier [Sat, 17 Nov 2018 21:11:18 +0000 (22:11 +0100)]
Web.AdminAPI.AdminAPIControllerTest: New Test
Haelwenn (lanodan) Monnier [Sat, 17 Nov 2018 21:10:23 +0000 (22:10 +0100)]
Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit
Haelwenn (lanodan) Monnier [Sat, 17 Nov 2018 19:04:54 +0000 (20:04 +0100)]
test/plugs/user_is_admin_plug_test: New test
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 14:53:37 +0000 (15:53 +0100)]
lib/mix/tasks/relay*: Use a with block
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 14:31:37 +0000 (15:31 +0100)]
Change Relay from `status` to `{status, message}`
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 14:20:49 +0000 (15:20 +0100)]
Web.Router: Change right to permission group (except for function names)
William Pitcock [Sat, 17 Nov 2018 21:01:19 +0000 (21:01 +0000)]
test: add sanity tests for federator handling of AP docs
William Pitcock [Sat, 17 Nov 2018 21:00:37 +0000 (21:00 +0000)]
federator: return :ok or :error depending on if an AP doc was accepted or not
William Pitcock [Sat, 17 Nov 2018 20:43:43 +0000 (20:43 +0000)]
federator: do origin containment when processing inbound messages
William Pitcock [Sat, 17 Nov 2018 20:31:20 +0000 (20:31 +0000)]
tests: add a test to verify the general fake direction protection works in all cases
William Pitcock [Sat, 17 Nov 2018 20:20:45 +0000 (20:20 +0000)]
tests: add a testcase for user collision
William Pitcock [Sat, 17 Nov 2018 20:13:38 +0000 (20:13 +0000)]
activitypub: user fetching: use fetch_and_contain_remote_object_from_id()
William Pitcock [Sat, 17 Nov 2018 20:07:49 +0000 (20:07 +0000)]
tests: add tests for contain_origin_from_id()
William Pitcock [Sat, 17 Nov 2018 20:02:02 +0000 (20:02 +0000)]
activitypub: factor out AP object fetching to it's own function and add ID-based containment
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 14:16:19 +0000 (15:16 +0100)]
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names)
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 14:08:03 +0000 (15:08 +0100)]
lib/mix/tasks/relay_{un,}follow.ex: Use a with block
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 13:55:49 +0000 (14:55 +0100)]
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 13:55:32 +0000 (14:55 +0100)]
lib/mix/tasks/relay_{un,}follow.ex: Support status reply of Relay.{un,}follow
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 13:49:02 +0000 (14:49 +0100)]
Pleroma.Web.ActivityPub.Relay: make {un,}follow return :ok only if it worked, :error if it didn’t
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 13:43:22 +0000 (14:43 +0100)]
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.”
Haelwenn (lanodan) Monnier [Sat, 10 Nov 2018 13:42:34 +0000 (14:42 +0100)]
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves
Haelwenn (lanodan) Monnier [Fri, 2 Nov 2018 07:30:52 +0000 (08:30 +0100)]
Pleroma.Web.AdminAPI.AdminAPIController: user_create statement format
Haelwenn (lanodan) Monnier [Fri, 2 Nov 2018 07:19:56 +0000 (08:19 +0100)]
Add get endpoints for rights [AdminAPI]
Haelwenn (lanodan) Monnier [Fri, 2 Nov 2018 07:15:09 +0000 (08:15 +0100)]
Fix connection returns make generic right endpoint [AdminAPI]
Haelwenn (lanodan) Monnier [Fri, 12 Oct 2018 04:43:08 +0000 (06:43 +0200)]
admin_api_controller.ex: fix remaining params at once
Haelwenn (lanodan) Monnier [Fri, 12 Oct 2018 04:37:37 +0000 (06:37 +0200)]
admin_api_controller.ex: Add documentation, fix get_invite_token
Haelwenn (lanodan) Monnier [Fri, 12 Oct 2018 04:28:20 +0000 (06:28 +0200)]
admin_api_controller.ex: get_password_reset: fix params and response
Haelwenn (lanodan) Monnier [Fri, 12 Oct 2018 04:26:58 +0000 (06:26 +0200)]
lib/pleroma/web/admin_api/admin_api_controller.ex: Pleroma.Web.AdminAPI.Controller → Pleroma.Web.AdminAPI.AdminAPIController
Haelwenn (lanodan) Monnier [Fri, 12 Oct 2018 04:25:50 +0000 (06:25 +0200)]
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting
Haelwenn (lanodan) Monnier [Fri, 12 Oct 2018 03:12:09 +0000 (05:12 +0200)]
lib/mix/tasks/make_admin.ex: New task
Haelwenn (lanodan) Monnier [Tue, 2 Oct 2018 17:13:21 +0000 (19:13 +0200)]
lib/pleroma/plugs/user_is_admin_plug.ex: Create
Haelwenn (lanodan) Monnier [Tue, 2 Oct 2018 17:03:05 +0000 (19:03 +0200)]
admin_api_controller: Have some basic code
Haelwenn (lanodan) Monnier [Tue, 2 Oct 2018 16:38:16 +0000 (18:38 +0200)]
admin_api_controller.ex: Create
lambda [Sat, 17 Nov 2018 18:33:09 +0000 (18:33 +0000)]
Merge branch 'security/actor-containment' into 'develop'
security hotfix: actor containment
See merge request pleroma/pleroma!460
William Pitcock [Sat, 17 Nov 2018 18:24:58 +0000 (18:24 +0000)]
tests: add a second spoofing variant
William Pitcock [Sat, 17 Nov 2018 18:17:17 +0000 (18:17 +0000)]
activitypub: fetch_object_from_id(): prefer `actor` over `attributedTo` to avoid spoofing
William Pitcock [Sat, 17 Nov 2018 18:16:55 +0000 (18:16 +0000)]
test: fix more test defects
William Pitcock [Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)]
tests: add additional spoofing tests
William Pitcock [Sat, 17 Nov 2018 18:11:31 +0000 (18:11 +0000)]
transmogrifier tests: fix defective spoofing test
William Pitcock [Sat, 17 Nov 2018 17:42:47 +0000 (17:42 +0000)]
test: httpoison mock: add second spoofing activity test
kaniini [Sat, 17 Nov 2018 16:41:09 +0000 (16:41 +0000)]
Merge branch 'feature/uploader-mdii' into 'develop'
Feature / MDII Uploader
See merge request pleroma/pleroma!454
hakabahitoyo [Sat, 17 Nov 2018 11:16:25 +0000 (20:16 +0900)]
fallbacking into local uploader
hakabahitoyo [Sat, 17 Nov 2018 09:14:42 +0000 (18:14 +0900)]
better config reading
kaniini [Fri, 16 Nov 2018 23:34:43 +0000 (23:34 +0000)]
Merge branch 'bugfix/dm-timeline-scope' into 'develop'
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
See merge request pleroma/pleroma!457
lain [Fri, 16 Nov 2018 18:47:36 +0000 (19:47 +0100)]
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
lambda [Fri, 16 Nov 2018 18:13:47 +0000 (18:13 +0000)]
Merge branch 'feature/pleromafe-usersearch' into 'develop'
Add Twitter / Pleroma API user search
See merge request pleroma/pleroma!452
kaniini [Fri, 16 Nov 2018 17:47:22 +0000 (17:47 +0000)]
Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions
Closes #379
See merge request pleroma/pleroma!456
William Pitcock [Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)]
http security: remove form-action from CSP definitions
lain [Fri, 16 Nov 2018 17:31:32 +0000 (18:31 +0100)]
Add better test for user search functionlity.
lambda [Fri, 16 Nov 2018 15:52:38 +0000 (15:52 +0000)]
Merge branch 'fix/test' into 'develop'
Reset http security settings to fix plug test
See merge request pleroma/pleroma!455
AkiraFukushima [Fri, 16 Nov 2018 15:45:21 +0000 (00:45 +0900)]
Reset http security settings to fix plug test
hakabahitoyo [Fri, 16 Nov 2018 11:41:12 +0000 (20:41 +0900)]
better config
hakabahitoyo [Fri, 16 Nov 2018 11:22:36 +0000 (20:22 +0900)]
better extension detection
hakabahitoyo [Thu, 15 Nov 2018 07:08:55 +0000 (16:08 +0900)]
debug
hakabahitoyo [Thu, 15 Nov 2018 06:11:59 +0000 (15:11 +0900)]
format
Hakaba Hitoyo [Thu, 15 Nov 2018 05:46:43 +0000 (14:46 +0900)]
debuf
Hakaba Hitoyo [Thu, 15 Nov 2018 05:38:45 +0000 (14:38 +0900)]
omplement mdii uploader
Hakaba Hitoyo [Thu, 15 Nov 2018 05:19:10 +0000 (14:19 +0900)]
add mdii uploader
Hakaba Hitoyo [Thu, 15 Nov 2018 05:04:09 +0000 (14:04 +0900)]
Merge remote-tracking branch 'official/develop' into develop
Hakaba Hitoyo [Thu, 15 Nov 2018 05:03:52 +0000 (14:03 +0900)]
Revert "update pleroma frontend"
This reverts commit
025301546702a6fe9167e49453c3a9b44607fb75.
lain [Wed, 14 Nov 2018 19:41:12 +0000 (20:41 +0100)]
Format.
lain [Wed, 14 Nov 2018 19:33:23 +0000 (20:33 +0100)]
Add Pleroma user search api for PleromaFE.
lambda [Wed, 14 Nov 2018 18:17:10 +0000 (18:17 +0000)]
Merge branch 'fix-media-proxy-filename' into 'develop'
media_proxy: use path only to retrieve filename
See merge request pleroma/pleroma!450
kaniini [Wed, 14 Nov 2018 16:10:27 +0000 (16:10 +0000)]
Merge branch 'update/pleroma-fe-
20181114' into 'develop'
update pleroma frontend
See merge request pleroma/pleroma!451
William Pitcock [Wed, 14 Nov 2018 16:08:22 +0000 (16:08 +0000)]
update pleroma frontend
kaniini [Wed, 14 Nov 2018 08:52:08 +0000 (08:52 +0000)]
Merge branch 'twitter-api-direct-messages' into 'develop'
Twitter api direct messages
See merge request pleroma/pleroma!449
href [Tue, 13 Nov 2018 22:41:33 +0000 (23:41 +0100)]
media_proxy: use path only to retrieve filename
lain [Tue, 13 Nov 2018 19:08:50 +0000 (20:08 +0100)]
TwitterApi: Add direct message endpoint
lain [Tue, 13 Nov 2018 18:46:34 +0000 (19:46 +0100)]
MastodonAPI: Add pagination to private messages.
lambda [Tue, 13 Nov 2018 15:15:05 +0000 (15:15 +0000)]
Merge branch 'media-proxy-safety' into 'develop'
media_proxy: CSP, content-disposition
See merge request pleroma/pleroma!448
href [Tue, 13 Nov 2018 14:58:02 +0000 (15:58 +0100)]
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint
* Sends `content-disposition: attachment; …` for non-image/video/audio
content types
The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.
* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
lambda [Tue, 13 Nov 2018 13:23:04 +0000 (13:23 +0000)]
Merge branch 'security/cookie-hardening' into 'develop'
Add __Host- prefix when secure flag is enabled
See merge request pleroma/pleroma!446
lambda [Tue, 13 Nov 2018 12:24:29 +0000 (12:24 +0000)]
Merge branch 'add-MIX_ENV-to-systemd-example' into 'develop'
Add MIX_ENV=prod to systemd example file
See merge request pleroma/pleroma!445