William Pitcock [Sun, 9 Sep 2018 23:40:24 +0000 (23:40 +0000)]
everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly
William Pitcock [Sun, 9 Sep 2018 23:29:00 +0000 (23:29 +0000)]
html: new module providing a configurable markup scrubbing policy
kaniini [Sun, 9 Sep 2018 13:06:17 +0000 (13:06 +0000)]
Merge branch 'bugfix/test-circular-reference' into 'develop'
test: user enabled plug tests: fix circular reference
See merge request pleroma/pleroma!336
William Pitcock [Sun, 9 Sep 2018 12:56:25 +0000 (12:56 +0000)]
tests: break the cycle using pleroma.factory
William Pitcock [Sun, 9 Sep 2018 12:43:58 +0000 (12:43 +0000)]
tests: try breaking the cycle a different way
William Pitcock [Sun, 9 Sep 2018 12:22:00 +0000 (12:22 +0000)]
test: user enabled plug tests: fix circular reference
kaniini [Sun, 9 Sep 2018 12:15:14 +0000 (12:15 +0000)]
Merge branch 'update/pleroma-fe-
20180909' into 'develop'
update pleroma frontend
See merge request pleroma/pleroma!335
William Pitcock [Sun, 9 Sep 2018 12:09:52 +0000 (12:09 +0000)]
update pleroma frontend
kaniini [Sun, 9 Sep 2018 11:38:33 +0000 (11:38 +0000)]
Merge branch 'suggestion-api-restriction' into 'develop'
Make limit for /api/v1/suggestions
See merge request pleroma/pleroma!334
Hakaba Hitoyo [Sun, 9 Sep 2018 04:57:23 +0000 (13:57 +0900)]
make limit for /api/v1/suggestions
lambda [Sat, 8 Sep 2018 09:20:34 +0000 (09:20 +0000)]
Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'
auth overhaul and legacy GS auth
See merge request pleroma/pleroma!331
kaniini [Fri, 7 Sep 2018 23:55:42 +0000 (23:55 +0000)]
Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
Add Secure and SameSite cookie flags
See merge request pleroma/pleroma!302
kaniini [Fri, 7 Sep 2018 23:55:01 +0000 (23:55 +0000)]
Merge branch 'improve-server-config-examples' into 'develop'
Improve server config examples
See merge request pleroma/pleroma!307
kaniini [Fri, 7 Sep 2018 23:49:36 +0000 (23:49 +0000)]
Merge branch 'feature/custom_media_url' into 'develop'
[Pleroma.Uploaders.Local]: Add configuration for custom url path
See merge request pleroma/pleroma!318
kaniini [Fri, 7 Sep 2018 23:47:43 +0000 (23:47 +0000)]
Merge branch 'fix/tusk' into 'develop'
Fix signin and initial loading with Tusk
See merge request pleroma/pleroma!333
Martin Kühl [Wed, 5 Sep 2018 18:14:16 +0000 (20:14 +0200)]
Mastodon API: Fake support for loading filters
Martin Kühl [Wed, 5 Sep 2018 18:13:50 +0000 (20:13 +0200)]
Mastodon API: Add unsupported attributes to relationship responses
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
lambda [Thu, 6 Sep 2018 06:50:15 +0000 (06:50 +0000)]
Merge branch 'fix/test-failure-due-to/306' into 'develop'
Fix the tests
See merge request pleroma/pleroma!332
lain [Wed, 5 Sep 2018 20:42:50 +0000 (22:42 +0200)]
Fix warning.
lain [Wed, 5 Sep 2018 20:31:57 +0000 (22:31 +0200)]
Add LegacyAuthenticationPlug to router.
lain [Wed, 5 Sep 2018 20:30:14 +0000 (22:30 +0200)]
Update legacy passwords automatically.
Martin Kühl [Wed, 5 Sep 2018 20:20:59 +0000 (22:20 +0200)]
Fix the tests
lain [Wed, 5 Sep 2018 20:00:41 +0000 (22:00 +0200)]
Update Mix.lock
lain [Wed, 5 Sep 2018 19:57:56 +0000 (21:57 +0200)]
Add Plugs to router.
lain [Wed, 5 Sep 2018 19:53:53 +0000 (21:53 +0200)]
Add UserEnabledPlug.
lain [Wed, 5 Sep 2018 19:42:42 +0000 (21:42 +0200)]
Add SetUserSessionIdPlug.
Haelwenn [Wed, 5 Sep 2018 18:20:26 +0000 (18:20 +0000)]
Merge branch 'fix/sign-in-with-toot' into 'develop'
Fix sign-in and sign-out with Toot!
See merge request pleroma/pleroma!306
lain [Wed, 5 Sep 2018 17:13:53 +0000 (19:13 +0200)]
Add new plugs to router.
lain [Wed, 5 Sep 2018 17:06:28 +0000 (19:06 +0200)]
Add EnsureUserKeyPlug, smaller fixes
lain [Wed, 5 Sep 2018 16:53:38 +0000 (18:53 +0200)]
Simplify AuthenticationPlug
lain [Wed, 5 Sep 2018 16:37:02 +0000 (18:37 +0200)]
Add SessionAuthenticationPlug.
lain [Wed, 5 Sep 2018 16:17:33 +0000 (18:17 +0200)]
Add LegacyAuthenticationPlug
lain [Wed, 5 Sep 2018 15:59:19 +0000 (17:59 +0200)]
Add EnsureAuthenticatedPlug
lain [Wed, 5 Sep 2018 15:44:38 +0000 (17:44 +0200)]
Add UserFetcherPlug.
lain [Wed, 5 Sep 2018 15:30:05 +0000 (17:30 +0200)]
Add BasicAuthDecoderPlug
Moon Man [Wed, 5 Sep 2018 06:29:19 +0000 (02:29 -0400)]
pinned crypt dependency to specific commit
Moon Man [Wed, 5 Sep 2018 05:37:48 +0000 (01:37 -0400)]
change cond to if else
Moon Man [Wed, 5 Sep 2018 04:21:44 +0000 (00:21 -0400)]
auth against sha512-crypt password hashes, upgrade to pbkdf2
shibayashi [Mon, 3 Sep 2018 19:41:21 +0000 (21:41 +0200)]
installation/pleroma-apache.conf: OCSP stapling needs to be outside of the virtualhost directive
kaniini [Mon, 3 Sep 2018 15:00:56 +0000 (15:00 +0000)]
Merge branch 'feature/staff-discovery-api' into 'develop'
staff discovery api
See merge request pleroma/pleroma!326
kaniini [Mon, 3 Sep 2018 14:55:42 +0000 (14:55 +0000)]
Merge branch 'develop' into 'feature/staff-discovery-api'
# Conflicts:
# lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
William Pitcock [Mon, 3 Sep 2018 14:40:14 +0000 (14:40 +0000)]
tests: add test for staffAccounts presence in nodeinfo
William Pitcock [Mon, 3 Sep 2018 14:35:51 +0000 (14:35 +0000)]
nodeinfo: add staffAccounts field to metadata
kaniini [Mon, 3 Sep 2018 12:33:36 +0000 (12:33 +0000)]
Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
Add/Fix Mastodon endpoints for 2.4.3 compatibility
See merge request pleroma/pleroma!266
kaniini [Mon, 3 Sep 2018 12:32:19 +0000 (12:32 +0000)]
Merge branch 'report-chat-and-gopher-support' into 'develop'
Report chat and gopher support at /nodeinfo/2.0.json
See merge request pleroma/pleroma!327
Hakaba Hitoyo [Mon, 3 Sep 2018 12:13:30 +0000 (21:13 +0900)]
report chat and gopher support at /nodeinfo/2.0.json
William Pitcock [Mon, 3 Sep 2018 12:03:23 +0000 (12:03 +0000)]
user: add moderator_user_query()
William Pitcock [Mon, 3 Sep 2018 11:55:12 +0000 (11:55 +0000)]
migrations: add is_moderator index for users table
kaniini [Mon, 3 Sep 2018 05:54:11 +0000 (05:54 +0000)]
Merge branch 'nil-bio-emojis' into 'develop'
add nil clause for Formatter.get_emoji/1 to return an empty result
Closes #274
See merge request pleroma/pleroma!315
Haelwenn [Mon, 3 Sep 2018 02:03:51 +0000 (02:03 +0000)]
Merge branch 'patch-2' into 'develop'
Render notification IDs as strings, not numbers
See merge request pleroma/pleroma!325
shadowfacts [Mon, 3 Sep 2018 01:58:55 +0000 (01:58 +0000)]
Update mastodon_api_controller.ex
shadowfacts [Mon, 3 Sep 2018 01:52:02 +0000 (01:52 +0000)]
Update mastodon_api_controller.ex
shadowfacts [Mon, 3 Sep 2018 01:40:05 +0000 (01:40 +0000)]
Render notification IDs as strings, not numbers
Thurloat [Sun, 2 Sep 2018 23:44:37 +0000 (20:44 -0300)]
sloop around get_emoji/1 to check is_binary and have a fallthrough
default that returns empty
Haelwenn (lanodan) Monnier [Sat, 1 Sep 2018 15:14:14 +0000 (17:14 +0200)]
[Pleroma.Uploaders.Local]: Add configuration for custom url path
One use-case being an external caching proxy
kaniini [Sun, 2 Sep 2018 12:37:00 +0000 (12:37 +0000)]
Merge branch 'hotfix_broken_likes' into 'develop'
hotfix for broken like completely breaking the notifications API
See merge request pleroma/pleroma!284
kaniini [Sun, 2 Sep 2018 00:08:56 +0000 (00:08 +0000)]
Merge branch 'security/emoji-xss' into 'develop'
formatter: don't add XSS emoji
See merge request pleroma/pleroma!322
William Pitcock [Sun, 2 Sep 2018 00:04:09 +0000 (00:04 +0000)]
formatter: don't add XSS emoji
kaniini [Sat, 1 Sep 2018 23:48:55 +0000 (23:48 +0000)]
Merge branch 'security/activitypub-spoofing' into 'develop'
security: activitypub spoofing
See merge request pleroma/pleroma!321
William Pitcock [Sat, 1 Sep 2018 23:44:19 +0000 (23:44 +0000)]
transmogrifier: fix peertube/plume actor handling
William Pitcock [Sat, 1 Sep 2018 23:33:10 +0000 (23:33 +0000)]
tests: add regression tests
William Pitcock [Sat, 1 Sep 2018 23:20:02 +0000 (23:20 +0000)]
activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor
Haelwenn [Sat, 1 Sep 2018 21:47:35 +0000 (21:47 +0000)]
Merge branch 'feature/disable-config-management' into 'develop'
config: add ability to disable Pleroma FE config management (closes #276)
Closes #276
See merge request pleroma/pleroma!320
William Pitcock [Sat, 1 Sep 2018 21:12:42 +0000 (21:12 +0000)]
run `mix format`.
Martin Kühl [Tue, 28 Aug 2018 23:25:40 +0000 (01:25 +0200)]
OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
Martin Kühl [Tue, 28 Aug 2018 23:07:17 +0000 (01:07 +0200)]
OAuth: Set `created_at` in token exchange response
(for compatibility with Mastodon)
Martin Kühl [Tue, 28 Aug 2018 22:51:25 +0000 (00:51 +0200)]
AccountView: `sensitive` is supposed to be a boolean, not a string
William Pitcock [Sat, 1 Sep 2018 21:03:35 +0000 (21:03 +0000)]
config: add ability to disable Pleroma FE config management (closes #276)
kaniini [Sat, 1 Sep 2018 09:12:59 +0000 (09:12 +0000)]
Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
Clean code duplication in MastoAPI search(v1/v2)
See merge request pleroma/pleroma!316
kaniini [Sat, 1 Sep 2018 08:48:40 +0000 (08:48 +0000)]
Merge branch 'verify-credentials-default-scope' into 'develop'
Specify default scope in verify_credentials
See merge request pleroma/pleroma!317
Will Pearson [Sat, 1 Sep 2018 03:59:43 +0000 (20:59 -0700)]
Specify default scope in verify_credentials
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.
Currently, Pleroma hardcodes this value to "public".
This patch changes it to the user's default_scope value.
Haelwenn (lanodan) Monnier [Sat, 1 Sep 2018 01:08:54 +0000 (03:08 +0200)]
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication
Thurloat [Fri, 31 Aug 2018 17:28:39 +0000 (14:28 -0300)]
add nil clause for Formatter.get_emoji/1 to return an empty result
lambda [Fri, 31 Aug 2018 09:53:00 +0000 (09:53 +0000)]
Merge branch 'revert-
a26d5e6b' into 'develop'
Revert "Merge branch 'feature/rich-text' into 'develop'"
See merge request pleroma/pleroma!313
lambda [Fri, 31 Aug 2018 09:51:20 +0000 (09:51 +0000)]
Revert "Merge branch 'feature/rich-text' into 'develop'"
This reverts merge request !309
kaniini [Fri, 31 Aug 2018 04:50:44 +0000 (04:50 +0000)]
Merge branch 'bugfix/s3-configuration' into 'develop'
config: fix up defaults for s3 endpoint configuration
See merge request pleroma/pleroma!312
William Pitcock [Fri, 31 Aug 2018 04:43:15 +0000 (04:43 +0000)]
config: fix up defaults for s3 endpoint configuration
kaniini [Fri, 31 Aug 2018 04:36:04 +0000 (04:36 +0000)]
Merge branch 'update/pleroma-fe-
20180831' into 'develop'
update pleroma frontend
See merge request pleroma/pleroma!311
William Pitcock [Fri, 31 Aug 2018 04:35:18 +0000 (04:35 +0000)]
update pleroma frontend
kaniini [Fri, 31 Aug 2018 04:06:18 +0000 (04:06 +0000)]
Merge branch 'update/pleroma-fe-config-
20180831' into 'develop'
config: chase pleroma-fe updates from MR pleroma-fe!324.
See merge request pleroma/pleroma!310
William Pitcock [Fri, 31 Aug 2018 04:01:21 +0000 (04:01 +0000)]
config: chase pleroma-fe updates from MR pleroma-fe!324.
kaniini [Fri, 31 Aug 2018 03:41:00 +0000 (03:41 +0000)]
Merge branch 'feature/rich-text' into 'develop'
rich text support
See merge request pleroma/pleroma!309
William Pitcock [Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)]
tests: add tests for evil HTML filtering
William Pitcock [Fri, 31 Aug 2018 03:13:59 +0000 (03:13 +0000)]
common api: add support for formatting messages outside of twitter-style plain text
kaniini [Thu, 30 Aug 2018 23:06:30 +0000 (23:06 +0000)]
Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
use media proxy for the suggestions api
See merge request pleroma/pleroma!305
kaniini [Thu, 30 Aug 2018 23:05:01 +0000 (23:05 +0000)]
Merge branch 'backendhack' into 'develop'
Flexible Storage Backends
See merge request pleroma/pleroma!304
Thurloat [Thu, 30 Aug 2018 12:20:29 +0000 (09:20 -0300)]
increase uploader behaviour documentation accuracy.
shibayashi [Thu, 30 Aug 2018 09:10:16 +0000 (11:10 +0200)]
Add frame-ancestors 'none' to all configs
Thurloat [Thu, 30 Aug 2018 01:07:28 +0000 (22:07 -0300)]
Add backend failure handling with :ok | :error so the uploader can handle it.
defaulting to :ok, since that's the currently level of error handling.
William Pitcock [Wed, 29 Aug 2018 18:38:51 +0000 (18:38 +0000)]
migrations: add index creation migration and recipients_to/cc removal migration
William Pitcock [Wed, 29 Aug 2018 18:38:30 +0000 (18:38 +0000)]
activity: drop recipients_to/recipients_cc fields
William Pitcock [Wed, 29 Aug 2018 18:33:09 +0000 (18:33 +0000)]
migrations: drop filler migration
William Pitcock [Wed, 29 Aug 2018 18:32:04 +0000 (18:32 +0000)]
activitypub: use jsonb query for containment instead of recipients_to/recipients_cc.
shibayashi [Wed, 29 Aug 2018 17:00:40 +0000 (19:00 +0200)]
installation/pleroma.nginx: Add 'always' to the security headers, so that they are included regardless of the status code
Haelwenn [Wed, 29 Aug 2018 14:43:45 +0000 (14:43 +0000)]
Merge branch 'fix-mastodon-notifications-without-nickname' into 'develop'
Fix Mastodon API when actor's nickname is null
See merge request pleroma/pleroma!308
href [Wed, 29 Aug 2018 14:26:36 +0000 (16:26 +0200)]
Fix Mastodon API when actor's nickname is null
William Pitcock [Wed, 29 Aug 2018 09:23:05 +0000 (09:23 +0000)]
streamer: contain list updates in the same way as we do with the database query
William Pitcock [Wed, 29 Aug 2018 08:51:51 +0000 (08:51 +0000)]
mastodon api: use bounded AP object graph query to enforce containment of private statuses
William Pitcock [Wed, 29 Aug 2018 08:51:23 +0000 (08:51 +0000)]
activitypub: allow querying the activity/object graph bounded to a specific to/cc set
William Pitcock [Wed, 29 Aug 2018 08:50:23 +0000 (08:50 +0000)]
test: add testcase proving lists system does not leak non-public posts