Commit graph

1698 commits

Author SHA1 Message Date
href
9b553a1087
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint

* Sends `content-disposition: attachment; …` for non-image/video/audio
content types

The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.

* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
shibayashi
87c76a9a2f
Add __Host- prefix when secure flag is enabled 2018-11-13 00:32:38 +01:00
scarlett
0ce5623134 Merge branch 'twitter-api-null-display-name' into 'develop'
Twitter API: Fall back to user.nickname if user has no name

Closes #375

See merge request pleroma/pleroma!444
2018-11-12 17:08:54 +00:00
scarlett
cb6fd73861 Twitter API: Fall back to user.nickname if user has no name 2018-11-12 15:52:13 +00:00
kaniini
54923c2e55 Merge branch 'feature/csp-plug' into 'develop'
migrate CSP management to CSPPlug

See merge request pleroma/pleroma!441
2018-11-12 15:30:42 +00:00
William Pitcock
fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
KokaKiwi
1592fa2bea Mastodon API: Fix list streaming 2018-11-11 14:18:15 +01:00
William Pitcock
f516e317ea plugs: add CSPPlug 2018-11-11 06:10:21 +00:00
William Pitcock
419ed3a0ca oauth: fix token decode regression 2018-11-11 05:26:39 +00:00
William Pitcock
97e50f3191 activitypub: transmogrifier: sanitize internal representation details from outgoing objects
this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside
projects which tried to parse our internal data.  accordingly, it seems better to just remove
it.
2018-11-10 12:24:20 +00:00
William Pitcock
f8310114a6 activitypub: object view: sanitize both the activity and the object when an activity is given for rendering 2018-11-10 12:04:09 +00:00
kaniini
c9c1f9dee2 Merge branch 'bugfix/ostatus-as2-reflection' into 'develop'
ostatus: only federate activities concerning note objects

See merge request pleroma/pleroma!437
2018-11-10 11:50:02 +00:00
kaniini
7daa102fa4 Merge branch 'bugfix/local-jsonld-context' into 'develop'
Host LitePub JSON-LD context locally

See merge request pleroma/pleroma!435
2018-11-10 11:37:44 +00:00
William Pitcock
4f87b8362b endpoint: move CORSPlug in front of Plug.Static 2018-11-10 11:23:50 +00:00
William Pitcock
03a9990baf endpoint: fix formatting 2018-11-10 11:18:25 +00:00
William Pitcock
e6d246882d federator: don't federate anything other than Note objects to OStatus 2018-11-10 10:06:10 +00:00
William Pitcock
e4971553c7 activitypub: utils: use same object type list for mention extraction as insertion 2018-11-09 13:40:39 +00:00
William Pitcock
b9871e7e5a activitypub: utils: wrap Note objects in a Create when extracting mentions 2018-11-09 09:01:40 +00:00
William Pitcock
6cadfcb21e activitypub: utils: switch to using new Notification.get_notified_from_activity(). 2018-11-09 09:01:40 +00:00
William Pitcock
6b4064fa5d activitypub: transmogrifier: unify mention extraction 2018-11-08 19:41:36 +00:00
Haelwenn (lanodan) Monnier
2fab32ab61
Pleroma.Web.Endpoint: Whitelist schemas directory 2018-11-08 20:22:12 +01:00
Haelwenn (lanodan) Monnier
934125695d
Move /litepub-1.0.jsonld to /schemas/litepub-0.1.jsonld 2018-11-08 20:21:45 +01:00
William Pitcock
4e93d6ae14 common api: utils: flip to/cc for mentions 2018-11-08 19:17:01 +00:00
William Pitcock
3e33479c05 activitypub: transmogrifier: only consider to users as mention targets 2018-11-08 18:58:27 +00:00
Haelwenn (lanodan) Monnier
abcacec97d
Pleroma.Web.ActivityPub.Utils: Use locally-served JSON-LD Litepub context instead of Github-hosted one 2018-11-08 19:38:38 +01:00
William Pitcock
da16ada424 utils: use litepub @context instead of that huge mess 2018-11-08 16:52:14 +00:00
William Pitcock
f733470037 user view: unify a @context entry that was missed 2018-11-08 16:51:48 +00:00
lambda
59cf7cf235 Merge branch 'small-jsonld-refactor' into 'develop'
Small jsonld refactor

See merge request pleroma/pleroma!433
2018-11-08 16:23:58 +00:00
lain
34bd411781 Unify json ld header handling. 2018-11-08 16:39:38 +01:00
lain
3b02fd9fb7 Small refactor. 2018-11-08 16:05:28 +01:00
kaniini
4d627a5117 Merge branch 'feature/qvitter-notifications-dismiss' into 'develop'
qvitter notifications: add new "read notifications" API

See merge request pleroma/pleroma!431
2018-11-07 22:33:06 +00:00
kaniini
b451a92d78 Merge branch 'runtime-config' into 'develop'
Runtime configuration

See merge request pleroma/pleroma!430
2018-11-07 22:32:34 +00:00
href
e42f2efae4
/api/v1/accounts/relationships Return an empty array if no id in params
This copies Mastodon API behaviour & fixes Mastalab app.
2018-11-07 16:32:57 +01:00
href
9070588493
Runtime config: MRF changes 2018-11-07 10:40:24 +01:00
William Pitcock
b2105a3131 twitterapi: add notification read endpoint 2018-11-06 23:25:07 +00:00
href
5bb88fd174
Runtime configuration
Related to #85

Everything should now be configured at runtime, with the exception of
the `Pleroma.HTML` scrubbers (the scrubbers used can be
changed at runtime, but their configuration is compile-time) because
it's building a module with a macro.
2018-11-06 19:41:15 +01:00
kaniini
a68c18f0ad Merge branch 'unify-mastodon-oauth' into 'develop'
Unify Mastodon Login with OAuth login.

See merge request pleroma/pleroma!429
2018-11-06 16:18:12 +00:00
kaniini
0f3e78addb Merge branch 'runtime-router' into 'develop'
Runtime configured router

See merge request pleroma/pleroma!426
2018-11-06 15:35:19 +00:00
lain
a8f1e30cb8 Formatting. 2018-11-06 16:05:58 +01:00
lain
4f640c43ed Unify Mastodon Login with OAuth login.
This removes duplication in the login code.
2018-11-06 15:19:11 +01:00
href
2bc924ba45
Get rid of Pleroma.Config in favor of Application
Discussed in https://git.pleroma.social/pleroma/pleroma/merge_requests/426#note_7232
2018-11-06 15:12:53 +01:00
href
013f7ba8c1
Add federating plug & public tests 2018-11-06 14:45:04 +01:00
href
6fe23c5458
Runtime configured router 2018-11-05 15:19:03 +01:00
href
763fc7b44f
Runtime configured emojis
The changes are a bit heavy since the emojis were loaded into module
attributes from filesystem.

This introduces a GenServer using an ETS table to cache in memory the
emojis, and allows a runtime-reload with `Pleroma.Emoji.reload()`.
2018-11-05 13:24:00 +01:00
kaniini
007f1c73b1 Merge branch 'feature/cors-again' into 'develop'
Add CORSPlug to make web-based OAuth easier.

See merge request pleroma/pleroma!420
2018-11-03 15:36:23 +00:00
Haelwenn (lanodan) Monnier
3e50bb667f
Pleroma.Web.MastodonAPI.StatusView: Content isn’t nullable 2018-11-03 14:42:47 +01:00
lain
e954cfcc2c Add CORSPlug to make web-based OAuth easier. 2018-11-03 13:38:01 +01:00
lambda
4bcdbb12a4 Merge branch 'fix_hashtag_search' into 'develop'
Fix hashtag search

See merge request pleroma/pleroma!418
2018-11-02 20:05:56 +00:00
Mark Felder
0cca7edbe0 Fix hashtag search
When we lowercase the search it will succesfully do a case insenstive
match. Now #Linux will match #linux and #LINUX whereas previously it
would only match the exact case.
2018-11-02 19:38:57 +00:00
lain
45ebc8dd9a Check for empty string in_reply_to ids. 2018-11-02 17:33:51 +01:00
Haelwenn (lanodan) Monnier
3c7d4ff271
Pleroma.Web.TwitterAPI.ActivityView: Harden TwitterAPI against remnant of prismo 2018-11-01 15:07:27 +01:00
William Pitcock
24ba08de13 twitter api: add support for rendering Page objects 2018-11-01 10:01:35 +00:00
William Pitcock
4d8f076125 mastodon api: add support for rendering Page objects 2018-11-01 10:00:16 +00:00
William Pitcock
9f03b5c4f7 activitypub: transmogrifier: add support for Page objects 2018-11-01 09:59:43 +00:00
kaniini
eba9a62024 Merge branch 'feature/relay-tests' into 'develop'
relay tests

See merge request pleroma/pleroma!411
2018-11-01 09:10:51 +00:00
Haelwenn
40676d7683 Merge branch 'bugfix/prismo.news_article_url' into 'develop'
Bugfix/prismo.news article url

Closes #352

See merge request pleroma/pleroma!410
2018-11-01 09:05:16 +00:00
lain
1e9ced5af4 Test Relay, switch to runtime configuration. 2018-11-01 09:01:43 +00:00
Haelwenn (lanodan) Monnier
b2da5262ea
Pleroma.Web.ActivityPub.Transmogrifier: fix_url when not a string/empty
Thanks prismo.news, I hate it
2018-11-01 09:56:37 +01:00
Haelwenn (lanodan) Monnier
755f166406
Pleroma.Web.MastodonAPI.StatusView: Do not fail when URL isn’t a string 2018-11-01 09:55:38 +01:00
William Pitcock
10f3958468 object: return the deleted object as well 2018-11-01 07:47:50 +00:00
William Pitcock
2bf358d7b4 activitypub: use Object.delete() instead of mutating the database and cache directly 2018-11-01 07:29:12 +00:00
Haelwenn (lanodan) Monnier
558e6a84d6
[Pleroma.Web.CommonAPI]: Delete post cache entry when it’s deleted
Closes: https://git.pleroma.social/pleroma/pleroma/issues/346
2018-11-01 06:52:01 +01:00
William Pitcock
47f76bf4b1 common api: allow self-liking objects
mastodon allows this, for whatever reason.

closes #347.
2018-10-31 22:29:49 +00:00
scarlett
b92e38d2d4 Add user reactivation task. 2018-10-29 23:13:15 +00:00
kaniini
a880e0a527 Merge branch 'feature/upload-limits' into 'develop'
configurable media upload limits

Closes #118

See merge request pleroma/pleroma!401
2018-10-29 20:14:10 +00:00
William Pitcock
676c97b8c7 nodeinfo: expose configured upload limits 2018-10-29 20:07:52 +00:00
William Pitcock
f407831120 common api: prefer formatting attachments using the attachment's name instead of URI 2018-10-29 17:59:24 +00:00
William Pitcock
784b3a615d utils: fix another possible leak with private S3 backends using mediaproxy
same rationale as the other mediaproxy changes
2018-10-29 17:26:15 +00:00
William Pitcock
181f3bb56a mastodon api: enforce upload limits for avatars and banners 2018-10-29 16:43:05 +00:00
William Pitcock
e12489e2fe twitter api: enforce upload limits for avatars, banners and backgrounds 2018-10-29 16:43:05 +00:00
William Pitcock
167d3789a5 activitypub: upload: pass through an upload limit if one is provided 2018-10-29 16:43:05 +00:00
William Pitcock
5c6ec2d9fc twitter/mastodon api: always use mediaproxy URLs in attachments
if using local media, the mediaproxy will not replace the URL anyway.
2018-10-29 15:19:32 +00:00
William Pitcock
72ea54de6e activitypub: fix possible false positives with broken thread filtering 2018-10-28 05:45:33 +00:00
William Pitcock
26eb11c172 activitypub: add support for filtering broken threads out of timelines 2018-10-26 06:16:51 +00:00
William Pitcock
f6cb963df2 activitypub utils: fix recipient check when the message is unaddressed (mastodon) 2018-10-26 01:24:22 +00:00
Haelwenn (lanodan) Monnier
7906dfe5a0
[Pleroma.Web.Nodeinfo.NodeinfoController]: Simplify features strings 2018-10-26 01:06:34 +02:00
Haelwenn (lanodan) Monnier
57330dd91b
[Pleroma.Web.Nodeinfo.NodeinfoController]: Have a list of supported features 2018-10-26 01:06:19 +02:00
William Pitcock
ce70eb8c00 activitypub utils: fix user splicing 2018-10-25 05:24:01 +00:00
William Pitcock
2f1f1a4f30 activitypub: splice users into recipient lists when they receive messages at their personal inbox
closes #343
2018-10-25 05:02:21 +00:00
kaniini
9e9b1bd5ea Merge branch 'bugfix/ap-uri-user-search' into 'develop'
transmogrifier: do not try to contain origin of something which doesn't have one

Closes #340

See merge request pleroma/pleroma!389
2018-10-25 04:38:46 +00:00
Haelwenn
79b1e4465f Merge branch 'bugfix/233-handle-missing-StatusView' into 'develop'
[Pleroma.Web.MastodonAPI.StatusView]: Add fallback on missing handler for status.json

Closes #233

See merge request pleroma/pleroma!257
2018-10-25 04:35:29 +00:00
William Pitcock
5383887bd4 transmogrifier: do not try to contain origin of something which doesn't have one 2018-10-25 04:27:33 +00:00
Haelwenn (lanodan) Monnier
b386888a0e
[Pleroma.Web.MastodonAPI.MastodonAPIController]: fallback for try_render/4
Better be sure than sorry
2018-10-25 06:21:11 +02:00
William Pitcock
1ed25c963a twitterapi: activity view: add the other in_reply_to fields 2018-10-25 04:04:04 +00:00
Haelwenn (lanodan) Monnier
b112112c11
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Wrap around render/4 2018-10-25 05:52:45 +02:00
Haelwenn (lanodan) Monnier
b0a940d5a2
[Pleroma.Web.MastodonAPI.StatusView]: Remove unused arguments 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier
2da0ffeb28
lib/pleroma/web/mastodon_api/mastodon_api_controller.ex: Output an error when render(status.json) gives a nil 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier
0c10be8731
[Pleroma.Web.MastodonAPI.StatusView]: Remove nils from lists.json 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier
3b0e9287a5
[Pleroma.Web.MastodonAPI.StatusView]: Return nil as fallback for missing views 2018-10-25 05:24:01 +02:00
William Pitcock
fee43ae5e7 twitterapi: activity view: implement in_reply_to_screen_name using the new graph walking helper 2018-10-25 02:59:04 +00:00
scarlett
a253c1466e New frontend options 2018-10-21 12:52:52 +01:00
AkiraFukushima
e8c698af41 Add an endpoint /api/v1/accounts/:id/lists to get lists to which account belongs 2018-10-19 01:46:26 +09:00
scarlett
7562912f6a Use maybe_direct_follow for follow imports 2018-10-17 04:16:11 +01:00
William Pitcock
30efa86c05 common api: enable tag linking in markdown mode 2018-10-14 20:36:11 +00:00
Haelwenn (lanodan) Monnier
eacab0fb05
Delete Tokens and Authorizations on password change
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
2018-10-14 02:14:54 +02:00
William Pitcock
111841ad34 common api: take the combination of the subject and content for length limit enforcement
closes #315
2018-10-10 07:53:44 +00:00
William Pitcock
08d5ad71b6 nodeinfo: allow opting out of MRF transparency 2018-10-07 01:23:38 +00:00
William Pitcock
7b3fff9af8 {mastodon api, twitter api}: make the follow handshake timeout configurable 2018-10-07 01:05:59 +00:00
William Pitcock
7f530f6f80 mastodon api: relationship view: better handle no pre-existing follow activity 2018-10-05 23:50:13 +00:00
William Pitcock
e69faf550c user: add wait_and_refresh() for async three-way handshake case 2018-10-05 23:40:49 +00:00
William Pitcock
3e751496e3 mastodon api: account view: fetch follow state and use it to populate requested field 2018-10-05 23:31:49 +00:00
William Pitcock
a71b822013 activitypub: always track following state for async reasons 2018-10-05 23:31:00 +00:00
William Pitcock
8ce217776d activitypub transmogrifier: better manage follow state 2018-10-05 23:30:34 +00:00
William Pitcock
bd76d9cee6 nodeinfo: add accepted post formats to metadata 2018-10-05 21:05:37 +00:00
William Pitcock
285ac80c36 config: allow for accepted post formats to be configured 2018-10-05 21:02:17 +00:00
William Pitcock
16307da311 twitterapi: frontend config: add formattingOptionsEnabled 2018-10-05 20:49:34 +00:00
William Pitcock
b1be9415ef Revert "Merge branch 'revert-a26d5e6b' into 'develop'"
This reverts commit d31bbb1cfe, reversing
changes made to 340ab3cb90.
2018-10-05 20:49:34 +00:00
Haelwenn (lanodan) Monnier
f2efc8dcfb
nodeinfo_controller: Fix JSON rendering
This is the last noedinfo difference from my own branch
2018-10-05 22:32:53 +02:00
Haelwenn (lanodan) Monnier
28651df478
MRF Transparency 2018-10-05 20:09:08 +02:00
Haelwenn (lanodan) Monnier
56d31db130
Pleroma.Web.Nodeinfo.NodeinfoController: Further transparency, breaks API of previous one 2018-10-05 20:08:55 +02:00
Haelwenn (lanodan) Monnier
8226953f1d
[Pleroma.Web.Nodeinfo.NodeinfoController]: Transparency on MRF Simple 2018-10-05 20:02:13 +02:00
kaniini
4f03bb2299 Merge branch 'bugfix/fix-mrf-reject-match' into 'develop'
activitypub: fix error condition match

See merge request pleroma/pleroma!365
2018-09-30 05:32:56 +00:00
William Pitcock
4db1bc2c0e activitypub: fix error condition match 2018-09-30 05:26:13 +00:00
Haelwenn
34b6d444d6 Merge branch 'feature/twitter_api/fields' into 'develop'
[Pleroma.Web.TwitterAPI.UserView]: Add mastodon-fields in "fields"

See merge request pleroma/pleroma!360
2018-09-28 09:25:27 +00:00
Haelwenn (lanodan) Monnier
82b57ebad1
[Pleroma.Web.TwitterAPI.UserView]: Add mastodon-fields in "fields" 2018-09-28 10:44:45 +02:00
William Pitcock
707077edde activitypub: don't fall back to OStatus fetching when MRF rejects an object 2018-09-28 00:45:10 +00:00
William Pitcock
5c312ad677 activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else
although the previous handling assumed any unsigned/invalid signature message was a Create,
lets make it more explicit
2018-09-28 00:03:59 +00:00
Haelwenn (lanodan) Monnier
c739737998
transmogrifier: get_actor called without casting attributedTo in actor and actor is nil 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier
9446b02bdf
transmogrifier: Just make attachement maps into a list and reroll 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier
e53da692fb
transmogrifier: Use the correct variable and prefer inspect in case of a bad type being passed on 2018-09-27 20:00:48 +02:00
William Pitcock
d830a243a3
transmogrifier: more robustly handle dereferencing pointer URIs 2018-09-27 20:00:48 +02:00
Haelwenn (lanodan) Monnier
4c3a80de96
transmogrifier: Use oneliners when applicable 2018-09-27 20:00:47 +02:00
William Pitcock
ed8dfa3029
transmogrifier: reformat cond block by hand 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier
eebe33e86a
transmogrifier: Add support for array-less hashtags, add broken announce, harden get_actor 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier
f3291acc91
transmogrifier: pro-actively add support for Hashtag without array in tag 2018-09-27 20:00:47 +02:00
Haelwenn (lanodan) Monnier
22927f3a34
transmogrifier: Use a cond, add proactive support for arrays 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
0aac72f1d3
[Pleroma.Web.ActivityPub.Transmogrifier]: quick fix when tag is a Map 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
28e8a8ab36
[Pleroma.Web.ActivityPub.Transmogrifier]: fix emoji in tag when it’s not in a array [kroeg]
Also simplified the code for name trimming.

And not copying the Map.merge part as it looks buggy.
See: https://queer.hacktivis.me/objects/a9f21ebc-9a12-4a6c-89d5-3d46955c6ee8
2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
f8a0cb9c0b
[Pleroma.Web.ActivityPub.Transmogrifier]: fix when attachment contain is just a Map [kroeg] 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
a4abb124ea
[Pleroma.Web.ActivityPub.Transmogrifier]: Fix when inReplyTo is a inlined post [kroeg] 2018-09-27 20:00:46 +02:00
Haelwenn (lanodan) Monnier
523757be52
[Pleroma.Web.ActivityPub.ActivityPub]: Harden getting endpoints [kroeg] 2018-09-27 20:00:45 +02:00
Martin Kühl
d94ee5cd50 Mastodon API: Support push subscription CRUD 2018-09-22 07:04:01 +02:00
William Pitcock
56577d8b48 twitter api: add no_rich_text option to userview for account prefs 2018-09-22 03:24:40 +00:00
William Pitcock
df00a364fb mastodon api: formatting 2018-09-22 02:53:04 +00:00
William Pitcock
c2b69798dd twitter api: add support for disabling rich text 2018-09-22 02:53:02 +00:00
William Pitcock
958e085acb mastodon api: add support for user-supplied html policy 2018-09-22 02:53:02 +00:00
William Pitcock
2f5b026548 twitter api: add support for user-specified html policy 2018-09-22 02:53:01 +00:00
kaniini
0fe165165f Merge branch 'task-204-on-options-request' into 'develop'
Return 204 response on options request

See merge request pleroma/pleroma!347
2018-09-20 23:54:51 +00:00
Haelwenn (lanodan) Monnier
40c51f118f
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.5.0 2018-09-20 16:48:12 +02:00
Haelwenn (lanodan) Monnier
f74725df41
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Remove unused variables 2018-09-20 16:37:18 +02:00
Haelwenn (lanodan) Monnier
33a1e92584
[Pleroma.Web.Router]: Fake /api/v1/endorsements 2018-09-20 16:25:07 +02:00
Haelwenn (lanodan) Monnier
a8eaecadee
[Pleroma.Web.MastodonAPI.AccountView]: relationship.json: fake endorsed value (false) 2018-09-20 16:24:29 +02:00
Haelwenn (lanodan) Monnier
43d0b7bf7a
[Pleroma.Web.MastodonAPI.StatusView] add replies_count 2018-09-20 16:10:46 +02:00
William Pitcock
c9585ec007 twitter api: fix mimetype fallback when attachments use a URI instead of a URL object 2018-09-19 04:59:26 +00:00
William Pitcock
0cac493fdc mastodon api: default attachment type to image if one is not present 2018-09-19 04:59:25 +00:00
Martin Kühl
f4fcea5258 Revert "Mastodon API: Fake support for loading filters"
This reverts commit c1d07da4e1.

The fake support was superseded by 6e030129fb which actually implements the faked filters API.

This change removes the fake support and ensures that the actual implementation is used.
2018-09-18 11:59:10 +02:00
Dominique Feyer
9b0f2d572b Return 204 response on options request 2018-09-17 12:21:01 +02:00
William Pitcock
342ed84446 MRF: add policy for normalizing HTML markup (local and remote) to a specific policy 2018-09-16 01:25:36 +00:00
kaniini
c2650f0ffb Merge branch 'feature/html-scrub-policy' into 'develop'
html scrub policy

See merge request pleroma/pleroma!339
2018-09-16 01:05:09 +00:00
shadowfacts
39aed5348a Add visible_in_picker to status emojis 2018-09-10 23:32:19 +00:00
William Pitcock
d3248e13e3 activitypub: transmogrifier: allow profile updates from bots 2018-09-10 01:57:03 +00:00
William Pitcock
e0b8c0ccba MRF: reject non-public: use pattern match to remove unnecessary if block 2018-09-10 01:16:03 +00:00
William Pitcock
88094c266d MRF: simple policy: refactor module to use guards and pattern matching 2018-09-10 01:16:02 +00:00
William Pitcock
97253df3ee MRF: simple policy: contain media removal/nsfw ops to create activities only 2018-09-10 01:16:01 +00:00
William Pitcock
e82ce2a4b3 formatting 2018-09-10 00:28:40 +00:00
William Pitcock
ac486fc59b everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly 2018-09-10 00:14:47 +00:00
Dominique Feyer
801d645c6b TASK: Fix formatting 2018-09-09 23:42:28 +02:00
Dominique Feyer
b79c126ee0 Add missing URL encoding in create authorization redirect 2018-09-09 23:31:47 +02:00
Hakaba Hitoyo
4e1bb7bccb make limit for /api/v1/suggestions 2018-09-09 13:57:23 +09:00
lambda
045953225e Merge branch 'moonman/pleroma-sha512-crypt' into 'develop'
auth overhaul and legacy GS auth

See merge request pleroma/pleroma!331
2018-09-08 09:20:34 +00:00
kaniini
530561a091 Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'
Add Secure and SameSite cookie flags

See merge request pleroma/pleroma!302
2018-09-07 23:55:42 +00:00
Martin Kühl
c1d07da4e1 Mastodon API: Fake support for loading filters 2018-09-07 16:12:44 +02:00
Martin Kühl
619f67768a Mastodon API: Add unsupported attributes to relationship responses
These attributes are documented as required by the Mastodon API.
Since we don’t support them (I think?), respond with default values.
2018-09-07 16:12:44 +02:00
lain
70163aec9b Add LegacyAuthenticationPlug to router. 2018-09-05 22:31:57 +02:00
lain
3aba585e7a Add Plugs to router. 2018-09-05 21:57:56 +02:00
Haelwenn
4a3dbd9d4e Merge branch 'fix/sign-in-with-toot' into 'develop'
Fix sign-in and sign-out with Toot!

See merge request pleroma/pleroma!306
2018-09-05 18:20:26 +00:00
lain
636ad3e155 Add new plugs to router. 2018-09-05 19:13:53 +02:00
kaniini
76c67a41c1 Merge branch 'develop' into 'feature/staff-discovery-api'
# Conflicts:
#   lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
2018-09-03 14:55:42 +00:00
William Pitcock
9a21ff5f61 nodeinfo: add staffAccounts field to metadata 2018-09-03 14:48:31 +00:00
kaniini
1c9e539b47 Merge branch 'feature/mastodon_api_2.4.x' into 'develop'
Add/Fix Mastodon endpoints for 2.4.3 compatibility

See merge request pleroma/pleroma!266
2018-09-03 12:33:36 +00:00
Hakaba Hitoyo
b1124f1605 report chat and gopher support at /nodeinfo/2.0.json 2018-09-03 21:13:30 +09:00
shadowfacts
35515cfa66 Update mastodon_api_controller.ex 2018-09-03 01:58:55 +00:00
shadowfacts
26f8697400 Update mastodon_api_controller.ex 2018-09-03 01:52:02 +00:00
shadowfacts
2b2bd0e047 Render notification IDs as strings, not numbers 2018-09-03 01:40:05 +00:00
kaniini
b7923aa304 Merge branch 'hotfix_broken_likes' into 'develop'
hotfix for broken like completely breaking the notifications API

See merge request pleroma/pleroma!284
2018-09-02 12:37:00 +00:00
kaniini
3c7280934e Merge branch 'security/activitypub-spoofing' into 'develop'
security: activitypub spoofing

See merge request pleroma/pleroma!321
2018-09-01 23:48:55 +00:00
William Pitcock
03e92977cb transmogrifier: fix peertube/plume actor handling 2018-09-01 23:44:19 +00:00
William Pitcock
0b2c051a04 activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor 2018-09-01 23:20:02 +00:00
William Pitcock
e2ce0e9e05 run mix format. 2018-09-01 21:12:42 +00:00
Martin Kühl
84d84e4ca4 OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
ad2a7972e7 OAuth: Set created_at in token exchange response
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
b60d232719 AccountView: sensitive is supposed to be a boolean, not a string 2018-09-01 23:10:48 +02:00
William Pitcock
c921d99898 config: add ability to disable Pleroma FE config management (closes #276) 2018-09-01 21:05:32 +00:00
kaniini
2e2f458705 Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
Clean code duplication in MastoAPI search(v1/v2)

See merge request pleroma/pleroma!316
2018-09-01 09:12:59 +00:00
Will Pearson
0c2a0e3551 Specify default scope in verify_credentials
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.

Currently, Pleroma hardcodes this value to "public".

This patch changes it to the user's default_scope value.
2018-08-31 21:04:46 -07:00
Haelwenn (lanodan) Monnier
8885d16e1b
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication 2018-09-01 03:11:58 +02:00
lambda
58539e1357 Revert "Merge branch 'feature/rich-text' into 'develop'"
This reverts merge request !309
2018-08-31 09:51:20 +00:00
William Pitcock
856b5e1ca4 config: chase pleroma-fe updates from MR pleroma-fe!324. 2018-08-31 04:01:21 +00:00
kaniini
a26d5e6b2a Merge branch 'feature/rich-text' into 'develop'
rich text support

See merge request pleroma/pleroma!309
2018-08-31 03:41:00 +00:00
William Pitcock
6aa65b68b8 common api: add support for formatting messages outside of twitter-style plain text 2018-08-31 03:13:59 +00:00
kaniini
e838969495 Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
use media proxy for the suggestions api

See merge request pleroma/pleroma!305
2018-08-30 23:06:30 +00:00
kaniini
65e8d47cfb Merge branch 'backendhack' into 'develop'
Flexible Storage Backends

See merge request pleroma/pleroma!304
2018-08-30 23:05:01 +00:00
William Pitcock
29b5e30c46 activity: drop recipients_to/recipients_cc fields 2018-08-29 18:41:02 +00:00
William Pitcock
de9acebbf3 activitypub: use jsonb query for containment instead of recipients_to/recipients_cc. 2018-08-29 18:41:02 +00:00
href
ddc6f32b75
Fix Mastodon API when actor's nickname is null 2018-08-29 16:32:50 +02:00
William Pitcock
cce9d008f9 streamer: contain list updates in the same way as we do with the database query 2018-08-29 09:23:05 +00:00
William Pitcock
ded9091206 mastodon api: use bounded AP object graph query to enforce containment of private statuses 2018-08-29 08:51:51 +00:00
William Pitcock
643fae6e36 activitypub: allow querying the activity/object graph bounded to a specific to/cc set 2018-08-29 08:51:23 +00:00
William Pitcock
81673b8136 activity: add recipients_to and recipients_cc fields 2018-08-29 08:42:33 +00:00
shibayashi
18ad8aaecf
Explicitly set 'http_only' to true 2018-08-28 22:34:31 +02:00
shibayashi
4656a07e9e
Set SameSite flag to 'Strict' 2018-08-28 14:03:29 +02:00
Hakaba Hitoyo
6cbfb5ab5d use media proxy for suggestions api 2018-08-28 17:01:17 +09:00
Thurloat
0df558a6a5 cleaning up a bit. 2018-08-27 22:45:53 -03:00
shibayashi
0c4493f144
Fix formatting 2018-08-28 00:47:34 +02:00
shibayashi
b9a642da1e
Add Secure and SameSite cookie flags 2018-08-28 00:40:58 +02:00
Henry Jameson
0f1c629d65 better solution, added test. 2018-08-27 17:07:26 +03:00
Haelwenn (lanodan) Monnier
6973b77e94
[Pleroma.Web.MastodonAPI.FilterView] fix expires_at being a unsafe variable 2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
9bddb39ff0
[Pleroma.Web.MastodonAPI.FilterView]: expires_at should be null when N/A 2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
d571a571fe
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.4.3 2018-08-27 15:09:06 +02:00
Haelwenn (lanodan) Monnier
6e030129fb
[MastodonAPI] Add filters 2018-08-27 15:09:05 +02:00
Haelwenn (lanodan) Monnier
a5adb251ab
[Pleroma.Web.MastodonAPI.AccountView]: Add fields support 2018-08-27 15:09:05 +02:00
Haelwenn (lanodan) Monnier
d008f2d69c
[Pleroma.Web.MastodonAPI.AccountView]: Add bot field 2018-08-27 15:09:04 +02:00
Haelwenn (lanodan) Monnier
97e20d2932
[MastodonAPI] the tag field isn’t fixed to a static type in pleroma 2018-08-27 15:08:25 +02:00
Haelwenn (lanodan) Monnier
83efaa3af6
[MastodonAPI] Add streaming of hashtags 2018-08-27 15:08:25 +02:00
lambda
46c7c2380c Merge branch 'feature/relay' into 'develop'
message relay

Closes #144

See merge request pleroma/pleroma!264
2018-08-27 08:29:25 +00:00
lambda
440b459cd1 Merge branch 'bugfix/announce-timeline-flooding' into 'develop'
activitypub: filter destination list for announce activities differently than normal (closes #164)

Closes #164

See merge request pleroma/pleroma!227
2018-08-27 08:25:27 +00:00
kaniini
63094cfd3e Merge branch 'feature/emoji-in-local-users' into 'develop'
Add emoji to local user profiles.

Closes #202

See merge request pleroma/pleroma!271
2018-08-26 23:24:41 +00:00
William Pitcock
bc3c30430e fix formatting 2018-08-26 22:46:25 +00:00
kaniini
1ad5cbed51 Merge branch 'bugfix/common-api-visibility-orphan' into 'develop'
common api: properly handle replying to orphaned threads

See merge request pleroma/pleroma!299
2018-08-26 22:39:15 +00:00
William Pitcock
741c6ad671 common api: handle replying to orphaned threads 2018-08-26 22:37:36 +00:00
kaniini
c9e4c45e0e Merge branch 'login-with-email' into 'develop'
When logging in, try treating the login as an email

Closes #245

See merge request pleroma/pleroma!295
2018-08-26 21:35:12 +00:00
kaniini
0f5bff8c66 Merge branch 'develop' into 'feature/relay'
# Conflicts:
#   lib/pleroma/web/activity_pub/utils.ex
2018-08-26 21:06:15 +00:00
hakabahitoyo
946a0769c4 remove unused settings from /api/statusnet/config 2018-08-26 17:40:15 +09:00
Ekaterina Vaartis
540cce5d10 When logging in, try treating the login as an email
Closes #245
2018-08-25 23:29:03 +03:00
William Pitcock
aab2bdddf4 twitter api: provide object descriptions as attachment description field 2018-08-25 00:12:58 +00:00
kaniini
9ded0ee1a5 Merge branch 'config/fe-collapse-subject' into 'develop'
fe config: add collapse_message_with_subject fe option

See merge request pleroma/pleroma!289
2018-08-24 18:27:43 +00:00
William Pitcock
09cb402203 fe config: add collapse_message_with_subject fe option 2018-08-24 18:21:42 +00:00
hakabahitoyo
bf9f68b681 debug 2018-08-23 11:52:18 +09:00
William Pitcock
a909fe45a6 formatting 2018-08-23 01:34:36 +00:00
William Pitcock
52b44184b4 transmogrifier: reject activities lacking a valid ID 2018-08-23 01:25:26 +00:00
Henry Jameson
9b046d2a84 fixed notifications API completely breaking if there's a like for
missing (deleted) post.
2018-08-22 16:10:59 +03:00
Haelwenn (lanodan) Monnier
d5bdd55b5d
[Pleroma.Web.TwitterAPI.UserView]: Do not fail if user.bio is nil 2018-08-22 01:47:25 +02:00
Haelwenn (lanodan) Monnier
5dde6e4a00
[Pleroma.Web.MastodonAPI.StatusView] Fix rendering peertube videos 2018-08-22 01:46:26 +02:00
kaniini
f6b06d2ac8 Merge branch 'feature/peertube_2' into 'develop'
rebase/update of feature/peertube

See merge request pleroma/pleroma!217
2018-08-21 16:58:44 +00:00
kaniini
a6d4cc8917 Merge branch 'sanitize-bio' into 'develop'
mastodon api: sanitize the bio HTML

See merge request pleroma/pleroma!282
2018-08-21 16:56:24 +00:00
Haelwenn (lanodan) Monnier
046741c60d
[Pleroma.Web.MastodonAPI.StatusView] Support Peertube Video titles 2018-08-21 18:34:56 +02:00
Haelwenn (lanodan) Monnier
f5b056e3ce
[Pleroma.Web.ActivityPub.Transmogrifier]: Fix likes 2018-08-21 18:26:12 +02:00
Haelwenn (lanodan) Monnier
3b8ef24532
Fix attachement rendering 2018-08-21 18:24:10 +02:00
lain
a6b021a52b
Render peertube videos in mastodon. 2018-08-21 18:24:10 +02:00
lain
c381d0b577
Use activitypub to fetch posts.
This falls back to ostatus.
2018-08-21 18:24:09 +02:00
Haelwenn (lanodan) Monnier
74c74decf5
Basic peertube support. 2018-08-21 18:24:09 +02:00
Haelwenn (lanodan) Monnier
ef4f982e2c
Pleroma.Web.ActivityPub.Transmogrifier: Fix actor being a list of objects (Peertube) 2018-08-21 18:24:06 +02:00
ensra
1495d04789 fix test for converting bio \r\n to <br>. 2018-08-21 14:51:27 +01:00
ensra
cdb3dd48ab Format 2018-08-21 14:12:55 +01:00
ensra
5debd7b5cc Twitter API: Support Mastodon-style bios
(multi-line, with links, and user mentions)
2018-08-21 14:03:36 +01:00
ensra
175f0bebbc mastodon api: sanitize the bio HTML 2018-08-21 10:53:53 +01:00
kaniini
c1b8a6a73b Merge branch 'feature/formatter-consistent-hashtag-mentions' into 'develop'
formatter: consistent presentation of hashtags and mentions

See merge request pleroma/pleroma!280
2018-08-20 18:44:52 +00:00
William Pitcock
c033d2004b formatting 2018-08-20 18:40:05 +00:00
William Pitcock
145546e52a common api: format hashtags in the same way as we format mentions 2018-08-20 18:39:47 +00:00
eal
f1c407e777 Merge branch 'fix/redirect-on-user-fetch' into 'develop'
ActivityPub: follow redirects when fetching user

See merge request pleroma/pleroma!278
2018-08-20 12:13:07 +00:00