Commit graph

273 commits

Author SHA1 Message Date
Tusooa Zhu
5ce118d970
Validate object data for incoming Update activities
In Create validator we do not validate the object data,
but that is because the object itself will go through the
pipeline again, which is not the case for Update. Thus,
we added validation for objects in Update activities.
2022-07-03 20:21:46 -04:00
Tusooa Zhu
4367489a3e
Pass history items through ObjectValidator for updatable object types 2022-07-03 20:02:52 -04:00
Tusooa Zhu
4edc867b87 Merge branch 'develop' into 'from/upstream-develop/tusooa/edits'
# Conflicts:
#   lib/pleroma/constants.ex
2022-07-03 22:24:57 +00:00
Haelwenn
a15b45a589 Merge branch 'bugfix/mime-validation-no-list' into 'develop'
Bugfix: Validate mediaType only by it's format

See merge request pleroma/pleroma!3597
2022-07-03 21:04:41 +00:00
Ilja
37fdf148b0 Rename privilege tags
I first focussed on getting things working
Now that they do and we know what tags there are, I put some thought in providing better names

I use the form <what_it_controls>_<what_it_allows_you_to_do>

:statuses_read    => :messages_read
:status_delete    => :messages_delete

:user_read        => :users_read
:user_deletion    => :users_delete
:user_activation  => :users_manage_activation_state
:user_invite      => :users_manage_invites
:user_tag         => :users_manage_tags
:user_credentials => :users_manage_credentials

:report_handle    => :reports_manage_reports

:emoji_management => :emoji_manage_emoji
2022-07-01 10:28:09 +02:00
Hélène
11f9f2ef27
EmojiReactValidator: fix emoji qualification
Tries fully-qualifying emoji when receiving them, by adding the emoji
variation sequence to the received reaction emoji.

This issue arises when other instance software, such as Misskey, tries
reacting with emoji that have unqualified or minimally qualified
variants, like a red heart. Pleroma only accepts fully qualified emoji
in emoji reactions, and refused those emoji. Now, Pleroma will attempt
to properly qualify them first, and reject them if checks still fail.
2022-06-28 21:33:57 +02:00
Tusooa Zhu
014096aeef
Make outbound transmogrifier aware of edit history 2022-06-25 11:20:46 -04:00
Tusooa Zhu
5321fd0012
Do not put meta[:object_data] for local Updates 2022-06-25 10:03:19 -04:00
Tusooa Zhu
ee07383191
Use meta[:object_data] in SideEffects for Update 2022-06-24 10:28:58 -04:00
Tusooa Zhu
01321c88b5
Convert incoming Updated object into Pleroma format 2022-06-24 10:25:22 -04:00
Ilja
bb61cfee8d Validator for deleting statusses is now done with priviledge instead of superuser 2022-06-21 12:10:27 +02:00
Tusooa Zhu
72ac940618
Fix SideEffectsTest 2022-06-03 21:50:49 -04:00
Tusooa Zhu
410e177b2a
Strip internal fields in formerRepresentation 2022-06-01 12:02:03 -04:00
Tusooa Zhu
8acfe95f3e
Allow updating polls 2022-05-29 22:16:03 -04:00
Tusooa Zhu
5e8aac0e07
Record edit history for Note and Question Updates 2022-05-29 13:54:16 -04:00
Tusooa Zhu
0f6a5eb9a2
Handle Note and Question Updates 2022-05-29 12:54:57 -04:00
Tusooa Zhu
547def67a7
Allow Updates by every actor on the same origin 2022-05-29 11:36:00 -04:00
Hélène
a74ce2d77a
StealEmojiPolicy: fix String rejected_shortcodes
* rejected_shortcodes is defined as a list of strings in the
  configuration description. As such, database-based configuration was
  led to handle those settings as strings, and not as the actually
  expected type, Regex.
* This caused each message passing through this MRF, if a rejected
  shortcode was set and the emoji did not exist already on the instance,
  to fail federating, as an exception was raised, swiftly caught and
  mostly silenced.
* This commit fixes the issue by introducing new behavior: strings are
  now handled as perfect matches for an emoji shortcode (meaning that if
  the emoji-to-be-pulled's shortcode is in the blacklist, it will be
  rejected), while still supporting Regex types as before.
2022-05-18 21:25:10 +02:00
Tusooa Zhu
6e5ef7f2eb
Test local-only in ap c2s outbox
Ref: fix-local-public
2022-05-09 18:53:32 -04:00
Haelwenn
4605efe272 Merge branch 'improve_anti_followbot_policy' into 'develop'
Also use actor_type to determine if an account is a bot in antiFollowbotPolicy

Closes #2561

See merge request pleroma/pleroma!3498
2022-05-08 18:10:40 +00:00
Ilja
a8093732bd Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-05-08 18:10:40 +00:00
Tusooa Zhu
fe933b9bf2
Prevent remote access of local-only posts via /objects
Ref: fix-local-public
2022-05-06 13:54:21 -04:00
Tusooa Zhu
57c030a0a7 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu
fa3157df96 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-05-06 08:44:03 +02:00
Haelwenn (lanodan) Monnier
030183b35f AttachmentValidator: Use custom ecto type and regex for "mediaType" 2022-03-17 22:37:26 +01:00
Sean King
17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Alex Gleason
2d77976305
Add tests for mismatched context in replies 2022-02-02 12:19:35 -06:00
Alex Gleason
5a4e3aa715
Test that a Create/Note from Roadhouse validates 2022-02-02 11:02:23 -06:00
Alex Gleason
61dfeca1cc
Test that a Note from Roadhouse validates 2022-02-02 10:38:30 -06:00
Alex Gleason
3bf257171f
ForceMentionsInContent: improve display of Markdown posts 2022-01-27 14:15:06 -06:00
Alex Gleason
27cb3d6273
ForceMentionsInContent: don't apply it to top-level posts 2022-01-26 21:24:26 -06:00
Alex Gleason
0604b0dd09
ForceMentionsInContent: don't mention self 2022-01-25 12:33:47 -06:00
Alex Gleason
0f4e0e667e Merge branch 'recipients-inline' into 'develop'
ForceMentionsInContent: wrap mentions in a span, fix the formatting

See merge request pleroma/pleroma!3620
2022-01-25 17:43:39 +00:00
Alex Gleason
65b4d2ce84
ForceMentionsInContent: fix order of mentions 2022-01-25 10:42:34 -06:00
Alex Gleason
267184b70e
ForceMentionsInContentTest: return mentions in a not terrible format 2022-01-24 20:03:43 -06:00
marcin mikołajczak
e3d394eef6 Birthdays: Fix tests, add test for misskey
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-01-23 09:41:21 +01:00
Alex Gleason
6ffe43af70 Merge branch 'private-pins' into 'develop'
Support private pinned posts from Mastodon

See merge request pleroma/pleroma!3611
2022-01-20 23:18:24 +00:00
marcin mikołajczak
88c21b9282 Support private pinned posts from Mastodon
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-01-20 12:35:32 +01:00
rinpatch
a02cfd7f52 Add ForceMentionsInContentPolicy
Even though latest PleromaFE supports displaying these properly, mobile
apps still exist, so I think we should offer a workaround to those who
want it.
2022-01-19 21:04:57 +03:00
Tusooa Zhu
4f44fd32ea
Federate unfollow activity in move_following properly
0: Use the CommonAPI unfollow function to make sure the
unfollow activity is federated.

1: Limit the follow and unfollow to local followers only,
while let the romote servers decide whether to move their followers.

Ref: emit-move
2021-12-28 01:11:08 -05:00
Tusooa Zhu
e41eee5ed1
Make Move activity federate properly
Ref: emit-move
2021-12-28 01:11:08 -05:00
Tusooa Zhu
8376e83f61
Lint 2021-12-17 16:52:50 -05:00
Tusooa Zhu
951d1592c7
Add test to ensure removed follower cease to have relationship with ex-followee
https://git.pleroma.social/pleroma/pleroma/-/issues/2802
2021-12-17 16:44:22 -05:00
Tusooa Zhu
bfd870380c
Add test to ensure the blocked cease to have follow relationship to the blocker
https://git.pleroma.social/pleroma/pleroma/-/issues/2766
2021-12-17 14:44:28 -05:00
Tusooa Zhu
3d41ccc47b
Allow updating accepted follow activities in Web.ActivityPub.Utils.update_follow_state_for_all/2
Mastodon uses the Reject activity also for the purpose of removing
a follower, in addition to reject a follow request. We should
also update the original Follow activity in this case.
2021-12-17 14:17:51 -05:00
Alex Gleason
01cc099c8e
VideoHandlingTest: remove nil values 2021-12-07 21:55:54 -05:00
Haelwenn
992d9287d0 Apply alexgleason's suggestion(s) to 1 file(s) 2021-12-07 22:53:36 +00:00
Alex Gleason
2c96668a2c
Merge remote-tracking branch 'origin/develop' into fix-attachment-dimensions 2021-12-07 13:41:54 -05:00
Alex Gleason
335684182a
Fix VideoHandlingTest 2021-12-07 13:35:34 -05:00
Alex Gleason
3f03d71ea6
AttachmentValidator: ingest width and height 2021-12-07 12:59:03 -05:00
Alex Gleason
d9349bc52f
Transmogrifier: test fix_attachments/1 2021-12-07 01:10:47 -05:00
FloatingGhost
db46913dcc make linter happy 2021-12-06 11:50:51 +00:00
FloatingGhost
cd8bdbc761 Make deactivated user check into a subquery
Fixes #2792
2021-12-06 11:44:17 +00:00
lain
4d341f51e1 Merge branch 'fix-tests' into 'develop'
Test fixes

See merge request pleroma/pleroma!3532
2021-11-15 14:31:27 +00:00
lain
e2772d6bf1 Merge branch 'block-behavior' into 'develop'
Configurable block visibility, fixes #2123

Closes #2123

See merge request pleroma/pleroma!3242
2021-11-15 14:27:59 +00:00
Lain Soykaf
2dea4a8c04 StealEmojiPolicyTest: Make mocks explicit. 2021-11-14 11:44:24 +01:00
Haelwenn (lanodan) Monnier
23161526d4 object_validators: Group common fields in CommonValidations
Notes:
- QuestionValidator didn't have a :name field but that seems like a mistake
- `_fields` functions can't inherit others because of some Validators
- bto/bcc fields were absent in activities, also seems like a mistake
  (Well IIRC we don't or barely support bto/bcc anyway)
2021-10-10 02:50:06 +02:00
Haelwenn
bc62a35282 Merge branch 'features/ingestion-no-nil' into 'develop'
ObjectValidator.stringify_keys: filter out nil values

See merge request pleroma/pleroma!3506
2021-08-28 16:07:35 +00:00
Haelwenn
773708cfe8 Merge branch 'builder-note' into 'develop'
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1

See merge request pleroma/pleroma!3511
2021-08-14 18:32:40 +00:00
Alex Gleason
ba6049aa81
Builder.note/1: return {:ok, map(), keyword()} like other Builder functions 2021-08-14 11:24:55 -05:00
Alex Gleason
a2eacfc525
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1 2021-08-14 11:01:06 -05:00
Haelwenn (lanodan) Monnier
8baaa36a16
ObjectAgePolicy: Fix pattern matching on published
Backport of: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3500
2021-08-13 17:56:46 +02:00
Haelwenn (lanodan) Monnier
61d233921c
ObjectValidator.stringify_keys: filter out nil values 2021-08-11 21:38:10 +02:00
Haelwenn (lanodan) Monnier
c64eae40a2
ObjectAgePolicy: Fix pattern matching on published 2021-08-10 07:41:06 +02:00
Haelwenn
901204df22 Merge branch 'poll-notification' into 'develop'
MastodonAPI: Support poll notification

See merge request pleroma/pleroma!3484
2021-08-09 10:02:37 +00:00
Ilja
27fe7b0274
Make quarentine work with list of tuples instead of strings 2021-08-06 07:59:52 +02:00
Ilja
dd947d9bc8
Add tests for setting :instance, :quarantined_instances
No test was done for quarantined instances yet. I added a factory for followers_only notes and checked
* That no followers only post is send when the target server is quarantined
* That a followers only post is send when the target server is not quarantined
2021-08-06 07:59:52 +02:00
Ilja
4ba0beb60c
Make mrfSimple work with tuples
* Changed SimplePolicy
* I also grepped in test/ for ':mrf_simple' to see what other things could be affected
2021-08-06 07:58:58 +02:00
Alex Gleason
62bf6d67e3
Merge remote-tracking branch 'pleroma/develop' into poll-notification-fixes 2021-07-18 11:49:22 -05:00
Alex Gleason
0b1c05ca1e
Poll notification: trigger PollWorker through common_pipeline 2021-07-18 11:10:23 -05:00
Haelwenn
173e977e28 Merge branch 'features/ingestion-page' into 'develop'
Pipeline Ingestion: Page

See merge request pleroma/pleroma!3097
2021-07-12 05:05:49 +00:00
Haelwenn (lanodan) Monnier
6dc78f5f6f
AP C2S: Remove restrictions and make it go through pipeline 2021-07-12 06:49:41 +02:00
Haelwenn (lanodan) Monnier
c839078a75
ObjectValidators.{Announce,EmojiReact,Like}: Fix context, actor & addressing 2021-06-09 04:23:02 +02:00
Haelwenn (lanodan) Monnier
eb7313b0d3
Pipeline Ingestion: Page 2021-06-04 20:06:33 +02:00
feld
0ddf492c5d Merge branch 'cycles-base-url' into 'develop'
Deprecate Pleroma.Web.base_url/0

See merge request pleroma/pleroma!3432
2021-06-01 16:15:27 +00:00
Haelwenn
c4b4258374 Merge branch 'features/validators-note' into 'develop'
Pipeline Ingestion: Note

Closes #290

See merge request pleroma/pleroma!2984
2021-06-01 01:51:38 +00:00
Alex Gleason
f2134e605b
Merge remote-tracking branch 'pleroma/develop' into cycles-base-url 2021-05-31 16:49:46 -05:00
Alex Gleason
51a9f97e87
Deprecate Pleroma.Web.base_url/0
Use Pleroma.Web.Endpoint.url/0 directly instead. Reduces compiler cycles.
2021-05-31 16:48:03 -05:00
feld
359ded086c Merge branch 'simplepolicy-announce-leak' into 'develop'
SimplePolicy: filter nested objects, fixes #2582

Closes #2582

See merge request pleroma/pleroma!3376
2021-05-28 19:05:13 +00:00
Mark Felder
4694853766 Provide totalItems field for featured collections 2021-05-27 12:17:31 -05:00
Alex Gleason
ff02511057
Merge remote-tracking branch 'upstream/develop' into attachment-meta 2021-05-12 20:10:52 -05:00
Alex Gleason
4c060ae733
Ingest remote attachment width/height 2021-05-12 15:38:49 -05:00
Alex Gleason
926a233cc4
Merge remote-tracking branch 'upstream/develop' into simplepolicy-announce-leak 2021-04-30 14:21:17 -05:00
Alex Gleason
c16c7fdb87
SimplePolicy: filter string Objects 2021-04-30 14:20:54 -05:00
Alex Gleason
3d742c3c1a
SimplePolicy: filter nested objects 2021-04-30 14:20:37 -05:00
Alex Gleason
762be6ce10
Merge remote-tracking branch 'upstream/develop' into block-behavior 2021-04-29 11:14:32 -05:00
rinpatch
15f87cf658 Merge branch 'features/ingestion-ecto-tag' into 'develop'
TagValidator: New

See merge request pleroma/pleroma!3244
2021-04-16 09:55:55 +00:00
rinpatch
79376b4afb Merge branch 'feature/521-pinned-post-federation' into 'develop'
Pinned posts federation

Closes #521

See merge request pleroma/pleroma!3312
2021-04-16 09:53:47 +00:00
Haelwenn (lanodan) Monnier
53193b84b1
utils: Fix maybe_splice_recipient when "object" isn’t a map 2021-04-05 19:19:12 +02:00
Haelwenn (lanodan) Monnier
b0c778fde7
NoteHandlingTest: remove fix_explicit_addressing-related test 2021-04-05 19:19:12 +02:00
Haelwenn (lanodan) Monnier
d1205406d9
ActivityPubControllerTest: Apply same addr changes to object 2021-04-05 19:19:12 +02:00
Haelwenn (lanodan) Monnier
641184fc7a
recipients fixes/hardening for CreateGenericValidator 2021-04-05 19:19:11 +02:00
Haelwenn (lanodan) Monnier
c944932674
Pipeline Ingestion: Note 2021-04-05 19:19:11 +02:00
Haelwenn (lanodan) Monnier
e2a3365b5c
ObjectValidator.CommonFixes: Introduce fix_objects_defaults and fix_activity_defaults 2021-04-05 19:19:11 +02:00
Haelwenn (lanodan) Monnier
e56779dd8d
Transmogrifier: Simplify fix_explicit_addressing and fix_implicit_addressing 2021-04-05 19:19:11 +02:00
Haelwenn (lanodan) Monnier
5ae27c8451
pipeline_test: Fix usage of %Activity{} 2021-04-01 14:18:40 +02:00
Mark Felder
16a7ffb1ea Fix function calls due to module name change 2021-03-30 11:10:44 -05:00
Mark Felder
bfcdcd4f69 Temp file leaked, oops 2021-03-30 11:10:44 -05:00
Mark Felder
03f38ac4eb Prefer FollowBot naming convention vs Followbot 2021-03-30 11:10:44 -05:00
Mark Felder
fef4f3772c More tests to validate Followbot is behaving 2021-03-30 11:10:44 -05:00