Commit graph

17 commits

Author SHA1 Message Date
Alex Gleason
a953b1d927 Prevent spoofing webfinger 2024-05-22 19:08:37 +01:00
Erin Shepherd
464db9ea0b Don't list old accounts as aliases in WebFinger
Per the XRD specification:

> 2.4. Element <Alias>
>
> The <Alias> element contains a URI value that is an additional
> identifier for the resource described by the XRD. This value
> MUST be an absolute URI. The <Alias> element does not identify
> additional resources the XRD is describing, **but rather provides
> additional identifiers for the same resource.**

(http://docs.oasis-open.org/xri/xrd/v1.0/os/xrd-1.0-os.html#element.alias, emphasis mine)

In other words, the alias list is expected to link to things which are
not just semantically the same, but exactly the same. Old user accounts
don't do that

This change should not pose a compatibility issue: Mastodon does not
list old accounts here (See e1fcb02867/app/serializers/webfinger_serializer.rb (L12))

The use of as:alsoKnownAs is also not quite semantically right here
(see https://www.w3.org/TR/did-core/#dfn-alsoknownas, which defines
it to be used to refer to identifiers which are interchangable) but
that's what DID get for reusing a property definition that Mastodon
already squatted long before they got to it
2024-04-01 13:34:58 +02:00
FloatingGhost
98cb255d12 Support elixir1.15
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
Walter Huf
54fdf3a5de Use any custom WebFinger domain for page metadata 2023-01-22 16:26:41 -08:00
floatingghost
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
2022-12-14 12:38:48 +00:00
Hélène
0b14f02ed2 User: generate private keys on user creation
This fixes a race condition bug where keys could be regenerated
post-federation, causing activities and HTTP signatures from an user to
be dropped due to key differences.
2022-09-11 19:54:37 +01:00
Joel Beckmeyer
e26388a01c Support reaching user@sub.domain.tld at user@domain.tld (#134)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/134
Co-authored-by: Joel Beckmeyer <joel@beckmeyer.us>
Co-committed-by: Joel Beckmeyer <joel@beckmeyer.us>
2022-08-02 13:54:22 +00:00
Alex Gleason
f2134e605b
Merge remote-tracking branch 'pleroma/develop' into cycles-base-url 2021-05-31 16:49:46 -05:00
Alex Gleason
51a9f97e87
Deprecate Pleroma.Web.base_url/0
Use Pleroma.Web.Endpoint.url/0 directly instead. Reduces compiler cycles.
2021-05-31 16:48:03 -05:00
Alexander Strizhakov
d7e51206a2
respect content-type header in finger request 2021-03-19 18:53:55 +03:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
Alex Gleason
0d6b9ce8ca Apply 2 suggestion(s) to 1 file(s) 2020-12-31 18:51:57 +00:00
Alex Gleason
cbce880076
Merge remote-tracking branch 'upstream/develop' into aliases 2020-12-30 17:10:02 -06:00
Kaizhe Huang
fb02241580 Fix trailing whitespaces in lib/pleroma/web/web_finger.ex 2020-12-21 00:54:15 +11:00
FiveYellowMice
83cd7f2b5f WebFinger: add subscribe_address in return data of JSON responses 2020-12-18 13:48:38 +00:00
Alex Gleason
7d8f610720
Merge remote-tracking branch 'upstream/develop' into aliases 2020-10-13 19:25:18 -05:00
Alexander Strizhakov
fc7151a9c4
more files renamings 2020-10-13 16:38:19 +03:00
Renamed from lib/pleroma/web/web_finger/web_finger.ex (Browse further)