Commit Graph

386 Commits

Author SHA1 Message Date
rinpatch 6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
Egor Kislitsyn d2113428c0
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-30 19:34:02 +04:00
Ivan Tashkinov ba50dc05a8 Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
#	CHANGELOG.md
2020-10-28 19:03:40 +03:00
Mark Felder 9e54ef086b Merge branch 'develop' into feature/account-export 2020-10-27 12:51:31 -05:00
Egor Kislitsyn e87901c424
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-20 17:27:29 +04:00
Ivan Tashkinov 9ea31b373f Merge remote-tracking branch 'remotes/origin/develop' into chore/elixir-1.11 2020-10-17 17:53:47 +03:00
Ivan Tashkinov 049ece1ef3 Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
#	lib/pleroma/web/feed/user_controller.ex
#	lib/pleroma/web/o_status/o_status_controller.ex
#	lib/pleroma/web/router.ex
#	lib/pleroma/web/static_fe/static_fe_controller.ex
2020-10-17 13:12:39 +03:00
Mark Felder 1fb9452131 Merge branch 'develop' into feature/account-export 2020-10-14 15:27:15 -05:00
Mark Felder 64553ebae2 Merge branch 'develop' into chore/elixir-1.11 2020-10-13 09:54:53 -05:00
Mark Felder 4ead0d564f Merge branch 'develop' into refactor/discoverable_user_field 2020-10-13 09:54:11 -05:00
Mark Felder 8bacdc3680 Change user.discoverable field to user.is_discoverable 2020-10-13 09:45:08 -05:00
Alexander Strizhakov 7dffaef479
tests consistency 2020-10-13 16:35:09 +03:00
Mark Felder 8156940a49 Compatibility with phoenix_pubsub 2.0.0 2020-10-07 13:28:39 -05:00
Mark Felder 570a406b7a use Phoenix.ConnTest is deprecated 2020-10-07 10:31:08 -05:00
Egor Kislitsyn 739cb1463b
Add backups deletion 2020-10-07 18:34:29 +04:00
Ivan Tashkinov f6024252ae [#3053] No auth check in StaticFEController, even on non-federating instances. Adjusted tests. 2020-10-02 22:18:02 +03:00
Alexander Strizhakov cbdaabad34
web push http_client fix 2020-10-01 13:32:11 +03:00
Ivan Tashkinov 60b025b782 [#2074] OAuth scope checking in Streaming API. 2020-09-19 19:16:55 +03:00
stwf 41939e3175 User search respect discoverable flag 2020-09-17 12:15:50 -04:00
rinpatch f70335002d RichMedia: Do a HEAD request to check content type/length
This shouldn't be too expensive, since the connections are pooled,
but it should save us some bandwidth since we won't fetch non-html
files and files that are too large for us to process (especially
since you can't cancel a request without closing the connection
with HTTP1).
2020-09-14 14:45:58 +03:00
Alexander Strizhakov 9bf1065a06 schedule activity expiration in Oban 2020-09-10 21:50:40 +03:00
Haelwenn (lanodan) Monnier 921f926e96
Remove OStatus in testsuite 2020-09-08 18:43:57 +02:00
Alexander Strizhakov 79f65b4374
correct pool and uniform headers format 2020-09-02 09:16:51 +03:00
lain 9a9121805c Apply 1 suggestion(s) to 1 file(s) 2020-08-11 09:08:27 +00:00
Alex Gleason 673e8e3ac1
Force 204 responses to be empty, fixes #2029 2020-08-07 13:02:39 -05:00
lain 34cbe9f44a Merge branch 'features/poll-validation' into 'develop'
Poll and votes pipeline ingestion

Closes #1362 and #1852

See merge request pleroma/pleroma!2635
2020-08-07 10:44:06 +00:00
Roman Chvanikov 97b5701449 Update clear_config macro 2020-08-05 17:46:14 +03:00
lain 878c7f3f30 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/poll-validation 2020-08-04 15:28:41 +02:00
Roman Chvanikov 56e9bf3393 Unify Config.get behaviour for atom/list key param 2020-08-04 14:35:47 +03:00
Alex Gleason f9301044ed
Add ReportNote test 2020-08-02 17:45:15 -05:00
Alex Gleason 77b48cb4ce
Factory: Add report_activity_factory 2020-08-02 16:36:55 -05:00
Haelwenn (lanodan) Monnier ac2598307d
Merge remote-tracking branch 'pleroma/develop' into features/poll-validation 2020-07-31 13:57:21 +02:00
Mark Felder 33f0427809 Expose seconds_valid in Pleroma Captcha API endpoint 2020-07-29 16:07:22 -05:00
Alex Gleason b87a1f8eaf
Refactor require_migration/1 into a test helper function 2020-07-22 14:32:44 -05:00
Haelwenn (lanodan) Monnier c19bdc811e
Fix attachments in polls 2020-07-15 12:32:42 +02:00
Mark Felder 3c0c1fd2ef Merge branch 'develop' into issue/1790-updated-oban 2020-07-10 11:34:53 -05:00
lain 4d809144d8 Merge branch 'cluster-test-ci' into 'develop'
RE-enable cluster tests on CI

See merge request pleroma/pleroma!2743
2020-07-10 08:56:12 +00:00
stwf 08211eff22 Re-enable the federated tests, increase timeout 2020-07-09 13:49:30 -04:00
Haelwenn (lanodan) Monnier 6a679d80c9
Move get_favicon to Pleroma.Instances, use / 2020-07-08 06:28:39 +02:00
Haelwenn (lanodan) Monnier f6d09fafee
Add support for remote favicons 2020-07-08 06:28:39 +02:00
lain 9ad305209a Merge branch 'bugfix/peertube-videos' into 'develop'
Fix getting videos from peertube

See merge request pleroma/pleroma!2728
2020-07-07 09:14:50 +00:00
Haelwenn (lanodan) Monnier fbb9743a70
Fix getting videos from peertube 2020-07-07 09:38:38 +02:00
Sergey Suprunenko 4a8c26654e
Restrict statuses that contain user's irreversible filters 2020-07-06 09:28:21 +03:00
Mark Felder 4695bdd81b Merge branch 'develop' into issue/1790-updated-oban 2020-07-03 10:36:41 -05:00
Haelwenn (lanodan) Monnier 244655e884
MastoAPI: Show source field when deleting 2020-06-26 19:52:20 +02:00
Maksim Pechnikov a8d967762e migrate to oban 2.0-rc1 2020-06-23 15:09:01 +03:00
rinpatch 4ec2fb967e Merge branch 'features/users-raw_bio' into 'develop'
User: Add raw_bio, storing unformatted bio

See merge request pleroma/pleroma!2326
2020-06-17 10:34:23 +00:00
Alexander Strizhakov 9a4fde9766
Mogrify args as custom tuples 2020-06-16 15:53:28 +03:00
Haelwenn (lanodan) Monnier e1b07402ab
User: Add raw_bio, storing unformatted bio
Related: https://git.pleroma.social/pleroma/pleroma/issues/1643
2020-06-06 16:23:16 +02:00
lain 3bec0d2e50 Factory: Set users to be ap_enabled by default. 2020-05-25 12:59:42 +02:00