Commit Graph

75 Commits

Author SHA1 Message Date
rinpatch 6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
rinpatch f70335002d RichMedia: Do a HEAD request to check content type/length
This shouldn't be too expensive, since the connections are pooled,
but it should save us some bandwidth since we won't fetch non-html
files and files that are too large for us to process (especially
since you can't cancel a request without closing the connection
with HTTP1).
2020-09-14 14:45:58 +03:00
Haelwenn (lanodan) Monnier 921f926e96
Remove OStatus in testsuite 2020-09-08 18:43:57 +02:00
Alexander Strizhakov 79f65b4374
correct pool and uniform headers format 2020-09-02 09:16:51 +03:00
Haelwenn (lanodan) Monnier c19bdc811e
Fix attachments in polls 2020-07-15 12:32:42 +02:00
Haelwenn (lanodan) Monnier 6a679d80c9
Move get_favicon to Pleroma.Instances, use / 2020-07-08 06:28:39 +02:00
Haelwenn (lanodan) Monnier f6d09fafee
Add support for remote favicons 2020-07-08 06:28:39 +02:00
Haelwenn (lanodan) Monnier fbb9743a70
Fix getting videos from peertube 2020-07-07 09:38:38 +02:00
Haelwenn (lanodan) Monnier e688d4ee69
MRF.StealEmojiPolicy: New Policy
Inspired by https://git.pleroma.social/moonman/emoji-stealer-mrf/-/blob/master/steal_emoji_policy.ex
2020-05-14 09:59:56 +02:00
lain a7966f2080 Webfinger: Request account info with the acct scheme 2020-05-03 13:48:01 +02:00
Maksim Pechnikov ea5142b94b convert markdown content to html 2020-04-28 09:32:43 +03:00
Maksim Pechnikov c5c09fc61b fix mediaType of object 2020-04-13 07:02:57 +03:00
Alexander Strizhakov f497cf2f7c
Merge branch 'develop' into gun 2020-03-30 12:15:23 +03:00
Haelwenn e999c67cee Merge branch 'feature/funkwhale-audio' into 'develop'
Add support for funkwhale Audio activity

Closes #764 and #1624

See merge request pleroma/pleroma!2287
2020-03-29 19:18:22 +00:00
Alexander Strizhakov 39ed608b13
Merge branch 'develop' into gun 2020-03-12 18:31:10 +03:00
Haelwenn (lanodan) Monnier 863ec33ba2
Add support for funkwhale Audio activity
reel2bits fixture not included as it lacks the Actor fixture for it.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1624
Closes: https://git.pleroma.social/pleroma/pleroma/issues/764
2020-03-11 13:46:42 +01:00
Alexander Strizhakov 509c81e4b1
Merge branch 'develop' into gun 2020-03-03 10:08:07 +03:00
Alexander Strizhakov cc98d010ed
relay list shows hosts without accepted follow 2020-03-02 09:27:20 +03:00
Haelwenn (lanodan) Monnier 6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Alexander Strizhakov 514c899275
adding gun adapter 2020-02-18 08:19:01 +03:00
Egor Kislitsyn 2ddd1bb088
Fix compatibility with Elixir v1.10 2020-01-28 18:23:59 +04:00
Thomas Citharel d2f1c4f658
Add ActivityPub Object Event type support
Adds Event support in the same way Video objects are handled, with the
name of the object as message header.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-12-17 16:16:21 +01:00
kPherox 1915b23e72
test missing first field 2019-11-30 15:43:12 +09:00
Steven Fuchs 5271bbcf11 add missing tesla mocks 2019-11-04 15:18:32 +00:00
Ariadne Conill ef659331b0 implement invisible support for remote users 2019-10-19 23:21:37 +00:00
Ariadne Conill dbfdb1f6e3 add some missing tesla fixtures 2019-10-18 14:50:10 +00:00
Steven Fuchs dc6d20b68d provide mocks for webfinger endpoints 2019-10-09 16:32:28 +00:00
Thibaut Girka b1ff66dc5f Add test for handling Announces with inlined object from different origin 2019-10-05 13:56:40 +02:00
Thibaut Girka 977e711e22 Import object from self-Announce whenever possible 2019-10-05 13:56:40 +02:00
rinpatch b0ec82d24a Merge branch 'chores/bump-copyright-year' into 'develop'
Bump copyright years of files changed in 2019

See merge request pleroma/pleroma!1698
2019-09-18 21:57:49 +00:00
Haelwenn (lanodan) Monnier 447514dfa2
Bump copyright years of files changed in 2019
Done via the following command:
git diff 1e6c102bfc --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2019-09-18 23:21:11 +02:00
rinpatch 7ef575d11e Initial poll refresh support
Implement refreshing the object with an interval and call the function
when getting the poll.
2019-09-18 18:13:21 +03:00
rinpatch b312ca3d52 Mastodon API Poll view: Fix handling of polls without an end date 2019-09-05 12:03:39 +03:00
lain 3da65292b3 Transmogrifier: Fix follow handling when the actor is an object. 2019-08-26 14:34:52 -05:00
lain 5e7098cf69 Merge branch 'bugfix/rel_me_missing_mocks' into 'develop'
Implement missing mocks for rel=me

See merge request pleroma/pleroma!1598
2019-08-25 16:12:13 +00:00
Haelwenn (lanodan) Monnier 20c3f613d8
HttpRequestMock: Remove useless `error = error` 2019-08-25 08:55:29 +02:00
Haelwenn (lanodan) Monnier 211e163770
Implement missing mocks for rel=me 2019-08-25 08:03:25 +02:00
Haelwenn (lanodan) Monnier e22737ffb5
HttpRequestMock: Improve non-implemented error message 2019-08-25 07:33:46 +02:00
Haelwenn (lanodan) Monnier 18668447d2
HttpRequestMock: Log mock errors as warnings 2019-08-25 07:33:13 +02:00
lain 5ff8f07ca9 Merge branch 'feature/hide-follows-remote' into 'develop'
Refactor Follows/Followers counter syncronization and set hide_followers/hide_follows for remote users

See merge request pleroma/pleroma!1411
2019-08-02 11:23:07 +00:00
rinpatch 301ea0dc04 Add tests for counters being updated on follow 2019-07-31 21:09:13 +03:00
Maksim 58443d0cd6 tests for TwitterApi/UtilController 2019-07-31 15:14:36 +00:00
kaniini 19835be067 Merge branch 'fix-remote-follow-from-ostatus-subscribe' into 'develop'
Fix remote follow from /ostatus_subscribe

Closes #1103

See merge request pleroma/pleroma!1472
2019-07-24 19:29:01 +00:00
Sergey Suprunenko b20020da16 Show the url advertised in the Activity in the Status JSON response 2019-07-24 19:28:21 +00:00
kPherox 8d9f43e1d1
Add WebFinger test for AP-only account 2019-07-25 01:27:34 +09:00
Maksim 55341ac717 tests WebFinger 2019-07-24 15:13:10 +00:00
Haelwenn (lanodan) Monnier f00562ed6b
HttpRequestMock: Add 404s on OStatus fetching for info.pleroma.site 2019-07-14 13:55:41 +02:00
Haelwenn (lanodan) Monnier efa9a13d4e
HttpRequestMock: Add missing mocks for object containment tests 2019-07-14 13:55:41 +02:00
Alexander Strizhakov a237c6a2d4 support for idna domains 2019-07-10 15:23:25 +00:00
Alexander Strizhakov d6b0fce6e9 Fix/1019 correct count remote users 2019-07-09 17:36:35 +00:00