William Pitcock
|
f6be980f4f
|
activitypub: object view: avoid leaking private details
|
2018-11-17 22:30:53 +00:00 |
lambda
|
b471344b63
|
Merge branch 'bugfix/notice-urls-should-return-objects' into 'develop'
ostatus controller: respond with AS2 objects instead of activities to notice URIs
Closes #289 and #383
See merge request pleroma/pleroma!462
|
2018-11-17 22:20:08 +00:00 |
William Pitcock
|
98795172a7
|
ostatus controller: respond with AS2 objects instead of activities to notice URIs
|
2018-11-17 22:10:15 +00:00 |
lambda
|
d73c7cc0ca
|
Merge branch 'security/spoofing-hardening' into 'develop'
security: spoofing hardening
Closes #380, #381, and #382
See merge request pleroma/pleroma!461
|
2018-11-17 21:52:51 +00:00 |
William Pitcock
|
e10f839e9b
|
tests: federator: fix formatting
|
2018-11-17 21:41:08 +00:00 |
William Pitcock
|
dfcfb184b1
|
activitypub: transmogrifier: make deletes secure
|
2018-11-17 21:22:57 +00:00 |
Haelwenn (lanodan) Monnier
|
52681f7fd0
|
Web.AdminAPI.AdminAPIControllerTest: New Test
|
2018-11-17 22:12:14 +01:00 |
Haelwenn (lanodan) Monnier
|
0ca00b3a07
|
Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit
|
2018-11-17 22:12:14 +01:00 |
Haelwenn (lanodan) Monnier
|
76bd80d462
|
test/plugs/user_is_admin_plug_test: New test
|
2018-11-17 22:12:13 +01:00 |
Haelwenn (lanodan) Monnier
|
44b6200103
|
lib/mix/tasks/relay*: Use a with block
|
2018-11-17 22:12:13 +01:00 |
Haelwenn (lanodan) Monnier
|
12ccf0c4f8
|
Change Relay from `status` to `{status, message}`
|
2018-11-17 22:12:13 +01:00 |
Haelwenn (lanodan) Monnier
|
4634d99d0d
|
Web.Router: Change right to permission group (except for function names)
|
2018-11-17 22:12:13 +01:00 |
William Pitcock
|
b1a6e8d80d
|
test: add sanity tests for federator handling of AP docs
|
2018-11-17 21:01:19 +00:00 |
William Pitcock
|
0d1375f274
|
federator: return :ok or :error depending on if an AP doc was accepted or not
|
2018-11-17 21:00:37 +00:00 |
William Pitcock
|
3d9266a8cb
|
federator: do origin containment when processing inbound messages
|
2018-11-17 20:43:43 +00:00 |
William Pitcock
|
55640c4804
|
tests: add a test to verify the general fake direction protection works in all cases
|
2018-11-17 20:31:20 +00:00 |
William Pitcock
|
dc1d8e13b4
|
tests: add a testcase for user collision
|
2018-11-17 20:20:45 +00:00 |
William Pitcock
|
c88533209c
|
activitypub: user fetching: use fetch_and_contain_remote_object_from_id()
|
2018-11-17 20:16:03 +00:00 |
William Pitcock
|
1a940cb46e
|
tests: add tests for contain_origin_from_id()
|
2018-11-17 20:16:03 +00:00 |
William Pitcock
|
daa8ec3d62
|
activitypub: factor out AP object fetching to it's own function and add ID-based containment
|
2018-11-17 20:15:59 +00:00 |
Haelwenn (lanodan) Monnier
|
e0b0fde713
|
Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names)
|
2018-11-17 20:25:57 +01:00 |
Haelwenn (lanodan) Monnier
|
1a31d71187
|
lib/mix/tasks/relay_{un,}follow.ex: Use a with block
|
2018-11-17 20:25:57 +01:00 |
Haelwenn (lanodan) Monnier
|
ccd6b1956d
|
lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow
|
2018-11-17 20:25:56 +01:00 |
Haelwenn (lanodan) Monnier
|
7fbfd2db96
|
lib/mix/tasks/relay_{un,}follow.ex: Support status reply of Relay.{un,}follow
|
2018-11-17 20:25:56 +01:00 |
Haelwenn (lanodan) Monnier
|
265c8c5209
|
Pleroma.Web.ActivityPub.Relay: make {un,}follow return :ok only if it worked, :error if it didn’t
|
2018-11-17 20:25:56 +01:00 |
Haelwenn (lanodan) Monnier
|
4a79b89dba
|
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.”
|
2018-11-17 20:25:56 +01:00 |
Haelwenn (lanodan) Monnier
|
f9d05902fe
|
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves
|
2018-11-17 20:25:56 +01:00 |
Haelwenn (lanodan) Monnier
|
a87ed2fad6
|
Pleroma.Web.AdminAPI.AdminAPIController: user_create statement format
|
2018-11-17 20:25:55 +01:00 |
Haelwenn (lanodan) Monnier
|
f48062488e
|
Add get endpoints for rights [AdminAPI]
|
2018-11-17 20:25:55 +01:00 |
Haelwenn (lanodan) Monnier
|
59ce7fedce
|
Fix connection returns make generic right endpoint [AdminAPI]
|
2018-11-17 20:25:55 +01:00 |
Haelwenn (lanodan) Monnier
|
c5a2bd6a65
|
admin_api_controller.ex: fix remaining params at once
|
2018-11-17 20:25:54 +01:00 |
Haelwenn (lanodan) Monnier
|
95b107b6cc
|
admin_api_controller.ex: Add documentation, fix get_invite_token
|
2018-11-17 20:25:54 +01:00 |
Haelwenn (lanodan) Monnier
|
578a911737
|
admin_api_controller.ex: get_password_reset: fix params and response
|
2018-11-17 20:25:54 +01:00 |
Haelwenn (lanodan) Monnier
|
5732eef16b
|
lib/pleroma/web/admin_api/admin_api_controller.ex: Pleroma.Web.AdminAPI.Controller → Pleroma.Web.AdminAPI.AdminAPIController
|
2018-11-17 20:25:53 +01:00 |
Haelwenn (lanodan) Monnier
|
c8b8f1d32c
|
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting
|
2018-11-17 20:25:53 +01:00 |
Haelwenn (lanodan) Monnier
|
011a2e36b1
|
lib/mix/tasks/make_admin.ex: New task
|
2018-11-17 20:25:53 +01:00 |
Haelwenn (lanodan) Monnier
|
7076d45cb6
|
lib/pleroma/plugs/user_is_admin_plug.ex: Create
|
2018-11-17 20:25:52 +01:00 |
Haelwenn (lanodan) Monnier
|
77d2fd54dd
|
admin_api_controller: Have some basic code
|
2018-11-17 20:25:52 +01:00 |
Haelwenn (lanodan) Monnier
|
ee2e1328ad
|
admin_api_controller.ex: Create
|
2018-11-17 20:25:52 +01:00 |
lambda
|
a960983815
|
Merge branch 'security/actor-containment' into 'develop'
security hotfix: actor containment
See merge request pleroma/pleroma!460
|
2018-11-17 18:33:09 +00:00 |
William Pitcock
|
b483ae0a72
|
tests: add a second spoofing variant
|
2018-11-17 18:25:32 +00:00 |
William Pitcock
|
603fccf175
|
activitypub: fetch_object_from_id(): prefer `actor` over `attributedTo` to avoid spoofing
|
2018-11-17 18:17:17 +00:00 |
William Pitcock
|
9c8adfb6ef
|
test: fix more test defects
|
2018-11-17 18:16:55 +00:00 |
William Pitcock
|
d9cb081f07
|
tests: add additional spoofing tests
|
2018-11-17 18:12:11 +00:00 |
William Pitcock
|
2ab8e28728
|
transmogrifier tests: fix defective spoofing test
|
2018-11-17 18:11:46 +00:00 |
William Pitcock
|
010fcb73d7
|
test: httpoison mock: add second spoofing activity test
|
2018-11-17 18:11:17 +00:00 |
kaniini
|
05967472f2
|
Merge branch 'feature/uploader-mdii' into 'develop'
Feature / MDII Uploader
See merge request pleroma/pleroma!454
|
2018-11-17 16:41:09 +00:00 |
hakabahitoyo
|
59e079f641
|
fallbacking into local uploader
|
2018-11-17 20:16:25 +09:00 |
hakabahitoyo
|
8fd0556c78
|
better config reading
|
2018-11-17 18:14:42 +09:00 |
kaniini
|
e4f57f89de
|
Merge branch 'bugfix/dm-timeline-scope' into 'develop'
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
See merge request pleroma/pleroma!457
|
2018-11-16 23:34:43 +00:00 |