Commit graph

43 commits

Author SHA1 Message Date
Alex Gleason a953b1d927 Prevent spoofing webfinger 2024-05-22 19:08:37 +01:00
Floatingghost 18442dcc7e Fix quote test 2024-04-13 23:05:52 +01:00
Oneric 8684964c5d Only allow exact id matches
This protects us from falling for obvious spoofs as from the current
upload exploit (unfortunately we can’t reasonably do anything about
spoofs with exact matches as was possible via emoji and proxy).

Such objects being invalid is supported by the spec, sepcifically
sections 3.1 and 3.2: https://www.w3.org/TR/activitypub/#obj-id

Anonymous objects are not relevant here (they can only exists within
parent objects iiuc) and neither is client-to-server or transient objects
(as those cannot be fetched in the first place).
This leaves us with the requirement for `id` to (a) exist and
(b) be a publicly dereferencable URI from the originating server.
This alone does not yet demand strict equivalence, but the spec then
further explains objects ought to be fetchable _via their ID_.
Meaning an object not retrievable via its ID, is invalid.

This reading is supported by the fact, e.g. GoToSocial (recently) and
Mastodon (for 6+ years) do already implement such strict ID checks,
additionally proving this doesn’t cause federation issues in practice.

However, apart from canonical IDs there can also be additional display
URLs. *omas first redirect those to their canonical location, but *keys
and Mastodon directly serve the AP representation without redirects.

Mastodon and GTS deal with this in two different ways,
but both constitute an effective countermeasure:
 - Mastodon:
   Unless it already is a known AP id, two fetches occur.
   The first fetch just reads the `id` property and then refetches from
   the id. The last fetch requires the returned id to exactly match the
   URL the content was fetched from. (This can be optimised by skipping
   the second fetch if it already matches)
   05eda8d193/app/helpers/jsonld_helper.rb (L168)
   63f0979799

 - GTS:
   Only does a single fetch and then checks if _either_ the id
   _or_ url property (which can be an object) match the original fetch
   URL. This relies on implementations always including their display URL
   as "url" if differing from the id. For actors this is true for all
   investigated implementations, for posts only Mastodon includes an
   "url", but it is also the only one with a differing display URL.
   2bafd7daf5 (diff-943bbb02c8ac74ac5dc5d20807e561dcdfaebdc3b62b10730f643a20ac23c24fR222)

Albeit Mastodon’s refetch offers higher compatibility with theoretical
implmentations using either multiple different display URL or not
denoting any of them as "url" at all, for now we chose to adopt a
GTS-like refetch-free approach to avoid additional implementation
concerns wrt to whether redirects should be allowed when fetching a
canonical AP id and potential for accidentally loosening some checks
(e.g. cross-domain refetches) for one of the fetches.
This may be reconsidered in the future.
2024-03-25 14:05:05 -01:00
Oneric f07eb4cb55 Sanity check fetched user data
In order to properly process incoming notes we need
to be able to map the key id back to an actor.
Also, check collections actually belong to the same server.

Key ids of Hubzilla and Bridgy samples were updated to what
modern versions of those output. If anything still uses the
old format, we would not be able to verify their posts anyway.
2024-03-25 14:05:05 -01:00
Hélène 3227ebf1e1 CommonFixes: more predictable context generation
`context` fields for objects and activities can now be generated based
on the object/activity `inReplyTo` field or its ActivityPub ID, as a
fallback method in cases where `context` fields are missing for incoming
activities and objects.
2023-06-14 16:22:26 +00:00
Hélène c1e15ff6f8 Transmogrifier: fix reply context fixing
Incoming Pleroma replies to a Misskey thread were rejected due to a
broken context fix, which caused them to not be visible until a
non-Pleroma user interacted with the replies.

This fix properly sets the post-fix object context to its parent Create
activity as well, if it was changed.
2022-08-04 12:57:48 +01:00
Joel Beckmeyer e26388a01c Support reaching user@sub.domain.tld at user@domain.tld (#134)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/134
Co-authored-by: Joel Beckmeyer <joel@beckmeyer.us>
Co-committed-by: Joel Beckmeyer <joel@beckmeyer.us>
2022-08-02 13:54:22 +00:00
sfr 058bf96798 implement Move activities (#45)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/45
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-07-04 16:29:39 +00:00
Haelwenn (lanodan) Monnier eb7313b0d3
Pipeline Ingestion: Page 2021-06-04 20:06:33 +02:00
rinpatch d3660b24d3 Copy emoji in the subject from parent post
Sometimes people put emoji in the subject, which results in the subject
looking broken if someone replies to it from a server that does not
have the said emoji under the same shortcode. This patch solves the problem
by extending the emoji set available in the summary to that of the parent
post.
2021-03-22 21:20:47 +03:00
Alexander Strizhakov d7e51206a2
respect content-type header in finger request 2021-03-19 18:53:55 +03:00
stwf 41939e3175 User search respect discoverable flag 2020-09-17 12:15:50 -04:00
Haelwenn (lanodan) Monnier 1b3d5956b1
Pipeline Ingestion: Article 2020-09-11 01:40:20 +02:00
Haelwenn (lanodan) Monnier 846b59ccb0
Pipeline Ingestion: Video 2020-09-11 01:39:39 +02:00
Haelwenn (lanodan) Monnier 921f926e96
Remove OStatus in testsuite 2020-09-08 18:43:57 +02:00
lain c1d51944c7 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into frontend-bundles-downloads 2020-08-25 11:44:51 +02:00
Haelwenn (lanodan) Monnier 5316e231b0
Pipeline Ingestion: Audio (Part 2) 2020-08-19 00:06:31 +02:00
lain 50d5bdfd31 Mix Task Frontend test: Expand. 2020-08-07 16:03:06 +02:00
lain d97b76104e Mix Task Frontend: Add tests. 2020-08-07 15:10:34 +02:00
Haelwenn (lanodan) Monnier c19bdc811e
Fix attachments in polls 2020-07-15 12:32:42 +02:00
lain b39eb6ecc5 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into chat-federation-information 2020-07-10 12:26:53 +02:00
Haelwenn (lanodan) Monnier 6a679d80c9
Move get_favicon to Pleroma.Instances, use / 2020-07-08 06:28:39 +02:00
Haelwenn (lanodan) Monnier fbb9743a70
Fix getting videos from peertube 2020-07-07 09:38:38 +02:00
lain 208baf157a ActivityPub: Add new 'capabilities' to user. 2020-07-06 11:38:40 +02:00
lain 5c0bf4c472 ActivityPub: Ingest information about chat acceptance. 2020-07-03 13:58:34 +02:00
lain 8ae572d5ae Fixtures: Pretty print. 2020-07-01 11:47:45 +02:00
Maksim Pechnikov ea5142b94b convert markdown content to html 2020-04-28 09:32:43 +03:00
Maksim Pechnikov c5c09fc61b fix mediaType of object 2020-04-13 07:02:57 +03:00
Haelwenn (lanodan) Monnier 863ec33ba2
Add support for funkwhale Audio activity
reel2bits fixture not included as it lacks the Actor fixture for it.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1624
Closes: https://git.pleroma.social/pleroma/pleroma/issues/764
2020-03-11 13:46:42 +01:00
Thomas Citharel d2f1c4f658
Add ActivityPub Object Event type support
Adds Event support in the same way Video objects are handled, with the
name of the object as message header.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-12-17 16:16:21 +01:00
Egor Kislitsyn b777083f3f
Add also_known_as field to Pleroma.User 2019-10-25 19:14:18 +07:00
Ariadne Conill c9280b9730 rework to use properties instead of compound typing, per SocialCG 2019-10-19 23:21:37 +00:00
Ariadne Conill ef659331b0 implement invisible support for remote users 2019-10-19 23:21:37 +00:00
Ariadne Conill dbfdb1f6e3 add some missing tesla fixtures 2019-10-18 14:50:10 +00:00
Steven Fuchs dc6d20b68d provide mocks for webfinger endpoints 2019-10-09 16:32:28 +00:00
rinpatch 7ef575d11e Initial poll refresh support
Implement refreshing the object with an interval and call the function
when getting the poll.
2019-09-18 18:13:21 +03:00
rinpatch b312ca3d52 Mastodon API Poll view: Fix handling of polls without an end date 2019-09-05 12:03:39 +03:00
lain 3da65292b3 Transmogrifier: Fix follow handling when the actor is an object. 2019-08-26 14:34:52 -05:00
Egor Kislitsyn 5178f960c3 Support user attachment update in Transmogrifier 2019-08-14 14:52:54 +07:00
kaniini 19835be067 Merge branch 'fix-remote-follow-from-ostatus-subscribe' into 'develop'
Fix remote follow from /ostatus_subscribe

Closes #1103

See merge request pleroma/pleroma!1472
2019-07-24 19:29:01 +00:00
Sergey Suprunenko b20020da16 Show the url advertised in the Activity in the Status JSON response 2019-07-24 19:28:21 +00:00
kPherox 8d9f43e1d1
Add WebFinger test for AP-only account 2019-07-25 01:27:34 +09:00
Egor Kislitsyn 11143c542a Remove httpoison from dependencies 2019-07-03 14:42:24 +07:00