Oneric
0ec62acb9d
Always insert Dedupe upload filter
...
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee
. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.
Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.
While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.
Dedupe was already included in the default list in config.exs
since 28cfb2c37a
, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.
Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
FloatingGhost
6cb40bee26
Migrate to phoenix 1.7 ( #626 )
...
Closes #612
Co-authored-by: tusooa <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/626
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Co-committed-by: FloatingGhost <hannah@coffee-and-dreams.uk>
2023-08-15 10:22:18 +00:00
FloatingGhost
64e233ca20
Tag Mock
-tests as "mocked" and run them seperately
2023-08-04 12:50:50 +01:00
FloatingGhost
98cb255d12
Support elixir1.15
...
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7
.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
2023-08-03 17:44:09 +01:00
floatingghost
8c86a06ed1
Merge pull request 'Remove "default" image description' ( #493 ) from ilja/akkoma:remove_default_image_description into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/493
2023-04-14 16:27:41 +00:00
foxing
3f76de76da
Apply Patch
2023-03-12 19:13:56 +00:00
ilja
6c396fcab4
Remove "default" image description
...
When no image description is filled in, Pleroma allowed fallbacks.
Those were (based on a setting) either the filename, or a fixed description.
Neither are good options for image descriptions imo, so here we remove this.
Note that there's two tests removed who supposedly tested something else.
But examining closer, they didn't seem to test what they claimed to test,
so I removed them rather than try to "fix" them.
2023-03-12 08:42:33 +01:00
FloatingGhost
b058df3faa
Allow dashes in domain name search
2022-12-06 10:57:10 +00:00
floatingghost
d55de5debf
Remerge of hashtag following ( #341 )
...
this time with less idiot
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/341
2022-12-05 12:58:48 +00:00
floatingghost
ec6bf8c3f7
revert 4a94c9a31e
...
revert Add ability to follow hashtags (#336 )
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336
2022-12-04 20:04:09 +00:00
floatingghost
4a94c9a31e
Add ability to follow hashtags ( #336 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336
2022-12-04 17:36:59 +00:00
floatingghost
db60640c5b
Fixing up deletes a bit ( #327 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/327
2022-12-01 15:00:53 +00:00
floatingghost
f36d14818d
Unilateral remove from followers ( #232 )
...
from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3647/
Co-authored-by: marcin mikołajczak <git@mkljczk.pl>
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/232
2022-10-19 10:01:14 +00:00
floatingghost
8e4de118c1
Don't persist local undone follow ( #194 )
...
same deal but backwards this time
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/194
2022-08-31 18:00:36 +00:00
floatingghost
62e179f446
make conversation-id deterministic ( #154 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/154
2022-08-06 20:59:15 +00:00
floatingghost
0ec3a11895
don't persist undo of follows ( #149 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/149
2022-08-05 13:28:56 +00:00
FloatingGhost
0a55c37182
don't error out if the featured collection has a string ID
2022-07-26 15:08:35 +01:00
FloatingGhost
0f132b802d
purge chat and shout endpoints
2022-07-21 11:29:28 +01:00
FloatingGhost
cf0ad02ea9
Remove scrobbling support
2022-07-19 15:07:45 +01:00
floatingghost
5b4d77eaa7
maintenance: dependency upgrade ( #81 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/81
2022-07-18 00:56:35 +00:00
sfr
058bf96798
implement Move activities ( #45 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/45
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-07-04 16:29:39 +00:00
FloatingGhost
0a3a552696
Add support for a first
reference in pinned objects
2022-07-03 17:25:20 +01:00
FloatingGhost
4da9a12bf8
Add test for friendica featured collection
2022-07-03 16:59:12 +01:00
FloatingGhost
db46913dcc
make linter happy
2021-12-06 11:50:51 +00:00
FloatingGhost
cd8bdbc761
Make deactivated user check into a subquery
...
Fixes #2792
2021-12-06 11:44:17 +00:00
Alex Gleason
762be6ce10
Merge remote-tracking branch 'upstream/develop' into block-behavior
2021-04-29 11:14:32 -05:00
Alexander Strizhakov
8f0778166c
moving fixture into mastodon folder
2021-03-25 13:03:41 +03:00
Alexander Strizhakov
3ec1dbd922
Let pins federate
...
- save object ids on pin, instead of activity ids
- pins federation
- removed pinned_activities field from the users table
- activityPub endpoint for user pins
- pulling remote users pins
2021-03-25 13:03:40 +03:00
rinpatch
67bde35e71
Merge branch 'bugfix/bridgy-user-icon' into 'develop'
...
Add support for actor icon being a list (Bridgy)
See merge request pleroma/pleroma!3372
2021-03-19 08:36:26 +00:00
Haelwenn (lanodan) Monnier
b1d4b2b81e
Add support for actor icon being a list (Bridgy)
2021-03-15 06:44:05 +01:00
Ivan Tashkinov
5856f51717
[ #3213 ] ActivityPub hashtags filtering refactoring. Test fix.
2021-03-03 23:09:30 +03:00
Ivan Tashkinov
77f3da0358
[ #3213 ] Misc. tweaks: proper upsert in Hashtag, better feature toggle management.
2021-02-23 13:52:28 +03:00
Ivan Tashkinov
1dac7d1462
[ #3213 ] Fixed hashtags.name
lookup (must use citext
type to do index scan). Fixed embedded hashtags lookup (lowercasing), adjusted tests.
2021-02-15 21:13:14 +03:00
Ivan Tashkinov
d1c6dd97aa
[ #3213 ] Partially addressed code review points.
...
migration rollback task changes, hashtags-related config handling tweaks, `hashtags.data` deletion (unused).
2021-02-07 22:24:12 +03:00
Ivan Tashkinov
cf4765af40
[ #3213 ] ActivityPub: fixed subquery-based hashtags filtering implementation (addressed empty list options issue). Added regression test.
2021-01-31 23:06:38 +03:00
Ivan Tashkinov
1b49b8efe5
Merge remote-tracking branch 'remotes/origin/develop' into feature/object-hashtags-rework
...
# Conflicts:
# CHANGELOG.md
2021-01-31 20:38:58 +03:00
Ivan Tashkinov
6fd4163ab6
[ #3213 ] ActivityPub: implemented subqueries-based hashtags filtering, removed aggregation-based hashtags filtering.
2021-01-31 20:37:33 +03:00
Ivan Tashkinov
380d0cce6b
[ #3213 ] Reinstated DISTINCT clause for hashtag "any" filtering with 2+ terms. Added test.
2021-01-29 00:17:33 +03:00
Mark Felder
e854c35e65
Convert tests to all use clear_config instead of Pleroma.Config.put
2021-01-26 11:58:43 -06:00
Ivan Tashkinov
c041e9c630
[ #3213 ] HashtagsTableMigrator: failures handling fix, retry function.
...
Changed default hashtags filtering strategy to non-aggregate approach.
2021-01-21 20:23:08 +03:00
Ivan Tashkinov
48b399cedb
[ #3213 ] Refactoring of HashtagsTableMigrator. Hashtag timeline performance optimization (auto switch to non-aggregate join strategy when efficient).
2021-01-16 20:22:14 +03:00
Ivan Tashkinov
e350898828
Merge remote-tracking branch 'remotes/origin/develop' into feature/object-hashtags-rework
2021-01-13 22:11:16 +03:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
lain
bd788c0939
ActivtityPub Test: Add example for guppe actor
2021-01-07 16:20:30 +01:00
Alex Gleason
1438fd9583
Merge remote-tracking branch 'upstream/develop' into block-behavior
2021-01-06 15:22:35 -06:00
lain
e1e7e4d379
Object: Rework how Object.normalize works
...
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
Ivan Tashkinov
cbb19d0e18
[ #3213 ] Hashtag-filtering functions in ActivityPub. Mix task for migrating hashtags to hashtags
table.
2020-12-26 22:20:55 +03:00
Ivan Tashkinov
e369b1306b
Added Hashtag entity and objects-hashtags association with auto-sync with data.tag
on Object update.
2020-12-22 22:04:33 +03:00
Egor Kislitsyn
35ba48494f
Stream follow updates
2020-12-02 00:18:58 +04:00
Alexander Strizhakov
e2bf6b1f7e
fix for forwarded reports
2020-11-19 09:53:13 +03:00