Commit graph

205 commits

Author SHA1 Message Date
Oneric 9a91299f96 Don't try to handle non-media objects as media
Trying to display non-media as media crashed the renderer,
but when posting a status with a valid, non-media object id
the post was still created, but then crashed e.g. timeline rendering.
It also crashed C2S inbox reads, so this could not be used to leak
private posts.
2024-05-22 20:30:23 +02:00
Oneric 0c2b33458d Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)

Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.

E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:

  17.465.096  at  t0
  17.472.673  at  t1 = t0 + 4h
  17.473.248  at  t2 = t1 + 20min

This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.

Thus restrict media usage to owners.

Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.

Independently discovered and fixed by mint in Pleroma
1afde067b1
2024-05-22 20:30:18 +02:00
Oneric 94e9c8f48a Purge unused media description update on post
In MastoAPI media descriptions are updated via the
media update API not upon post creation or post update.

This functionality was originally added about 6 years ago in
ba93396649 which was part of
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/626 and
https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/450.
They introduced image descriptions to the front- and backend,
but predate adoption of Mastodon API.

For a while adding an `descriptions` array on post creation might have
continued to work as an undocumented Pleroma extension to Masto API, but
at latest when OpenAPI specs were added for those endpoints four years
ago in 7803a85d2c, these codepaths ceased
to be used. The API specs don’t list a `descriptions` parameter and
any unknown parameters are stripped out.

The attachments_from_ids function is only called from
ScheduledActivity and ActivityDraft.create with the latter
only being called by CommonAPI.{post,update} whihc in turn
are only called from ScheduledActivity again, MastoAPI controller
and without any attachment or description parameter WelcomeMessage.
Therefore no codepath can contain a descriptions parameter.
2024-05-22 20:18:08 +02:00
FloatingGhost 98cb255d12 Support elixir1.15
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
tusooa 3095251e6c Dedupe poll options 2023-06-14 22:45:19 +00:00
ilja b4952a81fe Interpret \n as newline for MFM
Markdown doesn't generally consider `\n` a newline,
but Misskey does for MFM.

Now we do to for MFM (and not for Markdown) :)
2023-02-18 19:56:11 +01:00
darkkirb a8cd859ef9 Use actual ISO8601 timestamps for masto API (#425)
Some users post posts with spoofed timestamp, and some clients will have issues with certain dates. Tusky for example crashes if the date is any sooner than 1 BCE (“year zero” in the representation).

I limited the range of what is considered a valid date to be somewhere between the years 1583 and 9999 (inclusive).

The numbers have been chosen because:

- ISO 8601 only allows years before 1583 with “mutual agreement”
- Years after 9999 could cause issues with certain clients as well

Co-authored-by: Charlotte 🦝 Delenk <lotte@chir.rs>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/425
Co-authored-by: darkkirb <lotte@chir.rs>
Co-committed-by: darkkirb <lotte@chir.rs>
2023-01-09 22:12:28 +00:00
ilja 745e15468e Use same context for quote posts as the post that's being quoted (#379)
See https://akkoma.dev/AkkomaGang/akkoma/pulls/350#issuecomment-6109

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
floatingghost 9be6caf125 argon2 password hashing (#406)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/406
2022-12-30 02:46:58 +00:00
floatingghost 2641dcdd15 Post editing (#202)
Rebased from #103

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/202
2022-09-06 19:24:02 +00:00
floatingghost e9f1897cfd parser MFM server-side (#172)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/172
2022-08-18 03:14:48 +00:00
floatingghost 62e179f446 make conversation-id deterministic (#154)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/154
2022-08-06 20:59:15 +00:00
floatingghost 19a27ff006 allow small/center tags in misskeymarkdown (#132)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/132
2022-08-01 12:46:52 +00:00
floatingghost 5ad256f170 [#58] pre-link MFM content (#59)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/59
2022-07-10 17:06:25 +00:00
FloatingGhost 4fb2251221 Allow authoring MFM 2022-06-14 15:56:12 +01:00
Haelwenn 773708cfe8 Merge branch 'builder-note' into 'develop'
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1

See merge request pleroma/pleroma!3511
2021-08-14 18:32:40 +00:00
Alex Gleason a2eacfc525
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1 2021-08-14 11:01:06 -05:00
Haelwenn (lanodan) Monnier 436fac3bac
maybe_notify_subscribers: Don't create notifications from ingested messages 2021-08-11 20:49:38 +02:00
Alex Gleason b99f60615c Fix order of Pleroma.Web.Utils.Params aliases 2021-06-08 12:50:47 -05:00
Alex Gleason ec65b7ae29 Pleroma.Web.Params --> Pleroma.Web.Utils.Params 2021-06-08 12:50:47 -05:00
Alex Gleason 0877b120c3 Pleroma.Web.ControllerHelper.truthy_param?/1 --> Pleroma.Web.Params.truthy_param?/1
Breaks cycle in lib/pleroma/web/api_spec/operations/status_operation.ex
2021-06-08 12:50:47 -05:00
Alex Gleason c435de426d
Merge remote-tracking branch 'pleroma/develop' into cycles-constants 2021-06-01 11:33:11 -05:00
Alex Gleason 10dfe81479
Pleroma.Constants.as_local_public/0 --> Pleroma.Web.ActivityPub.Utils.as_local_public/0
Move as_local_public/0 to stop making modules depend on Web at compile-time
2021-05-31 13:39:15 -05:00
Alex Gleason 52fc59f125
Merge remote-tracking branch 'upstream/develop' into earmark 2021-04-30 13:17:03 -05:00
Alex Gleason 6727a3659f
Remove Pleroma.Formatter.minify/2 2021-04-30 12:27:06 -05:00
Haelwenn (lanodan) Monnier 3bc7d12271
Remove sensitive-property setting #nsfw, create HashtagPolicy 2021-02-27 21:26:17 +01:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain e1e7e4d379 Object: Rework how Object.normalize works
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
Haelwenn 3966add048 Revert "Merge branch 'features/hashtag-column' into 'develop'"
This reverts merge request !2824
2020-12-28 12:02:16 +00:00
Haelwenn (lanodan) Monnier acb03d591b
Insert text representation of hashtags into object["hashtags"]
Includes a new mix task: pleroma.database fill_old_hashtags
2020-12-22 05:15:34 +01:00
Alex Gleason f8c93246d6 Refactor Earmark code, fix tests 2020-12-11 17:22:42 -06:00
Alex Gleason e9e17e5df3 Upgrade Earmark to v1.4.10 2020-12-11 17:22:17 -06:00
Egor Kislitsyn af3f00292c
Fix formatting 2020-11-11 19:12:46 +04:00
Egor Kislitsyn 0118ccb53c
Add local visibility 2020-11-11 18:54:01 +04:00
minibikini 1bfd8528bb Merge branch 'develop' into 'feature/local-only-scope'
# Conflicts:
#   CHANGELOG.md
2020-10-27 18:59:19 +00:00
Egor Kislitsyn 2a475622ee
Add Pleroma.Constants.as_local_public/0 2020-10-15 19:07:00 +04:00
Egor Kislitsyn 4f79bbbc31
Add local-only statuses 2020-10-15 18:37:44 +04:00
Mark Felder 64553ebae2 Merge branch 'develop' into chore/elixir-1.11 2020-10-13 09:54:53 -05:00
Alexander Strizhakov 9f4fe5485b
alias alphabetically order 2020-10-13 16:43:59 +03:00
Alexander Strizhakov c497558d43
AuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Mark Felder 636c00037d Fix duplicate @doc entries 2020-10-07 09:58:45 -05:00
Haelwenn (lanodan) Monnier 82895a4012
SideEffects: port ones from ActivityPub.do_create and ActivityPub.insert 2020-07-15 11:40:23 +02:00
Mark Felder d23804f191 Use the Pleroma.Config alias 2020-07-09 10:53:51 -05:00
lain ee35bb5ac2 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms 2020-05-25 13:57:27 +02:00
rinpatch 7bc2ec0aa2 Merge branch 'mastodon-migration-compat' into 'develop'
Add compatibility routes for converted mastodon instances

Closes #1797

See merge request pleroma/pleroma!2572
2020-05-24 19:05:57 +00:00
Roman Chvanikov 5d60b25e69 Apply suggestion to lib/pleroma/web/common_api/utils.ex 2020-05-22 15:44:10 +00:00
Roman Chvanikov cc82229ba7 Add filename_display_max_length config 2020-05-22 18:19:25 +03:00
lain 355aa3bdc7 ActivityPubController: Add Mastodon activity compat route. 2020-05-22 17:06:12 +02:00
lain eb5f428565 CommonAPI: Change public->private implicit addressing.
This will not add the OP to the `to` field anymore when going from
public to private.
2020-05-20 13:38:47 +02:00
lain 3cff4e24cd Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms 2020-05-13 12:44:16 +02:00