Commit graph

67 commits

Author SHA1 Message Date
Oneric 0ec62acb9d Always insert Dedupe upload filter
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
FloatingGhost 64e233ca20 Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
FloatingGhost 98cb255d12 Support elixir1.15
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
sfr 20cd8a0fc4 URL encode remote emoji pack names (#362)
fix #246

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
floatingghost 07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
2022-12-14 12:38:48 +00:00
floatingghost 6b882a2c0b Purge Rejected Follow requests in daily task (#334)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/334
2022-12-03 23:17:43 +00:00
FloatingGhost ee7059c9cf Spin off imports into n oban jobs 2022-11-27 21:45:41 +00:00
Norm 561e1f2470 Make backups require its own scope (#218)
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721.

This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
floatingghost 1b826eea54 Allow reacting with remote emoji when they exist on the post (#200)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/200
2022-09-04 23:31:41 +00:00
floatingghost 11ec9daa5b API compatibility with fedibird, frontend config (#163)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/163
2022-08-17 00:22:59 +00:00
Tusooa Zhu f08241c8ab
Allow users to create backups without providing email address
Ref: backup-without-email
2022-08-02 22:16:54 -04:00
FloatingGhost 0f132b802d purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
floatingghost dc9f66749c remove all endpoints marked as deprecated (#91)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/91
2022-07-20 12:00:58 +00:00
FloatingGhost cf0ad02ea9 Remove scrobbling support 2022-07-19 15:07:45 +01:00
floatingghost 5b4d77eaa7 maintenance: dependency upgrade (#81)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/81
2022-07-18 00:56:35 +00:00
FloatingGhost cac39ef817 Bugfix: standardise scheme for emoji reactions 2022-06-25 15:27:46 +01:00
FloatingGhost c3ed86cd1e fix emoji controller tests 2022-06-11 14:21:50 +01:00
Alex Gleason 5c80d4087d
PleromaAPI.AppView: add test 2021-12-27 18:52:34 -06:00
Alex Gleason f5c3d45120
Merge remote-tracking branch 'origin/develop' into apps-api-endpoint 2021-12-27 18:01:25 -06:00
Haelwenn (lanodan) Monnier a17910a6c6
CI: Bump lint stage to elixir-1.12
Elixir 1.12 changed formatting rules, this allows to avoid having to rollback to run `mix format`
2021-10-06 08:11:05 +02:00
Sean King 33f063204e
Add unit test for Pleroma API app controller 2021-08-28 23:18:12 -06:00
Haelwenn (lanodan) Monnier e4743847a1
OpenAPI: PleromaAPI UserImport Controller 2021-03-15 06:47:07 +01:00
lain 4a9d3a1f28 Merge branch 'features/reports-enhancements' into 'develop'
Enhance reports in Pleroma API: index, show

See merge request pleroma/pleroma!3280
2021-02-28 16:45:15 +00:00
rinpatch 6d66fadea7 Remove :auth, :enforce_oauth_admin_scope_usage
`admin` scope has been required by default for more than a year now
and all apps that use the API seems to request a proper scope by now.
2021-02-17 20:47:38 +03:00
Haelwenn (lanodan) Monnier ff72ce31ca
Enhance reports in Pleroma API: index, show 2021-02-17 18:46:53 +01:00
rinpatch d7ad288c84 Chats: Introduce /api/v2/pleroma/chats which implements pagination
Also removes incorrect claim that /api/v1/pleroma/chats supports
pagination and deprecates it.

Closes #2140
2021-02-17 16:03:24 +03:00
Egor Kislitsyn 793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
Mark Felder e854c35e65 Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
Mark Felder 2c0fe2ea9e Remove toggle_confirmation; require explicit state change
Also cosmetic changes to make the code clearer
2021-01-15 13:11:51 -06:00
Mark Felder d36182c088 Change user.confirmation_pending field to user.is_confirmed 2021-01-15 12:44:41 -06:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain e1a547d7d3 ChatMessages: Fix pagination headers.
They used to contain the path parameter `id` as query param,
which would break the link.
2021-01-11 15:30:40 +01:00
Alex Gleason 3342f6a7ef
Backups: render ID in API 2021-01-07 13:06:22 -06:00
lain e1e7e4d379 Object: Rework how Object.normalize works
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
lain 0ef0aed205 Tests: Add a helper method to reduce sleeping times in test.
This will 'time travel', i.e. change the inserted_at and update_at
fields of the object in question. This is used to backdate things
were we used sleeping before to ensure time differences.
2020-12-21 16:31:23 +01:00
lain 9ba60f70d2 Tests: Make as many tests as possible async.
In general, tests that match these criteria can be made async:

- Doesn't use real Cachex.
- Doesn't write to the Config / Application Environment.
- Uses Mock. Using Mox is fine.
- Uses the streamer.
2020-12-21 12:21:40 +01:00
lain 6bb4f4e172 Merge branch 'support/2255_posix_errors' into 'develop'
[#2255] added error messages for posix error code

See merge request pleroma/pleroma!3138
2020-12-15 15:16:03 +00:00
lain 477c6c8e55 Merge branch 'auth-improvements' into 'develop'
Cookie auth rework / Auth subsystem refactoring and tweaks

Closes pleroma/secteam/pleroma#3

See merge request pleroma/pleroma!3112
2020-12-09 15:55:45 +00:00
Ivan Tashkinov e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Egor Kislitsyn 35ba48494f
Stream follow updates 2020-12-02 00:18:58 +04:00
feld cd1b4155d5 Merge branch 'oban-jobs-to-simple-tasks' into 'develop'
Moving some background jobs into simple tasks

Closes #1790

See merge request pleroma/pleroma!3129
2020-11-19 20:32:32 +00:00
Maksim Pechnikov 9c5d1cb9ed fix tests 2020-11-18 09:58:51 +03:00
Maksim Pechnikov e4b202d905 added test 2020-11-16 22:23:28 +03:00
Egor Kislitsyn fb41bd1a85 Hide reactions from muted and blocked users 2020-11-16 22:50:14 +04:00
Maksim Pechnikov e1d25bad0c fix tests 2020-11-16 21:45:37 +03:00
Maksim Pechnikov 36ec604521 added test 2020-11-14 08:30:22 +03:00
Alexander Strizhakov 8d218ebaf5
Moving some background jobs into simple tasks
- fetching activity data
- attachment prefetching
- using limiter to prevent overload
2020-11-11 13:39:49 +03:00
lain 504a829edb Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/federation-status 2020-11-04 15:38:10 +01:00
Egor Kislitsyn ca95cbe0b4
Add with_muted param to ChatController.index/2 2020-11-04 16:40:12 +04:00
Egor Kislitsyn be52819a11
Hide chats from muted users 2020-11-02 17:51:54 +04:00