feld
61e4be396f
Merge branch 'drop-unknown-deletes' into 'develop'
...
Drop unwanted activities from unknown actors
See merge request pleroma/pleroma!4236
2024-09-01 18:08:07 +00:00
Mark Felder
751d63d4bb
Support OAuth App updating the website URL
2024-09-01 13:55:45 -04:00
Mark Felder
5a1144208d
Prevent OAuth App flow from creating duplicate entries
2024-09-01 12:27:16 -04:00
Mark Felder
4ae17c6294
NodeInfo: Accept application/activity+json requests
2024-08-30 15:25:21 -04:00
Mark Felder
11ee94ae17
InboxGuardPlug: Add early rejection of unknown activity types
2024-08-30 10:05:09 -04:00
Mark Felder
e38f5f1a81
Add recognized activity types to a constant and use it in the test
2024-08-30 09:47:45 -04:00
feld
5205e846eb
Update allowed activity types from strangers
...
Move is emitted from the old account
EmojiReact is ~ Like
Announced TBD
2024-08-30 09:30:33 -04:00
Mark Felder
990b2058df
Remove unnecessary error match in ReceiverWorker
2024-08-29 16:05:40 -04:00
Mark Felder
e2cdae2c88
Change relay inbox response when not federating to a 403 for consistency
2024-08-29 16:05:40 -04:00
Mark Felder
16a9b34876
Convert to an Plug called InboxGuard
2024-08-29 16:05:36 -04:00
Mark Felder
06deacd58e
Formatting
2024-08-29 11:59:42 -04:00
feld
27fcc42171
Use Pleroma.Object.Containment.get_actor/1 to reliably find the actor of an incoming activity or object
2024-08-29 11:59:42 -04:00
Mark Felder
1c394dd18c
Move the check to the inbox
2024-08-29 11:59:42 -04:00
Mark Felder
4bc6f334f4
Revert unintentional change
2024-08-29 11:59:42 -04:00
Mark Felder
ceffb8a891
Drop incoming Delete activities from unknown actors
2024-08-29 11:59:42 -04:00
feld
62856ab18f
Merge branch 'todo-fixes' into 'develop'
...
Clean up Elixir 1.13 TODOs
See merge request pleroma/pleroma!4233
2024-08-29 15:27:53 +00:00
Mark Felder
b5814dc9b3
Merge remote-tracking branch 'origin/develop' into todo-fixes
2024-08-29 11:01:02 -04:00
feld
8d07034608
Merge branch 'pleroma-http-stream' into 'develop'
...
Pleroma.HTTP: support streaming response bodies
See merge request pleroma/pleroma!4239
2024-08-29 14:54:01 +00:00
Mark Felder
c17a78c55a
Rich Media: add stream byte counting as an extra protection against malicious URLs
2024-08-29 09:37:11 -04:00
Mark Felder
8ab4dd20df
Update comments, remove solved TODO
2024-08-28 19:52:29 -04:00
Mark Felder
0bf82a1745
Add an AdapterHelper for Finch so we can support streaming request bodies
2024-08-28 19:50:51 -04:00
Mark Felder
1821ef4f15
Move user active check into Federator.perform/1
2024-08-28 18:35:09 -04:00
Mark Felder
8a3efa7152
More error annotations
2024-08-28 18:02:35 -04:00
Mark Felder
c5ca806aa0
Add back one of the duplicate checks to fix a test, document where it comes from
2024-08-28 17:57:34 -04:00
Mark Felder
380a6a6df3
:validate_object is not a real error returned from anywhere
2024-08-28 17:45:31 -04:00
Mark Felder
2346807ac9
Annotate error cases
2024-08-28 17:44:33 -04:00
Mark Felder
6ae629cfe0
Cancel ReceiverWorker jobs if the user account has been disabled / deactivated
2024-08-28 17:24:59 -04:00
Mark Felder
fc450fdefc
ReceiverWorker: cancel job if user fetch is forbidden
...
An instance block with authenticated fetch being required can cause this as we couldn't get the user to find their public key to verify the signature. Commonly observed if someone boosts/Announces a post from an instance that blocked you.
2024-08-28 15:45:16 -04:00
Mark Felder
0804b73c0a
This error is not returned by Tesla
...
Upstream has a bug filed for this as they aren't handling this error internally, so it was raising
2024-08-27 22:08:31 -04:00
Mark Felder
44901502ff
Fix incorrect identifier for the with statement
2024-08-27 21:56:02 -04:00
Mark Felder
116fe77b77
Tesla.Middleware.Timeout breaks streaming bodies
...
These are executed by Oban now and Oban can enforce the timeout if the regular HTTP timeout is not sufficient.
2024-08-27 21:55:07 -04:00
Mark Felder
0a86d2b3ac
Handle streaming response errors
2024-08-27 21:22:59 -04:00
Mark Felder
ec8db9d4ee
RichMedia: skip the HTTP HEAD request for adapters that support streaming the response body
2024-08-27 21:09:15 -04:00
Mark Felder
bb279c2802
Pleroma.HTTP add AdapterHelper.can_stream? to assist with discovering if the current adapter supports returning a Stream body
2024-08-27 21:08:25 -04:00
Mark Felder
5f6506d864
Pleroma.HTTP: option stream: true will return a stream as the body for Gun adapter
2024-08-27 20:39:32 -04:00
Mark Felder
39108c5f12
Remove unnecessary re-fetch of the actor
2024-08-22 13:43:01 -04:00
Mark Felder
a9aa810d3d
Change imports to generate an Oban job per each task
2024-08-22 13:24:07 -04:00
Mark Felder
649e51b581
Fix Oban jobs for imports
2024-08-22 11:35:55 -04:00
Mark Felder
e65555e8c5
Remove workaround for URI.merge bug on nil fields before Elixir 1.13
...
https://github.com/elixir-lang/elixir/issues/10771
2024-08-21 15:11:42 -04:00
Mark Felder
010edcbcb5
Use Map.filter now that minimum Elixir version is 1.13
2024-08-21 14:50:19 -04:00
feld
08a444f6c3
Merge branch 'reachability' into 'develop'
...
Fix reachability based on results of publishing attempts
See merge request pleroma/pleroma!4231
2024-08-19 16:49:08 +00:00
Mark Felder
1b8141b506
Address case where instance reachability status couldn't be updated
2024-08-19 11:12:28 -04:00
Mark Felder
089fa4d146
Improve Remote Object Fetcher error handling, Oban
2024-08-17 20:42:33 -04:00
marcin mikołajczak
3498662712
Move new fields to pleroma object
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 19:59:39 +02:00
marcin mikołajczak
c802f3b7f6
Validate media description length
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 19:58:32 +02:00
marcin mikołajczak
855c5a234f
Update docs
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 17:06:39 +02:00
marcin mikołajczak
681765669c
Add test for avatar description
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 17:02:44 +02:00
marcin mikołajczak
71ef9f9519
Allow providing avatar/header descriptions
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-17 16:36:27 +02:00
feld
fcf9ad5573
Merge branch 'bugfix-truncate-remote-user-fields' into 'develop'
...
User: truncate remote user fields instead of rejecting
See merge request pleroma/pleroma!4220
2024-08-16 00:37:10 +00:00
marcin mikołajczak
8cd8cea3fb
Fix 'Setting a marker should mark notifications as read'
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-14 19:28:11 +02:00
Haelwenn (lanodan) Monnier
3b1e6ac8f0
User: truncate remote user fields instead of rejecting
2024-08-14 18:09:13 +02:00
feld
5174c29d4c
Merge branch 'fix-random-test-errors' into 'develop'
...
Fix random test failures, revert auto-retry failed tests
See merge request pleroma/pleroma!4221
2024-08-13 20:16:09 +00:00
Mark Felder
b281ad06de
Revert "Custom mix task to retry failed tests once in CI pipeline"
...
This reverts commit ed2976b237
.
2024-08-13 15:49:04 -04:00
Mark Felder
2ba5ad8eb5
MRF cleanup
...
MRFs written over time have been inconsistent with the terminology of what is being processed. MRFs work on Activities, but generally we always named the assignments "message" or "object" which is really confusing when trying to debug or write tests.
2024-08-13 14:22:41 -04:00
Mark Felder
b0c64945c2
MRF.FODirectReply: use Visibility module to verify the scope
2024-08-12 20:18:02 -04:00
feld
4e7928c985
Merge branch 'followers-only-reply-direct-mrf' into 'develop'
...
MRF.FODirectReply
See merge request pleroma/pleroma!4091
2024-08-12 21:46:45 +00:00
feld
f87aa8b83c
Merge branch 'deprecate-subscribe' into 'develop'
...
Mark `/api/v1/pleroma/accounts/:id/subscribe`/`unsubscribe` as deprecated
See merge request pleroma/pleroma!4216
2024-08-12 21:27:12 +00:00
Mark Felder
488c4b8b98
MRF.FODirectReply
...
Force replies to followers-only posts to always be direct
2024-08-12 17:06:29 -04:00
feld
c29441f30d
Merge branch 'mrf-quietreply' into 'develop'
...
MRF.QuietReply
See merge request pleroma/pleroma!4213
2024-08-12 20:25:19 +00:00
Mark Felder
471f5c81fd
Add module documentation
2024-08-12 16:07:45 -04:00
marcin mikołajczak
34715b8581
remove unused alias
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-12 13:38:33 +02:00
marcin mikołajczak
c1c0f0b144
Mark /api/v1/pleroma/accounts/:id/subscribe
/unsubscribe
as deprecated
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-12 12:38:51 +02:00
marcin mikołajczak
6e53e94bda
Remove stub for /api/v1/accounts/:id/identity_proofs (deprecated by Mastodon 3.5.0)
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-12 12:23:38 +02:00
Mark Felder
5a134a46f7
We must change to/cc in the activity and inner object
2024-08-08 15:23:59 -04:00
Mark Felder
a0af6cba09
Added MRF.QuietReply which prevents replies to public posts from being published to the timelines
2024-08-08 14:12:44 -04:00
Mark Felder
ca934b744f
Remove validation for cc fields on Blocks
2024-08-07 21:51:43 -04:00
Mark Felder
526a57ff9f
Remove validation for cc fields on Follow Accept/Reject
2024-08-07 21:51:22 -04:00
Mark Felder
8f15000c0f
Do not require a cc field when validating an incoming Follow activity
...
The cc field is not required and the code was keeping the cc if it existed on an activity or replacing it with the default of an empty list when casting. If any Follow activity was received with a cc field, it would attempt to keep it.
This was noticed in !4208 where we would craft Follow requests with a cc value of nil.
2024-08-07 14:38:29 -04:00
feld
45611ed325
Merge branch 'workerhelper-fix' into 'develop'
...
Fix WebPush notifications not generating jobs
See merge request pleroma/pleroma!4210
2024-08-07 17:37:44 +00:00
Mark Felder
721005b312
Fix WebPush notifications not generating jobs
...
Dialyzer pointed this one out.
The WorkerHelper removal in !4166 was missing this Oban.insert() and tests were not noticing any problems because we mocked the Push.send function instead of executing it and checking for the Oban job.
2024-08-07 13:00:31 -04:00
Mark Felder
06e8ece4cc
Fix CommonAPI.follow/2 which returned users in the reverse order they were provided to the function
2024-08-07 12:39:58 -04:00
feld
351a306d46
Merge branch 'stream-follow-relationships-count' into 'develop'
...
StreamerView: Do not leak follows count if hidden
See merge request pleroma/pleroma!4205
2024-08-07 16:17:58 +00:00
Mark Felder
9d27a074c1
Merge branch 'stream-follow-relationships-count' into develop
2024-08-07 11:48:52 -04:00
Mark Felder
7d33b53908
Improve the variable naming
2024-08-07 11:47:43 -04:00
feld
a2490ddd9f
Merge branch 'remove/workerhelper' into 'develop'
...
Remove WorkerHelper
See merge request pleroma/pleroma!4166
2024-08-07 13:26:41 +00:00
Mark Felder
c284c4e3e6
Extract the logic from the map
2024-08-07 09:19:33 -04:00
Mark Felder
0bfe592048
Credo
2024-08-06 12:48:36 -04:00
Mark Felder
9ae9e2fc5c
Use a struct to hold the prepared data passed to publish_one/1
2024-08-06 12:16:06 -04:00
Mark Felder
83fcf42c70
Force cc to an empty list if undefined
2024-08-06 12:03:44 -04:00
Mark Felder
f8bdcaa161
Split Federator.publish_one/1 into a second function called prepare_one/1
2024-08-06 11:16:04 -04:00
marcin mikołajczak
52f7033f7a
StreamerView: Do not leak follows count if hidden
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-04 16:03:25 +02:00
marcin mikołajczak
de9194893e
Support id
param in GET /api/v1/statuses
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-03 18:28:43 +02:00
Mark Felder
1f986ec713
Gun: Publisher job behavior improvement
...
Gun's connection pool also returns an error if duplicate workers are launched simultaneously. Snooze on this error as well, and lower the snooze to 3 seconds with the optimism that the connection will still be open by then and the delivery can be completed quickly.
The original setting of 30 seconds is pretty high and means there's an unnatural lag between deliveries of activities destined to the same server that were created at nearly the same time. This configuration should be more efficient.
2024-08-02 09:25:18 -04:00
Mark Felder
e6951e7e40
Fix User.disclose_client never working correctly
...
Our test environment cheats by constructing a conn with a custom oauth_access/2 function. This assigns a :token to the conn but due to the way it is constructed it has the :user preloaded. When the OAuth Plug fetches a token it does not preload the user, so the check for user.disclose_client was always nil and assumed to be false.
Preloading the :user ensures the test environment matches reality.
2024-07-31 14:14:35 -04:00
Mark Felder
52e9bec156
Remove WorkerHelper
2024-07-30 11:34:48 -04:00
feld
18469f3b1d
Merge branch 'oban/simpler-publish' into 'develop'
...
Publisher job simplification
See merge request pleroma/pleroma!4194
2024-07-30 15:23:28 +00:00
feld
c9042763b0
Merge branch 'oban/backup' into 'develop'
...
Backups Refactoring
See merge request pleroma/pleroma!4158
2024-07-29 16:07:35 +00:00
Mark Felder
b48fd89a41
Revert unintended change to the Logger metadata tag name
2024-07-29 10:03:22 -04:00
Mark Felder
8893ad9899
Fix cancelling jobs
2024-07-29 09:59:35 -04:00
Mark Felder
74072622e0
Remove actor and actor_id from the job as it can be inferred by the activity
2024-07-29 09:52:13 -04:00
Mark Felder
59309a9eff
Publisher job simplification
...
Publisher jobs now store the the activity id instead of inserting duplicate JSON data in the Oban queue for each delivery.
2024-07-28 21:04:36 -04:00
Mark Felder
c19d55cabb
Safer string concatenation
2024-07-25 16:18:45 -04:00
Mark Felder
84b15ac111
Improve specs and matching
2024-07-25 16:18:31 -04:00
Mark Felder
775f45cfe2
Merge remote-tracking branch 'origin/develop' into oban/backup
2024-07-25 14:43:40 -04:00
Mark Felder
a964368e31
Add test to fetch and validate an activity that originally failed signature
2024-07-25 14:34:55 -04:00
Mark Felder
1b9c887dbb
Extract validate_signature/2 from the HTTPSignaturePlug
...
This logic only exists in the Plug, so attempting to validate the signature by calling the library function HTTPSignature.validate_conn/2 directly will never work because we do not attempt to construct the (request-target) and @request-target headers with both the commonly misinterpreted and correct implementation of this field. Therefore all attempts to validate a signature from an Oban Job will fail.
2024-07-25 12:54:27 -04:00
Mark Felder
1a482a73c3
Fix Optimistic Inbox for failed signatures
...
When signatures fail on incoming activities we put the job into Oban to be processed later instead of doing the user fetching and validation inline which is expensive and increases latency on the incoming POST request. Unfortunately we did not retain the :method, :request_path, and :query_string parameters from the conn so the signature validation and Oban Job would always fail.
This was most obvious when Mastodon sends Deletes for users your server has never seen before.
2024-07-25 11:46:30 -04:00
Mark Felder
97d488aea3
Fix RichMedia negative cache entries
...
The negative cache entry was a nil value, but that is an expected response when the cache is missing an entry so it didn't work as intended.
2024-07-24 15:45:39 -04:00
Mark Felder
5a62868106
Consider errors during HTTP GET and HEAD to be unrecoverable and insert a negative cache entry
...
This is for a normal HTTP error response or timeout while receiving the data. A hard error from a process crash, DNS lookup failure, etc should produce a different response than {:ok, %Tesla.Env{}} and the request/job will be retryable.
2024-07-24 15:43:49 -04:00
Mark Felder
731f7b87d2
Pad RichMediaWorker timeout to be 2s longer than the Rich Media HTTP timeout
2024-07-24 15:42:50 -04:00