pleroma

mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2024-11-13 12:31:13 +00:00

Author	SHA1	Message	Date
feld	25db1a5d67	Merge branch 'oauth-app-spam2' into 'develop' OAuth App Spam, revisited See merge request pleroma/pleroma!4250	2024-09-05 21:19:09 +00:00
Mark Felder	1797f5958a	App orphans should only be removed if they are older than 15 mins	2024-09-05 20:55:28 +00:00
Mark Felder	53744bf146	Limit the number of orphaned to delete at 100 every 10 mins due to the cascading queries that have to check oauth_authorizations and oauth_tokens tables. This should keep ahead of most app registration spam and not overwhelm lower powered servers.	2024-09-04 11:45:05 -04:00
Mark Felder	a1951f3af7	Add Cron worker to clean up orphaned apps hourly	2024-09-04 10:59:58 -04:00
Mark Felder	7bd0750787	Ensure apps are assigned to users	2024-09-04 10:40:37 -04:00
Mark Felder	427da7a99a	Rate Limit the OAuth App spam	2024-09-04 09:22:58 -04:00
feld	fbcfbde833	Merge branch 'revert-9077d092' into 'develop' Revert "Merge branch 'oauth-app-spam' into 'develop'" See merge request pleroma/pleroma!4249	2024-09-04 02:41:31 +00:00
feld	92d5f0ac14	Revert "Merge branch 'oauth-app-spam' into 'develop'" This reverts merge request !4244	2024-09-04 02:22:25 +00:00
marcin mikołajczak	fecfe8bf89	Merge branch 'scrubbers-allow-mention-hashtag' into 'develop' scrubbers/default: Allow "mention hashtag" classes used by Mastodon See merge request pleroma/pleroma!4245	2024-09-02 11:08:33 +00:00
marcin mikołajczak	37397a43be	scrubbers/default: Allow "mention hashtag" classes used by Mastodon Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-09-02 12:39:29 +02:00
feld	9077d0925b	Merge branch 'oauth-app-spam' into 'develop' Fix OAuth app spam See merge request pleroma/pleroma!4244	2024-09-01 18:24:06 +00:00
feld	61e4be396f	Merge branch 'drop-unknown-deletes' into 'develop' Drop unwanted activities from unknown actors See merge request pleroma/pleroma!4236	2024-09-01 18:08:07 +00:00
Mark Felder	751d63d4bb	Support OAuth App updating the website URL	2024-09-01 13:55:45 -04:00
Mark Felder	e3a7c1d906	Test that app scopes can be updated	2024-09-01 12:37:59 -04:00
Mark Felder	5a1144208d	Prevent OAuth App flow from creating duplicate entries	2024-09-01 12:27:16 -04:00
Mark Felder	bb235f913f	Update changelog	2024-08-30 10:05:12 -04:00
Mark Felder	11ee94ae17	InboxGuardPlug: Add early rejection of unknown activity types	2024-08-30 10:05:09 -04:00
Mark Felder	e38f5f1a81	Add recognized activity types to a constant and use it in the test	2024-08-30 09:47:45 -04:00
feld	5205e846eb	Update allowed activity types from strangers Move is emitted from the old account EmojiReact is ~ Like Announced TBD	2024-08-30 09:30:33 -04:00
Mark Felder	094da5d634	Update changelog	2024-08-29 16:05:40 -04:00
Mark Felder	012132303f	Test more types we do not want to receive from strangers	2024-08-29 16:05:40 -04:00
Mark Felder	2b39956acb	Fix test title to be more specific as it has a broader but incorrect meaning	2024-08-29 16:05:40 -04:00
Mark Felder	990b2058df	Remove unnecessary error match in ReceiverWorker	2024-08-29 16:05:40 -04:00
Mark Felder	e2cdae2c88	Change relay inbox response when not federating to a 403 for consistency	2024-08-29 16:05:40 -04:00
Mark Felder	16a9b34876	Convert to an Plug called InboxGuard	2024-08-29 16:05:36 -04:00
Mark Felder	06deacd58e	Formatting	2024-08-29 11:59:42 -04:00
Mark Felder	7bcc21ad6f	Switch test to the inbox	2024-08-29 11:59:42 -04:00
feld	27fcc42171	Use Pleroma.Object.Containment.get_actor/1 to reliably find the actor of an incoming activity or object	2024-08-29 11:59:42 -04:00
Mark Felder	1c394dd18c	Move the check to the inbox	2024-08-29 11:59:42 -04:00
Mark Felder	4bc6f334f4	Revert unintentional change	2024-08-29 11:59:42 -04:00
Mark Felder	ceffb8a891	Drop incoming Delete activities from unknown actors	2024-08-29 11:59:42 -04:00
feld	62856ab18f	Merge branch 'todo-fixes' into 'develop' Clean up Elixir 1.13 TODOs See merge request pleroma/pleroma!4233	2024-08-29 15:27:53 +00:00
Mark Felder	b5814dc9b3	Merge remote-tracking branch 'origin/develop' into todo-fixes	2024-08-29 11:01:02 -04:00
feld	8d07034608	Merge branch 'pleroma-http-stream' into 'develop' Pleroma.HTTP: support streaming response bodies See merge request pleroma/pleroma!4239	2024-08-29 14:54:01 +00:00
Mark Felder	c17a78c55a	Rich Media: add stream byte counting as an extra protection against malicious URLs	2024-08-29 09:37:11 -04:00
Mark Felder	d01569822e	Changelog	2024-08-28 19:57:18 -04:00
Mark Felder	8ab4dd20df	Update comments, remove solved TODO	2024-08-28 19:52:29 -04:00
Mark Felder	0bf82a1745	Add an AdapterHelper for Finch so we can support streaming request bodies	2024-08-28 19:50:51 -04:00
feld	7910b235c7	Merge branch 'user-refresh-oban-tests' into 'develop' ReceiverWorker: tests, improvements See merge request pleroma/pleroma!4241	2024-08-28 23:24:33 +00:00
Mark Felder	1821ef4f15	Move user active check into Federator.perform/1	2024-08-28 18:35:09 -04:00
marcin mikołajczak	1e8b79956e	Merge branch 'docs-fix' into 'develop' Correct response in AdminAPI docs See merge request pleroma/pleroma!4240	2024-08-28 22:04:18 +00:00
Mark Felder	e498d252e4	Changelog update	2024-08-28 18:03:33 -04:00
Mark Felder	8a3efa7152	More error annotations	2024-08-28 18:02:35 -04:00
Mark Felder	c5ca806aa0	Add back one of the duplicate checks to fix a test, document where it comes from	2024-08-28 17:57:34 -04:00
Mark Felder	380a6a6df3	:validate_object is not a real error returned from anywhere	2024-08-28 17:45:31 -04:00
Mark Felder	2346807ac9	Annotate error cases	2024-08-28 17:44:33 -04:00
Mark Felder	2e9515578a	ReceiverWorker job canceled due to deleted object	2024-08-28 17:38:13 -04:00
Mark Felder	6ae629cfe0	Cancel ReceiverWorker jobs if the user account has been disabled / deactivated	2024-08-28 17:24:59 -04:00
Mark Felder	bb2f4a76b3	Add test for origin containment failures	2024-08-28 17:01:30 -04:00
Mark Felder	3dadb9ed08	Changelog	2024-08-28 16:37:46 -04:00

1 2 3 4 5 ...

16671 commits