Mark Felder
427da7a99a
Rate Limit the OAuth App spam
2024-09-04 09:22:58 -04:00
feld
fbcfbde833
Merge branch 'revert-9077d092' into 'develop'
...
Revert "Merge branch 'oauth-app-spam' into 'develop'"
See merge request pleroma/pleroma!4249
2024-09-04 02:41:31 +00:00
feld
92d5f0ac14
Revert "Merge branch 'oauth-app-spam' into 'develop'"
...
This reverts merge request !4244
2024-09-04 02:22:25 +00:00
marcin mikołajczak
fecfe8bf89
Merge branch 'scrubbers-allow-mention-hashtag' into 'develop'
...
scrubbers/default: Allow "mention hashtag" classes used by Mastodon
See merge request pleroma/pleroma!4245
2024-09-02 11:08:33 +00:00
marcin mikołajczak
37397a43be
scrubbers/default: Allow "mention hashtag" classes used by Mastodon
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-09-02 12:39:29 +02:00
feld
9077d0925b
Merge branch 'oauth-app-spam' into 'develop'
...
Fix OAuth app spam
See merge request pleroma/pleroma!4244
2024-09-01 18:24:06 +00:00
feld
61e4be396f
Merge branch 'drop-unknown-deletes' into 'develop'
...
Drop unwanted activities from unknown actors
See merge request pleroma/pleroma!4236
2024-09-01 18:08:07 +00:00
Mark Felder
751d63d4bb
Support OAuth App updating the website URL
2024-09-01 13:55:45 -04:00
Mark Felder
e3a7c1d906
Test that app scopes can be updated
2024-09-01 12:37:59 -04:00
Mark Felder
5a1144208d
Prevent OAuth App flow from creating duplicate entries
2024-09-01 12:27:16 -04:00
Mark Felder
bb235f913f
Update changelog
2024-08-30 10:05:12 -04:00
Mark Felder
11ee94ae17
InboxGuardPlug: Add early rejection of unknown activity types
2024-08-30 10:05:09 -04:00
Mark Felder
e38f5f1a81
Add recognized activity types to a constant and use it in the test
2024-08-30 09:47:45 -04:00
feld
5205e846eb
Update allowed activity types from strangers
...
Move is emitted from the old account
EmojiReact is ~ Like
Announced TBD
2024-08-30 09:30:33 -04:00
Mark Felder
094da5d634
Update changelog
2024-08-29 16:05:40 -04:00
Mark Felder
012132303f
Test more types we do not want to receive from strangers
2024-08-29 16:05:40 -04:00
Mark Felder
2b39956acb
Fix test title to be more specific as it has a broader but incorrect meaning
2024-08-29 16:05:40 -04:00
Mark Felder
990b2058df
Remove unnecessary error match in ReceiverWorker
2024-08-29 16:05:40 -04:00
Mark Felder
e2cdae2c88
Change relay inbox response when not federating to a 403 for consistency
2024-08-29 16:05:40 -04:00
Mark Felder
16a9b34876
Convert to an Plug called InboxGuard
2024-08-29 16:05:36 -04:00
Mark Felder
06deacd58e
Formatting
2024-08-29 11:59:42 -04:00
Mark Felder
7bcc21ad6f
Switch test to the inbox
2024-08-29 11:59:42 -04:00
feld
27fcc42171
Use Pleroma.Object.Containment.get_actor/1 to reliably find the actor of an incoming activity or object
2024-08-29 11:59:42 -04:00
Mark Felder
1c394dd18c
Move the check to the inbox
2024-08-29 11:59:42 -04:00
Mark Felder
4bc6f334f4
Revert unintentional change
2024-08-29 11:59:42 -04:00
Mark Felder
ceffb8a891
Drop incoming Delete activities from unknown actors
2024-08-29 11:59:42 -04:00
feld
62856ab18f
Merge branch 'todo-fixes' into 'develop'
...
Clean up Elixir 1.13 TODOs
See merge request pleroma/pleroma!4233
2024-08-29 15:27:53 +00:00
Mark Felder
b5814dc9b3
Merge remote-tracking branch 'origin/develop' into todo-fixes
2024-08-29 11:01:02 -04:00
feld
8d07034608
Merge branch 'pleroma-http-stream' into 'develop'
...
Pleroma.HTTP: support streaming response bodies
See merge request pleroma/pleroma!4239
2024-08-29 14:54:01 +00:00
Mark Felder
c17a78c55a
Rich Media: add stream byte counting as an extra protection against malicious URLs
2024-08-29 09:37:11 -04:00
Mark Felder
d01569822e
Changelog
2024-08-28 19:57:18 -04:00
Mark Felder
8ab4dd20df
Update comments, remove solved TODO
2024-08-28 19:52:29 -04:00
Mark Felder
0bf82a1745
Add an AdapterHelper for Finch so we can support streaming request bodies
2024-08-28 19:50:51 -04:00
feld
7910b235c7
Merge branch 'user-refresh-oban-tests' into 'develop'
...
ReceiverWorker: tests, improvements
See merge request pleroma/pleroma!4241
2024-08-28 23:24:33 +00:00
Mark Felder
1821ef4f15
Move user active check into Federator.perform/1
2024-08-28 18:35:09 -04:00
marcin mikołajczak
1e8b79956e
Merge branch 'docs-fix' into 'develop'
...
Correct response in AdminAPI docs
See merge request pleroma/pleroma!4240
2024-08-28 22:04:18 +00:00
Mark Felder
e498d252e4
Changelog update
2024-08-28 18:03:33 -04:00
Mark Felder
8a3efa7152
More error annotations
2024-08-28 18:02:35 -04:00
Mark Felder
c5ca806aa0
Add back one of the duplicate checks to fix a test, document where it comes from
2024-08-28 17:57:34 -04:00
Mark Felder
380a6a6df3
:validate_object is not a real error returned from anywhere
2024-08-28 17:45:31 -04:00
Mark Felder
2346807ac9
Annotate error cases
2024-08-28 17:44:33 -04:00
Mark Felder
2e9515578a
ReceiverWorker job canceled due to deleted object
2024-08-28 17:38:13 -04:00
Mark Felder
6ae629cfe0
Cancel ReceiverWorker jobs if the user account has been disabled / deactivated
2024-08-28 17:24:59 -04:00
Mark Felder
bb2f4a76b3
Add test for origin containment failures
2024-08-28 17:01:30 -04:00
Mark Felder
3dadb9ed08
Changelog
2024-08-28 16:37:46 -04:00
Mark Felder
48a4661885
Simplify test, move data into a json fixture
...
By removing the inReplyTo, tags, and cc we can simplify the test and it still passes signature validation
2024-08-28 16:31:59 -04:00
Mark Felder
66e1b40895
Cancel if the User fetch resulted in a 410
2024-08-28 16:04:12 -04:00
Mark Felder
60101e240d
Add test confirming cancellation for activity by a deleted user
2024-08-28 15:54:49 -04:00
Mark Felder
fc450fdefc
ReceiverWorker: cancel job if user fetch is forbidden
...
An instance block with authenticated fetch being required can cause this as we couldn't get the user to find their public key to verify the signature. Commonly observed if someone boosts/Announces a post from an instance that blocked you.
2024-08-28 15:45:16 -04:00
marcin mikołajczak
3419e2cbdd
Correct response in AdminAPI docs
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2024-08-28 18:28:22 +02:00