diff --git a/changelog.d/captcha-package.fix b/changelog.d/captcha-package.fix
new file mode 100644
index 000000000..98c2f6525
--- /dev/null
+++ b/changelog.d/captcha-package.fix
@@ -0,0 +1 @@
+Switch native captcha to the published pleroma_captcha Hex package.
diff --git a/changelog.d/iceshrimpnet-reports-fix.fix b/changelog.d/iceshrimpnet-reports-fix.fix
new file mode 100644
index 000000000..7487ae47e
--- /dev/null
+++ b/changelog.d/iceshrimpnet-reports-fix.fix
@@ -0,0 +1 @@
+Handle reports with just actor ap id as the object
diff --git a/changelog.d/majic-1.2.0.change b/changelog.d/majic-1.2.0.change
new file mode 100644
index 000000000..bc8d5eb3c
--- /dev/null
+++ b/changelog.d/majic-1.2.0.change
@@ -0,0 +1 @@
+Update majic to 1.2.0.
diff --git a/changelog.d/oban-plugins-lazarus-hex.change b/changelog.d/oban-plugins-lazarus-hex.change
new file mode 100644
index 000000000..9259df0f5
--- /dev/null
+++ b/changelog.d/oban-plugins-lazarus-hex.change
@@ -0,0 +1 @@
+Use the Hex package for oban_plugins_lazarus.
diff --git a/changelog.d/reject-third-party-reports.fix b/changelog.d/reject-third-party-reports.fix
new file mode 100644
index 000000000..7d4e87b94
--- /dev/null
+++ b/changelog.d/reject-third-party-reports.fix
@@ -0,0 +1 @@
+Reject incoming reports when both the reporter and reported account are remote
diff --git a/changelog.d/remote-ip-hex.change b/changelog.d/remote-ip-hex.change
new file mode 100644
index 000000000..44f6bc1bf
--- /dev/null
+++ b/changelog.d/remote-ip-hex.change
@@ -0,0 +1 @@
+Use upstream Hex releases for the `remote_ip` dependency and expose client IP ranges for remote IP resolution.
diff --git a/changelog.d/user-search-sorting.change b/changelog.d/user-search-sorting.change
new file mode 100644
index 000000000..def27e955
--- /dev/null
+++ b/changelog.d/user-search-sorting.change
@@ -0,0 +1 @@
+Improve user search / autocompletion ordering.
diff --git a/config/config.exs b/config/config.exs
index 2d38e3ebe..3f880af53 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -738,6 +738,7 @@ config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifeti
config :pleroma, Pleroma.Web.Plugs.RemoteIp,
enabled: true,
headers: ["x-forwarded-for"],
+ clients: [],
proxies: [],
reserved: [
"127.0.0.0/8",
diff --git a/config/description.exs b/config/description.exs
index 6e4348907..7c377588c 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -2910,7 +2910,7 @@ config :pleroma, :config_description, [
key: Pleroma.Web.Plugs.RemoteIp,
type: :group,
description: """
- `Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+ `Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://hex.pm/packages/remote_ip) but with runtime configuration.
**If your instance is not behind at least one reverse proxy, you should not enable this plug.**
""",
children: [
@@ -2926,6 +2926,12 @@ config :pleroma, :config_description, [
A list of strings naming the HTTP headers to use when deriving the true client IP. Default: `["x-forwarded-for"]`.
"""
},
+ %{
+ key: :clients,
+ type: {:list, :string},
+ description:
+ "A list of client IPs or subnets in CIDR notation. These will not be treated as proxies or reserved ranges. Defaults to `[]`. IPv4 entries without a bitmask will be assumed to be /32 and IPv6 /128."
+ },
%{
key: :proxies,
type: {:list, :string},
diff --git a/lib/pleroma/signature.ex b/lib/pleroma/signature.ex
index fca61799b..382cf9db3 100644
--- a/lib/pleroma/signature.ex
+++ b/lib/pleroma/signature.ex
@@ -104,7 +104,7 @@ defmodule Pleroma.Signature do
|> put_req_header("(request-target)", request_target)
|> put_req_header("@request-target", request_target)
- @http_signatures_impl.validate_conn(conn)
+ @http_signatures_impl.validate_conn(conn) == true
end
@spec validate_signature(Plug.Conn.t()) :: boolean()
diff --git a/lib/pleroma/user/search.ex b/lib/pleroma/user/search.ex
index 851745714..abc45f62a 100644
--- a/lib/pleroma/user/search.ex
+++ b/lib/pleroma/user/search.ex
@@ -4,6 +4,7 @@
defmodule Pleroma.User.Search do
alias Pleroma.EctoType.ActivityPub.ObjectValidators.Uri, as: UriType
+ alias Pleroma.Instances.Instance
alias Pleroma.Pagination
alias Pleroma.User
@@ -88,12 +89,13 @@ defmodule Pleroma.User.Search do
|> filter_invisible_users()
|> filter_internal_users()
|> filter_blocked_domains(for_user)
+ |> filter_unreachable_users()
|> fts_search(query_string)
|> select_top_users(top_user_ids)
|> trigram_rank(query_string)
|> boost_search_rank(for_user, top_user_ids)
|> subquery()
- |> order_by(desc: :search_rank)
+ |> order_by_search_rank(for_user)
|> maybe_restrict_local(for_user)
|> maybe_restrict_accepting_chat_messages(capabilities)
|> filter_deactivated_users()
@@ -196,6 +198,14 @@ defmodule Pleroma.User.Search do
defp filter_blocked_domains(query, _), do: query
+ defp filter_unreachable_users(query) do
+ from(u in query,
+ left_join: i in Instance,
+ on: i.host == fragment("substring(? from '.*://([^/]*)')", u.ap_id),
+ where: is_nil(i.unreachable_since)
+ )
+ end
+
defp maybe_resolve(true, user, query) do
case {limit(), user} do
{:all, _} -> :noop
@@ -236,6 +246,16 @@ defmodule Pleroma.User.Search do
from(u in subquery(query),
select_merge: %{
+ search_type:
+ fragment(
+ """
+ CASE WHEN (?) THEN 2
+ WHEN (?) THEN 1
+ ELSE 0 END
+ """,
+ u.id in ^top_user_ids,
+ u.id in ^friends_ids or u.id in ^followers_ids
+ ),
search_rank:
fragment(
"""
@@ -261,6 +281,14 @@ defmodule Pleroma.User.Search do
defp boost_search_rank(query, _for_user, top_user_ids) do
from(u in subquery(query),
select_merge: %{
+ search_type:
+ fragment(
+ """
+ CASE WHEN (?) THEN 2
+ ELSE 0 END
+ """,
+ u.id in ^top_user_ids
+ ),
search_rank:
fragment(
"""
@@ -273,4 +301,22 @@ defmodule Pleroma.User.Search do
}
)
end
+
+ defp order_by_search_rank(query, %User{}) do
+ order_by(
+ query,
+ [u],
+ desc: u.search_type,
+ desc_nulls_last:
+ fragment(
+ "CASE WHEN ? = 1 THEN COALESCE(?, ?) ELSE NULL END",
+ u.search_type,
+ u.last_status_at,
+ u.last_active_at
+ ),
+ desc: u.search_rank
+ )
+ end
+
+ defp order_by_search_rank(query, _), do: order_by(query, desc: :search_rank)
end
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 4421da26c..a013dd226 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -430,6 +430,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
end)
end
+ defp reject_third_party_report(%User{local: false}, %User{local: false} = account) do
+ {:reject, "[Transmogrifier] third-party report: #{account.ap_id}"}
+ end
+
+ defp reject_third_party_report(_, _), do: :ok
+
def handle_incoming(data, options \\ []) do
data
|> fix_recursive(&strip_internal_fields/1)
@@ -444,9 +450,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
) do
with context <- data["context"] || Utils.generate_context_id(),
content <- data["content"] || "",
+ objects <- List.wrap(objects),
%User{} = actor <- User.get_cached_by_ap_id(actor),
# Reduce the object list to find the reported user.
%User{} = account <- get_reported(objects),
+ :ok <- reject_third_party_report(actor, account),
# Remove the reported user from the object list.
statuses <- Enum.filter(objects, fn ap_id -> ap_id != account.ap_id end) do
%{
diff --git a/lib/pleroma/web/plugs/remote_ip.ex b/lib/pleroma/web/plugs/remote_ip.ex
index 3a4bffb50..4c2ea099d 100644
--- a/lib/pleroma/web/plugs/remote_ip.ex
+++ b/lib/pleroma/web/plugs/remote_ip.ex
@@ -4,7 +4,7 @@
defmodule Pleroma.Web.Plugs.RemoteIp do
@moduledoc """
- This is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+ This is a shim to call [`RemoteIp`](https://hex.pm/packages/remote_ip) but with runtime configuration.
"""
alias Pleroma.Config
@@ -17,15 +17,29 @@ defmodule Pleroma.Web.Plugs.RemoteIp do
def call(%{remote_ip: original_remote_ip} = conn, _) do
if Config.get([__MODULE__, :enabled]) do
- %{remote_ip: new_remote_ip} = conn = RemoteIp.call(conn, remote_ip_opts())
+ new_remote_ip = remote_ip(conn) || original_remote_ip
+
+ conn = %{conn | remote_ip: new_remote_ip}
assign(conn, :remote_ip_found, original_remote_ip != new_remote_ip)
else
conn
end
end
+ defp remote_ip(conn) do
+ opts = remote_ip_opts()
+
+ # Do not use RemoteIp.from/2 here: upstream remote_ip always applies its
+ # built-in reserved ranges. Pleroma keeps :reserved configurable, so reuse
+ # only the header parsing and apply Pleroma's own block classification.
+ conn.req_headers
+ |> RemoteIp.Headers.take(opts[:headers])
+ |> RemoteIp.Headers.parse()
+ |> Enum.reverse()
+ |> Enum.find(&client?(&1, opts))
+ end
+
defp remote_ip_opts do
- headers = Config.get([__MODULE__, :headers], []) |> MapSet.new()
reserved = Config.get([__MODULE__, :reserved], [])
proxies =
@@ -33,6 +47,26 @@ defmodule Pleroma.Web.Plugs.RemoteIp do
|> Enum.concat(reserved)
|> Enum.map(&InetHelper.parse_cidr/1)
- {headers, proxies}
+ clients =
+ Config.get([__MODULE__, :clients], [])
+ |> Enum.map(&InetHelper.parse_cidr/1)
+
+ [
+ headers: Config.get([__MODULE__, :headers], []),
+ clients: clients,
+ proxies: proxies
+ ]
+ end
+
+ defp client?(ip, opts) do
+ client_ip?(ip, opts[:clients]) || !proxy_ip?(ip, opts[:proxies])
+ end
+
+ defp client_ip?(ip, clients) do
+ Enum.any?(clients, &InetCidr.contains?(&1, ip))
+ end
+
+ defp proxy_ip?(ip, proxies) do
+ Enum.any?(proxies, &InetCidr.contains?(&1, ip))
end
end
diff --git a/mix.exs b/mix.exs
index 9c10cacc0..44374f383 100644
--- a/mix.exs
+++ b/mix.exs
@@ -137,9 +137,7 @@ defmodule Pleroma.Mixfile do
{:tzdata, "~> 1.0.5"},
{:plug_cowboy, "~> 2.7"},
{:oban, "~> 2.19.4"},
- {:oban_plugins_lazarus,
- git: "https://git.pleroma.social/pleroma/elixir-libraries/oban_plugins_lazarus.git",
- ref: "e49fc355baaf0e435208bf5f534d31e26e897711"},
+ {:oban_plugins_lazarus, "~> 0.1.1"},
{:oban_web, "~> 2.11"},
{:gettext, "~> 0.24"},
{:bcrypt_elixir, "~> 2.3"},
@@ -184,14 +182,11 @@ defmodule Pleroma.Mixfile do
{:plug_static_index_html, "~> 1.0.0"},
{:flake_id, "~> 0.1.0"},
{:concurrent_limiter, "~> 0.1.1"},
- {:remote_ip,
- git: "https://git.pleroma.social/pleroma/remote_ip.git",
- ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"},
- {:captcha,
- git: "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git",
- ref: "e7b7cc34cc16b383461b966484c297e4ec9aeef6"},
+ {:remote_ip, "~> 1.2.0"},
+ {:inet_cidr, "~> 1.0"},
+ {:captcha, "~> 1.0.3", hex: :pleroma_captcha},
{:restarter, path: "./restarter"},
- {:majic, "~> 1.1"},
+ {:majic, "~> 1.2"},
{:open_api_spex, "~> 3.22"},
{:ecto_psql_extras, "~> 0.8"},
{:vix, "~> 0.36"},
diff --git a/mix.lock b/mix.lock
index da0c1c60c..81e16d4da 100644
--- a/mix.lock
+++ b/mix.lock
@@ -10,7 +10,7 @@
"bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"},
"cachex": {:hex, :cachex, "3.6.0", "14a1bfbeee060dd9bec25a5b6f4e4691e3670ebda28c8ba2884b12fe30b36bf8", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:jumper, "~> 1.0", [hex: :jumper, repo: "hexpm", optional: false]}, {:sleeplocks, "~> 1.1", [hex: :sleeplocks, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm", "ebf24e373883bc8e0c8d894a63bbe102ae13d918f790121f5cfe6e485cc8e2e2"},
"calendar": {:hex, :calendar, "1.0.0", "f52073a708528482ec33d0a171954ca610fe2bd28f1e871f247dc7f1565fa807", [:mix], [{:tzdata, "~> 0.1.201603 or ~> 0.5.20 or ~> 1.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "990e9581920c82912a5ee50e62ff5ef96da6b15949a2ee4734f935fdef0f0a6f"},
- "captcha": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git", "e7b7cc34cc16b383461b966484c297e4ec9aeef6", [ref: "e7b7cc34cc16b383461b966484c297e4ec9aeef6"]},
+ "captcha": {:hex, :pleroma_captcha, "1.0.3", "6cc1440e91a092653fe909f028cc4c5d83ea858b1439e3b9a85e446382e2b9a3", [:make, :mix], [], "hexpm", "477f62c1a845a9458c546658223295f958f98136acef89c05beb278b1b6f4a14"},
"castore": {:hex, :castore, "1.0.15", "8aa930c890fe18b6fe0a0cff27b27d0d4d231867897bd23ea772dee561f032a3", [:mix], [], "hexpm", "96ce4c69d7d5d7a0761420ef743e2f4096253931a3ba69e5ff8ef1844fe446d3"},
"cc_precompiler": {:hex, :cc_precompiler, "0.1.11", "8c844d0b9fb98a3edea067f94f616b3f6b29b959b6b3bf25fee94ffe34364768", [:mix], [{:elixir_make, "~> 0.7", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "3427232caf0835f94680e5bcf082408a70b48ad68a5f5c0b02a3bea9f3a075b9"},
"certifi": {:hex, :certifi, "2.12.0", "2d1cca2ec95f59643862af91f001478c9863c2ac9cb6e2f89780bfd8de987329", [:rebar3], [], "hexpm", "ee68d85df22e554040cdb4be100f33873ac6051387baf6a8f6ce82272340ff1c"},
@@ -65,7 +65,7 @@
"http_signatures": {:hex, :http_signatures, "0.1.3", "19f26aee35b4684e37efdce3ac4638605e6e41a04368186bd39d2b6138a60ea9", [:mix], [{:plug, "~> 1.18", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "20313a65516db88006f85b090f6f76cc5b04e9609b45943657e6781eb91174f4"},
"httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
"idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
- "inet_cidr": {:hex, :inet_cidr, "1.0.8", "d26bb7bdbdf21ae401ead2092bf2bb4bf57fe44a62f5eaa5025280720ace8a40", [:mix], [], "hexpm", "d5b26da66603bb56c933c65214c72152f0de9a6ea53618b56d63302a68f6a90e"},
+ "inet_cidr": {:hex, :inet_cidr, "1.0.9", "e0ef72a2942529da78c8e4147d53f2ef5f6f5293335c3637b0fdf83c012cc816", [:mix], [], "hexpm", "172da15ff7cf635b1feaf14f5818be28c811b37cc5fb7c5f7c01058c1c1066cc"},
"jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},
"joken": {:hex, :joken, "2.6.2", "5daaf82259ca603af4f0b065475099ada1b2b849ff140ccd37f4b6828ca6892a", [:mix], [{:jose, "~> 1.11.10", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "5134b5b0a6e37494e46dbf9e4dad53808e5e787904b7c73972651b51cce3d72b"},
"jose": {:hex, :jose, "1.11.10", "a903f5227417bd2a08c8a00a0cbcc458118be84480955e8d251297a425723f83", [:mix, :rebar3], [], "hexpm", "0d6cd36ff8ba174db29148fc112b5842186b68a90ce9fc2b3ec3afe76593e614"},
@@ -73,7 +73,7 @@
"linkify": {:hex, :linkify, "0.5.3", "5f8143d8f61f5ff08d3aeeff47ef6509492b4948d8f08007fbf66e4d2246a7f2", [:mix], [], "hexpm", "3ef35a1377d47c25506e07c1c005ea9d38d700699d92ee92825f024434258177"},
"logger_backends": {:hex, :logger_backends, "1.0.0", "09c4fad6202e08cb0fbd37f328282f16539aca380f512523ce9472b28edc6bdf", [:mix], [], "hexpm", "1faceb3e7ec3ef66a8f5746c5afd020e63996df6fd4eb8cdb789e5665ae6c9ce"},
"mail": {:hex, :mail, "0.3.1", "cb0a14e4ed8904e4e5a08214e686ccf6f9099346885db17d8c309381f865cc5c", [:mix], [], "hexpm", "1db701e89865c1d5fa296b2b57b1cd587587cca8d8a1a22892b35ef5a8e352a6"},
- "majic": {:hex, :majic, "1.1.1", "16092a3a3376cc5e13d207e82ec06e05a5561170465e50cc11cc4df8a5747938", [:make, :mix], [{:elixir_make, "~> 0.8.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "7fbb0372f0447b3f777056177d6ab3f009742e68474f850521ff56b84bd85b96"},
+ "majic": {:hex, :majic, "1.2.0", "414b69c1460ece692fa892a0ed6669b8db6a44c42bb3071cb723854f22e7bd78", [:make, :mix], [{:elixir_make, "~> 0.8.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "0bd0c65f8e4dcc595757d957577f6151b59246da9614ba87debfdc641ccc0514"},
"makeup": {:hex, :makeup, "1.0.5", "d5a830bc42c9800ce07dd97fa94669dfb93d3bf5fcf6ea7a0c67b2e0e4a7f26c", [:mix], [{:nimble_parsec, "~> 0.5 or ~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "cfa158c02d3f5c0c665d0af11512fed3fba0144cf1aadee0f2ce17747fba2ca9"},
"makeup_elixir": {:hex, :makeup_elixir, "0.14.1", "4f0e96847c63c17841d42c08107405a005a2680eb9c7ccadfd757bd31dabccfb", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "f2438b1a80eaec9ede832b5c41cd4f373b38fd7aa33e3b22d9db79e640cbde11"},
"makeup_erlang": {:hex, :makeup_erlang, "1.0.2", "03e1804074b3aa64d5fad7aa64601ed0fb395337b982d9bcf04029d68d51b6a7", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "af33ff7ef368d5893e4a267933e7744e46ce3cf1f61e2dccf53a111ed3aa3727"},
@@ -96,7 +96,7 @@
"oban": {:hex, :oban, "2.19.4", "045adb10db1161dceb75c254782f97cdc6596e7044af456a59decb6d06da73c1", [:mix], [{:ecto_sql, "~> 3.10", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:ecto_sqlite3, "~> 0.9", [hex: :ecto_sqlite3, repo: "hexpm", optional: true]}, {:igniter, "~> 0.5", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: true]}, {:myxql, "~> 0.7", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "5fcc6219e6464525b808d97add17896e724131f498444a292071bf8991c99f97"},
"oban_live_dashboard": {:hex, :oban_live_dashboard, "0.1.1", "8aa4ceaf381c818f7d5c8185cc59942b8ac82ef0cf559881aacf8d3f8ac7bdd3", [:mix], [{:oban, "~> 2.15", [hex: :oban, repo: "hexpm", optional: false]}, {:phoenix_live_dashboard, "~> 0.7", [hex: :phoenix_live_dashboard, repo: "hexpm", optional: false]}], "hexpm", "16dc4ce9c9a95aa2e655e35ed4e675652994a8def61731a18af85e230e1caa63"},
"oban_met": {:hex, :oban_met, "1.0.5", "bb633ab06448dab2ef9194f6688d33b3d07fc3f2ad793a1a08f4dfbb2cc9fe50", [:mix], [{:oban, "~> 2.19", [hex: :oban, repo: "hexpm", optional: false]}], "hexpm", "64664d50805bbfd3903aeada1f3c39634652a87844797ee400b0bcc95a28f5ea"},
- "oban_plugins_lazarus": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/oban_plugins_lazarus.git", "e49fc355baaf0e435208bf5f534d31e26e897711", [ref: "e49fc355baaf0e435208bf5f534d31e26e897711"]},
+ "oban_plugins_lazarus": {:hex, :oban_plugins_lazarus, "0.1.1", "a5141d569e5b9f3bec8f4a958231d2c538af097d3c1ad06274f096fc06956821", [:mix], [{:oban, "< 3.0.0", [hex: :oban, repo: "hexpm", optional: false]}], "hexpm", "7e9c51bc44d33f71c0a52cf0cd5c8d4c70380ede065c1042013f5123f2fc9729"},
"oban_web": {:hex, :oban_web, "2.11.6", "53933cb4253c4d9f1098ee311c06f07935259f0e564dcf2d66bae4cc98e317fe", [:mix], [{:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}, {:oban, "~> 2.19", [hex: :oban, repo: "hexpm", optional: false]}, {:oban_met, "~> 1.0", [hex: :oban_met, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.7", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 3.3 or ~> 4.0", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 1.0", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:phoenix_pubsub, "~> 2.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}], "hexpm", "576d94b705688c313694c2c114ca21aa0f8f2ad1b9ca45c052c5ba316d3e8d10"},
"octo_fetch": {:hex, :octo_fetch, "0.4.0", "074b5ecbc08be10b05b27e9db08bc20a3060142769436242702931c418695b19", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "cf8be6f40cd519d7000bb4e84adcf661c32e59369ca2827c4e20042eda7a7fc6"},
"open_api_spex": {:hex, :open_api_spex, "3.22.0", "fbf90dc82681dc042a4ee79853c8e989efbba73d9e87439085daf849bbf8bc20", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 3.0 or ~> 4.0 or ~> 5.0 or ~> 6.0", [hex: :poison, repo: "hexpm", optional: true]}, {:ymlr, "~> 2.0 or ~> 3.0 or ~> 4.0 or ~> 5.0", [hex: :ymlr, repo: "hexpm", optional: true]}], "hexpm", "dd751ddbdd709bb4a5313e9a24530da6e66594773c7242a0c2592cbd9f589063"},
@@ -132,7 +132,7 @@
"quic": {:hex, :quic, "0.10.2", "4b390507a85f65ce47808f3df1a864e0baf9adb7a1b4ea9f4dcd66fe9d0cb166", [:rebar3], [], "hexpm", "7c196a66973c877a59768a5687f0a0610ff11817254d0a4e45cc4e3a16b1d00b"},
"ranch": {:hex, :ranch, "2.2.0", "25528f82bc8d7c6152c57666ca99ec716510fe0925cb188172f41ce93117b1b0", [:make, :rebar3], [], "hexpm", "fa0b99a1780c80218a4197a59ea8d3bdae32fbff7e88527d7d8a4787eff4f8e7"},
"recon": {:hex, :recon, "2.5.6", "9052588e83bfedfd9b72e1034532aee2a5369d9d9343b61aeb7fbce761010741", [:mix, :rebar3], [], "hexpm", "96c6799792d735cc0f0fd0f86267e9d351e63339cbe03df9d162010cefc26bb0"},
- "remote_ip": {:git, "https://git.pleroma.social/pleroma/remote_ip.git", "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8", [ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"]},
+ "remote_ip": {:hex, :remote_ip, "1.2.0", "fb078e12a44414f4cef5a75963c33008fe169b806572ccd17257c208a7bc760f", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "2ff91de19c48149ce19ed230a81d377186e4412552a597d6a5137373e5877cb7"},
"rustler": {:hex, :rustler, "0.30.0", "cefc49922132b072853fa9b0ca4dc2ffcb452f68fb73b779042b02d545e097fb", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:toml, "~> 0.6", [hex: :toml, repo: "hexpm", optional: false]}], "hexpm", "9ef1abb6a7dda35c47cfc649e6a5a61663af6cf842a55814a554a84607dee389"},
"sleeplocks": {:hex, :sleeplocks, "1.1.3", "96a86460cc33b435c7310dbd27ec82ca2c1f24ae38e34f8edde97f756503441a", [:rebar3], [], "hexpm", "d3b3958552e6eb16f463921e70ae7c767519ef8f5be46d7696cc1ed649421321"},
"ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.7", "354c321cf377240c7b8716899e182ce4890c5938111a1296add3ec74cf1715df", [:make, :mix, :rebar3], [], "hexpm", "fe4c190e8f37401d30167c8c405eda19469f34577987c76dde613e838bbc67f8"},
diff --git a/test/pleroma/dependency_version_test.exs b/test/pleroma/dependency_version_test.exs
new file mode 100644
index 000000000..0c9c1e939
--- /dev/null
+++ b/test/pleroma/dependency_version_test.exs
@@ -0,0 +1,16 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.DependencyVersionTest do
+ use ExUnit.Case, async: true
+
+ test "uses majic 1.2" do
+ majic_version =
+ :majic
+ |> Application.spec(:vsn)
+ |> to_string()
+
+ assert Version.match?(majic_version, "~> 1.2")
+ end
+end
diff --git a/test/pleroma/signature_test.exs b/test/pleroma/signature_test.exs
index 572d7acc3..0c7c4c840 100644
--- a/test/pleroma/signature_test.exs
+++ b/test/pleroma/signature_test.exs
@@ -11,6 +11,7 @@ defmodule Pleroma.SignatureTest do
import Mock
alias Pleroma.Signature
+ alias Pleroma.StubbedHTTPSignaturesMock, as: HTTPSignaturesMock
setup do
mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -103,6 +104,18 @@ defmodule Pleroma.SignatureTest do
end
end
+ describe "validate_signature/1" do
+ test "treats HTTP signature errors as failed validation" do
+ conn = %Plug.Conn{method: "GET", request_path: "/inbox", req_headers: []}
+
+ Mox.expect(HTTPSignaturesMock, :validate_conn, fn _conn ->
+ {:error, :request_target_header}
+ end)
+
+ assert Signature.validate_signature(conn) == false
+ end
+ end
+
describe "key_id_to_actor_id/1" do
test "it properly deduces the actor id for misskey" do
assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") ==
diff --git a/test/pleroma/user/search_test.exs b/test/pleroma/user/search_test.exs
new file mode 100644
index 000000000..c1aca90bc
--- /dev/null
+++ b/test/pleroma/user/search_test.exs
@@ -0,0 +1,195 @@
+# Pleroma: A lightweight social networking server
+# Copyright © Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.User.SearchTest do
+ use Pleroma.DataCase, async: false
+
+ import Pleroma.Factory
+
+ alias Pleroma.Instances
+ alias Pleroma.Repo
+ alias Pleroma.User
+
+ describe "search/2 mention suggestions" do
+ test "prioritizes followed/follower users before others" do
+ user = insert(:user)
+
+ related =
+ insert(:user,
+ local: false,
+ nickname: "hj@real.example",
+ ap_id: "https://real.example/users/hj",
+ last_status_at: ~N[2020-01-01 00:00:00]
+ )
+
+ other = insert(:user, nickname: "hj", last_status_at: ~N[2020-01-02 00:00:00])
+
+ {:ok, _related, _user} = User.follow(related, user)
+
+ results = User.search("hj", for_user: user) |> Enum.map(& &1.id)
+
+ assert results == [related.id, other.id]
+ end
+
+ test "orders followed/follower users by most recent activity" do
+ user = insert(:user)
+
+ older =
+ insert(:user,
+ local: false,
+ nickname: "ali@remote.example",
+ ap_id: "https://remote.example/users/ali",
+ last_status_at: ~N[2020-01-01 00:00:00]
+ )
+
+ newer =
+ insert(:user,
+ local: false,
+ nickname: "alia@remote.example",
+ ap_id: "https://remote.example/users/alia",
+ last_status_at: ~N[2020-01-02 00:00:00]
+ )
+
+ {:ok, _user, _older} = User.follow(user, older)
+ {:ok, _user, _newer} = User.follow(user, newer)
+
+ assert [newer.id, older.id] ==
+ User.search("ali", for_user: user)
+ |> Enum.map(& &1.id)
+ end
+
+ test "groups followed/follower users first and sorts them by recency" do
+ user = insert(:user)
+
+ following_newest =
+ insert(:user,
+ local: false,
+ nickname: "mentiontesta@related.example",
+ ap_id: "https://related.example/users/mentiontesta",
+ last_status_at: ~N[2020-01-03 00:00:00]
+ )
+
+ follower_middle =
+ insert(:user,
+ local: false,
+ nickname: "mentiontestb@related.example",
+ ap_id: "https://related.example/users/mentiontestb",
+ last_status_at: ~N[2020-01-02 00:00:00]
+ )
+
+ mutual_oldest =
+ insert(:user,
+ local: false,
+ nickname: "mentiontestc@related.example",
+ ap_id: "https://related.example/users/mentiontestc",
+ last_status_at: ~N[2020-01-01 00:00:00]
+ )
+
+ unrelated_newer =
+ insert(:user,
+ local: false,
+ nickname: "mentiontestd@unrelated.example",
+ ap_id: "https://unrelated.example/users/mentiontestd",
+ last_status_at: ~N[2020-01-04 00:00:00]
+ )
+
+ {:ok, _user, _following_newest} = User.follow(user, following_newest)
+ {:ok, _follower_middle, _user} = User.follow(follower_middle, user)
+
+ {:ok, _user, _mutual_oldest} = User.follow(user, mutual_oldest)
+ {:ok, _mutual_oldest, _user} = User.follow(mutual_oldest, user)
+
+ results = User.search("mentiontest", for_user: user)
+
+ assert Enum.map(results, & &1.id) ==
+ [following_newest.id, follower_middle.id, mutual_oldest.id, unrelated_newer.id]
+ end
+
+ test "uses last_active_at when last_status_at is missing" do
+ user = insert(:user)
+
+ older =
+ insert(:user,
+ local: false,
+ nickname: "activefallbacka@remote.example",
+ ap_id: "https://remote.example/users/activefallbacka",
+ last_status_at: nil,
+ last_active_at: ~N[2020-01-01 00:00:00]
+ )
+
+ newer =
+ insert(:user,
+ local: false,
+ nickname: "activefallbackb@remote.example",
+ ap_id: "https://remote.example/users/activefallbackb",
+ last_status_at: nil,
+ last_active_at: ~N[2020-01-02 00:00:00]
+ )
+
+ {:ok, _user, _older} = User.follow(user, older)
+ {:ok, _user, _newer} = User.follow(user, newer)
+
+ assert [newer.id, older.id] ==
+ User.search("activefallback", for_user: user)
+ |> Enum.map(& &1.id)
+ end
+
+ test "does not return deactivated users even if related" do
+ user = insert(:user)
+
+ active =
+ insert(:user,
+ local: false,
+ nickname: "deactivatedtesta@remote.example",
+ ap_id: "https://remote.example/users/deactivatedtesta",
+ last_status_at: ~N[2020-01-02 00:00:00]
+ )
+
+ deactivated =
+ insert(:user,
+ local: false,
+ nickname: "deactivatedtestb@remote.example",
+ ap_id: "https://remote.example/users/deactivatedtestb",
+ last_status_at: ~N[2020-01-03 00:00:00]
+ )
+
+ {:ok, _user, _active} = User.follow(user, active)
+ {:ok, _user, _deactivated} = User.follow(user, deactivated)
+ Repo.update!(Ecto.Changeset.change(deactivated, is_active: false))
+
+ results = User.search("deactivatedtest", for_user: user) |> Enum.map(& &1.id)
+
+ assert results == [active.id]
+ end
+
+ test "does not return users from unreachable instances" do
+ user = insert(:user)
+
+ {:ok, _instance} = Instances.set_unreachable("dead.example")
+
+ dead =
+ insert(:user,
+ local: false,
+ nickname: "ali@dead.example",
+ ap_id: "https://dead.example/users/ali",
+ last_status_at: ~N[2020-01-02 00:00:00]
+ )
+
+ alive =
+ insert(:user,
+ local: false,
+ nickname: "ali@alive.example",
+ ap_id: "https://alive.example/users/ali",
+ last_status_at: ~N[2020-01-02 00:00:00]
+ )
+
+ {:ok, _user, _alive} = User.follow(user, alive)
+ {:ok, _user, _dead} = User.follow(user, dead)
+
+ results = User.search("ali", for_user: user) |> Enum.map(& &1.id)
+
+ assert results == [alive.id]
+ end
+ end
+end
diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs
index c1e01557d..bedb466a4 100644
--- a/test/pleroma/web/activity_pub/transmogrifier_test.exs
+++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs
@@ -86,6 +86,43 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
assert activity.data["cc"] == [user.ap_id]
end
+ test "it rejects Flag activities when both reporter and reported account are remote" do
+ reporter = insert(:user, local: false, domain: "mastodon.cat")
+ reported = insert(:user, local: false, domain: "nicecrew.digital")
+
+ message = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "actor" => reporter.ap_id,
+ "content" => "blocked AND reported!!!",
+ "object" => [reported.ap_id, "https://nicecrew.digital/objects/report-status"],
+ "type" => "Flag"
+ }
+
+ assert {:reject, reason} = Transmogrifier.handle_incoming(message)
+ assert reason =~ "third-party report"
+ refute "Flag" |> Pleroma.Activity.Queries.by_type() |> Pleroma.Repo.one()
+ end
+
+ test "it accepts Flag activities with just actor id as object" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ message = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "cc" => [user.ap_id],
+ "object" => user.ap_id,
+ "type" => "Flag",
+ "content" => "blocked AND reported!!!",
+ "actor" => other_user.ap_id
+ }
+
+ assert {:ok, activity} = Transmogrifier.handle_incoming(message)
+
+ assert activity.data["content"] == "blocked AND reported!!!"
+ assert activity.data["actor"] == other_user.ap_id
+ assert activity.data["cc"] == [user.ap_id]
+ end
+
test "it accepts Move activities" do
old_user = insert(:user)
new_user = insert(:user)
diff --git a/test/pleroma/web/plugs/remote_ip_test.exs b/test/pleroma/web/plugs/remote_ip_test.exs
index 37b751370..19e786f8a 100644
--- a/test/pleroma/web/plugs/remote_ip_test.exs
+++ b/test/pleroma/web/plugs/remote_ip_test.exs
@@ -106,4 +106,38 @@ defmodule Pleroma.Web.Plugs.RemoteIpTest do
assert conn.remote_ip == {1, 1, 1, 1}
end
+
+ test "reserved ranges are configurable" do
+ clear_config([RemoteIp, :reserved], [])
+
+ conn =
+ conn(:get, "/")
+ |> put_req_header("x-forwarded-for", "1.1.1.1, 10.0.0.3")
+ |> RemoteIp.call(nil)
+
+ assert conn.remote_ip == {10, 0, 0, 3}
+ end
+
+ test "clients override reserved ranges" do
+ clear_config([RemoteIp, :clients], ["10.0.0.0/8"])
+
+ conn =
+ conn(:get, "/")
+ |> put_req_header("x-forwarded-for", "1.1.1.1, 10.0.0.3")
+ |> RemoteIp.call(nil)
+
+ assert conn.remote_ip == {10, 0, 0, 3}
+ end
+
+ test "clients override proxies" do
+ clear_config([RemoteIp, :clients], ["10.0.0.3"])
+ clear_config([RemoteIp, :proxies], ["10.0.0.0/8"])
+
+ conn =
+ conn(:get, "/")
+ |> put_req_header("x-forwarded-for", "1.1.1.1, 10.0.0.3")
+ |> RemoteIp.call(nil)
+
+ assert conn.remote_ip == {10, 0, 0, 3}
+ end
end