hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
17,429 commits 1 branch 0 tags 241 MiB
Commit graph

6,627 commits

Author SHA1 Message Date
Phantasm
f914748510
 		Transmogrifier: make Listen Activity test more strict 2025-12-11 23:30:04 +01:00
Phantasm
3f16965178
 		Transmogrifier: update internal fields list according to constant 2025-12-11 23:30:04 +01:00
Phantasm
21b2fd1e05
 		AP C2S: reject Flag activities, add visibility refutes to some tests 2025-12-11 23:30:04 +01:00
Phantasm
2b76243ec8
 		CommonAPI: Fail when user sends report with posts not visible to them 2025-12-11 23:30:03 +01:00
Phantasm
a4e480a636
 		lint and credo 2025-12-11 23:30:03 +01:00
Phantasm
b3887a6fa7
 		AP C2S: Validate visibility for C2S requests to /users/:nickname/outbox 
A local user could previously send Announce/EmojiReact/Like activities
to their outbox referencing objects that aren't visible to them and they
would get processed as if can see them. Only requirement is knowing
the URI of the object and the users instance having C2S enabled (currently
disabled by default).
 2025-12-11 23:30:03 +01:00
Phantasm
75353282ee
 		AP ObjectView: add test for Listen activities 2025-12-11 23:30:03 +01:00
Oneric
885ba3a46f
 		test: add more representation tests for perpare_outgoing 
Port of commit 272799da6242dbf7387d2d42dfc98512cd7efd7e from
Akkoma PR 1018.

Changes from Akkoma commit:
- changed order of arguments in CommonAPI.(un)block, because Akkoma
  hasn't backported our change for the unified arg order yet

In particular this covers the case
e88f36f72b5317debafcc4209b91eb35ad8f0691 was meant to fix and
 2025-12-11 23:30:03 +01:00
Oneric
59fcb5c96e
 		api: ensure only visible posts are interactable 
Port of Akkoma PR 1014 with a few changes:
- comments regarding akkomafe changed to Pleroma-FE when applicable
- different error message for replying to/interacting with invisible post
  in Pleroma.Web.CommonAPI.ActivityDraft.in_reply_to/1
- split "doesn't do funny things to other users favs" test into three:
  - can't unfavourite post that isn't favourited
  - can't unfavourite other user's favs
  - can't unfavourite other user's favs using their activity
- switched order of args for some CommonAPI function since Akkoma hasn't
  backported our old change for that

Pleroma.Web.CommonAPI.ActivityDraft.in_reply_to/1 now refactored to use
`with` statement as in Akkoma. Some defp in_reply_to/1 were therefore removed

Original PR author: Oneric
Original commit message:
It doesn't make sense to like, react, reply, etc to something you cannot
see and is unexpected for the author of the interacted with post and
might make them believe the reacting user actually _can_ see the post.

Wrt to fav, reblog, reaction indexes the missing visibility check was
also leaking some (presumably/hopefully) low-severity data.

Add full-API test for all modes of interactions with private posts.
 2025-12-11 23:30:02 +01:00
Phantasm
7d8a188967
 		Disable Hackney URL encoding function 
Hackney interferes with out URI encoding and implements older RFC 2396
instead of RFC 3986 which we and Elixir implement. As an example "'"
and "!" will get encoded by it and cause problems with our MediaProxy
making unexpected 302 redirects.

If an admin supplies a different function via *.secret.exs, we
don't override it.

https://github.com/benoitc/hackney/issues/399
 2025-12-10 14:56:07 +01:00
Phantasm
73b337245b
 		Make URI encoding query quirks host-aware 2025-12-10 14:56:06 +01:00
Phantasm
0935823be9
 		Add test for mangling incorrect URL in MediaProxy link generation 2025-12-10 14:56:06 +01:00
Phantasm
bfe8372ad2
 		Remove "preserve ASCII encoding" test in MediaProxy 
issue 580: Should not happen again, tested in HTTPTest
issue 1055: Fixed with quirk support in query encoding, tested
in HTTPTest
 2025-12-10 14:56:06 +01:00
Phantasm
c31454fac1
 		Fix unicode URL encoding test 2025-12-10 14:56:05 +01:00
Phantasm
f290b15987
 		Move custom URI encoding functions to Pleroma.Utils.URIEncoding 2025-12-10 14:56:05 +01:00
Phantasm
cfd2c08ef6
 		lint 2025-12-10 14:56:05 +01:00
Phantasm
a0f73d0e2f
 		Reimplement URI.encode_query/2 to support quirks, add Guardian quirk 
This solves the issue with Guardian rich media cards not loading, thanks
to them using "," and ":" in queries which get improperly encoded.
Guardian also needs specific ordering of the query keys, this also fixes
that.
 2025-12-10 14:56:05 +01:00
Phantasm
1b438fd167
 		MediaProxy: fix query params test 
Elixir and Erlang both add a traling = when encoding queries
 2025-12-10 14:56:04 +01:00
Phantasm
d413f9bf70
 		MediaProxy: fix Pleroma.HTTP.encode_url not being available in test env 2025-12-10 14:56:04 +01:00
Phantasm
99a1c0890a
 		URI.encode_query needs an enum, add test for this case 2025-12-10 14:56:04 +01:00
Phantasm
80db6f1328
 		Fix character escaping test for Pleroma.Upload 2025-12-10 14:56:04 +01:00
Phantasm
0a8423fdf7
 		Add ability to bypass url decode/parse in Pleroma.HTTP, fix encode in Pleroma.Upload 2025-12-10 14:56:03 +01:00
Phantasm
619f247e38
 		Add more URL-encoding tests 2025-12-10 14:56:03 +01:00
nicole mikołajczyk
d7b0115124 Merge branch 'mastodon-quotes-updates' into 'develop' 
Use Mastodon-compatible route for quotes list and param for quotes count

See merge request pleroma/pleroma!4367
 2025-12-02 14:34:16 +01:00
nicole mikołajczyk
ca03d94f52 Merge branch 'pin-chats' into 'develop' 
Chats: pin/unpin chats

See merge request pleroma/pleroma!3637
 2025-11-29 18:45:42 +01:00
nicole mikołajczyk
f443b6d1d7 Merge branch 'lookup-restrict-unauthenticated' into 'develop' 
Respect restrict_unauthenticated in /api/v1/accounts/lookup

See merge request pleroma/pleroma!4355
 2025-11-29 18:13:53 +01:00
nicole mikołajczyk
2330c50666 Merge branch 'inlinequotes-mastodon' into 'develop' 
MRF InlineQuotePolicy: Don't inline quoted post URL in Mastodon quotes

See merge request pleroma/pleroma!4371
 2025-11-29 18:12:33 +01:00
Phantasm
5cb141a54e MRF InlineQuotePolicy: Don't inline quoted post URL in Mastodon quotes 2025-11-29 18:12:32 +01:00
nicole mikołajczyk
26a058935a Merge branch 'filter-user-capabilities' into 'develop' 
Allow filtering users with `accepts_chat_messages` capability

See merge request pleroma/pleroma!4372
 2025-11-29 17:26:01 +01:00
Atsuko Karagi
ef41378fa2 Respect restrict_unauthenticated in /api/v1/accounts/lookup 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-11-29 17:18:38 +01:00
nicole mikołajczyk
f61fad0663 Pin/unpin chats 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-11-29 16:53:56 +01:00
nicole mikołajczyk
0dfcc24d30 Merge branch 'translation-provider-translatelocally' into 'develop' 
Support translateLocally translation provider

See merge request pleroma/pleroma!4377
 2025-11-29 16:50:42 +01:00
nicole mikołajczyk
ba8b5682cc Merge branch 'stream-marker-updates' into 'develop' 
Stream marker updates

See merge request pleroma/pleroma!4354
 2025-11-29 16:49:29 +01:00
nicole mikołajczyk
367d5c65f6 Merge branch 'outgoing_follow_requests' into 'develop' 
Add /api/v1/pleroma/outgoing_follow_requests

See merge request pleroma/pleroma!4310
 2025-11-28 16:36:40 +01:00
nicole mikołajczyk
13bc4ba639 Merge remote-tracking branch 'origin/develop' into translation-provider-translatelocally 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-11-28 15:07:43 +01:00
mkljczk
e458bd953a Add /api/v1/pleroma/outgoing_follow_requests 
Signed-off-by: mkljczk <git@mkljczk.pl>
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-11-28 14:59:55 +01:00
nicole mikołajczyk
5f4c948057 fix typo 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-11-28 14:53:22 +01:00
nicole mikołajczyk
0476cf4283 Merge branch 'rss-redirect' into 'develop' 
Redirect /users/:nickname.rss to /users/:nickname/feed.rss instead of .atom

See merge request pleroma/pleroma!4375
 2025-11-28 14:51:11 +01:00
nicole mikołajczyk
e81e0d64c1 Merge branch 'endorsements-api' into 'develop' 
Support new Mastodon API for endorsed accounts

See merge request pleroma/pleroma!4361
 2025-11-28 14:51:06 +01:00
nicole mikołajczyk
ec51aadc78 Merge branch 'instance-view-timeline-access' into 'develop' 
Add `timelines_access` to InstanceView

See merge request pleroma/pleroma!4393
 2025-11-28 14:50:46 +01:00
nicole mikołajczyk
b975dce9ba Add timelines_access to InstanceView 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-11-02 00:01:31 +01:00
nicole mikołajczyk
68b4de7558 Merge branch 'authorized-fetch-fix' into 'develop' 
Fix fetching public keys with authorized fetch enabled

See merge request pleroma/pleroma!4383
 2025-11-01 11:25:17 +01:00
nicole mikołajczyk
1610d39f36 Revert "User.get_or_fetch_public_key_for_ap_id/1 is no longer required." 
This reverts commit c0a50b7c3e.
 2025-10-21 21:41:33 +02:00
nicole mikołajczyk
ed1cfd6f5e Support translateLocally translation provider 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-10-15 11:00:37 +02:00
nicole mikołajczyk
50e3cc67fc Redirect /users/:nickname.rss to /users/:nickname/feed.rss instead of .atom 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-10-15 10:27:31 +02:00
Nicole Mikołajczyk
0b8b98f979 Add a failing test 
Signed-off-by: Nicole Mikołajczyk <git@mkljczk.pl>
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-10-10 05:36:46 +02:00
nicole mikołajczyk
2012e83e20 Allow filtering users with accepts_chat_messages capability 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-10-10 05:24:13 +02:00
nicole mikołajczyk
5ce3c12c28 Merge branch 'develop' into 'endorsements-api' 
# Conflicts:
#   test/pleroma/web/pleroma_api/controllers/account_controller_test.exs
 2025-10-08 05:04:55 +02:00
nicole mikołajczyk
c5b100a9f8 Merge branch 'develop' into 'mastodon-quotes-updates' 
# Conflicts:
#   docs/development/API/differences_in_mastoapi_responses.md
 2025-10-08 05:02:14 +02:00
nicole mikołajczyk
ef9bcb373a Use Mastodon-compatible route for quotes list and param for quotes count 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-09-27 11:44:45 +02:00