Ariadne Conill
739bbe0d3b
security: detect object containment violations at the IR level
...
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers. OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.
Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 17:47:08 +00:00
Alex S
f8786fa6f2
adding following_address field to user
2019-07-10 17:42:18 +03:00
Sergey Suprunenko
2d2b50ccca
Send and handle "Delete" activity for deleted users
2019-07-10 05:16:08 +00:00
Eugenij
f2c03425b0
Broadcast conversation update when DM is deleted
2019-06-24 07:14:04 +00:00
Maksim Pechnikov
1e7bb69a95
update ActivityPub#fetch_activities_query
2019-06-04 15:21:18 +03:00
Maksim Pechnikov
0acfcf6c52
update ActivityPub#fetch_activities_query
2019-06-04 15:04:36 +03:00
Maksim Pechnikov
4f2e359687
Merge branch 'develop' into issue/941
2019-06-04 09:49:08 +03:00
Maksim Pechnikov
080e1aa70e
add option skip_thread_containment
2019-06-03 16:13:37 +03:00
rinpatch
5bd41fef8b
Change query order in fetch_activities_for_context_query to make poll vote exclusion work
2019-06-03 10:58:37 +03:00
rinpatch
65db5e9f52
Resolve merge conflicts
2019-06-01 16:29:58 +03:00
rinpatch
300d94c628
Add poll votes
...
Also in this commit by accident:
- Fix query ordering causing exclude_poll_votes to not work
- Do not create notifications for Answer objects
2019-06-01 16:17:46 +03:00
lambda
2993361075
Merge branch 'hotfix/leaking-lists' into 'develop'
...
Mastodon API: Fix lists leaking private posts
See merge request pleroma/pleroma!1222
2019-05-31 13:26:48 +00:00
rinpatch
d9c0650ff9
Mastodon API: Fix lists leaking private posts
...
Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).
Reported by @kurisu@iscute.moe via a DM
2019-05-31 15:25:17 +03:00
Egor Kislitsyn
99f70c7e20
Use Pleroma.Config everywhere
2019-05-30 15:33:58 +07:00
rinpatch
8b2d39c1ec
Change the order of preloading when fetching activities for context
2019-05-23 14:03:16 +03:00
William Pitcock
60f882b09f
activitypub: run user objects through MRF filters
2019-05-22 18:53:12 +00:00
rinpatch
ac7702f800
Exclude Answers from fetching by default
2019-05-22 21:52:12 +03:00
rinpatch
19c90d47c4
Normalize poll votes to Answer objects
2019-05-22 21:17:57 +03:00
rinpatch
ee68244141
Do not stream out poll replies
2019-05-21 16:58:15 +03:00
rinpatch
d7c4d029c8
Restrict poll replies when fetching activiites for context
2019-05-21 14:35:20 +03:00
rinpatch
aafe30d94e
Handle poll votes
2019-05-21 14:12:10 +03:00
Aaron Tinio
eb02edcad9
Add virtual :thread_muted? field
...
that may be set when fetching activities
2019-05-21 00:35:46 +08:00
rinpatch
6430cb1bf7
Restrict poll replies from fetch queries by default
2019-05-19 17:44:18 +03:00
Sergey Suprunenko
e2b3a27204
Add Reports to Admin API
2019-05-16 19:09:18 +00:00
feld
e190b3022b
Merge branch 'fix/domain-unblocked-reblogs' into 'develop'
...
Fix domain-unblocked reblogs
Closes #892
See merge request pleroma/pleroma!1157
2019-05-16 18:57:14 +00:00
Mark Felder
ebb0482116
Merge branch 'develop' into conversations-import
2019-05-16 13:11:17 -05:00
Aaron Tinio
793f1834d2
Use named binding to conditionally join object
2019-05-16 06:25:14 +08:00
Aaron Tinio
2b6119dfbf
Restrict reblogs of activities from blocked domains
2019-05-16 05:53:51 +08:00
William Pitcock
a591ab6112
activity pub: remove Ecto SQL query dumps
2019-05-15 16:56:46 +00:00
William Pitcock
de114ffbb0
activitypub: remove contain_timeline()
2019-05-15 15:53:06 +00:00
William Pitcock
0387f52138
activitypub: add restrict_thread_visibility()
2019-05-15 15:53:06 +00:00
lain
f168a1cbdc
Merge remote-tracking branch 'origin/develop' into conversations-import
2019-05-15 17:47:29 +02:00
lambda
692919c7d2
Merge branch 'refactor/use-job-queue-everywhere' into 'develop'
...
use job queue everywhere
Closes #862
See merge request pleroma/pleroma!1142
2019-05-14 15:27:34 +00:00
Egor Kislitsyn
5e2b491276
Merge remote-tracking branch 'pleroma/develop' into feature/disable-account
2019-05-14 18:15:56 +07:00
William Pitcock
57d11ac9db
activitypub: move post rich media fetching to job queue
2019-05-13 19:36:00 +00:00
William Pitcock
ef1f9e8d4e
activitypub: split out outgoing federation into a federation module
2019-05-12 05:04:11 +00:00
lain
a33bec7d58
Conversations: Import order, import as read.
2019-05-09 16:39:28 +02:00
lain
e6d7f8d223
Credo fixes.
2019-05-08 18:19:20 +02:00
lain
920bd47055
ActivityPub: Remove leftover printf debugging.
2019-05-08 17:40:24 +02:00
lain
fcf2f38d20
Conversations: Add a function to 'import' old DMs.
2019-05-08 17:37:00 +02:00
William Pitcock
6020ff3fb6
activitypub: add optional order constraint to timeline query builder
2019-05-07 19:33:22 +00:00
rinpatch
4c5125dedc
Remove bookmarks
assoc and add a fake bookmark
assoc instead
2019-05-07 19:33:22 +00:00
rinpatch
f841eb7cdb
Preload bookmarks wherever the object is preloaded
2019-05-07 19:33:22 +00:00
Egor Kislitsyn
1557b99beb
Merge remote-tracking branch 'pleroma/develop' into feature/disable-account
2019-05-07 16:51:11 +07:00
lain
81d1aa424d
Streamer: Stream out Conversations/Participations.
2019-05-03 13:39:14 +02:00
lain
45f790becc
Merge remote-tracking branch 'origin/develop' into conversations_three
2019-05-01 18:40:41 +02:00
rinpatch
ce4825c1dc
Do not normalize objects in stream_out unless the activity type is
...
Create
Saves quite a bit of time with delete activities because they would
always query the db
2019-04-30 20:21:28 +03:00
Egor Kislitsyn
c157e27a00
Merge branch 'develop' into feature/disable-account
2019-04-25 13:41:10 +07:00
rinpatch
d21d921def
Replace Object.normalize(activity.data[object] with Object.normalize(acitivty) to benefit from preloading
2019-04-22 11:27:29 +03:00
Egor
b9cdf6d3b9
Use User.get_cached*
everywhere
2019-04-22 07:20:43 +00:00