Commit Graph

174 Commits (c3a38c7d8c123f5bf736e20e0417fb3d70022391)

Author SHA1 Message Date
Claire 7b92cf3b47
Fix unneeded requests to blocked domains when receiving relayed signed activities from them (#31161) 2024-10-01 12:52:13 +00:00
Matt Jankowski e975b55c24
Remove `WebfingerHelper` module & move usage inline (#31203) 2024-10-01 09:54:42 +00:00
Claire 8afa3bb2fa
Change Mastodon to issue correctly-signed queries by default (#31994) 2024-09-20 10:10:09 +00:00
Matt Jankowski 5405bdd344
Remove unused E2EE messaging code (#31193) 2024-09-18 09:27:43 +00:00
Eugen Rochko e0c27a5047
Add ability to manage which websites can credit you in link previews (#31819) 2024-09-10 12:00:40 +00:00
Adam Niedzielski cd0ca4b994
Select correct self link when parsing Webfinger response (#31110) 2024-07-23 14:42:31 +00:00
Matt Jankowski c61e356475
Add `Status::MEDIA_ATTACHMENTS_LIMIT` configuration constant (#30433) 2024-05-27 09:49:44 +00:00
Claire 9d8dfeb5fb
Fix processing of `Link` objects in `Image` objects (#29335) 2024-02-22 22:27:24 +01:00
Claire 1726085db5
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
2024-02-01 15:56:46 +01:00
Matt Jankowski ceade78182
Fix `Rails/WhereExists` cop in app/services (#28853) 2024-01-23 11:41:34 +00:00
Claire cf2a2ed71c
Fix processing of compacted single-item JSON-LD collections (#28816) 2024-01-19 12:43:10 +00:00
Jonathan de Jong de09176ab9
Retry 401 errors on replies fetching (#28788)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-19 09:18:21 +00:00
Jonathan de Jong d0a5ebf914
Fix error when encountering malformed Tag objects from Kbin (#28235) 2023-12-05 13:59:15 +00:00
Claire bac9e0b55d
Add variable delay before link verification of remote account links (#27774) 2023-11-13 16:17:05 +00:00
Eugen Rochko 0d14fcebae
Change link previews to keep original URL from the status (#27312) 2023-11-13 09:58:28 +00:00
Matt Jankowski 0c4e7c06dc
Fix `Rails/FindEach` cop (#26886) 2023-11-06 15:53:29 +00:00
Jeong Arm 8f998cd96a
Handle featured collections without items (#27581) 2023-10-27 02:36:22 +00:00
Matt Jankowski bcd0171e5e
Fix `Lint/UselessAssignment` cop (#27472) 2023-10-19 16:55:06 +02:00
Claire 6273416292
Fix post edits not being forwarded as expected (#26936) 2023-09-15 19:54:32 +02:00
Robert R George cf6f70799b
Add support for federating `memorial` attribute (#26583) 2023-08-23 08:27:24 +02:00
Claire 90ec88d58b
Add support for `indexable` attribute on remote actors (#26485)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-08-14 18:54:51 +02:00
Claire 1e3b19230a
Add stricter protocol fields validation for accounts (#25937) 2023-07-20 18:23:48 +02:00
Jeong Arm 664b0ca8cb
Check if json body is null on Activitipub::ProcessingWorker (#26021) 2023-07-17 15:51:30 +02:00
Claire 999c343946
Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) 2023-07-10 18:42:19 +02:00
Matt Jankowski 668a19a2f3
Fix Performance/DeletePrefix cop (#24796) 2023-05-02 21:07:45 +02:00
Matt Jankowski f1c1dd0118
Rename `with_lock` to `with_redis_lock` to avoid confusion with ActiveRecord's method (#24741) 2023-05-02 18:16:07 +02:00
Claire a89b02af92
Check domain suspensions before trying to fetch resources (#24535) 2023-05-02 15:22:19 +02:00
Matt Jankowski 0a5f0a8b20
Remove instance variables from helper usage (#24203) 2023-04-23 22:35:54 +02:00
Nick Schonning 4ff44be134
Autofix Rubocop Rails/Blank (#23765) 2023-02-22 09:57:56 +09:00
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules (#23679) 2023-02-20 06:58:28 +01:00
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin (#23703) 2023-02-19 07:09:40 +09:00
Nick Schonning e2a3ebb271
Autofix Rubocop Style/IfUnlessModifier (#23697) 2023-02-18 12:37:47 +01:00
Nick Schonning 669f6d2c0a
Run rubocop formatting except line length (#23632) 2023-02-18 06:56:20 +09:00
Claire 0c9eac80d8
Fix unbounded recursion in post discovery (#23506)
* Add a limit to how many posts can get fetched as a result of a single request

* Add tests

* Always pass `request_id` when processing `Announce` activities

---------

Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:37 +01:00
Nick Schonning ed570050c6
Autofix Rails/EagerEvaluationLogMessage (#23429)
* Autofix Rails/EagerEvaluationLogMessage

* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Claire bb89f0af8a
Fix ActivityPub::ProcessingWorker error on incoming malformed JSON-LD (#23416) 2023-02-06 21:00:58 +01:00
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification (#21617)
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2023-01-18 16:47:56 +01:00
Claire 2644a28cb3
Change remote media files to be downloaded outside of transactions (#21796) 2022-12-15 18:09:48 +01:00
Claire c8849d6cee
Fix unbounded recursion in account discovery (#22025)
* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
2022-12-07 00:15:24 +01:00
Claire 625216d8e1
Fix attachments of edited statuses not being fetched (#21565)
* Fix attachments of edited statuses not being fetched

* Fix tests
2022-11-27 20:39:05 +01:00
Claire a5394980f2
Fix NameError in Webfinger redirect handling in ActivityPub::FetchRemoteActorService (#20260) 2022-11-09 20:10:38 +01:00
Eugen Rochko e98833748e
Fix being able to spoof link verification (#20217)
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
2022-11-09 08:24:21 +01:00
Claire bbf74498f5
Fix validation error in SynchronizeFeaturedTagsCollectionWorker (#20018)
* Fix followers count not being updated when migrating follows

Fixes #19900

* Fix validation error in SynchronizeFeaturedTagsCollectionWorker

Also saves remote user's chosen case for hashtags

* Limit remote featured tags before validation
2022-11-07 22:35:53 +01:00
Yamagishi Kazutoshi 94feb2b93f
Fix `FetchFeaturedCollectionService` spec (#19401)
Regression from #19380
2022-10-21 11:48:22 +02:00
Takeshi Umeda b0e3f0312c
Add synchronization of remote featured tags (#19380)
* Add LIMIT of featured tag to instance API response

* Add featured_tags_collection_url to Account

* Add synchronization of remote featured tags

* Deliver update activity when updating featured tag

* Remove featured_tags_collection_url

* Revert "Add featured_tags_collection_url to Account"

This reverts commit cff349fc27.

* Add hashtag sync from featured collections

* Fix tag name normalize

* Add target option to fetch featured collection

* Refactor fetch_featured_tags_collection_service

* Add LIMIT of featured tag to v1/instance API response
2022-10-20 09:15:52 +02:00
Claire 85890bc80f
Fix crash in FetchRemoteKeyService (#19225)
Fix regression from #19212
2022-09-24 07:41:01 +02:00
Claire 8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors (#19212)
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account

* Refactor SignatureVerification to allow non-Account actors

* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors

* Refactor inbound ActivityPub payload processing to accept non-Account actors

* Refactor inbound ActivityPub processing to accept activities relayed through non-Account

* Refactor how Account key URIs are built

* Refactor Request and drop unused key_id_format parameter

* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2022-09-21 22:45:57 +02:00
Claire 1145dbd327
Improve error reporting and logging when processing remote accounts (#15605)
* Add a more descriptive PrivateNetworkAddressError exception class

* Remove unnecessary exception class to rescue clause

* Remove unnecessary include to JsonLdHelper

* Give more neutral error message when too many webfinger redirects

* Remove unnecessary guard condition

* Rework how “ActivityPub::FetchRemoteAccountService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).

* Rework how “ActivityPub::FetchRemoteKeyService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).

* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error

* Add suppress_errors option to ResolveAccountService

Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.

* Return more precise error when failing to fetch account signing AP payloads

* Add tests

* Fixes

* Refactor error handling a bit

* Fix various issues

* Add specific error when provided Digest is not 256 bits of base64-encoded data

* Please CodeClimate

* Improve webfinger error reporting
2022-09-20 23:30:26 +02:00
Jeong Arm 6aa83b13ba
Properly delete remote account's avatar/header when fetch/update (#18973) 2022-08-15 20:32:21 +02:00
Claire e0bdaeab65
Fix NoMethodError when resolving a link that redirects to a local post (#18314)
* Fix NoMethodError when resolving a link that redirects to a local post

* Fix tests
2022-05-17 14:52:26 +02:00