about summary refs log tree commit diff
path: root/app/controllers/concerns
AgeCommit message (Collapse)Author
2020-02-20Change signature verification to ignore signatures with invalid host (#13033)Eugen Rochko
Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011
2020-02-16handle possibility of account being `nil`multiple creatures
2020-02-14make `reject_unknown` policy bidirectional when server has secure mode enabledmultiple creatures
2020-01-20Original upstream mergeThibG
2020-01-17Comment out reference to var that hasn't been ported yetHolly "Frinkeldoodle" Lotor
2020-01-17Port render_with_cache, CacheConcern from upstreamHolly "Frinkeldoodle" Lotor
2019-11-19Cleanup various controllers (#10972)ThibG
* Remove skip_session! as it is not supported in Rails 5 * Minor cleanup in StreamEntriesController * Remove redundant mark_cacheable! calls
2019-11-19Move signature verification stoplight to the requests themselves (#10813)ThibG
* Move signature verification stoplight to the requests themselves This avoids blocking messages from known keys for 5 minutes when only one fails… * Put the stoplight on the actual client IP, not a potential reverse proxy
2019-07-25add all `ActionLog`-able admin & moderator actions to loggermultiple creatures
2019-05-21Drop OStatus support. Fix some of the Rspec tests.multiple creatures
2019-05-21hidden accounts + stats hidingmultiple creatures
2019-03-21Mark the 410 gone response for suspended accounts as cachable (#10339)ThibG
This will help a great deal with #9377 when a caching reverse proxy is configured.
2019-03-14Admission-based registrations mode (#10250)Eugen Rochko
Fix #6856 Fix #6951
2019-01-07Improvements to signature verification (#9667)ThibG
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval
2018-12-26Fix signature verification stoplight triggering on non-timeout errors (#9617)Eugen Rochko
2018-12-10Remove RemoteAccountControllerConcern never used (#9482)ysksn
2018-11-08Reduce connect timeout limit and limit signature failures by source IP (#9236)Eugen Rochko
* Reduce connect timeout from 10s to 1s * Limit failing signature verifications per source IP
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-08Remove dead code (#8919)Eugen Rochko
SignatureVerification#matches_time_window? is not called anywhere.
2018-07-28Redesign public profiles and toots (#8068)Eugen Rochko
2018-06-30Typo in signature verification failure logging (#7916)Marty McGuire
`@signature_verification_failure_reason` is used in most places but`@signed_verification_failure_reason` appears in two places. Likely those errors are not returned.
2018-05-17HTTP signatures spec no longer requires algorithms field (#7525)Eugen Rochko
Fix #7520
2018-05-11Update session activation time (fixes #5605) (#7408)ThibG
2018-04-20Fix spec for sr-Latn (#7203)Yamagishi Kazutoshi
2018-04-08Fix follow/unfollow buttons on public profile (fixes #7036) (#7040)ThibG
* Fix follow/unfollow buttons on public profile - Present non-logged users with web+mastodon:// URLs for remote accounts - Present logged-in users with appropriate links (authorize_follows and remote_unfollows) for remote accounts * Do not cache rendered cards if user is logged in
2018-03-18If DEFAULT_LOCALE is set, enforce it instead of HTTP request locale (#6817)Eugen Rochko
Fix #6784
2018-03-04Set the default locale in config (#6580)Akihiko Odaki
Previously the default locale was set by Localized concern for controllers, but it was not enforced for mailers. config is enforced throughout the application and an appropriate place to set the default locale.
2018-02-02Allow retrieval of private statuses (single or in outbox) using HTTP ↵puckipedia
signatures (#6225)
2018-01-23Fix #6331 (#6341)Eugen Rochko
UserTrackingConcern is circumvented by SessionsController#create because it calls warden, which calls the User#update_tracked_fields! method directly. Move returning user logic to that method.
2018-01-22Rename ResolveRemoteAccountService to ResolveAccountService (#6327)Akihiko Odaki
The service used to be named ResolveRemoteAccountService resolves local accounts as well.
2018-01-18Fix regeneration marker not expiring (#6290)Eugen Rochko
* Fix regeneration key not getting expired * Add rake task to remove old regeneration markers
2017-12-29Add more instance stats APIs (#6125)Eugen Rochko
* Add GET /api/v1/instance/peers API to reveal known domains * Add GET /api/v1/instance/activity API * Make new APIs disableable, exclude private statuses from activity stats * Fix code style issue * Fix week timestamps
2017-12-11Apply a 25x rate limit by IP even to authenticated requests (#5948)Eugen Rochko
2017-12-09Rate limit by user instead of IP when API user is authenticated (#5923)Eugen Rochko
* Fix #668 - Rate limit by user instead of IP when API user is authenticated * Fix code style issue * Use request decorator provided by Doorkeeper
2017-11-24Add logging of admin actions (#5757)Eugen Rochko
* Add logging of admin actions * Update brakeman whitelist * Log creates, updates and destroys with history of changes * i18n: Update Polish translation (#5782) Signed-off-by: Marcin Mikołajczak <me@m4sk.in> * Split admin navigation into moderation and administration * Redesign audit log page * 🇵🇱 (#5795) * Add color coding to audit log * Change dismiss->resolve, log all outcomes of report as resolve * Update terminology (e-mail blacklist) (#5796) * Update terminology (e-mail blacklist) imho looks better * Update en.yml * Fix code style issues * i18n-tasks normalize
2017-11-11Add moderator role and add pundit policies for admin actions (#5635)Eugen Rochko
* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
2017-10-13Fix UserTrackingConcern firing on every request, optimize some queries (#5368)Eugen Rochko
- For some reason, :if option on before_action did not work. It got executed every time, returned false, and the action run anyway, which led to the current_sign_in_at and sign_in_count being updated on every request - Return "do not filter" early in FeedManager#filter_from_home? if the status is authored by receiver. Usually this method is not called for own statuses at all, but it is called when Feed#get uses the database - Return early if #reload_stale_associations! has nothing to load to save a database query with WHERE 1=0
2017-10-04Validate id of ActivityPub representations (#5114)Akihiko Odaki
Additionally, ActivityPub::FetchRemoteStatusService no longer parses activities. OStatus::Activity::Creation no longer delegates to ActivityPub because the provided ActivityPub representations are not signed while OStatus representations are.
2017-10-03Fix HTTP responses for salmon and ActivityPub inbox processing (#5200)ThibG
* Return sensible HTTP status for ActivityPub inbox processing * Return sensible HTTP status for salmon slap processing * Return additional information to debug signature verification failures
2017-09-28If HTTP signature is wrong and webfinger cache is stale, retry with resolve ↵Eugen Rochko
(#5129) If the signature could not be verified and the webfinger of the account was last retrieved longer than the cache period, try re-resolving the account and then attempting to verify the signature again
2017-08-21Support more variations of ActivityPub keyId in signature (#4630)Eugen Rochko
- Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
2017-08-13Add alternate links to ActivityPub resources from HTML/HEAD variants (#4586)Eugen Rochko
2017-08-09Add Digest header to requests with body, handle acct and URI keyId (#4565)Eugen Rochko
2017-07-14HTTP signatures (#4146)Eugen Rochko
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
2017-06-14Fix #2619 - When redis feed is empty, fall back to database (#3721)Eugen Rochko
* Fix #2619 - When redis feed is empty, fall back to database * Use redis value to return feed from database only while RegenerationWorker hasn't finished running * Fix specs * Replace usage of reject!
2017-06-10Improve default language decision and spec (#3351)Akihiko Odaki (@fn_aki@pawoo.net)
* Improve default language decision This change allows to takes account of accepted language determined by the user agent even if the custom default locale of the instance is configured. * Cover Localized more * Fix code style
2017-06-07Coverage improvement and concern extraction for rate limit headers in API ↵Matt Jankowski
controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup
2017-05-30Remove exports/base controller in favor of shared concern (#3444)Matt Jankowski
2017-05-29Extract authorization policy for viewing statuses (#3150)Jack Jennings
2017-05-29Remove methods from ObfuscateFilename and spec (#3347)Akihiko Odaki
* Remove methods from ObfuscateFilename * Spec ObfuscateFilename