Age | Commit message (Collapse) | Author |
|
Follow-up to #14359
In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
|
|
* Add support for inlined objects in activity audience
* Add tests
|
|
(#14479)
* Add tests
* Fix handling of Reject Follow when a matching follow relationship exists
Regression from #12199
|
|
* Fix not handling Undo on some activity types when they aren't inlined
When receiving an Undo for a non-inlined activity, try looking it up in
database using the URI. The queries are ad-hoc because we don't have a global
index of object URIs, and not all activity types are stored in database with
an index on their URI.
Announces are just statuses, and have an index on URIs, so this check can
be done efficiently.
Accepts cannot be handled at all because we don't record their URI at any
point.
Follows don't have an index on URI, but they have an index on the issuing
account, which should make such queries largely manageable.
Likes don't have an index on URI, they have an index on the issuing account,
but the number of favs per account may be very high, so I decided not to
handle that.
Blocks don't have an index on URI, but they have an index on the issuing
account, which should make such queries largely manageable.
In all cases, if an Undo could not be handled properly, we call `delete_later!`
because that does not require us to know more than the URI of the undone
property.
* Add tests
* Make newer blocks overwrite older ones
Allows re-synchronizing block info by re-blocking and un-blocking again
when the original Undo Block has been lost.
|
|
* Dereference object URIs in Create and Update messages
Fixes #14353
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
* Refactor, and perform origin check *before* attempting to fetch object
Co-authored-by: Fire Demon <firedemon@creature.cafe>
|
|
|
|
* Fix the local group's followers collection
* Fix to accept followed relayed_through_account
* Add local delivery to the group's followers
* Fix code style
* Revert "Add local delivery to the group's followers"
This reverts commit 3237effc199772e4c4d30f19082cbc5633f56196.
|
|
* Fix rubocop warning
* use limit variable
* use ContextCreatingMethods option
|
|
|
|
- Change audio files to not be stripped of metadata
- Automatically extract cover art from audio if it exists
- Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
- Add `icon` to represent it in attachments in ActivityPub
- Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
- Fix duration of audio not being displayed on public pages until the file is loaded
|
|
|
|
|
|
Change `tootctl media lookup` to not use an interactive prompt
|
|
This change is to suppress the warning below on on ruby-2.7.0:
- warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call
https://www.ruby-lang.org/en/news/2019/12/12/separation-of-positional-and-keyword-arguments-in-ruby-3-0/
|
|
* Remove “protocol” argument and return value, as only ActivityPub is supported
* Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService
* Fix tests
|
|
invalid tags (#12436)
* Revert "Fix ignoring whole status because of one invalid hashtag (#11621)"
This reverts commit dff46b260b2f7d765d254c84a4b89105c7de5e97.
* Fix statuses being rejected because of invalid hashtag names
* Add spec for invalid hashtag names in statuses
* Add test for featured tags controller
|
|
This adds support for Event AP type in Mastodon. Events are converted
into toots by taking their title (AS name) and their URL (AP ID). Event
picture is also brought in if available.
Testable by fetching event content from https://test.mobilizon.org
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
|
* Show badge on group actor in WebUI
* Do not notify in case of by following group actor
* If you mention group actor, also mention group actor followers
* Relax characters that can be used in username (same as Application)
* Revert "Relax characters that can be used in username (same as Application)"
This reverts commit 7e10a137b878d0db1b5252c52106faef5e09ca4b.
* Delete display_name method
|
|
|
|
Fixes #11137
|
|
For some reason, I have seen this only triggered here:
https://circleci.com/gh/tootsuite/mastodon/98324?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-checks-link
But Follow.find_by referenced the ActivityPub::Activity::Follow class
instead of the model class.
|
|
Some ActivityPub servers refuse to embed remote objects into their own
output. This is because they are not the authoritative source for these
objects, and as such embedding them is always a waste of space. The
follow request and follow models contain a URI, so this can be used to
match them.
|
|
* Add voters count to polls
* Add ActivityPub serialization and parsing of voters count
* Add support for voters count in WebUI
* Move incrementation of voters count out of redis lock
* Reword “voters” to “people”
|
|
|
|
* Change silenced accounts to require approval on follow
* Also require approval for follows by people explicitly muted by target accounts
* Do not auto-accept silenced or muted accounts when switching from locked to unlocked
* Add `follow_requests_count` to verify_credentials
* Show “Follow requests” menu item if needed even if account is locked
* Add tests
* Correctly reflect that follow requests weren't auto-accepted when local account is silenced
* Accept follow requests from user-muted accounts to avoid leaking mutes
|
|
Instead of detecting spam on first duplicate message, add a
threshold of 5 such messages to reduce false positives
|
|
Don't put Move handler on cooldown if it didn't run. Skip unmerging
from timelines to save unnecessary work.
|
|
Change all account actions except "none" to resolve all unresolved reports
Refactor `SuspendAccountService` to be more readable
|
|
|
|
* Fix contexts not being dynamically included
Fixes #11649
* Refactor Note context in serializer
* Refactor Actor serializer
|
|
* Add profile directory to web UI
* Add a line of bio to the directory
|
|
The reason for unattaching media instead of removing it is to support
delete & redraft functionality, but remote or staff-removed statuses
will never be redrafted, so the media should be deleted immediately
|
|
This reverts commit 75f7f9930eb2a6f5c4041ec44fe0aa795c9ec449.
|
|
It is not part of ActivityPub and will free up a lot of space
|
|
|
|
* Add support for an instance actor
* Skip username validation for local Application accounts
* Add migration script to create instance actor
* Make Codeclimate happy
* Switch to id -99 for instance actor
* Remove unused `icon` and `image` attributes from instance actor
* Use if/elsif/else instead of return + ternary operator
* Add instance actor to fresh installs
* Use instance actor as instance representative
Use instance actor for forwarding reports, relay operations, and spam
auto-reporting.
* Seed database in test environment
* Fix single-user mode
* Fix tests
* Fix specs to accomodate for an extra `Account`
* Auto-reject follows on instance actor
Following an instance actor might make sense, but we are not handling that
right now, so auto-reject.
* Fix webfinger lookup and serialization for instance actor
* Rename instance actor
* Make it clear in the HTML view that the instance actor should not be blocked
* Raise cache time for instance actor as there's no dynamic content
* Re-use /about/more with a flash message for instance actor profile
|
|
* Add a spam check
* Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance
* Add more tests
* Add exemption when the message is a reply to something that mentions the sender
* Use Nilsimsa Compare Value instead of Levenshtein distance
* Use MD5 for messages shorter than 10 characters
* Add message to automated report, do not add non-public statuses to
automated report, add trust level to accounts and make unsilencing
raise the trust level to prevent repeated spam checks on that account
* Expire spam check data after 3 months
* Add support for local statuses, reduce expiration to 1 week, always create a report
* Add content warnings to the spam check and exempt empty statuses
* Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check
* Add all matched statuses into automatic report
|
|
* Add HTTP signature requirement for served ActivityPub resources
* Change `SECURE_MODE` to `AUTHORIZED_FETCH`
* Add 'Signature' to 'Vary' header and improve code style
* Improve code style by adding `public_fetch_mode?` method
|
|
|
|
Fixes #11127
|
|
|
|
* Change domain blocks to automatically support subdomains
If a more authoritative domain is blocked (example.com), then the
same block will be applied to a subdomain (foo.example.com)
* Match subdomains of existing accounts when blocking/unblocking domains
* Improve code style
|
|
Fix #11001
|
|
* Do not misattribute inlined boosts if `attributedTo` isn't present
Fixes #10950
* Fix tests
|
|
concern (#10966)
|
|
Pleroma currently allows (erroneously imho) empty poll options, that is,
options with an empty (but existing) `name`.
|
|
|
|
(#10575)
* Prevent silenced local users from notifying remote users not following them
This is an attempt to extend the local restrictions of silenced users to the
federation.
* Add tests
* Add tests for making sure private status don't get sent over OStatus
|
|
* Add blurhash
* Use fallback color for spoiler when blurhash missing
* Federate the blurhash and accept it as long as it's at most 5x5
* Display unknown media attachments as blurhash placeholders
* Improve style of embed actions and spoiler button
* Change blurhash resolution from 3x3 to 4x4
* Improve dependency definitions
* Fix code style issues
|
|
* Add ActivityPub representation for identity proofs
* Add tests
|