about summary refs log tree commit diff
path: root/app/services
AgeCommit message (Collapse)Author
2017-09-12[WiP] Whenever a remote keypair changes, unfollow them and re-subscribe to ↵ThibG
… (#4907) * Whenever a remote keypair changes, unfollow them and re-subscribe to them In Mastodon (it could be different for other OStatus or AP-enabled software), a keypair change is indicative of whole user (or instance) data loss. In this situation, the “new” user might be different, and almost certainly has an empty followers list. In this case, Mastodon instances will disagree on follower lists, leading to unreliable delivery and “shadow followers”, that is users believed by a remote instance to be followers, without the affected user knowing. Drawbacks of this change are: 1. If an user legitimately changes public key for some reason without losing data (not possible in Mastodon at the moment), they will have their remote followers unsubscribed/re-subscribed needlessly. 2. Depending of the number of remote followers, this may generate quite some traffic. 3. If the user change is an attempt at usurpation, the remote followers will unknowingly follow the usurper. Note that this is *not* a change of behavior, Mastodon already behaves like that, although delivery might be unreliable, and the usurper would not have known the former user's followers. * Rename ResubscribeWorker to RefollowWorker * Process followers in batches
2017-09-10Merge tag 'v1.6.0' into sync/upstreamDavid Yip
2017-09-10Default follows for new users (#4871)Eugen Rochko
When a new user confirms their e-mail, bootstrap their home timeline by automatically following a set of accounts. By default, all local admin accounts (that are unlocked). Can be customized by new admin setting (comma-separated usernames, local and unlocked only)
2017-09-09Merge tag 'v1.6.0rc4' into sync/upstream-1.6.0rc4David Yip
Conflicts: app/javascript/mastodon/features/getting_started/index.js app/javascript/packs/public.js app/javascript/styles/components.scss
2017-09-09Merge tag 'v1.6.0rc3' into sync/upstreamDavid Yip
2017-09-09Merge branch 'origin/master' into sync/upstreamDavid Yip
Conflicts: app/javascript/mastodon/components/status_list.js app/javascript/mastodon/features/notifications/index.js app/javascript/mastodon/features/ui/components/modal_root.js app/javascript/mastodon/features/ui/components/onboarding_modal.js app/javascript/mastodon/features/ui/index.js app/javascript/styles/about.scss app/javascript/styles/accounts.scss app/javascript/styles/components.scss app/presenters/instance_presenter.rb app/services/post_status_service.rb app/services/reblog_service.rb app/views/about/more.html.haml app/views/about/show.html.haml app/views/accounts/_header.html.haml config/webpack/loaders/babel.js spec/controllers/api/v1/accounts/credentials_controller_spec.rb
2017-09-09Fix errors preventing UnsubscribeService from working (#4866)Eugen Rochko
2017-09-09Add missing reject_media check before avatar download via ActivityPub (#4862)Eugen Rochko
2017-09-09Fix #4852 - Check if already requested from FollowService (#4855)Eugen Rochko
2017-09-09Fix #4850 - When visibility missing from API call to toot, fallback to user ↵Eugen Rochko
preference (#4861)
2017-09-08Fetch statuses/following/followers numbers from ActivityPub collections (#4840)Eugen Rochko
2017-09-05Fix mentions in direct statuses not being delivered via AP (#4806)Eugen Rochko
2017-09-04Fix some ActivityPub JSON bugs (#4796)Eugen Rochko
- Fix assumption that `url` is always a string. Handle it if it's an array of strings, array of objects, object, or string, both for accounts and for objects - `sharedInbox` is actually supposed to be under `endpoints`, handle both cases and adjust the serializer
2017-09-02Rename "locked" to "manuallyApprovesFollowers" in ActivityPub (#4779)Eugen Rochko
See: <https://www.w3.org/wiki/Activity_Streams_extensions#as:manuallyApprovesFollowers>
2017-09-02Make "unfollow" undo pending outgoing follow request too (#4781)Eugen Rochko
* Make "unfollow" undo pending outgoing follow request too * Add cancel button to web UI when awaiting follow request approval * Make the hourglass button do the cancelling
2017-09-02Define missing JSON-LD properties (#4767)Eugen Rochko
Using _: property names is discouraged, as in the future, canonicalization may throw an error when encountering that instead of discarding it silently like it does now. We are defining some ActivityStreams properties which we expect to land in ActivityStreams eventually, to ensure that future versions of Mastodon will remain compatible with this even once that happens. Those would be `locked`, `sensitive` and `Hashtag` We are defining a custom context inline for some properties which we do not expect to land in any other context. `atomUri`, `inReplyToAtomUri` and `conversation` are part of the custom defined OStatus context.
2017-09-01Avoid sending some ActivityPub payloads if the receiver will get them ↵Eugen Rochko
through distribution (#4739)
2017-09-01Make PreviewCard records reuseable between statuses (#4642)Eugen Rochko
* Make PreviewCard records reuseable between statuses **Warning!** Migration truncates preview_cards tablec * Allow a wider thumbnail for link preview, display it in horizontal layout (#4648) * Delete preview cards files before truncating * Rename old table instead of truncating it * Add mastodon:maintenance:remove_deprecated_preview_cards * Ignore deprecated_preview_cards in schema definition * Fix null behaviour
2017-08-31Don't process ActivityPub payload if signature is invalid (#4752)unarist
* Don't process ActivityPub payload if signature is invalid * Fix style issue
2017-08-31Guarantee Subscription service first account has proper URL details (#4732)James
* Guarantee Subscription service first account has proper URL details Subscription Service potentially could break if the first user suspended themselves, creating a situation where the urls that populate throughout subscription service's PuSH request would cause the remote API to throw 503 errors. Guaranteeing that the first account picked is not suspended prevents this problem. * Fix style issue
2017-08-30Forward ActivityPub creates that reply to local statuses (#4709)Eugen Rochko
* Forward ActivityPub creates that reply to local statuses * Fix test * Fix wrong signers
2017-08-29Serialize ActivityPub alternate link into OStatus deletes, handle it (#4730)Eugen Rochko
Requires moving Atom rendering from DistributionWorker (where `stream_entry.status` is already nil) to inline (where `stream_entry.status.destroyed?` is true) and distributing that. Unfortunately, such XML renderings can no longer be easily chained together into one payload of n items.
2017-08-28Fix deletion of status which has been reblogged (#4728)unarist
2017-08-26Add ActivityPub serializer for Undo of Announce (#4703)Eugen Rochko
2017-08-26Add handling of Linked Data Signatures in payloads (#4687)Eugen Rochko
* Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
2017-08-26authorize-follow-requests-after-unlocking (#4658)masarakki
2017-08-24Add configuration to disable private status federation over PuSH (#4582)Eugen Rochko
2017-08-24Fetch reblogs as Announce activity instead of Note object (#4672)unarist
* Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show
2017-08-23Fix accessing to XML attribute in FetchAtomService (#4668)unarist
2017-08-22Ignore empty response in ActivityPub::FetchRemoteStatusService (#4661)unarist
* Ignore empty response in ActivityPub::FetchRemoteStatusService This fixes `NoMethodError: undefined method `[]' for nil:NilClass` error. * Check json.nil? in JsonLdHelper#supported_context?
2017-08-22Fix bugs which OStatus accounts may detected as ActivityPub ready (#4662)unarist
* Fallback to OStatus in FetchAtomService * Skip activity+json link if that activity is Person without inbox * If unsupported activity was detected and all other URLs failed, retry with ActivityPub-less Accept header * Allow mention to OStatus account in ActivityPub * Don't update profile with inbox-less Person object
2017-08-21Support more variations of ActivityPub keyId in signature (#4630)Eugen Rochko
- Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
2017-08-21Do not try to re-subscribe to unsubscribed accounts (#4653)Eugen Rochko
2017-08-21ActivityPub migration procedure (#4617)Eugen Rochko
* ActivityPub migration procedure Once one account is detected as going from OStatus to ActivityPub, invalidate WebFinger cache for other accounts from the same domain * Unsubscribe from PuSH updates once we receive an ActivityPub payload * Re-subscribe to PuSH unless already unsubscribed, regardless of protocol
2017-08-20Handle duplicate ActivityPub activities (#4639)Eugen Rochko
* Handle duplicate ActivityPub activities Only perform side-effects when record processed for the first time * Fast-forward repeat follow requests
2017-08-14Add support for searching AP users (#4599)Yamagishi Kazutoshi
* Add support for searching AP users * use JsonLdHelper
2017-08-14Require "inbox" to be set on actor to be ActivityPub-ready (#4595)Eugen Rochko
2017-08-14Fix search (regression from #4589) (#4594)Yamagishi Kazutoshi
2017-08-14Hook up URL-based resource look-up to ActivityPub (#4589)Eugen Rochko
2017-08-13ActivityPub delivery (#4566)Eugen Rochko
* Deliver ActivityPub Like * Deliver ActivityPub Undo-Like * Deliver ActivityPub Create/Announce activities * Deliver ActivityPub creates from mentions * Deliver ActivityPub Block/Undo-Block * Deliver ActivityPub Accept/Reject-Follow * Deliver ActivityPub Undo-Follow * Deliver ActivityPub Follow * Deliver ActivityPub Delete activities Incidentally fix #889 * Adjust BatchedRemoveStatusService for ActivityPub * Add tests for ActivityPub workers * Add tests for FollowService * Add tests for FavouriteService, UnfollowService and PostStatusService * Add tests for ReblogService, BlockService, UnblockService, ProcessMentionsService * Add tests for AuthorizeFollowService, RejectFollowService, RemoveStatusService * Add tests for BatchedRemoveStatusService * Deliver updates to a local account to ActivityPub followers * Minor adjustments
2017-08-12Add serializing/unserializing of "locked" actor attribute (#4585)Eugen Rochko
2017-08-08Add ActivityPub inbox (#4216)Eugen Rochko
* Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-01Merge upstream (#111)kibigo!
2017-07-31Change RuboCop rules to loose (#4464)Yamagishi Kazutoshi
2017-07-27Fix an error when a user tries to search nonexistent remote user (regression ↵nullkal
from #4275) (#4400)
2017-07-25Merge git://github.com/tootsuite/mastodon into tootsuite-masterOndřej Hruška
2017-07-24Allow domain blocks that only reject media without silencing or suspending ↵sdukhovni
(#4325) * Allow domain blocks to reject media without silencing or suspending * Fix typo * Hide 'Reject media' button when superfluous, instead of disabling it * Properly hide 'reject media' checkbox on page load if needed This may happen when resubmitting the domain block form after an error. * Don't ask whether undoing a media-only block should be retroactive * Rename :media_only block to :noop * Display :noop block as None in frontend, allow blocks that do nothing * Remove 'coding' line auto-added by emacs
2017-07-22Merge pull request #92 from tootsuite/masterOndřej Hruška
tiny upstream merge
2017-07-22Fix #4172 - Mutes now block notifications (#4300)Eugen Rochko
2017-07-20Merge pull request #87 from tootsuite/masterbeatrix
merge upstream