about summary refs log tree commit diff
path: root/spec/services/activitypub
AgeCommit message (Collapse)Author
2023-02-22Enable Style/FrozenStringLiteralComment for specs (#23790)Nick Schonning
2023-02-20Autofix Rubocop RSpec/BeEq (#23740)Nick Schonning
2023-02-20Audofix Rubocop Style/WordArray (#23739)Nick Schonning
2023-02-20Autofix Rubocop RSpec/LeadingSubject (#23670)Nick Schonning
2023-02-20Autofix Rubocops RSpec/ScatteredLet (#23725)Nick Schonning
2023-02-20Enable Rubocop RSpec/NotToNot (#23723)Nick Schonning
2023-02-19Autofix Rubocop Style/StringLiterals (#23695)Nick Schonning
2023-02-19Autofix Rubocop Style/TrailingCommaInArrayLiteral (#23692)Nick Schonning
2023-02-18Autofix Rubocop Style/TrailingCommaInHashLiteral (#23693)Nick Schonning
2023-02-18Autofix Rubocop Lint/SymbolConversion (#23683)Nick Schonning
2023-02-18Run rubocop formatting except line length (#23632)Nick Schonning
2023-02-17Autofix Rubocop Style/MethodCallWithoutArgsParentheses (#23645)Nick Schonning
2023-02-10Fix unbounded recursion in post discovery (#23506)Claire
* Add a limit to how many posts can get fetched as a result of a single request * Add tests * Always pass `request_id` when processing `Announce` activities --------- Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2022-12-07Fix unbounded recursion in account discovery (#22025)Claire
* Fix trying to fetch posts from other users when fetching featured posts * Rate-limit discovery of new subdomains * Put a limit on recursively discovering new accounts
2022-11-27Fix attachments of edited statuses not being fetched (#21565)Claire
* Fix attachments of edited statuses not being fetched * Fix tests
2022-11-07Fix validation error in SynchronizeFeaturedTagsCollectionWorker (#20018)Claire
* Fix followers count not being updated when migrating follows Fixes #19900 * Fix validation error in SynchronizeFeaturedTagsCollectionWorker Also saves remote user's chosen case for hashtags * Limit remote featured tags before validation
2022-10-21Fix `FetchFeaturedCollectionService` spec (#19401)Yamagishi Kazutoshi
Regression from #19380
2022-09-24Add tests to ActivityPub::FetchRemoteKeyService (#19226)Claire
2022-09-21Refactor ActivityPub handling to prepare for non-Account actors (#19212)Claire
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2022-09-20Improve error reporting and logging when processing remote accounts (#15605)Claire
* Add a more descriptive PrivateNetworkAddressError exception class * Remove unnecessary exception class to rescue clause * Remove unnecessary include to JsonLdHelper * Give more neutral error message when too many webfinger redirects * Remove unnecessary guard condition * Rework how “ActivityPub::FetchRemoteAccountService” handles errors Add “suppress_errors” keyword argument to avoid raising errors in ActivityPub::FetchRemoteAccountService#call (default/previous behavior). * Rework how “ActivityPub::FetchRemoteKeyService” handles errors Add “suppress_errors” keyword argument to avoid raising errors in ActivityPub::FetchRemoteKeyService#call (default/previous behavior). * Fix Webfinger::RedirectError not being a subclass of Webfinger::Error * Add suppress_errors option to ResolveAccountService Defaults to true (to preserve previous behavior). If set to false, errors will be raised instead of caught, allowing the caller to be informed of what went wrong. * Return more precise error when failing to fetch account signing AP payloads * Add tests * Fixes * Refactor error handling a bit * Fix various issues * Add specific error when provided Digest is not 256 bits of base64-encoded data * Please CodeClimate * Improve webfinger error reporting
2022-05-17Fix NoMethodError when resolving a link that redirects to a local post (#18314)Claire
* Fix NoMethodError when resolving a link that redirects to a local post * Fix tests
2022-05-02Fix compatibility with Friendica regarding pinned posts (#18254)Claire
* Fix multiple database queries when fetching pinned posts for remote account * Fix compatibility with Friendica regarding pinned posts Fixes #18066 * Add tests
2022-04-06Fix spurious edits and require incoming edits to be explicitly marked as ↵Claire
such (#17918) * Change post text edit to not be considered significant if it's identical after reformatting * We don't need to clear previous change information anymore * Require status edits to be explicit, except for poll tallies * Fix tests * Add some tests * Add poll-related tests * Add HTML-formatting related tests
2022-03-26Fix edits with no actual changes being allowed (#17843)Eugen Rochko
* Fix edits with no actual changes being allowed locally * Fix edits with no actual changes being allowed through ActivityPub * Fix false positive changes caused by description processing in model * Fix not recording poll expiration update * Fix test * Revert changes to ProcessStatusUpdateService * Various fixes and improvements * Fix code style issues * Various changes and improvements * Add guard clause
2022-03-12Fix issues with processing toot edits (#17748)Claire
* Fix searching for an already-known status by URL not working * Fix Update processing from statuses prior to 20220302232632 `ordered_media_attachment_ids_changed?` would return `true` when going from `nil` to anything (including `[]`). * Add tests
2022-03-12Fix not updating a status when newer version is fetched manually (#17745)Eugen Rochko
2022-03-10Add tests for CVE-2022-24307 (#17733)Claire
Follow-up to #17426
2022-03-09Change how changes to media attachments are stored for edits (#17696)Eugen Rochko
* Change how changes to media attachments are stored for edits Fix not being able to re-order media attachments * Fix not broadcasting updates when polls/media is changed through ActivityPub * Various fixes and improvements * Update app/models/report.rb Co-authored-by: Claire <claire.github-309c@sitedethib.com> * Add tracking of media attachment description changes * Change poll in status edit to have a structure closer to the real one Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-02-10Improve tests involving push_bulk (#17508)Claire
sidekiq-bulk's push_bulk can either accept arguments directly or run them through a block. Setting expectations on the result of evaluating the blocks allows testing more code (the block itself) and the test is moved closer to the *interface* of the tested code than its precise implementation.
2022-02-10Add editing for published statuses (#17320)Eugen Rochko
* Add editing for published statuses * Fix change of multiple-choice boolean in poll not resetting votes * Remove the ability to update existing media attachments for now
2022-01-19Add support for editing for published statuses (#16697)Eugen Rochko
* Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake
2021-11-26Remove Keybase integration (#17045)Eugen Rochko
2021-10-21Add support for fetching Create and Announce activities by URI (#16383)Claire
* Add support for fetching Create and Announce activities by URI This should improve compatibility with ZAP and offer a way to fetch boosts, which is currently not possible. * Add tests
2021-08-11Fix crash when encountering invalid account fields (#16598)Claire
* Add test * Fix crash when encountering invalid account fields
2020-11-08Add support for reversible suspensions through ActivityPub (#14989)Eugen Rochko
2020-10-21Add follower synchronization mechanism (#14510)ThibG
* Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
2019-12-16Add Event activity-type support (#12637)Thomas Citharel
This adds support for Event AP type in Mastodon. Events are converted into toots by taking their title (AS name) and their URL (AP ID). Event picture is also brought in if available. Testable by fetching event content from https://test.mobilizon.org Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-06-26Add support for Audio activities (#11189)ThibG
Fixes #11127
2019-04-01Fix more keybase-related test failures (#10443)ThibG
2019-03-30Fix failing keybase-related test (#10428)ThibG
2019-03-30Add ActivityPub representation for identity proofs (#10414)Eugen Rochko
* Add ActivityPub representation for identity proofs * Add tests
2019-02-28Improved remote thread fetching (#10106)ThibG
* Fetch up to 5 replies when discovering a new remote status This is used for resolving threads downwards. The originating server must add a “replies” attributes with such replies for it to be useful. * Add some tests for ActivityPub::FetchRepliesWorker * Add specs for ActivityPub::FetchRepliesService * Serialize up to 5 public self-replies for ActivityPub notes * Add specs for ActivityPub::NoteSerializer * Move exponential backoff logic to a worker concern * Fetch first page of paginated collections when fetching thread replies * Add specs for paginated collections in replies * Move Note replies serialization to a first CollectionPage The collection isn't actually paginable yet as it has no id nor a `next` field. This may come in another PR. * Use pluck(:uri) instead of map(&:uri) to improve performances * Fix fetching replies when they are in a CollectionPage
2018-12-30Reduce usage of LD signatures (#9659)ThibG
* Do not LDS-sign Follow, Accept, Reject, Undo, Block * Do not use LDS for Create activities of private toots * Minor cleanup * Ignore unsigned activities instead of misattributing them * Use status.distributable? instead of querying visibility directly
2018-10-04Lint pass (#8876)aus-social
2018-08-22Improve federated ID validation (#8372)Eugen Rochko
* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
2018-05-02Slightly reduce RAM usage (#7301)Eugen Rochko
* No need to re-require sidekiq plugins, they are required via Gemfile * Add derailed_benchmarks tool, no need to require TTY gems in Gemfile * Replace ruby-oembed with FetchOEmbedService Reduce startup by 45382 allocated objects * Remove preloaded JSON-LD in favour of caching HTTP responses Reduce boot RAM by about 6 MiB * Fix tests * Fix test suite by stubbing out JSON-LD contexts
2018-04-25Append '.test' to hostname in stub data (#7260)MIYAGI Hikaru
2018-04-14Add bio fields (#6645)Eugen Rochko
* Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
2018-01-08Fix bad URL schemes being accepted (#6219)Eugen Rochko
* Fix actors accepting invalid URI schemes or different host between URI and URL * Fix statuses accepting invalid URI scheme or different host to actor * Adjust tests to new requirements * Improve readability of mismatching_origin?/invalid_origin? methods
2017-11-30Add semi-support for Video/Image objects in ActivityPub (#5848)Eugen Rochko
* Add semi-support for Video/Image objects in ActivityPub Video and Image objects will create corresponding status records with manually crafted text contents (title + URL) * Extract html-url-finding logic into JsonLdHelper * Fallback to id when url missing, extract supported object types