bigbuffet/pleroma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'pleroma/develop' into merge-pleroma

Browse source 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
This commit is contained in:
marcin mikołajczak 2023-05-27 01:25:17 +02:00
commit a1567f2c68
32 changed files with 1096 additions and 168 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.gitlab/merge_request_templates/Default.md Normal file
View file

@ -0,0 +1,10 @@
### Checklist
- [ ] Adding a changelog: In the `changelog.d` directory, create a file named `<code>.<type>`.
`<code>` can be anything, but we recommend using a more or less unique identifier to avoid collisions, such as the branch name.
`<type>` can be `add`, `remove`, `fix`, `security` or `skip`. `skip` is only used if there is no user-visible change in the MR (for example, only editing comments in the code). Otherwise, choose a type that corresponds to your change.
In the file, write the changelog entry. For example, if an MR adds group functionality, we can create a file named `group.add` and write `Add group functionality` in it.
If one changelog entry is not enough, you may add more. But that might mean you can split it into two MRs. Only use more than one changelog entry if you really need to (for example, when one change in the code fix two different bugs, or when refactoring).

20
CHANGELOG.md
View file

@ -18,6 +18,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
## 2.5.2
### Security
- `/proxy` endpoint now sets a Content-Security-Policy (sandbox)
- WebSocket endpoint now respects unauthenticated restrictions for streams of public posts
- OEmbed HTML tags are now filtered
### Changed
- docs: Be more explicit about the level of compatibility of OTP releases
- Set default background worker timeout to 15 minutes
### Fixed
- Atom/RSS formatting (HTML truncation, published, missing summary)
- Remove `static_fe` pipeline for `/users/:nickname/feed`
- Stop oban from retrying if validating errors occur when processing incoming data
- Make sure object refetching as used by already received polls follows MRF rules
### Removed
- BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
## 2.5.1
### Added

1
changelog.d/3126.fix Normal file
View file

@ -0,0 +1 @@
MediaProxy responses now return a sandbox CSP header

1
changelog.d/3848.add Normal file
View file

@ -0,0 +1 @@
Add OAuth scope descriptions

1
changelog.d/3882.add Normal file
View file

@ -0,0 +1 @@
Allow lang attribute in status text

1
changelog.d/3883.fix Normal file
View file

@ -0,0 +1 @@
Fix abnormal behaviour when refetching a poll

1
changelog.d/3891.fix Normal file
View file

@ -0,0 +1 @@
OEmbed HTML tags are now filtered

0
changelog.d/3893.skip Normal file
View file

0
changelog.d/changelog-improve.skip Normal file
View file

1
changelog.d/fix-object-test.fix Normal file
View file

@ -0,0 +1 @@
Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty

86
lib/pleroma/object/fetcher.ex
View file

@ -8,77 +8,30 @@ defmodule Pleroma.Object.Fetcher do
alias Pleroma.Maps
alias Pleroma.Object
alias Pleroma.Object.Containment
alias Pleroma.Repo
alias Pleroma.Signature
alias Pleroma.Web.ActivityPub.InternalFetchActor
alias Pleroma.Web.ActivityPub.MRF
alias Pleroma.Web.ActivityPub.ObjectValidator
alias Pleroma.Web.ActivityPub.Pipeline
alias Pleroma.Web.ActivityPub.Transmogrifier
alias Pleroma.Web.Federator
require Logger
require Pleroma.Constants
defp touch_changeset(changeset) do
updated_at =
NaiveDateTime.utc_now()
|> NaiveDateTime.truncate(:second)
Ecto.Changeset.put_change(changeset, :updated_at, updated_at)
end
defp maybe_reinject_internal_fields(%{data: %{} = old_data}, new_data) do
has_history? = fn
%{"formerRepresentations" => %{"orderedItems" => list}} when is_list(list) -> true
_ -> false
end
internal_fields = Map.take(old_data, Pleroma.Constants.object_internal_fields())
remote_history_exists? = has_history?.(new_data)
# If the remote history exists, we treat that as the only source of truth.
new_data =
if has_history?.(old_data) and not remote_history_exists? do
Map.put(new_data, "formerRepresentations", old_data["formerRepresentations"])
else
new_data
end
# If the remote does not have history information, we need to manage it ourselves
new_data =
if not remote_history_exists? do
changed? =
Pleroma.Constants.status_updatable_fields()
|> Enum.any?(fn field -> Map.get(old_data, field) != Map.get(new_data, field) end)
%{updated_object: updated_object} =
new_data
|> Object.Updater.maybe_update_history(old_data,
updated: changed?,
use_history_in_new_object?: false
)
updated_object
else
new_data
end
Map.merge(new_data, internal_fields)
end
defp maybe_reinject_internal_fields(_, new_data), do: new_data
@spec reinject_object(struct(), map()) :: {:ok, Object.t()} | {:error, any()}
defp reinject_object(%Object{data: %{"type" => "Question"}} = object, new_data) do
defp reinject_object(%Object{data: %{}} = object, new_data) do
Logger.debug("Reinjecting object #{new_data["id"]}")
with data <- maybe_reinject_internal_fields(object, new_data),
{:ok, data, _} <- ObjectValidator.validate(data, %{}),
changeset <- Object.change(object, %{data: data}),
changeset <- touch_changeset(changeset),
{:ok, object} <- Repo.insert_or_update(changeset),
{:ok, object} <- Object.set_cache(object) do
{:ok, object}
with {:ok, new_data, _} <- ObjectValidator.validate(new_data, %{}),
{:ok, new_data} <- MRF.filter(new_data),
{:ok, new_object, _} <-
Object.Updater.do_update_and_invalidate_cache(
object,
new_data,
_touch_changeset? = true
) do
{:ok, new_object}
else
e ->
Logger.error("Error while processing object: #{inspect(e)}")
@ -86,20 +39,11 @@ defp reinject_object(%Object{data: %{"type" => "Question"}} = object, new_data)
end
end
defp reinject_object(%Object{} = object, new_data) do
Logger.debug("Reinjecting object #{new_data["id"]}")
with new_data <- Transmogrifier.fix_object(new_data),
data <- maybe_reinject_internal_fields(object, new_data),
changeset <- Object.change(object, %{data: data}),
changeset <- touch_changeset(changeset),
{:ok, object} <- Repo.insert_or_update(changeset),
{:ok, object} <- Object.set_cache(object) do
defp reinject_object(_, new_data) do
with {:ok, object, _} <- Pipeline.common_pipeline(new_data, local: false) do
{:ok, object}
else
e ->
Logger.error("Error while processing object: #{inspect(e)}")
{:error, e}
e -> e
end
end

59
lib/pleroma/object/updater.ex
View file

@ -5,6 +5,10 @@
defmodule Pleroma.Object.Updater do
require Pleroma.Constants
alias Pleroma.Object
alias Pleroma.Repo
alias Pleroma.Workers.EventReminderWorker
def update_content_fields(orig_object_data, updated_object) do
Pleroma.Constants.status_updatable_fields()
|> Enum.reduce(
@ -97,12 +101,14 @@ def maybe_update_history(
end
defp maybe_update_poll(to_be_updated, updated_object) do
choice_key = fn data ->
if Map.has_key?(data, "anyOf"), do: "anyOf", else: "oneOf"
choice_key = fn
%{"anyOf" => [_ | _]} -> "anyOf"
%{"oneOf" => [_ | _]} -> "oneOf"
_ -> nil
end
with true <- to_be_updated["type"] == "Question",
key <- choice_key.(updated_object),
key when not is_nil(key) <- choice_key.(updated_object),
true <- key == choice_key.(to_be_updated),
orig_choices <- to_be_updated[key] |> Enum.map(&Map.drop(&1, ["replies"])),
new_choices <- updated_object[key] |> Enum.map(&Map.drop(&1, ["replies"])),
@ -237,4 +243,51 @@ def do_with_history(object, fun) do
{:history_items, e} -> e
end
end
defp maybe_touch_changeset(changeset, true) do
updated_at =
NaiveDateTime.utc_now()
|> NaiveDateTime.truncate(:second)
Ecto.Changeset.put_change(changeset, :updated_at, updated_at)
end
defp maybe_touch_changeset(changeset, _), do: changeset
def do_update_and_invalidate_cache(orig_object, updated_object, touch_changeset? \\ false) do
orig_object_ap_id = updated_object["id"]
orig_object_data = orig_object.data
%{
updated_data: updated_object_data,
updated: updated,
used_history_in_new_object?: used_history_in_new_object?
} = make_new_object_data_from_update_object(orig_object_data, updated_object)
changeset =
orig_object
|> Repo.preload(:hashtags)
|> Object.change(%{data: updated_object_data})
|> maybe_touch_changeset(touch_changeset?)
with {:ok, new_object} <- Repo.update(changeset),
{:ok, _} <- Object.invalid_object_cache(new_object),
{:ok, _} <- Object.set_cache(new_object),
# The metadata/utils.ex uses the object id for the cache.
{:ok, _} <- Pleroma.Activity.HTML.invalidate_cache_for(new_object.id) do
if used_history_in_new_object? do
with create_activity when not is_nil(create_activity) <-
Pleroma.Activity.get_create_by_object_ap_id(orig_object_ap_id),
{:ok, _} <- Pleroma.Activity.HTML.invalidate_cache_for(create_activity.id) do
nil
else
_ -> nil
end
end
EventReminderWorker.schedule_event_reminder(orig_object)
{:ok, new_object, updated}
end
end
end

7
lib/pleroma/web/activity_pub/object_validators/tag_validator.ex
View file

@ -74,8 +74,11 @@ def changeset(struct, %{"type" => "Link"} = data) do
|> cast(data, [:type, :name, :href, :mediaType])
end
# Fallback
def changeset(struct, data), do: cast(struct, data, [:type, :name])
def changeset(struct, %{"type" => _} = data) do
struct
|> cast(data, [])
|> Map.put(:action, :ignore)
end
def icon_changeset(struct, data) do
struct

38
lib/pleroma/web/activity_pub/side_effects.ex
View file

@ -513,39 +513,13 @@ defp handle_update_object(
end
if orig_object_data["type"] in Pleroma.Constants.updatable_object_types() do
%{
updated_data: updated_object_data,
updated: updated,
used_history_in_new_object?: used_history_in_new_object?
} = Object.Updater.make_new_object_data_from_update_object(orig_object_data, updated_object)
{:ok, _, updated} =
Object.Updater.do_update_and_invalidate_cache(orig_object, updated_object)
changeset =
orig_object
|> Repo.preload(:hashtags)
|> Object.change(%{data: updated_object_data})
with {:ok, new_object} <- Repo.update(changeset),
{:ok, _} <- Object.invalid_object_cache(new_object),
{:ok, _} <- Object.set_cache(new_object),
# The metadata/utils.ex uses the object id for the cache.
{:ok, _} <- Pleroma.Activity.HTML.invalidate_cache_for(new_object.id) do
if used_history_in_new_object? do
with create_activity when not is_nil(create_activity) <-
Pleroma.Activity.get_create_by_object_ap_id(orig_object_ap_id),
{:ok, _} <- Pleroma.Activity.HTML.invalidate_cache_for(create_activity.id) do
nil
else
_ -> nil
end
end
EventReminderWorker.schedule_event_reminder(object)
if updated do
object
|> Activity.normalize()
|> ActivityPub.notify_and_stream()
end
if updated do
object
|> Activity.normalize()
|> ActivityPub.notify_and_stream()
end
end

82
lib/pleroma/web/api_spec/scopes/compiler.ex Normal file
View file

@ -0,0 +1,82 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ApiSpec.Scopes.Compiler do
defmacro __before_compile__(_env) do
strings = __MODULE__.extract_all_scopes()
quote do
def placeholder do
unquote do
Enum.map(
strings,
fn string ->
quote do
Pleroma.Web.Gettext.dgettext_noop(
"oauth_scopes",
unquote(string)
)
end
end
)
end
end
end
end
def extract_all_scopes do
extract_all_scopes_from(Pleroma.Web.ApiSpec.spec())
end
def extract_all_scopes_from(specs) do
specs.paths
|> Enum.reduce([], fn
{_path, %{} = path_item}, acc ->
extract_routes(path_item)
|> Enum.flat_map(fn operation -> process_operation(operation) end)
|> Kernel.++(acc)
{_, _}, acc ->
acc
end)
|> Enum.uniq()
end
defp extract_routes(path_item) do
path_item
|> Map.from_struct()
|> Enum.map(fn {_method, path_item} -> path_item end)
|> Enum.filter(fn
%OpenApiSpex.Operation{} = _operation -> true
_ -> false
end)
end
defp process_operation(operation) do
operation.security
|> Kernel.||([])
|> Enum.flat_map(fn
%{"oAuth" => scopes} -> process_scopes(scopes)
_ -> []
end)
end
defp process_scopes(scopes) do
scopes
|> Enum.flat_map(fn scope ->
process_scope(scope)
end)
end
def process_scope(scope) do
hierarchy = String.split(scope, ":")
{_, list} =
Enum.reduce(hierarchy, {"", []}, fn comp, {cur, list} ->
{cur <> comp <> ":", [cur <> comp | list]}
end)
list
end
end

10
lib/pleroma/web/api_spec/scopes/translator.ex Normal file
View file

@ -0,0 +1,10 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ApiSpec.Scopes.Translator do
require Pleroma.Web.ApiSpec.Scopes.Compiler
require Pleroma.Web.Gettext
@before_compile Pleroma.Web.ApiSpec.Scopes.Compiler
end

7
lib/pleroma/web/media_proxy/media_proxy_controller.ex
View file

@ -12,6 +12,8 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
alias Pleroma.Web.MediaProxy
alias Plug.Conn
plug(:sandbox)
def remote(conn, %{"sig" => sig64, "url" => url64}) do
with {_, true} <- {:enabled, MediaProxy.enabled?()},
{:ok, url} <- MediaProxy.decode_url(sig64, url64),
@ -202,4 +204,9 @@ defp media_preview_proxy_config do
defp media_proxy_opts do
Config.get([:media_proxy, :proxy_opts], [])
end
defp sandbox(conn, _params) do
conn
|> merge_resp_headers([{"content-security-policy", "sandbox;"}])
end
end

9
lib/pleroma/web/rich_media/parsers/o_embed.ex
View file

@ -6,8 +6,13 @@ defmodule Pleroma.Web.RichMedia.Parsers.OEmbed do
def parse(html, data) do
with elements = [_ | _] <- get_discovery_data(html),
oembed_url when is_binary(oembed_url) <- get_oembed_url(elements),
{:ok, oembed_data} <- get_oembed_data(oembed_url) do
Map.put(data, :oembed, oembed_data)
{:ok, oembed_data = %{"html" => html}} <- get_oembed_data(oembed_url) do
data
|> Map.put(
:oembed,
oembed_data
|> Map.put("html", Pleroma.HTML.filter_tags(html))
)
else
_e -> data
end

46
lib/pleroma/web/streamer.ex
View file

@ -26,6 +26,7 @@ defmodule Pleroma.Web.Streamer do
def registry, do: @registry
@public_streams ["public", "public:local", "public:media", "public:local:media"]
@local_streams ["public:local", "public:local:media"]
@user_streams ["user", "user:notification", "direct", "user:pleroma_chat"]
@doc "Expands and authorizes a stream, and registers the process for streaming."
@ -42,14 +43,37 @@ def get_topic_and_add_socket(stream, user, oauth_token, params \\ %{}) do
end
end
defp can_access_stream(user, oauth_token, kind) do
with {_, true} <- {:restrict?, Config.restrict_unauthenticated_access?(:timelines, kind)},
{_, %User{id: user_id}, %Token{user_id: user_id}} <- {:user, user, oauth_token},
{_, true} <-
{:scopes,
OAuthScopesPlug.filter_descendants(["read:statuses"], oauth_token.scopes) != []} do
true
else
{:restrict?, _} ->
true
_ ->
false
end
end
@doc "Expand and authorizes a stream"
@spec get_topic(stream :: String.t(), User.t() | nil, Token.t() | nil, Map.t()) ::
{:ok, topic :: String.t()} | {:error, :bad_topic}
def get_topic(stream, user, oauth_token, params \\ %{})
# Allow all public steams.
def get_topic(stream, _user, _oauth_token, _params) when stream in @public_streams do
{:ok, stream}
# Allow all public steams if the instance allows unauthenticated access.
# Otherwise, only allow users with valid oauth tokens.
def get_topic(stream, user, oauth_token, _params) when stream in @public_streams do
kind = if stream in @local_streams, do: :local, else: :federated
if can_access_stream(user, oauth_token, kind) do
{:ok, stream}
else
{:error, :unauthorized}
end
end
# Allow all hashtags streams.
@ -58,12 +82,20 @@ def get_topic("hashtag", _user, _oauth_token, %{"tag" => tag} = _params) do
end
# Allow remote instance streams.
def get_topic("public:remote", _user, _oauth_token, %{"instance" => instance} = _params) do
{:ok, "public:remote:" <> instance}
def get_topic("public:remote", user, oauth_token, %{"instance" => instance} = _params) do
if can_access_stream(user, oauth_token, :federated) do
{:ok, "public:remote:" <> instance}
else
{:error, :unauthorized}
end
end
def get_topic("public:remote:media", _user, _oauth_token, %{"instance" => instance} = _params) do
{:ok, "public:remote:media:" <> instance}
def get_topic("public:remote:media", user, oauth_token, %{"instance" => instance} = _params) do
if can_access_stream(user, oauth_token, :federated) do
{:ok, "public:remote:media:" <> instance}
else
{:error, :unauthorized}
end
end
# Expand user streams.

2
lib/pleroma/web/templates/o_auth/o_auth/_scopes.html.eex
View file

@ -8,7 +8,7 @@
<%= checkbox @form, :"scope_#{scope}", value: scope in @scopes && scope, checked_value: scope, unchecked_value: "", name: "authorization[scope][]" %>
<%= label @form, :"scope_#{scope}", String.capitalize(scope) %>
<%= if scope in @scopes && scope do %>
<%= String.capitalize(scope) %>
<code><%= scope %></code> <%= :"Elixir.Gettext".dgettext(Gettext, "oauth_scopes", scope) %>
<% end %>
</div>
<% else %>

2
mix.exs
View file

@ -8,7 +8,7 @@ def project do
app: :pleroma,
name: "Rebased",
compat_name: "Pleroma",
version: version("2.5.51"),
version: version("2.5.52"),
elixir: "~> 1.11",
elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix, :gettext] ++ Mix.compilers(),

264
priv/gettext/en/LC_MESSAGES/oauth_scopes.po Normal file
View file

@ -0,0 +1,264 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR Free Software Foundation, Inc.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"PO-Revision-Date: 2023-05-02 17:02-0400\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin"
msgstr "All admin access"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read"
msgstr "Read all using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write"
msgstr "Write all using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "follow"
msgstr "Read and write user relationships"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "push"
msgstr "Push notifications"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read"
msgstr "Read everything"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:accounts"
msgstr "Read information of all accounts"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:backups"
msgstr "Read your backups"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:blocks"
msgstr "Read block relationships"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:bookmarks"
msgstr "Read your bookmarks"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:chats"
msgstr "Read your chats"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:favourites"
msgstr "Read your favourites"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:filters"
msgstr "Read your filtering settings"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:follows"
msgstr "Read follow relationships"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:lists"
msgstr "Read your lists"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:notifications"
msgstr "Read your notifications"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:reports"
msgstr "Read your reports"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:search"
msgstr "Perform searches"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:statuses"
msgstr "Read all statuses you can see"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write"
msgstr "Write everything"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:accounts"
msgstr "Change your account information"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:blocks"
msgstr "Block or unblock someone"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:bookmarks"
msgstr "Add to or remove from your bookmarks"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:chats"
msgstr "Create or delete chats or chat messages, or mark them as read"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:conversations"
msgstr "Change recipients of, mark as read, or delete conversations"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:favourites"
msgstr "Favourite or unfavourite statuses"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:filters"
msgstr "Change your filtering settings"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:follow"
msgstr "Follow or unfollow someone"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:follows"
msgstr "Follow or unfollow someone"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:lists"
msgstr "Create, change or delete your lists"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:media"
msgstr "Upload media files or modify those you uploaded"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:mutes"
msgstr "Mute or unmute someone"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:notifications"
msgstr "Mark notifications as read"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:reports"
msgstr "Submit reports"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:statuses"
msgstr "Post, edit, reblog or react to statuses"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:accounts"
msgstr "Read all accounts using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:chats"
msgstr "Read all chats using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:invites"
msgstr "Read all invites using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:media_proxy_caches"
msgstr "Read media proxy caches using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:reports"
msgstr "Read all reports using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:statuses"
msgstr "Read all statuses using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:accounts"
msgstr "Change all accounts using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:chats"
msgstr "Change all chats using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:follows"
msgstr "Change follow relationships using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:invites"
msgstr "Invite or revoke an invite using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:media_proxy_caches"
msgstr "Change media proxy caches using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:reports"
msgstr "Handle reports using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:statuses"
msgstr "Delete, change scope of, or mark as sensitive statuses using admin API"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:media"
msgstr "Read media attachments"
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:mutes"
msgstr "Read mute relationships"

261
priv/gettext/oauth_scopes.pot Normal file
View file

@ -0,0 +1,261 @@
## This file is a PO Template file.
##
## "msgid"s here are often extracted from source code.
## Add new translations manually only if they're dynamic
## translations that can't be statically extracted.
##
## Run "mix gettext.extract" to bring this file up to
## date. Leave "msgstr"s empty as changing them here has no
## effect: edit them in PO (.po) files instead.
msgid ""
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "follow"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "push"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:accounts"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:backups"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:blocks"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:bookmarks"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:chats"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:favourites"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:filters"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:follows"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:lists"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:notifications"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:reports"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:search"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:statuses"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:accounts"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:blocks"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:bookmarks"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:chats"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:conversations"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:favourites"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:filters"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:follow"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:follows"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:lists"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:media"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:mutes"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:notifications"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:reports"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "write:statuses"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:accounts"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:chats"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:invites"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:media_proxy_caches"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:reports"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:read:statuses"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:accounts"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:chats"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:follows"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:invites"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:media_proxy_caches"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:reports"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "admin:write:statuses"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:media"
msgstr ""
#, elixir-autogen, elixir-format
#: lib/pleroma/web/api_spec/scopes/translator.ex:5
msgid "read:mutes"
msgstr ""

77
priv/scrubbers/default.ex
View file

@ -33,32 +33,32 @@ defmodule Pleroma.HTML.Scrubber.Default do
"ugc"
])
Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
Meta.allow_tag_with_these_attributes(:a, ["name", "title", "lang"])
Meta.allow_tag_with_these_attributes(:abbr, ["title"])
Meta.allow_tag_with_these_attributes(:abbr, ["title", "lang"])
Meta.allow_tag_with_these_attributes(:b, [])
Meta.allow_tag_with_these_attributes(:blockquote, [])
Meta.allow_tag_with_these_attributes(:br, [])
Meta.allow_tag_with_these_attributes(:code, [])
Meta.allow_tag_with_these_attributes(:del, [])
Meta.allow_tag_with_these_attributes(:em, [])
Meta.allow_tag_with_these_attributes(:hr, [])
Meta.allow_tag_with_these_attributes(:i, [])
Meta.allow_tag_with_these_attributes(:li, [])
Meta.allow_tag_with_these_attributes(:ol, [])
Meta.allow_tag_with_these_attributes(:p, [])
Meta.allow_tag_with_these_attributes(:pre, [])
Meta.allow_tag_with_these_attributes(:strong, [])
Meta.allow_tag_with_these_attributes(:sub, [])
Meta.allow_tag_with_these_attributes(:sup, [])
Meta.allow_tag_with_these_attributes(:ruby, [])
Meta.allow_tag_with_these_attributes(:rb, [])
Meta.allow_tag_with_these_attributes(:rp, [])
Meta.allow_tag_with_these_attributes(:rt, [])
Meta.allow_tag_with_these_attributes(:rtc, [])
Meta.allow_tag_with_these_attributes(:u, [])
Meta.allow_tag_with_these_attributes(:ul, [])
Meta.allow_tag_with_these_attributes(:b, ["lang"])
Meta.allow_tag_with_these_attributes(:blockquote, ["lang"])
Meta.allow_tag_with_these_attributes(:br, ["lang"])
Meta.allow_tag_with_these_attributes(:code, ["lang"])
Meta.allow_tag_with_these_attributes(:del, ["lang"])
Meta.allow_tag_with_these_attributes(:em, ["lang"])
Meta.allow_tag_with_these_attributes(:hr, ["lang"])
Meta.allow_tag_with_these_attributes(:i, ["lang"])
Meta.allow_tag_with_these_attributes(:li, ["lang"])
Meta.allow_tag_with_these_attributes(:ol, ["lang"])
Meta.allow_tag_with_these_attributes(:p, ["lang"])
Meta.allow_tag_with_these_attributes(:pre, ["lang"])
Meta.allow_tag_with_these_attributes(:strong, ["lang"])
Meta.allow_tag_with_these_attributes(:sub, ["lang"])
Meta.allow_tag_with_these_attributes(:sup, ["lang"])
Meta.allow_tag_with_these_attributes(:ruby, ["lang"])
Meta.allow_tag_with_these_attributes(:rb, ["lang"])
Meta.allow_tag_with_these_attributes(:rp, ["lang"])
Meta.allow_tag_with_these_attributes(:rt, ["lang"])
Meta.allow_tag_with_these_attributes(:rtc, ["lang"])
Meta.allow_tag_with_these_attributes(:u, ["lang"])
Meta.allow_tag_with_these_attributes(:ul, ["lang"])
Meta.allow_tag_with_this_attribute_values(:span, "class", [
"h-card",
@ -66,7 +66,7 @@ defmodule Pleroma.HTML.Scrubber.Default do
"recipients-inline"
])
Meta.allow_tag_with_these_attributes(:span, [])
Meta.allow_tag_with_these_attributes(:span, ["lang"])
Meta.allow_tag_with_this_attribute_values(:code, "class", ["inline"])
@ -82,29 +82,30 @@ defmodule Pleroma.HTML.Scrubber.Default do
"width",
"height",
"title",
"alt"
"alt",
"lang"
])
end
if Pleroma.Config.get([:markup, :allow_tables]) do
Meta.allow_tag_with_these_attributes(:table, [])
Meta.allow_tag_with_these_attributes(:tbody, [])
Meta.allow_tag_with_these_attributes(:td, [])
Meta.allow_tag_with_these_attributes(:th, [])
Meta.allow_tag_with_these_attributes(:thead, [])
Meta.allow_tag_with_these_attributes(:tr, [])
Meta.allow_tag_with_these_attributes(:table, ["lang"])
Meta.allow_tag_with_these_attributes(:tbody, ["lang"])
Meta.allow_tag_with_these_attributes(:td, ["lang"])
Meta.allow_tag_with_these_attributes(:th, ["lang"])
Meta.allow_tag_with_these_attributes(:thead, ["lang"])
Meta.allow_tag_with_these_attributes(:tr, ["lang"])
end
if Pleroma.Config.get([:markup, :allow_headings]) do
Meta.allow_tag_with_these_attributes(:h1, [])
Meta.allow_tag_with_these_attributes(:h2, [])
Meta.allow_tag_with_these_attributes(:h3, [])
Meta.allow_tag_with_these_attributes(:h4, [])
Meta.allow_tag_with_these_attributes(:h5, [])
Meta.allow_tag_with_these_attributes(:h1, ["lang"])
Meta.allow_tag_with_these_attributes(:h2, ["lang"])
Meta.allow_tag_with_these_attributes(:h3, ["lang"])
Meta.allow_tag_with_these_attributes(:h4, ["lang"])
Meta.allow_tag_with_these_attributes(:h5, ["lang"])
end
if Pleroma.Config.get([:markup, :allow_fonts]) do
Meta.allow_tag_with_these_attributes(:font, ["face"])
Meta.allow_tag_with_these_attributes(:font, ["face", "lang"])
end
Meta.strip_everything_not_covered()

84
test/pleroma/object/fetcher_test.exs
View file

@ -9,8 +9,12 @@ defmodule Pleroma.Object.FetcherTest do
alias Pleroma.Instances
alias Pleroma.Object
alias Pleroma.Object.Fetcher
alias Pleroma.Web.ActivityPub.ObjectValidator
require Pleroma.Constants
import Mock
import Pleroma.Factory
import Tesla.Mock
setup do
@ -284,6 +288,8 @@ test "it can refetch pruned objects" do
describe "refetching" do
setup do
insert(:user, ap_id: "https://mastodon.social/users/emelie")
object1 = %{
"id" => "https://mastodon.social/1",
"actor" => "https://mastodon.social/users/emelie",
@ -293,10 +299,14 @@ test "it can refetch pruned objects" do
"bcc" => [],
"bto" => [],
"cc" => [],
"to" => [],
"summary" => ""
"to" => [Pleroma.Constants.as_public()],
"summary" => "",
"published" => "2023-05-08 23:43:20Z",
"updated" => "2023-05-09 23:43:20Z"
}
{:ok, local_object1, _} = ObjectValidator.validate(object1, [])
object2 = %{
"id" => "https://mastodon.social/2",
"actor" => "https://mastodon.social/users/emelie",
@ -306,8 +316,10 @@ test "it can refetch pruned objects" do
"bcc" => [],
"bto" => [],
"cc" => [],
"to" => [],
"to" => [Pleroma.Constants.as_public()],
"summary" => "",
"published" => "2023-05-08 23:43:20Z",
"updated" => "2023-05-09 23:43:25Z",
"formerRepresentations" => %{
"type" => "OrderedCollection",
"orderedItems" => [
@ -319,14 +331,18 @@ test "it can refetch pruned objects" do
"bcc" => [],
"bto" => [],
"cc" => [],
"to" => [],
"summary" => ""
"to" => [Pleroma.Constants.as_public()],
"summary" => "",
"published" => "2023-05-08 23:43:20Z",
"updated" => "2023-05-09 23:43:21Z"
}
],
"totalItems" => 1
}
}
{:ok, local_object2, _} = ObjectValidator.validate(object2, [])
mock(fn
%{
method: :get,
@ -335,7 +351,7 @@ test "it can refetch pruned objects" do
%Tesla.Env{
status: 200,
headers: [{"content-type", "application/activity+json"}],
body: Jason.encode!(object1)
body: Jason.encode!(object1 |> Map.put("updated", "2023-05-09 23:44:20Z"))
}
%{
@ -345,7 +361,7 @@ test "it can refetch pruned objects" do
%Tesla.Env{
status: 200,
headers: [{"content-type", "application/activity+json"}],
body: Jason.encode!(object2)
body: Jason.encode!(object2 |> Map.put("updated", "2023-05-09 23:44:20Z"))
}
%{
@ -370,7 +386,7 @@ test "it can refetch pruned objects" do
apply(HttpRequestMock, :request, [env])
end)
%{object1: object1, object2: object2}
%{object1: local_object1, object2: local_object2}
end
test "it keeps formerRepresentations if remote does not have this attr", %{object1: object1} do
@ -388,8 +404,9 @@ test "it keeps formerRepresentations if remote does not have this attr", %{objec
"bcc" => [],
"bto" => [],
"cc" => [],
"to" => [],
"summary" => ""
"to" => [Pleroma.Constants.as_public()],
"summary" => "",
"published" => "2023-05-08 23:43:20Z"
}
],
"totalItems" => 1
@ -467,6 +484,53 @@ test "it adds to formerRepresentations if the remote does not have one and the o
}
} = refetched.data
end
test "it keeps the history intact if only updated time has changed",
%{object1: object1} do
full_object1 =
object1
|> Map.merge(%{
"updated" => "2023-05-08 23:43:47Z",
"formerRepresentations" => %{
"type" => "OrderedCollection",
"orderedItems" => [
%{"type" => "Note", "content" => "mew mew 1"}
],
"totalItems" => 1
}
})
{:ok, o} = Object.create(full_object1)
assert {:ok, refetched} = Fetcher.refetch_object(o)
assert %{
"content" => "test 1",
"formerRepresentations" => %{
"orderedItems" => [
%{"content" => "mew mew 1"}
],
"totalItems" => 1
}
} = refetched.data
end
test "it goes through ObjectValidator and MRF", %{object2: object2} do
with_mock Pleroma.Web.ActivityPub.MRF, [:passthrough],
filter: fn
%{"type" => "Note"} = object ->
{:ok, Map.put(object, "content", "MRFd content")}
arg ->
passthrough([arg])
end do
{:ok, o} = Object.create(object2)
assert {:ok, refetched} = Fetcher.refetch_object(o)
assert %{"content" => "MRFd content"} = refetched.data
end
end
end
describe "fetch with history" do

14
test/pleroma/web/activity_pub/transmogrifier_test.exs
View file

@ -186,6 +186,20 @@ test "it fixes both the Create and object contexts in a reply" do
assert activity.data["context"] == object.data["context"]
end
test "it drops link tags" do
insert(:user, ap_id: "https://example.org/users/alice")
message = File.read!("test/fixtures/fep-e232.json") |> Jason.decode!()
assert {:ok, activity} = Transmogrifier.handle_incoming(message)
object = Object.normalize(activity)
assert length(object.data["tag"]) == 1
tag = object.data["tag"] |> List.first()
assert tag["type"] == "Mention"
end
end
describe "prepare outgoing" do

56
test/pleroma/web/api_spec/scopes/compiler_test.exs Normal file
View file

@ -0,0 +1,56 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ApiSpec.Scopes.CompilerTest do
use ExUnit.Case, async: true
alias Pleroma.Web.ApiSpec.Scopes.Compiler
@dummy_response %{}
@data %{
paths: %{
"/mew" => %OpenApiSpex.PathItem{
post: %OpenApiSpex.Operation{
security: [%{"oAuth" => ["a:b:c"]}],
responses: @dummy_response
},
get: %OpenApiSpex.Operation{security: nil, responses: @dummy_response}
},
"/mew2" => %OpenApiSpex.PathItem{
post: %OpenApiSpex.Operation{
security: [%{"oAuth" => ["d:e", "f:g"]}],
responses: @dummy_response
},
get: %OpenApiSpex.Operation{security: nil, responses: @dummy_response}
}
}
}
describe "process_scope/1" do
test "gives all higher-level scopes" do
scopes = Compiler.process_scope("admin:read:accounts")
assert [_, _, _] = scopes
assert "admin" in scopes
assert "admin:read" in scopes
assert "admin:read:accounts" in scopes
end
end
describe "extract_all_scopes_from/1" do
test "extracts scopes" do
scopes = Compiler.extract_all_scopes_from(@data)
assert [_, _, _, _, _, _, _] = scopes
assert "a" in scopes
assert "a:b" in scopes
assert "a:b:c" in scopes
assert "d" in scopes
assert "d:e" in scopes
assert "f" in scopes
assert "f:g" in scopes
end
end
end

11
test/pleroma/web/common_api_test.exs
View file

@ -528,6 +528,17 @@ test "zwnj is treated as word character" do
assert Object.tags(object) == ["ساٴين‌س"]
end
test "allows lang attribute" do
user = insert(:user)
text = ~s{<span lang="en">something</span><p lang="diaetuitech_rpyhpgc">random</p>}
{:ok, activity} = CommonAPI.post(user, %{status: text, content_type: "text/html"})
object = Object.normalize(activity, fetch: false)
assert object.data["content"] == text
end
test "double dot in link is allowed" do
user = insert(:user)
text = "https://example.to/something..mp3"

16
test/pleroma/web/media_proxy/media_proxy_controller_test.exs
View file

@ -6,7 +6,9 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do
use Pleroma.Web.ConnCase
import Mock
import Mox
alias Pleroma.ReverseProxy.ClientMock
alias Pleroma.Web.MediaProxy
alias Plug.Conn
@ -74,6 +76,20 @@ test "it returns 404 when url is in banned_urls cache", %{conn: conn, url: url}
assert %Conn{status: 404, resp_body: "Not Found"} = get(conn, url)
end
end
test "it applies sandbox CSP to MediaProxy requests", %{conn: conn} do
media_url = "https://lain.com/image.png"
media_proxy_url = MediaProxy.encode_url(media_url)
ClientMock
|> expect(:request, fn :get, ^media_url, _, _, _ ->
{:ok, 200, [{"content-type", "image/png"}]}
end)
%Conn{resp_headers: headers} = get(conn, media_proxy_url)
assert {"content-security-policy", "sandbox;"} in headers
end
end
describe "Media Preview Proxy" do

2
test/pleroma/web/rich_media/parser_test.exs
View file

@ -151,7 +151,7 @@ test "parses OEmbed" do
"flickr_type" => "photo",
"height" => "768",
"html" =>
"<a data-flickr-embed=\"true\" href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by \u202E\u202D\u202Cbees\u202C, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"https://embedr.flickr.com/assets/client-code.js\" charset=\"utf-8\"></script>",
"<a href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by \u202E\u202D\u202Cbees\u202C, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"/></a>",
"license" => "All Rights Reserved",
"license_id" => 0,
"provider_name" => "Flickr",

77
test/pleroma/web/streamer_test.exs
View file

@ -29,6 +29,26 @@ test "allows public" do
assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", nil, nil)
end
test "rejects local public streams if restricted_unauthenticated is on" do
clear_config([:restrict_unauthenticated, :timelines, :local], true)
assert {:error, :unauthorized} = Streamer.get_topic("public:local", nil, nil)
assert {:error, :unauthorized} = Streamer.get_topic("public:local:media", nil, nil)
end
test "rejects remote public streams if restricted_unauthenticated is on" do
clear_config([:restrict_unauthenticated, :timelines, :federated], true)
assert {:error, :unauthorized} = Streamer.get_topic("public", nil, nil)
assert {:error, :unauthorized} = Streamer.get_topic("public:media", nil, nil)
assert {:error, :unauthorized} =
Streamer.get_topic("public:remote", nil, nil, %{"instance" => "lain.com"})
assert {:error, :unauthorized} =
Streamer.get_topic("public:remote:media", nil, nil, %{"instance" => "lain.com"})
end
test "allows instance streams" do
assert {:ok, "public:remote:lain.com"} =
Streamer.get_topic("public:remote", nil, nil, %{"instance" => "lain.com"})
@ -69,6 +89,63 @@ test "allows public streams (regardless of OAuth token scopes)", %{
end
end
test "allows local public streams if restricted_unauthenticated is on", %{
user: user,
token: oauth_token
} do
clear_config([:restrict_unauthenticated, :timelines, :local], true)
%{token: read_notifications_token} = oauth_access(["read:notifications"], user: user)
%{token: badly_scoped_token} = oauth_access(["irrelevant:scope"], user: user)
assert {:ok, "public:local"} = Streamer.get_topic("public:local", user, oauth_token)
assert {:ok, "public:local:media"} =
Streamer.get_topic("public:local:media", user, oauth_token)
for token <- [read_notifications_token, badly_scoped_token] do
assert {:error, :unauthorized} = Streamer.get_topic("public:local", user, token)
assert {:error, :unauthorized} = Streamer.get_topic("public:local:media", user, token)
end
end
test "allows remote public streams if restricted_unauthenticated is on", %{
user: user,
token: oauth_token
} do
clear_config([:restrict_unauthenticated, :timelines, :federated], true)
%{token: read_notifications_token} = oauth_access(["read:notifications"], user: user)
%{token: badly_scoped_token} = oauth_access(["irrelevant:scope"], user: user)
assert {:ok, "public"} = Streamer.get_topic("public", user, oauth_token)
assert {:ok, "public:media"} = Streamer.get_topic("public:media", user, oauth_token)
assert {:ok, "public:remote:lain.com"} =
Streamer.get_topic("public:remote", user, oauth_token, %{"instance" => "lain.com"})
assert {:ok, "public:remote:media:lain.com"} =
Streamer.get_topic("public:remote:media", user, oauth_token, %{
"instance" => "lain.com"
})
for token <- [read_notifications_token, badly_scoped_token] do
assert {:error, :unauthorized} = Streamer.get_topic("public", user, token)
assert {:error, :unauthorized} = Streamer.get_topic("public:media", user, token)
assert {:error, :unauthorized} =
Streamer.get_topic("public:remote", user, token, %{
"instance" => "lain.com"
})
assert {:error, :unauthorized} =
Streamer.get_topic("public:remote:media", user, token, %{
"instance" => "lain.com"
})
end
end
test "allows user streams (with proper OAuth token scopes)", %{
user: user,
token: read_oauth_token

18
tools/check-changelog Normal file
View file

@ -0,0 +1,18 @@
#!/bin/sh
echo "looking for change log"
git remote add upstream https://git.pleroma.social/pleroma/pleroma.git
git fetch upstream ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}:refs/remotes/upstream/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
git diff --raw --no-renames upstream/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME HEAD -- changelog.d | \
grep ' A\t' | grep '\.\(skip\|add\|remove\|fix\|security\)$'
ret=$?
if [ $ret -eq 0 ]; then
echo "found a changelog entry"
exit 0
else
echo "changelog entry not found"
exit 1
fi