Commit graph

797 commits

Author SHA1 Message Date
Thomas Citharel 15b3940262
Revoke old refresh token when doing a refresh token rotation
See
https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/
for details for instance

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:24 +02:00
Thomas Citharel a7da5ab269
Improve JWT tokens expiration
- Reduce access tokens TTL to 15 minutes
- Set refresh tokens TTL to 60 days
- Set Guardian.DB to only track refresh tokens
- Remove refresh token when logging out

Closes #710 #705 #706

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:22 +02:00
Thomas Citharel 6cf6e47ec7
Only show errors in tasks
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:21 +02:00
Thomas Citharel c9700906f5
Paginate the list of conversations
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:20 +02:00
Thomas Citharel bab751591f
Make sure we have a valid timezone
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:19 +02:00
Thomas Citharel 679600f003
Comment fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:18 +02:00
Thomas Citharel b5a5de5c0c
Event edit and participant fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:18 +02:00
Thomas Citharel 80f951680f
Order actor organized events by begins_on
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:17 +02:00
Thomas Citharel 4ad67e1efc
Fix an issue when deleting an actor
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:17 +02:00
Thomas Citharel bfb04bb84d
Make deleting an actor ignoring error when deleting files
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:16 +02:00
Thomas Citharel f84cc299ba
Log when a follow request is auto-accepted
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:16 +02:00
Thomas Citharel 4100b2f962
Refresh profiles in a background task
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:16 +02:00
Thomas Citharel 8c53ea442f
Make List report returns a paginated list
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:16 +02:00
Thomas Citharel 74778925e0
Refactor accessing person details resolver
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:15 +02:00
Thomas Citharel 628c55cd84
Make sure relay and anonymous actors don't automatically approve
followers

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:14 +02:00
Thomas Citharel 938f698b7a
Add webpush front-end support
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:12 +02:00
Thomas Citharel 9f5e3a39ec
Add Push notifications backend support
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:32:06 +02:00
Thomas Citharel 86c2512c62
WIP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:32:05 +02:00
Thomas Citharel b0394fdb02
Use post picture as OGP picture if existing
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-19 11:35:19 +02:00
Thomas Citharel df4b947c25
Fix removed call to :crypto.hmac/3
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-18 17:56:50 +02:00
Thomas Citharel a56f28f98e
Make koena connect picture configurable
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-18 17:56:49 +02:00
Thomas Citharel 5b36e71581
Fix rich media parsers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-03 15:34:25 +02:00
Thomas Citharel 46120b16b6
Fix merging URIs for media from url when doing a rich media preview
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-03 14:57:30 +02:00
Thomas Citharel 5afdd80c71
Fix searching for persons
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-02 19:27:34 +02:00
Thomas Citharel 2692d32c5e
Add url to error log
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-29 10:23:47 +02:00
Thomas Citharel 4a1e9ce713
Add constraint on the comment url
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-29 10:23:46 +02:00
Thomas Citharel 614ead1777
Transmogrifier event create Handle any type of error
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-28 18:19:09 +02:00
Thomas Citharel b13d4d253e
Increase tag allowed size
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-28 18:18:42 +02:00
Thomas Citharel 4fd6ecf53d
Improve AP error handling
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-28 18:06:17 +02:00
Thomas Citharel 70ca2d68a6
Improve some translations
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-28 16:16:46 +02:00
Thomas Citharel 1dc20889da
Fix missing deleted comment moderation logaction
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-28 11:59:15 +02:00
Thomas Citharel 495fbda330
Add pagination to moderation logs
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-28 10:27:29 +02:00
Thomas Citharel c58e54d5b9
Add Group as a possible ActionLog object
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-27 16:51:28 +02:00
Thomas Citharel 493808a3c8
Reset default actor id for an user when a profile is deleted
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-27 12:02:56 +02:00
Thomas Citharel c39f83fa9a
Cleanup warnings
Came in 8185fcd0bd

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-27 09:13:45 +02:00
Thomas Citharel 6d99b04a7a
Fix email headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-27 09:06:28 +02:00
Thomas Citharel 8185fcd0bd
Refresh after invite accept only if remote group
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-26 10:17:57 +02:00
Thomas Citharel ed52474b51
Disable sentry logging unknown activities
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-26 09:21:00 +02:00
Thomas Citharel 687d1685f0
Fix metadata remote image URL
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-23 09:57:23 +02:00
Thomas Citharel 2d0abaad4a
Handle rendering AP issues
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-23 09:26:16 +02:00
Thomas Citharel eaadf261ac
Handle actor fetch issues better
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-23 09:25:57 +02:00
Thomas Citharel 87aeac6aea
Remove duplicate text in emails
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-23 09:16:20 +02:00
Thomas Citharel 280f461ba7
Refactor the ActivityPub module
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-22 19:29:47 +02:00
Thomas Citharel 17a6a6eada
Add an unique index on addresses url
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-22 19:29:46 +02:00
Thomas Citharel 67b537f380
Fix sentry issues
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-22 19:29:46 +02:00
Thomas Citharel fc5adedf0b
Handle 406 Not acceptable when asking for JSON on an AP entity better
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-21 11:36:32 +02:00
Thomas Citharel eb2050a997
Handle errors from comment changeset as well when creating discussions
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-21 09:09:34 +02:00
Thomas Citharel 6ad4e33fab
Suspended actors don't need refreshing
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 17:10:34 +02:00
Thomas Citharel cb4a801519
Small fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 17:10:34 +02:00
Thomas Citharel 6668a663a7
Add user context to Sentry
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 15:07:57 +02:00
Thomas Citharel 118175db3e
Link Sentry to telemetry
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 15:07:38 +02:00
Thomas Citharel d98e68203e
Handle sending mail more properly
With custom sentry reporting issues

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 15:02:24 +02:00
Thomas Citharel ebf192e2c7
Fix CLI to change an user's email and add a test
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-19 16:50:16 +02:00
Thomas Citharel 16d192db24
Trim addresses when exporting them
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-19 12:41:40 +02:00
Thomas Citharel 3df80b96aa
Expose instance wide Atom feed in the HTML if enabled
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-19 12:41:19 +02:00
Thomas Citharel bcf52ccdf7
Expose instance feed config option in the API and show it on About page
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-19 12:40:51 +02:00
Thomas Citharel 014c2da915
Improve wording when editing an user through CLI
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-19 09:53:36 +02:00
Thomas Citharel 489787ceb5
Avoid showing suspended broken UI for suspended/deleted groups
Don't return them if they're suspended

Closes #655

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-16 18:36:52 +02:00
Thomas Citharel 53fd77f5da
Fixes discussions being sent to followers instead of members
Closes #681

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-16 16:01:10 +02:00
Thomas Citharel f2175c6498
Refactor CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-16 14:57:02 +02:00
Thomas Citharel ed7b53357f
Refactor tests for relay task and refresh cassetes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 13:37:25 +02:00
Thomas Citharel 947d0b0cdb
Handle maximum file sizes better
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:52 +02:00
Thomas Citharel 0210b677c5
Expose maximum picture sizes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:52 +02:00
Thomas Citharel fb614cf877
Handle AP fetch issues properly
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:51 +02:00
Thomas Citharel 4079af6f72
Make sure arg for Actors.get_actor_by_name/2 doesn't start with @
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:50 +02:00
Thomas Citharel bbfe3de471
Handle NotAcceptableError better
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:50 +02:00
Thomas Citharel cbf772f282
Add a check for valid URI before fetching it in AP Client
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:50 +02:00
Thomas Citharel 5ac02bae5d
Use runtime configuration for HTTP clients user-agent
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:49 +02:00
Thomas Citharel e991d7d373
Fix content type and size missing for profile avatars
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:49 +02:00
Thomas Citharel b34958d3af
Refactor Webfinger module, use XRD host-meta to find webfinger endpoint
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:49 +02:00
Thomas Citharel bd53bfc46b
Fix usage of is_bitstring instead of is_binary
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-08 16:41:49 +02:00
Thomas Citharel 00c8be4d8c
Fix an issue with default bot type value
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-08 10:39:02 +02:00
Thomas Citharel fa99c09c57
Use tasks to process refreshing elements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-08 10:39:01 +02:00
Thomas Citharel 386dbbb3a6
Fix path issue when fetching favicon for resources
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-08 10:39:01 +02:00
Thomas Citharel 356f69cef2
Fix accessing a discussion without being a member
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-08 09:54:22 +02:00
Thomas Citharel 076c14b54e
Don't auto-approve instance follows
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-30 09:12:53 +02:00
Thomas Citharel 8e6aa8c85c
Decode HTML entities when sanitized
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-30 09:12:53 +02:00
Thomas Citharel acf51a3130
Fix issues when group isn't local
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-29 18:23:03 +02:00
Thomas Citharel 4d4ee80b8c
Handle feeds with unknown formats properly
Closes #660

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-29 18:22:14 +02:00
Thomas Citharel 13c8080097
Allow to create an event from a group preconfigured with the organizer
Refactored the organizer-picker components a lot

Close #464

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-29 10:33:19 +02:00
Thomas Citharel cde9f8873e
Expose personal tokened feeds
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-26 19:36:48 +01:00
Thomas Citharel 1aa699fef0
Introduce instance ICS & Atom feeds (disabled by default)
And refactor the feed modules

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-26 16:19:58 +01:00
Thomas Citharel 80adf2307d
Extract tag parsing to own code, because linkify doesn't handle tag into
HTML

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-26 09:16:31 +01:00
Thomas Citharel 968a965763
Handle empty comments
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 12:11:49 +01:00
Thomas Citharel b95b3c16e7
Handle getting organized events from an actor when not authorized
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 10:46:45 +01:00
Thomas Citharel 7aadc447e1
Handle changing default actor unlogged
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 10:38:31 +01:00
Thomas Citharel 95516a4067
Fix registering new user account with same email as unconfirmed
Refactors get_user_by_email/2

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 10:22:40 +01:00
Thomas Citharel e6189390ac
Fix creating discussion with title containing only spaces
Also sanitize first comment

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-24 15:47:03 +01:00
Thomas Citharel 48f52ba4fd
Handle duplicate usernames correctly
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-24 11:38:31 +01:00
Thomas Citharel 98a219c7a9
Validate URIs before trying to proxify them
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-24 11:17:24 +01:00
Thomas Citharel 7b9910f251
Resources fixes and improvements
- Fix getting page description
- Fix fetching metadata from Twitter (thx @marienfressinaud)
- Improve error handling

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-24 11:07:00 +01:00
Thomas Citharel 50c89e21da
Make sure default publish date doesn't override the current one
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-23 19:29:22 +01:00
Thomas Citharel b002d905cb
Handle calling .well-known/host-meta with "application/xrd+xml" accept
header

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-23 19:28:19 +01:00
Thomas Citharel 346d6438f8
Fix changing changing email and validating new email with bad token
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-23 16:38:37 +01:00
Thomas Citharel cfa94851fa
Fix close events order
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-18 09:58:53 +01:00
Thomas Citharel 4ff00e92b6
Fix lasts events published order on the homepage
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-16 19:08:00 +01:00
Thomas Citharel 6fe22ac6ed
Handle ActivityPub Fetcher returning text that's not JSON
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-16 16:50:43 +01:00
Thomas Citharel 35e641bcff
Fix geospatial runtime configuration
Geospatial configuration was only evaluated at compile-time, not at
runtime

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-16 15:33:44 +01:00
Thomas Citharel c09a43f71e
Get front-end index path at runtime instead of compile-time
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-16 11:08:04 +01:00
Thomas Citharel 239457a219
Releases fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-15 10:34:03 +01:00