mastodon/app/controllers
ThibG aecdaf5a8c Do not serve account actors at all in limited federation mode (#14800)
* Do not serve account actors at all in limited federation mode

When an account is fetched without a signature from an allowed instance,
return an error.

This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.

However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.

The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.

* Fix tests
2020-10-19 14:45:12 +02:00
..
activitypub Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
admin Fix unpermitted operations on custom emojis leading to cryptic errors (#13951) 2020-06-05 15:23:27 +02:00
api Fix/14021 behaviour on add or remove toots (#14212) 2020-07-19 17:04:02 +02:00
auth Fix rubocop warning (#14288) 2020-07-14 19:05:07 +02:00
concerns Fix not working I18n on 2FA and Sign in token page (#14087) 2020-06-20 13:30:13 +02:00
oauth Fix settings pages being cacheable by the browser (#12714) 2019-12-30 04:38:30 +01:00
settings Add customizable thumbnails for audio and video attachments (#14145) 2020-06-29 13:56:55 +02:00
well_known Fix webfinger returning wrong status code on malformed or missing param (#13759) 2020-05-14 23:28:06 +02:00
about_controller.rb Add table of contents to about page (#11885) 2019-09-19 11:09:05 +02:00
account_follow_controller.rb Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
account_unfollow_controller.rb Restful refactor of accounts/ routes (#2133) 2017-04-19 13:52:37 +02:00
accounts_controller.rb Do not serve account actors at all in limited federation mode (#14800) 2020-10-19 14:45:12 +02:00
application_controller.rb Fix RSS feeds not being cachable (#14368) 2020-07-22 11:44:02 +02:00
authorize_interactions_controller.rb Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
custom_css_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
directories_controller.rb Fix functional user requirements in whitelist mode (#14093) 2020-06-19 19:18:47 +02:00
emojis_controller.rb Add (back) rails-level JSON caching (#11333) 2019-07-21 22:32:16 +02:00
filters_controller.rb Fix missing authentication call in filters controller (#12746) 2020-01-03 05:29:08 +01:00
follower_accounts_controller.rb Fix functional user requirements in whitelist mode (#14093) 2020-06-19 19:18:47 +02:00
following_accounts_controller.rb Fix functional user requirements in whitelist mode (#14093) 2020-06-19 19:18:47 +02:00
home_controller.rb Fix other sessions not being logged out on password change (#14252) 2020-07-07 15:26:31 +02:00
instance_actors_controller.rb Fix reverse-proxy caching of instance actor object (#11561) 2019-08-13 15:30:37 +02:00
intents_controller.rb Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 12:03:45 +02:00
invites_controller.rb Add invite comments (#10465) 2019-08-19 11:40:42 +02:00
manifests_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
media_controller.rb Fix functional user requirements in whitelist mode (#14093) 2020-06-19 19:18:47 +02:00
media_proxy_controller.rb Fix media attachments enumeration (#14254) 2020-07-07 15:26:51 +02:00
public_timelines_controller.rb Fix blurhash and autoplay not working on public pages (#11585) 2019-08-16 19:15:05 +02:00
relationships_controller.rb Change followers page to relationships page in admin UI (#12927) 2020-01-23 20:33:20 +01:00
remote_follow_controller.rb Fix redirecting non-functional accounts on public pages (#11978) 2019-09-28 01:33:27 +02:00
remote_interaction_controller.rb Fix functional user requirements in whitelist mode (#14093) 2020-06-19 19:18:47 +02:00
shares_controller.rb Fix blurhash and autoplay not working on public pages (#11585) 2019-08-16 19:15:05 +02:00
statuses_controller.rb Fix functional user requirements in whitelist mode (#14093) 2020-06-19 19:18:47 +02:00
tags_controller.rb Fix rubocop warning (#14288) 2020-07-14 19:05:07 +02:00