mastodon/spec
ThibG aecdaf5a8c Do not serve account actors at all in limited federation mode (#14800)
* Do not serve account actors at all in limited federation mode

When an account is fetched without a signature from an allowed instance,
return an error.

This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.

However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.

The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.

* Fix tests
2020-10-19 14:45:12 +02:00
..
controllers Do not serve account actors at all in limited federation mode (#14800) 2020-10-19 14:45:12 +02:00
fabricators Change move handler to carry blocks over (#14144) 2020-07-01 13:51:15 +02:00
features Add submit button to the top of preferences pages (#13068) 2020-03-08 16:04:03 +01:00
fixtures Add noopener and/or noreferrer (#12202) 2019-10-24 22:44:42 +02:00
helpers Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
lib Fix not handling Undo on some activity types when they aren't inlined (#14346) 2020-07-22 11:45:35 +02:00
mailers Add e-mail-based sign in challenge for users with disabled 2FA (#14013) 2020-06-09 10:23:06 +02:00
models Fix remote files not using Content-Type header, streaming (#14184) 2020-06-30 23:58:02 +02:00
policies Change admin UI for hashtags and add back whitelisted trends (#11490) 2019-08-05 19:54:29 +02:00
presenters Admission-based registrations mode (#10250) 2019-03-14 05:28:30 +01:00
requests Fix localization test failing due to order of locale definitions (#12393) 2019-11-15 21:00:09 +01:00
routing Move create/destroy actions for api/v1/statuses to namespace (#3678) 2017-06-10 09:39:26 +02:00
serializers/activitypub Fix account URI in UpdatePollSerializer (#11194) 2019-06-27 19:41:55 +02:00
services Fix removing allowed domains being done synchronously (#14302) 2020-07-15 21:08:19 +02:00
support Fix base64-encoded file uploads not being possible (#12748) 2020-01-04 01:54:07 +01:00
validators Search account domain in lowercase (#13016) 2020-02-01 15:42:24 +01:00
views Remove Atom feeds and old URLs in the form of GET /:username/updates/:id (#11247) 2019-07-07 16:16:51 +02:00
workers Change move handler to carry blocks over (#14144) 2020-07-01 13:51:15 +02:00
rails_helper.rb Bump sidekiq from 5.2.7 to 6.0.4 (#11727) 2020-03-21 12:04:54 +09:00
spec_helper.rb Move rspec examples to tmp dir (#12539) 2019-12-02 19:55:08 +01:00