Ivan Tashkinov
bc4f77b10b
[ #468 ] Merged `upstream/develop`, resolved conflicts.
2019-02-17 14:07:04 +03:00
Ivan Tashkinov
2a4a4f3342
[ #468 ] Defined OAuth restrictions for all applicable routes.
...
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov
063baca5e4
[ #468 ] User UI for OAuth permissions restriction. Standardized storage format for `scopes` fields, updated usages.
2019-02-14 00:29:29 +03:00
Haelwenn (lanodan) Monnier
da4c662af3
Plugs.HTTPSecurityPlug: Add webpacker to connect-src
2019-02-12 22:12:12 +01:00
Haelwenn (lanodan) Monnier
00e8f0b07d
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
...
This is needed to run dev mode mastofe at the same time
2019-02-12 22:12:11 +01:00
shibayashi
ea1058929c
Use url[:scheme] instead of protocol to determine if https is enabled
2019-02-12 00:08:52 +01:00
Haelwenn (lanodan) Monnier
6a6a5b3251
de-group alias/es
2019-02-09 16:31:17 +01:00
Ivan Tashkinov
4ad843fb9d
[ #468 ] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions.
2019-02-09 17:09:08 +03:00
Haelwenn (lanodan) Monnier
60ea29dfe6
Credo fixes: alias grouping/ordering
2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier
106f4e7a0f
Credo fixes: parameter consistency
2019-02-09 14:59:20 +01:00
href
fa5ec765d9
Serve sw-pleroma.js properly
2019-02-01 11:34:41 +01:00
href
8018ae7ae5
Join on preloads to avoid N+1 queries
2019-01-26 15:55:53 +01:00
William Pitcock
980b5288ed
update copyright years to 2019
2018-12-31 15:41:47 +00:00
William Pitcock
2791ce9a1f
add license boilerplate to pleroma core
2018-12-23 20:56:42 +00:00
lain
f3eb414e28
Add a way to use the admin api without a user.
2018-12-18 21:08:52 +01:00
href
b1860fe85a
Instance/Static runtime plug
...
This allows to set-up an arbitrary directory which overrides most of the
static files: index.html static/ emoji/ packs/ sounds/ images/ instance/
favicon.png.
If the files are not present in the directory, the bundled ones in
priv/static will be used.
2018-12-17 22:50:59 +01:00
href
5dcb7aecea
More put_view.
2018-12-16 17:51:22 +01:00
Egor Kislitsyn
658edb166f
fix and improve web push; add configuration docs
2018-12-14 13:05:29 +01:00
Maksim Pechnikov
074fa790ba
fix compile warnings
2018-12-09 20:50:08 +03:00
Egor Kislitsyn
4944498133
Merge branch 'develop' into feature/compat/push-subscriptions
...
# Conflicts:
# lib/pleroma/application.ex
# lib/pleroma/plugs/oauth_plug.ex
2018-12-06 20:15:16 +07:00
Egor Kislitsyn
8b4397c704
Merge branch 'develop' into feature/compat/push-subscriptions
...
# Conflicts:
# lib/mix/tasks/sample_config.eex
# lib/pleroma/web/twitter_api/controllers/util_controller.ex
# mix.exs
# mix.lock
2018-12-06 19:55:58 +07:00
Maksim Pechnikov
c524c50509
fix/273
2018-12-05 17:32:06 +03:00
lain
f18b86fd5f
More fixes for Info schema.
2018-12-01 12:46:08 +01:00
lain
c443c9bd72
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into validate-user-info
2018-12-01 09:55:46 +01:00
lain
1c67277c80
Fix admin api.
2018-12-01 09:03:16 +01:00
href
b19597f602
reverse proxy / uploads
2018-11-30 18:00:47 +01:00
lain
d0ec2812bd
Merge remote-tracking branch 'origin' into validate-user-info
2018-11-30 17:34:20 +01:00
Haelwenn (lanodan) Monnier
04daa0fa44
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
...
This fixes running mastofe with MIX_ENV=dev
2018-11-26 21:41:36 +01:00
shibayashi
591b11eafc
Add manifest-src to allow manifest.json
2018-11-26 20:48:24 +01:00
William Pitcock
3356c7d1e9
oauth plug: fix deactivated check
2018-11-20 18:47:00 +00:00
Haelwenn (lanodan) Monnier
4a79b89dba
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.”
2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
c8b8f1d32c
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting
2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier
7076d45cb6
lib/pleroma/plugs/user_is_admin_plug.ex: Create
2018-11-17 20:25:52 +01:00
William Pitcock
c07464607d
http security: remove form-action from CSP definitions
2018-11-16 17:40:21 +00:00
William Pitcock
ee5932a504
http security: allow referrer-policy to be configured
2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19
rename CSPPlug to HTTPSecurityPlug.
2018-11-12 15:08:02 +00:00
William Pitcock
df72978dce
csp plug: add support for certificate transparency
2018-11-11 06:55:44 +00:00
William Pitcock
331cf6ada1
csp plug: add sts support
2018-11-11 06:50:28 +00:00
William Pitcock
f516e317ea
plugs: add CSPPlug
2018-11-11 06:10:21 +00:00
href
6fe23c5458
Runtime configured router
2018-11-05 15:19:03 +01:00
Martin Kühl
c2d592c9c5
Assign token to connection
2018-09-22 07:04:01 +02:00
lain
44b094908c
Update legacy passwords automatically.
2018-09-05 22:30:14 +02:00
lain
e601165426
Add UserEnabledPlug.
2018-09-05 21:53:53 +02:00
lain
5ce1ebb179
Add SetUserSessionIdPlug.
2018-09-05 21:42:42 +02:00
lain
12bc73dd28
Add EnsureUserKeyPlug, smaller fixes
2018-09-05 19:06:28 +02:00
lain
32465b9939
Simplify AuthenticationPlug
2018-09-05 18:53:38 +02:00
lain
9a96c93be7
Add SessionAuthenticationPlug.
2018-09-05 18:37:02 +02:00
lain
a3f54fca4d
Add LegacyAuthenticationPlug
2018-09-05 18:17:33 +02:00
lain
3cf17dc402
Add EnsureAuthenticatedPlug
2018-09-05 17:59:19 +02:00
lain
faf5347748
Add UserFetcherPlug.
2018-09-05 17:44:38 +02:00
lain
42bd985e66
Add BasicAuthDecoderPlug
2018-09-05 17:30:05 +02:00
Moon Man
8b020e03a6
change cond to if else
2018-09-05 01:37:48 -04:00
Moon Man
1a8bc26e52
auth against sha512-crypt password hashes, upgrade to pbkdf2
2018-09-05 00:21:44 -04:00
William Pitcock
8da406afa2
activitypub: verify remote http signature digests by recomputing the digest and replacing the digest header
2018-07-31 23:24:30 +00:00
lain
dd9bb37893
Rename id helper method.
2018-05-26 13:57:11 +02:00
William Pitcock
4d2c6707c2
activitypub: normalize the actor to ensure we have its URI
2018-05-19 03:28:28 -05:00
Mark Felder
ab4aa5720a
Fix a bunch of unused variable warnings
2018-05-04 20:59:01 +00:00
lain
0a14d155d6
Fail faster.
2018-04-02 13:13:14 +02:00
lain
4afbef39f4
Format the code.
2018-03-30 15:01:53 +02:00
lain
d2099c849d
More Jason changes.
2018-03-27 16:45:38 +02:00
lain
f29902a241
More signature debugging.
2018-03-11 14:37:23 +01:00
lain
5ea6d96dbe
Fix signing bug.
2018-02-25 20:15:04 +01:00
lain
ac67453e8a
More logging for signature problems.
2018-02-24 17:36:26 +01:00
lain
2757682894
More logging.
2018-02-22 14:57:35 +01:00
lain
38b61fddfe
HttpSignature Plug: Skip if already valid.
2018-02-15 19:58:26 +01:00
Roger Braun
a9c23e1c32
Add plug to validate signed http requests.
2017-12-12 10:17:21 +01:00
Lain Iwakura
0ec5aeb8a7
Don't log in deactivated users.
2017-12-07 17:41:34 +01:00
eal
c1fa1e8844
Fix basic auth for passwords with a colon.
2017-12-04 22:45:16 +02:00
Thog
59770c3f5c
Fix all compilation warnings
2017-11-19 02:22:07 +01:00
Roger Braun
d293ceb1b5
Add Mastodon frontend.
2017-11-12 14:23:05 +01:00
Roger Braun
2a298d70f9
Add very basic oauth and mastodon api support.
2017-09-06 19:06:25 +02:00
Roger Braun
70024632ba
AP refactoring.
2017-05-16 18:19:04 +02:00
dtluna
6cf7c13228
Refactor code to comply with credo suggestions
2017-04-27 16:18:50 +03:00
Roger Braun
32aa83f3a2
Short circuit user verification if cookie is present.
2017-03-30 15:29:49 +02:00
Roger Braun
142e8f8f3e
Don't use fetch access in plug.
...
This makes it work with structs.
2017-03-20 21:28:38 +01:00
Roger Braun
e32dbfc9a5
Add basic auth.
2017-03-20 17:56:45 +01:00