Commit Graph

162 Commits

Author SHA1 Message Date
Egor Kislitsyn 5104f65b69 Wrap error messages into gettext helpers 2019-07-10 18:10:09 +07:00
feld 93a0eeab16 Add license/copyright to all project files 2019-07-10 05:13:23 +00:00
Maksim a0c4ebb4d7 [#184] small refactoring reset password 2019-06-24 19:01:56 +00:00
Ivan Tashkinov 64bc7ac619 Minor edit (comment). 2019-06-18 17:15:26 +03:00
Ivan Tashkinov 9f45f93949 Added more `redirect_uri` checks to prevent redirect to not explicitly listed URI. 2019-06-18 17:00:49 +03:00
kaniini 52b1b0e45d Merge branch '963_oob_oauth_redirect_fix' into 'develop'
[#963] No redirect on OOB OAuth authorize request with existing authorization

See merge request pleroma/pleroma!1276
2019-06-15 13:45:50 +00:00
Alexander Strizhakov c2ca1f22a2 it is changed in compile time
we can't change module attributes and endpoint settings in runtime
2019-06-14 15:45:05 +00:00
Ivan Tashkinov 4b2c29016c [#963] No redirect on OOB OAuth authorize request with existing authorization. OAuth-related refactoring. 2019-06-12 21:30:06 +03:00
Ivan Tashkinov 3eefb274f4 OAuth consumer: tests fix, comments, Keycloak config notes. 2019-06-05 13:02:13 +03:00
Maksim 620908a2db [#699] add worker to clean expired oauth tokens 2019-05-22 15:44:50 +00:00
Alexander Strizhakov 7ed682213f Fix/902 random compile failing 2019-05-17 07:25:20 +00:00
Maksim 52297920e7 Refactoring oauth response. 2019-05-14 14:49:45 +00:00
Mark Felder 498bfdf403 Switch to Jason over Poison 2019-05-13 15:37:38 -05:00
Alexander Strizhakov a2be420f94 differences_in_mastoapi_responses.md: fullname & bio are optionnal
[ci skip]
2019-05-13 18:35:45 +00:00
Maksim 799e1f48b5 Refactoring functions for dealing with oauth scopes. 2019-05-08 10:52:13 +00:00
Maksim 1040caf096 fix format
Modified-by: Maksim Pechnikov <parallel588@gmail.com>
2019-05-06 17:51:03 +00:00
Egor b9cdf6d3b9 Use `User.get_cached*` everywhere 2019-04-22 07:20:43 +00:00
Ivan Tashkinov 9256d2d4b4 [#923] Refactored OAuthController#authorize definitions, added test. 2019-04-21 10:51:32 +03:00
Ivan Tashkinov 128aae05f3 [#923] Minor semantic adjustment. 2019-04-17 11:33:21 +03:00
Ivan Tashkinov c3f12cf3c3 [#923] OAuth consumer params handling refactoring.
Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic.
2019-04-10 21:40:38 +03:00
Ivan Tashkinov bffddf5e31 [#923] Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	docs/config.md
#	test/support/factory.ex
2019-04-08 12:20:26 +03:00
eugenijm 7aa53d52bd Return 403 on oauth token exchange for a deactivated user 2019-04-06 23:27:55 +03:00
Ivan Tashkinov 47a236f753 [#923] OAuth consumer mode refactoring, new tests, tests adjustments, readme. 2019-04-05 15:12:02 +03:00
Ivan Tashkinov 3e7f2bfc2f [#923] OAuthController#callback adjustments (with tests). 2019-04-05 09:19:17 +03:00
Ivan Tashkinov f7cd9131d4 [#923] OAuth consumer controller tests. Misc. improvements. 2019-04-04 22:41:03 +03:00
Ivan Tashkinov 37925cbe78 Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	lib/pleroma/web/oauth/oauth_controller.ex
#	lib/pleroma/web/router.ex
2019-04-02 14:05:34 +03:00
lambda 091baf9316 Merge branch 'features/mastoapi/2.6.0-force-login-option' into 'develop'
MastoAPI 2.6.0 `force_login` option

Closes #734

See merge request pleroma/pleroma!999
2019-04-02 10:57:38 +00:00
Egor Kislitsyn 1b3d921921 change `Repo.get(User, id)` => `User.get_by_id(id)` 2019-04-02 17:01:26 +07:00
Ivan Tashkinov 6910fb371b Fixed local MastoFE authentication / `force_login` option. 2019-04-01 17:25:25 +03:00
Ivan Tashkinov cbe09d94d1 Added `force_login` authentication option (previously applied by default). 2019-04-01 14:46:50 +03:00
Ivan Tashkinov eadafc88b8 [#923] Deps config adjustment (no `override` for `httpoison`), code analysis issues fixes. 2019-04-01 09:28:56 +03:00
Ivan Tashkinov baffdcc480 [#923] Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	mix.exs
2019-04-01 08:49:32 +03:00
Ivan Tashkinov 20e0f36605 Merge remote-tracking branch 'remotes/origin/develop' into twitter_oauth 2019-03-27 15:41:40 +03:00
Ivan Tashkinov 2a95014b9d [#923] OAuth consumer improvements, fixes, refactoring. 2019-03-27 15:39:35 +03:00
Ivan Tashkinov b0759f821b Comments split. 2019-03-26 15:24:29 +03:00
Ivan Tashkinov 263ca3dea2 Mastodon-based auth error messages. Defaulted User#auth_active?/1 to `true`. 2019-03-26 15:09:06 +03:00
Ivan Tashkinov af68a42ef7 [#923] Support for multiple OAuth consumer strategies. 2019-03-20 20:25:48 +03:00
rinpatch 9a7b817c9a Ecto 3.0.5 migration
kms
2019-03-20 15:59:54 +03:00
Ivan Tashkinov e17a9a1f66 [#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 10:35:31 +03:00
Ivan Tashkinov 26b6354095 [#923] Support for multiple (external) registrations per user via Registration. 2019-03-18 17:23:38 +03:00
Ivan Tashkinov 2a96283efb [#923] Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	config/config.exs
#	lib/pleroma/web/auth/pleroma_authenticator.ex
2019-03-18 10:26:41 +03:00
lambda 28df397454 Merge branch 'feature/oauth-me' into 'develop'
oauth: add me property to token responses

See merge request pleroma/pleroma!942
2019-03-16 08:44:02 +00:00
William Pitcock e0edc706cf oauth: add me property to token responses 2019-03-16 01:12:50 +00:00
Ivan Tashkinov 2739057442 Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth 2019-03-15 17:11:00 +03:00
Ivan Tashkinov aacbf0f570 [#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 17:08:03 +03:00
link0ff 54e7087ab4 Merge remote-tracking branch 'upstream/develop' into feature/openldap-support 2019-03-14 17:43:30 +02:00
Haelwenn (lanodan) Monnier a3a9cec483
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-13 04:26:54 +01:00
Ivan Tashkinov 63ab61ed3f Sign in via Twitter (WIP). 2019-03-11 20:37:26 +03:00
link0ff 88a672fe88 Move LDAP code to LDAPAuthenticator. Use Authenticator for token_exchange with grant_type as well 2019-03-03 21:20:36 +02:00
link0ff 19e2b85247 Merge remote-tracking branch 'upstream/develop' into feature/openldap-support 2019-03-03 18:29:37 +02:00
rinpatch f38c316e6e Merge branch 'bugfix/oauth-scopes-join' into 'develop'
Bugfix: OAuth scopes formatting

Closes #702

See merge request pleroma/pleroma!881
2019-03-02 06:39:07 +00:00
Haelwenn (lanodan) Monnier b6a001a34c
Web.OAuth.OAuthController: Fix scopes Enum.join for OAuth response 2019-03-02 04:04:16 +01:00
Ivan Tashkinov 3281a3f074 Renamed *DatabaseAuthenticator to *Authenticator. 2019-02-28 14:12:41 +03:00
Ivan Tashkinov 4e77f68414 Added `auth_template/0` to DatabaseAuthenticator. 2019-02-28 13:58:58 +03:00
Ivan Tashkinov b6f915313f Made auth customization be runtime-configurable. 2019-02-28 13:00:54 +03:00
Ivan Tashkinov e82b70eb53 Database authenticator behaviour / Pleroma implementation refactoring. 2019-02-26 15:27:01 +03:00
link0ff e278d47023 OpenLDAP support 2019-02-22 15:03:43 +02:00
Ivan Tashkinov 1097ce6d9f Auth customization support.
OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection.
2019-02-21 18:55:19 +03:00
Ivan Tashkinov c0ecbf6669 [#468] Merged `upstream/develop`. 2019-02-19 19:10:55 +03:00
kaniini 7456338ed3 Merge branch 'feature/add-oauth-tokens-endpoint' into 'develop'
Add OAuth tokens endpoint

See merge request pleroma/pleroma!805
2019-02-18 04:02:41 +00:00
Maxim Filippov 94708d6370 Render only "id", "valid_until" and "app_name" in TokenView 2019-02-17 23:57:35 +03:00
Ivan Tashkinov bc4f77b10b [#468] Merged `upstream/develop`, resolved conflicts. 2019-02-17 14:07:04 +03:00
Ivan Tashkinov dcf24a3233 [#468] Refactored OAuth scopes' defaults & missing selection handling. 2019-02-17 13:49:14 +03:00
Ivan Tashkinov 2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov 027adbc9e5 [#468] Refactored OAuth scopes parsing / defaults handling. 2019-02-14 17:03:19 +03:00
William Pitcock e9ef4b8da6 oauth: never use base64 padding when returning tokens to applications
The normal Base64 alphabet uses the equals sign (=) as a padding character.  Since
Base64 strings are self-synchronizing, padding characters are unnecessary, so don't
generate them in the first place.
2019-02-14 01:10:04 +00:00
Ivan Tashkinov 063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for `scopes` fields, updated usages. 2019-02-14 00:29:29 +03:00
Maxim Filippov 760fec4cb8 Update token.ex 2019-02-13 12:59:56 +03:00
Maxim Filippov 62a45bdc11 Add revoke token 2019-02-13 12:59:56 +03:00
Maxim Filippov 61a4bc5095 Add OAuth tokens endpoint 2019-02-13 12:59:56 +03:00
Haelwenn (lanodan) Monnier d924dc73ba
de-group import/s 2019-02-09 16:31:17 +01:00
Haelwenn (lanodan) Monnier 6a6a5b3251
de-group alias/es 2019-02-09 16:31:17 +01:00
Ivan Tashkinov 4ad843fb9d [#468] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions. 2019-02-09 17:09:08 +03:00
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
lain 1825118fd4 Correctly handle invalid credentials on auth login.
Closes #407
2019-01-28 11:41:47 +01:00
href 28d77e373c
Flake Ids for Users and Activities 2019-01-23 11:26:27 +01:00
William Pitcock 980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
William Pitcock 2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
Ivan Tashkinov b096e30cff [#114] Added email confirmation resend action. Added tests
for registration, authentication, email confirmation, confirmation resending.
Made admin methods create confirmed users.
2018-12-18 17:22:46 +03:00
Ivan Tashkinov 1de0aa2f10 [#114] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed. 2018-12-18 17:21:05 +03:00
Maksim Pechnikov 074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
William Pitcock 419ed3a0ca oauth: fix token decode regression 2018-11-11 05:26:39 +00:00
lain 4f640c43ed Unify Mastodon Login with OAuth login.
This removes duplication in the login code.
2018-11-06 15:19:11 +01:00
Haelwenn (lanodan) Monnier eacab0fb05
Delete Tokens and Authorizations on password change
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
2018-10-14 02:14:54 +02:00
Dominique Feyer 801d645c6b TASK: Fix formatting 2018-09-09 23:42:28 +02:00
Dominique Feyer b79c126ee0 Add missing URL encoding in create authorization redirect 2018-09-09 23:31:47 +02:00
Martin Kühl 84d84e4ca4 OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl ad2a7972e7 OAuth: Set `created_at` in token exchange response
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
lambda 2c303b3302 Merge branch 'bugfix/oauth2-param-name' into 'develop'
oauth: support either name or username parameter with grant_type=password

Closes #180

See merge request pleroma/pleroma!219
2018-06-14 07:14:18 +00:00
William Pitcock 5442466569 oauth: fix password-based login when username is email address
closes #199
2018-06-14 02:32:30 +00:00
William Pitcock 4894b88b1b oauth: support either name or username parameter with grant_type=password
closes #180
2018-06-14 02:07:43 +00:00
D Anzorge 3607dc4558 Make token exchange return errors with 400 as status code 2018-06-06 03:14:50 +02:00
D Anzorge 73904e8f78 Make OAuth token endpoint work with HTTP Basic auth
client_id/client_secret can now be supplied in an Authorization header
2018-06-04 00:59:00 +02:00
lain ffe028cd73 More warning fixes. 2018-05-07 18:11:37 +02:00
lain 9e6ae44729 Formatting fixes. 2018-04-21 09:43:53 +02:00
eal 947431e9aa MastoAPI and OAuth: allow login with either email or username. 2018-04-18 13:13:57 +03:00
lain 4afbef39f4 Format the code. 2018-03-30 15:01:53 +02:00
William Pitcock dd21137f38 oauth: implement grant_type=password for single-page apps 2018-03-23 15:53:58 -05:00
lain f9ab38a443 Fix test. 2018-03-22 12:37:24 +01:00
Mark Felder 2702df489f cap again 2018-03-19 18:00:02 +00:00