Commit Graph

131 Commits

Author SHA1 Message Date
feld 3f65f2ea79 Merge branch 'feature/1922-media-proxy-whitelist' into 'develop'
Support for hosts with scheme in MediaProxy whitelist setting

Closes 

See merge request 
2020-07-14 18:07:44 +00:00
Ivan Tashkinov 9b225db7d8 [] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting. 2020-07-14 11:58:41 +03:00
Ivan Tashkinov cf3f8cb72a [] Reinstated OAuth-less `admin_token` authentication. Refactored UserIsAdminPlug (freed from checking admin scopes presence). 2020-07-19 21:35:57 +03:00
Alexander Strizhakov b376442325
MediaProxy whitelist setting now supports hosts with scheme
added deprecation warning about using bare domains
2020-07-12 12:41:40 +03:00
stwf 29ae5bb771 preload data into index.html 2020-06-03 16:34:03 -04:00
rinpatch 455a402c8a HTTP Security plug: rewrite &csp_string/0
- Directives are now separated with ";" instead of " ;",
according to https://www.w3.org/TR/CSP2/#policy-parsing
the space is optional
- Use an IO list, which at the end gets converted to a binary as
opposed to ++ing a bunch of arrays with binaries together and joining
them to a string. I doubt it gives any significant real world advantage,
but the code is cleaner and now I can sleep at night.
- The static part of csp is pre-joined to a single binary at compile time.
Same reasoning as the last point.
2020-05-27 21:31:47 +03:00
Egor Kislitsyn e32b7ae044
Skip failing `:crypt` test on mac 2020-05-25 23:01:37 +04:00
lain bfdd90f6d7 AuthenticationPlug: Also update crypt passwords. 2020-05-17 11:40:25 +02:00
lain baef35bcc8 Authentication Plug: Update bcrypt password on login. 2020-05-17 10:31:01 +02:00
Alex Gleason 9cbf17d59f
Handle bcrypt passwords for Mastodon migration 2020-05-13 10:53:56 -05:00
Alex Gleason b46811a074
Upgrade Comeonin to v5
https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md
2020-05-12 17:14:59 -05:00
Maksim 3d0c567fbc Pleroma.Web.TwitterAPI.TwoFactorAuthenticationController -> Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController 2020-05-07 08:14:54 +00:00
Ivan Tashkinov 2c4844237f Refactoring of :if_func / :unless_func plug options (general availability). Added tests for Pleroma.Web.Plug. 2020-04-30 18:19:51 +03:00
Ivan Tashkinov f685cbd309 Automatic checks of authentication / instance publicity. Definition of missing OAuth scopes in AdminAPIController. Refactoring. 2020-04-21 16:29:19 +03:00
Ivan Tashkinov 66f55106bd [] Fixed Basic Auth permissions issue by disabling OAuth scopes checks when password is provided. Refactored plugs skipping functionality. 2020-04-17 21:21:10 +03:00
Ivan Tashkinov bde1189c34 [] Made :skip_plug/2 prevent plug from being executed even if explicitly called. Refactoring. Tests. 2020-04-15 21:19:16 +03:00
Alexander Strizhakov 22bde21c4f
remote_ip plug adds remote_ip_found flag 2020-04-15 15:27:34 +03:00
Ivan Tashkinov 1c05f539aa Improved in-test `clear_config/n` applicability (setup / setup_all / in-test usage). 2020-03-20 18:33:00 +03:00
Ivan Tashkinov ec3719f539 Improved in-test config management functions. 2020-03-18 20:30:31 +03:00
Alexander Strizhakov dc2ec84c0f
warnings fix 2020-03-16 14:19:36 +03:00
lain fa4ec17c84 Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'
[] Restricted AP- & OStatus-related routes for non-federating instances

Closes 

See merge request 
2020-03-15 19:15:20 +00:00
Haelwenn 67a27825b1 Merge branch 'fix/rate-limiter-remoteip-behavior' into 'develop'
rate limiter: disable based on if remote ip was found, not on if the plug was enabled

Closes 

See merge request 
2020-03-15 14:22:10 +00:00
Ivan Tashkinov ecb7809e92 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
# Conflicts:
#	lib/pleroma/plugs/static_fe_plug.ex
2020-03-14 15:37:02 +03:00
rinpatch fc4496d4fa rate limiter: disable based on if remote ip was found, not on if the plug was enabled
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable  when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.

Also closes 
2020-03-13 21:41:17 +03:00
rinpatch c3b9fbd3a7 Revert "Set better Cache-Control header for static content"
On furher investigation it seems like all that did was cause unintuitive
behavior. The emoji request flood that was the reason for introducing it
isn't really that big of a deal either, since Plug.Static only needs to
read file modification time and size to determine the ETag.

Closes 
2020-03-11 17:58:25 +03:00
Ivan Tashkinov 5fc92deef3 [] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring. 2020-03-09 20:51:44 +03:00
Ivan Tashkinov 027714b519 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-06 11:48:30 +03:00
Mark Felder 5592db4757 Older copyright updates 2020-03-03 16:46:45 -06:00
Mark Felder 05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Ivan Tashkinov b4367125e9 [] Added tests for non-federating instance bahaviour to ActivityPubControllerTest. 2020-03-02 21:43:18 +03:00
Haelwenn (lanodan) Monnier 6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Haelwenn (lanodan) Monnier 6c0d869d9d
Bump copyright years of files changed after 2019-01-01
Done via the following command:
git diff 1e6c102b --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2020-03-02 05:54:56 +01:00
rinpatch 4d416343fa rate limiter: Fix a race condition
When multiple requests are processed by rate limiter plug at the same
time and the bucket is not yet initialized, both would try to initialize
the bucket resulting in an internal server error.
2020-03-01 01:13:07 +03:00
Ivan Tashkinov c747260989 [] Tiny refactoring per merge request review. 2020-02-29 22:04:09 +03:00
Ivan Tashkinov 6f2efb1c45 Runtime configurability of RateLimiter. Refactoring. Disabled default rate limits in tests. 2020-02-27 18:46:05 +03:00
lain 3eddd9caa6 Merge branch 'require-signature' into 'develop'
Add an option to require fetches to be signed

Closes 

See merge request 
2020-02-20 12:13:21 +00:00
Ivan Tashkinov 4f8c3462a8 Tweaks to `clear_config` calls in tests in order to prevent side effects on config during test suite execution. 2020-02-13 21:55:47 +03:00
rinpatch 5b62acf6e9 Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost 2020-01-30 22:16:55 +03:00
Ivan Tashkinov ead2d18826 Merge remote-tracking branch 'remotes/origin/develop' into oauth-scopes-tweaks-and-tests 2019-12-19 17:24:08 +03:00
Egor Kislitsyn 775212121c
Verify HTTP signatures only when request accepts "activity+json" type 2019-12-19 20:17:18 +07:00
Maxim Filippov 45180d4c60 Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost 2019-12-17 12:36:56 +03:00
minibikini e1fa8c11a9 Apply suggestion to test/plugs/http_signature_plug_test.exs 2019-12-16 18:39:59 +00:00
Egor Kislitsyn a12b6454bb
Add an option to require fetches to be signed 2019-12-16 22:24:03 +07:00
rinpatch 54029fe212 tests: remove a useless sleep in rate limiter tests
It was used to check that authenticated and unauthenticated users have
different limits. Instead of sleeping a super low limit for
unauthenticated users was set, preventing them from doing 5 requests in
the first place.
2019-12-16 01:03:13 +03:00
Ivan Tashkinov 7973cbdb9f OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: controller tests modification: OAuth scopes usage. 2019-12-15 22:32:42 +03:00
Maxim Filippov eb11c60289 Disable rate limiter for socket/localhost (unless RemoteIp is enabled) 2019-12-14 03:06:43 +03:00
Ivan Tashkinov 3920244be5 [] Fixed `:admin` option handling in OAuthScopesPlug, added tests. 2019-12-11 11:42:02 +03:00
Ivan Tashkinov 1770602747 [] Extra check that admin OAuth scope is used by admin. Adjusted tests. 2019-12-07 17:49:53 +03:00
Ivan Tashkinov 40e1817f70 [] Fixes / improvements of admin scopes support. Added tests. 2019-12-06 20:33:47 +03:00
Egor Kislitsyn 36686f5245
Support authentication via `x-admin-token` HTTP header 2019-11-19 15:58:20 +07:00