Commit Graph

110 Commits

Author SHA1 Message Date
rinpatch da4923f2e5 Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'
Enforcement of OAuth scopes check for authenticated API endpoints

See merge request pleroma/pleroma!2349
2020-05-01 00:58:40 +03:00
Haelwenn (lanodan) Monnier 6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Mark Felder d770cffce0 Merge branch 'develop' into issue/1280 2020-01-26 11:23:05 -06:00
Haelwenn (lanodan) Monnier 5c533e10e7
Bump credo to 1.1.5 2020-01-20 12:17:14 +01:00
Maksim Pechnikov 108a39c876 updated error messages for authentication process 2020-01-17 15:01:37 +03:00
Ivan Tashkinov 6c94b7498b [#1478] OAuth admin tweaks: enforced OAuth admin scopes usage by default, migrated existing OAuth records. Adjusted tests. 2020-01-10 10:52:21 +03:00
Ivan Tashkinov 51111e286b [#1427] Initial support for OAuth admin scopes. 2019-11-29 18:57:19 +03:00
lain 1ca7b877a1 Merge branch 'iss-1376' into 'develop'
Check client and token in GET /oauth/authorize

See merge request pleroma/pleroma!1940
2019-11-11 12:27:33 +00:00
Steven Fuchs 94627baa5c New rate limiter 2019-11-11 12:13:06 +00:00
AkiraFukushima e1fc6cb78f Check client and token in GET /oauth/authorize 2019-11-05 23:52:47 +09:00
Ivan Tashkinov 10ff01acd9 [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. 2019-10-16 21:59:21 +03:00
Ivan Tashkinov 28fb98d69e Merge remote-tracking branch 'remotes/upstream/develop' into 1260-rate-limited-auth-actions
# Conflicts:
#	CHANGELOG.md
2019-10-07 11:06:30 +03:00
Ivan Tashkinov 06b3bb54c5 Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	CHANGELOG.md
#	lib/pleroma/web/mastodon_api/controllers/account_controller.ex
#	lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
#	lib/pleroma/web/router.ex
2019-10-06 11:43:49 +03:00
Ivan Tashkinov f459aabdfa Merge remote-tracking branch 'remotes/upstream/develop' into 1260-rate-limited-auth-actions
# Conflicts:
#	CHANGELOG.md
2019-10-06 09:30:49 +03:00
Egor Kislitsyn d3ac4e8083
Fix OAuthController 2019-10-04 13:30:46 +07:00
Ivan Tashkinov 64095961fe [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	CHANGELOG.md
#	lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
#	lib/pleroma/web/router.ex
2019-10-02 20:42:40 +03:00
Maxim Filippov 0f9c2c8b87 Send an identifier alongside with error message in OAuthController 2019-10-01 18:10:04 +03:00
Ivan Tashkinov 6ffa2b5f66 [#1260] Merge remote-tracking branch 'remotes/upstream/develop' into 1260-rate-limited-auth-actions
# Conflicts:
#	CHANGELOG.md
2019-09-30 17:41:20 +03:00
Maxim Filippov 6f25668215 Admin API: Add ability to force user's password reset 2019-09-22 16:08:07 +03:00
Ivan Tashkinov e7afb67c5c [#1260] Rate-limiting for create authentication and related requests. 2019-09-17 16:16:11 +03:00
Ivan Tashkinov b63faf9819 [#1234] Mastodon 2.4.3 hierarchical scopes initial support (WIP). 2019-09-08 15:00:03 +03:00
Ariadne Conill b93498eb52 constants: add as_public constant and use it everywhere 2019-07-29 02:43:19 +00:00
Egor Kislitsyn 5104f65b69 Wrap error messages into gettext helpers 2019-07-10 18:10:09 +07:00
Ivan Tashkinov 64bc7ac619 Minor edit (comment). 2019-06-18 17:15:26 +03:00
Ivan Tashkinov 9f45f93949 Added more `redirect_uri` checks to prevent redirect to not explicitly listed URI. 2019-06-18 17:00:49 +03:00
Ivan Tashkinov 4b2c29016c [#963] No redirect on OOB OAuth authorize request with existing authorization. OAuth-related refactoring. 2019-06-12 21:30:06 +03:00
Ivan Tashkinov 3eefb274f4 OAuth consumer: tests fix, comments, Keycloak config notes. 2019-06-05 13:02:13 +03:00
Maksim 52297920e7 Refactoring oauth response. 2019-05-14 14:49:45 +00:00
Mark Felder 498bfdf403 Switch to Jason over Poison 2019-05-13 15:37:38 -05:00
Alexander Strizhakov a2be420f94 differences_in_mastoapi_responses.md: fullname & bio are optionnal
[ci skip]
2019-05-13 18:35:45 +00:00
Maksim 799e1f48b5 Refactoring functions for dealing with oauth scopes. 2019-05-08 10:52:13 +00:00
Maksim 1040caf096 fix format
Modified-by: Maksim Pechnikov <parallel588@gmail.com>
2019-05-06 17:51:03 +00:00
Egor b9cdf6d3b9 Use `User.get_cached*` everywhere 2019-04-22 07:20:43 +00:00
Ivan Tashkinov 9256d2d4b4 [#923] Refactored OAuthController#authorize definitions, added test. 2019-04-21 10:51:32 +03:00
Ivan Tashkinov 128aae05f3 [#923] Minor semantic adjustment. 2019-04-17 11:33:21 +03:00
Ivan Tashkinov c3f12cf3c3 [#923] OAuth consumer params handling refactoring.
Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic.
2019-04-10 21:40:38 +03:00
Ivan Tashkinov bffddf5e31 [#923] Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	docs/config.md
#	test/support/factory.ex
2019-04-08 12:20:26 +03:00
eugenijm 7aa53d52bd Return 403 on oauth token exchange for a deactivated user 2019-04-06 23:27:55 +03:00
Ivan Tashkinov 47a236f753 [#923] OAuth consumer mode refactoring, new tests, tests adjustments, readme. 2019-04-05 15:12:02 +03:00
Ivan Tashkinov 3e7f2bfc2f [#923] OAuthController#callback adjustments (with tests). 2019-04-05 09:19:17 +03:00
Ivan Tashkinov f7cd9131d4 [#923] OAuth consumer controller tests. Misc. improvements. 2019-04-04 22:41:03 +03:00
Ivan Tashkinov 37925cbe78 Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	lib/pleroma/web/oauth/oauth_controller.ex
#	lib/pleroma/web/router.ex
2019-04-02 14:05:34 +03:00
lambda 091baf9316 Merge branch 'features/mastoapi/2.6.0-force-login-option' into 'develop'
MastoAPI 2.6.0 `force_login` option

Closes #734

See merge request pleroma/pleroma!999
2019-04-02 10:57:38 +00:00
Egor Kislitsyn 1b3d921921 change `Repo.get(User, id)` => `User.get_by_id(id)` 2019-04-02 17:01:26 +07:00
Ivan Tashkinov 6910fb371b Fixed local MastoFE authentication / `force_login` option. 2019-04-01 17:25:25 +03:00
Ivan Tashkinov cbe09d94d1 Added `force_login` authentication option (previously applied by default). 2019-04-01 14:46:50 +03:00
Ivan Tashkinov eadafc88b8 [#923] Deps config adjustment (no `override` for `httpoison`), code analysis issues fixes. 2019-04-01 09:28:56 +03:00
Ivan Tashkinov baffdcc480 [#923] Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
# Conflicts:
#	mix.exs
2019-04-01 08:49:32 +03:00
Ivan Tashkinov 2a95014b9d [#923] OAuth consumer improvements, fixes, refactoring. 2019-03-27 15:39:35 +03:00
Ivan Tashkinov b0759f821b Comments split. 2019-03-26 15:24:29 +03:00