rinpatch
a51284b60a
Merge branch 'fix/mediaproxy-bypass-emoji' into 'develop'
...
Fix profile emojis bypassing mediaproxy and harden CSP
Closes #1810
See merge request pleroma/pleroma!2596
2020-06-08 00:58:30 +03:00
Ivan Tashkinov
862d4886c9
[ #1682 ] Fixed Basic Auth permissions issue by disabling OAuth scopes checks when password is provided. Refactored plugs skipping functionality.
2020-05-01 01:00:37 +03:00
rinpatch
da4923f2e5
Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'
...
Enforcement of OAuth scopes check for authenticated API endpoints
See merge request pleroma/pleroma!2349
2020-05-01 00:58:40 +03:00
rinpatch
c46d035f7b
rate limiter: disable based on if remote ip was found, not on if the plug was enabled
...
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.
Also closes #1620
2020-03-16 00:15:21 +03:00
rinpatch
80bc8c2cc9
Revert "Set better Cache-Control header for static content"
...
On furher investigation it seems like all that did was cause unintuitive
behavior. The emoji request flood that was the reason for introducing it
isn't really that big of a deal either, since Plug.Static only needs to
read file modification time and size to determine the ETag.
Closes #1613
2020-03-15 16:59:39 +03:00
Mark Felder
5592db4757
Older copyright updates
2020-03-03 16:46:45 -06:00
Mark Felder
05da5f5cca
Update Copyrights
2020-03-03 16:44:49 -06:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
...
Done via the following command:
git diff fcd5dd259a
--stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Haelwenn (lanodan) Monnier
6c0d869d9d
Bump copyright years of files changed after 2019-01-01
...
Done via the following command:
git diff 1e6c102b
--stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2020-03-02 05:54:56 +01:00
rinpatch
4d416343fa
rate limiter: Fix a race condition
...
When multiple requests are processed by rate limiter plug at the same
time and the bucket is not yet initialized, both would try to initialize
the bucket resulting in an internal server error.
2020-03-01 01:13:07 +03:00
Ivan Tashkinov
c747260989
[ #2250 ] Tiny refactoring per merge request review.
2020-02-29 22:04:09 +03:00
Ivan Tashkinov
6f2efb1c45
Runtime configurability of RateLimiter. Refactoring. Disabled default rate limits in tests.
2020-02-27 18:46:05 +03:00
lain
3eddd9caa6
Merge branch 'require-signature' into 'develop'
...
Add an option to require fetches to be signed
Closes #1444
See merge request pleroma/pleroma!2071
2020-02-20 12:13:21 +00:00
Ivan Tashkinov
4f8c3462a8
Tweaks to `clear_config` calls in tests in order to prevent side effects on config during test suite execution.
2020-02-13 21:55:47 +03:00
rinpatch
5b62acf6e9
Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost
2020-01-30 22:16:55 +03:00
Ivan Tashkinov
ead2d18826
Merge remote-tracking branch 'remotes/origin/develop' into oauth-scopes-tweaks-and-tests
2019-12-19 17:24:08 +03:00
Egor Kislitsyn
775212121c
Verify HTTP signatures only when request accepts "activity+json" type
2019-12-19 20:17:18 +07:00
Maxim Filippov
45180d4c60
Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost
2019-12-17 12:36:56 +03:00
minibikini
e1fa8c11a9
Apply suggestion to test/plugs/http_signature_plug_test.exs
2019-12-16 18:39:59 +00:00
Egor Kislitsyn
a12b6454bb
Add an option to require fetches to be signed
2019-12-16 22:24:03 +07:00
rinpatch
54029fe212
tests: remove a useless sleep in rate limiter tests
...
It was used to check that authenticated and unauthenticated users have
different limits. Instead of sleeping a super low limit for
unauthenticated users was set, preventing them from doing 5 requests in
the first place.
2019-12-16 01:03:13 +03:00
Ivan Tashkinov
7973cbdb9f
OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: controller tests modification: OAuth scopes usage.
2019-12-15 22:32:42 +03:00
Maxim Filippov
eb11c60289
Disable rate limiter for socket/localhost (unless RemoteIp is enabled)
2019-12-14 03:06:43 +03:00
Ivan Tashkinov
3920244be5
[ #1427 ] Fixed `:admin` option handling in OAuthScopesPlug, added tests.
2019-12-11 11:42:02 +03:00
Ivan Tashkinov
1770602747
[ #1427 ] Extra check that admin OAuth scope is used by admin. Adjusted tests.
2019-12-07 17:49:53 +03:00
Ivan Tashkinov
40e1817f70
[ #1427 ] Fixes / improvements of admin scopes support. Added tests.
2019-12-06 20:33:47 +03:00
Egor Kislitsyn
36686f5245
Support authentication via `x-admin-token` HTTP header
2019-11-19 15:58:20 +07:00
rinpatch
22554ac5ca
Merge branch 'bugfix/1395-email-activation' into 'develop'
...
Bugfix/1395 email activation
Closes #1395
See merge request pleroma/pleroma!1965
2019-11-15 14:11:48 +00:00
Egor Kislitsyn
72cf6a76f4
Fix random fails of the rate limiter tests
2019-11-13 18:07:53 +07:00
Steven Fuchs
94627baa5c
New rate limiter
2019-11-11 12:13:06 +00:00
lain
f6056e9c9c
UserEnabledPlug: Don't authenticate unconfirmed users.
2019-11-11 12:43:46 +01:00
rinpatch
84175fe30e
Set better Cache-Control header for static content
...
Closes #1382
2019-11-06 16:41:19 +03:00
Ivan Tashkinov
10ff01acd9
[ #1304 ] Moved all non-mutes / non-blocks fields from User.Info to User. WIP.
2019-10-16 21:59:21 +03:00
Ivan Tashkinov
64095961fe
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# CHANGELOG.md
# lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
# lib/pleroma/web/router.ex
2019-10-02 20:42:40 +03:00
minibikini
f9380289eb
Add `remote_ip` plug
2019-09-27 21:59:23 +00:00
Ivan Tashkinov
6f67aed3ac
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# lib/pleroma/web/admin_api/admin_api_controller.ex
2019-09-19 10:59:09 +03:00
Haelwenn (lanodan) Monnier
447514dfa2
Bump copyright years of files changed in 2019
...
Done via the following command:
git diff 1e6c102bfc
--stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2019-09-18 23:21:11 +02:00
Ivan Tashkinov
b17f217bf3
[ #1234 ] Addressed code analysis issue.
2019-09-17 23:31:05 +03:00
Ivan Tashkinov
76068873db
[ #1234 ] Defined admin OAuth scopes, refined other scopes. Added tests.
2019-09-17 22:19:39 +03:00
Ivan Tashkinov
efbc2edba1
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# lib/pleroma/web/activity_pub/activity_pub_controller.ex
# lib/pleroma/web/router.ex
2019-09-15 18:52:27 +03:00
minibikini
11e12b5761
Add Pleroma.Plugs.Cache
2019-09-09 18:53:08 +00:00
Ivan Tashkinov
b63faf9819
[ #1234 ] Mastodon 2.4.3 hierarchical scopes initial support (WIP).
2019-09-08 15:00:03 +03:00
Maksim
a320358703
added test helpers to clear config after tests
2019-08-19 15:34:29 +00:00
Maksim
55341ac717
tests WebFinger
2019-07-24 15:13:10 +00:00
Sergey Suprunenko
9340896c9e
Exclude tests that use :crypt.crypt/2 on macOS
2019-07-22 19:54:22 +00:00
Sergey Suprunenko
43a7cd27fe
[tests] Mock :crypt.crypt/2 function in AuthenticationPlugTest
2019-07-20 13:07:51 +00:00
kaniini
716afc83ce
Merge branch 'refactor/http-signature-plug' into 'develop'
...
http signature plug: separation of concerns
See merge request pleroma/pleroma!1449
2019-07-19 16:57:24 +00:00
Ariadne Conill
c947cfec5a
mapped signature plug: use `user` assign like authentication plug
2019-07-18 20:31:25 +00:00
Maksim
f435217e50
tests for Plugs.AuthenticationPlug
2019-07-18 20:29:51 +00:00
Ariadne Conill
621cacf667
tests: add tests for mapped signature plug
2019-07-18 16:28:36 +00:00