Ivan Tashkinov
2c68cf7e9e
OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
...
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
William Pitcock
980b5288ed
update copyright years to 2019
2018-12-31 15:41:47 +00:00
William Pitcock
2791ce9a1f
add license boilerplate to pleroma core
2018-12-23 20:56:42 +00:00
Ivan Tashkinov
b096e30cff
[ #114 ] Added email confirmation resend action. Added tests
...
for registration, authentication, email confirmation, confirmation resending.
Made admin methods create confirmed users.
2018-12-18 17:22:46 +03:00
Ivan Tashkinov
1de0aa2f10
[ #114 ] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed.
2018-12-18 17:21:05 +03:00
Maksim Pechnikov
074fa790ba
fix compile warnings
2018-12-09 20:50:08 +03:00
William Pitcock
419ed3a0ca
oauth: fix token decode regression
2018-11-11 05:26:39 +00:00
lain
4f640c43ed
Unify Mastodon Login with OAuth login.
...
This removes duplication in the login code.
2018-11-06 15:19:11 +01:00
Dominique Feyer
801d645c6b
TASK: Fix formatting
2018-09-09 23:42:28 +02:00
Dominique Feyer
b79c126ee0
Add missing URL encoding in create authorization redirect
2018-09-09 23:31:47 +02:00
Martin Kühl
84d84e4ca4
OAuth: Support /revoke endpoint for revoking tokens
...
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
Martin Kühl
ad2a7972e7
OAuth: Set `created_at` in token exchange response
...
(for compatibility with Mastodon)
2018-09-01 23:10:48 +02:00
lambda
2c303b3302
Merge branch 'bugfix/oauth2-param-name' into 'develop'
...
oauth: support either name or username parameter with grant_type=password
Closes #180
See merge request pleroma/pleroma!219
2018-06-14 07:14:18 +00:00
William Pitcock
5442466569
oauth: fix password-based login when username is email address
...
closes #199
2018-06-14 02:32:30 +00:00
William Pitcock
4894b88b1b
oauth: support either name or username parameter with grant_type=password
...
closes #180
2018-06-14 02:07:43 +00:00
D Anzorge
3607dc4558
Make token exchange return errors with 400 as status code
2018-06-06 03:14:50 +02:00
D Anzorge
73904e8f78
Make OAuth token endpoint work with HTTP Basic auth
...
client_id/client_secret can now be supplied in an Authorization header
2018-06-04 00:59:00 +02:00
lain
9e6ae44729
Formatting fixes.
2018-04-21 09:43:53 +02:00
eal
947431e9aa
MastoAPI and OAuth: allow login with either email or username.
2018-04-18 13:13:57 +03:00
lain
4afbef39f4
Format the code.
2018-03-30 15:01:53 +02:00
William Pitcock
dd21137f38
oauth: implement grant_type=password for single-page apps
2018-03-23 15:53:58 -05:00
Calv Collins
bdb5dd2194
Create action_fallback for username/password incorrect input
2018-02-08 16:57:30 +00:00
Roger Braun
fd12e585c9
Handle existing redirect params.
2017-11-10 18:24:50 +01:00
eal
b0e27b21dd
Fix tootdon logins.
2017-11-06 21:51:31 +02:00
Roger Braun
5602293690
Fix callback state.
2017-09-16 11:37:55 +02:00
Roger Braun
ac3f32da7e
Preserve state in oauth
2017-09-14 09:29:51 +02:00
Roger Braun
5fe9e4dd3f
Do oauth redirect.
2017-09-09 19:03:57 +02:00
Roger Braun
59dd240c08
Use token exchange method.
2017-09-09 12:10:46 +02:00
Roger Braun
2652d9e4ed
Slight cleanup.
2017-09-07 08:58:10 +02:00
Roger Braun
2a298d70f9
Add very basic oauth and mastodon api support.
2017-09-06 19:06:25 +02:00