Commit Graph

3755 Commits

Author SHA1 Message Date
Ivan Tashkinov 2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov 027adbc9e5 [#468] Refactored OAuth scopes parsing / defaults handling. 2019-02-14 17:03:19 +03:00
Ivan Tashkinov 949e35e26d [#468] OAuth scopes-related data migration simplification. 2019-02-14 14:28:26 +03:00
Ivan Tashkinov 063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for `scopes` fields, updated usages. 2019-02-14 00:29:29 +03:00
Ivan Tashkinov a337bd114c [#468] MastodonAPI scope restrictions. Removed obsolete "POST /web/login" route. 2019-02-09 17:32:33 +03:00
Ivan Tashkinov 4ad843fb9d [#468] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions. 2019-02-09 17:09:08 +03:00
lambda 99fd199bda Merge branch 'add-media-path-to-caddy-cache' into 'develop'
Add /media to Caddy cache

See merge request pleroma/pleroma!791
2019-02-09 11:39:01 +00:00
shibayashi e868cfe619 Add /media to Caddy cache 2019-02-09 11:39:01 +00:00
lambda 1eecbc1cd1 Merge branch 'feature/keyword-policy' into 'develop'
Add keyword policy

See merge request pleroma/pleroma!794
2019-02-09 11:38:37 +00:00
rinpatch b05a341187 oof 2019-02-09 08:12:30 +03:00
rinpatch 9a23f8f3ea Add tests and fix a typo in docs 2019-02-08 20:23:26 +03:00
lambda c5f8df08a7 Merge branch 'fix/do-split-migration-for-local-users-only' into 'develop'
Split hide_network only for local users

See merge request pleroma/pleroma!781
2019-02-08 12:18:05 +00:00
rinpatch 38ff9b3568 fix typo in config.md 2019-02-08 15:12:44 +03:00
rinpatch 7356659273 wow 2019-02-08 15:12:13 +03:00
lambda ba7d7ffd80 Merge branch 'mark-streaming-feature-for-ios-apps' into 'develop'
Mark streaming feature for iOS apps in readme

See merge request pleroma/pleroma!790
2019-02-08 12:10:35 +00:00
lambda b4271de770 Merge branch 'oauth2_strengthening' into 'develop'
OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix

See merge request pleroma/pleroma!793
2019-02-08 12:09:43 +00:00
rinpatch f88dec8b33 What idiot did that? (me) 2019-02-08 13:16:50 +03:00
rinpatch 6c21f5aa16 Merge branch 'develop' into feature/keyword-policy 2019-02-08 13:12:33 +03:00
rinpatch 8a0b755c19 rename ftl_removal to federated_timeline_removal to keep consistent naming with SimplePolicy 2019-02-08 13:12:09 +03:00
rinpatch 2174f6eb4f Add default config for keyword policy 2019-02-08 12:48:39 +03:00
rinpatch 46aa8c18a2 Add keyword policy 2019-02-08 12:38:24 +03:00
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
hakabahitoyo c2090b86b7 mark streaming feature for ios apps in readme 2019-02-07 12:01:35 +09:00
kaniini d84392c9e0 Merge branch 'remove-pawoo-apps-from-readme' into 'develop'
Remove Pawoo apps from README.md

See merge request pleroma/pleroma!788
2019-02-07 02:19:52 +00:00
kaniini 24dd0fc545 Merge branch 'mark-streaming-feature-for-apps-in-readme' into 'develop'
Mark streaming feature for Apps in README.md

See merge request pleroma/pleroma!789
2019-02-07 02:18:51 +00:00
hakabahitoyo 902c72bb56 Mark streaming feature for Apps in README.md 2019-02-07 11:04:37 +09:00
Hakaba Hitoyo 063739054e Update README.md 2019-02-07 01:15:27 +00:00
kaniini 430f23323c Merge branch 'rename-followings' into 'develop'
hide_followings was renamed to hide_followers in the FE, but never synced up in the BE

See merge request pleroma/pleroma!787
2019-02-06 22:40:24 +00:00
Mark Felder 74518d0b60 hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
This was a dirty regex replace which worked on my server
2019-02-06 22:34:44 +00:00
Haelwenn 1220a17146 Merge branch 'bugfix/rich-media-card' into 'develop'
rich media cards: bugfixes and regression tests

See merge request pleroma/pleroma!785
2019-02-06 18:39:13 +00:00
William Pitcock 26670b09a7 tests: add a rich media card that contains all relevant fields 2019-02-06 18:27:55 +00:00
kaniini 18e783bcb2 Merge branch 'add-admin-and-moderator-fields' into 'develop'
Add admin and moderator badges to user view and make their visibility configurable

See merge request pleroma/pleroma!767
2019-02-06 18:19:47 +00:00
William Pitcock 6eb8c1eb92 test: add some regression tests for the rich media card rendering 2019-02-06 18:12:26 +00:00
William Pitcock 65a4b9fbea mastodon api: rich media: don't clobber %URI struct with a string 2019-02-06 18:02:15 +00:00
Haelwenn 09b71a9053 Merge branch 'mr/exsyslogger-doc-and-format' into 'develop'
Adds a couple examples to docs/config.md for ExSyslogger and removes duplicate timestamps from default format.

See merge request pleroma/pleroma!784
2019-02-06 18:02:10 +00:00
Michael Loftis ab80c8ebb8 adds a couple of explicit examples for ExSyslogger 2019-02-06 17:54:30 +00:00
rinpatch f7aedbcc55 Merge branch 'fix/activitypub-user-view-badmap' into 'develop'
Fix if clause in activity_pub user_view

See merge request pleroma/pleroma!783
2019-02-06 17:47:58 +00:00
href f753043ce0
Fix if clause in activity_pub user_view 2019-02-06 18:42:19 +01:00
Michael Loftis 43b3f9e96e rids the duplicate timestamp from default ExSyslogger config 2019-02-06 17:34:09 +00:00
Maxim Filippov f1b72bfb70 Split hide_networ only for local users 2019-02-06 13:41:36 +03:00
lambda 3c08e20d68 Merge branch '2019-02-06-update-frontend' into 'develop'
update frontend

See merge request pleroma/pleroma!780
2019-02-06 09:47:36 +00:00
lain 78a51f4dd4 update frontend 2019-02-06 10:40:01 +01:00
eugenijm 035eaeb9b8 Allow to configure visibility for admin and moderator badges 2019-02-06 06:18:05 +03:00
eugenijm 398c81f9c8 Add is_admin and is_moderator boolean fields to the user view 2019-02-06 02:10:06 +03:00
rinpatch c46490b199 Merge branch 'bugfix/rich-media-non-unicode-nuclear-option' into 'develop'
rich media: parser: reject any data which cannot be explicitly encoded into JSON

Closes #596

See merge request pleroma/pleroma!779
2019-02-05 21:01:20 +00:00
William Pitcock d83dbd9070 rich media: parser: reject any data which cannot be explicitly encoded into JSON 2019-02-05 20:50:57 +00:00
kaniini d120aa63f0 Merge branch 'fix-dm-index' into 'develop'
Massage index until it actually does the stuff we want.

See merge request pleroma/pleroma!772
2019-02-05 20:27:31 +00:00
kaniini 681ba1e52f Merge branch 'feature/ap-c2s-whoami' into 'develop'
activitypub: c2s: add /api/ap/whoami endpoint for andstatus

See merge request pleroma/pleroma!773
2019-02-05 20:26:31 +00:00
kaniini 00d572fd58 Merge branch 'testfix/twitter-api' into 'develop'
test: twitterapi: fix another possible test failure case

See merge request pleroma/pleroma!778
2019-02-05 20:13:38 +00:00
William Pitcock 73e6a1f1dd test: twitterapi: fix another possible test failure case 2019-02-05 20:08:16 +00:00