Ivan Tashkinov
2a4a4f3342
[ #468 ] Defined OAuth restrictions for all applicable routes.
...
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov
063baca5e4
[ #468 ] User UI for OAuth permissions restriction. Standardized storage format for scopes
fields, updated usages.
2019-02-14 00:29:29 +03:00
Ivan Tashkinov
4ad843fb9d
[ #468 ] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions.
2019-02-09 17:09:08 +03:00
href
fa5ec765d9
Serve sw-pleroma.js properly
2019-02-01 11:34:41 +01:00
href
8018ae7ae5
Join on preloads to avoid N+1 queries
2019-01-26 15:55:53 +01:00
William Pitcock
980b5288ed
update copyright years to 2019
2018-12-31 15:41:47 +00:00
William Pitcock
2791ce9a1f
add license boilerplate to pleroma core
2018-12-23 20:56:42 +00:00
lain
f3eb414e28
Add a way to use the admin api without a user.
2018-12-18 21:08:52 +01:00
href
b1860fe85a
Instance/Static runtime plug
...
This allows to set-up an arbitrary directory which overrides most of the
static files: index.html static/ emoji/ packs/ sounds/ images/ instance/
favicon.png.
If the files are not present in the directory, the bundled ones in
priv/static will be used.
2018-12-17 22:50:59 +01:00
href
5dcb7aecea
More put_view.
2018-12-16 17:51:22 +01:00
Egor Kislitsyn
658edb166f
fix and improve web push; add configuration docs
2018-12-14 13:05:29 +01:00
Maksim Pechnikov
074fa790ba
fix compile warnings
2018-12-09 20:50:08 +03:00
Egor Kislitsyn
4944498133
Merge branch 'develop' into feature/compat/push-subscriptions
...
# Conflicts:
# lib/pleroma/application.ex
# lib/pleroma/plugs/oauth_plug.ex
2018-12-06 20:15:16 +07:00
Egor Kislitsyn
8b4397c704
Merge branch 'develop' into feature/compat/push-subscriptions
...
# Conflicts:
# lib/mix/tasks/sample_config.eex
# lib/pleroma/web/twitter_api/controllers/util_controller.ex
# mix.exs
# mix.lock
2018-12-06 19:55:58 +07:00
Maksim Pechnikov
c524c50509
fix/273
2018-12-05 17:32:06 +03:00
lain
f18b86fd5f
More fixes for Info schema.
2018-12-01 12:46:08 +01:00
lain
c443c9bd72
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into validate-user-info
2018-12-01 09:55:46 +01:00
lain
1c67277c80
Fix admin api.
2018-12-01 09:03:16 +01:00
href
b19597f602
reverse proxy / uploads
2018-11-30 18:00:47 +01:00
lain
d0ec2812bd
Merge remote-tracking branch 'origin' into validate-user-info
2018-11-30 17:34:20 +01:00
Haelwenn (lanodan) Monnier
04daa0fa44
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
...
This fixes running mastofe with MIX_ENV=dev
2018-11-26 21:41:36 +01:00
shibayashi
591b11eafc
Add manifest-src to allow manifest.json
2018-11-26 20:48:24 +01:00
William Pitcock
3356c7d1e9
oauth plug: fix deactivated check
2018-11-20 18:47:00 +00:00
Haelwenn (lanodan) Monnier
4a79b89dba
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.”
2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
c8b8f1d32c
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting
2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier
7076d45cb6
lib/pleroma/plugs/user_is_admin_plug.ex: Create
2018-11-17 20:25:52 +01:00
William Pitcock
c07464607d
http security: remove form-action from CSP definitions
2018-11-16 17:40:21 +00:00
William Pitcock
ee5932a504
http security: allow referrer-policy to be configured
2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19
rename CSPPlug to HTTPSecurityPlug.
2018-11-12 15:08:02 +00:00
William Pitcock
df72978dce
csp plug: add support for certificate transparency
2018-11-11 06:55:44 +00:00
William Pitcock
331cf6ada1
csp plug: add sts support
2018-11-11 06:50:28 +00:00
William Pitcock
f516e317ea
plugs: add CSPPlug
2018-11-11 06:10:21 +00:00
href
6fe23c5458
Runtime configured router
2018-11-05 15:19:03 +01:00
Martin Kühl
c2d592c9c5
Assign token to connection
2018-09-22 07:04:01 +02:00
lain
44b094908c
Update legacy passwords automatically.
2018-09-05 22:30:14 +02:00
lain
e601165426
Add UserEnabledPlug.
2018-09-05 21:53:53 +02:00
lain
5ce1ebb179
Add SetUserSessionIdPlug.
2018-09-05 21:42:42 +02:00
lain
12bc73dd28
Add EnsureUserKeyPlug, smaller fixes
2018-09-05 19:06:28 +02:00
lain
32465b9939
Simplify AuthenticationPlug
2018-09-05 18:53:38 +02:00
lain
9a96c93be7
Add SessionAuthenticationPlug.
2018-09-05 18:37:02 +02:00
lain
a3f54fca4d
Add LegacyAuthenticationPlug
2018-09-05 18:17:33 +02:00
lain
3cf17dc402
Add EnsureAuthenticatedPlug
2018-09-05 17:59:19 +02:00
lain
faf5347748
Add UserFetcherPlug.
2018-09-05 17:44:38 +02:00
lain
42bd985e66
Add BasicAuthDecoderPlug
2018-09-05 17:30:05 +02:00
Moon Man
8b020e03a6
change cond to if else
2018-09-05 01:37:48 -04:00
Moon Man
1a8bc26e52
auth against sha512-crypt password hashes, upgrade to pbkdf2
2018-09-05 00:21:44 -04:00
William Pitcock
8da406afa2
activitypub: verify remote http signature digests by recomputing the digest and replacing the digest header
2018-07-31 23:24:30 +00:00
lain
dd9bb37893
Rename id helper method.
2018-05-26 13:57:11 +02:00
William Pitcock
4d2c6707c2
activitypub: normalize the actor to ensure we have its URI
2018-05-19 03:28:28 -05:00
Mark Felder
ab4aa5720a
Fix a bunch of unused variable warnings
2018-05-04 20:59:01 +00:00