87 commits

Author	SHA1	Message	Date
Hélène	1acd38fe7f	OAuthPlug: use user cache instead of joining ... As this plug is called on every request, this should reduce load on the database by not requiring to select on the users table every single time, and to instead use the by-ID user cache whenever possible.	2022-09-11 19:55:55 +01:00
floatingghost	772c209914	GTS: cherry-picks and collection usage (#186) ... https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e what is this, a yoink of a yoink? good times Co-authored-by: Hélène <pleroma-dev@helene.moe> Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #186	2022-08-27 18:05:48 +00:00
FloatingGhost	8d7b63a766	Revert "Fix oauth2 (for real) (#179)" ... This reverts commit aa681d7e15.	2022-08-21 17:52:02 +01:00
floatingghost	aa681d7e15	Fix oauth2 (for real) (#179) ... Reviewed-on: #179	2022-08-21 16:24:37 +00:00
FloatingGhost	b0130bfa7b	Revert "oauth2 fixes (#177)" ... This reverts commit 429e2ac832.	2022-08-21 16:22:15 +01:00
floatingghost	429e2ac832	oauth2 fixes (#177) ... Reviewed-on: #177	2022-08-21 14:46:52 +00:00
FloatingGhost	55179d4214	set soapbox-fe v2 by default ... fixes #157	2022-08-11 10:25:03 +01:00
floatingghost	ec162b496b	/notice signing checks on redirect (#150) ... Reviewed-on: #150	2022-08-05 19:31:32 +00:00
FloatingGhost	d598c7a834	remove anonymous function from plug	2022-07-14 11:17:14 +01:00
floatingghost	37ae047e16	Add swaggerUI options (#66) ... Reviewed-on: #66	2022-07-13 15:09:35 +00:00
floatingghost	364b6969eb	Use finch everywhere (#33) ... Reviewed-on: #33	2022-07-04 16:30:38 +00:00
Tusooa Zhu	3fd87b6a75	Skip cache when /objects or /activities is authenticated ... Ref: fix-local-public	2022-06-29 20:47:27 +01:00
Tusooa Zhu	932e5df19e	Allow to skip cache in Cache plug ... Ref: fix-local-public	2022-06-29 20:47:26 +01:00
Tusooa Zhu	07bd35227a	Support multiple locales from userLanguage cookie	2022-06-29 20:47:10 +01:00
Tusooa Zhu	fa95bc8725	Support multiple locales formally ... elixir gettext current does not fully support fallback to another language [0]. But it might in the future. We adapt it so that all languages in Accept-Language headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated list. [0]: https://github.com/elixir-gettext/gettext/issues/303	2022-06-29 20:47:10 +01:00
Tusooa Zhu	ef73f61b07	Fallback to a variant if the language in general is not supported ... For an example, here, zh is not supported, but zh_Hans and zh_Hant are. If the user asks for zh, we should choose a variant for them instead of fallbacking to default. Some browsers (e.g. Firefox) does not allow users to customize their language codes. For example, there is no zh-Hans, but only zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for those users suffering from bad design decisions.	2022-06-29 20:47:10 +01:00
Tusooa Zhu	72bdb0640f	Allow user to register with custom language	2022-06-29 20:46:51 +01:00
Tusooa Zhu	7726148472	Send emails i18n'd using backend-stored user language	2022-06-29 20:45:19 +01:00
Tusooa Zhu	8f08c902a5	Make lint happy	2022-06-29 20:44:16 +01:00
Tusooa Zhu	775f997c40	Prefer userLanguage cookie over Accept-Language header in detecting locale ... https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60	2022-06-29 20:43:41 +01:00
FloatingGhost	502382da45	cherry-pick security from upstream	2022-06-22 16:25:05 +01:00
Alex Gleason	138f5a4517	EnsureStaffPrivilegedPlug: don't let non-moderators through	2021-12-27 17:18:26 -06:00
Alibek Omarov	f02715c4b2	Fix lint errors	2021-12-27 03:42:03 +03:00
Alibek Omarov	cd1041c3a4	API: optionally restrict moderators from accessing sensitive data	2021-12-27 02:27:48 +03:00
Alex Gleason	44ede0657f	Merge remote-tracking branch 'pleroma/develop' into staff-plug	2021-08-04 11:48:57 -05:00
Alex Gleason	9bc1e79c56	Moderators: add UserIsStaffPlug	2021-07-12 21:57:52 -05:00
Alex Gleason	595bca24ad	Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static	2021-05-30 12:12:58 -05:00
Alex Gleason	721c966842	FrontendStatic: make Router a runtime dep ... Speeds up recompilation by removing compile-time cycles	2021-05-30 12:12:16 -05:00
Alex Gleason	39127f15eb	Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes	2021-05-28 13:51:21 -05:00
Alex Gleason	c23b81e399	Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0 ... Reduce recompilation time by breaking compile-time cycles	2021-05-28 13:51:01 -05:00
Sean King	2b4f958b2a	Add opting out of Google FLoC to HTTPSecurityPlug headers	2021-04-18 14:00:18 -06:00
Mark Felder	1552179792	Improved recursion through the api route list	2021-02-25 10:07:29 -06:00
Mark Felder	cea31df6a6	Attempt to filter out API calls from FrontendStatic plug	2021-02-24 15:27:53 -06:00
rinpatch	2ab9499258	OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions ... Transforming scopes is no longer necessary since we are dropping support for accessing admin api without `admin:` prefix in scopes.	2021-02-17 21:37:23 +03:00
Ivan Tashkinov	df89b5019b	[#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring.	2021-02-11 15:02:50 +03:00
Egor Kislitsyn	793fc77b16	Add active user count	2021-01-27 18:20:06 +04:00
eugenijm	7fcaa188a0	Allow to define custom HTTP headers per each frontend	2021-01-21 21:55:23 +03:00
eugenijm	133644dfa2	Ability to set the Service-Worker-Allowed header	2021-01-21 21:55:11 +03:00
Lain Soykaf	39f3683a06	Pbkdf2: Use it everywhere.	2021-01-14 15:06:16 +01:00
lain	9106048c61	Password: Replace Pbkdf2 with Password.	2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier	c4439c630f	Bump Copyright to 2021 ... grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'	2021-01-13 07:49:50 +01:00
Mark Felder	86dcfb4eb9	More places we should be using Upload.base_url	2021-01-08 17:32:42 -06:00
Mark Felder	d69c78ceb9	Remove configurability of upload proxy opts, simplify	2021-01-05 15:06:00 -06:00
lain	713612c377	Cachex: Make caching provider switchable at runtime. ... Defaults to Cachex.	2020-12-18 17:44:46 +01:00
Ivan Tashkinov	e9859b68fc	[#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions.	2020-12-06 13:59:10 +03:00
Ivan Tashkinov	50e47a215f	Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements	2020-11-28 21:51:27 +03:00
Alexander Strizhakov	6aadb1cb40	digest algorithm is taken from header	2020-11-27 08:10:52 +03:00
Ivan Tashkinov	12a5981cc3	Session token setting on token exchange. Auth-related refactoring.	2020-11-25 21:47:23 +03:00
Ivan Tashkinov	ccc2cf0e87	Session-based OAuth auth fixes (token expiration check), refactoring, tweaks.	2020-11-21 19:47:25 +03:00
Ivan Tashkinov	04f6b48ac1	Auth subsystem refactoring and tweaks. ... Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.	2020-10-31 13:38:35 +03:00