Commit graph

76 commits

Author SHA1 Message Date
Tusooa Zhu
3fd87b6a75 Skip cache when /objects or /activities is authenticated
Ref: fix-local-public
2022-06-29 20:47:27 +01:00
Tusooa Zhu
932e5df19e Allow to skip cache in Cache plug
Ref: fix-local-public
2022-06-29 20:47:26 +01:00
Tusooa Zhu
07bd35227a Support multiple locales from userLanguage cookie 2022-06-29 20:47:10 +01:00
Tusooa Zhu
fa95bc8725 Support multiple locales formally
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-06-29 20:47:10 +01:00
Tusooa Zhu
ef73f61b07 Fallback to a variant if the language in general is not supported
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-06-29 20:47:10 +01:00
Tusooa Zhu
72bdb0640f Allow user to register with custom language 2022-06-29 20:46:51 +01:00
Tusooa Zhu
7726148472 Send emails i18n'd using backend-stored user language 2022-06-29 20:45:19 +01:00
Tusooa Zhu
8f08c902a5 Make lint happy 2022-06-29 20:44:16 +01:00
Tusooa Zhu
775f997c40 Prefer userLanguage cookie over Accept-Language header in detecting locale
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-06-29 20:43:41 +01:00
502382da45 cherry-pick security from upstream
Some checks failed
ci/woodpecker/push/release Pipeline was successful
ci/woodpecker/push/lint Pipeline failed
ci/woodpecker/push/test unknown status
2022-06-22 16:25:05 +01:00
Alex Gleason
138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through 2021-12-27 17:18:26 -06:00
f02715c4b2 Fix lint errors 2021-12-27 03:42:03 +03:00
cd1041c3a4 API: optionally restrict moderators from accessing sensitive data 2021-12-27 02:27:48 +03:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug 2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
Alex Gleason
595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static 2021-05-30 12:12:58 -05:00
Alex Gleason
721c966842
FrontendStatic: make Router a runtime dep
Speeds up recompilation by removing compile-time cycles
2021-05-30 12:12:16 -05:00
Alex Gleason
39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes 2021-05-28 13:51:21 -05:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0
Reduce recompilation time by breaking compile-time cycles
2021-05-28 13:51:01 -05:00
Sean King
2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers 2021-04-18 14:00:18 -06:00
1552179792 Improved recursion through the api route list 2021-02-25 10:07:29 -06:00
cea31df6a6 Attempt to filter out API calls from FrontendStatic plug 2021-02-24 15:27:53 -06:00
rinpatch
2ab9499258 OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
2021-02-17 21:37:23 +03:00
Ivan Tashkinov
df89b5019b [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
Egor Kislitsyn
793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
eugenijm
7fcaa188a0 Allow to define custom HTTP headers per each frontend 2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2 Ability to set the Service-Worker-Allowed header 2021-01-21 21:55:11 +03:00
Lain Soykaf
39f3683a06 Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
lain
9106048c61 Password: Replace Pbkdf2 with Password. 2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
86dcfb4eb9 More places we should be using Upload.base_url 2021-01-08 17:32:42 -06:00
d69c78ceb9 Remove configurability of upload proxy opts, simplify 2021-01-05 15:06:00 -06:00
lain
713612c377 Cachex: Make caching provider switchable at runtime.
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Ivan Tashkinov
e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Ivan Tashkinov
50e47a215f Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements 2020-11-28 21:51:27 +03:00
Alexander Strizhakov
6aadb1cb40
digest algorithm is taken from header 2020-11-27 08:10:52 +03:00
Ivan Tashkinov
12a5981cc3 Session token setting on token exchange. Auth-related refactoring. 2020-11-25 21:47:23 +03:00
Ivan Tashkinov
ccc2cf0e87 Session-based OAuth auth fixes (token expiration check), refactoring, tweaks. 2020-11-21 19:47:25 +03:00
Ivan Tashkinov
04f6b48ac1 Auth subsystem refactoring and tweaks.
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
2020-10-31 13:38:35 +03:00
Maksim Pechnikov
d28f72a55a FrontStatic plug: excluded invalid url 2020-10-27 22:59:27 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
1d0e130cb3
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
9f4fe5485b
alias alphabetically order 2020-10-13 16:43:59 +03:00
Alexander Strizhakov
3ef4e9d170
AdminSecretAuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c497558d43
AuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c1777e7479
BasicAuthDecoderPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
970932689f
DigestPlug rename 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
66e0b0065b
Cache plug module name 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
c6baa811d6
EnsureAuthenticatedPlug module name 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
011525a3d1
EnsurePublicOrAuthenticatedPlug module name 2020-10-13 16:43:57 +03:00