Commit graph

150 commits

Author SHA1 Message Date
lain
d0ec2812bd Merge remote-tracking branch 'origin' into validate-user-info 2018-11-30 17:34:20 +01:00
Haelwenn (lanodan) Monnier
04daa0fa44
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
This fixes running mastofe with MIX_ENV=dev
2018-11-26 21:41:36 +01:00
shibayashi
591b11eafc
Add manifest-src to allow manifest.json 2018-11-26 20:48:24 +01:00
William Pitcock
3356c7d1e9 oauth plug: fix deactivated check 2018-11-20 18:47:00 +00:00
Haelwenn (lanodan) Monnier
4a79b89dba
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.” 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier
c8b8f1d32c
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting 2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier
7076d45cb6
lib/pleroma/plugs/user_is_admin_plug.ex: Create 2018-11-17 20:25:52 +01:00
William Pitcock
c07464607d http security: remove form-action from CSP definitions 2018-11-16 17:40:21 +00:00
William Pitcock
ee5932a504 http security: allow referrer-policy to be configured 2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
William Pitcock
df72978dce csp plug: add support for certificate transparency 2018-11-11 06:55:44 +00:00
William Pitcock
331cf6ada1 csp plug: add sts support 2018-11-11 06:50:28 +00:00
William Pitcock
f516e317ea plugs: add CSPPlug 2018-11-11 06:10:21 +00:00
href
6fe23c5458
Runtime configured router 2018-11-05 15:19:03 +01:00
Martin Kühl
c2d592c9c5 Assign token to connection 2018-09-22 07:04:01 +02:00
lain
44b094908c Update legacy passwords automatically. 2018-09-05 22:30:14 +02:00
lain
e601165426 Add UserEnabledPlug. 2018-09-05 21:53:53 +02:00
lain
5ce1ebb179 Add SetUserSessionIdPlug. 2018-09-05 21:42:42 +02:00
lain
12bc73dd28 Add EnsureUserKeyPlug, smaller fixes 2018-09-05 19:06:28 +02:00
lain
32465b9939 Simplify AuthenticationPlug 2018-09-05 18:53:38 +02:00
lain
9a96c93be7 Add SessionAuthenticationPlug. 2018-09-05 18:37:02 +02:00
lain
a3f54fca4d Add LegacyAuthenticationPlug 2018-09-05 18:17:33 +02:00
lain
3cf17dc402 Add EnsureAuthenticatedPlug 2018-09-05 17:59:19 +02:00
lain
faf5347748 Add UserFetcherPlug. 2018-09-05 17:44:38 +02:00
lain
42bd985e66 Add BasicAuthDecoderPlug 2018-09-05 17:30:05 +02:00
Moon Man
8b020e03a6 change cond to if else 2018-09-05 01:37:48 -04:00
Moon Man
1a8bc26e52 auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 00:21:44 -04:00
William Pitcock
8da406afa2 activitypub: verify remote http signature digests by recomputing the digest and replacing the digest header 2018-07-31 23:24:30 +00:00
lain
dd9bb37893 Rename id helper method. 2018-05-26 13:57:11 +02:00
William Pitcock
4d2c6707c2 activitypub: normalize the actor to ensure we have its URI 2018-05-19 03:28:28 -05:00
ab4aa5720a Fix a bunch of unused variable warnings 2018-05-04 20:59:01 +00:00
lain
0a14d155d6 Fail faster. 2018-04-02 13:13:14 +02:00
lain
4afbef39f4 Format the code. 2018-03-30 15:01:53 +02:00
lain
d2099c849d More Jason changes. 2018-03-27 16:45:38 +02:00
lain
f29902a241 More signature debugging. 2018-03-11 14:37:23 +01:00
lain
5ea6d96dbe Fix signing bug. 2018-02-25 20:15:04 +01:00
lain
ac67453e8a More logging for signature problems. 2018-02-24 17:36:26 +01:00
lain
2757682894 More logging. 2018-02-22 14:57:35 +01:00
lain
38b61fddfe HttpSignature Plug: Skip if already valid. 2018-02-15 19:58:26 +01:00
Roger Braun
a9c23e1c32 Add plug to validate signed http requests. 2017-12-12 10:17:21 +01:00
Lain Iwakura
0ec5aeb8a7 Don't log in deactivated users. 2017-12-07 17:41:34 +01:00
eal
c1fa1e8844 Fix basic auth for passwords with a colon. 2017-12-04 22:45:16 +02:00
Thog
59770c3f5c
Fix all compilation warnings 2017-11-19 02:22:07 +01:00
Roger Braun
d293ceb1b5 Add Mastodon frontend. 2017-11-12 14:23:05 +01:00
Roger Braun
2a298d70f9 Add very basic oauth and mastodon api support. 2017-09-06 19:06:25 +02:00
Roger Braun
70024632ba AP refactoring. 2017-05-16 18:19:04 +02:00
dtluna
6cf7c13228 Refactor code to comply with credo suggestions 2017-04-27 16:18:50 +03:00
Roger Braun
32aa83f3a2 Short circuit user verification if cookie is present. 2017-03-30 15:29:49 +02:00
Roger Braun
142e8f8f3e Don't use fetch access in plug.
This makes it work with structs.
2017-03-20 21:28:38 +01:00
Roger Braun
e32dbfc9a5 Add basic auth. 2017-03-20 17:56:45 +01:00