Commit graph

32 commits

Author SHA1 Message Date
b8be8192fb do not allow non-admins to register tokens with admin scopes
this didn't actually _do_ anything in the past,
the users would be prevented from accessing the resource,
but they shouldn't be able to even create them
2022-12-16 03:25:14 +00:00
1bb8b76311 Fix tests in ldap registration 2022-11-01 14:21:35 +00:00
618cf7ff7f reuse valid oauth tokens (#182)
Reviewed-on: AkkomaGang/akkoma#182
2022-08-25 14:37:51 +00:00
8d7b63a766 Revert "Fix oauth2 (for real) (#179)"
This reverts commit aa681d7e15.
2022-08-21 17:52:02 +01:00
aa681d7e15 Fix oauth2 (for real) (#179)
Reviewed-on: AkkomaGang/akkoma#179
2022-08-21 16:24:37 +00:00
b0130bfa7b Revert "oauth2 fixes (#177)"
This reverts commit 429e2ac832.
2022-08-21 16:22:15 +01:00
429e2ac832 oauth2 fixes (#177)
Reviewed-on: AkkomaGang/akkoma#177
2022-08-21 14:46:52 +00:00
645f0390bc Prepare for ubuntu22 murdering openssl (#120)
Reviewed-on: AkkomaGang/akkoma#120
2022-07-27 21:48:13 +00:00
729f45ccd2 purge ldap authenticator (#92)
Reviewed-on: AkkomaGang/akkoma#92
2022-07-20 12:49:13 +00:00
Ilja
8b843be03e Fix test get_user_apps/1
For some reason I had a test who suddenly failed, mix test test/pleroma/web/o_auth/app_test.exs:54. A user has a list of applications and this test adds them and then sees if the list it gets back is the same as the apps it added.

When I ran mix test a day before I didn't have this problem and when I pushed code today in a different MR, the pipeline succeeded (see https://git.pleroma.social/ilja/pleroma/-/jobs/205827), yet locally it failed. So it seems the test can sometimes succeed and sometimes fail, which makes it untrustworthy.

The failure I see is because the returned list is in reverse order. I assume that's not per sé wrong. You just want to know if the apps you added are actually there. I fixed the test by first ordering the lists before comparing.

AFAICT (and as far as that's relevant) the test got introduced in commit cb2a072e62
2022-06-29 20:43:41 +01:00
Alex Gleason
cb2a072e62
Apps: add test for get_user_apps/1 2021-12-27 18:29:03 -06:00
Alex Gleason
b6a69b5efd
Return token's primary key with POST /oauth/token 2021-03-24 12:50:05 -05:00
e854c35e65 Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
28581e03ad Merge branch 'develop' into refactor/deactivated_user_field 2021-01-18 14:58:21 -06:00
44a86951a3 Merge branch 'develop' into refactor/approval_pending_user_field 2021-01-18 12:05:05 -06:00
Mark Felder
2c0fe2ea9e Remove toggle_confirmation; require explicit state change
Also cosmetic changes to make the code clearer
2021-01-15 13:11:51 -06:00
Mark Felder
d36182c088 Change user.confirmation_pending field to user.is_confirmed 2021-01-15 12:44:41 -06:00
Mark Felder
860b5c7804 Change user.deactivated field to user.is_active 2021-01-15 11:24:46 -06:00
f7e59c28ed Change user.approval_pending field to user.is_approved 2021-01-15 10:42:02 -06:00
Lain Soykaf
39f3683a06 Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
Lain Soykaf
aff83eb7c1 Linting 2021-01-13 16:00:12 +01:00
lain
9106048c61 Password: Replace Pbkdf2 with Password. 2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain
9ba60f70d2 Tests: Make as many tests as possible async.
In general, tests that match these criteria can be made async:

- Doesn't use real Cachex.
- Doesn't write to the Config / Application Environment.
- Uses Mock. Using Mox is fine.
- Uses the streamer.
2020-12-21 12:21:40 +01:00
Ivan Tashkinov
7fff9c1bee Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in). 2020-12-09 21:14:39 +03:00
Ivan Tashkinov
d50a3345ae [#3112] Allowed revoking same-user token from any apps. Added tests. 2020-11-30 21:55:48 +03:00
Ivan Tashkinov
f1b07a2b2b OAuth form user remembering feature. Local MastoFE login / logout fixes. 2020-11-28 21:51:06 +03:00
Ivan Tashkinov
62993db499 Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements 2020-11-25 21:48:18 +03:00
Ivan Tashkinov
12a5981cc3 Session token setting on token exchange. Auth-related refactoring. 2020-11-25 21:47:23 +03:00
Mark Felder
3283d0805f Use Jason instead of Poison in tests 2020-11-23 13:28:55 -06:00
Egor Kislitsyn
3985c1b450
Fix warnings 2020-10-15 16:54:59 +04:00
Alexander Strizhakov
7dffaef479
tests consistency 2020-10-13 16:35:09 +03:00