distraction.party/lib/pleroma/web/oauth
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
..
app.ex update copyright years to 2019 2018-12-31 15:41:47 +00:00
authorization.ex Flake Ids for Users and Activities 2019-01-23 11:26:27 +01:00
fallback_controller.ex Correctly handle invalid credentials on auth login. 2019-01-28 11:41:47 +01:00
oauth_controller.ex OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix. 2019-02-07 22:14:06 +03:00
oauth_view.ex update copyright years to 2019 2018-12-31 15:41:47 +00:00
token.ex Flake Ids for Users and Activities 2019-01-23 11:26:27 +01:00