Commit graph

15 commits

Author SHA1 Message Date
Ivan Tashkinov
2958a7d246 Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes if OAuth check was neither performed nor explicitly skipped. 2020-04-22 18:50:25 +03:00
Ivan Tashkinov
f685cbd309 Automatic checks of authentication / instance publicity. Definition of missing OAuth scopes in AdminAPIController. Refactoring. 2020-04-21 16:29:19 +03:00
Ivan Tashkinov
bde1189c34 [] Made :skip_plug/2 prevent plug from being executed even if explicitly called. Refactoring. Tests. 2020-04-15 21:19:16 +03:00
Ivan Tashkinov
fc81e5a49c Enforcement of OAuth scopes check for authenticated API endpoints, :skip_plug plug to mark a plug explicitly skipped (disabled). 2020-04-06 10:20:44 +03:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Ivan Tashkinov
7973cbdb9f OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: controller tests modification: OAuth scopes usage. 2019-12-15 22:32:42 +03:00
Ivan Tashkinov
3920244be5 [] Fixed :admin option handling in OAuthScopesPlug, added tests. 2019-12-11 11:42:02 +03:00
Ivan Tashkinov
40e1817f70 [] Fixes / improvements of admin scopes support. Added tests. 2019-12-06 20:33:47 +03:00
Ivan Tashkinov
e4f3d7f69d Apply suggestion to lib/pleroma/plugs/oauth_scopes_plug.ex 2019-09-18 10:31:10 +00:00
Ivan Tashkinov
e6f43a831b [] Permissions-related fixes / new functionality (Masto 2.4.3 scopes). 2019-09-15 18:22:08 +03:00
Ivan Tashkinov
b63faf9819 [] Mastodon 2.4.3 hierarchical scopes initial support (WIP). 2019-09-08 15:00:03 +03:00
Egor Kislitsyn
5104f65b69 Wrap error messages into gettext helpers 2019-07-10 18:10:09 +07:00
Ivan Tashkinov
2a4a4f3342 [] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov
063baca5e4 [] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages. 2019-02-14 00:29:29 +03:00
Ivan Tashkinov
4ad843fb9d [] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions. 2019-02-09 17:09:08 +03:00