8d7b63a766
Revert "Fix oauth2 (for real) ( #179 )"
...
This reverts commit aa681d7e15
.
2022-08-21 17:52:02 +01:00
aa681d7e15
Fix oauth2 (for real) ( #179 )
...
Reviewed-on: AkkomaGang/akkoma#179
2022-08-21 16:24:37 +00:00
b0130bfa7b
Revert "oauth2 fixes ( #177 )"
...
This reverts commit 429e2ac832
.
2022-08-21 16:22:15 +01:00
429e2ac832
oauth2 fixes ( #177 )
...
Reviewed-on: AkkomaGang/akkoma#177
2022-08-21 14:46:52 +00:00
55179d4214
set soapbox-fe v2 by default
...
fixes #157
2022-08-11 10:25:03 +01:00
ec162b496b
/notice signing checks on redirect ( #150 )
...
Reviewed-on: AkkomaGang/akkoma#150
2022-08-05 19:31:32 +00:00
d598c7a834
remove anonymous function from plug
2022-07-14 11:17:14 +01:00
37ae047e16
Add swaggerUI options ( #66 )
...
Reviewed-on: AkkomaGang/akkoma#66
2022-07-13 15:09:35 +00:00
364b6969eb
Use finch everywhere ( #33 )
...
Reviewed-on: AkkomaGang/akkoma#33
2022-07-04 16:30:38 +00:00
Tusooa Zhu
3fd87b6a75
Skip cache when /objects or /activities is authenticated
...
Ref: fix-local-public
2022-06-29 20:47:27 +01:00
Tusooa Zhu
932e5df19e
Allow to skip cache in Cache plug
...
Ref: fix-local-public
2022-06-29 20:47:26 +01:00
Tusooa Zhu
07bd35227a
Support multiple locales from userLanguage cookie
2022-06-29 20:47:10 +01:00
Tusooa Zhu
fa95bc8725
Support multiple locales formally
...
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.
[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-06-29 20:47:10 +01:00
Tusooa Zhu
ef73f61b07
Fallback to a variant if the language in general is not supported
...
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.
Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-06-29 20:47:10 +01:00
Tusooa Zhu
72bdb0640f
Allow user to register with custom language
2022-06-29 20:46:51 +01:00
Tusooa Zhu
7726148472
Send emails i18n'd using backend-stored user language
2022-06-29 20:45:19 +01:00
Tusooa Zhu
8f08c902a5
Make lint happy
2022-06-29 20:44:16 +01:00
Tusooa Zhu
775f997c40
Prefer userLanguage cookie over Accept-Language header in detecting locale
...
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-06-29 20:43:41 +01:00
502382da45
cherry-pick security from upstream
2022-06-22 16:25:05 +01:00
Alex Gleason
138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through
2021-12-27 17:18:26 -06:00
f02715c4b2
Fix lint errors
2021-12-27 03:42:03 +03:00
cd1041c3a4
API: optionally restrict moderators from accessing sensitive data
2021-12-27 02:27:48 +03:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug
2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug
2021-07-12 21:57:52 -05:00
Alex Gleason
595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static
2021-05-30 12:12:58 -05:00
Alex Gleason
721c966842
FrontendStatic: make Router a runtime dep
...
Speeds up recompilation by removing compile-time cycles
2021-05-30 12:12:16 -05:00
Alex Gleason
39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes
2021-05-28 13:51:21 -05:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0
...
Reduce recompilation time by breaking compile-time cycles
2021-05-28 13:51:01 -05:00
Sean King
2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers
2021-04-18 14:00:18 -06:00
1552179792
Improved recursion through the api route list
2021-02-25 10:07:29 -06:00
cea31df6a6
Attempt to filter out API calls from FrontendStatic plug
2021-02-24 15:27:53 -06:00
rinpatch
2ab9499258
OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions
...
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
2021-02-17 21:37:23 +03:00
Ivan Tashkinov
df89b5019b
[ #2510 ] Improved support for app-bound OAuth tokens. Auth-related refactoring.
2021-02-11 15:02:50 +03:00
Egor Kislitsyn
793fc77b16
Add active user count
2021-01-27 18:20:06 +04:00
eugenijm
7fcaa188a0
Allow to define custom HTTP headers per each frontend
2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2
Ability to set the Service-Worker-Allowed header
2021-01-21 21:55:11 +03:00
Lain Soykaf
39f3683a06
Pbkdf2: Use it everywhere.
2021-01-14 15:06:16 +01:00
lain
9106048c61
Password: Replace Pbkdf2 with Password.
2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
86dcfb4eb9
More places we should be using Upload.base_url
2021-01-08 17:32:42 -06:00
d69c78ceb9
Remove configurability of upload proxy opts, simplify
2021-01-05 15:06:00 -06:00
lain
713612c377
Cachex: Make caching provider switchable at runtime.
...
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Ivan Tashkinov
e9859b68fc
[ #3112 ] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions.
2020-12-06 13:59:10 +03:00
Ivan Tashkinov
50e47a215f
Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements
2020-11-28 21:51:27 +03:00
Alexander Strizhakov
6aadb1cb40
digest algorithm is taken from header
2020-11-27 08:10:52 +03:00
Ivan Tashkinov
12a5981cc3
Session token setting on token exchange. Auth-related refactoring.
2020-11-25 21:47:23 +03:00
Ivan Tashkinov
ccc2cf0e87
Session-based OAuth auth fixes (token expiration check), refactoring, tweaks.
2020-11-21 19:47:25 +03:00
Ivan Tashkinov
04f6b48ac1
Auth subsystem refactoring and tweaks.
...
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
2020-10-31 13:38:35 +03:00
Maksim Pechnikov
d28f72a55a
FrontStatic plug: excluded invalid url
2020-10-27 22:59:27 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase
2020-10-13 16:44:02 +03:00