Egor Kislitsyn
775212121c
Verify HTTP signatures only when request accepts "activity+json" type
2019-12-19 20:17:18 +07:00
Maxim Filippov
45180d4c60
Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost
2019-12-17 12:36:56 +03:00
minibikini
e1fa8c11a9
Apply suggestion to test/plugs/http_signature_plug_test.exs
2019-12-16 18:39:59 +00:00
Egor Kislitsyn
a12b6454bb
Add an option to require fetches to be signed
2019-12-16 22:24:03 +07:00
rinpatch
54029fe212
tests: remove a useless sleep in rate limiter tests
...
It was used to check that authenticated and unauthenticated users have
different limits. Instead of sleeping a super low limit for
unauthenticated users was set, preventing them from doing 5 requests in
the first place.
2019-12-16 01:03:13 +03:00
Ivan Tashkinov
7973cbdb9f
OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: controller tests modification: OAuth scopes usage.
2019-12-15 22:32:42 +03:00
Maxim Filippov
eb11c60289
Disable rate limiter for socket/localhost (unless RemoteIp is enabled)
2019-12-14 03:06:43 +03:00
Ivan Tashkinov
3920244be5
[ #1427 ] Fixed `:admin` option handling in OAuthScopesPlug, added tests.
2019-12-11 11:42:02 +03:00
Ivan Tashkinov
1770602747
[ #1427 ] Extra check that admin OAuth scope is used by admin. Adjusted tests.
2019-12-07 17:49:53 +03:00
Ivan Tashkinov
40e1817f70
[ #1427 ] Fixes / improvements of admin scopes support. Added tests.
2019-12-06 20:33:47 +03:00
Egor Kislitsyn
36686f5245
Support authentication via `x-admin-token` HTTP header
2019-11-19 15:58:20 +07:00
rinpatch
22554ac5ca
Merge branch 'bugfix/1395-email-activation' into 'develop'
...
Bugfix/1395 email activation
Closes #1395
See merge request pleroma/pleroma!1965
2019-11-15 14:11:48 +00:00
Egor Kislitsyn
72cf6a76f4
Fix random fails of the rate limiter tests
2019-11-13 18:07:53 +07:00
Steven Fuchs
94627baa5c
New rate limiter
2019-11-11 12:13:06 +00:00
lain
f6056e9c9c
UserEnabledPlug: Don't authenticate unconfirmed users.
2019-11-11 12:43:46 +01:00
rinpatch
84175fe30e
Set better Cache-Control header for static content
...
Closes #1382
2019-11-06 16:41:19 +03:00
Ivan Tashkinov
10ff01acd9
[ #1304 ] Moved all non-mutes / non-blocks fields from User.Info to User. WIP.
2019-10-16 21:59:21 +03:00
Ivan Tashkinov
64095961fe
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# CHANGELOG.md
# lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
# lib/pleroma/web/router.ex
2019-10-02 20:42:40 +03:00
minibikini
f9380289eb
Add `remote_ip` plug
2019-09-27 21:59:23 +00:00
Ivan Tashkinov
6f67aed3ac
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# lib/pleroma/web/admin_api/admin_api_controller.ex
2019-09-19 10:59:09 +03:00
Haelwenn (lanodan) Monnier
447514dfa2
Bump copyright years of files changed in 2019
...
Done via the following command:
git diff 1e6c102bfc
--stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2019-09-18 23:21:11 +02:00
Ivan Tashkinov
b17f217bf3
[ #1234 ] Addressed code analysis issue.
2019-09-17 23:31:05 +03:00
Ivan Tashkinov
76068873db
[ #1234 ] Defined admin OAuth scopes, refined other scopes. Added tests.
2019-09-17 22:19:39 +03:00
Ivan Tashkinov
efbc2edba1
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# lib/pleroma/web/activity_pub/activity_pub_controller.ex
# lib/pleroma/web/router.ex
2019-09-15 18:52:27 +03:00
minibikini
11e12b5761
Add Pleroma.Plugs.Cache
2019-09-09 18:53:08 +00:00
Ivan Tashkinov
b63faf9819
[ #1234 ] Mastodon 2.4.3 hierarchical scopes initial support (WIP).
2019-09-08 15:00:03 +03:00
Maksim
a320358703
added test helpers to clear config after tests
2019-08-19 15:34:29 +00:00
Maksim
55341ac717
tests WebFinger
2019-07-24 15:13:10 +00:00
Sergey Suprunenko
9340896c9e
Exclude tests that use :crypt.crypt/2 on macOS
2019-07-22 19:54:22 +00:00
Sergey Suprunenko
43a7cd27fe
[tests] Mock :crypt.crypt/2 function in AuthenticationPlugTest
2019-07-20 13:07:51 +00:00
kaniini
716afc83ce
Merge branch 'refactor/http-signature-plug' into 'develop'
...
http signature plug: separation of concerns
See merge request pleroma/pleroma!1449
2019-07-19 16:57:24 +00:00
Ariadne Conill
c947cfec5a
mapped signature plug: use `user` assign like authentication plug
2019-07-18 20:31:25 +00:00
Maksim
f435217e50
tests for Plugs.AuthenticationPlug
2019-07-18 20:29:51 +00:00
Ariadne Conill
621cacf667
tests: add tests for mapped signature plug
2019-07-18 16:28:36 +00:00
Ariadne Conill
88d064d80e
http signature plug: remove redundant checks handled by HTTPSignatures library
...
the redundant checks assumed a POST request, which will not work for signed GETs.
this check was originally needed because the HTTPSignatures adapter assumed that
the requests were also POST requests. but now, the adapter has been corrected.
2019-07-18 15:11:21 +00:00
Ivan Tashkinov
369e9bb42f
[ #1041 ] Rate-limited status actions (per user and per user+status).
2019-07-13 14:49:39 +03:00
Egor Kislitsyn
c2a589d9a3
Fix credo warning
2019-07-10 18:10:09 +07:00
Egor Kislitsyn
0d54a571ca
Add SetLocalePlug
2019-07-10 18:08:03 +07:00
feld
93a0eeab16
Add license/copyright to all project files
2019-07-10 05:13:23 +00:00
Egor Kislitsyn
889a9c3a3f
Polish IdempotencyPlug
2019-06-27 01:53:58 +07:00
Egor Kislitsyn
825077a5b0
Add Idempotency plug
2019-06-26 18:36:58 +07:00
Egor Kislitsyn
fc6e661672
Fix rate limiter tests
2019-06-21 16:47:16 +07:00
Egor Kislitsyn
ad04d12de6
Replace `MastodonAPIController.account_register/2` rate limiter
2019-06-11 16:06:03 +07:00
Egor Kislitsyn
2e5affce61
Add RateLimiter
2019-06-11 14:27:41 +07:00
feld
f916e4cdd9
Move the Cache Control header test to its own file
...
We can consolidate our cache control header tests here
2019-05-24 20:33:55 +00:00
Alexander Strizhakov
7ed682213f
Fix/902 random compile failing
2019-05-17 07:25:20 +00:00
Alex S
aa11fa4864
add report uri and report to
2019-05-16 12:49:40 +07:00
kaniini
62516be9c4
Merge branch 'fix/public-option-not-working' into 'develop'
...
Fix public option not working
Closes #873
See merge request pleroma/pleroma!1143
2019-05-15 15:42:21 +00:00
William Pitcock
4429c1b7da
tests: fixup
2019-05-15 15:29:42 +00:00
Aaron Tinio
7b8dc99ef1
Implement Pleroma.Plugs.EnsurePublicOrAuthenticated
2019-05-15 05:09:29 +08:00
Alexander Strizhakov
a2be420f94
differences_in_mastoapi_responses.md: fullname & bio are optionnal
...
[ci skip]
2019-05-13 18:35:45 +00:00
AkiraFukushima
a53a6c9d64
Add oauth plug tests for url and body parameters
2019-05-02 22:25:21 +09:00
Sergey Suprunenko
e9c075d05c
Mock :crypt.crypt/2 because otherwise the test fails on Mac OS
2019-04-05 22:48:11 +02:00
rinpatch
355f285a86
Fix uploaded media plug test
2019-03-14 22:26:54 +03:00
rinpatch
e2fe796c63
Add some tests
2019-03-14 22:02:48 +03:00
Ivan Tashkinov
337367d764
[ #468 ] More OAuth scopes-specific tests.
2019-02-20 12:27:28 +03:00
William Pitcock
3c08d229db
tests: add legal boilerplate
2018-12-23 20:57:10 +00:00
lambda
61a88a6757
Merge branch 'ci-test-fix' into 'develop'
...
SetUserSessionIdPlugTest: try again to fix random ci failures
See merge request pleroma/pleroma!579
2018-12-20 16:31:08 +00:00
href
adbb265fc6
daaa8cd6
take two
2018-12-19 20:14:33 +01:00
lain
f3eb414e28
Add a way to use the admin api without a user.
2018-12-18 21:08:52 +01:00
href
daaa8cd66a
SetUserSessionIdPlugTest: try to fix random ci failures
2018-12-18 13:40:25 +01:00
href
b1860fe85a
Instance/Static runtime plug
...
This allows to set-up an arbitrary directory which overrides most of the
static files: index.html static/ emoji/ packs/ sounds/ images/ instance/
favicon.png.
If the files are not present in the directory, the bundled ones in
priv/static will be used.
2018-12-17 22:50:59 +01:00
Maksim Pechnikov
89b3729afa
fix warnings
2018-12-12 09:09:19 +03:00
Maksim Pechnikov
c524c50509
fix/273
2018-12-05 17:32:06 +03:00
lain
f18b86fd5f
More fixes for Info schema.
2018-12-01 12:46:08 +01:00
lain
1c67277c80
Fix admin api.
2018-12-01 09:03:16 +01:00
Haelwenn (lanodan) Monnier
76bd80d462
test/plugs/user_is_admin_plug_test: New test
2018-11-17 22:12:13 +01:00
AkiraFukushima
62944b47fb
Reset http security settings to fix plug test
2018-11-17 00:45:21 +09:00
William Pitcock
ee5932a504
http security: allow referrer-policy to be configured
2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19
rename CSPPlug to HTTPSecurityPlug.
2018-11-12 15:08:02 +00:00
William Pitcock
54fdce9107
tests: add tests for CSPPlug
2018-11-11 07:26:31 +00:00
William Pitcock
a4fe14de02
tests: break the cycle using pleroma.factory
2018-09-09 12:56:25 +00:00
William Pitcock
fc92bb28b4
tests: try breaking the cycle a different way
2018-09-09 12:43:58 +00:00
William Pitcock
33a5294fad
test: user enabled plug tests: fix circular reference
2018-09-09 12:23:48 +00:00
lain
d22af29bb4
Fix warning.
2018-09-05 22:42:50 +02:00
lain
44b094908c
Update legacy passwords automatically.
2018-09-05 22:30:14 +02:00
lain
e601165426
Add UserEnabledPlug.
2018-09-05 21:53:53 +02:00
lain
5ce1ebb179
Add SetUserSessionIdPlug.
2018-09-05 21:42:42 +02:00
lain
12bc73dd28
Add EnsureUserKeyPlug, smaller fixes
2018-09-05 19:06:28 +02:00
lain
32465b9939
Simplify AuthenticationPlug
2018-09-05 18:53:38 +02:00
lain
9a96c93be7
Add SessionAuthenticationPlug.
2018-09-05 18:37:02 +02:00
lain
a3f54fca4d
Add LegacyAuthenticationPlug
2018-09-05 18:17:33 +02:00
lain
3cf17dc402
Add EnsureAuthenticatedPlug
2018-09-05 17:59:19 +02:00
lain
faf5347748
Add UserFetcherPlug.
2018-09-05 17:44:38 +02:00
lain
42bd985e66
Add BasicAuthDecoderPlug
2018-09-05 17:30:05 +02:00
Moon Man
1a8bc26e52
auth against sha512-crypt password hashes, upgrade to pbkdf2
2018-09-05 00:21:44 -04:00
lain
0a14d155d6
Fail faster.
2018-04-02 13:13:14 +02:00
lain
4afbef39f4
Format the code.
2018-03-30 15:01:53 +02:00
Lain Iwakura
0ec5aeb8a7
Don't log in deactivated users.
2017-12-07 17:41:34 +01:00
Roger Braun
70024632ba
AP refactoring.
2017-05-16 18:19:04 +02:00
Roger Braun
32aa83f3a2
Short circuit user verification if cookie is present.
2017-03-30 15:29:49 +02:00
Roger Braun
e32dbfc9a5
Add basic auth.
2017-03-20 17:56:45 +01:00