Commit graph

142 commits

Author SHA1 Message Date
Egor Kislitsyn 775212121c
Verify HTTP signatures only when request accepts "activity+json" type 2019-12-19 20:17:18 +07:00
Maxim Filippov 45180d4c60 Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost 2019-12-17 12:36:56 +03:00
minibikini e1fa8c11a9 Apply suggestion to test/plugs/http_signature_plug_test.exs 2019-12-16 18:39:59 +00:00
Egor Kislitsyn a12b6454bb
Add an option to require fetches to be signed 2019-12-16 22:24:03 +07:00
rinpatch 54029fe212 tests: remove a useless sleep in rate limiter tests
It was used to check that authenticated and unauthenticated users have
different limits. Instead of sleeping a super low limit for
unauthenticated users was set, preventing them from doing 5 requests in
the first place.
2019-12-16 01:03:13 +03:00
Ivan Tashkinov 7973cbdb9f OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: controller tests modification: OAuth scopes usage. 2019-12-15 22:32:42 +03:00
Maxim Filippov eb11c60289 Disable rate limiter for socket/localhost (unless RemoteIp is enabled) 2019-12-14 03:06:43 +03:00
Ivan Tashkinov 3920244be5 [#1427] Fixed :admin option handling in OAuthScopesPlug, added tests. 2019-12-11 11:42:02 +03:00
Ivan Tashkinov 1770602747 [#1427] Extra check that admin OAuth scope is used by admin. Adjusted tests. 2019-12-07 17:49:53 +03:00
Ivan Tashkinov 40e1817f70 [#1427] Fixes / improvements of admin scopes support. Added tests. 2019-12-06 20:33:47 +03:00
Egor Kislitsyn 36686f5245
Support authentication via x-admin-token HTTP header 2019-11-19 15:58:20 +07:00
rinpatch 22554ac5ca Merge branch 'bugfix/1395-email-activation' into 'develop'
Bugfix/1395 email activation

Closes #1395

See merge request pleroma/pleroma!1965
2019-11-15 14:11:48 +00:00
Egor Kislitsyn 72cf6a76f4
Fix random fails of the rate limiter tests 2019-11-13 18:07:53 +07:00
Steven Fuchs 94627baa5c New rate limiter 2019-11-11 12:13:06 +00:00
lain f6056e9c9c UserEnabledPlug: Don't authenticate unconfirmed users. 2019-11-11 12:43:46 +01:00
rinpatch 84175fe30e Set better Cache-Control header for static content
Closes #1382
2019-11-06 16:41:19 +03:00
Ivan Tashkinov 10ff01acd9 [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. 2019-10-16 21:59:21 +03:00
Ivan Tashkinov 64095961fe [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	CHANGELOG.md
#	lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
#	lib/pleroma/web/router.ex
2019-10-02 20:42:40 +03:00
minibikini f9380289eb Add remote_ip plug 2019-09-27 21:59:23 +00:00
Ivan Tashkinov 6f67aed3ac [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	lib/pleroma/web/admin_api/admin_api_controller.ex
2019-09-19 10:59:09 +03:00
Haelwenn (lanodan) Monnier 447514dfa2
Bump copyright years of files changed in 2019
Done via the following command:
git diff 1e6c102bfc --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2019-09-18 23:21:11 +02:00
Ivan Tashkinov b17f217bf3 [#1234] Addressed code analysis issue. 2019-09-17 23:31:05 +03:00
Ivan Tashkinov 76068873db [#1234] Defined admin OAuth scopes, refined other scopes. Added tests. 2019-09-17 22:19:39 +03:00
Ivan Tashkinov efbc2edba1 [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	lib/pleroma/web/activity_pub/activity_pub_controller.ex
#	lib/pleroma/web/router.ex
2019-09-15 18:52:27 +03:00
minibikini 11e12b5761 Add Pleroma.Plugs.Cache 2019-09-09 18:53:08 +00:00
Ivan Tashkinov b63faf9819 [#1234] Mastodon 2.4.3 hierarchical scopes initial support (WIP). 2019-09-08 15:00:03 +03:00
Maksim a320358703 added test helpers to clear config after tests 2019-08-19 15:34:29 +00:00
Maksim 55341ac717 tests WebFinger 2019-07-24 15:13:10 +00:00
Sergey Suprunenko 9340896c9e Exclude tests that use :crypt.crypt/2 on macOS 2019-07-22 19:54:22 +00:00
Sergey Suprunenko 43a7cd27fe [tests] Mock :crypt.crypt/2 function in AuthenticationPlugTest 2019-07-20 13:07:51 +00:00
kaniini 716afc83ce Merge branch 'refactor/http-signature-plug' into 'develop'
http signature plug: separation of concerns

See merge request pleroma/pleroma!1449
2019-07-19 16:57:24 +00:00
Ariadne Conill c947cfec5a mapped signature plug: use user assign like authentication plug 2019-07-18 20:31:25 +00:00
Maksim f435217e50 tests for Plugs.AuthenticationPlug 2019-07-18 20:29:51 +00:00
Ariadne Conill 621cacf667 tests: add tests for mapped signature plug 2019-07-18 16:28:36 +00:00
Ariadne Conill 88d064d80e http signature plug: remove redundant checks handled by HTTPSignatures library
the redundant checks assumed a POST request, which will not work for signed GETs.
this check was originally needed because the HTTPSignatures adapter assumed that
the requests were also POST requests.  but now, the adapter has been corrected.
2019-07-18 15:11:21 +00:00
Ivan Tashkinov 369e9bb42f [#1041] Rate-limited status actions (per user and per user+status). 2019-07-13 14:49:39 +03:00
Egor Kislitsyn c2a589d9a3 Fix credo warning 2019-07-10 18:10:09 +07:00
Egor Kislitsyn 0d54a571ca Add SetLocalePlug 2019-07-10 18:08:03 +07:00
feld 93a0eeab16 Add license/copyright to all project files 2019-07-10 05:13:23 +00:00
Egor Kislitsyn 889a9c3a3f Polish IdempotencyPlug 2019-06-27 01:53:58 +07:00
Egor Kislitsyn 825077a5b0 Add Idempotency plug 2019-06-26 18:36:58 +07:00
Egor Kislitsyn fc6e661672 Fix rate limiter tests 2019-06-21 16:47:16 +07:00
Egor Kislitsyn ad04d12de6 Replace MastodonAPIController.account_register/2 rate limiter 2019-06-11 16:06:03 +07:00
Egor Kislitsyn 2e5affce61 Add RateLimiter 2019-06-11 14:27:41 +07:00
feld f916e4cdd9 Move the Cache Control header test to its own file
We can consolidate our cache control header tests here
2019-05-24 20:33:55 +00:00
Alexander Strizhakov 7ed682213f Fix/902 random compile failing 2019-05-17 07:25:20 +00:00
Alex S aa11fa4864 add report uri and report to 2019-05-16 12:49:40 +07:00
kaniini 62516be9c4 Merge branch 'fix/public-option-not-working' into 'develop'
Fix public option not working

Closes #873

See merge request pleroma/pleroma!1143
2019-05-15 15:42:21 +00:00
William Pitcock 4429c1b7da tests: fixup 2019-05-15 15:29:42 +00:00
Aaron Tinio 7b8dc99ef1 Implement Pleroma.Plugs.EnsurePublicOrAuthenticated 2019-05-15 05:09:29 +08:00
Alexander Strizhakov a2be420f94 differences_in_mastoapi_responses.md: fullname & bio are optionnal
[ci skip]
2019-05-13 18:35:45 +00:00
AkiraFukushima a53a6c9d64 Add oauth plug tests for url and body parameters 2019-05-02 22:25:21 +09:00
Sergey Suprunenko e9c075d05c
Mock :crypt.crypt/2 because otherwise the test fails on Mac OS 2019-04-05 22:48:11 +02:00
rinpatch 355f285a86 Fix uploaded media plug test 2019-03-14 22:26:54 +03:00
rinpatch e2fe796c63 Add some tests 2019-03-14 22:02:48 +03:00
Ivan Tashkinov 337367d764 [#468] More OAuth scopes-specific tests. 2019-02-20 12:27:28 +03:00
William Pitcock 3c08d229db tests: add legal boilerplate 2018-12-23 20:57:10 +00:00
lambda 61a88a6757 Merge branch 'ci-test-fix' into 'develop'
SetUserSessionIdPlugTest: try again to fix random ci failures

See merge request pleroma/pleroma!579
2018-12-20 16:31:08 +00:00
href adbb265fc6
daaa8cd6 take two 2018-12-19 20:14:33 +01:00
lain f3eb414e28 Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
href daaa8cd66a
SetUserSessionIdPlugTest: try to fix random ci failures 2018-12-18 13:40:25 +01:00
href b1860fe85a
Instance/Static runtime plug
This allows to set-up an arbitrary directory which overrides most of the
static files: index.html static/ emoji/ packs/ sounds/ images/ instance/
favicon.png.

If the files are not present in the directory, the bundled ones in
priv/static will be used.
2018-12-17 22:50:59 +01:00
Maksim Pechnikov 89b3729afa fix warnings 2018-12-12 09:09:19 +03:00
Maksim Pechnikov c524c50509 fix/273 2018-12-05 17:32:06 +03:00
lain f18b86fd5f More fixes for Info schema. 2018-12-01 12:46:08 +01:00
lain 1c67277c80 Fix admin api. 2018-12-01 09:03:16 +01:00
Haelwenn (lanodan) Monnier 76bd80d462
test/plugs/user_is_admin_plug_test: New test 2018-11-17 22:12:13 +01:00
AkiraFukushima 62944b47fb Reset http security settings to fix plug test 2018-11-17 00:45:21 +09:00
William Pitcock ee5932a504 http security: allow referrer-policy to be configured 2018-11-12 15:14:46 +00:00
William Pitcock fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
William Pitcock 54fdce9107 tests: add tests for CSPPlug 2018-11-11 07:26:31 +00:00
William Pitcock a4fe14de02 tests: break the cycle using pleroma.factory 2018-09-09 12:56:25 +00:00
William Pitcock fc92bb28b4 tests: try breaking the cycle a different way 2018-09-09 12:43:58 +00:00
William Pitcock 33a5294fad test: user enabled plug tests: fix circular reference 2018-09-09 12:23:48 +00:00
lain d22af29bb4 Fix warning. 2018-09-05 22:42:50 +02:00
lain 44b094908c Update legacy passwords automatically. 2018-09-05 22:30:14 +02:00
lain e601165426 Add UserEnabledPlug. 2018-09-05 21:53:53 +02:00
lain 5ce1ebb179 Add SetUserSessionIdPlug. 2018-09-05 21:42:42 +02:00
lain 12bc73dd28 Add EnsureUserKeyPlug, smaller fixes 2018-09-05 19:06:28 +02:00
lain 32465b9939 Simplify AuthenticationPlug 2018-09-05 18:53:38 +02:00
lain 9a96c93be7 Add SessionAuthenticationPlug. 2018-09-05 18:37:02 +02:00
lain a3f54fca4d Add LegacyAuthenticationPlug 2018-09-05 18:17:33 +02:00
lain 3cf17dc402 Add EnsureAuthenticatedPlug 2018-09-05 17:59:19 +02:00
lain faf5347748 Add UserFetcherPlug. 2018-09-05 17:44:38 +02:00
lain 42bd985e66 Add BasicAuthDecoderPlug 2018-09-05 17:30:05 +02:00
Moon Man 1a8bc26e52 auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 00:21:44 -04:00
lain 0a14d155d6 Fail faster. 2018-04-02 13:13:14 +02:00
lain 4afbef39f4 Format the code. 2018-03-30 15:01:53 +02:00
Lain Iwakura 0ec5aeb8a7 Don't log in deactivated users. 2017-12-07 17:41:34 +01:00
Roger Braun 70024632ba AP refactoring. 2017-05-16 18:19:04 +02:00
Roger Braun 32aa83f3a2 Short circuit user verification if cookie is present. 2017-03-30 15:29:49 +02:00
Roger Braun e32dbfc9a5 Add basic auth. 2017-03-20 17:56:45 +01:00