diff options
| -rw-r--r-- | .gitlab-ci.yml | 8 | ||||
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | config/config.exs | 2 | ||||
| -rw-r--r-- | docs/configuration/cheatsheet.md | 6 | ||||
| -rw-r--r-- | docs/installation/otp_en.md | 8 | ||||
| -rw-r--r-- | lib/pleroma/web/oauth/oauth_controller.ex | 18 | ||||
| -rw-r--r-- | test/web/oauth/oauth_controller_test.exs | 23 |
7 files changed, 57 insertions, 9 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4f448a784..d915ebae9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -34,7 +34,7 @@ benchmark: variables: MIX_ENV: benchmark services: - - name: lainsoykaf/postgres-with-rum + - name: postgres:9.6 alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: @@ -46,7 +46,7 @@ benchmark: unit-testing: stage: test services: - - name: lainsoykaf/postgres-with-rum + - name: postgres:9.6 alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: @@ -58,7 +58,7 @@ unit-testing: unit-testing-rum: stage: test services: - - name: lainsoykaf/postgres-with-rum + - name: minibikini/postgres-with-rum:12 alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] variables: @@ -139,7 +139,7 @@ stop_review_app: - ssh -t dokku@pleroma.online -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db amd64: - stage: release + stage: release # TODO: Replace with upstream image when 1.9.0 comes out image: rinpatch/elixir:1.9.0-rc.0 only: &release-only diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ec084dbd..727dde9be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -64,6 +64,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Report emails now include functional links to profiles of remote user accounts +- Not being able to log in to some third-party apps when logged in to MastoFE <details> <summary>API Changes</summary> diff --git a/config/config.exs b/config/config.exs index 54de8fa9f..17d15256f 100644 --- a/config/config.exs +++ b/config/config.exs @@ -274,7 +274,7 @@ config :pleroma, :instance, account_field_name_length: 512, account_field_value_length: 2048, external_user_synchronization: true, - extended_nickname_format: false + extended_nickname_format: true config :pleroma, :feed, post_title: %{ diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 8f609fcfd..61783cf3f 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -523,7 +523,7 @@ config :pleroma, :workers, Configuration for [Quantum](https://github.com/quantum-elixir/quantum-core) jobs scheduler. -See [Quantum readme](https://github.com/quantum-elixir/quantum-core#usage) for the list of supported options. +See [Quantum readme](https://github.com/quantum-elixir/quantum-core#usage) for the list of supported options. Example: @@ -593,6 +593,10 @@ See the [Quack Github](https://github.com/azohra/quack) for more details ## Database options ### RUM indexing for full text search + +!!! warning + It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions. + * `rum_enabled`: If RUM indexes should be used. Defaults to `false`. RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. While they may eventually be mainlined, for now they have to be installed as a PostgreSQL extension from https://github.com/postgrespro/rum. diff --git a/docs/installation/otp_en.md b/docs/installation/otp_en.md index c028f4229..965e30e2a 100644 --- a/docs/installation/otp_en.md +++ b/docs/installation/otp_en.md @@ -42,6 +42,10 @@ apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot ## Setup ### Configuring PostgreSQL #### (Optional) Installing RUM indexes + +!!! warning + It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions. + RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results). Debian/Ubuntu (available only on Buster/19.04): @@ -74,7 +78,7 @@ rc-service postgresql restart # Create the Pleroma user adduser --system --shell /bin/false --home /opt/pleroma pleroma -# Set the flavour environment variable to the string you got in Detecting flavour section. +# Set the flavour environment variable to the string you got in Detecting flavour section. # For example if the flavour is `arm64-musl` the command will be export FLAVOUR="arm64-musl" @@ -180,7 +184,7 @@ rc-service pleroma start rc-update add pleroma ``` -If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors. +If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors. Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://webchat.freenode.net/?channels=%23pleroma) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new) diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 1b1394787..2aee8cab2 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -37,7 +37,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do authorize(conn, Map.merge(params, auth_attrs)) end - def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, params) do + def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, %{"force_login" => _} = params) do if ControllerHelper.truthy_param?(params["force_login"]) do do_authorize(conn, params) else @@ -45,6 +45,22 @@ defmodule Pleroma.Web.OAuth.OAuthController do end end + # Note: the token is set in oauth_plug, but the token and client do not always go together. + # For example, MastodonFE's token is set if user requests with another client, + # after user already authorized to MastodonFE. + # So we have to check client and token. + def authorize( + %Plug.Conn{assigns: %{token: %Token{} = token}} = conn, + %{"client_id" => client_id} = params + ) do + with %Token{} = t <- Repo.get_by(Token, token: token.token) |> Repo.preload(:app), + ^client_id <- t.app.client_id do + handle_existing_authorization(conn, params) + else + _ -> do_authorize(conn, params) + end + end + def authorize(%Plug.Conn{} = conn, params), do: do_authorize(conn, params) defp do_authorize(%Plug.Conn{} = conn, params) do diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index ad8d79083..beb995cd8 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -469,6 +469,29 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert html_response(conn, 200) =~ ~s(type="submit") end + test "renders authentication page if user is already authenticated but user request with another client", + %{ + app: app, + conn: conn + } do + token = insert(:oauth_token, app_id: app.id) + + conn = + conn + |> put_session(:oauth_token, token.token) + |> get( + "/oauth/authorize", + %{ + "response_type" => "code", + "client_id" => "another_client_id", + "redirect_uri" => OAuthController.default_redirect_uri(app), + "scope" => "read" + } + ) + + assert html_response(conn, 200) =~ ~s(type="submit") + end + test "with existing authentication and non-OOB `redirect_uri`, redirects to app with `token` and `state` params", %{ app: app, |