pleroma.git - [no description]

Age	Commit message (Collapse)	Author
2020-07-28	FrontendStatic: Add plug to serve frontends based on configuration.	lain

2020-07-14	Merge branch 'feature/1922-media-proxy-whitelist' into 'develop'	feld
	Support for hosts with scheme in MediaProxy whitelist setting Closes #1922 See merge request pleroma/pleroma!2754
2020-07-14	[#1940] Applied rate limit for requests with bad `admin_token`. Added doc ↵	Ivan Tashkinov
	warnings on `admin_token` setting.
2020-07-19	[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored ↵	Ivan Tashkinov
	UserIsAdminPlug (freed from checking admin scopes presence).
2020-07-12	MediaProxy whitelist setting now supports hosts with scheme	Alexander Strizhakov
	added deprecation warning about using bare domains
2020-06-03	preload data into index.html	stwf

2020-05-27	HTTP Security plug: rewrite &csp_string/0	rinpatch
	- Directives are now separated with ";" instead of " ;", according to https://www.w3.org/TR/CSP2/#policy-parsing the space is optional - Use an IO list, which at the end gets converted to a binary as opposed to ++ing a bunch of arrays with binaries together and joining them to a string. I doubt it gives any significant real world advantage, but the code is cleaner and now I can sleep at night. - The static part of csp is pre-joined to a single binary at compile time. Same reasoning as the last point.
2020-05-25	Skip failing `:crypt` test on mac	Egor Kislitsyn

2020-05-17	AuthenticationPlug: Also update crypt passwords.	lain

2020-05-17	Authentication Plug: Update bcrypt password on login.	lain

2020-05-13	Handle bcrypt passwords for Mastodon migration	Alex Gleason

2020-05-12	Upgrade Comeonin to v5	Alex Gleason
	https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md
2020-05-07	Pleroma.Web.TwitterAPI.TwoFactorAuthenticationController -> ↵	Maksim
	Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController
2020-04-30	Refactoring of :if_func / :unless_func plug options (general availability). ↵	Ivan Tashkinov
	Added tests for Pleroma.Web.Plug.
2020-04-21	Automatic checks of authentication / instance publicity. Definition of ↵	Ivan Tashkinov
	missing OAuth scopes in AdminAPIController. Refactoring.
2020-04-17	[#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks ↵	Ivan Tashkinov
	when password is provided. Refactored plugs skipping functionality.
2020-04-15	[#2349] Made :skip_plug/2 prevent plug from being executed even if ↵	Ivan Tashkinov
	explicitly called. Refactoring. Tests.
2020-04-15	remote_ip plug adds remote_ip_found flag	Alexander Strizhakov

2020-03-20	Improved in-test `clear_config/n` applicability (setup / setup_all / in-test ↵	Ivan Tashkinov
	usage).
2020-03-18	Improved in-test config management functions.	Ivan Tashkinov

2020-03-16	warnings fix	Alexander Strizhakov

2020-03-15	Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'	lain
	[#1560] Restricted AP- & OStatus-related routes for non-federating instances Closes #1560 See merge request pleroma/pleroma!2235
2020-03-15	Merge branch 'fix/rate-limiter-remoteip-behavior' into 'develop'	Haelwenn
	rate limiter: disable based on if remote ip was found, not on if the plug was enabled Closes #1620 See merge request pleroma/pleroma!2296
2020-03-14	Merge remote-tracking branch 'remotes/origin/develop' into ↵	Ivan Tashkinov
	1560-non-federating-instances-routes-restrictions # Conflicts: # lib/pleroma/plugs/static_fe_plug.ex
2020-03-13	rate limiter: disable based on if remote ip was found, not on if the plug ↵	rinpatch
	was enabled The current rate limiter disable logic won't trigger when the remote ip is not forwarded, only when the remoteip plug is not enabled, which is not the case on most instances since it's enabled by default. This changes the behavior to warn and disable when the remote ip was not forwarded, even if the RemoteIP plug is enabled. Also closes #1620
2020-03-11	Revert "Set better Cache-Control header for static content"	rinpatch
	On furher investigation it seems like all that did was cause unintuitive behavior. The emoji request flood that was the reason for introducing it isn't really that big of a deal either, since Plug.Static only needs to read file modification time and size to determine the ETag. Closes #1613
2020-03-09	[#1560] Ensured authentication or enabled federation for federation-related ↵	Ivan Tashkinov
	routes. New tests + tests refactoring.
2020-03-06	Merge remote-tracking branch 'remotes/origin/develop' into ↵	Ivan Tashkinov
	1560-non-federating-instances-routes-restrictions
2020-03-03	Older copyright updates	Mark Felder

2020-03-03	Update Copyrights	Mark Felder

2020-03-02	[#1560] Added tests for non-federating instance bahaviour to ↵	Ivan Tashkinov
	ActivityPubControllerTest.
2020-03-02	Bump copyright years of files changed after 2020-01-07	Haelwenn (lanodan) Monnier
	Done via the following command: git diff fcd5dd259a1700a045be902b43391b0d1bd58a5b --stat --name-only \| xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02	Bump copyright years of files changed after 2019-01-01	Haelwenn (lanodan) Monnier
	Done via the following command: git diff 1e6c102b --stat --name-only \| cat - \| xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2020-03-01	rate limiter: Fix a race condition	rinpatch
	When multiple requests are processed by rate limiter plug at the same time and the bucket is not yet initialized, both would try to initialize the bucket resulting in an internal server error.
2020-02-29	[#2250] Tiny refactoring per merge request review.	Ivan Tashkinov

2020-02-27	Runtime configurability of RateLimiter. Refactoring. Disabled default rate ↵	Ivan Tashkinov
	limits in tests.
2020-02-20	Merge branch 'require-signature' into 'develop'	lain
	Add an option to require fetches to be signed Closes #1444 See merge request pleroma/pleroma!2071
2020-02-13	Tweaks to `clear_config` calls in tests in order to prevent side effects on ↵	Ivan Tashkinov
	config during test suite execution.
2020-01-30	Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost	rinpatch

2019-12-19	Merge remote-tracking branch 'remotes/origin/develop' into ↵	Ivan Tashkinov
	oauth-scopes-tweaks-and-tests
2019-12-19	Verify HTTP signatures only when request accepts "activity+json" type	Egor Kislitsyn

2019-12-17	Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost	Maxim Filippov

2019-12-16	Apply suggestion to test/plugs/http_signature_plug_test.exs	minibikini

2019-12-16	Add an option to require fetches to be signed	Egor Kislitsyn

2019-12-16	tests: remove a useless sleep in rate limiter tests	rinpatch
	It was used to check that authenticated and unauthenticated users have different limits. Instead of sleeping a super low limit for unauthenticated users was set, preventing them from doing 5 requests in the first place.
2019-12-15	OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: ↵	Ivan Tashkinov
	controller tests modification: OAuth scopes usage.
2019-12-14	Disable rate limiter for socket/localhost (unless RemoteIp is enabled)	Maxim Filippov

2019-12-11	[#1427] Fixed `:admin` option handling in OAuthScopesPlug, added tests.	Ivan Tashkinov

2019-12-07	[#1427] Extra check that admin OAuth scope is used by admin. Adjusted tests.	Ivan Tashkinov

2019-12-06	[#1427] Fixes / improvements of admin scopes support. Added tests.	Ivan Tashkinov