| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-05-01 | [#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks ↵ | Ivan Tashkinov | |
| when password is provided. Refactored plugs skipping functionality. | |||
| 2020-05-01 | Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop' | rinpatch | |
| Enforcement of OAuth scopes check for authenticated API endpoints See merge request pleroma/pleroma!2349 | |||
| 2020-03-16 | rate limiter: disable based on if remote ip was found, not on if the plug ↵ | rinpatch | |
| was enabled The current rate limiter disable logic won't trigger when the remote ip is not forwarded, only when the remoteip plug is not enabled, which is not the case on most instances since it's enabled by default. This changes the behavior to warn and disable when the remote ip was not forwarded, even if the RemoteIP plug is enabled. Also closes #1620 | |||
| 2020-03-15 | Revert "Set better Cache-Control header for static content" | rinpatch | |
| On furher investigation it seems like all that did was cause unintuitive behavior. The emoji request flood that was the reason for introducing it isn't really that big of a deal either, since Plug.Static only needs to read file modification time and size to determine the ETag. Closes #1613 | |||
| 2020-03-03 | Older copyright updates | Mark Felder | |
| 2020-03-03 | Update Copyrights | Mark Felder | |
| 2020-03-02 | Bump copyright years of files changed after 2020-01-07 | Haelwenn (lanodan) Monnier | |
| Done via the following command: git diff fcd5dd259a1700a045be902b43391b0d1bd58a5b --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>' | |||
| 2020-03-02 | Bump copyright years of files changed after 2019-01-01 | Haelwenn (lanodan) Monnier | |
| Done via the following command: git diff 1e6c102b --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/' | |||
| 2020-03-01 | rate limiter: Fix a race condition | rinpatch | |
| When multiple requests are processed by rate limiter plug at the same time and the bucket is not yet initialized, both would try to initialize the bucket resulting in an internal server error. | |||
| 2020-02-29 | [#2250] Tiny refactoring per merge request review. | Ivan Tashkinov | |
| 2020-02-27 | Runtime configurability of RateLimiter. Refactoring. Disabled default rate ↵ | Ivan Tashkinov | |
| limits in tests. | |||
| 2020-02-20 | Merge branch 'require-signature' into 'develop' | lain | |
| Add an option to require fetches to be signed Closes #1444 See merge request pleroma/pleroma!2071 | |||
| 2020-02-13 | Tweaks to `clear_config` calls in tests in order to prevent side effects on ↵ | Ivan Tashkinov | |
| config during test suite execution. | |||
| 2020-01-30 | Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost | rinpatch | |
| 2019-12-19 | Merge remote-tracking branch 'remotes/origin/develop' into ↵ | Ivan Tashkinov | |
| oauth-scopes-tweaks-and-tests | |||
| 2019-12-19 | Verify HTTP signatures only when request accepts "activity+json" type | Egor Kislitsyn | |
| 2019-12-17 | Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost | Maxim Filippov | |
| 2019-12-16 | Apply suggestion to test/plugs/http_signature_plug_test.exs | minibikini | |
| 2019-12-16 | Add an option to require fetches to be signed | Egor Kislitsyn | |
| 2019-12-16 | tests: remove a useless sleep in rate limiter tests | rinpatch | |
| It was used to check that authenticated and unauthenticated users have different limits. Instead of sleeping a super low limit for unauthenticated users was set, preventing them from doing 5 requests in the first place. | |||
| 2019-12-15 | OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: ↵ | Ivan Tashkinov | |
| controller tests modification: OAuth scopes usage. | |||
| 2019-12-14 | Disable rate limiter for socket/localhost (unless RemoteIp is enabled) | Maxim Filippov | |
| 2019-12-11 | [#1427] Fixed `:admin` option handling in OAuthScopesPlug, added tests. | Ivan Tashkinov | |
| 2019-12-07 | [#1427] Extra check that admin OAuth scope is used by admin. Adjusted tests. | Ivan Tashkinov | |
| 2019-12-06 | [#1427] Fixes / improvements of admin scopes support. Added tests. | Ivan Tashkinov | |
| 2019-11-19 | Support authentication via `x-admin-token` HTTP header | Egor Kislitsyn | |
| 2019-11-15 | Merge branch 'bugfix/1395-email-activation' into 'develop' | rinpatch | |
| Bugfix/1395 email activation Closes #1395 See merge request pleroma/pleroma!1965 | |||
| 2019-11-13 | Fix random fails of the rate limiter tests | Egor Kislitsyn | |
| 2019-11-11 | New rate limiter | Steven Fuchs | |
| 2019-11-11 | UserEnabledPlug: Don't authenticate unconfirmed users. | lain | |
| 2019-11-06 | Set better Cache-Control header for static content | rinpatch | |
| Closes #1382 | |||
| 2019-10-16 | [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. | Ivan Tashkinov | |
| 2019-10-02 | [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into ↵ | Ivan Tashkinov | |
| 1234-mastodon-2-4-3-oauth-scopes # Conflicts: # CHANGELOG.md # lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex # lib/pleroma/web/router.ex | |||
| 2019-09-27 | Add `remote_ip` plug | minibikini | |
| 2019-09-19 | [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into ↵ | Ivan Tashkinov | |
| 1234-mastodon-2-4-3-oauth-scopes # Conflicts: # lib/pleroma/web/admin_api/admin_api_controller.ex | |||
| 2019-09-18 | Bump copyright years of files changed in 2019 | Haelwenn (lanodan) Monnier | |
| Done via the following command: git diff 1e6c102bfcfe0e4835a48f2483f2376f9bf86a20 --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/' | |||
| 2019-09-17 | [#1234] Addressed code analysis issue. | Ivan Tashkinov | |
| 2019-09-17 | [#1234] Defined admin OAuth scopes, refined other scopes. Added tests. | Ivan Tashkinov | |
| 2019-09-15 | [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into ↵ | Ivan Tashkinov | |
| 1234-mastodon-2-4-3-oauth-scopes # Conflicts: # lib/pleroma/web/activity_pub/activity_pub_controller.ex # lib/pleroma/web/router.ex | |||
| 2019-09-09 | Add Pleroma.Plugs.Cache | minibikini | |
| 2019-09-08 | [#1234] Mastodon 2.4.3 hierarchical scopes initial support (WIP). | Ivan Tashkinov | |
| 2019-08-19 | added test helpers to clear config after tests | Maksim | |
| 2019-07-24 | tests WebFinger | Maksim | |
| 2019-07-22 | Exclude tests that use :crypt.crypt/2 on macOS | Sergey Suprunenko | |
| 2019-07-20 | [tests] Mock :crypt.crypt/2 function in AuthenticationPlugTest | Sergey Suprunenko | |
| 2019-07-19 | Merge branch 'refactor/http-signature-plug' into 'develop' | kaniini | |
| http signature plug: separation of concerns See merge request pleroma/pleroma!1449 | |||
| 2019-07-18 | mapped signature plug: use `user` assign like authentication plug | Ariadne Conill | |
| 2019-07-18 | tests for Plugs.AuthenticationPlug | Maksim | |
| 2019-07-18 | tests: add tests for mapped signature plug | Ariadne Conill | |
| 2019-07-18 | http signature plug: remove redundant checks handled by HTTPSignatures library | Ariadne Conill | |
| the redundant checks assumed a POST request, which will not work for signed GETs. this check was originally needed because the HTTPSignatures adapter assumed that the requests were also POST requests. but now, the adapter has been corrected. | |||
 |
index : pleroma.git | |
| [no description] |
| aboutsummaryrefslogtreecommitdiff |