Hélène
61254111e5
HttpSignaturePlug: accept standard (request-target)
...
The (request-target) used by Pleroma is non-standard, but many HTTP
signature implementations do it this way due to a misinterpretation of
the draft 06 of HTTP signatures: "path" was interpreted as not having
the query, though later examples show that it must be the absolute path
with the query part of the URL as well.
This behavior is kept to make sure most software (Pleroma itself,
Mastodon, and probably others) do not break, but Pleroma now accepts
signatures for a (request-target) containing the query, as expected by
many HTTP signature libraries, and clarified in the draft 11 of HTTP
signatures.
Additionally, the new draft renamed (request-target) to @request-target.
We now support both for incoming requests' signatures.
2022-08-18 17:01:34 +02:00
Tusooa Zhu
57c030a0a7
Skip cache when /objects or /activities is authenticated
...
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Tusooa Zhu
e2d24eda57
Allow to skip cache in Cache plug
...
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Haelwenn
d7c53da77a
Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop'
...
Translate backend-rendered pages
See merge request pleroma/pleroma!3634
2022-03-20 18:14:37 +00:00
Tusooa Zhu
aca11fb70e
Support multiple locales from userLanguage cookie
2022-03-03 02:31:36 -05:00
Tusooa Zhu
7ea330b4fe
Support multiple locales formally
...
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.
[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-03-03 02:03:44 -05:00
Tusooa Zhu
8de573b047
Fallback to a variant if the language in general is not supported
...
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.
Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-03-02 19:59:11 -05:00
Tusooa Zhu
e644f8dea5
Allow user to register with custom language
2022-03-02 01:41:13 -05:00
Tusooa Zhu
0149ea4538
Send emails i18n'd using backend-stored user language
2022-03-01 22:19:13 -05:00
Sean King
17aa3644be
Copyright bump for 2022
2022-02-25 23:11:42 -07:00
Tusooa Zhu
9f4c5743e8
Make lint happy
2022-02-21 19:12:32 -05:00
Tusooa Zhu
0fd3695b9c
Prefer userLanguage cookie over Accept-Language header in detecting locale
...
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-02-21 18:02:19 -05:00
Alex Gleason
138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through
2021-12-27 17:18:26 -06:00
Alibek Omarov
f02715c4b2
Fix lint errors
2021-12-27 03:42:03 +03:00
Alibek Omarov
cd1041c3a4
API: optionally restrict moderators from accessing sensitive data
2021-12-27 02:27:48 +03:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug
2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug
2021-07-12 21:57:52 -05:00
Alex Gleason
595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static
2021-05-30 12:12:58 -05:00
Alex Gleason
721c966842
FrontendStatic: make Router a runtime dep
...
Speeds up recompilation by removing compile-time cycles
2021-05-30 12:12:16 -05:00
Alex Gleason
39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes
2021-05-28 13:51:21 -05:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0
...
Reduce recompilation time by breaking compile-time cycles
2021-05-28 13:51:01 -05:00
Sean King
2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers
2021-04-18 14:00:18 -06:00
Mark Felder
1552179792
Improved recursion through the api route list
2021-02-25 10:07:29 -06:00
Mark Felder
cea31df6a6
Attempt to filter out API calls from FrontendStatic plug
2021-02-24 15:27:53 -06:00
rinpatch
2ab9499258
OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions
...
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
2021-02-17 21:37:23 +03:00
Ivan Tashkinov
df89b5019b
[ #2510 ] Improved support for app-bound OAuth tokens. Auth-related refactoring.
2021-02-11 15:02:50 +03:00
Egor Kislitsyn
793fc77b16
Add active user count
2021-01-27 18:20:06 +04:00
eugenijm
7fcaa188a0
Allow to define custom HTTP headers per each frontend
2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2
Ability to set the Service-Worker-Allowed header
2021-01-21 21:55:11 +03:00
Lain Soykaf
39f3683a06
Pbkdf2: Use it everywhere.
2021-01-14 15:06:16 +01:00
lain
9106048c61
Password: Replace Pbkdf2 with Password.
2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
Mark Felder
86dcfb4eb9
More places we should be using Upload.base_url
2021-01-08 17:32:42 -06:00
Mark Felder
d69c78ceb9
Remove configurability of upload proxy opts, simplify
2021-01-05 15:06:00 -06:00
lain
713612c377
Cachex: Make caching provider switchable at runtime.
...
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Ivan Tashkinov
e9859b68fc
[ #3112 ] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions.
2020-12-06 13:59:10 +03:00
Ivan Tashkinov
50e47a215f
Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements
2020-11-28 21:51:27 +03:00
Alexander Strizhakov
6aadb1cb40
digest algorithm is taken from header
2020-11-27 08:10:52 +03:00
Ivan Tashkinov
12a5981cc3
Session token setting on token exchange. Auth-related refactoring.
2020-11-25 21:47:23 +03:00
Ivan Tashkinov
ccc2cf0e87
Session-based OAuth auth fixes (token expiration check), refactoring, tweaks.
2020-11-21 19:47:25 +03:00
Ivan Tashkinov
04f6b48ac1
Auth subsystem refactoring and tweaks.
...
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
2020-10-31 13:38:35 +03:00
Maksim Pechnikov
d28f72a55a
FrontStatic plug: excluded invalid url
2020-10-27 22:59:27 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase
2020-10-13 16:44:02 +03:00
Alexander Strizhakov
1d0e130cb3
fixes after rebase
2020-10-13 16:44:02 +03:00
Alexander Strizhakov
9f4fe5485b
alias alphabetically order
2020-10-13 16:43:59 +03:00
Alexander Strizhakov
3ef4e9d170
AdminSecretAuthenticationPlug module name
2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c497558d43
AuthenticationPlug module name
2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c1777e7479
BasicAuthDecoderPlug module name
2020-10-13 16:43:58 +03:00
Alexander Strizhakov
970932689f
DigestPlug rename
2020-10-13 16:43:57 +03:00
Alexander Strizhakov
66e0b0065b
Cache plug module name
2020-10-13 16:43:57 +03:00