nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
20280 commits 4 branches 0 tags 121 MiB
Commit graph

27 commits

Author SHA1 Message Date
Jonne Haß
2f7acbe4b3 API: fix missing page parameter to integer conversion 2020-01-21 23:34:43 +01:00
Jonne Haß
b1cc37e939 Avoid using sleep in the API specs 2019-04-26 13:40:43 +02:00
Hank Grabowski
ce01946eb0 Fixed new pronto warnings after develop branch sync 2018-12-30 17:04:35 -05:00
Hank Grabowski
f07912ebdd API Branch Final Cleanup Before PR 2018-12-30 11:50:58 -05:00
Hank Grabowski
a8d69c48dc OpenID Scopes and Security updates 2018-12-26 14:13:13 -05:00
Hank Grabowski
7109773b83 API Paging library and used in appropriate controllers with full tests 2018-12-17 22:07:33 -05:00
Benjamin Neff
4c4c3d8bf0
Bump json-jwt and openid_connect 
Fixes CVE-2018-1000539
 2018-09-05 02:19:34 +02:00
Benjamin Neff
e82690963d
Add # frozen_string_literal: true to all files 2017-09-17 19:29:15 +02:00
Benjamin Neff
385ab76077
Refactor OpenID specs to prevent duplicate client names 2017-08-12 15:39:24 +02:00
Benjamin Neff
621fdda197
New syntax for request specs 2017-08-12 15:39:23 +02:00
Justin Ramos
fa71af71c1 require spec_helper in .rspec 
closes #7223
 2016-11-27 21:27:12 +01:00
theworldbright
773a5a67d9 Add default kid to ID token 2016-01-04 16:49:58 +09:00
theworldbright
9c9880d880 Move JWKs files to database 2016-01-04 16:49:56 +09:00
theworldbright
da766d8e8b Revoke previously issued tokens on duplicate request 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
a76f51a6a5 Use redirect_uri if no sector identifier for ppid 
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:

"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
 2016-01-04 16:49:55 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
theworldbright
98fd18077a Add test for expired access token 2016-01-04 16:49:52 +09:00
theworldbright
6e1a673459 Replace let!() with factory girl 2016-01-04 16:49:52 +09:00
theworldbright
65c40f236e Load scopes from seeds 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:51 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
d834a1d4d0 Replace user info endpoint with supported claims 
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
 2016-01-04 16:49:51 +09:00
theworldbright
2be932ceff Delete password flow 2016-01-04 16:49:51 +09:00
theworldbright
e5932968fd Add support for authorization code flow 2016-01-04 16:49:51 +09:00
theworldbright
bc5e5c7420 Fix pronto errors 2016-01-04 16:49:51 +09:00