nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
17840 commits 4 branches 0 tags 121 MiB
Commit graph

2447 commits

Author SHA1 Message Date
Benjamin Neff
4408efdff3 fetch public key for unknown person 
and do some refactorings
 2016-06-26 06:20:58 +02:00
Dennis Schubert
61fb7410cc
Merge pull request #6844 from cmrd-senya/unique-aspect-visibilities 
Fix possible duplication of AspectVisibility
 2016-06-19 01:49:41 +02:00
cmrd Senya
204f58e6a7
Remove repetion of shareable initialization code 2016-05-31 21:16:13 +03:00
cmrd Senya
717554edac
Fix possible duplication of AspectVisibility 
No uniqueness control on AspectVisibility resulted in possible having
multiple AspectVisibility objects in the DB for the same aspect and
shareable which doesn't make sense. Introduce uniqueness validation
and fix up tests where duplication happened.
 2016-05-27 20:22:03 +03:00
Dennis Schubert
53808847a2 Merge branch 'stable' into develop 2016-05-07 18:52:34 +02:00
Ralin Chimev
1773e3e35d Do not change notification timestamp when making it read or unread. 
Marking a notification as unread resets the timeago stamp causing
the times to look wrong. It can be reproduced by marking an old
notification as unread. Using the update_column instead of
update_attribute will not touch the updated_at attribute, and
thus will not affect the updated time ago in the view.

Fixes #6798.

closes #6821
 2016-05-07 18:52:27 +02:00
Steffen van Bergerem
2263abdc82 Merge branch 'stable' into develop 2016-05-05 17:59:51 +02:00
Senya
ce6b1a3c0c Clear unused regex in mention.rb 
The REGEX is unused

closes #6810
 2016-05-05 17:59:37 +02:00
Steffen van Bergerem
c8a8110cf1 Merge branch 'stable' into develop 2016-03-30 11:13:47 +02:00
Dennis Schubert
fbe77781ff Use 1004 as our placeholder birth year because 1004 was a leap year. (Well, actually, people in 1004 probably had no idea what a leap year is. Or red tests. Or code.) 2016-03-30 11:12:31 +02:00
theworldbright
bb3849e4b1 Fix API privilege scope escalation 2016-03-11 17:18:21 -08:00
Dennis Schubert
69ac153fe9 Merge pull request #6745 from cmrd-senya/remove_diaspora_handle_shareables 
Remove diaspora_handle from shareables
 2016-03-08 23:45:16 +01:00
cmrd Senya
2986aa8b24 Remove diaspora_handle from shareables 
We can determine diaspora_handle from a relation with people for the
shareables (posts, photos). So we don't need to store diaspora_handle in
the DB. Also remove tmp_old_id from photos which is not refenrenced anywhere.
 2016-03-07 18:47:21 +03:00
Benjamin Neff
d94eae0d45 refactoring PostService 
* move presenters back to controllers, this is view-logic
* use PostService in CommentService
* remove iframe route, this is not used anymore
* id/guid limit at 16 chars, hex(8) is 16 chars long
 2016-03-07 05:52:54 +01:00
Benjamin Neff
5a46da47c3 refactoring StatusMessageCreationService 
* move parameter normalization back to controller, because this is
  frontend-specific.
* if the StatusMessage is public, save also public photos
 2016-03-07 00:00:27 +01:00
Benjamin Neff
10af3a8b11 fix pod table migration if someone deleted a user (owner) manually 2016-03-06 23:55:28 +01:00
Jonne Haß
39ae5e741e Merge pull request #6732 from SuperTux88/cleanup-aspect_visibilities 
Cleanup aspect visibilities
 2016-03-05 11:05:55 +01:00
Benjamin Neff
acb91c79d2 improve pod connection check 
* use port for check
* respect entries in /etc/hosts
* test /.well-known/host-meta
* don't allow redirects to other domains
 2016-03-05 02:57:11 +01:00
Benjamin Neff
b1a6516474 add migration for pods-table 
* add port to pods
* remove url from person and link people with pod-table
 2016-03-05 00:12:54 +01:00
Benjamin Neff
f913128967 don't add public shareables to aspect_visibilities 2016-03-04 20:13:52 +01:00
Benjamin Neff
7011f2961d Revert "Back out #6723 due to Postgres breakage" 
This reverts commit 84cfbd22fc.
 2016-03-04 14:01:31 +01:00
Dennis Schubert
84cfbd22fc Back out #6723 due to Postgres breakage 
This reverts commit 832a56134b, reversing
changes made to 75c3e6068c.
 2016-03-04 13:33:32 +01:00
Benjamin Neff
e3d1f0fd16 fix order with two posts with the same timestamp for all streams 2016-03-03 21:43:11 +01:00
Benjamin Neff
7583568be8 update queries for new ShareVisibility 
Also:
* remove ShareablesFromPerson evil-query
* improve multi-stream and aspect-stream queries
* fix logging for recieve
* don't add last 100 public posts to users streams after sharing
* delete share visibility when shareable is deleted
 2016-03-03 21:43:11 +01:00
Dennis Schubert
75c3e6068c Merge branch 'stable' into develop 2016-03-03 17:58:05 +01:00
Steffen van Bergerem
b98af83c9d Sort tag search result by name 
closes #6734
 2016-03-03 17:57:58 +01:00
Dennis Schubert
7c88fb7936 Merge pull request #6586 from cmrd-senya/drop-signatures 
Remove parent author signature for relayables from the DB
 2016-03-03 17:39:28 +01:00
Steffen van Bergerem
b69361838b Merge pull request #6621 from Fensterbank/6610-improved-gallery 
add a card footer in gallery containing meta data and link to single post view
 2016-03-02 21:47:53 +01:00
Frédéric Bolvin
e8bddcc7a7 add a card footer in gallery containing meta data and link to single post view 2016-03-02 19:50:32 +01:00
Steffen van Bergerem
482cbe7fcc Add reason for post report to email sent to admins 2016-02-07 17:58:03 +01:00
Dennis Schubert
7c197756dd Merge branch 'stable' into develop 2016-01-26 15:19:55 +01:00
Dennis Schubert
ad20bb052c Fix include_root_in_json misuse 
since it is no longer exposed for instances, our post_presenter failed
hard.
 2016-01-26 15:18:02 +01:00
Jonne Haß
baeff22451 Merge pull request #6095 from AugierLe42e/openid 
OpenID Connect
 2016-01-06 12:30:15 +01:00
Manuel Vögele
4f34ecafa4 Show posts of ignored users on their profile page 2016-01-04 18:29:30 +01:00
theworldbright
38439277d6 Add licenses where appropriate 2016-01-04 17:22:44 +09:00
theworldbright
58aef5658b Fix remaining remarks 2016-01-04 17:01:40 +09:00
theworldbright
9f85a90f55 Update code_used to false after issues new code 2016-01-04 16:49:58 +09:00
theworldbright
773a5a67d9 Add default kid to ID token 2016-01-04 16:49:58 +09:00
theworldbright
f1b394de0f Fix remaining remarks 2016-01-04 16:49:57 +09:00
augier
d028b5672e Fix remarks 2016-01-04 16:49:57 +09:00
theworldbright
0fbcb71255 Add support for request_uri and claims 2016-01-04 16:49:56 +09:00
theworldbright
9c9880d880 Move JWKs files to database 2016-01-04 16:49:56 +09:00
theworldbright
da766d8e8b Revoke previously issued tokens on duplicate request 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
1dcefdb998 Validate sector identifier uri and redirect uri 2016-01-04 16:49:55 +09:00
theworldbright
5f19d8ffe6 Add acr value 2016-01-04 16:49:55 +09:00
theworldbright
a76f51a6a5 Use redirect_uri if no sector identifier for ppid 
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:

"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
 2016-01-04 16:49:55 +09:00
theworldbright
4be9f4d558 Make client name optional 2016-01-04 16:49:54 +09:00
theworldbright
9439a16d98 Fix failing auth code test and styles 2016-01-04 16:49:54 +09:00
augier
8c2af74447 Fixing last remarks 2016-01-04 16:49:54 +09:00
augier
c33cce0953 Styling user consent form 2016-01-04 16:49:54 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
858e8c2503 Prevent duplicate scopes in authorization 2016-01-04 16:49:54 +09:00
theworldbright
724f32604b Add nonce to auth code flow 2016-01-04 16:49:53 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
augier
07c12ba057 Using Camo for the application logo 2016-01-04 16:49:53 +09:00
augier
3fb2d262b8 Using entypo icon as default application image 2016-01-04 16:49:52 +09:00
theworldbright
3734e074a6 Fix pronto errors 2016-01-04 16:49:52 +09:00
theworldbright
98fd18077a Add test for expired access token 2016-01-04 16:49:52 +09:00
augier
308170f691 Add applications information page 2016-01-04 16:49:52 +09:00
theworldbright
65c40f236e Load scopes from seeds 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:51 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
e5932968fd Add support for authorization code flow 2016-01-04 16:49:51 +09:00
theworldbright
bc5e5c7420 Fix pronto errors 2016-01-04 16:49:51 +09:00
theworldbright
3cbe75469b Add support for scopes 
Remove scopes from tokens

Squashed commits:

[83db38f] Add redirect uris to supported metadata
 2016-01-04 16:49:51 +09:00
augier
de4f68c289 Support for more metadata 2016-01-04 16:49:50 +09:00
theworldbright
979adca1e7 Fix account deleter specs 
Squashed commits:

[7ff4276] Adjust discovery controller
 2016-01-04 16:49:50 +09:00
augier
b173283692 Test for refresh token flow 2016-01-04 16:49:50 +09:00
augier
cc28199555 Fixing hounds remarks 2016-01-04 16:49:50 +09:00
theworldbright
7b80a7408d Add integration tests for implicit flow 
Squashed commits:
[d5001fe] Refactor
[8d8a23f] Add test for when authorization is denied
[659fc56] Adjust password flow integration test
 2016-01-04 16:49:50 +09:00
theworldbright
ee9ac06e1a Add support for access tokens in implicit flow 
Squashed commits:
[7dbf618] Use Rail's find_or_create_by method
 2016-01-04 16:49:50 +09:00
theworldbright
2d762da072 Adjust tokens to fit revised Authorization 2016-01-04 16:49:50 +09:00
theworldbright
17fde49d61 Implement ID Token for the implicit flow 2016-01-04 16:49:50 +09:00
theworldbright
1475672d72 Fix authorization and related models 
Squashed commits:
[a844d37] Remove unnecessary class_name's from models
[529a30c] Further adjust authorization and related models
 2016-01-04 16:49:50 +09:00
augier
031679762a Redesign the models 2016-01-04 16:49:49 +09:00
Augier
9140c8244b Support for refresh tokens w/ no tests 2016-01-04 16:49:49 +09:00
Augier
73cc55940d Fix travis errors and refactor 2016-01-04 16:49:49 +09:00
theworldbright
3cfbcbce8f Implement authorization endpoint (part 1) 
The user can now authenticate with the authorization
server's authorization endpoint and receive a fake
id token.
 2016-01-04 16:49:49 +09:00
theworldbright
059933f076 Add scopes and authorization models 2016-01-04 16:49:49 +09:00
theworldbright
88d02ea35b Add client registration 
Client must now be registered prior to imitating a
call to the token endpoint with the password flow.

Squashed commits:

[fdcef62] Rename authorization endpoint to protected resource endpoint
 2016-01-04 16:49:48 +09:00
theworldbright
7c75eb5901 Make access tokens belong to user not client app 2016-01-04 16:49:48 +09:00
theworldbright
beae77102d Allow current user to be obtained from access token 2016-01-04 16:49:16 +09:00
theworldbright
efdfe318fd Add ability to get user info from access tokens 2016-01-04 16:48:42 +09:00
Augier
a1f3d5f5f9 Getting token from user credential flow 2016-01-04 16:45:21 +09:00
Dennis Schubert
d4fbbd86b3 Merge branch 'stable' into develop 2015-12-30 14:51:05 +01:00
Benjamin Neff
24f5244f76 move glue code back to the initializer 2015-12-30 14:48:38 +01:00
cmrd Senya
a2ce47fae5 Remove parent author signature for relayables from the DB 
since it is considered redundant
 2015-12-16 22:00:35 +03:00
Jonne Haß
13029235d0 Merge branch 'stable' into develop 2015-12-13 12:28:04 +01:00
cmrd Senya
922d26f976 Implement integration tests for the federation messages receive feature 
These are some initial tests, more to come.

It tests some features of Request, StatusMessage, Comment, Like,
Participation, Retraction, SignedRetraction, RelayableRetraction entities
receive process.
 2015-12-13 12:24:52 +01:00
Jonne Haß
21cb1f44cd Merge branch 'stable' into develop 2015-12-08 17:30:32 +01:00
apsc92
fdb3ae5cb8 Fix_notifications_timestamp_issue #4826 
closes #6573
 2015-12-08 17:30:27 +01:00
Dennis Schubert
5081d69847 Merge branch 'stable' into develop 2015-11-22 02:52:37 +01:00
Jason Robinson
9a35a0d8dd Add participation to root.author on receiving reshare 
When author of the root post receives a reshare to it, no participation is added to the root author on the reshare. This causes any comments on the reshare on remote pods not to be sent to the author. Adding a participation should subscribe to the reshare and thus bring added comments back to the author.

closes #6481
 2015-11-22 02:50:38 +01:00
Jonne Haß
17d0ddab41 Merge branch 'stable' into develop 2015-11-18 03:37:34 +01:00
Manuel Vögele
0925a26506 Do not add participation for comment if comment validation failed The same fix is also done for the other social actions 
closes #6552
 2015-11-18 03:16:54 +01:00
Jonne Haß
800be9b2cf Merge branch 'stable' into develop 2015-10-20 16:27:43 +02:00
cmrd Senya
00588e1ef8 Disable self-notification possibility 
closes #6512
 2015-10-20 16:27:39 +02:00
Jonne Haß
99d4e0b332 Merge branch 'stable' into develop 2015-10-14 22:33:14 +02:00
cmrd Senya
69b46df3d6 Notifications for comments on local posts by non-contacts 2015-10-14 22:32:19 +02:00