nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19176 commits 4 branches 0 tags 121 MiB
Commit graph

2482 commits

Author SHA1 Message Date
Benjamin Neff
ae05d4e928 use Diaspora::Federation::Dispatcher everywhere 2016-06-26 06:21:01 +02:00
Benjamin Neff
581f8d7226 don't force remove contact on block 
this creates inconsistent states, if you remove the block in the future
 2016-06-26 06:21:00 +02:00
Benjamin Neff
b1d30aa9cc add more "diaspora to federation entity" methods 
move it to Diaspora::Federation::Entities and use it in some tests, but most of the tests can be removed later.
 2016-06-26 06:20:58 +02:00
Steffen van Bergerem
b1943f1e46
Redesign default.haml and add a podmin welcome page 2016-06-20 02:03:53 +02:00
Dennis Schubert
230ec02ad7 Merge branch 'stable' into develop 2016-05-06 02:20:38 +02:00
sjain1107
4cd2f1d9c1 Add inviter diaspora-ID to the invite email #6796 
closes #6817
 2016-05-06 02:20:31 +02:00
cmrd Senya
77bd220e24
Redirect to "/users/sign_in" after AccountDeletion 
There is no point to redirect to "/stream" after the account deletion
because the user is logged off.
 2016-04-07 12:02:46 +03:00
theworldbright
bb3849e4b1 Fix API privilege scope escalation 2016-03-11 17:18:21 -08:00
Benjamin Neff
0c8588eec8 PostService: create find! 
* find returns nil if nothing found
* find! raises errors if not found or not visible
 2016-03-07 05:52:54 +01:00
Benjamin Neff
e6b72b526f remove "not public" error page 
this is not used anymore:
* not logged in users are redirected to the login page
* logged in users see the normal 404 page
 2016-03-07 05:52:54 +01:00
Benjamin Neff
d94eae0d45 refactoring PostService 
* move presenters back to controllers, this is view-logic
* use PostService in CommentService
* remove iframe route, this is not used anymore
* id/guid limit at 16 chars, hex(8) is 16 chars long
 2016-03-07 05:52:54 +01:00
Benjamin Neff
b398b115bc refactoring CommentService 2016-03-07 05:52:54 +01:00
Benjamin Neff
5a46da47c3 refactoring StatusMessageCreationService 
* move parameter normalization back to controller, because this is
  frontend-specific.
* if the StatusMessage is public, save also public photos
 2016-03-07 00:00:27 +01:00
Jonne Haß
39ae5e741e Merge pull request #6732 from SuperTux88/cleanup-aspect_visibilities 
Cleanup aspect visibilities
 2016-03-05 11:05:55 +01:00
Benjamin Neff
acb91c79d2 improve pod connection check 
* use port for check
* respect entries in /etc/hosts
* test /.well-known/host-meta
* don't allow redirects to other domains
 2016-03-05 02:57:11 +01:00
Benjamin Neff
f913128967 don't add public shareables to aspect_visibilities 2016-03-04 20:13:52 +01:00
Steffen van Bergerem
d9e3f3a734 Merge branch 'stable' into develop 2016-02-23 09:38:53 +01:00
Dennis Schubert
9f2e5b1868 Only mark unread notifications as read otherwise, the UPDATE statement would update all the notifications... 
closes #6711
 2016-02-23 09:38:34 +01:00
Dennis Schubert
dbdf352a6b Merge branch 'stable' into develop 2016-02-23 06:35:26 +01:00
Steffen van Bergerem
0392549702 Add footer on conversations page 
closes #6710
 2016-02-23 06:35:15 +01:00
Dennis Schubert
535057aca4 Merge branch 'stable' into develop 2016-02-21 04:26:25 +01:00
Marien Fressinaud
27a8e0fbca Test if user is nil in #reset_authentication_token 
Actually it redirects to stream page and says that user is already logged in.

Fix https://github.com/diaspora/diaspora/issues/6326
 2016-02-21 04:24:50 +01:00
Steffen van Bergerem
89f21e87f8 Remove unused code 2016-02-14 02:48:51 +01:00
Dennis Schubert
15d5e0febc Merge branch 'stable' into develop 2016-02-07 16:31:53 +01:00
Steffen van Bergerem
785665b9ad Fix mobile registration layout after failed registration 
closes #6677
 2016-02-07 16:31:48 +01:00
Jonne Haß
32bda8fe20 Merge branch 'stable' into develop 2016-01-28 18:47:18 +01:00
Faldrian
8e3816e64e let mention-regex only match usable strings 
closes #6658
 2016-01-28 18:47:13 +01:00
Steffen van Bergerem
6fce81fc99 Merge branch 'stable' into develop 2016-01-20 21:37:30 +01:00
tamatsyk
960e651764 internationalize controller rescue_from text 
Fix typos

change forbitten to forbidden

fix styling issue and copypaste

improve code style for aspec_memberships_controller.rb with rubocop

fix styling issues

aligned elements of hash literals

fix typo

fix locale name and styling of its usage

fix failing tests

closes #6554
 2016-01-20 21:37:02 +01:00
theworldbright
38439277d6 Add licenses where appropriate 2016-01-04 17:22:44 +09:00
theworldbright
58aef5658b Fix remaining remarks 2016-01-04 17:01:40 +09:00
augier
ef7ea1a855 General text error + CSS styling 
Minor merge conflict fix by theworldbright
 2016-01-04 16:49:59 +09:00
theworldbright
c1e1f9bf69 Fix 500 error when unknown algorithm is used for JWT 2016-01-04 16:49:58 +09:00
theworldbright
4cde41486b Fix handling of prompt=login 2016-01-04 16:49:58 +09:00
theworldbright
a4095692b7 Add default kid to jwks.json 2016-01-04 16:49:58 +09:00
theworldbright
1e3421713a Handle error when request object is signed 2016-01-04 16:49:58 +09:00
theworldbright
fd4022a55c Fix pronto remarks 2016-01-04 16:49:58 +09:00
theworldbright
ed1dc256a8 Fix handling of error message in authorization controller 2016-01-04 16:49:58 +09:00
augier
ebeafb7894 Add custom error page when prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
c6bec2f2dc Return error to RP instead of user for prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
7865a30fec Return an JSON error response for invalid jwks_uri 2016-01-04 16:49:57 +09:00
theworldbright
3440709ec5 Explicitly state no support for user info alg 2016-01-04 16:49:57 +09:00
theworldbright
f1b394de0f Fix remaining remarks 2016-01-04 16:49:57 +09:00
augier
d028b5672e Fix remarks 2016-01-04 16:49:57 +09:00
theworldbright
2f8c391ac6 Fix pronto and travis errors 2016-01-04 16:49:57 +09:00
theworldbright
8f5094c29e Gracefully handle SSL verification failure 2016-01-04 16:49:56 +09:00
theworldbright
0fbcb71255 Add support for request_uri and claims 2016-01-04 16:49:56 +09:00
theworldbright
82600003b3 Flash error messages when redirect_uri is invalid 2016-01-04 16:49:56 +09:00
theworldbright
e4edad0646 Fix test for the auth missing the response_type parameter 2016-01-04 16:49:56 +09:00
theworldbright
adcf2ab7ab Fix test for prompt == "none" 2016-01-04 16:49:56 +09:00
augier
d351db1982 Filter for prompt handling 2016-01-04 16:49:56 +09:00
augier
7b2be0d3c6 Support displaying TOS and policy 2016-01-04 16:49:56 +09:00
theworldbright
9c9880d880 Move JWKs files to database 2016-01-04 16:49:56 +09:00
augier
2c7d102019 Design for authorization page when client_name not providen + XSS spec 2016-01-04 16:49:55 +09:00
theworldbright
80cbc7d915 Destroy previous auths on new auth request 2016-01-04 16:49:55 +09:00
theworldbright
b3b9b39690 Fix request with prompt=none when not logged in 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
1dcefdb998 Validate sector identifier uri and redirect uri 2016-01-04 16:49:55 +09:00
theworldbright
a76f51a6a5 Use redirect_uri if no sector identifier for ppid 
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:

"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
 2016-01-04 16:49:55 +09:00
augier
8c2af74447 Fixing last remarks 2016-01-04 16:49:54 +09:00
augier
c33cce0953 Styling user consent form 2016-01-04 16:49:54 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
28fc65ae26 Add CORS support to OIDC 2016-01-04 16:49:54 +09:00
theworldbright
054e421829 Remove zone info claim 2016-01-04 16:49:53 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
theworldbright
24fd70676c Fix webfinger discovery route 2016-01-04 16:49:53 +09:00
theworldbright
ab65617958 Add support for max_age parameter 
Additionally add support for prompt's login option

Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:53 +09:00
theworldbright
25f51c606a Add support for prompt parameter 2016-01-04 16:49:53 +09:00
theworldbright
8be3be3e10 Refactor authorizations controller destroy action 2016-01-04 16:49:53 +09:00
augier
07c12ba057 Using Camo for the application logo 2016-01-04 16:49:53 +09:00
augier
469521c572 Addin scopes translation and description 2016-01-04 16:49:52 +09:00
theworldbright
3734e074a6 Fix pronto errors 2016-01-04 16:49:52 +09:00
augier
b9da104b28 Revoke button on applications page 2016-01-04 16:49:52 +09:00
theworldbright
dd337d4163 Remove JSON root from client controller 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:52 +09:00
augier
308170f691 Add applications information page 2016-01-04 16:49:52 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
d834a1d4d0 Replace user info endpoint with supported claims 
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
 2016-01-04 16:49:51 +09:00
theworldbright
bc5e5c7420 Fix pronto errors 2016-01-04 16:49:51 +09:00
theworldbright
cd2f1215e8 Adjust protect resource endpoint spec 2016-01-04 16:49:51 +09:00
theworldbright
3cbe75469b Add support for scopes 
Remove scopes from tokens

Squashed commits:

[83db38f] Add redirect uris to supported metadata
 2016-01-04 16:49:51 +09:00
augier
de4f68c289 Support for more metadata 2016-01-04 16:49:50 +09:00
theworldbright
979adca1e7 Fix account deleter specs 
Squashed commits:

[7ff4276] Adjust discovery controller
 2016-01-04 16:49:50 +09:00
augier
cc28199555 Fixing hounds remarks 2016-01-04 16:49:50 +09:00
theworldbright
ee9ac06e1a Add support for access tokens in implicit flow 
Squashed commits:
[7dbf618] Use Rail's find_or_create_by method
 2016-01-04 16:49:50 +09:00
theworldbright
2d762da072 Adjust tokens to fit revised Authorization 2016-01-04 16:49:50 +09:00
theworldbright
17fde49d61 Implement ID Token for the implicit flow 2016-01-04 16:49:50 +09:00
theworldbright
1475672d72 Fix authorization and related models 
Squashed commits:
[a844d37] Remove unnecessary class_name's from models
[529a30c] Further adjust authorization and related models
 2016-01-04 16:49:50 +09:00
augier
031679762a Redesign the models 2016-01-04 16:49:49 +09:00
theworldbright
9d9dc13272 Adjust discovery controller to current values 2016-01-04 16:49:49 +09:00
Augier
73cc55940d Fix travis errors and refactor 2016-01-04 16:49:49 +09:00
theworldbright
3d26cbf657 Allow POST requests at authentication endpoint 2016-01-04 16:49:49 +09:00
theworldbright
3cfbcbce8f Implement authorization endpoint (part 1) 
The user can now authenticate with the authorization
server's authorization endpoint and receive a fake
id token.
 2016-01-04 16:49:49 +09:00
theworldbright
88d02ea35b Add client registration 
Client must now be registered prior to imitating a
call to the token endpoint with the password flow.

Squashed commits:

[fdcef62] Rename authorization endpoint to protected resource endpoint
 2016-01-04 16:49:48 +09:00
theworldbright
3fc0f64c56 Move openid controllers to openid connect namespace 2016-01-04 16:49:48 +09:00
theworldbright
9de2837a63 Move new API from /api/v2 to /api/v0 2016-01-04 16:49:16 +09:00
theworldbright
beae77102d Allow current user to be obtained from access token 2016-01-04 16:49:16 +09:00
theworldbright
68d96a3189 Add versionist gem 2016-01-04 16:49:16 +09:00
theworldbright
efdfe318fd Add ability to get user info from access tokens 2016-01-04 16:48:42 +09:00
Augier
a1f3d5f5f9 Getting token from user credential flow 2016-01-04 16:45:21 +09:00
augier
8d8faf684c OpenID Connect debut work 2016-01-04 16:45:21 +09:00
Dennis Schubert
d4fbbd86b3 Merge branch 'stable' into develop 2015-12-30 14:51:05 +01:00
Benjamin Neff
082e300a40 remove PublicsController completely 2015-12-30 14:50:34 +01:00
Benjamin Neff
5c8f0c1671 create queue callbacks and remove receive routes 2015-12-30 14:50:34 +01:00
Jonne Haß
434deaa75a Merge branch 'stable' into develop 2015-12-29 13:07:08 +01:00
Steffen van Bergerem
f3e897ab43 Activate hovercards for logged out users 
closes #6603
 2015-12-29 13:07:03 +01:00
Jonne Haß
7fca5cf93a Merge branch 'stable' into develop 2015-11-04 22:10:07 +01:00
theworldbright
a054a35863 Catch Diaspora::NotMine on post controller 
closes #6533
 2015-11-04 22:10:00 +01:00
Jonne Haß
2aed793d19 Merge branch 'stable' into develop 2015-10-11 17:30:47 +02:00
Steffen van Bergerem
123e6d1dd4 Redirect logged out users to sign up page for limited posts 
closes #6490
 2015-10-11 17:29:01 +02:00
Jonne Haß
92b5ea29ed Merge branch 'stable' into develop 2015-10-07 22:29:45 +02:00
Steffen van Bergerem
e0be1b49f1 Add public stream 
closes #6465
 2015-10-07 22:29:39 +02:00
Jonne Haß
1df5c7f7bf Merge branch 'stable' into develop 2015-10-07 10:58:10 +02:00
Faldrian
a946251a9e Show getting_started only if user has made no profile changes on the page 
closes #6456
 2015-10-07 10:58:06 +02:00
Steffen van Bergerem
8a02bc6e71 Redesign error pages 2015-09-25 22:24:04 +02:00
Steffen van Bergerem
b40d5362cf Merge pull request #6256 from TeamDeltaQuadrant/5813-show-geolocation-on-osm 
5813 show geolocation on osm
 2015-09-23 01:43:49 +02:00
Jonne Haß
0508c1b8d4 Merge branch 'stable' into develop 2015-09-14 22:06:52 +02:00
Steffen van Bergerem
05a6d95811 Always show public photos 
closes #6398
 2015-09-14 22:04:53 +02:00
zaziemo
263dc6f119 refactor code that choses the tile server based on podmin's choice 
and remove the possibility to disable the map feature.
By default the application uses the itles of Heidelberg University that
don't need any credentials. If podmins enable the mapbox option in the
diaspora.yml and enter their credentials the mapbox tiles are used for the map
rendering.
 2015-09-09 17:03:46 +02:00
zaziemo
e5cc8dff0e outsource map credentials 
and allow podmin to enable and disable the feature
(#5813)
 2015-09-09 12:25:45 +02:00
Jonne Haß
176b32c815 Merge branch 'stable' into develop 2015-09-07 12:41:36 +02:00
zaziemo
c2c6ed5dea refactor moderator role and add specs 
#5324
 2015-09-07 12:32:09 +02:00
realtin
15b186518c add moderators to report email recievers 
and refactor coding style according to pull request comments

(#5324)
 2015-09-07 12:31:25 +02:00
zaziemo
b2dc77e1e6 change method name for a better understanding of what the befor_filter does 
and correct test syntax
#5324
 2015-09-07 12:24:12 +02:00
realtin
bc75371b7a report controller renders index for the moderator 
(#5324)
 2015-09-07 12:24:12 +02:00
Jonne Haß
24d9be2e68 Merge branch 'stable' into develop 2015-08-27 21:03:16 +02:00
augier
2ce7a1e185 Mobile subdomain 
closes #6354
 2015-08-27 21:01:36 +02:00
Florian Staudacher
ea397ffdfb Add connection test for pods in the network 
* add a class for checking pod connectivity
* extend pod model to handle new functionality
* add an admin frontend to list pods and re-trigger checks manually
* add a daily worker to run through all the pods
* add unit tests for most of the new code
 2015-08-24 22:04:53 +02:00
Jonne Haß
d396d5555f Merge branch 'stable' into develop 2015-08-21 14:23:46 +02:00
Benjamin Neff
d28e03f053 use discovery from diaspora_federation gem 2015-08-21 14:21:43 +02:00
Jonne Haß
25be9ecfd2 Merge branch 'stable' into develop 2015-08-09 18:35:44 +02:00
theworldbright
d7c92431ae Extract service from comments controller 
closes #6307
 2015-08-09 18:35:11 +02:00
Jonne Haß
85f9a0eaa9 Merge branch 'stable' into develop 2015-08-04 10:41:43 +02:00
Mikica Ivosevic
78b0fbbee6 Refactor HomeController#toggle_mobile 
closes #6260
 2015-08-04 10:41:21 +02:00
Jonne Haß
b7864a9976 Merge branch 'stable' into develop 2015-08-02 16:58:07 +02:00
theworldbright
cae5f94af0 Refactor status messages controller 
closes #6280
 2015-08-02 16:58:01 +02:00
Jonne Haß
602ad2d209 Merge branch 'stable' into develop 2015-07-28 18:35:18 +02:00
Mikica Ivosevic
c8b01cb62c application_controller.rb 
refactor method after_sign_out_path_for

closes #6258
 2015-07-28 18:35:13 +02:00
Dennis Schubert
04135d7b28 Merge branch 'stable' into develop 2015-07-27 02:05:14 +02:00
Steffen van Bergerem
6fea450777 Fix mobile photos index page 
closes #6243
 2015-07-27 01:59:26 +02:00
Jonne Haß
6ee3843449 Merge branch 'stable' into develop 2015-07-26 13:11:49 +02:00
theworldbright
2a3dde1ae5 Refactor PostService and extract its tests 
Squashed commits:

[ada0f09] Remove favorites from Posts table

closes #6208
 2015-07-26 13:10:24 +02:00
theworldbright
d724397168 Refactor posts controller 2015-07-26 12:58:42 +02:00
Dennis Schubert
e8297f8d6b Merge pull request #6207 from jaywink/social-relay 
Implement social relay requirements
 2015-07-25 23:01:45 +02:00
Dennis Schubert
be8f920c29 Merge branch 'stable' into develop 2015-07-24 04:05:32 +02:00
Jonne Haß
b7064677ff Collapse StatisticsController into NodeInfoController 2015-07-24 03:51:31 +02:00
Jonne Haß
487b0d90ca Implement NodeInfo 2015-07-24 03:50:02 +02:00
Jonne Haß
0cbe7ec9a8 Merge branch 'stable' into develop 2015-07-22 10:05:46 +02:00
Steffen van Bergerem
f8bbe71f54 Remove correlations 
closes #6223
 2015-07-22 09:46:52 +02:00
Steffen van Bergerem
484e70a68f Add dashboard to admin page 2015-07-21 14:36:41 +02:00