nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19766 commits 4 branches 0 tags 121 MiB
Commit graph

2533 commits

Author SHA1 Message Date
Augier
f2fdaf1daf Use typeahead on conversations 2016-11-13 20:08:59 +01:00
Steffen van Bergerem
2ec45317a3 Add new JSON endpoint for reshares 2016-11-02 22:59:25 +01:00
Benjamin Neff
16cd4752cb
Move auth_token to users controller 
This token is only used for the chat, it isn't an official API.
 2016-10-28 00:36:14 +02:00
Steffen van Bergerem
f90812671c
Show error messages from server when aspect membership changes fail 
closes #7132
 2016-10-27 02:24:58 +02:00
Steffen van Bergerem
3bea40b248
Refactor conversations creation 
closes #7131
 2016-10-27 02:23:35 +02:00
hilkoc
b7791e6c9d Add user setting for default post visibility 
fixes #4319

closes #7118
 2016-10-26 02:48:11 +02:00
cmrd Senya
cdcf2d747e
Override forgery settings in controllers 
ClientsController and TokenEndpointController are called from the outside,
so CSRF verification prevents them from normal operation.

closes #7062
 2016-10-01 10:24:15 +02:00
Augier
e424896822
Fully port conversations to Backbone and drop inbox.js 2016-09-30 00:32:46 +02:00
Benjamin Neff
459ebffa6e
Start background search with gon 2016-09-28 21:59:08 +02:00
Benjamin Neff
b8c76a3317
Trigger getting started with backbone 2016-09-28 21:59:08 +02:00
Benjamin Neff
07a4925f3b
Extract tags autocompletion JS to file 2016-09-28 21:59:08 +02:00
Benjamin Neff
0e5141dd67
Fix mapbox API URL 
closes #7066
 2016-09-25 02:58:56 +02:00
Steffen van Bergerem
521468986f Remove remotipart gem and remotipart photo uploads 
closes #7076
 2016-09-12 00:34:44 +02:00
Steffen van Bergerem
546f909658 Fix 500 in html requests for post interactions 
closes #7085
 2016-09-11 00:21:13 +02:00
Steffen van Bergerem
e27af6ee1a
Redirect logged in users to inviters page when following an invitation link 
closes #7061
 2016-09-06 05:08:04 +02:00
Steffen van Bergerem
c3de77e0fc
Send notification mails on CSRF fails 
closes #7050
 2016-09-04 03:26:42 +02:00
Steffen van Bergerem
6ad9000f8c
Sign out users with wrong CSRF tokens 
See http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf
 2016-09-04 03:26:18 +02:00
Steffen van Bergerem
806de7e9d8
Exclude closed accounts from search 
closes #7042
 2016-09-04 03:22:58 +02:00
Steffen van Bergerem
ce7d008e09
Set grammatical gender in tags controller 2016-09-04 03:02:27 +02:00
Steffen van Bergerem
08794bc47b
Remove user_photo method from users controller 
closes #7049
 2016-09-04 03:01:51 +02:00
Denis Hovart
bcace2def2 6840 : meta tags update (#6998) 
* Adds a new metadata helper and methods to PostPresenter to have metas on post pages.

* Adds tests to post controller to check correctness of metas

* Add methods to PersonPresenter to have metas on profile pages

* Correct meta data helper test

* Update PersonPresenter, add test to PeopleController

* Creates TagPresenter. Display tag metas on tag index page

* Updata meta data helper spec

* Not displaying bio as the description meta on profile page for now. Privacy concerns to be cleared.

* Set meta info as hashes in presenters

* Move original hardcoded metas info to config/defaults.yml

* metas_tags include by default the general metas, update views

* Update code style, clean views

* Renames TagPresenter StreamTagPresenter, updates TagController spec

* Add a default_metas entry to diaspora.yml.example

* Align metas hash in presenters, refactor meta data helper

* Use bio as description meta if user has a public profile

* Rename StreamTagPresenter to TagStreamPresenter
 2016-08-18 21:52:39 +02:00
Steffen van Bergerem
7b5ac656a7
Fix conversations autoSuggest showing non-mutual contacts 2016-08-18 13:02:14 +02:00
Steffen van Bergerem
34e3fb2e14
Merge pull request #6991 from cmrd-senya/dropdown-regression 
Fix aspect dropdown when person is being fetched
 2016-08-18 10:07:35 +02:00
Steffen van Bergerem
993f3d5ab0
Refactor contacts page using pagination 2016-08-18 01:54:43 +02:00
cmrd Senya
6fba0e498e
Use diaspora_id validation from the federation gem 
DRY
 2016-08-16 12:08:06 +03:00
cmrd Senya
4b3f36e92a
Fix aspect dropdown when person is being fetched 
fix #6989
 2016-08-15 23:43:24 +03:00
Benjamin Neff
23541546e9 Allow hovercards of remote people when not logged in 
In #6603 hovercards were activated for logged out users, but they only
worked for local people. Hovercards on remote-people are important to
get the diaspora-id to search the person on the local pod, if you don't
know who it is.
 2016-08-15 01:33:26 +02:00
cmrd Senya
9546fddb9e
[API] don't store ID tokens in DB 
fix #6857
 2016-08-13 20:09:43 +03:00
Benjamin Neff
bc6c8a0598 disable registration with invite-code when invitations are closed 
also display message if the user has no invitations left and refactored
InvitationsController spec and remove unused message parameter
 2016-08-13 13:51:28 +02:00
Benjamin Neff
3b1a5c6bdf don't reduce number of invites when registration is open 
otherwise the counter goes into negative ;)

also  reset all negative counters
 2016-08-13 13:51:02 +02:00
Benjamin Neff
e749bbef15 don't reduce number of available invites if there were errors. 2016-08-13 01:47:27 +02:00
Benjamin Neff
2a553940d4 small design fixes for invites 2016-08-13 01:47:27 +02:00
Benjamin Neff
66b7b7e27a Cleanup legacy invitations from code 
Fixes #5116
 2016-08-13 01:47:27 +02:00
Benjamin Neff
71ed7446c1 Fix user settings style after submit 
Fixed:
* wrong url
* broken navigation
* broken design
after saving the user settings

Fixes #5847
 2016-08-11 01:58:47 +02:00
Benjamin Neff
86e75a02bb fix privacy settings form submit 2016-08-10 13:16:59 +02:00
Steffen van Bergerem
cefffc6082
Move contacts search to contacts#index 2016-08-09 19:20:40 +02:00
Steffen van Bergerem
9f28b935b9
Drop contacts.json 2016-08-09 19:20:40 +02:00
Steffen van Bergerem
f1e9c99866
Add contacts search 2016-08-09 19:20:40 +02:00
cmrd Senya
71ecd7b866
Notifications and search page frontend updates 
Updates introduce usage of client-side aspect dropdown rendering
 2016-08-08 17:22:37 +03:00
cmrd Senya
94ce383498
Introduce NotificationSerializer 
And remove the note_html property from the model.
 2016-08-08 17:22:30 +03:00
cmrd Senya
a3f208c380
Notifications and search page backend updates 
Updates introduce support for preloading contacts to Gon in order
to support client-side rendering of aspect membership dropdown box.
 2016-08-08 17:21:38 +03:00
cmrd Senya
82ac611396
Client-side rendering of aspect dropdown for hovercards 2016-08-08 17:21:30 +03:00
cmrd Senya
923fb8a763
Refactor app.views.AspectMembership 
in order to support adding new aspect to a dropdown without full
page reload
 2016-08-08 17:21:14 +03:00
cmrd Senya
15e0f88758
Rename photos[:count] to photos_count in gon 2016-08-08 17:19:26 +03:00
cmrd Senya
d8687ccb3a
Rename contacts[:count] to contacts_count in gon 2016-08-08 17:19:19 +03:00
Jonne Haß
8cffc5cfbe
bump rails to 4.2.7 2016-07-15 13:48:09 +02:00
aoh0x7DE
d75f795cad Fix issue #6847 (#6905) 
* Fix issue #6847
 2016-07-06 01:57:23 +02:00
Steffen van Bergerem
bef5241512
Remove unused translations from diaspora.yml, add missing ones 2016-07-05 23:34:31 +02:00
Benjamin Neff
9a3f653c45 fix sender for messages for old pods 
Send a second message to remote recipients with conversation-author
as salmon author if the conversation-author is local.

The first dispatch will fail on old pods. New pods will ignore the
second message, if the guid already exist.
 2016-06-26 14:05:52 +02:00
Benjamin Neff
57dbcc0e67 add root author to reshare subscribers 2016-06-26 06:21:02 +02:00
Benjamin Neff
03123f1c4d remove more unused code and cleanup 2016-06-26 06:21:01 +02:00
Benjamin Neff
ae05d4e928 use Diaspora::Federation::Dispatcher everywhere 2016-06-26 06:21:01 +02:00
Benjamin Neff
581f8d7226 don't force remove contact on block 
this creates inconsistent states, if you remove the block in the future
 2016-06-26 06:21:00 +02:00
Benjamin Neff
b1d30aa9cc add more "diaspora to federation entity" methods 
move it to Diaspora::Federation::Entities and use it in some tests, but most of the tests can be removed later.
 2016-06-26 06:20:58 +02:00
Steffen van Bergerem
b1943f1e46
Redesign default.haml and add a podmin welcome page 2016-06-20 02:03:53 +02:00
Dennis Schubert
230ec02ad7 Merge branch 'stable' into develop 2016-05-06 02:20:38 +02:00
sjain1107
4cd2f1d9c1 Add inviter diaspora-ID to the invite email #6796 
closes #6817
 2016-05-06 02:20:31 +02:00
cmrd Senya
77bd220e24
Redirect to "/users/sign_in" after AccountDeletion 
There is no point to redirect to "/stream" after the account deletion
because the user is logged off.
 2016-04-07 12:02:46 +03:00
theworldbright
bb3849e4b1 Fix API privilege scope escalation 2016-03-11 17:18:21 -08:00
Benjamin Neff
0c8588eec8 PostService: create find! 
* find returns nil if nothing found
* find! raises errors if not found or not visible
 2016-03-07 05:52:54 +01:00
Benjamin Neff
e6b72b526f remove "not public" error page 
this is not used anymore:
* not logged in users are redirected to the login page
* logged in users see the normal 404 page
 2016-03-07 05:52:54 +01:00
Benjamin Neff
d94eae0d45 refactoring PostService 
* move presenters back to controllers, this is view-logic
* use PostService in CommentService
* remove iframe route, this is not used anymore
* id/guid limit at 16 chars, hex(8) is 16 chars long
 2016-03-07 05:52:54 +01:00
Benjamin Neff
b398b115bc refactoring CommentService 2016-03-07 05:52:54 +01:00
Benjamin Neff
5a46da47c3 refactoring StatusMessageCreationService 
* move parameter normalization back to controller, because this is
  frontend-specific.
* if the StatusMessage is public, save also public photos
 2016-03-07 00:00:27 +01:00
Jonne Haß
39ae5e741e Merge pull request #6732 from SuperTux88/cleanup-aspect_visibilities 
Cleanup aspect visibilities
 2016-03-05 11:05:55 +01:00
Benjamin Neff
acb91c79d2 improve pod connection check 
* use port for check
* respect entries in /etc/hosts
* test /.well-known/host-meta
* don't allow redirects to other domains
 2016-03-05 02:57:11 +01:00
Benjamin Neff
f913128967 don't add public shareables to aspect_visibilities 2016-03-04 20:13:52 +01:00
Steffen van Bergerem
d9e3f3a734 Merge branch 'stable' into develop 2016-02-23 09:38:53 +01:00
Dennis Schubert
9f2e5b1868 Only mark unread notifications as read otherwise, the UPDATE statement would update all the notifications... 
closes #6711
 2016-02-23 09:38:34 +01:00
Dennis Schubert
dbdf352a6b Merge branch 'stable' into develop 2016-02-23 06:35:26 +01:00
Steffen van Bergerem
0392549702 Add footer on conversations page 
closes #6710
 2016-02-23 06:35:15 +01:00
Dennis Schubert
535057aca4 Merge branch 'stable' into develop 2016-02-21 04:26:25 +01:00
Marien Fressinaud
27a8e0fbca Test if user is nil in #reset_authentication_token 
Actually it redirects to stream page and says that user is already logged in.

Fix https://github.com/diaspora/diaspora/issues/6326
 2016-02-21 04:24:50 +01:00
Steffen van Bergerem
89f21e87f8 Remove unused code 2016-02-14 02:48:51 +01:00
Dennis Schubert
15d5e0febc Merge branch 'stable' into develop 2016-02-07 16:31:53 +01:00
Steffen van Bergerem
785665b9ad Fix mobile registration layout after failed registration 
closes #6677
 2016-02-07 16:31:48 +01:00
Jonne Haß
32bda8fe20 Merge branch 'stable' into develop 2016-01-28 18:47:18 +01:00
Faldrian
8e3816e64e let mention-regex only match usable strings 
closes #6658
 2016-01-28 18:47:13 +01:00
Steffen van Bergerem
6fce81fc99 Merge branch 'stable' into develop 2016-01-20 21:37:30 +01:00
tamatsyk
960e651764 internationalize controller rescue_from text 
Fix typos

change forbitten to forbidden

fix styling issue and copypaste

improve code style for aspec_memberships_controller.rb with rubocop

fix styling issues

aligned elements of hash literals

fix typo

fix locale name and styling of its usage

fix failing tests

closes #6554
 2016-01-20 21:37:02 +01:00
theworldbright
38439277d6 Add licenses where appropriate 2016-01-04 17:22:44 +09:00
theworldbright
58aef5658b Fix remaining remarks 2016-01-04 17:01:40 +09:00
augier
ef7ea1a855 General text error + CSS styling 
Minor merge conflict fix by theworldbright
 2016-01-04 16:49:59 +09:00
theworldbright
c1e1f9bf69 Fix 500 error when unknown algorithm is used for JWT 2016-01-04 16:49:58 +09:00
theworldbright
4cde41486b Fix handling of prompt=login 2016-01-04 16:49:58 +09:00
theworldbright
a4095692b7 Add default kid to jwks.json 2016-01-04 16:49:58 +09:00
theworldbright
1e3421713a Handle error when request object is signed 2016-01-04 16:49:58 +09:00
theworldbright
fd4022a55c Fix pronto remarks 2016-01-04 16:49:58 +09:00
theworldbright
ed1dc256a8 Fix handling of error message in authorization controller 2016-01-04 16:49:58 +09:00
augier
ebeafb7894 Add custom error page when prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
c6bec2f2dc Return error to RP instead of user for prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
7865a30fec Return an JSON error response for invalid jwks_uri 2016-01-04 16:49:57 +09:00
theworldbright
3440709ec5 Explicitly state no support for user info alg 2016-01-04 16:49:57 +09:00
theworldbright
f1b394de0f Fix remaining remarks 2016-01-04 16:49:57 +09:00
augier
d028b5672e Fix remarks 2016-01-04 16:49:57 +09:00
theworldbright
2f8c391ac6 Fix pronto and travis errors 2016-01-04 16:49:57 +09:00
theworldbright
8f5094c29e Gracefully handle SSL verification failure 2016-01-04 16:49:56 +09:00
theworldbright
0fbcb71255 Add support for request_uri and claims 2016-01-04 16:49:56 +09:00
theworldbright
82600003b3 Flash error messages when redirect_uri is invalid 2016-01-04 16:49:56 +09:00
theworldbright
e4edad0646 Fix test for the auth missing the response_type parameter 2016-01-04 16:49:56 +09:00
theworldbright
adcf2ab7ab Fix test for prompt == "none" 2016-01-04 16:49:56 +09:00
augier
d351db1982 Filter for prompt handling 2016-01-04 16:49:56 +09:00
augier
7b2be0d3c6 Support displaying TOS and policy 2016-01-04 16:49:56 +09:00
theworldbright
9c9880d880 Move JWKs files to database 2016-01-04 16:49:56 +09:00
augier
2c7d102019 Design for authorization page when client_name not providen + XSS spec 2016-01-04 16:49:55 +09:00
theworldbright
80cbc7d915 Destroy previous auths on new auth request 2016-01-04 16:49:55 +09:00
theworldbright
b3b9b39690 Fix request with prompt=none when not logged in 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
1dcefdb998 Validate sector identifier uri and redirect uri 2016-01-04 16:49:55 +09:00
theworldbright
a76f51a6a5 Use redirect_uri if no sector identifier for ppid 
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:

"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
 2016-01-04 16:49:55 +09:00
augier
8c2af74447 Fixing last remarks 2016-01-04 16:49:54 +09:00
augier
c33cce0953 Styling user consent form 2016-01-04 16:49:54 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
28fc65ae26 Add CORS support to OIDC 2016-01-04 16:49:54 +09:00
theworldbright
054e421829 Remove zone info claim 2016-01-04 16:49:53 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
theworldbright
24fd70676c Fix webfinger discovery route 2016-01-04 16:49:53 +09:00
theworldbright
ab65617958 Add support for max_age parameter 
Additionally add support for prompt's login option

Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:53 +09:00
theworldbright
25f51c606a Add support for prompt parameter 2016-01-04 16:49:53 +09:00
theworldbright
8be3be3e10 Refactor authorizations controller destroy action 2016-01-04 16:49:53 +09:00
augier
07c12ba057 Using Camo for the application logo 2016-01-04 16:49:53 +09:00
augier
469521c572 Addin scopes translation and description 2016-01-04 16:49:52 +09:00
theworldbright
3734e074a6 Fix pronto errors 2016-01-04 16:49:52 +09:00
augier
b9da104b28 Revoke button on applications page 2016-01-04 16:49:52 +09:00
theworldbright
dd337d4163 Remove JSON root from client controller 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:52 +09:00
augier
308170f691 Add applications information page 2016-01-04 16:49:52 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
d834a1d4d0 Replace user info endpoint with supported claims 
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
 2016-01-04 16:49:51 +09:00
theworldbright
bc5e5c7420 Fix pronto errors 2016-01-04 16:49:51 +09:00
theworldbright
cd2f1215e8 Adjust protect resource endpoint spec 2016-01-04 16:49:51 +09:00
theworldbright
3cbe75469b Add support for scopes 
Remove scopes from tokens

Squashed commits:

[83db38f] Add redirect uris to supported metadata
 2016-01-04 16:49:51 +09:00
augier
de4f68c289 Support for more metadata 2016-01-04 16:49:50 +09:00
theworldbright
979adca1e7 Fix account deleter specs 
Squashed commits:

[7ff4276] Adjust discovery controller
 2016-01-04 16:49:50 +09:00
augier
cc28199555 Fixing hounds remarks 2016-01-04 16:49:50 +09:00
theworldbright
ee9ac06e1a Add support for access tokens in implicit flow 
Squashed commits:
[7dbf618] Use Rail's find_or_create_by method
 2016-01-04 16:49:50 +09:00
theworldbright
2d762da072 Adjust tokens to fit revised Authorization 2016-01-04 16:49:50 +09:00
theworldbright
17fde49d61 Implement ID Token for the implicit flow 2016-01-04 16:49:50 +09:00
theworldbright
1475672d72 Fix authorization and related models 
Squashed commits:
[a844d37] Remove unnecessary class_name's from models
[529a30c] Further adjust authorization and related models
 2016-01-04 16:49:50 +09:00
augier
031679762a Redesign the models 2016-01-04 16:49:49 +09:00
theworldbright
9d9dc13272 Adjust discovery controller to current values 2016-01-04 16:49:49 +09:00
Augier
73cc55940d Fix travis errors and refactor 2016-01-04 16:49:49 +09:00
theworldbright
3d26cbf657 Allow POST requests at authentication endpoint 2016-01-04 16:49:49 +09:00
theworldbright
3cfbcbce8f Implement authorization endpoint (part 1) 
The user can now authenticate with the authorization
server's authorization endpoint and receive a fake
id token.
 2016-01-04 16:49:49 +09:00
theworldbright
88d02ea35b Add client registration 
Client must now be registered prior to imitating a
call to the token endpoint with the password flow.

Squashed commits:

[fdcef62] Rename authorization endpoint to protected resource endpoint
 2016-01-04 16:49:48 +09:00
theworldbright
3fc0f64c56 Move openid controllers to openid connect namespace 2016-01-04 16:49:48 +09:00
theworldbright
9de2837a63 Move new API from /api/v2 to /api/v0 2016-01-04 16:49:16 +09:00
theworldbright
beae77102d Allow current user to be obtained from access token 2016-01-04 16:49:16 +09:00
theworldbright
68d96a3189 Add versionist gem 2016-01-04 16:49:16 +09:00
theworldbright
efdfe318fd Add ability to get user info from access tokens 2016-01-04 16:48:42 +09:00