nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
17604 commits 4 branches 0 tags 121 MiB
Commit graph

4242 commits

Author SHA1 Message Date
augier
73c1f0bc70 Fix pronto remarks 2016-01-04 16:49:57 +09:00
theworldbright
c6bec2f2dc Return error to RP instead of user for prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
9fc8c63cae Fix hash styles for stub_request 2016-01-04 16:49:57 +09:00
theworldbright
f1b394de0f Fix remaining remarks 2016-01-04 16:49:57 +09:00
theworldbright
2f8c391ac6 Fix pronto and travis errors 2016-01-04 16:49:57 +09:00
theworldbright
0fbcb71255 Add support for request_uri and claims 2016-01-04 16:49:56 +09:00
theworldbright
82600003b3 Flash error messages when redirect_uri is invalid 2016-01-04 16:49:56 +09:00
theworldbright
adcf2ab7ab Fix test for prompt == "none" 2016-01-04 16:49:56 +09:00
augier
d351db1982 Filter for prompt handling 2016-01-04 16:49:56 +09:00
augier
7b2be0d3c6 Support displaying TOS and policy 2016-01-04 16:49:56 +09:00
augier
6fcb9a9d3a Add XSS spec for application's name 2016-01-04 16:49:56 +09:00
theworldbright
9c9880d880 Move JWKs files to database 2016-01-04 16:49:56 +09:00
augier
2c7d102019 Design for authorization page when client_name not providen + XSS spec 2016-01-04 16:49:55 +09:00
theworldbright
da766d8e8b Revoke previously issued tokens on duplicate request 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
1dcefdb998 Validate sector identifier uri and redirect uri 2016-01-04 16:49:55 +09:00
theworldbright
a76f51a6a5 Use redirect_uri if no sector identifier for ppid 
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:

"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
 2016-01-04 16:49:55 +09:00
theworldbright
4be9f4d558 Make client name optional 2016-01-04 16:49:54 +09:00
augier
c33cce0953 Styling user consent form 2016-01-04 16:49:54 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
theworldbright
24fd70676c Fix webfinger discovery route 2016-01-04 16:49:53 +09:00
theworldbright
ab65617958 Add support for max_age parameter 
Additionally add support for prompt's login option

Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:53 +09:00
theworldbright
25f51c606a Add support for prompt parameter 2016-01-04 16:49:53 +09:00
theworldbright
8be3be3e10 Refactor authorizations controller destroy action 2016-01-04 16:49:53 +09:00
augier
07c12ba057 Using Camo for the application logo 2016-01-04 16:49:53 +09:00
theworldbright
98fd18077a Add test for expired access token 2016-01-04 16:49:52 +09:00
theworldbright
6e1a673459 Replace let!() with factory girl 2016-01-04 16:49:52 +09:00
theworldbright
dd337d4163 Remove JSON root from client controller 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:52 +09:00
theworldbright
65c40f236e Load scopes from seeds 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:51 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
d834a1d4d0 Replace user info endpoint with supported claims 
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
 2016-01-04 16:49:51 +09:00
theworldbright
2be932ceff Delete password flow 2016-01-04 16:49:51 +09:00
theworldbright
e5932968fd Add support for authorization code flow 2016-01-04 16:49:51 +09:00
theworldbright
bc5e5c7420 Fix pronto errors 2016-01-04 16:49:51 +09:00
theworldbright
cd2f1215e8 Adjust protect resource endpoint spec 2016-01-04 16:49:51 +09:00
theworldbright
3cbe75469b Add support for scopes 
Remove scopes from tokens

Squashed commits:

[83db38f] Add redirect uris to supported metadata
 2016-01-04 16:49:51 +09:00
augier
de4f68c289 Support for more metadata 2016-01-04 16:49:50 +09:00
augier
b173283692 Test for refresh token flow 2016-01-04 16:49:50 +09:00
augier
cc28199555 Fixing hounds remarks 2016-01-04 16:49:50 +09:00
theworldbright
7b80a7408d Add integration tests for implicit flow 
Squashed commits:
[d5001fe] Refactor
[8d8a23f] Add test for when authorization is denied
[659fc56] Adjust password flow integration test
 2016-01-04 16:49:50 +09:00
theworldbright
ee9ac06e1a Add support for access tokens in implicit flow 
Squashed commits:
[7dbf618] Use Rail's find_or_create_by method
 2016-01-04 16:49:50 +09:00
theworldbright
2d762da072 Adjust tokens to fit revised Authorization 2016-01-04 16:49:50 +09:00
theworldbright
17fde49d61 Implement ID Token for the implicit flow 2016-01-04 16:49:50 +09:00
theworldbright
1475672d72 Fix authorization and related models 
Squashed commits:
[a844d37] Remove unnecessary class_name's from models
[529a30c] Further adjust authorization and related models
 2016-01-04 16:49:50 +09:00
augier
031679762a Redesign the models 2016-01-04 16:49:49 +09:00
theworldbright
9d9dc13272 Adjust discovery controller to current values 2016-01-04 16:49:49 +09:00
Augier
73cc55940d Fix travis errors and refactor 2016-01-04 16:49:49 +09:00
theworldbright
3d26cbf657 Allow POST requests at authentication endpoint 2016-01-04 16:49:49 +09:00
theworldbright
3cfbcbce8f Implement authorization endpoint (part 1) 
The user can now authenticate with the authorization
server's authorization endpoint and receive a fake
id token.
 2016-01-04 16:49:49 +09:00
theworldbright
88d02ea35b Add client registration 
Client must now be registered prior to imitating a
call to the token endpoint with the password flow.

Squashed commits:

[fdcef62] Rename authorization endpoint to protected resource endpoint
 2016-01-04 16:49:48 +09:00
theworldbright
52e10a91fe Add tests for invalid token to password flow 2016-01-04 16:49:16 +09:00
theworldbright
9de2837a63 Move new API from /api/v2 to /api/v0 2016-01-04 16:49:16 +09:00
theworldbright
beae77102d Allow current user to be obtained from access token 2016-01-04 16:49:16 +09:00
theworldbright
68d96a3189 Add versionist gem 2016-01-04 16:49:16 +09:00
theworldbright
efdfe318fd Add ability to get user info from access tokens 2016-01-04 16:48:42 +09:00
Augier
a1f3d5f5f9 Getting token from user credential flow 2016-01-04 16:45:21 +09:00
Dennis Schubert
9dca1785c2 Merge branch 'stable' into develop 2015-12-31 16:17:35 +01:00
Jonne Haß
9aa7b2bd78 bump ruby-oembed 2015-12-31 16:05:57 +01:00
Steffen van Bergerem
99289491ef Merge pull request #6607 from jhass/link_profile_in_user_menu 
Link user menu button to the users profile
 2015-12-30 18:37:16 +01:00
Jonne Haß
f70cefb983 Link user menu button to the users profile 2015-12-30 15:14:29 +01:00
Dennis Schubert
d4fbbd86b3 Merge branch 'stable' into develop 2015-12-30 14:51:05 +01:00
Benjamin Neff
5392c6e6a9 refactoring for federation tests 2015-12-30 14:50:34 +01:00
Benjamin Neff
9f8e018422 add subscribe url to webfinger 2015-12-30 14:50:34 +01:00
Benjamin Neff
0e7bb6d756 define federation entity factories 2015-12-30 14:50:34 +01:00
Benjamin Neff
082e300a40 remove PublicsController completely 2015-12-30 14:50:34 +01:00
Benjamin Neff
05e4c8dc51 improve key specs in federation_callbacks_spec.rb 2015-12-30 14:50:34 +01:00
Benjamin Neff
5c8f0c1671 create queue callbacks and remove receive routes 2015-12-30 14:50:34 +01:00
Jonne Haß
434deaa75a Merge branch 'stable' into develop 2015-12-29 13:07:08 +01:00
Steffen van Bergerem
f3e897ab43 Activate hovercards for logged out users 
closes #6603
 2015-12-29 13:07:03 +01:00
Jonne Haß
20ba097918 Merge branch 'stable' into develop 2015-12-28 17:31:38 +01:00
Steffen van Bergerem
78df0f5158 Update highlightjs 2015-12-28 17:25:45 +01:00
Dennis Schubert
86fead30a4 Merge branch 'stable' into develop 2015-12-20 00:47:42 +01:00
Dennis Schubert
c238329cd8 Merge branch 'master' into stable 2015-12-20 00:41:49 +01:00
Steffen van Bergerem
e20f2ae566 Fix XSS in sharing message 2015-12-20 00:15:32 +01:00
Jonne Haß
179964fd15 Merge branch 'stable' into develop 2015-12-17 01:20:31 +01:00
Steffen van Bergerem
2025fae420 Disable hovercards for logged out users and prevent redirect to sign in page 
closes #6587
 2015-12-17 01:20:24 +01:00
cmrd Senya
a2ce47fae5 Remove parent author signature for relayables from the DB 
since it is considered redundant
 2015-12-16 22:00:35 +03:00
cmrd Senya
3d5aacda4c Add rspec persistance file 2015-12-13 16:53:48 +03:00
Jonne Haß
13029235d0 Merge branch 'stable' into develop 2015-12-13 12:28:04 +01:00
cmrd Senya
f0fc62e94d Fix a security issue that author_signature is not checked on the to-downstream receive of a federated relayable entity, allowing to forge relayables if you are an owner of the pod where a parent object is stored. 
closes #6539
 2015-12-13 12:26:59 +01:00
cmrd Senya
922d26f976 Implement integration tests for the federation messages receive feature 
These are some initial tests, more to come.

It tests some features of Request, StatusMessage, Comment, Like,
Participation, Retraction, SignedRetraction, RelayableRetraction entities
receive process.
 2015-12-13 12:24:52 +01:00
Jonne Haß
21cb1f44cd Merge branch 'stable' into develop 2015-12-08 17:30:32 +01:00
apsc92
fdb3ae5cb8 Fix_notifications_timestamp_issue #4826 
closes #6573
 2015-12-08 17:30:27 +01:00
Dennis Schubert
5081d69847 Merge branch 'stable' into develop 2015-11-22 02:52:37 +01:00
Jason Robinson
9a35a0d8dd Add participation to root.author on receiving reshare 
When author of the root post receives a reshare to it, no participation is added to the root author on the reshare. This causes any comments on the reshare on remote pods not to be sent to the author. Adding a participation should subscribe to the reshare and thus bring added comments back to the author.

closes #6481
 2015-11-22 02:50:38 +01:00
Jason Robinson
66925918b1 Send comment to reshare author when commenting on reshare 
As posts are always delivered also to reshare root, comments should also be delivered to reshare root, for concistency.
 2015-11-22 02:45:27 +01:00
Jonne Haß
17d0ddab41 Merge branch 'stable' into develop 2015-11-18 03:37:34 +01:00
Manuel Vögele
0925a26506 Do not add participation for comment if comment validation failed The same fix is also done for the other social actions 
closes #6552
 2015-11-18 03:16:54 +01:00
Manuel Vögele
1680c0c924 Do not disable submit button if comment is empty in mobile view 
Fixes #5485
 2015-11-13 02:46:22 +01:00
Jonne Haß
7fca5cf93a Merge branch 'stable' into develop 2015-11-04 22:10:07 +01:00
theworldbright
a054a35863 Catch Diaspora::NotMine on post controller 
closes #6533
 2015-11-04 22:10:00 +01:00
Dennis Schubert
92c2a2e527 Merge branch 'stable' into develop 2015-10-29 04:31:47 +01:00
Jonne Haß
c0c4b7277b bump shoulda-matchers 2015-10-29 04:20:37 +01:00
Jonne Haß
800be9b2cf Merge branch 'stable' into develop 2015-10-20 16:27:43 +02:00
cmrd Senya
00588e1ef8 Disable self-notification possibility 
closes #6512
 2015-10-20 16:27:39 +02:00
Dennis Schubert
228f3852b2 Merge branch 'stable' into develop 2015-10-15 05:58:44 +02:00
Steffen van Bergerem
995ce18c37 Display publisher on user profile path 
closes #6503
 2015-10-15 05:58:38 +02:00
Jonne Haß
403ef73d39 Merge branch 'stable' into develop 2015-10-14 01:14:59 +02:00
cmrd Senya
70b5d86386 Remove the lines from inlined_jobs.rb which never get called. 
closes #6499
 2015-10-14 01:14:54 +02:00
Jonne Haß
09f4eeac2a Merge branch 'stable' into develop 2015-10-12 16:12:36 +02:00
Steffen van Bergerem
b68daaece3 Redirect to sign in on 401 ajax response 
closes #6496
 2015-10-12 16:12:30 +02:00
Steffen van Bergerem
b9e6f749e2 Clean up view.js 2015-10-12 11:36:09 +02:00
Steffen van Bergerem
4a55fc5fb6 Clean up view.js 2015-10-11 20:50:22 +02:00
Jonne Haß
2aed793d19 Merge branch 'stable' into develop 2015-10-11 17:30:47 +02:00
Steffen van Bergerem
123e6d1dd4 Redirect logged out users to sign up page for limited posts 
closes #6490
 2015-10-11 17:29:01 +02:00
Jonne Haß
77295ffcfb Merge pull request #6487 from svbergerem/move-reshare-count 
Move reshare count
 2015-10-10 20:51:27 +02:00
Steffen van Bergerem
74a3a9719c Display reshares under the post 2015-10-10 14:22:59 +02:00
augier
aefd7273d9 Drop ID 2015-10-10 12:34:59 +02:00
augier
c62927bf00 Use backbone for flash messages 2015-10-10 12:15:41 +02:00
Dennis Schubert
aab21be09d Merge branch 'stable' into develop 2015-10-10 06:45:15 +02:00
Steffen van Bergerem
230f6d6d62 Fix hovercard view console error 
closes #6480
 2015-10-10 06:45:09 +02:00
Jonne Haß
c27b629515 Merge branch 'stable' into develop 2015-10-09 17:47:39 +02:00
Steffen van Bergerem
f7bd0bbb24 DRY app/router.js 2015-10-09 17:45:51 +02:00
Jonne Haß
92b5ea29ed Merge branch 'stable' into develop 2015-10-07 22:29:45 +02:00
Steffen van Bergerem
e0be1b49f1 Add public stream 
closes #6465
 2015-10-07 22:29:39 +02:00
Steffen van Bergerem
fc9d7396cc Merge branch 'stable' into develop 2015-10-07 21:38:26 +02:00
Faldrian
d486e37487 following tags now normalized and sorted in ui 
closes #6454
 2015-10-07 21:38:12 +02:00
Jonne Haß
8c5534a850 Merge pull request #6464 from Zauberstuhl/fix_report_translation 
Uncapitalize type if trying to find translation-string
 2015-10-07 17:52:10 +02:00
Lukas Matt
74fbd122a1 Uncapitalize type if trying to find translation-string 
Signed-off-by: Lukas Matt <lukas@zauberstuhl.de>
 2015-10-07 16:51:17 +02:00
Jonne Haß
1df5c7f7bf Merge branch 'stable' into develop 2015-10-07 10:58:10 +02:00
Faldrian
a946251a9e Show getting_started only if user has made no profile changes on the page 
closes #6456
 2015-10-07 10:58:06 +02:00
Jonne Haß
7b4d7dc737 Merge branch 'stable' into develop 2015-10-06 22:50:42 +02:00
Steffen van Bergerem
25e4d8c365 Fix shortcuts after changing streams 2015-10-06 22:34:36 +02:00
Steffen van Bergerem
e4a850ff9a Fix console error for map in SPV 2015-10-05 11:38:43 +02:00
Lukas Matt
78f9b39e55 Use polymorphic association for the report item 
* Adopt pronto suggestions

Signed-off-by: Lukas Matt <lukas@zauberstuhl.de>
 2015-10-03 17:18:03 +02:00
Lukas Matt
6bf47c7ff0 Fix spec files and report model 
* Adopt pronto suggestions
 2015-10-03 17:17:45 +02:00
Lukas Matt
95072d6010 Add get_reported_guid spec for report helper 
* two new methods in report model reported_author and item
* merge deletion methods in report model

Signed-off-by: Lukas Matt <lukas@zauberstuhl.de>
 2015-10-03 17:17:06 +02:00
Steffen van Bergerem
b40d5362cf Merge pull request #6256 from TeamDeltaQuadrant/5813-show-geolocation-on-osm 
5813 show geolocation on osm
 2015-09-23 01:43:49 +02:00
Jonne Haß
0508c1b8d4 Merge branch 'stable' into develop 2015-09-14 22:06:52 +02:00
Steffen van Bergerem
05a6d95811 Always show public photos 
closes #6398
 2015-09-14 22:04:53 +02:00
Jonne Haß
0f1295718f Merge branch 'stable' into develop 2015-09-13 12:25:18 +02:00
Jonne Haß
6fb5e88ead Merge branch 'master' into stable 2015-09-13 12:23:41 +02:00
Steffen van Bergerem
ebad0961a9 Show private profile info if contact is sharing 2015-09-13 12:16:25 +02:00
Steffen van Bergerem
7bcccde9f4 Merge pull request #6383 from AugierLe42e/improve-mobile-conversations-design 
[Quickfix] Improve mobile conversations design
 2015-09-12 12:20:59 +02:00
augier
44d71c3905 Improve mobile conversations design 2015-09-11 23:17:02 +02:00
realtin
1cdcc50c63 fix all the pronto remarks finally 
- fix map controls in stream
 2015-09-11 10:24:39 +02:00
realtin
52fac5740e fix indentation & jshint predefines 
according to svbergerem's annotations
 2015-09-10 14:48:25 +02:00
zaziemo
263dc6f119 refactor code that choses the tile server based on podmin's choice 
and remove the possibility to disable the map feature.
By default the application uses the itles of Heidelberg University that
don't need any credentials. If podmins enable the mapbox option in the
diaspora.yml and enter their credentials the mapbox tiles are used for the map
rendering.
 2015-09-09 17:03:46 +02:00
zaziemo
0f3eff8f88 add correct attributions for map tiles of Heidelberg University 
remove personal credentials from mapbox and refactored some code
#5813

Signed-off-by: zaziemo <maren.heltsche@gmail.com>
 2015-09-09 15:24:00 +02:00
realtin
57b7c05c4f set maptile default to OpenMapSurfer 
- refactor code for toggle map function
- adjust jasmine tests for maps and add tests for SPV
- change name of access token in defaults.yml according to naming conventions
- add explanation of map use for podmins
- add location to post_presenter
- fix opening multiple maps inside the stream when clicking on a reshare location
(#5813)
 2015-09-09 12:26:47 +02:00
realtin
6716b4c175 rename location_view to locator 
because it is confusing with the other location files
 2015-09-09 12:25:45 +02:00
Julia
c0f909d228 add map to header 
and add toggle map function
to show and load map only when user is clicking on address

(#5813)
 2015-09-09 12:23:38 +02:00
zaziemo
f92a2ee0dd merge address & coordinates in one location object 
to provide a clear arrangement of all location data
- add 'L' to predefs for pronto because it is part of the leaflet library
- fix: show address template only with an address present
with merging the location objects into one, only the objects within
the location object can be empty
(#5813)
 2015-09-09 12:22:48 +02:00
zaziemo
298e195a8f add a map subview 
- add coordinates in post_presenter
- add map to the SPV if location is provided
- add leaflet.js to render map and marker of position
- make coordinates available in frontend
- add map scss
- make stream post location clickable and redirect to the SPV
- prevent render map if no location data is provided
- add tests for coordinates
- use the leaflet gem instead of the JS assets
(#5813)
 2015-09-09 12:19:38 +02:00
Jonne Haß
6528f1479c Merge branch 'stable' into develop 2015-09-07 13:32:19 +02:00
Jonne Haß
0dd5447e63 Fix tumblr service deletion spec to actually test deletion 2015-09-07 13:31:45 +02:00
Jonne Haß
ba61ca4bdf Merge branch 'stable' into develop 2015-09-07 13:25:14 +02:00
Jonne Haß
0e64d8de2a Refactor tumblr service spec 
closes #6386
 2015-09-07 13:24:53 +02:00