about summary refs log tree commit diff
path: root/config/initializers/doorkeeper.rb
AgeCommit message (Collapse)Author
2019-12-31LDAP & PAM added to OAuth password grant strategy (#7999) (#12390)ntl-purism
When authenticating via OAuth, the resource owner password grant strategy is allowed by Mastodon, but (without this PR), it does not attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM authenticated users cannot sign in to Mastodon with their email/password credentials via OAuth (for instance, for native/mobile app users). This PR fleshes out the authentication strategy supplied to doorkeeper in its initializer by looking up the user with LDAP and/or PAM when devise is configured to use LDAP/PAM backends. It attempts to follow the same logic as the Auth::SessionsController for handling email/password credentials. Note #1: Since this pull request affects an initializer, it's unclear how to add test automation. Note #2: The PAM authentication path has not been manually tested. It was added for completeness sake, and it is hoped that it can be manually tested before merging.
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-19Add unread indicator to conversations (#9009)Eugen Rochko
2018-08-10Introduce OAuth scopes for bookmarksThibaut Girka
2018-07-05Add more granular OAuth scopes (#7929)Eugen Rochko
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
2018-05-11Add REST API for Web Push Notifications subscriptions (#7445)Eugen Rochko
- POST /api/v1/push/subscription - PUT /api/v1/push/subscription - DELETE /api/v1/push/subscription - New OAuth scope: "push" (required for the above methods)
2017-09-27When OAuth password verification fails, return 401 instead of redirect (#5111)Eugen Rochko
Call to warden.authenticate! in resource_owner_from_credentials would make the request redirect to sign-in path, which is a bad response for apps. Now bad credentials just return nil, which leads to HTTP 401 from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into this way.
2017-08-22Application prefs section (#2758)Colin Mitchell
* Add code for creating/managing apps to settings section * Add specs for app changes * Fix controller spec * Fix view file I pasted over by mistake * Add locale strings. Add 'my apps' to nav * Add Client ID/Secret to App page. Add some visual separation * Fix rubocop warnings * Fix embarrassing typo I lost an `end` statement while fixing a merge conflict. * Add code for creating/managing apps to settings section - Add specs for app changes - Add locale strings. Add 'my apps' to nav - Add Client ID/Secret to App page. Add some visual separation - Fix some bugs/warnings * Update to match code standards * Trigger notification * Add warning about not sharing API secrets * Tweak spec a bit * Cleanup fixture creation by using let! * Remove unused key * Add foreign key for application<->user
2017-08-05Add "signed in as" header to some pages (#4523)Eugen Rochko
2017-04-27OEmbed support for PreviewCard (#2337)Eugen Rochko
* OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller
2016-10-23Restrict access to oauth/applications to admins onlyEugen Rochko
2016-10-22Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limitingEugen Rochko
to the API
2016-10-02Fix doorkeeper skip_authorizationEugen Rochko
2016-09-30Allow non-https redirect URIs for OAuth apps (AndStatus seems to require this)Eugen Rochko
2016-09-26Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - appEugen Rochko
registration API
2016-08-26The frontend will now be an OAuth app, auto-authorized. The frontend will ↵Eugen Rochko
use an access token for API requests Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-25Improving statuses, adding a composer drawer, which doesn't work yetEugen Rochko
2016-03-16Access tokens no longer expire, case-insensitive local username validation, ↵Eugen Rochko
as well as case-insensitive Webfinger look-up
2016-03-14Bind oauth applications to usersEugen Rochko
2016-03-12Customized more doorkeeper views, only logged in users can create oauth appsEugen Rochko
2016-03-11Improving feed queries, switching API to doorkeeper authenticationEugen Rochko
2016-03-11Customizing doorkeeper views for authorizing appEugen Rochko
2016-03-07Adding doorkeeper, adding a REST APIEugen Rochko
POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
generated by cgit-pink (git 2.37.1) at 2024-07-06 04:29:42 +0000