William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								e9ef4b8da6 
								
							 
						 
						
							
							
								
								oauth: never use base64 padding when returning tokens to applications  
							
							... 
							
							
							
							The normal Base64 alphabet uses the equals sign (=) as a padding character.  Since
Base64 strings are self-synchronizing, padding characters are unnecessary, so don't
generate them in the first place. 
							
						 
						
							2019-02-14 01:10:04 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Ivan Tashkinov 
								
							 
						 
						
							
							
							
							
								
							
							
								063baca5e4 
								
							 
						 
						
							
							
								
								[ #468 ] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages.  
							
							
							
						 
						
							2019-02-14 00:29:29 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Maxim Filippov 
								
							 
						 
						
							
							
							
							
								
							
							
								760fec4cb8 
								
							 
						 
						
							
							
								
								Update token.ex  
							
							
							
						 
						
							2019-02-13 12:59:56 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Maxim Filippov 
								
							 
						 
						
							
							
							
							
								
							
							
								62a45bdc11 
								
							 
						 
						
							
							
								
								Add revoke token  
							
							
							
						 
						
							2019-02-13 12:59:56 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Maxim Filippov 
								
							 
						 
						
							
							
							
							
								
							
							
								61a4bc5095 
								
							 
						 
						
							
							
								
								Add OAuth tokens endpoint  
							
							
							
						 
						
							2019-02-13 12:59:56 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Haelwenn (lanodan) Monnier 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d924dc73ba 
								
							 
						 
						
							
							
								
								de-group import/s  
							
							
							
						 
						
							2019-02-09 16:31:17 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Haelwenn (lanodan) Monnier 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								6a6a5b3251 
								
							 
						 
						
							
							
								
								de-group alias/es  
							
							
							
						 
						
							2019-02-09 16:31:17 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Ivan Tashkinov 
								
							 
						 
						
							
							
							
							
								
							
							
								4ad843fb9d 
								
							 
						 
						
							
							
								
								[ #468 ] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions.  
							
							
							
						 
						
							2019-02-09 17:09:08 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Ivan Tashkinov 
								
							 
						 
						
							
							
							
							
								
							
							
								2c68cf7e9e 
								
							 
						 
						
							
							
								
								OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.  
							
							... 
							
							
							
							(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator). 
							
						 
						
							2019-02-07 22:14:06 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lain 
								
							 
						 
						
							
							
							
							
								
							
							
								1825118fd4 
								
							 
						 
						
							
							
								
								Correctly handle invalid credentials on auth login.  
							
							... 
							
							
							
							Closes  #407  
						
							2019-01-28 11:41:47 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									href 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								28d77e373c 
								
							 
						 
						
							
							
								
								Flake Ids for Users and Activities  
							
							
							
						 
						
							2019-01-23 11:26:27 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								980b5288ed 
								
							 
						 
						
							
							
								
								update copyright years to 2019  
							
							
							
						 
						
							2018-12-31 15:41:47 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								2791ce9a1f 
								
							 
						 
						
							
							
								
								add license boilerplate to pleroma core  
							
							
							
						 
						
							2018-12-23 20:56:42 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Ivan Tashkinov 
								
							 
						 
						
							
							
							
							
								
							
							
								b096e30cff 
								
							 
						 
						
							
							
								
								[ #114 ] Added email confirmation resend action. Added tests  
							
							... 
							
							
							
							for registration, authentication, email confirmation, confirmation resending.
Made admin methods create confirmed users. 
							
						 
						
							2018-12-18 17:22:46 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Ivan Tashkinov 
								
							 
						 
						
							
							
							
							
								
							
							
								1de0aa2f10 
								
							 
						 
						
							
							
								
								[ #114 ] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed.  
							
							
							
						 
						
							2018-12-18 17:21:05 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Maksim Pechnikov 
								
							 
						 
						
							
							
							
							
								
							
							
								074fa790ba 
								
							 
						 
						
							
							
								
								fix compile warnings  
							
							
							
						 
						
							2018-12-09 20:50:08 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								419ed3a0ca 
								
							 
						 
						
							
							
								
								oauth: fix token decode regression  
							
							
							
						 
						
							2018-11-11 05:26:39 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lain 
								
							 
						 
						
							
							
							
							
								
							
							
								4f640c43ed 
								
							 
						 
						
							
							
								
								Unify Mastodon Login with OAuth login.  
							
							... 
							
							
							
							This removes duplication in the login code. 
							
						 
						
							2018-11-06 15:19:11 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Haelwenn (lanodan) Monnier 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								eacab0fb05 
								
							 
						 
						
							
							
								
								Delete Tokens and Authorizations on password change  
							
							... 
							
							
							
							Closes: https://git.pleroma.social/pleroma/pleroma/issues/320  
							
						 
						
							2018-10-14 02:14:54 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Dominique Feyer 
								
							 
						 
						
							
							
							
							
								
							
							
								801d645c6b 
								
							 
						 
						
							
							
								
								TASK: Fix formatting  
							
							
							
						 
						
							2018-09-09 23:42:28 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Dominique Feyer 
								
							 
						 
						
							
							
							
							
								
							
							
								b79c126ee0 
								
							 
						 
						
							
							
								
								Add missing URL encoding in create authorization redirect  
							
							
							
						 
						
							2018-09-09 23:31:47 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Martin Kühl 
								
							 
						 
						
							
							
							
							
								
							
							
								84d84e4ca4 
								
							 
						 
						
							
							
								
								OAuth: Support /revoke endpoint for revoking tokens  
							
							... 
							
							
							
							(for compatibility with Mastodon) 
							
						 
						
							2018-09-01 23:10:48 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Martin Kühl 
								
							 
						 
						
							
							
							
							
								
							
							
								ad2a7972e7 
								
							 
						 
						
							
							
								
								OAuth: Set created_at in token exchange response  
							
							... 
							
							
							
							(for compatibility with Mastodon) 
							
						 
						
							2018-09-01 23:10:48 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								2c303b3302 
								
							 
						 
						
							
							
								
								Merge branch 'bugfix/oauth2-param-name' into 'develop'  
							
							... 
							
							
							
							oauth: support either name or username parameter with grant_type=password
Closes  #180 
See merge request pleroma/pleroma!219  
							
						 
						
							2018-06-14 07:14:18 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								5442466569 
								
							 
						 
						
							
							
								
								oauth: fix password-based login when username is email address  
							
							... 
							
							
							
							closes  #199  
						
							2018-06-14 02:32:30 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								4894b88b1b 
								
							 
						 
						
							
							
								
								oauth: support either name or username parameter with grant_type=password  
							
							... 
							
							
							
							closes  #180  
						
							2018-06-14 02:07:43 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									D Anzorge 
								
							 
						 
						
							
							
							
							
								
							
							
								3607dc4558 
								
							 
						 
						
							
							
								
								Make token exchange return errors with 400 as status code  
							
							
							
						 
						
							2018-06-06 03:14:50 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									D Anzorge 
								
							 
						 
						
							
							
							
							
								
							
							
								73904e8f78 
								
							 
						 
						
							
							
								
								Make OAuth token endpoint work with HTTP Basic auth  
							
							... 
							
							
							
							client_id/client_secret can now be supplied in an Authorization header 
							
						 
						
							2018-06-04 00:59:00 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lain 
								
							 
						 
						
							
							
							
							
								
							
							
								ffe028cd73 
								
							 
						 
						
							
							
								
								More warning fixes.  
							
							
							
						 
						
							2018-05-07 18:11:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lain 
								
							 
						 
						
							
							
							
							
								
							
							
								9e6ae44729 
								
							 
						 
						
							
							
								
								Formatting fixes.  
							
							
							
						 
						
							2018-04-21 09:43:53 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									eal 
								
							 
						 
						
							
							
							
							
								
							
							
								947431e9aa 
								
							 
						 
						
							
							
								
								MastoAPI and OAuth: allow login with either email or username.  
							
							
							
						 
						
							2018-04-18 13:13:57 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lain 
								
							 
						 
						
							
							
							
							
								
							
							
								4afbef39f4 
								
							 
						 
						
							
							
								
								Format the code.  
							
							
							
						 
						
							2018-03-30 15:01:53 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								dd21137f38 
								
							 
						 
						
							
							
								
								oauth: implement grant_type=password for single-page apps  
							
							
							
						 
						
							2018-03-23 15:53:58 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lain 
								
							 
						 
						
							
							
							
							
								
							
							
								f9ab38a443 
								
							 
						 
						
							
							
								
								Fix test.  
							
							
							
						 
						
							2018-03-22 12:37:24 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								2702df489f 
								
							 
						 
						
							
							
								
								cap again  
							
							
							
						 
						
							2018-03-19 18:00:02 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								2549a73d6d 
								
							 
						 
						
							
							
								
								start with a capital  
							
							
							
						 
						
							2018-03-19 17:58:45 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Calv Collins 
								
							 
						 
						
							
							
							
							
								
							
							
								73249fa5ff 
								
							 
						 
						
							
							
								
								Changed fallback controller to handle all cases from OAuthController  
							
							
							
						 
						
							2018-02-08 18:15:59 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Calv Collins 
								
							 
						 
						
							
							
							
							
								
							
							
								bdb5dd2194 
								
							 
						 
						
							
							
								
								Create action_fallback for username/password incorrect input  
							
							
							
						 
						
							2018-02-08 16:57:30 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								fd12e585c9 
								
							 
						 
						
							
							
								
								Handle existing redirect params.  
							
							
							
						 
						
							2017-11-10 18:24:50 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									eal 
								
							 
						 
						
							
							
							
							
								
							
							
								b0e27b21dd 
								
							 
						 
						
							
							
								
								Fix tootdon logins.  
							
							
							
						 
						
							2017-11-06 21:51:31 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								5602293690 
								
							 
						 
						
							
							
								
								Fix callback state.  
							
							
							
						 
						
							2017-09-16 11:37:55 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								ac3f32da7e 
								
							 
						 
						
							
							
								
								Preserve state in oauth  
							
							
							
						 
						
							2017-09-14 09:29:51 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								5fe9e4dd3f 
								
							 
						 
						
							
							
								
								Do oauth redirect.  
							
							
							
						 
						
							2017-09-09 19:03:57 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								59dd240c08 
								
							 
						 
						
							
							
								
								Use token exchange method.  
							
							
							
						 
						
							2017-09-09 12:10:46 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								95cedd6000 
								
							 
						 
						
							
							
								
								Make auth tokens usable once and expire them.  
							
							
							
						 
						
							2017-09-09 12:02:59 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								2652d9e4ed 
								
							 
						 
						
							
							
								
								Slight cleanup.  
							
							
							
						 
						
							2017-09-07 08:58:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Roger Braun 
								
							 
						 
						
							
							
							
							
								
							
							
								2a298d70f9 
								
							 
						 
						
							
							
								
								Add very basic oauth and mastodon api support.  
							
							
							
						 
						
							2017-09-06 19:06:25 +02:00