gearheads
/
mastodon
Archived
2
0
Fork 0
Commit Graph

17 Commits (0352c40e9950c83a5416ed505d43fe41e417254c)

Author SHA1 Message Date
Eugen Rochko db3ed498b0 When OAuth password verification fails, return 401 instead of redirect (#5111)
Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.
2017-09-27 23:42:49 +02:00
Colin Mitchell 871c0d251a Application prefs section (#2758)
* Add code for creating/managing apps to settings section

* Add specs for app changes

* Fix controller spec

* Fix view file I pasted over by mistake

* Add locale strings. Add 'my apps' to nav

* Add Client ID/Secret to App page. Add some visual separation

* Fix rubocop warnings

* Fix embarrassing typo

I lost an `end` statement while fixing a merge conflict.

* Add code for creating/managing apps to settings section

- Add specs for app changes
- Add locale strings. Add 'my apps' to nav
- Add Client ID/Secret to App page. Add some visual separation
- Fix some bugs/warnings

* Update to match code standards

* Trigger notification

* Add warning about not sharing API secrets

* Tweak spec a bit

* Cleanup fixture creation by using let!

* Remove unused key

* Add foreign key for application<->user
2017-08-22 18:33:57 +02:00
Eugen Rochko df605f0f8b Add "signed in as" header to some pages (#4523) 2017-08-05 04:24:58 +02:00
Eugen Rochko 88725d6ce8 OEmbed support for PreviewCard (#2337)
* OEmbed support for PreviewCard

* Improve ProviderDiscovery code failure treatment

* Do not crawl links if there is a content warning, since those
don't display a link card anyway

* Reset db schema

* Fresh migrate

* Fix rubocop style issues
Fix #1681 - return existing access token when applicable instead of creating new

* Fix test

* Extract http client to helper

* Improve oembed controller
2017-04-27 14:42:22 +02:00
Eugen Rochko 720d1f8f3d Restrict access to oauth/applications to admins only 2016-10-23 12:08:52 +02:00
Eugen Rochko a9e40a3d80 Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
to the API
2016-10-22 19:39:44 +02:00
Eugen Rochko f06f295890 Fix doorkeeper skip_authorization 2016-10-02 22:55:09 +02:00
Eugen Rochko 492224b93f Allow non-https redirect URIs for OAuth apps (AndStatus seems to require this) 2016-09-30 22:40:31 +02:00
Eugen Rochko 7e14eefc81 Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app
registration API
2016-09-26 23:56:53 +02:00
Eugen Rochko 92afd29650 The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko 44e57f64dd Improving statuses, adding a composer drawer, which doesn't work yet 2016-08-25 19:52:55 +02:00
Eugen Rochko 9cb690c706 Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up 2016-03-16 18:29:52 +01:00
Eugen Rochko 6fec8afc3f Bind oauth applications to users 2016-03-14 17:49:13 +01:00
Eugen Rochko 1aa477ac2f Customized more doorkeeper views, only logged in users can create oauth apps 2016-03-12 19:46:06 +01:00
Eugen Rochko 447cfef62d Improving feed queries, switching API to doorkeeper authentication 2016-03-11 16:47:36 +01:00
Eugen Rochko b919f39b31 Customizing doorkeeper views for authorizing app 2016-03-11 01:58:55 +01:00
Eugen Rochko ab6696e855 Adding doorkeeper, adding a REST API
POST /api/statuses                  Params: status (text contents), in_reply_to_id (optional)
GET  /api/statuses/:id
POST /api/statuses/:id/reblog

GET  /api/accounts/:id
GET  /api/accounts/:id/following
GET  /api/accounts/:id/followers
POST /api/accounts/:id/follow
POST /api/accounts/:id/unfollow

POST /api/follows                  Params: uri (e.g. user@domain)

OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
2016-03-07 12:42:33 +01:00