Commit Graph

99 Commits

Author SHA1 Message Date
rinpatch
4d416343fa rate limiter: Fix a race condition
When multiple requests are processed by rate limiter plug at the same
time and the bucket is not yet initialized, both would try to initialize
the bucket resulting in an internal server error.
2020-03-01 01:13:07 +03:00
Ivan Tashkinov
c747260989 [#2250] Tiny refactoring per merge request review. 2020-02-29 22:04:09 +03:00
Ivan Tashkinov
6f2efb1c45 Runtime configurability of RateLimiter. Refactoring. Disabled default rate limits in tests. 2020-02-27 18:46:05 +03:00
lain
3eddd9caa6 Merge branch 'require-signature' into 'develop'
Add an option to require fetches to be signed

Closes #1444

See merge request pleroma/pleroma!2071
2020-02-20 12:13:21 +00:00
Ivan Tashkinov
4f8c3462a8 Tweaks to clear_config calls in tests in order to prevent side effects on config during test suite execution. 2020-02-13 21:55:47 +03:00
rinpatch
5b62acf6e9 Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost 2020-01-30 22:16:55 +03:00
Ivan Tashkinov
ead2d18826 Merge remote-tracking branch 'remotes/origin/develop' into oauth-scopes-tweaks-and-tests 2019-12-19 17:24:08 +03:00
Egor Kislitsyn
775212121c
Verify HTTP signatures only when request accepts "activity+json" type 2019-12-19 20:17:18 +07:00
Maxim Filippov
45180d4c60 Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost 2019-12-17 12:36:56 +03:00
minibikini
e1fa8c11a9 Apply suggestion to test/plugs/http_signature_plug_test.exs 2019-12-16 18:39:59 +00:00
Egor Kislitsyn
a12b6454bb
Add an option to require fetches to be signed 2019-12-16 22:24:03 +07:00
rinpatch
54029fe212 tests: remove a useless sleep in rate limiter tests
It was used to check that authenticated and unauthenticated users have
different limits. Instead of sleeping a super low limit for
unauthenticated users was set, preventing them from doing 5 requests in
the first place.
2019-12-16 01:03:13 +03:00
Ivan Tashkinov
7973cbdb9f OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: controller tests modification: OAuth scopes usage. 2019-12-15 22:32:42 +03:00
Maxim Filippov
eb11c60289 Disable rate limiter for socket/localhost (unless RemoteIp is enabled) 2019-12-14 03:06:43 +03:00
Ivan Tashkinov
3920244be5 [#1427] Fixed :admin option handling in OAuthScopesPlug, added tests. 2019-12-11 11:42:02 +03:00
Ivan Tashkinov
1770602747 [#1427] Extra check that admin OAuth scope is used by admin. Adjusted tests. 2019-12-07 17:49:53 +03:00
Ivan Tashkinov
40e1817f70 [#1427] Fixes / improvements of admin scopes support. Added tests. 2019-12-06 20:33:47 +03:00
Egor Kislitsyn
36686f5245
Support authentication via x-admin-token HTTP header 2019-11-19 15:58:20 +07:00
rinpatch
22554ac5ca Merge branch 'bugfix/1395-email-activation' into 'develop'
Bugfix/1395 email activation

Closes #1395

See merge request pleroma/pleroma!1965
2019-11-15 14:11:48 +00:00
Egor Kislitsyn
72cf6a76f4
Fix random fails of the rate limiter tests 2019-11-13 18:07:53 +07:00
Steven Fuchs
94627baa5c New rate limiter 2019-11-11 12:13:06 +00:00
lain
f6056e9c9c UserEnabledPlug: Don't authenticate unconfirmed users. 2019-11-11 12:43:46 +01:00
rinpatch
84175fe30e Set better Cache-Control header for static content
Closes #1382
2019-11-06 16:41:19 +03:00
Ivan Tashkinov
10ff01acd9 [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. 2019-10-16 21:59:21 +03:00
Ivan Tashkinov
64095961fe [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	CHANGELOG.md
#	lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
#	lib/pleroma/web/router.ex
2019-10-02 20:42:40 +03:00
minibikini
f9380289eb Add remote_ip plug 2019-09-27 21:59:23 +00:00
Ivan Tashkinov
6f67aed3ac [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	lib/pleroma/web/admin_api/admin_api_controller.ex
2019-09-19 10:59:09 +03:00
Haelwenn (lanodan) Monnier
447514dfa2
Bump copyright years of files changed in 2019
Done via the following command:
git diff 1e6c102bfc --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2019-09-18 23:21:11 +02:00
Ivan Tashkinov
b17f217bf3 [#1234] Addressed code analysis issue. 2019-09-17 23:31:05 +03:00
Ivan Tashkinov
76068873db [#1234] Defined admin OAuth scopes, refined other scopes. Added tests. 2019-09-17 22:19:39 +03:00
Ivan Tashkinov
efbc2edba1 [#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts:
#	lib/pleroma/web/activity_pub/activity_pub_controller.ex
#	lib/pleroma/web/router.ex
2019-09-15 18:52:27 +03:00
minibikini
11e12b5761 Add Pleroma.Plugs.Cache 2019-09-09 18:53:08 +00:00
Ivan Tashkinov
b63faf9819 [#1234] Mastodon 2.4.3 hierarchical scopes initial support (WIP). 2019-09-08 15:00:03 +03:00
Maksim
a320358703 added test helpers to clear config after tests 2019-08-19 15:34:29 +00:00
Maksim
55341ac717 tests WebFinger 2019-07-24 15:13:10 +00:00
Sergey Suprunenko
9340896c9e Exclude tests that use :crypt.crypt/2 on macOS 2019-07-22 19:54:22 +00:00
Sergey Suprunenko
43a7cd27fe [tests] Mock :crypt.crypt/2 function in AuthenticationPlugTest 2019-07-20 13:07:51 +00:00
kaniini
716afc83ce Merge branch 'refactor/http-signature-plug' into 'develop'
http signature plug: separation of concerns

See merge request pleroma/pleroma!1449
2019-07-19 16:57:24 +00:00
Ariadne Conill
c947cfec5a mapped signature plug: use user assign like authentication plug 2019-07-18 20:31:25 +00:00
Maksim
f435217e50 tests for Plugs.AuthenticationPlug 2019-07-18 20:29:51 +00:00
Ariadne Conill
621cacf667 tests: add tests for mapped signature plug 2019-07-18 16:28:36 +00:00
Ariadne Conill
88d064d80e http signature plug: remove redundant checks handled by HTTPSignatures library
the redundant checks assumed a POST request, which will not work for signed GETs.
this check was originally needed because the HTTPSignatures adapter assumed that
the requests were also POST requests.  but now, the adapter has been corrected.
2019-07-18 15:11:21 +00:00
Ivan Tashkinov
369e9bb42f [#1041] Rate-limited status actions (per user and per user+status). 2019-07-13 14:49:39 +03:00
Egor Kislitsyn
c2a589d9a3 Fix credo warning 2019-07-10 18:10:09 +07:00
Egor Kislitsyn
0d54a571ca Add SetLocalePlug 2019-07-10 18:08:03 +07:00
feld
93a0eeab16 Add license/copyright to all project files 2019-07-10 05:13:23 +00:00
Egor Kislitsyn
889a9c3a3f Polish IdempotencyPlug 2019-06-27 01:53:58 +07:00
Egor Kislitsyn
825077a5b0 Add Idempotency plug 2019-06-26 18:36:58 +07:00
Egor Kislitsyn
fc6e661672 Fix rate limiter tests 2019-06-21 16:47:16 +07:00
Egor Kislitsyn
ad04d12de6 Replace MastodonAPIController.account_register/2 rate limiter 2019-06-11 16:06:03 +07:00