00dani/lemoncurry
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity
424 commits 1 branch 55 tags 4 MiB
Commit graph

50 commits

Author SHA1 Message Date
Danielle McLean 741c2eb234
Switch from stateless JOSE tokens to stateful tokens in the DB, since they can then be much smaller and we're using a DB anyway 2018-06-12 14:57:53 +10:00
Danielle McLean 67f8ec6fae
Throw away now-unused lemonauth templates, since they've all been ported across to Jinja2 2018-06-12 11:01:25 +10:00
Danielle McLean f551a5214a
Add pytest and mypy steps to the pre-commit hooks to avoid committing clearly broken code 2018-06-04 10:32:24 +10:00
Danielle McLean b59962a119
Start porting stuff from Django templates to Jinja2 - I've only done the lemonauth templates so far, and the layout is missing some meta stuff (hoping to reduce how much of that is needed) but it works 2018-05-28 21:15:02 +10:00
Danielle McLean 70e57e4155
Port the urls for lemonauth, lemonshort, micropub, and wellknowns to path() 2018-05-04 12:19:54 +10:00
Danielle McLean c40372a020
Add cute little Tipper.js tooltips to the profiles on the home h-card 2018-05-01 14:15:37 +10:00
Danielle McLean ffd0d3384e
Upgrade to Tippy.js v2, along with upgrading its dependency Popper.js 2018-05-01 14:00:16 +10:00
Danielle McLean 418f501afa
Use a native checkbox on the login page too 2018-03-23 13:17:11 +11:00
Danielle McLean 7e50300942
Switch the scopes checkboxen from Bootstrap's custom ones to browser-native ones, since the custom one wasn't getting us much 2018-03-23 13:14:34 +11:00
Danielle McLean d5f36bcfbe
Use consistent IDs for each input of the login form 2018-03-08 14:24:32 +11:00
Danielle McLean 7d677734f3
Patch the 'remember this browser' checkbox to work with the current Bootstrap and django-otp-agents versions 2018-03-08 13:56:15 +11:00
Danielle McLean 9f733125a7
Refactor micropub, add basic support for querying - source works great, the other two not so much 2018-01-29 10:28:46 +11:00
Danielle McLean 14723b03ff
Fix regression - the verification tooltips weren't working with FA 5 2017-12-18 10:53:45 +11:00
Danielle McLean 87f04ce988
Use a more helpful page title on IndieAuth authorisation pages 2017-12-18 10:53:17 +11:00
Danielle McLean b89405ed88
Dramatically improved processing of Micropub tokens which supports both the Authorization header and the access_token field approaches 2017-12-18 09:51:06 +11:00
Danielle McLean 6d912de376
Migrate to Font Awesome 5 - every icon used in the site has been updated, but the site icons that live in the database will need fixing separately 2017-12-06 14:07:59 +11:00
Danielle McLean a7f6824334
Implement request caching in Redis so that we don't always have to fetch remote pages every time we want their mf2 items 2017-11-10 09:17:32 +11:00
Danielle McLean cfe0f47d0f
Switch from PyJWT to python-jose, since it supports more features and has more documentation 2017-11-03 17:42:57 +11:00
Danielle McLean 179f5753ed
Implement a token endpoint - currently all tokens last forever and can't be revoked, but I can add revocation later without too much trouble 2017-11-03 17:18:00 +11:00
Danielle McLean 9add6be8e4
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway 2017-11-03 16:40:09 +11:00
Danielle McLean 3d5b537369
Oops, forgot to put .objects after the model to get the actual manager 2017-11-03 16:19:26 +11:00
Danielle McLean ab810a8f94
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 2017-11-03 16:14:30 +11:00
Danielle McLean 43a56e865e
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for 2017-11-03 15:51:27 +11:00
Danielle McLean 40810d6310
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes 2017-11-03 14:37:39 +11:00
Danielle McLean 6f6bb4e534
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter 2017-11-03 14:33:27 +11:00
Danielle McLean 6b1cd896ea
Handle IndieAuth redirect URIs that already have query parameters 2017-11-03 12:14:15 +11:00
Danielle McLean b658bf5c79
Default to form encoding rather than JSON, since legacy clients that don't support JSON usually also don't ask for a certain format 2017-11-03 11:51:34 +11:00
Danielle McLean 92cd38cbb0
Make relative redirect URIs redirect to the right place, by urljoining them with the client ID 2017-11-03 11:28:26 +11:00
Danielle McLean 1c09be1b1c
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 16:36:16 +11:00
Danielle McLean 41d490ea80
Put the shortcuts for returning 40* responses into lemoncurry.utils 2017-11-02 16:16:04 +11:00
Danielle McLean 06278935b6
Add support for selecting scopes during IndieAuth's 'code' type 2017-11-01 13:27:55 +11:00
Danielle McLean 387e7d859c
Smarter handling of IndieAuth code verification, including verifying the response type is correct 2017-11-01 10:56:49 +11:00
Danielle McLean bfa7f68edc
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500 2017-10-30 08:27:19 +11:00
Danielle McLean e5d3af1b51
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified 2017-10-29 19:15:29 +11:00
Danielle McLean acce72e90e
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho) 2017-10-29 17:07:36 +11:00
Danielle McLean 8b4a14ffa3
On approving an IndieAuth request, actually generate an auth code and redirect 2017-10-29 16:16:27 +11:00
Danielle McLean 221d548e4a
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form 2017-10-29 14:39:30 +11:00
Danielle McLean e2e21f4afa
Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not 2017-10-27 22:03:25 +11:00
Danielle McLean 5690e4bfab
Add some niiiice h-x-app rendering to the authorisation page, so you can get a pretty view of who's trying to auth 2017-10-27 21:32:14 +11:00
Danielle McLean a14d31e9d3
Improve the IndieAuth form: include the state parameter, show more information, etc. 2017-10-27 13:26:21 +11:00
Danielle McLean 93be2f5a32
Half-implement an IndieAuth authorization endpoint - it accepts the right parameters, verifies your client_id, and displays a prompt, but you can't actually approve the auth yet 2017-10-26 11:35:57 +11:00
Danielle McLean d234fd942d
Refactor the login views into their own modules, because I'm about to implement IndieAuth and it's gonna be kinda big 2017-10-26 11:21:56 +11:00
Danielle McLean 0328ab97f6
Add support for ogp:url and the much nicer rel="canonical", as well as smarter title handling 2017-10-25 09:25:35 +11:00
Danielle McLean 7f17d50486
Enable django-otp-agents, for preserving OTP trust over time 2017-10-25 01:46:18 +11:00
Danielle McLean 3f3bb05a25
Add TOTP support with django-otp 2017-10-25 01:25:03 +11:00
Danielle McLean 492ba744fc
Adjust breadcrumb label for lemonauth:login to match other labels 2017-10-25 00:55:38 +11:00
Danielle McLean 9e2c6a6634
Mark login form fields as required 2017-10-25 00:30:44 +11:00
Danielle McLean 53fbc804bd
Whoops, use correct Bootstrap 4 classes to indicate invalid form fields 2017-10-25 00:30:09 +11:00
Danielle McLean 84a34c89e7
Enable breadcrumb support, use it on the login view 2017-10-25 00:25:41 +11:00
Danielle McLean c210650ca7
Switch from using the admin login/logout pages to custom 'lemonauth' pages 2017-10-24 23:50:57 +11:00