58 Commits (v1.10.3)

Author SHA1 Message Date
Danielle McLean b318ed5b06
Fix broken Tippy tooltips caused by changes to Tippy's API in version 3 3 years ago
Danielle McLean d68dda85ad
Refactor the Micropub error responses into a non-view module, have them produce an immediately raise-able exception 3 years ago
Danielle McLean 065619772e
Use ResponseException for various places rather than needing to check the return value for responseness 3 years ago
Danielle McLean ac22c826cb
Canonicalise the 'me' parameter better, so if I just enter the bare domain it'll work fine 3 years ago
Danielle McLean 35ced9a451
Whoops, only revoke the current user's Micropub tokens for a client, not every single token for that client 3 years ago
Danielle McLean 446029ce84
Add a page that lists all authorised Micropub clients and allows a client's access to be revoked easily 3 years ago
Danielle McLean bb91d3c6b6
Resilently handle IndieAuth clients that don't have a logo in their h-x-app 3 years ago
Danielle McLean e4aa5c6e6e
Loosen the checks on IndieAuth parameters so that generic OAuth 2.0 clients like Paw.app can be used 3 years ago
Danielle McLean 741c2eb234
Switch from stateless JOSE tokens to stateful tokens in the DB, since they can then be much smaller and we're using a DB anyway 3 years ago
Danielle McLean 67f8ec6fae
Throw away now-unused lemonauth templates, since they've all been ported across to Jinja2 3 years ago
Danielle McLean f551a5214a
Add pytest and mypy steps to the pre-commit hooks to avoid committing clearly broken code 3 years ago
Danielle McLean b59962a119
Start porting stuff from Django templates to Jinja2 - I've only done the lemonauth templates so far, and the layout is missing some meta stuff (hoping to reduce how much of that is needed) but it works 3 years ago
Danielle McLean 70e57e4155
Port the urls for lemonauth, lemonshort, micropub, and wellknowns to path() 4 years ago
Danielle McLean c40372a020
Add cute little Tipper.js tooltips to the profiles on the home h-card 4 years ago
Danielle McLean ffd0d3384e
Upgrade to Tippy.js v2, along with upgrading its dependency Popper.js 4 years ago
Danielle McLean 418f501afa
Use a native checkbox on the login page too 4 years ago
Danielle McLean 7e50300942
Switch the scopes checkboxen from Bootstrap's custom ones to browser-native ones, since the custom one wasn't getting us much 4 years ago
Danielle McLean d5f36bcfbe
Use consistent IDs for each input of the login form 4 years ago
Danielle McLean 7d677734f3
Patch the 'remember this browser' checkbox to work with the current Bootstrap and django-otp-agents versions 4 years ago
Danielle McLean 9f733125a7
Refactor micropub, add basic support for querying - source works great, the other two not so much 4 years ago
Danielle McLean 14723b03ff
Fix regression - the verification tooltips weren't working with FA 5 4 years ago
Danielle McLean 87f04ce988
Use a more helpful page title on IndieAuth authorisation pages 4 years ago
Danielle McLean b89405ed88
Dramatically improved processing of Micropub tokens which supports both the Authorization header and the access_token field approaches 4 years ago
Danielle McLean 6d912de376
Migrate to Font Awesome 5 - every icon used in the site has been updated, but the site icons that live in the database will need fixing separately 4 years ago
Danielle McLean a7f6824334
Implement request caching in Redis so that we don't always have to fetch remote pages every time we want their mf2 items 4 years ago
Danielle McLean cfe0f47d0f
Switch from PyJWT to python-jose, since it supports more features and has more documentation 4 years ago
Danielle McLean 179f5753ed
Implement a token endpoint - currently all tokens last forever and can't be revoked, but I can add revocation later without too much trouble 4 years ago
Danielle McLean 9add6be8e4
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway 4 years ago
Danielle McLean 3d5b537369
Oops, forgot to put .objects after the model to get the actual manager 4 years ago
Danielle McLean ab810a8f94
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 4 years ago
Danielle McLean 43a56e865e
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for 4 years ago
Danielle McLean 40810d6310
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes 4 years ago
Danielle McLean 6f6bb4e534
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter 4 years ago
Danielle McLean 6b1cd896ea
Handle IndieAuth redirect URIs that already have query parameters 4 years ago
Danielle McLean b658bf5c79
Default to form encoding rather than JSON, since legacy clients that don't support JSON usually also don't ask for a certain format 4 years ago
Danielle McLean 92cd38cbb0
Make relative redirect URIs redirect to the right place, by urljoining them with the client ID 4 years ago
Danielle McLean 1c09be1b1c
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 4 years ago
Danielle McLean 41d490ea80
Put the shortcuts for returning 40* responses into lemoncurry.utils 4 years ago
Danielle McLean 06278935b6
Add support for selecting scopes during IndieAuth's 'code' type 4 years ago
Danielle McLean 387e7d859c
Smarter handling of IndieAuth code verification, including verifying the response type is correct 4 years ago
Danielle McLean bfa7f68edc
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500 4 years ago
Danielle McLean e5d3af1b51
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified 4 years ago
Danielle McLean acce72e90e
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho) 4 years ago
Danielle McLean 8b4a14ffa3
On approving an IndieAuth request, actually generate an auth code and redirect 4 years ago
Danielle McLean 221d548e4a
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form 4 years ago
Danielle McLean e2e21f4afa
Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not 4 years ago
Danielle McLean 5690e4bfab
Add some niiiice h-x-app rendering to the authorisation page, so you can get a pretty view of who's trying to auth 4 years ago
Danielle McLean a14d31e9d3
Improve the IndieAuth form: include the state parameter, show more information, etc. 4 years ago
Danielle McLean 93be2f5a32
Half-implement an IndieAuth authorization endpoint - it accepts the right parameters, verifies your client_id, and displays a prompt, but you can't actually approve the auth yet 4 years ago
Danielle McLean d234fd942d
Refactor the login views into their own modules, because I'm about to implement IndieAuth and it's gonna be kinda big 4 years ago