Commit graph

22 commits

Author SHA1 Message Date
1c09be1b1c
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 16:36:16 +11:00
41d490ea80
Put the shortcuts for returning 40* responses into lemoncurry.utils 2017-11-02 16:16:04 +11:00
06278935b6
Add support for selecting scopes during IndieAuth's 'code' type 2017-11-01 13:27:55 +11:00
387e7d859c
Smarter handling of IndieAuth code verification, including verifying the response type is correct 2017-11-01 10:56:49 +11:00
bfa7f68edc
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500 2017-10-30 08:27:19 +11:00
e5d3af1b51
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified 2017-10-29 19:15:29 +11:00
acce72e90e
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho) 2017-10-29 17:07:36 +11:00
8b4a14ffa3
On approving an IndieAuth request, actually generate an auth code and redirect 2017-10-29 16:16:27 +11:00
221d548e4a
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form 2017-10-29 14:39:30 +11:00
e2e21f4afa
Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not 2017-10-27 22:03:25 +11:00
5690e4bfab
Add some niiiice h-x-app rendering to the authorisation page, so you can get a pretty view of who's trying to auth 2017-10-27 21:32:14 +11:00
a14d31e9d3
Improve the IndieAuth form: include the state parameter, show more information, etc. 2017-10-27 13:26:21 +11:00
93be2f5a32
Half-implement an IndieAuth authorization endpoint - it accepts the right parameters, verifies your client_id, and displays a prompt, but you can't actually approve the auth yet 2017-10-26 11:35:57 +11:00
d234fd942d
Refactor the login views into their own modules, because I'm about to implement IndieAuth and it's gonna be kinda big 2017-10-26 11:21:56 +11:00
0328ab97f6
Add support for ogp:url and the much nicer rel="canonical", as well as smarter title handling 2017-10-25 09:25:35 +11:00
7f17d50486
Enable django-otp-agents, for preserving OTP trust over time 2017-10-25 01:46:18 +11:00
3f3bb05a25
Add TOTP support with django-otp 2017-10-25 01:25:03 +11:00
492ba744fc
Adjust breadcrumb label for lemonauth:login to match other labels 2017-10-25 00:55:38 +11:00
9e2c6a6634
Mark login form fields as required 2017-10-25 00:30:44 +11:00
53fbc804bd
Whoops, use correct Bootstrap 4 classes to indicate invalid form fields 2017-10-25 00:30:09 +11:00
84a34c89e7
Enable breadcrumb support, use it on the login view 2017-10-25 00:25:41 +11:00
c210650ca7
Switch from using the admin login/logout pages to custom 'lemonauth' pages 2017-10-24 23:50:57 +11:00