Commit graph

34 commits

Author SHA1 Message Date
a7f6824334
Implement request caching in Redis so that we don't always have to fetch remote pages every time we want their mf2 items 2017-11-10 09:17:32 +11:00
cfe0f47d0f
Switch from PyJWT to python-jose, since it supports more features and has more documentation 2017-11-03 17:42:57 +11:00
179f5753ed
Implement a token endpoint - currently all tokens last forever and can't be revoked, but I can add revocation later without too much trouble 2017-11-03 17:18:00 +11:00
9add6be8e4
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway 2017-11-03 16:40:09 +11:00
3d5b537369
Oops, forgot to put .objects after the model to get the actual manager 2017-11-03 16:19:26 +11:00
ab810a8f94
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 2017-11-03 16:14:30 +11:00
43a56e865e
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for 2017-11-03 15:51:27 +11:00
40810d6310
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes 2017-11-03 14:37:39 +11:00
6f6bb4e534
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter 2017-11-03 14:33:27 +11:00
6b1cd896ea
Handle IndieAuth redirect URIs that already have query parameters 2017-11-03 12:14:15 +11:00
b658bf5c79
Default to form encoding rather than JSON, since legacy clients that don't support JSON usually also don't ask for a certain format 2017-11-03 11:51:34 +11:00
92cd38cbb0
Make relative redirect URIs redirect to the right place, by urljoining them with the client ID 2017-11-03 11:28:26 +11:00
1c09be1b1c
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 16:36:16 +11:00
41d490ea80
Put the shortcuts for returning 40* responses into lemoncurry.utils 2017-11-02 16:16:04 +11:00
06278935b6
Add support for selecting scopes during IndieAuth's 'code' type 2017-11-01 13:27:55 +11:00
387e7d859c
Smarter handling of IndieAuth code verification, including verifying the response type is correct 2017-11-01 10:56:49 +11:00
bfa7f68edc
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500 2017-10-30 08:27:19 +11:00
e5d3af1b51
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified 2017-10-29 19:15:29 +11:00
acce72e90e
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho) 2017-10-29 17:07:36 +11:00
8b4a14ffa3
On approving an IndieAuth request, actually generate an auth code and redirect 2017-10-29 16:16:27 +11:00
221d548e4a
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form 2017-10-29 14:39:30 +11:00
e2e21f4afa
Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not 2017-10-27 22:03:25 +11:00
5690e4bfab
Add some niiiice h-x-app rendering to the authorisation page, so you can get a pretty view of who's trying to auth 2017-10-27 21:32:14 +11:00
a14d31e9d3
Improve the IndieAuth form: include the state parameter, show more information, etc. 2017-10-27 13:26:21 +11:00
93be2f5a32
Half-implement an IndieAuth authorization endpoint - it accepts the right parameters, verifies your client_id, and displays a prompt, but you can't actually approve the auth yet 2017-10-26 11:35:57 +11:00
d234fd942d
Refactor the login views into their own modules, because I'm about to implement IndieAuth and it's gonna be kinda big 2017-10-26 11:21:56 +11:00
0328ab97f6
Add support for ogp:url and the much nicer rel="canonical", as well as smarter title handling 2017-10-25 09:25:35 +11:00
7f17d50486
Enable django-otp-agents, for preserving OTP trust over time 2017-10-25 01:46:18 +11:00
3f3bb05a25
Add TOTP support with django-otp 2017-10-25 01:25:03 +11:00
492ba744fc
Adjust breadcrumb label for lemonauth:login to match other labels 2017-10-25 00:55:38 +11:00
9e2c6a6634
Mark login form fields as required 2017-10-25 00:30:44 +11:00
53fbc804bd
Whoops, use correct Bootstrap 4 classes to indicate invalid form fields 2017-10-25 00:30:09 +11:00
84a34c89e7
Enable breadcrumb support, use it on the login view 2017-10-25 00:25:41 +11:00
c210650ca7
Switch from using the admin login/logout pages to custom 'lemonauth' pages 2017-10-24 23:50:57 +11:00