|
cfe0f47d0f
|
Switch from PyJWT to python-jose, since it supports more features and has more documentation
|
2017-11-03 17:42:57 +11:00 |
|
|
5b70c59f83
|
Advertise the new token endpoint
|
2017-11-03 17:19:25 +11:00 |
|
|
179f5753ed
|
Implement a token endpoint - currently all tokens last forever and can't be revoked, but I can add revocation later without too much trouble
|
2017-11-03 17:18:00 +11:00 |
|
|
9add6be8e4
|
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway
|
2017-11-03 16:40:09 +11:00 |
|
|
3d5b537369
|
Oops, forgot to put .objects after the model to get the actual manager
|
2017-11-03 16:19:26 +11:00 |
|
|
ab810a8f94
|
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant
|
2017-11-03 16:14:30 +11:00 |
|
|
43a56e865e
|
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for
|
2017-11-03 15:51:27 +11:00 |
|
|
40810d6310
|
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes
|
2017-11-03 14:37:39 +11:00 |
|
|
6f6bb4e534
|
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter
|
2017-11-03 14:33:27 +11:00 |
|
|
6b1cd896ea
|
Handle IndieAuth redirect URIs that already have query parameters
|
2017-11-03 12:14:15 +11:00 |
|
|
b658bf5c79
|
Default to form encoding rather than JSON, since legacy clients that don't support JSON usually also don't ask for a certain format
|
2017-11-03 11:51:34 +11:00 |
|
|
92cd38cbb0
|
Make relative redirect URIs redirect to the right place, by urljoining them with the client ID
|
2017-11-03 11:28:26 +11:00 |
|
|
1c09be1b1c
|
Switch from database-persisted auth codes to stateless JSON Web Tokens :)
|
2017-11-02 16:36:16 +11:00 |
|
|
41d490ea80
|
Put the shortcuts for returning 40* responses into lemoncurry.utils
|
2017-11-02 16:16:04 +11:00 |
|
|
1e56d5a09a
|
Install django-model-utils and use it for automatic timestamp fields on entries
|
2017-11-02 12:59:23 +11:00 |
|
|
4b4ab324cc
|
Enable analytics in production
|
2017-11-01 16:18:48 +11:00 |
|
|
06278935b6
|
Add support for selecting scopes during IndieAuth's 'code' type
|
2017-11-01 13:27:55 +11:00 |
|
|
0a202a215d
|
Include references to the Atom and RSS feeds in the host-meta
|
2017-11-01 11:09:12 +11:00 |
|
|
387e7d859c
|
Smarter handling of IndieAuth code verification, including verifying the response type is correct
|
2017-11-01 10:56:49 +11:00 |
|
|
5555cdfd1e
|
Render the entry content to HTML when syndicating it as Atom or RSS
|
2017-11-01 09:32:42 +11:00 |
|
|
730a2bcb9d
|
Added support for RSS and Atom feeds, because why not
|
2017-11-01 09:29:59 +11:00 |
|
|
c34ec965a1
|
Improved host-meta support, with correct JRD format and more links to stuff
|
2017-10-31 15:42:20 +11:00 |
|
|
ee9992603c
|
1.5.2
|
2017-10-31 15:10:22 +11:00 |
|
|
5aa4eed816
|
Add simple /robots.txt support
|
2017-10-31 15:10:13 +11:00 |
|
|
7090db3c37
|
Add JSON-LD support to entries too, mostly so Google can understand the site a little better
|
2017-10-31 14:51:50 +11:00 |
|
|
371401d441
|
Teach users how to generate their own JSON-LD representation rather than doing it in the view code
|
2017-10-31 14:33:16 +11:00 |
|
|
a86188fcb6
|
Put the JSON-LD version of my user profile inside my h-card, so it's easy to access with an mf2 parser if you want it (although I dunno why you would)
|
2017-10-31 14:24:30 +11:00 |
|
|
91fc632703
|
Tweak the styling of entry footers
|
2017-10-31 14:05:34 +11:00 |
|
|
b053ba3c88
|
Order sites by domain rather than by name
|
2017-10-31 13:57:55 +11:00 |
|
|
8a9f41759e
|
Add a field site.domain, so that profiles can be labeled as username@domain, WebFinger style
|
2017-10-31 13:47:47 +11:00 |
|
|
76305543fa
|
Just glue the netloc and path together rather than using urlunparse - it doesn't need to be a valid URL, just a nice-looking one
|
2017-10-30 15:02:49 +11:00 |
|
|
71295e30f0
|
1.5.1
|
2017-10-30 14:59:18 +11:00 |
|
|
52106f1d3f
|
Make shortlinks discoverable by displaying them on each entry, with extraneous bits trimmed out
|
2017-10-30 14:59:02 +11:00 |
|
|
65ff5f947a
|
Set the short base URL to my new short domain
|
2017-10-30 14:25:40 +11:00 |
|
|
93e3fa5412
|
Add a Forwardfile for development
|
2017-10-30 13:31:27 +11:00 |
|
|
e0dfdafdc0
|
Delegate OpenID authentication to IndieAuth - OpenID is barely used nowadays but this is such a tiny change I might as well do it
|
2017-10-30 11:46:38 +11:00 |
|
|
3f4c5bbc11
|
Replace use of abandoned rev="canonical" with rel="shortlink"
|
2017-10-30 10:03:08 +11:00 |
|
|
bfa7f68edc
|
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500
|
2017-10-30 08:27:19 +11:00 |
|
|
d87d49e67b
|
Default the Accept header to */* if there isn't one provided
|
2017-10-30 08:24:36 +11:00 |
|
|
e8214b45ef
|
Use an absolute URI for the IndieAuth authorisation endpoint - many IndieAuth clients don't resolve the relative URI correctly
|
2017-10-30 08:08:11 +11:00 |
|
|
75ed4503c8
|
Make some little quality-of-life improvements to the Django admin for my models
|
2017-10-29 22:44:11 +11:00 |
|
|
63b0ec45e9
|
Keep images in entry content inside the card, oops
|
2017-10-29 19:39:31 +11:00 |
|
|
53b7b86515
|
Whoops, allow images in bleached content
|
2017-10-29 19:35:57 +11:00 |
|
|
e5d3af1b51
|
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified
|
2017-10-29 19:15:29 +11:00 |
|
|
3c95eeeefb
|
Insist on Python 3.6, since the 'secrets' module for making secure tokens isn't available in 3.5
|
2017-10-29 17:13:28 +11:00 |
|
|
486eec2448
|
1.5.0
|
2017-10-29 17:08:43 +11:00 |
|
|
360063845e
|
Make the IndieAuth authorisation endpoint discoverable :o
|
2017-10-29 17:08:36 +11:00 |
|
|
acce72e90e
|
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho)
|
2017-10-29 17:07:36 +11:00 |
|
|
8b4a14ffa3
|
On approving an IndieAuth request, actually generate an auth code and redirect
|
2017-10-29 16:16:27 +11:00 |
|
|
221d548e4a
|
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form
|
2017-10-29 14:39:30 +11:00 |
|