owncast

mirrors/owncast

Fork 0

mirror of https://github.com/owncast/owncast.git synced 2024-10-24 13:35:57 +03:00

Commit graph

Author	SHA1	Message	Date
Gabe Kangas	a6dbc37a84	fix: add additional validation before making remote requests (#3398 )	2023-10-28 08:15:01 -07:00
Gabe Kangas	f40135dbf2	fix: disable redirects to guard against possible SSRFs	2023-04-24 17:46:58 -07:00
Gabe Kangas	a082cf3a77	Fediverse-based authentication (#1846 ) * Able to authenticate user against IndieAuth. For #1273 * WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272 * Add migration to remove access tokens from user * Add authenticated bool to user for display purposes * Add indieauth modal and auth flair to display names. For #1273 * Validate URLs and display errors * Renames, cleanups * Handle relative auth endpoint paths. Add error handling for missing redirects. * Disallow using display names in use by registered users. Closes #1810 * Verify code verifier via code challenge on callback * Use relative path to authorization_endpoint * Post-rebase fixes * Use a timestamp instead of a bool for authenticated * Propertly handle and display error in modal * Use auth'ed timestamp to derive authenticated flag to display in chat * Fediverse chat auth via OTP * Increase validity time just in case * Add fediverse auth into auth modal * Text, validation, cleanup updates for fedi auth * Fix typo * Remove unused images * Remove unused file * Add chat display name to auth modal text	2022-04-22 17:23:14 -07:00

Author

SHA1

Message

Date

Gabe Kangas

a6dbc37a84

fix: add additional validation before making remote requests (#3398 )

2023-10-28 08:15:01 -07:00

Gabe Kangas

f40135dbf2

fix: disable redirects to guard against possible SSRFs

2023-04-24 17:46:58 -07:00

Gabe Kangas

a082cf3a77

Fediverse-based authentication (#1846 )

* Able to authenticate user against IndieAuth. For #1273

* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272

* Add migration to remove access tokens from user

* Add authenticated bool to user for display purposes

* Add indieauth modal and auth flair to display names. For #1273

* Validate URLs and display errors

* Renames, cleanups

* Handle relative auth endpoint paths. Add error handling for missing redirects.

* Disallow using display names in use by registered users. Closes #1810

* Verify code verifier via code challenge on callback

* Use relative path to authorization_endpoint

* Post-rebase fixes

* Use a timestamp instead of a bool for authenticated

* Propertly handle and display error in modal

* Use auth'ed timestamp to derive authenticated flag to display in chat

* Fediverse chat auth via OTP

* Increase validity time just in case

* Add fediverse auth into auth modal

* Text, validation, cleanup updates for fedi auth

* Fix typo

* Remove unused images

* Remove unused file

* Add chat display name to auth modal text

2022-04-22 17:23:14 -07:00

3 commits