Skip to content

Cookie auth rework / Auth subsystem refactoring and tweaks

Ivan Tashkinov requested to merge auth-improvements into develop

Closes https://git.pleroma.social/pleroma/secteam/pleroma/-/issues/3 & #1909 (closed) and does a lot more of auth improvements, see below.

  • OAuth form user remembering functionality (based on !3109 (closed) / !2780 (closed))
  • Local MastoFE login / logout fixes.
  • Allowed user to revoke belonging tokens from any app (previous code allowed revoking from the same app only).
  • OAuth session-based auth improvements and fixes (i.e. token expiration check). Switched from :user_id to :token_id in session, per !3109 (comment 76413).
  • Integrated LegacyAuthenticationPlug into AuthenticationPlug.
  • Refactoring of auth subsystem.
  • Ensured presence and consistency of :user and :token assigns.
  • Adjusted tests & docs.
Edited by Ivan Tashkinov

Merge request reports

Loading