Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
...
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Christoph (Sheogorath) Kern
551840ad57
Merge pull request #784 from pferreir/add-oauth2-support
...
Add "generic" OAuth2 support
2018-06-04 15:54:47 +02:00
Sheogorath
70df29790a
Add token based security feature
...
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 18:26:06 +02:00
Sheogorath
e31d204d74
Fix requests for deleted users
...
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 16:15:18 +02:00
Sheogorath
69aed93282
Move letter-avatars into own request
...
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.
This implementation probably needs some beautification. But already fixes
the bug.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 19:06:59 +02:00
Pedro Ferreira
34df7ccce8
Use TEXT instead of STRING for tokens
...
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Norihito Nakae
4a4ae9d332
Initial support for SAML authentication
2017-11-28 18:52:24 +09:00
Christoph Witzany
5cda55086a
Add mattermost authentication
2017-10-31 10:34:51 +01:00
Sheogorath
500207545f
Fix broken profile images
2017-09-22 12:40:43 +02:00
BoHong Li
aca01f064d
refactor: Remove require
extension filename
2017-05-08 19:29:06 +08:00
BoHong Li
5870d988b5
Use strict mode in all backend files
...
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li
4889e9732d
Use JavaScript Standard Style
...
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
Wu Cheng-Han
2aee0f267c
Fix user profile photo might not replace to proper size
2017-02-18 20:07:15 +08:00
Wu Cheng-Han
8cfbfa4352
Update to add biggerphoto on parsing user profile
2017-02-03 21:48:36 +08:00
alecdwm
01361afa7a
Profile pictures for LDAP users
2017-01-06 05:37:40 +01:00
Wu Cheng-Han
a73d9ce39e
Update to support optional email register and signin
2016-12-02 01:58:14 +08:00
Cheng-Han, Wu
f3418a619c
Update to use bigger size of profile image
2016-05-21 22:48:21 +08:00
Cheng-Han, Wu
6405bb5056
Add support of google signin
2016-05-21 22:48:00 +08:00
Cheng-Han, Wu
bbc7e26e77
Update to use bigger avatar image and twitter now use screen_name based profile image url
2016-05-20 02:13:22 +08:00
Cheng-Han, Wu
baa946968d
Add db migrations for PR #121
2016-05-15 12:20:42 +08:00
Jason Croft
0adc0864d5
Retrieve GitLab avatar.
2016-05-12 13:26:50 -04:00
Jason Croft
a443490ee6
Add accessToken column
2016-05-11 17:04:45 -04:00
Cheng-Han, Wu
49b51e478f
Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias)
2016-04-20 18:03:55 +08:00