Commit graph

25 commits

Author SHA1 Message Date
Claudius Coenen
858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Sheogorath
318b2d378f
Allow to disable gravatar
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.

This commit also simplifies and optimizes the avatar code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:40:55 +02:00
Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Christoph (Sheogorath) Kern
551840ad57
Merge pull request #784 from pferreir/add-oauth2-support
Add "generic" OAuth2 support
2018-06-04 15:54:47 +02:00
Sheogorath
70df29790a
Add token based security feature
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.

We can add a GUI that shows it later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 18:26:06 +02:00
Sheogorath
e31d204d74
Fix requests for deleted users
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 16:15:18 +02:00
Sheogorath
69aed93282
Move letter-avatars into own request
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 19:06:59 +02:00
Pedro Ferreira
34df7ccce8 Use TEXT instead of STRING for tokens
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Norihito Nakae
4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Sheogorath
500207545f
Fix broken profile images 2017-09-22 12:40:43 +02:00
BoHong Li
aca01f064d refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
BoHong Li
5870d988b5 Use strict mode in all backend files
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li
4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
Wu Cheng-Han
2aee0f267c Fix user profile photo might not replace to proper size 2017-02-18 20:07:15 +08:00
Wu Cheng-Han
8cfbfa4352 Update to add biggerphoto on parsing user profile 2017-02-03 21:48:36 +08:00
alecdwm
01361afa7a Profile pictures for LDAP users 2017-01-06 05:37:40 +01:00
Wu Cheng-Han
a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Cheng-Han, Wu
f3418a619c Update to use bigger size of profile image 2016-05-21 22:48:21 +08:00
Cheng-Han, Wu
6405bb5056 Add support of google signin 2016-05-21 22:48:00 +08:00
Cheng-Han, Wu
bbc7e26e77 Update to use bigger avatar image and twitter now use screen_name based profile image url 2016-05-20 02:13:22 +08:00
Cheng-Han, Wu
baa946968d Add db migrations for PR #121 2016-05-15 12:20:42 +08:00
Jason Croft
0adc0864d5 Retrieve GitLab avatar. 2016-05-12 13:26:50 -04:00
Jason Croft
a443490ee6 Add accessToken column 2016-05-11 17:04:45 -04:00
Cheng-Han, Wu
49b51e478f Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias) 2016-04-20 18:03:55 +08:00