Stefan Bühler
c4f8fb78ee
don't require referer to find note id in socket.io connections ( fixes #623 )
...
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
2018-02-05 14:26:42 +01:00
Sheogorath
eddf8a3a33
Fix uncaught exception for non-existent user
...
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 21:53:36 +01:00
Christoph (Sheogorath) Kern
adc781f7e3
Merge pull request #704 from SISheogorath/fix/ldapProviderName
...
Fix ldap provider name in template
2018-01-29 15:59:27 +01:00
Sheogorath
bd92010dd2
Remove camel case from imageuploadtype
in config
...
This removes the only camel cased option of the config options
**we** added to the config.json.
In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.
Fixes #315
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath
e44751b3f1
Fix ldap provider name in template
...
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 10:46:22 +01:00
Christoph (Sheogorath) Kern
584f1c5249
Merge pull request #691 from SISheogorath/feature/upload
...
Allow more detailed configuration of upload mime types
2018-01-23 12:10:33 +01:00
Sheogorath
817bb9e639
Fix broken port config
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-23 12:00:11 +01:00
Christoph (Sheogorath) Kern
eec2318bda
Merge pull request #506 from erasys/minio
...
Add support for minio
2018-01-23 11:43:24 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
...
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Christoph (Sheogorath) Kern
268c81a323
Merge pull request #673 from fooker/master
...
Allow posting new note with content
2018-01-20 19:45:41 +01:00
Sheogorath
a7935a595a
Allow more detailed configuration of upload mime types
...
Fixes #637
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20 15:16:53 +01:00
Dario Ernst
6ae4b8bf13
Add option to enable freely
permission in closed instance
...
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.
Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Christoph (Sheogorath) Kern
60005d3039
Merge pull request #686 from SISheogorath/feature/configVersion
...
Load version from package.json
2018-01-19 14:34:54 +01:00
Sheogorath
583aa4f462
Load version from package.json
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-19 13:54:19 +01:00
Wu Cheng-Han
608008753f
Fix not passing app key correctly in dropbox config
2018-01-19 00:25:08 +08:00
Sheogorath
11a5dd0eb4
Release 1.0.0-ce
2018-01-18 13:03:18 +01:00
Sheogorath
8bf8a1aef1
Ignore empty values for revision.
...
Fixes #420
2018-01-18 11:19:47 +01:00
Christoph (Sheogorath) Kern
8375544dea
Merge pull request #636 from laysdra7265/fix/sslcapath
...
Fix sslcapath bug
2018-01-18 11:17:17 +01:00
Christoph (Sheogorath) Kern
af082d9347
Merge pull request #567 from ccoenen/fix-mysql-text-length
...
converting all content fields to MEDIUMTEXT (affects MySQL only)
2018-01-18 11:16:59 +01:00
Dustin Frisch
f47601857e
Allow posting new note with content
...
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-01-18 10:41:58 +01:00
Max Wu
68879d20ed
Fix minor typos
...
of wrong parameters passing order and wrong user object indexing in for each function
2018-01-16 15:51:24 +08:00
Christoph (Sheogorath) Kern
45976a8916
Update index.js
2017-12-22 12:25:13 +01:00
Christoph (Sheogorath) Kern
fc626a6724
Simplify loop
2017-12-22 12:19:19 +01:00
Peter Dave Hello
76873d3f7e
Fix file permission, remove useless executable
2017-12-14 05:05:18 +08:00
Christoph (Sheogorath) Kern
17e3b8b5cd
Merge branch 'master' into ldap-username-field
2017-12-12 10:27:22 +01:00
alecdwm
5e5a021ce0
parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated array
...
Signed-off-by: Alec WM <firstcontact@owls.io>
2017-12-09 20:33:57 +01:00
Lukas Kalbertodt
612b2d1811
Add setting ldap.usernameField
...
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
2017-12-09 12:30:48 +01:00
LaysDragon
9949795533
fixed sslcapath bug
2017-12-05 12:06:10 +08:00
Norihito Nakae
2db2ff484f
added guide for SAML settings
2017-12-04 20:13:15 +09:00
Norihito Nakae
410268da74
added environment variables for SAML
2017-11-29 20:26:28 +09:00
Norihito Nakae
a22be81feb
fixed the SAML callback URL to unconfigurable.
2017-11-29 15:45:32 +09:00
Norihito Nakae
4a4ae9d332
Initial support for SAML authentication
2017-11-28 18:52:24 +09:00
Sheogorath
8808399c48
Fix mattermost breaking notes
2017-10-31 13:48:35 +01:00
Christoph Witzany
5cda55086a
Add mattermost authentication
2017-10-31 10:34:51 +01:00
Sheogorath
881e800fd8
Merge pull request #562 from SISheogorath/fix/LDAP
...
Fix LDAP problem about missing uidNumber
2017-10-27 12:48:45 +02:00
geekyd
f7d2ef970a
Adds 403 response if PDF export is disabled
2017-10-25 19:21:34 +05:30
geekyd
d63e6780eb
Adds PDF export via config
2017-10-25 19:19:37 +05:30
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
...
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive
2017-10-22 00:03:46 +02:00
Literallie
0cbdc852cb
CSP: Allow more content types
2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS
2017-10-22 00:03:45 +02:00
Literallie
5d2d3ec875
CSP: Upgrade insecure requests if possible
...
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie
ba183ce654
Add basic CSP support
2017-10-22 00:03:44 +02:00
Claudius Coenen
cc49ce55c8
Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent truncation of data.
2017-10-16 10:13:11 +02:00
Literallie
6bdc90d6ff
Add env vars for extra HSTS options
2017-10-13 01:42:05 +02:00
Literallie
1634d5c567
Add on/off env var for HSTS
2017-10-13 01:42:05 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584
2017-10-13 01:42:05 +02:00
Sheogorath
f93a14e3e1
Fix LDAP problem about missing uidNumber
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-12 14:52:28 +02:00
Sheogorath
53c2d0b5ca
Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT
...
Fix missing boolean setting for HMD_URL_ADDPORT
2017-10-12 00:01:27 +02:00
Sheogorath
89c60d1331
Fix missing boolean setting for HMD_URL_ADDPORT
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-11 23:13:22 +02:00