Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-11 15:10:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,473 Commits 75 Branches 492 Tags
2533a2e0747f606bcfd34dd4abeda67000145c14
Commit Graph

191 Commits

Author SHA1 Message Date
Julian Lam
2533a2e074 refactor: add new method user.interstitials.get; DRY 2022-10-11 10:46:12 -04:00
Julian Lam
65b3996ac6 fix: removing duplicate session rerolling code (as it is in passport@^0.6 now) 2022-08-19 12:52:24 -04:00
Barış Soner Uşaklı
489fb3a36f fix: missing req, closes #10847 2022-08-18 09:27:37 -04:00
Barış Soner Uşaklı
6b2a6f9006 test: passport0.6 (#10638) 
* test: passport0.6

* test: make logout async, fix lint

* test: keepSessionInfo flag

* revert: csrf load
 2022-08-13 20:24:42 -04:00
Barış Soner Uşaklı
7e8ad785f4 fix: don't crash if req.body.username is not string 
Error: req.body.username.trim is not a function
File: authenticationController.login (/usr/src/app/src/controllers/authentication.js:247:40)
 2022-08-05 08:11:32 -04:00
Barış Soner Uşaklı
50ed3a324c test: possible fix random psql test failure 2022-03-02 17:51:07 -05:00
Julian Lam
e9ee843b27 fix: CSRF handler to go back to saving in session (#10159) 2022-01-14 13:38:24 -05:00
Barış Soner Uşaklı
fb363957d1 refactor: tab rules 2021-11-18 16:42:18 -05:00
Julian Lam
506c34a84d refactor: simplified utilities API > login rout 
Removed continueLogin override in favour of a simpler `redirectAfterLogin` override
Use passport to authenticate username and password instead of duplicated logic.
 2021-10-22 15:56:31 -04:00
Barış Soner Uşaklı
a0df389021 fix: dont show decimails on auto approva minutes 2021-10-05 10:13:24 -04:00
gasoved
ac1b9692f2 fix: handle undefined returnTo on registerAbort 2021-09-26 09:09:49 -04:00
Barış Soner Uşaklı
3605ac811d fix: possible test fix for subfolder redirect 2021-09-24 19:23:46 -04:00
Barış Soner Uşaklı
2add84a568 fix: remove unused translator 2021-09-21 17:16:21 -04:00
Barış Soner Uşaklı
9f0e55ad3e fix: #9819, show same time info for ban 2021-09-21 17:04:17 -04:00
Barış Soner Uşaklı
a48bbdbfe3 fix: errors from registerComplete 2021-09-03 15:30:05 -04:00
Barış Soner Uşaklı
72710b8040 fix: #9772, regression from 70a04bc105 2021-09-03 12:22:03 -04:00
Barış Soner Uşaklı
42dbd40253 refactor: remove unused async 2021-08-05 13:02:28 -04:00
Barış Soner Uşaklı
6b6a7d4b8a refactor: remove waterfall 2021-08-05 12:52:07 -04:00
Julian Lam
4a521ea218 fix: email update interstitial to not error on empty email field (on new registration) 2021-07-30 15:08:43 -04:00
Julian Lam
70a04bc105 feat: removed registerAndLoginUserCallback local helper, added handling if a bad interstitial doesn't go away nor throw errors 2021-07-30 14:50:56 -04:00
Julian Lam
b3c916414b feat: allow registration interstitial abort to also follow returnTo 2021-07-30 13:29:13 -04:00
gasoved
a917210c5b feat: invites no longer require email 2021-07-30 13:29:13 -04:00
Julian Lam
afd2d8dab1 feat(emails): pass req in to filter:registration.interstitial 2021-07-30 13:29:13 -04:00
Julian Lam
69c96dd23c refactor(emails): more work in update email interstitial, interstitial skipping, email change on confirmation, deprecation of requireEmailConfirmation 2021-07-30 13:29:13 -04:00
Julian Lam
f365bc4600 refactor(emails): interstitial for adding/updating email 2021-07-30 13:29:13 -04:00
Julian Lam
7c1d1c777b refactor(emails): remove email validation on client and server side 2021-07-30 13:29:13 -04:00
Julian Lam
f9728aff2c feat: clear reset tokens on successful login 2021-06-14 11:50:36 -04:00
Julian Lam
816856b0c6 feat: introduce boolean res.locals flag to bypass session reroll (used by session-sharing) 
The session reroll logic is still standard practice, but in some cases, it is not necessary or causes UX issues. An issue opened in session sharing (julianlam/nodebb-plugin-session-sharing#95) brought this to attention in that parsing the cookie to log in the user caused a reroll (as expected), but caused the session open on other tabs to be mismatched. If "re-validate" was turned on, it basically meant that it was not possible to use NodeBB with multiple tabs.

Session sharing now sets `reroll` to `false` if re-validate is enabled.
 2021-06-04 11:37:06 -04:00
Julian Lam
1d9cfe1e96 fix: bug where interstitial errors were not properly passed to the front-end via req.flash 2021-05-17 10:50:58 -04:00
Julian Lam
1fee6a702a fix: #9487, session data gathered during a session is lost upon login 
e.g. returnTo, tids_viewed, etc.
 2021-04-14 16:42:27 -04:00
Julian Lam
697ed3bf37 feat: roll session identifier on login, as security best practice 
see: https://owasp.org/www-community/attacks/Session_fixation
 2021-04-13 21:32:48 -04:00
Julian Lam
e845c34b52 fix: registration interstitials not handling promise rejections properly 2021-04-13 21:32:48 -04:00
Julian Lam
f65d2162f8 feat: update hook 
Hook payload updated to pass login strategy (if overridden, this value will be something other than 'local'), and explicitly pass error if the login failed.
 2021-04-07 14:21:51 -04:00
Julian Lam
98b72ca572 fix: allow local (and overridden) login strategies to pass Error objects back 2021-03-17 12:10:57 -04:00
Julian Lam
f806befd2f fix: bug where loginSeconds setting was ignored for local login 2021-03-03 16:06:58 -05:00
Julian Lam
9bf94ad50f fix: allow interstitial callbacks to be functional (no cb required) 2021-02-26 09:58:54 -05:00
Julian Lam
9a9f366d3b feat: track login sessions for admin dashboard reporting 2021-02-22 11:38:26 -05:00
Julian Lam
020f0b8322 fix: session not persisting to database in some scenarios 
In some edge cases (e.g. SSO plugin redirecting the user immediately), with modern browsers, the request is never "completed" for speed. This causes a condition where the session object never persists to the database, even though it has changed. This added line forces a db persist on a successful login.

Context: https://github.com/expressjs/session/pull/484
 2021-02-22 11:18:30 -05:00
Julian Lam
504fd107c7 feat: track successful logins in analytics 2021-02-22 11:16:43 -05:00
Peter Jaszkowiak
cc9d6fd08b chore: eslint max-len 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
23f212a4c0 chore: eslint prefer-destructuring 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
dab3b23575 chore: eslint no-var, vars-on-top 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
b56d9e12b5 chore: eslint prefer-arrow-callback 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
707b55b6a5 chore: eslint prefer-template 2021-02-08 18:06:44 -05:00
Julian Lam
4f97639009 feat: new hook action:login.continue 2021-02-05 14:31:31 -05:00
Julian Lam
67e3fb6498 fix: register returnTo logic to match login route 
Login route saves the previous page by checking for the X-Return-To header. This header is automatically set by ajaxify.
Login takes this value and saves it to `req.session`.

Up until now, `/register` saved the previous URL in a hidden input, and redirected based on that value, but it occasionally conflicted with req.session.returnTo. It was also confusing because it did not match how login handled the values.

This commit updates the route handling so it works identically to `/login`.
 2021-02-05 11:49:48 -05:00
gasoved
53e0d4d2e0 feat: banned-users group 2021-02-03 15:22:44 -05:00
Julian Lam
7419922040 fix: improper override of req.body.username in login logic 2021-01-29 17:03:44 -05:00
Julian Lam
b820d23401 feat: new hook filter:login.override, deprecate action:auth.overrideLogin 2021-01-29 16:59:57 -05:00
Julian Lam
a186ea0fe3 fix: registration completion overriding returnTo if it was already set 2021-01-22 10:01:42 -05:00