Idea proposed by @sparshy #1204
Suggestions, rules and tests from Trustroots @simison
Added validations on user server model
Added client side validations
Added relevant tests on user server tests
Added relevant tests on user e2e tests
Fixes#1204
* Added configuration for owasp. Synchronize client owap configs with the server configs.
Also added a time indicator on failed login attempts to give the user feedback on subsequent failed login attempts.
* switched to handlebar template for passing the server's owasp config down to the client.
reverted some of the other changes (regarding the http request).
* Removed debug code.
* Changed variable name to owaspConfig
* Fixed minor type-o's and set owasp.config() rather than the underlying configs.
* chore(tidy): tidying up minor lint and layout issues
* fix(lint): CSS alphabetize warnings (#1498)
Fixes css lintings warnings of properties not alphabetized.
* fix(authentication) Stops error on signin/signup (#1495)
Uses the passport info object to simplify login and remove the need to
temporarily cache the redirect within the session.
* Moved owasp config into default and reverted other config files.
Modified config to be "shared". This will allow future configurations to be easily passed to the client.
* fixed 403 redirect if not signed in (#1496)
* Update form-article.client.view.html
For New Article, delete function no required
* UI changes for mobile; autofocus
* fixed broken password popover balloon
* add e2e test for autofocus
* Remove test, fix delete social login button
* feat(core): Move template to .github folder
* Deprecated $http success/error promise methods (#1508)
Replaces the $http service calls with promise based methods
of the client-side UsersService for the following:
Users Change Password
Users Manage Social Accounts
Users Password Forgot
Users Password Reset
Users Signup
Users Signin
Modifies tests to reflect changes.
Closes#1479
* rebase
Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user.
Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter.
