Fixes incorrest usage of 400 HTTP responses being returned from the
server, in favor of using 422.
Also, changed a few return codes to 401 where it was more appropriate.
See this article for reasoning behind moving to 422, and why 400 isn't
appropriate for these cases.
For ref:
6be12f8a06
Related:
https://github.com/meanjs/mean/pull/1547https://github.com/meanjs/mean/pull/1510
* Added configuration for owasp. Synchronize client owap configs with the server configs.
Also added a time indicator on failed login attempts to give the user feedback on subsequent failed login attempts.
* switched to handlebar template for passing the server's owasp config down to the client.
reverted some of the other changes (regarding the http request).
* Removed debug code.
* Changed variable name to owaspConfig
* Fixed minor type-o's and set owasp.config() rather than the underlying configs.
* chore(tidy): tidying up minor lint and layout issues
* fix(lint): CSS alphabetize warnings (#1498)
Fixes css lintings warnings of properties not alphabetized.
* fix(authentication) Stops error on signin/signup (#1495)
Uses the passport info object to simplify login and remove the need to
temporarily cache the redirect within the session.
* Moved owasp config into default and reverted other config files.
Modified config to be "shared". This will allow future configurations to be easily passed to the client.
* fixed 403 redirect if not signed in (#1496)
* Update form-article.client.view.html
For New Article, delete function no required
* UI changes for mobile; autofocus
* fixed broken password popover balloon
* add e2e test for autofocus
* Remove test, fix delete social login button
* feat(core): Move template to .github folder
* Deprecated $http success/error promise methods (#1508)
Replaces the $http service calls with promise based methods
of the client-side UsersService for the following:
Users Change Password
Users Manage Social Accounts
Users Password Forgot
Users Password Reset
Users Signup
Users Signin
Modifies tests to reflect changes.
Closes#1479
* rebase
* fix(users) patch OAuth default email issue
- Intentionally omits setting email in constructor to trigger defaults when
creating user. Handles cases where email is not authorized/given by provider.
Related to issue #1250
Replaces the $http service calls with promise based methods
of the client-side UsersService for the following:
Users Change Password
Users Manage Social Accounts
Users Password Forgot
Users Password Reset
Users Signup
Users Signin
Modifies tests to reflect changes.
Closes#1479
The test for authentication use a route /api/users/me. This should probably be upgraded to use
a proper passport mock.
In the meanwhile this should make the returned user object safer - using code from core.
Fixes n/a
This commit introduces handlebars template system and completely replacing Swig and the Consolidate project to handle multiple template systems.
Fixes#1286
* Fix(users): Don't update secure profile fields
Avoid updating secure fields as password, salt ..etc through
user profile update.
Fixes#1420
* Refactor variable name
* fix(articles): Article controllers name conflicts
Fixes the naming conflicts for the Articles controllers.
Due to how Angular injects the controllers into the StateProvider,
naming conflicts were caused between the Articles public & admin module
controllers.
To resolve the issue the referenced controllers in the Articles admin
route configurations must be unique, and match up with the Admin
controllers.
* Client-side tests failing
Fixed the client-side tests that were failing due to the naming
conflicts.
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
Fixes#1415
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
* log file errors to console
Fixes#1415
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
* log file errors to console
* update error handler module to handle file upload errors
Fixes#1415
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
* log file errors to console
* update error handler module to handle file upload errors
Fixes#1415
This feature introduces a breaking change, that restricts the User's that
can create/edit/delete Articles to only those that have the `admin` Role.
Fixed ESLint issues.
Resolved merge conflicts, and moved new client Article Service
`createOrUpdate` functionality to new Admin feature controller.
Removed edit functionality from client-side Article controller.
* Support params to state for menu items.
* feat(core): Add support for params in menu items
Proposed by @scfox
Fixes#1304
* Removed trailing space on test.
* Changed default params to be empty object instead of empty string.
* Use validator.js instead of regexp for validations in User Schema.
* Disables "Unexpected console statement no-console" warnings
* Fixes redirection to wrong URL after login with social networks.
* Use ViewModel vm instead of $scope in manage social accounts controller.
* preserving the option to redirect to a specific URL as done in saveOAuthUserProfile() (thanks to @OneOfTheWorld for pointing out)
Adds client-side tests for the Users Edit Profile client controller.
1) should have user context
2) should update the user profile
3) should set vm.error if error
Related #1283
* Fix for users.profile.server.controller.js security (#1338)
Fixes an issue where if req.body._id was not set to the current user it
could potentially log the current user in as another user.
Don't use req.body._id when editing user
Prevents a user from being logged in as another if edit user form _id is
not their own.
Fixes#1338
* replacing file-stream-rotator with a better logging mechanism using winston which can be extended later for other use cases and integrations
* refactoring logger mechanism, accomodating for tests and environment variable configurations
* only enabling morgan logger if config.log.format option was defined, and disabling the app.log file transport option for the test environment
* disabling all kind of logging when in test enviroment
