Commit graph

35 commits

Author SHA1 Message Date
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
Erik Michelson
73d9c3231b refactor(backend): rename auth to public-auth-token
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-02 10:33:08 +02:00
Erik Michelson
9597ac5422 feat(notes): check for equal alias or note id
When creating a new note or adding a new alias to one,
it is checked that the new name
is neither forbidden nor already in use.

Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:15:11 +02:00
Erik Michelson
8693edbf6a refactor(media): add media redirection endpoint
Previous versions of HedgeDoc suffered from the problem
that changing the media backend required manipulation of
the media links in all created notes. We discussed in
#3704 that it's favourable to have an endpoint that
redirects to the image's original URL. When changing the
media backend, the link stays the same but just the
redirect changes.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:11:49 +02:00
Erik Michelson
92bde4d281 enhancement(api-tokens): add prefix and more strict validation
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-09 10:54:35 +02:00
David Mehren
f8f198f9c9 feat: add initial database migration
Signed-off-by: David Mehren <git@herrmehren.de>
2023-10-08 17:58:32 +02:00
Yannick Bungers
fbd5fa8b07 Remove not needed TODOs
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
8879b51344 Adding issues for TODOs
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Tilman Vatteroth
0111f2b65e fix(backend): format code
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-08-15 20:16:09 +00:00
Yannick Bungers
f362d27d3f Move session entity to sessions folder
Signed-off-by: Yannick Bungers <git@innay.de>
2023-07-06 12:07:44 +02:00
Tilman Vatteroth
ac825edbe3 fix: replace RouterModule from nest-router with @nestjs/core
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-16 23:00:06 +02:00
Philip Molares
0a8945d934 feat(backend): handle username always in lowercase
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-04 21:55:19 +02:00
Yannick Bungers
d73bbcaeff fix: increase test coverage
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338 feat: Add guest file uploads and add deletion for note owners
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Tilman Vatteroth
825b3b72ff test: add e2e tests for note permissions
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 22:34:24 +02:00
Erik Michelson
408d82e280 enhancement(auth): better error message handling
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
Erik Michelson
ca9836d691 enhancement(auth): better error message handling
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
David Mehren
81531b6559 test: use correct note content
The `works with an existing note` test was refactored to use testSetup
notes, but didn't use the correct content to compare to.

It's unclear why this test is only failing now.

Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-25 12:43:27 +01:00
David Mehren
944304b274 test(setup): use HD_BASE_URL
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
15a691b364 test(public/notes): compare permission lists as Set
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
5fc6265b77 test(public/notes): update tests for default groups
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
679d8a8655 refactor(default-access-level): rename from default-access-permission
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
976e5671fa test(e2e/public/notes): test permission api
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
3884d79474 test(e2e/public/notes): enable real auth
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
845861a030 style: fix linting errors
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
1f2cec2f7c test(e2e/public/media): test using real auth
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
4271ef740c test: use constant credentials
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
4ade25036e test(setup): set HD_DOMAIN
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
7256717611 test(e2e/private/tokens): check token can't be deleted by wrong user
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
e52cf4b4ae test(e2e/private/media): check upload can't be deleted by wrong user
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
Tilman Vatteroth
5e1fdbe81d fix(config): Replace HD_DOMAIN and HD_EDITOR_BASE_URL with HD_BASE_URL
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 22:32:31 +01:00
Philip Molares
8ee2d809c7 test(backend): add regression test for issue #3135
When a PasswordTooWeakError is encountered the newly created user should be removed again. This should prevent registration error from "burning" usernames for further use.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:15:28 +01:00
Philip Molares
0ec9edc07d test(backend): change registration disabled error code
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:14:01 +01:00
David Mehren
b311265762 fix(media-controller): throw if no file was uploaded
Signed-off-by: David Mehren <git@herrmehren.de>
2022-12-30 11:02:56 +01:00
Tilman Vatteroth
bf30cbcf48 fix(repository): Move backend code into subdirectory
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-10-30 22:46:42 +01:00