Commit graph

3131 commits

Author SHA1 Message Date
Philip Molares
99d6b39e00 auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
c2d759da53 auth: Add token limit of 200
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
c96edb31a5 tokens: Add token creation
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
28abc37e2c auth: fixes unit and e2e tests
adds MockAuthGuard which always return user 'hardcoded'

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
ee6293f5a3 auth: adds token-auth to public api
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:06 +01:00
Philip Molares
0a3247492a auth: Add cron to clean old tokens
Rename AuthToken.identifier to label

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:04 +01:00
Philip Molares
cc2fcac532 auth: Remove userName parameter of removeToken function
As suggested by @innaytool

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
f68caab6e8 auth: Integrate suggestions by @davidmehren
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
265195e305 auth: Split randomBase64UrlString in two functions
add test for BufferToBase64Url and toAuthTokenDto

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
84ec528d14 auth: Add tests for AuthService
Move AuthTokens to auth folder

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
599fe57ec6 tokens: Add token creation
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
fd70b2d121 auth: fixes unit and e2e tests
adds MockAuthGuard which always return user 'hardcoded'

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
74fd7abfb2 openapi: adds auth to all public api routes
See:
https://docs.nestjs.com/openapi/security
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
8d89614a4d auth: adds token-auth to public api
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:59 +01:00
Philip Molares
9a65a9bd29 private: Add until to token creation
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:53 +01:00
Philip Molares
e8cdbdd677 private: removes collision check for tokens
this seems very unnecessary as the chance of this is 1 / 2^512

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:53 +01:00
Philip Molares
0a1c3426c0 private: fixed token generation bugs
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:53 +01:00
Philip Molares
0bd7a8f4bc db-schema: updates plantuml
adds identifier and createdAt to AuthToken
renames authToken in User to authTokens

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Philip Molares
5e6e5d0e5f private: save token hashed
Auth tokens are now saved in hashed form.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Philip Molares
37a9f6526b auth: hash auth token
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Philip Molares
15ca030b67 auth: add hash function
the hash function uses bcrypt with 2^16 iterations.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Philip Molares
025f24122c private: adds tokens controller
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Philip Molares
a4522d7230 auth: hash auth token
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Philip Molares
cbf6ac912a private: adds tokens controller
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Yannick Bungers
b586b9ffb2
Merge pull request #761 from hedgedoc/renovate/lock-file-maintenance
chore(deps): lock file maintenance
2021-01-25 21:26:31 +01:00
Renovate Bot
cfef216241
chore(deps): lock file maintenance
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 20:21:20 +00:00
David Mehren
da0e79c741
Merge pull request #764 from hedgedoc/renovate/linters
chore(deps): update linters to v4.14.1
2021-01-25 21:20:41 +01:00
Renovate Bot
2f126452ee
chore(deps): update linters to v4.14.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 19:38:27 +00:00
David Mehren
86a1ad9261
Merge pull request #762 from hedgedoc/renovate/test-packages 2021-01-25 12:01:45 +01:00
Renovate Bot
f37c131894
chore(deps): update dependency supertest to v6.1.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 06:43:08 +00:00
Yannick Bungers
9c6845f22b
Merge pull request #757 from hedgedoc/fix/databasename
Make database names consistent
2021-01-23 23:00:18 +01:00
Yannick Bungers
17ceb9c31f Removed special table name in Note object
and changed table names in plantuml file

Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-23 22:26:49 +01:00
David Mehren
db02621d49
Merge pull request #756 from nidico/fix-contributing-dco-link 2021-01-22 18:05:32 +01:00
David Mehren
33a8d2ee26
Merge pull request #753 from hedgedoc/renovate/nestjs-packages
fix(deps): update nestjs packages
2021-01-22 18:02:58 +01:00
Nicolas Dietrich
d1ae76a5f9 Fix link to DCO in contributing docs
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
2021-01-22 17:07:42 +01:00
Renovate Bot
2f575600af
fix(deps): update nestjs packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-22 13:53:55 +00:00
David Mehren
bc62999fc6
Merge pull request #745 from hedgedoc/config/imporveErrorMessages
config: Improve error messages
2021-01-21 22:17:57 +01:00
David Mehren
61920806b9
Merge pull request #749 from hedgedoc/renovate/nestjs-packages
fix(deps): update dependency @nestjs/swagger to v4.7.12
2021-01-21 21:42:17 +01:00
Philip Molares
454a883f17 config: Improve error messages
Add labels to most Joi objects
Convert all auth variable insert names to upper case to prevent inconsistent naming of the variables
Rewrite auth errors to correctly point out the problematic variable
Add tests for the config utils functions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-21 21:35:59 +01:00
Renovate Bot
519c191b42
fix(deps): update dependency @nestjs/swagger to v4.7.12
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-21 14:57:08 +00:00
David Mehren
5cb1f29a2c
Merge pull request #737 from hedgedoc/renovate/linters
Update linters
2021-01-19 12:59:59 +01:00
David Mehren
9b552a6ead
Merge pull request #733 from hedgedoc/config/split 2021-01-19 12:58:23 +01:00
Philip Molares
9c3d329bc9 tests: Removed unnecessary import of appConfigMock
As suggested by an review of David Mehren

Co-authored by: David Mehren <git@herrmehren.de>

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-19 12:45:36 +01:00
Renovate Bot
a949d307d9
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-19 10:06:59 +00:00
David Mehren
ec567aba22
Merge pull request #739 from hedgedoc/renovate/mkdocs-material-6.x
Update dependency mkdocs-material to v6.2.5
2021-01-19 11:06:27 +01:00
Philip Molares
2c4098dc55 config: splits config in multiple files
splits the big appConfig in multiple configs
adds media.config.mock.ts

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 21:19:45 +01:00
Philip Molares
4f6d15439c config: removes unnecessary options
removes options that we don't need from the config
removes linkify-header-style.enum.ts

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 21:19:45 +01:00
Renovate Bot
c4fbe53a51
Update dependency mkdocs-material to v6.2.5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-17 10:38:44 +00:00
David Mehren
7e8e003e14
Merge pull request #734 from hedgedoc/renovate/test-packages
Update dependency supertest to v6.1.1
2021-01-15 22:48:06 +01:00
Yannick Bungers
0d95c29df2
Merge pull request #709 from hedgedoc/fix/api-notes-metadata 2021-01-15 22:47:52 +01:00