Commit graph

19 commits

Author SHA1 Message Date
Erik Michelson
9597ac5422 feat(notes): check for equal alias or note id
When creating a new note or adding a new alias to one,
it is checked that the new name
is neither forbidden nor already in use.

Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:15:11 +02:00
Erik Michelson
8693edbf6a refactor(media): add media redirection endpoint
Previous versions of HedgeDoc suffered from the problem
that changing the media backend required manipulation of
the media links in all created notes. We discussed in
#3704 that it's favourable to have an endpoint that
redirects to the image's original URL. When changing the
media backend, the link stays the same but just the
redirect changes.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:11:49 +02:00
Erik Michelson
92bde4d281 enhancement(api-tokens): add prefix and more strict validation
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-09 10:54:35 +02:00
Tilman Vatteroth
0111f2b65e fix(backend): format code
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-08-15 20:16:09 +00:00
Philip Molares
0a8945d934 feat(backend): handle username always in lowercase
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-04 21:55:19 +02:00
Yannick Bungers
d73bbcaeff fix: increase test coverage
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338 feat: Add guest file uploads and add deletion for note owners
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Tilman Vatteroth
825b3b72ff test: add e2e tests for note permissions
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 22:34:24 +02:00
Erik Michelson
408d82e280 enhancement(auth): better error message handling
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
Erik Michelson
ca9836d691 enhancement(auth): better error message handling
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
David Mehren
845861a030 style: fix linting errors
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
1f2cec2f7c test(e2e/public/media): test using real auth
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
4271ef740c test: use constant credentials
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
7256717611 test(e2e/private/tokens): check token can't be deleted by wrong user
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
e52cf4b4ae test(e2e/private/media): check upload can't be deleted by wrong user
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
Philip Molares
8ee2d809c7 test(backend): add regression test for issue #3135
When a PasswordTooWeakError is encountered the newly created user should be removed again. This should prevent registration error from "burning" usernames for further use.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:15:28 +01:00
Philip Molares
0ec9edc07d test(backend): change registration disabled error code
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:14:01 +01:00
David Mehren
b311265762 fix(media-controller): throw if no file was uploaded
Signed-off-by: David Mehren <git@herrmehren.de>
2022-12-30 11:02:56 +01:00
Tilman Vatteroth
bf30cbcf48 fix(repository): Move backend code into subdirectory
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-10-30 22:46:42 +01:00