Commit graph

1727 commits

Author SHA1 Message Date
renovate[bot]
e9863c3c8a
chore(deps): pin dependencies (#1646)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-17 00:45:34 +00:00
Philip Molares
5bc1513bd8
feat: add auth e2e tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-02 23:41:32 +02:00
Philip Molares
366057fb8b
feat: add auth controller with internal login, registration, password change and logout
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 22:00:14 +02:00
Philip Molares
cd4ee84ec3
feat: add LoginEnabledGuard and RegistrationEnabledGuard
These guards check if the login or registration are enabled in the config. If so the guarded method is executed, if not the client will get the HTTP Error 400 Forbidden as an answer

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:31:01 +02:00
Philip Molares
46d03571c1
fix: update seed.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:51 +02:00
Philip Molares
5a91662865
feat: add session handling
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:36:13 +02:00
Philip Molares
1c52ad69a6
feat: add identity module
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:23 +02:00
Philip Molares
df10ed92e3
feat: add local auth strategy
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:12 +02:00
Philip Molares
b9cec8aeca
feat: add identity service
This service handles all the authentication of the private api.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:58:54 +02:00
Philip Molares
3cc321f353
feat: add getFirstIdentityFromUser helper function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:46 +02:00
Philip Molares
e7eb6694a6
feat: change email auth config to local
This was done to use the same term. Also email was the old term from HedgeDoc 1 and wildly inaccurate. As we never checked any mail addresses, in fact it was more of a username than anything else.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 19:24:32 +02:00
Philip Molares
43242cccc9
feat: add session to AuthConfig
this handles the settings for the cookie session. The secret and the lifeTime of the cookie can be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 17:46:58 +02:00
Philip Molares
0ef0d1e111
feat: add local auth dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:54:05 +02:00
Philip Molares
5e4eb574c5
chore: add user relation enum
this enum is used to specify which relation of the user object should be populated.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:36 +02:00
Philip Molares
337854c86a
feat: lazy load identities of user object
This makes it possible that we can get identities from any user object even if we didn't specify that while getting them from the orm

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 22:13:16 +02:00
Philip Molares
23e26fb830
chore: move identity entity in its own folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:53:20 +02:00
Philip Molares
547f2239cc
chore: move password related functions from AuthService to utils file
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:47:13 +02:00
Philip Molares
cf8f3b39ec
feat: add ProviderType enum
This is used to give identities a type and to easily get the identity any auth method would need.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:22 +02:00
Philip Molares
d5ff09349d
chore: add passport-local dependency
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:44:54 +02:00
renovate[bot]
d833f35c1a
chore(deps): update dependency prettier to v2.4.1 (#1638)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-16 12:05:49 +00:00
renovate[bot]
250bd0266b
chore(deps): update dependency @types/node to v14.17.16 (#1634)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-15 00:18:47 +00:00
Renovate Bot
8c813abddc
chore(deps): update dependency typescript to v4.4.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-13 18:02:18 +00:00
Renovate Bot
6a017cbca5
fix(deps): update dependency @azure/storage-blob to v12.8.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-13 18:02:31 +00:00
Renovate Bot
bf0e69c081
chore(deps): update dependency prettier to v2.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-13 17:49:41 +00:00
renovate[bot]
f6e0e2ed99
chore(deps): update dependency @typescript-eslint/parser to v4.31.1 (#1630)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-13 17:59:24 +00:00
Philip Molares
d6be1cc6bb
docs: add documentation on private api authentication
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 20:21:16 +02:00
Renovate Bot
faacfc067f
chore(deps): update dependency jest to v27.2.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-13 08:47:08 +00:00
Renovate Bot
50aae8d344
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-13 17:19:57 +00:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
renovate[bot]
170f4f6759
chore(deps): update dependency @types/node to v14.17.15 (#1623)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-07 10:22:27 +00:00
renovate[bot]
74dbdd464d
fix(deps): update dependency node-fetch to v2.6.2 (#1621)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 14:32:50 +00:00
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00
David Mehren
5ecb0c0694
RevisionsService: Refactor getFirst/LastRevision
The functions now expect a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:45:56 +02:00
David Mehren
fe26f1689c
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:28:21 +02:00
David Mehren
341e3a3e5a
HistoryService: Remove getEntryByNoteIdOrAlias
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:57:35 +02:00
David Mehren
d2b60a316f
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:42:46 +02:00
David Mehren
839877dbc5
HistoryService: Refactor updateHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:38:10 +02:00
David Mehren
3396d3e47d
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:19:53 +02:00
David Mehren
e65c19ddd8
Public API: Test that forbidden notes can't be accessed
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:36:03 +02:00
David Mehren
470f09d8fe
Private API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:33:02 +02:00
David Mehren
ed8fd3939c
Public API: Remove superfluous try/catch
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:32:45 +02:00
David Mehren
83869aaa48
Public API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:28:14 +02:00
David Mehren
73be10e606
Implement GetNotePipe
This pipe transforms a note ID or alias to a Note object
by loading it from the database.
It also performs error handling

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:18:54 +02:00
renovate[bot]
3265c72515
chore(deps): lock file maintenance (#1620)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 04:53:58 +00:00
renovate[bot]
5f3024d42f
chore(deps): lock file maintenance (#1618)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 02:24:16 +00:00
Erik Michelson
5d725d04d6
Update readme link to explanation page
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-09-05 11:52:12 +02:00
Renovate Bot
71f15ebec5
chore(deps): update dependency eslint-plugin-prettier to v4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-04 17:19:26 +00:00
Renovate Bot
2e4282bc61
chore(deps): update linters to v4.30.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-09-04 17:19:14 +00:00
David Mehren
b480adc807
Public API: Introduce RequestUser decorator
This introduces the `RequestUser` decorator
to extract the `User` from a request.

It reduces code duplication across the public API
and allows us to drop the override of the `Request` type from express.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-28 19:03:15 +02:00
Yannick Bungers
3b5ccddfcc
Fix copy paste error in auth toAuthTokenDto test
Add an hour difference between createdAt and validUntil to better detect
these errors.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-03 19:15:42 +02:00