Commit graph

65 commits

Author SHA1 Message Date
Henry Oswald
7fd29b18a8 destroy users session before creating a new one for them after login
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Henry Oswald
a7640b5bbd changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 11:57:40 +01:00
James Allen
5c30a7de67 Add in option for global login requirement (defaults to on) 2015-04-15 11:14:53 +01:00
James Allen
000f01fbeb Remove unneeded uid module 2015-02-17 11:21:50 +00:00
James Allen
8e13ded360 Regenerate the session id after logging in or registering 2015-02-13 11:18:17 +00:00
Henry Oswald
804bc16bc8 redirect users to /register when coming from templates or share url
redirect to /login when going anywhere else (/project /project/1234)
2014-11-13 17:12:39 +00:00
James Allen
dbd85a05f1 Send user features and features switches to views where needed 2014-10-07 13:31:13 +01:00
Henry Oswald
66ba6e612d Revert "send 401 when login fails"
This reverts commit fb901c6365d37654ba9058f57a71a4e60366688e.
2014-08-08 10:21:17 +01:00
Henry Oswald
7976f2f0fe send 401 when login fails 2014-08-07 16:28:00 +01:00
Henry Oswald
d047d44079 Changed the error messages which are sent down to the client to be translated first
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
2014-08-01 14:03:38 +01:00
James Allen
e4d9d03f55 Improve feedback on login/register forms 2014-07-11 17:08:19 +01:00
James Allen
c1afbc66d9 Don't error if user is not logged in when compiling 2014-05-27 12:33:56 +01:00
Henry Oswald
479b37a48c null check user when getting user id from session 2014-04-02 15:56:54 +01:00
James Allen
8715690ce9 Intial open source comment 2014-02-12 10:23:40 +00:00