35 commits

Author	SHA1	Message	Date
James Allen	62de9d8946	Move test/UnitTests -> unit/test	2017-11-27 17:10:22 +00:00
Shane Kilkelly	0e26222551	Don't redirect to images, icons, etc, in login workflow	2017-05-12 15:46:16 +01:00
Shane Kilkelly	043520fc28	Remove the Metrics module, use metrics-sharelatex	2017-04-03 16:18:30 +01:00
Henry Oswald	cff922a0f5	idendify -> identify	2017-03-22 16:01:26 +00:00
Henry Oswald	ebdce6169e	idendifyUser on login	2017-03-22 15:50:49 +00:00
Shane Kilkelly	1137ab0715	Don't record redirect to static asset paths	2017-01-17 14:35:37 +00:00
Shane Kilkelly	f5ced03074	Set redirect when sending user to login page. ... Allows smart redirecting to work when public access is turned off.	2017-01-10 15:42:36 +00:00
Shane Kilkelly	22101d0305	If user is sent to login page with explicit redirect, obey	2016-11-24 11:38:13 +00:00
Shane Kilkelly	8a4352fff2	Set redirect when redirecting from restricted	2016-11-22 16:54:03 +00:00
Shane Kilkelly	8089bb55a4	use session for the post-login redirect, remove redir query string.	2016-11-22 14:24:36 +00:00
Shane Kilkelly	a373868862	Fix unit tests	2016-11-08 16:00:18 +00:00
Shane Kilkelly	9cb3d8c4b8	Enable hook from module into passport init.	2016-11-01 14:06:54 +00:00
Shane Kilkelly	dd14e51713	Handle null, undefined and false in isUserLoggedIn	2016-09-23 16:53:07 +01:00
Shane Kilkelly	dbac4bd008	update session when user settings change	2016-09-22 16:58:25 +01:00
Shane Kilkelly	7e449c60ed	fix tests	2016-09-22 16:04:42 +01:00
Shane Kilkelly	dde5b7b830	Regenerate session on login, protect against session-fixation attack.	2016-09-21 13:03:37 +01:00
Shane Kilkelly	bb71433727	Remove getLoggedInUser	2016-09-21 09:27:51 +01:00
Shane Kilkelly	2119dcbb58	Finalise login workflow, works with login form again.	2016-09-15 14:36:11 +01:00
Shane Kilkelly	8e0103a1bc	wip: fix unit tests for AuthenticationController	2016-09-07 14:05:51 +01:00
Paulo Reis	228de5332e	Unit test tracking code.	2016-08-11 14:09:57 +01:00
Shane Kilkelly	0ac9b05d02	Add ip_address and session_created to the session user object.	2016-07-01 15:49:07 +01:00
Shane Kilkelly	f1653d01b7	Refactor method names in UserSessionsManager	2016-07-01 15:33:59 +01:00
James Allen	3e03164ed4	Remove dead auth_token code	2016-03-10 17:15:14 +00:00
Henry Oswald	bd54cc722a	fixed broken tests in AuthenticationController	2016-02-18 10:16:50 +00:00
Henry Oswald	7fd29b18a8	destroy users session before creating a new one for them after login ... session changed to prevent against fixation attacks	2015-07-01 15:29:02 +01:00
Henry Oswald	a7640b5bbd	changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist	2015-04-30 11:57:40 +01:00
James Allen	5c30a7de67	Add in option for global login requirement (defaults to on)	2015-04-15 11:14:53 +01:00
James Allen	8e13ded360	Regenerate the session id after logging in or registering	2015-02-13 11:18:17 +00:00
Henry Oswald	804bc16bc8	redirect users to /register when coming from templates or share url ... redirect to /login when going anywhere else (/project /project/1234)	2014-11-13 17:12:39 +00:00
Henry Oswald	66ba6e612d	Revert "send 401 when login fails" ... This reverts commit fb901c6365d37654ba9058f57a71a4e60366688e.	2014-08-08 10:21:17 +01:00
Henry Oswald	7976f2f0fe	send 401 when login fails	2014-08-07 16:28:00 +01:00
Henry Oswald	d047d44079	Changed the error messages which are sent down to the client to be translated first ... fixed up tests from titles we check when rendering, deleted them as they never catch anything important, more hastle than they are worth imo.	2014-08-01 14:03:38 +01:00
James Allen	c1afbc66d9	Don't error if user is not logged in when compiling	2014-05-27 12:33:56 +01:00
Henry Oswald	479b37a48c	null check user when getting user id from session	2014-04-02 15:56:54 +01:00
James Allen	8715690ce9	Intial open source comment	2014-02-12 10:23:40 +00:00