Shane Kilkelly
|
7e449c60ed
|
fix tests
|
2016-09-22 16:04:42 +01:00 |
|
Shane Kilkelly
|
dde5b7b830
|
Regenerate session on login, protect against session-fixation attack.
|
2016-09-21 13:03:37 +01:00 |
|
Shane Kilkelly
|
bb71433727
|
Remove getLoggedInUser
|
2016-09-21 09:27:51 +01:00 |
|
Shane Kilkelly
|
2119dcbb58
|
Finalise login workflow, works with login form again.
|
2016-09-15 14:36:11 +01:00 |
|
Shane Kilkelly
|
8e0103a1bc
|
wip: fix unit tests for AuthenticationController
|
2016-09-07 14:05:51 +01:00 |
|
Paulo Reis
|
228de5332e
|
Unit test tracking code.
|
2016-08-11 14:09:57 +01:00 |
|
Shane Kilkelly
|
0ac9b05d02
|
Add ip_address and session_created to the session user object.
|
2016-07-01 15:49:07 +01:00 |
|
Shane Kilkelly
|
f1653d01b7
|
Refactor method names in UserSessionsManager
|
2016-07-01 15:33:59 +01:00 |
|
Brian Gough
|
98a0c54004
|
use parameter for bcrypt rounds, rehash passwords on login if necessary
|
2016-06-17 12:22:03 +01:00 |
|
James Allen
|
3e03164ed4
|
Remove dead auth_token code
|
2016-03-10 17:15:14 +00:00 |
|
Henry Oswald
|
bd54cc722a
|
fixed broken tests in AuthenticationController
|
2016-02-18 10:16:50 +00:00 |
|
James Allen
|
e8f21986dd
|
Refactor registration so it can be called from modules
|
2015-12-11 17:11:20 +00:00 |
|
Henry Oswald
|
7fd29b18a8
|
destroy users session before creating a new one for them after login
session changed to prevent against fixation attacks
|
2015-07-01 15:29:02 +01:00 |
|
Henry Oswald
|
a7640b5bbd
|
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist
|
2015-04-30 11:57:40 +01:00 |
|
James Allen
|
5c30a7de67
|
Add in option for global login requirement (defaults to on)
|
2015-04-15 11:14:53 +01:00 |
|
James Allen
|
8e13ded360
|
Regenerate the session id after logging in or registering
|
2015-02-13 11:18:17 +00:00 |
|
Henry Oswald
|
804bc16bc8
|
redirect users to /register when coming from templates or share url
redirect to /login when going anywhere else (/project /project/1234)
|
2014-11-13 17:12:39 +00:00 |
|
Henry Oswald
|
66ba6e612d
|
Revert "send 401 when login fails"
This reverts commit fb901c6365d37654ba9058f57a71a4e60366688e.
|
2014-08-08 10:21:17 +01:00 |
|
Henry Oswald
|
7976f2f0fe
|
send 401 when login fails
|
2014-08-07 16:28:00 +01:00 |
|
Henry Oswald
|
d047d44079
|
Changed the error messages which are sent down to the client to be translated first
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
|
2014-08-01 14:03:38 +01:00 |
|
James Allen
|
c1afbc66d9
|
Don't error if user is not logged in when compiling
|
2014-05-27 12:33:56 +01:00 |
|
Henry Oswald
|
479b37a48c
|
null check user when getting user id from session
|
2014-04-02 15:56:54 +01:00 |
|
James Allen
|
8715690ce9
|
Intial open source comment
|
2014-02-12 10:23:40 +00:00 |
|