Commit graph

30 commits

Author SHA1 Message Date
Shane Kilkelly
8089bb55a4 use session for the post-login redirect, remove redir query string. 2016-11-22 14:24:36 +00:00
Shane Kilkelly
a373868862 Fix unit tests 2016-11-08 16:00:18 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Henry Oswald
3141f91b59 Merge pull request #322 from sharelatex/ho-password-limits
Ho password limits
2016-10-05 10:03:54 +01:00
Shane Kilkelly
dd14e51713 Handle null, undefined and false in isUserLoggedIn 2016-09-23 16:53:07 +01:00
Henry Oswald
8a2b7d0461 server side protect passwords which are too long 2016-09-23 16:51:46 +01:00
Shane Kilkelly
dbac4bd008 update session when user settings change 2016-09-22 16:58:25 +01:00
Shane Kilkelly
7e449c60ed fix tests 2016-09-22 16:04:42 +01:00
Shane Kilkelly
dde5b7b830 Regenerate session on login, protect against session-fixation attack. 2016-09-21 13:03:37 +01:00
Shane Kilkelly
bb71433727 Remove getLoggedInUser 2016-09-21 09:27:51 +01:00
Shane Kilkelly
2119dcbb58 Finalise login workflow, works with login form again. 2016-09-15 14:36:11 +01:00
Shane Kilkelly
8e0103a1bc wip: fix unit tests for AuthenticationController 2016-09-07 14:05:51 +01:00
Paulo Reis
228de5332e Unit test tracking code. 2016-08-11 14:09:57 +01:00
Shane Kilkelly
0ac9b05d02 Add ip_address and session_created to the session user object. 2016-07-01 15:49:07 +01:00
Shane Kilkelly
f1653d01b7 Refactor method names in UserSessionsManager 2016-07-01 15:33:59 +01:00
Brian Gough
98a0c54004 use parameter for bcrypt rounds, rehash passwords on login if necessary 2016-06-17 12:22:03 +01:00
James Allen
3e03164ed4 Remove dead auth_token code 2016-03-10 17:15:14 +00:00
Henry Oswald
bd54cc722a fixed broken tests in AuthenticationController 2016-02-18 10:16:50 +00:00
James Allen
e8f21986dd Refactor registration so it can be called from modules 2015-12-11 17:11:20 +00:00
Henry Oswald
7fd29b18a8 destroy users session before creating a new one for them after login
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
a7640b5bbd changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 11:57:40 +01:00
James Allen
5c30a7de67 Add in option for global login requirement (defaults to on) 2015-04-15 11:14:53 +01:00
James Allen
8e13ded360 Regenerate the session id after logging in or registering 2015-02-13 11:18:17 +00:00
Henry Oswald
804bc16bc8 redirect users to /register when coming from templates or share url
redirect to /login when going anywhere else (/project /project/1234)
2014-11-13 17:12:39 +00:00
Henry Oswald
66ba6e612d Revert "send 401 when login fails"
This reverts commit fb901c6365d37654ba9058f57a71a4e60366688e.
2014-08-08 10:21:17 +01:00
Henry Oswald
7976f2f0fe send 401 when login fails 2014-08-07 16:28:00 +01:00
Henry Oswald
d047d44079 Changed the error messages which are sent down to the client to be translated first
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
2014-08-01 14:03:38 +01:00
James Allen
c1afbc66d9 Don't error if user is not logged in when compiling 2014-05-27 12:33:56 +01:00
Henry Oswald
479b37a48c null check user when getting user id from session 2014-04-02 15:56:54 +01:00
James Allen
8715690ce9 Intial open source comment 2014-02-12 10:23:40 +00:00