Commit graph

101 commits

Author SHA1 Message Date
Shane Kilkelly
cee3326ce3 fix omission of 'length' 2016-11-22 17:06:05 +00:00
Shane Kilkelly
8a4352fff2 Set redirect when redirecting from restricted 2016-11-22 16:54:03 +00:00
Shane Kilkelly
8089bb55a4 use session for the post-login redirect, remove redir query string. 2016-11-22 14:24:36 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Henry Oswald
3141f91b59 Merge pull request #322 from sharelatex/ho-password-limits
Ho password limits
2016-10-05 10:03:54 +01:00
Shane Kilkelly
dd14e51713 Handle null, undefined and false in isUserLoggedIn 2016-09-23 16:53:07 +01:00
Henry Oswald
8a2b7d0461 server side protect passwords which are too long 2016-09-23 16:51:46 +01:00
Henry Oswald
0d0f0e8604 wip 2016-09-23 16:38:46 +01:00
Shane Kilkelly
dbac4bd008 update session when user settings change 2016-09-22 16:58:25 +01:00
Shane Kilkelly
636b1fe9e2 Copy to session.user, for compatibility 2016-09-22 15:49:09 +01:00
Shane Kilkelly
c959e0c65d Set req.user 2016-09-22 13:54:13 +01:00
Shane Kilkelly
dde5b7b830 Regenerate session on login, protect against session-fixation attack. 2016-09-21 13:03:37 +01:00
Shane Kilkelly
bb71433727 Remove getLoggedInUser 2016-09-21 09:27:51 +01:00
Henry Oswald
777cbf1c80 move comment for user is false next to if statment 2016-09-20 14:51:51 +01:00
Shane Kilkelly
2119dcbb58 Finalise login workflow, works with login form again. 2016-09-15 14:36:11 +01:00
Shane Kilkelly
8e0103a1bc wip: fix unit tests for AuthenticationController 2016-09-07 14:05:51 +01:00
Shane Kilkelly
3a5b3a8e8d wip: acceptance tests working 2016-09-06 15:55:34 +01:00
Shane Kilkelly
b0a10c948c wip refactor 2016-09-06 15:22:13 +01:00
Shane Kilkelly
749658a916 WIP: fixing acceptance tests 2016-09-06 13:21:22 +01:00
Shane Kilkelly
ab2c1e82fb WIP: refactor 2016-09-05 15:58:31 +01:00
Shane Kilkelly
e6c7aa25ec barely functional login and logout 2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150 Basic passport integration 2016-09-02 16:17:37 +01:00
Paulo Reis
9bf9df9a4a Track login events. 2016-08-11 14:09:45 +01:00
Shane Kilkelly
0ac9b05d02 Add ip_address and session_created to the session user object. 2016-07-01 15:49:07 +01:00
Shane Kilkelly
f1653d01b7 Refactor method names in UserSessionsManager 2016-07-01 15:33:59 +01:00
Shane Kilkelly
db213c0621 Begin keeping record of user sessions in reds. 2016-06-29 11:35:25 +01:00
Brian Gough
98a0c54004 use parameter for bcrypt rounds, rehash passwords on login if necessary 2016-06-17 12:22:03 +01:00
James Allen
de02928454 Merge branch 'master' into ja_email_tokens 2016-03-17 17:01:26 +00:00
James Allen
b556d57f40 Remove missed console.log debugging lines in AuthenticationController.coffee 2016-03-14 17:11:23 +00:00
James Allen
71ef045728 Implement authorization guards in Authorization{Manager,Controller} 2016-03-14 17:06:57 +00:00
James Allen
3e03164ed4 Remove dead auth_token code 2016-03-10 17:15:14 +00:00
Henry Oswald
940586f654 sped up unit tests to improve speed
also removed some unneeded requires.
2016-03-09 12:51:19 +00:00
Henry Oswald
c8084406d3 user notifications auto created on login for joinging groups 2016-02-17 16:24:09 +00:00
Henry Oswald
690b195f1a move login success to .json as it sends json over 2016-01-25 17:35:57 +00:00
James Allen
1e8ab5357b Improve pre-registered account activation process 2015-12-11 11:30:06 +00:00
Henry Oswald
7fd29b18a8 destroy users session before creating a new one for them after login
session changed to prevent against fixation attacks
2015-07-01 15:29:02 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Henry Oswald
a7640b5bbd changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 11:57:40 +01:00
James Allen
5c30a7de67 Add in option for global login requirement (defaults to on) 2015-04-15 11:14:53 +01:00
James Allen
000f01fbeb Remove unneeded uid module 2015-02-17 11:21:50 +00:00
James Allen
8e13ded360 Regenerate the session id after logging in or registering 2015-02-13 11:18:17 +00:00
Henry Oswald
804bc16bc8 redirect users to /register when coming from templates or share url
redirect to /login when going anywhere else (/project /project/1234)
2014-11-13 17:12:39 +00:00
James Allen
dbd85a05f1 Send user features and features switches to views where needed 2014-10-07 13:31:13 +01:00
Henry Oswald
66ba6e612d Revert "send 401 when login fails"
This reverts commit fb901c6365d37654ba9058f57a71a4e60366688e.
2014-08-08 10:21:17 +01:00
Henry Oswald
7976f2f0fe send 401 when login fails 2014-08-07 16:28:00 +01:00
Henry Oswald
d047d44079 Changed the error messages which are sent down to the client to be translated first
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
2014-08-01 14:03:38 +01:00
James Allen
e4d9d03f55 Improve feedback on login/register forms 2014-07-11 17:08:19 +01:00
James Allen
c1afbc66d9 Don't error if user is not logged in when compiling 2014-05-27 12:33:56 +01:00
Henry Oswald
479b37a48c null check user when getting user id from session 2014-04-02 15:56:54 +01:00
James Allen
8715690ce9 Intial open source comment 2014-02-12 10:23:40 +00:00