Henry Oswald
|
7fd29b18a8
|
destroy users session before creating a new one for them after login
session changed to prevent against fixation attacks
|
2015-07-01 15:29:02 +01:00 |
|
Henry Oswald
|
a7640b5bbd
|
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist
|
2015-04-30 11:57:40 +01:00 |
|
James Allen
|
5c30a7de67
|
Add in option for global login requirement (defaults to on)
|
2015-04-15 11:14:53 +01:00 |
|
James Allen
|
8e13ded360
|
Regenerate the session id after logging in or registering
|
2015-02-13 11:18:17 +00:00 |
|
Henry Oswald
|
804bc16bc8
|
redirect users to /register when coming from templates or share url
redirect to /login when going anywhere else (/project /project/1234)
|
2014-11-13 17:12:39 +00:00 |
|
Henry Oswald
|
66ba6e612d
|
Revert "send 401 when login fails"
This reverts commit fb901c6365d37654ba9058f57a71a4e60366688e.
|
2014-08-08 10:21:17 +01:00 |
|
Henry Oswald
|
7976f2f0fe
|
send 401 when login fails
|
2014-08-07 16:28:00 +01:00 |
|
Henry Oswald
|
d047d44079
|
Changed the error messages which are sent down to the client to be translated first
fixed up tests from titles we check when rendering, deleted them as they never
catch anything important, more hastle than they are worth imo.
|
2014-08-01 14:03:38 +01:00 |
|
James Allen
|
c1afbc66d9
|
Don't error if user is not logged in when compiling
|
2014-05-27 12:33:56 +01:00 |
|
Henry Oswald
|
479b37a48c
|
null check user when getting user id from session
|
2014-04-02 15:56:54 +01:00 |
|
James Allen
|
8715690ce9
|
Intial open source comment
|
2014-02-12 10:23:40 +00:00 |
|