summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-1713-30/+216
|\ | | | | GDPR compliant part 1
| * Add privacy policy exampleSheogorath2018-05-311-0/+17
| | | | | | | | | | | | | | | | | | As we use various services and integration we should provide an example privacy policy. It has to be adjust when using it to match your setup. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix missing dependencySheogorath2018-05-271-0/+1
| | | | | | | | | | | | | | | | | | To export the notes we need the archiver package that takes care of creating the zip files. Looks like I forgot this one in the initial commit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add export data UISheogorath2018-05-262-1/+3
| | | | | | | | | | | | | | | | | | | | This adds the UI for the export feature introduced in bcbb8c67c9f8092643c318140f6613324f306bd2 It allows to download all notes from the main page in the default user submenu. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add note export functionSheogorath2018-05-261-0/+56
| | | | | | | | | | | | | | | | This function is the first step to get out data following GDPR about the transportability of data. Details: https://gdpr-info.eu/art-20-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add token based security featureSheogorath2018-05-255-13/+53
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete user UISheogorath2018-05-253-16/+44
| | | | | | | | | | | | | | | | | | | | This provides the UI for the delete user feature introduced in 4229084c6211db3d22cd9abec99b957725650b9e Placing of the user delete button is not perfect, but can be moved to an own user tab later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix requests for deleted usersSheogorath2018-05-252-5/+10
| | | | | | | | | | | | | | When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete function for authenticated usersSheogorath2018-05-251-0/+24
| | | | | | | | | | | | | | Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use cascaded deletesSheogorath2018-05-253-4/+12
| | | | | | | | | | | | | | When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use hard delete instead of soft deleteSheogorath2018-05-251-1/+1
| | | | | | | | | | | | | | Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add privacy and ToS linksSheogorath2018-05-243-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #837 from SISheogorath/translate/koreanChristoph (Sheogorath) Kern2018-06-073-1/+111
|\ \ | | | | | | Add korean translation
| * | Add korean translationSheogorath2018-06-073-1/+111
| | | | | | | | | | | | | | | | | | | | | | | | This translation was contributed via POEditor by the user Basix. Thanks a lot for your work! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #836 from SISheogorath/fix/i18n-filesChristoph (Sheogorath) Kern2018-06-072-1/+5
|\ \ \ | |/ / |/| | Fix i18n writing locale files in production
| * | Fix i18n writing locale files in productionSheogorath2018-06-052-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update yarn.lockSheogorath2018-06-051-2/+194
|/ / | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-0410-6/+163
|\ \ | | | | | | Add "generic" OAuth2 support
| * | Use TEXT instead of STRING for tokensPedro Ferreira2018-03-262-2/+25
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
| * | Add support for generic OAuth2 providersPedro Ferreira2018-03-268-4/+138
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | Merge pull request #783 from SISheogorath/docs/splitAuthChristoph (Sheogorath) Kern2018-06-016-241/+243
|\ \ \ | | | | | | | | Split authentication guides into multiple documents
| * | | Split authentication guides into multiple documentsSheogorath2018-06-016-241/+243
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Splitting the documentation should provide an easier access to the documentation people searching for and result in less merge conflicts when adding new documentation here. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #833 from ahoka/callbackChristoph (Sheogorath) Kern2018-06-014-4/+7
|\ \ \ \ | |/ / / |/| | | Fix callback validation
| * | | Fix callback validationAdam Hoka2018-06-014-4/+7
| | | | | | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | | Merge pull request #782 from SISheogorath/feature/showFullTitleChristoph (Sheogorath) Kern2018-06-011-1/+2
|\ \ \ \ | |/ / / |/| | | Add title attribute in table of contents
| * | | Add title attribute in table of contentsSheogorath2018-03-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now the full title of an element is may not shown as the space of the ToC is limited. With this path it'll be shower on hover and this way provide more useful information. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #675 from ahoka/masterChristoph (Sheogorath) Kern2018-06-018-6/+60
|\ \ \ \ | | | | | | | | | | Add Azure Blob Storage support
| * | | | Add Azure Blob Storage supportÁdám Hóka2018-06-018-6/+60
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | | | Merge pull request #832 from liuderchi/fix/checkbox-style-slide-modeChristoph (Sheogorath) Kern2018-05-311-1/+2
|\ \ \ \ \ | |/ / / / |/| | | | fix(slide): adjust checkbox size
| * | | | fix(slide): adjust checkbox sizeliuderchi2018-05-311-1/+2
|/ / / / | | | | | | | | | | | | | | | | | | | | - to override rules in css/github-extract.css with `!important` already Signed-off-by: liuderchi <liuderchi@gmail.com>
* | | | Merge pull request #785 from pferreir/redirect-to-loginChristoph (Sheogorath) Kern2018-05-311-1/+7
|\ \ \ \ | | | | | | | | | | 403: Redirect user to login page if not logged in
| * | | | 403: redirect user to login page if not logged inPedro Ferreira2018-03-271-1/+7
| | |/ / | |/| | | | | | | | | | Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | | Release 1.1.1-ceSheogorath2018-05-231-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #828 from SISheogorath/feature/release-notes-1.1.1-ceChristoph (Sheogorath) Kern2018-05-231-0/+21
|\ \ \ \ | |_|_|/ |/| | | Add release notes for 1.1.1-ce
| * | | Add release notes for 1.1.1-ceSheogorath2018-05-221-0/+21
|/ / / | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update yarn.lockSheogorath2018-05-211-3/+3
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Add current requirements for node versionsSheogorath2018-05-211-1/+1
| | | | | | | | | | | | | | | | | | | | | Right now we can only run on node versions below 10.x thanks to scrypt dependencies. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #826 from SISheogorath/upgrade/base64urlChristoph (Sheogorath) Kern2018-05-171-1/+1
|\ \ \ | | | | | | | | Upgrade base64url package
| * | | Upgrade base64url packageSheogorath2018-05-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was recently a possible security problem with base64url. Shouldn't really hit us but it doesn't hurt. Details: https://snyk.io/vuln/npm:base64url:20180511 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #825 from SISheogorath/remove/GoogleDriveChristoph (Sheogorath) Kern2018-05-1611-516/+3
|\ \ \ \ | |/ / / |/| | | Removing google drive integration
| * | | Removing google drive integrationSheogorath2018-05-1611-516/+3
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's sad but it's not working. For multiple releases this should be already broken which shows how often it's used. As there is also a security issue related to that, it's better to remove the feature completely. Whoever wants to rewrite it, feel free to go. This commit removes the Google Drive integration from HackMD's Frontend editor and this way removes the need to provide any API key and Client ID in the frontend. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #824 from hackmdio/revert-813-fix/googleAPIChristoph (Sheogorath) Kern2018-05-164-4/+10
|\ \ \ | | | | | | | | Revert "Workaround Google API problems"
| * | | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-164-4/+10
|/ / /
* | | Merge pull request #813 from SISheogorath/fix/googleAPIChristoph (Sheogorath) Kern2018-05-104-10/+4
|\ \ \ | | | | | | | | Workaround Google API problems
| * | | Remove Google Upload from UISheogorath2018-05-011-9/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This temporarily removes the Upload from the UI as it's broken right now. Needs a refactoring and can be added in again later on by undoing this commit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | | Use API key instead of clientSecretSheogorath2018-04-133-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #811 from hackmdio/fix-saml-typoChristoph (Sheogorath) Kern2018-04-281-2/+2
|\ \ \ \ | | | | | | | | | | Fix typo of "grouptAttribute" in saml auth module
| * | | | Fix typo of "grouptAttribute" in saml auth moduleMax Wu2018-04-271-2/+2
|/ / / / | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | | | Merge pull request #803 from SISheogorath/fix/letterAvatarCSPChristoph (Sheogorath) Kern2018-04-173-11/+23
|\ \ \ \ | | | | | | | | | | Move letter-avatars into own request
| * | | | Move letter-avatars into own requestSheogorath2018-04-173-11/+23
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>