| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
GDPR compliant part 1
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As we use various services and integration we should provide an example
privacy policy.
It has to be adjust when using it to match your setup.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To export the notes we need the archiver package that takes care of
creating the zip files.
Looks like I forgot this one in the initial commit.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the UI for the export feature introduced in
bcbb8c67c9f8092643c318140f6613324f306bd2
It allows to download all notes from the main page in the default user
submenu.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This function is the first step to get out data following GDPR about the
transportability of data.
Details: https://gdpr-info.eu/art-20-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This provides the UI for the delete user feature introduced in
4229084c6211db3d22cd9abec99b957725650b9e
Placing of the user delete button is not perfect, but can be moved to an
own user tab later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
Allow users to delete themselbes. This is require to be GDPR compliant.
See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.
Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.
This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Add korean translation
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This translation was contributed via POEditor by the user Basix.
Thanks a lot for your work!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| |/ /
|/| | |
Fix i18n writing locale files in production
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Add "generic" OAuth2 support
|
| | |
| | |
| | |
| | | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
|\ \ \
| | | |
| | | | |
Split authentication guides into multiple documents
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Splitting the documentation should provide an easier access to the
documentation people searching for and result in less merge conflicts
when adding new documentation here.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Fix callback validation
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
|\ \ \ \
| |/ / /
|/| | | |
Add title attribute in table of contents
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Right now the full title of an element is may not shown as the space of
the ToC is limited. With this path it'll be shower on hover and this way
provide more useful information.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add Azure Blob Storage support
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
fix(slide): adjust checkbox size
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
- to override rules in css/github-extract.css with `!important` already
Signed-off-by: liuderchi <liuderchi@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
403: Redirect user to login page if not logged in
|
| | |/ /
| |/| |
| | | |
| | | | |
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Add release notes for 1.1.1-ce
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Right now we can only run on node versions below 10.x thanks to scrypt
dependencies.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| | | |
| | | | |
Upgrade base64url package
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There was recently a possible security problem with base64url. Shouldn't
really hit us but it doesn't hurt.
Details: https://snyk.io/vuln/npm:base64url:20180511
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Removing google drive integration
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.
As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.
This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| | | |
| | | | |
Revert "Workaround Google API problems"
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Workaround Google API problems
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This temporarily removes the Upload from the UI as it's broken right
now.
Needs a refactoring and can be added in again later on by undoing this
commit.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix typo of "grouptAttribute" in saml auth module
|
|/ / / /
| | | |
| | | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Move letter-avatars into own request
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.
This implementation probably needs some beautification. But already fixes
the bug.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|