| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Currently a problem appears when using OpenID for authentication as
there is no method to add a profile picture right now.
This patch makes sure that all undefined login methods get a profile
picture.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
|
|
| |
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
|
|
| |
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.
A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.
https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
| |
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Previously calling `app.js` from another directory than
the base directory of CodiMD would result in an error being
thrown because `lib/workers/dmpWorker.js` could not be found.
This change makes the function call independent of the path CodiMD
is started from.
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
|
|
|
|
|
|
|
| |
This does some more in depth check on the error message and minimizes
the log noise that is caused by LZString.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
| |
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.
This commit also simplifies and optimizes the avatar code.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
GDPR compliant part 1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/| |
Add "generic" OAuth2 support
|
| |
| |
| |
| | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
|\ \
| | |
| | | |
Move letter-avatars into own request
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.
This implementation probably needs some beautification. But already fixes
the bug.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
|
| |
As we know the length of an UUID we can check if the base64 string
of the provided UUID is long enough for a legacy base64 encoded nodeId
and stop processing it in legacy mode, if it's not the case.
This should make the ugly warning way less common.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
|
|
| |
that LZString note url could be parsed by base64url note url and thus return wrong note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
| |
* Fix field type to prevent data truncation of authorship
|
|
|
|
| |
Fixes #420
|
|\
| |
| | |
converting all content fields to MEDIUMTEXT (affects MySQL only)
|
| |
| |
| |
| | |
truncation of data.
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* Separate different config source to each files
* Freeze config object
|
| |
|
| |
|
| |
|
|
|
|
| |
add ‘use strict’ in all backend file
|
|
|
|
|
| |
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
WIP: Add options to limit anonymous view note
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Support for LDAP server authentication
|
| | |
|
| |
| |
| |
| | |
invalid object
|