summaryrefslogtreecommitdiff
path: root/lib/web/auth (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Generic OAuth2: Set state: trueDexter Chua2020-10-221-1/+2
| | | | | | | | | | The OAuth2 specification RECOMMENDS setting the state to protect against CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to authenticate without the state set. This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f. Signed-off-by: haslersn <sebastian.hasler@gmx.net>
* saml: make logger print actual error messageSimeon Keske2020-07-111-2/+2
| | | | | Signed-off-by: Simeon Keske <git@n0emis.eu> Signed-off-by: Leo Maroni <git@em0lar.de>
* add error handling to saml-certsSimeon Keske2020-07-111-2/+15
| | | | | Signed-off-by: Simeon Keske <git@n0emis.eu> Signed-off-by: Leo Maroni <git@em0lar.de>
* allow to set a saml client certificateSimeon Keske2020-07-111-0/+1
| | | | Signed-off-by: Simeon Keske <git@n0emis.eu>
* Backport of #278 for 1.6.1Victor Berger2020-06-201-1/+2
| | | | | | | This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org>
* Add Google oauth variable: hostedDomainike2020-02-081-1/+1
| | | | | | | | Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com>
* Removing returnTo setting from referer in all other authentication sourcesRalph Krimmel2019-11-2812-28/+8
| | | | Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Moving the storage of referrer information to main authorization check ↵Ralph Krimmel2019-11-281-5/+3
| | | | | | instead of doing it in the authentication source Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Fixing linting problemsRalph Krimmel2019-11-271-4/+3
| | | | Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Fixing redirection after SAML loginfoobarable2019-11-271-2/+5
| | | | | | Saving referer into session in SAML auth so passport can redirect correctly after SAML login. Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Move note actions to their own file.David Mehren2019-10-272-8/+8
| | | | | | Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com>
* Rework debug loggingSheogorath2019-06-084-9/+8
| | | | | | | | | | | | | | We have various places with overly simple if statements that could be handled by our logging library. Also a lot of those logs are not marked as debug logs but as info logs, which can cause confusion during debugging. This patch removed unneeded if clauses around debug logging statements, reworks debug log messages towards ECMA templates and add some new logging statements which might be helpful in order to debug things like image uploads. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix eslint warningsSheogorath2019-05-3112-23/+23
| | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* asyncified setting and verifying the passwordClaudius2019-05-131-2/+8
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-061-1/+2
| | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* Add required change for Google+ API deprecationSheogorath2019-03-091-1/+2
| | | | | | | | | | | Since Google+ is shutting down soon, we need to get the profile data from another URL. Since the library already supports it, all we need to do is adding a single line of code. Details: https://github.com/hackmdio/codimd/issues/1160 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix typoCloudYu2018-11-272-4/+4
| | | | Signed-off-by: CloudYu <cloudyu322@gmail.com>
* InternalOAuthError is not part of passport, but of passport-oauth2Claudius Coenen2018-11-141-4/+4
| | | | | | | This fixes part of #1056: an error while obtaining the profile would have `502`-crashed the server. Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* Add OpenID to CodiMDSheogorath2018-10-052-0/+62
| | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update passport-ldapSheogorath2018-06-301-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-042-0/+107
|\ | | | | Add "generic" OAuth2 support
| * Add support for generic OAuth2 providersPedro Ferreira2018-03-262-0/+107
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Fix typo of "grouptAttribute" in saml auth moduleMax Wu2018-04-271-2/+2
|/ | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-2511-35/+35
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add check for undefined UUIDSheogorath2018-03-181-1/+8
| | | | | | | | | | | | This check is needed at there are tons of LDAP implementations out there and none has at least one guaranteed unique field. As we currently check three fields and added an option to select one yourself, it's still not said that any of these fields is set. This will now create an error and fail the authentication instead of letting people may get access to other people's notes which are stored under a this way deterministic wrong userid named `LDAP-undefined`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Multiple emails from LDAP are already an ArrayFelix Schäfer2018-03-091-1/+1
| | | | Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Introduce ldap.useridFieldDustin Frisch2018-03-011-1/+4
| | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add setting `ldap.usernameField`Lukas Kalbertodt2017-12-091-1/+7
| | | | | | | | This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead.
* added guide for SAML settingsNorihito Nakae2017-12-041-1/+0
|
* fixed the SAML callback URL to unconfigurable.Norihito Nakae2017-11-291-1/+1
|
* Initial support for SAML authenticationNorihito Nakae2017-11-282-0/+97
|
* Add mattermost authenticationChristoph Witzany2017-10-312-0/+50
|
* Merge pull request #562 from SISheogorath/fix/LDAPSheogorath2017-10-271-2/+3
|\ | | | | Fix LDAP problem about missing uidNumber
| * Fix LDAP problem about missing uidNumberSheogorath2017-10-121-2/+3
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Give google the correct name.Kaiyu Shi2017-09-041-3/+3
|/
* fix: export to gist occurred 404 not foundMax Wu2017-05-171-0/+4
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-8/+8
| | | | | * Separate different config source to each files * Freeze config object
* refactor(auth.js): Remove base pathBoHong Li2017-05-081-8/+8
|
* refactor(app.js): Move passport serialize and deserialize to auth moduleBoHong Li2017-05-081-0/+22
|
* refactor(app.js, auth.js): Extract all auth method to individual modulesBoHong Li2017-05-0810-0/+405