From 02e99277146d8bd912f2f19af1d3e94a6181d90d Mon Sep 17 00:00:00 2001 From: alecdwm Date: Tue, 13 Dec 2016 22:31:35 +0100 Subject: Initial support for LDAP server authentication Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale --- lib/response.js | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index aae39851..f0f49181 100755 --- a/lib/response.js +++ b/lib/response.js @@ -66,6 +66,7 @@ function showIndex(req, res, next) { gitlab: config.gitlab, dropbox: config.dropbox, google: config.google, + ldap: config.ldap, email: config.email, signin: req.isAuthenticated(), infoMessage: req.flash('info'), @@ -98,6 +99,7 @@ function responseHackMD(res, note) { gitlab: config.gitlab, dropbox: config.dropbox, google: config.google, + ldap: config.ldap, email: config.email }); } -- cgit v1.2.3 From aaf1ff4b2f5ae7ae3a5e4e4a202422484503f559 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 22:36:40 +0800 Subject: Add limit for constrain anonymous view note --- lib/response.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..69854815 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,7 +117,7 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private') { + if (note.permission == 'private' || !config.allowanonymousView) { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 1fbecbb03d8e94d310885da7d26e1654c548c364 Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Thu, 5 Jan 2017 23:37:10 +0800 Subject: Fix anonymouse view permission check --- lib/response.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index 69854815..e8430d60 100755 --- a/lib/response.js +++ b/lib/response.js @@ -117,12 +117,15 @@ function newNote(req, res, next) { } function checkViewPermission(req, note) { - if (note.permission == 'private' || !config.allowanonymousView) { + if (note.permission == 'private') { if (!req.isAuthenticated() || note.ownerId != req.user.id) return false; else return true; } else { + if(!config.allowanonymousView && !req.isAuthenticated()) { + return false; + } return true; } } -- cgit v1.2.3 From f8e5b547670e3eeb75af3249bb9ad1ee2f44e58f Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 09:32:44 +0800 Subject: Remove temporary change --- lib/response.js | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index e8430d60..910db863 100755 --- a/lib/response.js +++ b/lib/response.js @@ -123,9 +123,6 @@ function checkViewPermission(req, note) { else return true; } else { - if(!config.allowanonymousView && !req.isAuthenticated()) { - return false; - } return true; } } -- cgit v1.2.3 From c21fb8e2a0030095fd8dbfd13f6ba84e933b0e2e Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 09:35:21 +0800 Subject: Recovery tariling spaces --- lib/response.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index 910db863..a0dc8b1f 100755 --- a/lib/response.js +++ b/lib/response.js @@ -161,7 +161,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +413,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 89b8ddeabae81fd3a8891ce9d8191fbc9e27c83c Mon Sep 17 00:00:00 2001 From: 蒼時弦也 Date: Tue, 10 Jan 2017 10:02:37 +0800 Subject: Add limited and protected permission --- lib/response.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..4438be24 100755 --- a/lib/response.js +++ b/lib/response.js @@ -122,6 +122,11 @@ function checkViewPermission(req, note) { return false; else return true; + } else if (note.permission == 'limited' || note.permission == 'protected') { + if( !req.isAuthenticated() ) { + return false; + } + return true; } else { return true; } @@ -161,7 +166,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +418,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); -- cgit v1.2.3 From 747629e549fb5c32e1acf18e24bfc6a7e1cd5b0c Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Thu, 12 Jan 2017 04:25:58 +0100 Subject: Add `allowemailregister` option --- lib/response.js | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/response.js') diff --git a/lib/response.js b/lib/response.js index 6c1db967..9014a0a0 100755 --- a/lib/response.js +++ b/lib/response.js @@ -68,6 +68,7 @@ function showIndex(req, res, next) { google: config.google, ldap: config.ldap, email: config.email, + allowemailregister: config.allowemailregister, signin: req.isAuthenticated(), infoMessage: req.flash('info'), errorMessage: req.flash('error') -- cgit v1.2.3