512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
5 years ago
c0f699e655
fix: disallow registration attempts with password length > 4096
...
This is a stopgap measure for v1.15.0
5 years ago
dc29f4dca2
refactor: switch to using slugify module
5 years ago
5e5815f051
fix : #8515 , fix login redirect on subfolder
5 years ago
5781a2dc65
feat: fix session mismatch errors by clearing cookie on logout ( #8338 )
...
* feat: fix session mismatch errors by clearing cookie on logout
* feat: remove app.upateHeader
ported from 2.0
* feat: handle if user doesn't click button and just refreshes page
5 years ago
8bf980cb63
fix: tests, handle no sessions
5 years ago
f2f6fbf15a
fix : #8232 , unresolvable session mismatch on register cancel
5 years ago
a5ef6b53b8
fix: admin relogin
5 years ago
111ed802cf
fix: onSuccessfulLogin not working
...
In scenarios where onSuccessfulLogin was not called in the SSO plugin,
core's calling of onSuccessfulLogin was prematurely returning, because
it was checking the wrong value.
This commit fixes the issue by checking a different value.
5 years ago
dec157d606
fix : #8085 , fix cookie name
5 years ago
366ad5cd69
fix : #8050 , fix redirect after registration
6 years ago
cf7e0cfd2d
feat: no more session cookie for guests ( #7982 )
...
* feat: no more session cookie for guests
* fix(tests): added additional tests and fixed the broken test
6 years ago
ddf3812cdc
fix: passwords always expiring upon login
6 years ago
75bcb0f484
fix: remove unused data from post/topic/user hashes
6 years ago
94810fd637
feat: adding filter:login.check and loginFormEntry[] for the filter:login.build hook ( #7861 )
...
* adding filter:login.check and loginFormEntry[] for the filter:login.build hook, related to nodebb-plugin-spam-be-gone/issues/32
* do not exceed 50 lines per function
* [email protected]
6 years ago
b9105ef9c6
refactor: async/await controllers/authentication
6 years ago
22f8011686
refactor: remove async from isPasswordValid, function is sync
6 years ago
29f96b199c
fix(style): requiring parens in block bodies
6 years ago
0921230976
fix(style): updated code to follow new eslint recommendations
...
Squashed commit of the following:
commit f9ce878b269b3568f0d649309aae1af4dcfdfeef
Author: Julian Lam <[email protected] >
Date: Tue Aug 13 14:30:46 2019 -0400
fix(style): updated code to follow new eslint recommendations
commit 80dd370e413f22badb96ff2138e7991dfff6d836
Author: Julian Lam <[email protected] >
Date: Tue Aug 13 14:14:58 2019 -0400
fix(deps): update dependency sitemap to v4
Squashed commit of the following:
commit f4dd9cabb21e26fdc21f8413be822ea7c64251f8
Author: Julian Lam <[email protected] >
Date: Tue Aug 13 11:33:05 2019 -0400
fix: resolved breaking changes from sitemap v4 upgrade
commit 9043415ee16dcc27a8dcc2e4479d1bc5e2d1b60e
Merge: e3352b272 72590b346[email protected] >
Date: Tue Aug 13 11:09:55 2019 -0400
Merge branch 'master' into renovate/sitemap-4.x
commit e3352b272eb9400bdb00774973181397803765e4
Author: Renovate Bot <[email protected] >
Date: Mon Aug 12 07:59:05 2019 +0000
fix(deps): update dependency sitemap to v4
commit 8e3c0cdcae22acc32d352be8bb72d60e7502dbc5
Author: Renovate Bot <[email protected] >
Date: Fri Aug 9 00:49:51 2019 +0000
fix(deps): update dependency commander to v3
commit 2104449d38818f2fa4d44b3a58a0a168781acbfb
Author: Renovate Bot <[email protected] >
Date: Tue Aug 13 15:00:27 2019 +0000
fix(deps): update dependency mongodb to v3.3.0
commit d2937f446a21131c070ae5d0ff33d67cfe465b8c
Author: Barış Soner Uşaklı <[email protected] >
Date: Tue Aug 13 10:36:48 2019 -0400
feat: async/await admin/controllers
commit 1b97e8b199f960dc24e5722702f27499ae049914
Author: Misty (Bot) <[email protected] >
Date: Tue Aug 13 09:28:39 2019 +0000
Latest translations and fallbacks
commit 69a48957a2f0d23c4d194b664bda3a0431179c01
Author: Barış Soner Uşaklı <[email protected] >
Date: Mon Aug 12 21:56:09 2019 -0400
feat: async/await
commit b9b2a7e593a452de4bef6d0ab6abe368a3bdb8dd
Author: Barış Soner Uşaklı <[email protected] >
Date: Mon Aug 12 20:58:29 2019 -0400
feat: async/await refactor
controllers/accounts
commit a8d43a175974a0c8ae3dc132bf51a7ed9a4c6305
Author: Baris Usakli <[email protected] >
Date: Mon Aug 12 14:49:40 2019 -0400
feat: async/await controllers/accounts
commit 2f25aae57bf9dbe98d655276770e56bed9ec023b
Author: Barış Soner Uşaklı <[email protected] >
Date: Sun Aug 11 23:09:50 2019 -0400
fix : #7831 , fix pagination
convert to async/await
commit c9e83f2374572264855a04156278eef256b0a20c
Author: Barış Soner Uşaklı <[email protected] >
Date: Sun Aug 11 00:14:35 2019 -0400
fix: remove empty line
commit 30be91b26c4dd7583412c4e8d56e9c1688e48a44
Author: Barış Soner Uşaklı <[email protected] >
Date: Sun Aug 11 00:13:41 2019 -0400
fix: remove useless catchs and empty line
commit 2e4a71c0b6104738f15ffbfe3246105b922fdfb3
Author: Renovate Bot <[email protected] >
Date: Sat Aug 10 06:51:50 2019 +0000
chore(deps): update dependency eslint-config-airbnb-base to v14
6 years ago
603c526287
fix: bad usage of async requisition
6 years ago
f321b426b1
fix: 7638, returnTo accidentally saved into user hash
6 years ago
ddffc904f4
feat: allow file uploading on registration interstitial
6 years ago
3fbb6faf28
feat: update unban logic/invocation and refactor User.bans module
...
* auto unban when User.getUsersFields is called and the user is banned but has expired
* cleanups and removal of expiry_readable
* expiry_readable make an alias for backward compatibility
* User.bans.func vs User.*ban*Func
* console.log cleanups, plus todo message added
* use code util.deprecate
* fix: remove ununsed winston require
6 years ago
fb58e23914
fix lint
6 years ago
e479fad792
fix : #7517
6 years ago
abe4abb674
feat: add original sessionID to static:user.loggedOut
6 years ago
4db0efe32d
fix : #7476
6 years ago
240f563ab0
fix : #7477
6 years ago
d2cfe6b946
Moved onSuccessfulLogin call from plugins to core, + auth verification hook ( #7416 )
...
* fix : #7412 , calling controllers.onSuccessfulLogin in core
* feat: added plugin hook for auth validation
6 years ago
f972f75202
fix: incorrect returnTo set in registerComplete
6 years ago
7064fd0678
fix : #7235
6 years ago
63061ffd37
feat: new hook filter:user.logout
...
- used for setting "next" for post logout redirection
6 years ago
b0eaa858b5
fix : #7169 Fixed logout being broken
6 years ago
d81e0a5f5b
fix : #7146 Better RTL handling on (de-)authentication
...
- RTL is applied (or unapplied) on login and logout depending on
user language/guest-detected language.
- config is automatically saved into res.locals.config whenever
loadConfig is called
- On login/logout, buildHeader is called instead of getting config
- On logout, req.uid is deleted instead of set to 0
6 years ago
900f0a0b78
fix : #7118 , invoking autoLocale middleware on logout
...
Also:
- firing client-side hook on header update
- updating bootbox locale on header update
6 years ago
62f01a839e
fix: dont save data for non-positive uids
6 years ago
5f3d1c76c8
fix : #7038 , autoLocale logic not playing nicely with no-refresh auths ( #7059 )
...
* fix : #7038 , autoLocale logic not playing nicely with no-refresh auths
- on login, req.query.lang is deleted (since it seems to be left over)
- on logout, the middleware.autoLocale is executed, which resets
req.query.lang
- middleware.autoLocale is new, just refactored existing logic in
webserver.js into new middleware method.
* style: tests, use lodash
* fix: timeago strings not switching languages on login or out
6 years ago
84433f29ab
Do not require a full refresh on login/logout ( #6841 )
...
* no-refresh login as well, plus lots of fixes for missing config on login
* replace config with new set on logout as well
* passing new payload data into new action:app.loggedIn hook, and old action:app.loggedOut hook
* fixed issues with socket.io not properly representing uid on server
* some light refactoring and cleanup
* minor cleanup, fixed spa logout not working after login
* have reconnection handler for socket.io wait 2s to confirm disconnection before reporting -- stops flicker if reconnecting immediately
* Dynamically replace chat and slideout menu on updateHeader()
... instead of just the menu items.
* more efficient calls to Benchpress and translator /cc @pitaj
* fix: chats and notification handlers not working after login
* fix: accidentally calling cb multiple times
7 years ago
157bea6966
fix: username trim on login, closes #6894
7 years ago
66ed48e088
closes #6875
7 years ago
9c022afae1
Parse int ( #6853 )
...
* Store config fields as JSON in the db
Fewer parseInts
* Remove unnecessary parseInts
* remove some dupe code add tests
* remove console.log
* remove more parseInts
* WIP: read meta.configs defaults from defaults.json
remove more parseInts
* more work
* add log for failing test
* update admin pwd
* fix tests, dont require posts/cache before configs are initialized
* handle saves
* Test boolean conditions
* remove more parseInts
* Fix boolean values
* remove lots more parseInts
* removed json parsing
* renamed var to number
* categories dont have timestamp
7 years ago
26d4e0852f
use includes instead of indexOf
...
use _.uniq instead of filter&indexOf
7 years ago
77beaf2e15
Allow local login,closes #6800 ( #6803 )
...
* WIP
* reset groups cache after every suite
7 years ago
3c6c0ed7a1
restoring passwordExpiry for use in continueLogin, fixed tests, hopefully
7 years ago
b6a5419ca1
closes #6674
7 years ago
4f8815eb78
closes #6646
7 years ago
44f8e6d3bb
Revert "closes #6483"
...
This reverts commit 5d198491d5
7 years ago
5d198491d5
closes #6483
7 years ago
99f1a5380e
closes #6483
7 years ago
c9d8fc3f58
one more minor fix to req.flash err
7 years ago
4533a311e1
possible fix to req.flash err crash
7 years ago
7089e5c6a6
Merge remote-tracking branch 'origin/master' into develop
7 years ago
0971625e63
allow global mods to still login locally as well as admins if disabled in ACP
7 years ago
e9ed7f0bb3
closes #6435
7 years ago
ac1f7eefe5
closes #2304
7 years ago
53afa552d0
closes #6162
7 years ago
fd78eb6d57
closes #5533
8 years ago
b7714179f6
removed unused dependency
8 years ago
a7a3f3619b
dont allow login with invalid ip, escape ip display on user/info page
8 years ago
662f92a4a8
supply callback to req.session.destroy
8 years ago
1358a89305
closes #5907
8 years ago
5cc39e8546
Merge remote-tracking branch 'refs/remotes/origin/master' into develop
...
# Conflicts:
# package.json
# src/views/admin/manage/ip-blacklist.tpl
8 years ago
81cf8f77d3
add blacklist test to onSuccessfulLogin as well
8 years ago
c4fbed24f8
Squashed commit of the following:
...
commit 9c86d9b2904e14927cd7e9679b92aec0951d1063
Merge: ebfa63a 5a7f811
Author: Julian Lam <[email protected] >
Date: Thu Jul 20 08:41:39 2017 -0400
Merge branch 'noscript-login' of https://github.com/An-dz/NodeBB into noscript
commit 5a7f81185e8f9bd7d2d011c3d495988be7e437a3
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Mon Jul 17 23:07:14 2017 -0300
Rename clashing variable 'next'
commit ebfa63a984073a58c17aa408c363cdb03ef89985
Merge: c1801cd f159d0d
Author: Julian Lam <[email protected] >
Date: Mon Jul 17 16:30:40 2017 -0400
Merge branch 'noscript-logout' of https://github.com/An-dz/NodeBB into noscript
commit c1801cda14e6363491e30b659902e2ae71f7e1f7
Merge: 7a5f9f3 9fd542d
Author: Julian Lam <[email protected] >
Date: Mon Jul 17 16:30:31 2017 -0400
Merge branch 'noscript-register' of https://github.com/An-dz/NodeBB into noscript
commit 7a5f9f35abc834bb72ddddc9ca07d34f2fde8353
Merge: 44851f9[email protected] >
Date: Mon Jul 17 16:30:10 2017 -0400
Merge branch 'noscript-compose' of https://github.com/An-dz/NodeBB into noscript
commit f159d0d9ef1b7f600e830a96fdb4b9c87c79bb4a
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Thu Jul 6 12:16:38 2017 -0300
Prevent form submit
Required for theme change
commit d37b95cb71d32d4483190609798e244c331db165
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Thu Jul 6 01:49:52 2017 -0300
Prevent link action with scripts
Required for the theme change that changes the buttons to `a` tags.
commit 9fd542d8970b7d1a4126f4edc4b44eab7d708fb0
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 19:57:56 2017 -0300
Fix tests
commit cdad5bf8c2891ad76f7441fd4d8a74b058a14e6d
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 19:09:17 2017 -0300
Update error handling
commit 4ff11cd136a4fb98483f837e2cebc741380dfe76
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 17:29:08 2017 -0300
Remove async waterfall
commit df01d44e821a70c984b89e9585a325c3e02c6e37
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 16:59:43 2017 -0300
Set noscript compose as noscript at start
commit 4bcc380da72239b8315cc849a77a3036e06e4a12
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 16:59:12 2017 -0300
Remove last useless next
commit b5eac6fea11e209934c0648a7e75ad07a2167123
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 18:35:08 2017 -0300
Last function requires no next
commit 20a5cce6e6e32a454c304c448383707ec44c75a8
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 18:06:58 2017 -0300
Remove more useless next calls
commit 85ee22a79bcbbb1995106f43d4c74d6ba9206cab
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 17:46:07 2017 -0300
Remove useless next calls
commit 7d984c47ad24faac1fe537dee4a5a7d697e8634c
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 15:45:31 2017 -0300
Support old themes
commit 4a09dfbd08253115c342a9e829c4e6940cecb8cc
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 15:37:23 2017 -0300
Moved all error handling into helpers function
commit 391aa6e67ef9ab67304005e14ac0633cdb630713
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Thu Jun 8 15:37:37 2017 -0300
ESLint - Fix mixed conditionals
commit 80ccc6fd581d791f31e7ab62de8de611837bfc3c
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 18:08:15 2017 -0300
Compose without scripts
commit 2aca811256721238ca0cede4954213d369009885
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 18:00:44 2017 -0300
Register without scripts
commit 097bb51577fb26f8e22f86dc274cb670ab606a8a
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 16:42:15 2017 -0300
Logout without scripts
commit d497e08109891079656fee1c145043a9c0e55f2e
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 16:27:10 2017 -0300
Login without script
8 years ago
3c2d4fe649
Switch from underscore to lodash
8 years ago
b29745aa44
more auth tests
8 years ago
a8c649cca6
check data.uid
8 years ago
e4714a0c58
more auth tests
8 years ago
9625f89665
remove for loop
8 years ago
1e83d33283
tests for login
8 years ago
e938d75efc
closes #5676
8 years ago
3a1eba2537
merge
8 years ago
41b4ef859f
add ban messaging when logged in
8 years ago
c45c4a5fdb
on login display invalid-login-credentials
8 years ago
fa13e9acc0
closes #5621
8 years ago
d18cfced96
Merge remote-tracking branch 'origin/master' into develop
8 years ago
1ed571189c
Make utils and translator easier to require
...
Move utils.walk to file.walk, backwards compatible
8 years ago
ddea9f534e
running eslint again
8 years ago
72e77772db
Merge branch 'master' into develop
8 years ago
4bb49a7171
ESlint no-unused-vars
8 years ago
09e868ce5f
ESlint no-useless-escape, no-else-return
8 years ago
c4bdb72941
ESlint no-unneeded-ternary
...
and no-extend-native, no-sequences
8 years ago
896c8c7343
ESlint object-curly-spacing
8 years ago
a038c66549
ESlint quotes
8 years ago
2ba46808a1
ESlint one-var, fix comma-dangle
8 years ago
bc1d70c126
ESlint comma-dangle
8 years ago
3fb7f9fce5
closes #5398
8 years ago
6b2dde02b5
closes #5333
8 years ago
cafbdfd83e
fixes #5226
9 years ago
ede7a71db7
Fixes #5186
...
On socket.io connection, all clients join a room pertaining to
their express session id. We use this room to keep track of any
sessions in different browser windows (but the same cookie jar),
so if a login/logout occurs, we can throw a session mismatch
modal.
This room can also be used to emit messages across windows/tabs...
9 years ago
2161f0d473
Allow plugins to affect whether a registration goes into the queue
9 years ago
0590a4f2cf
closes #5156
9 years ago
4a3c31b2dc
Fix space-before-function-paren linter rule
9 years ago
13e624cc86
on login update lastonline
9 years ago
fef9ec7ad6
Fix unhandled callback errors
9 years ago
1d0edee358
showing ban reason on user login, closes #5002
9 years ago
60ea7d5121
fixes #4966
9 years ago
ce9ee62fa0
Handle callback errors
9 years ago
4ce8696bbc
Revert "if interstitials don't pass any errors back but some still exist, redirect properly"
...
This reverts commit 98368bbb6a#4883
9 years ago
40b57d6cbe
add "Admin Approval for IPs", which works like Normal for new users and Admin Approval for sockpuppet accounts ( #4882 )
9 years ago
Julian Lam
Barış Soner Uşaklı
Aziz Khoury
Andrew Rodrigues
Barış Soner Uşaklı
Peter Jaszkowiak
psychobunny
Ben Lubar
HeeL
Mathias Schreck
Ben Lubar