wiki-cafe
/
wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
170 Commits 1 Branch 0 Tags 1.3 MiB
Commit Graph

170 Commits

Author SHA1 Message Date
3wc 560ad6788c Tidy up OAuth, allow pulling properties from decoded JWT 2023-11-17 21:22:08 +00:00
3wc 67d0315917 ' → " 2023-11-17 21:20:22 +00:00
3wc 9c8d8c89ca Add oauth2_CallbackPort 2023-11-17 21:20:22 +00:00
Paul Rodwell a38a1be4b7
Update devDepencencies for vulnerability in browserify-sign 2023-10-29 08:46:11 +00:00
Paul Rodwell ec5359de48
0.8.2 2023-10-08 18:35:57 +01:00
Paul Rodwell b3ffdd0890
Merge pull request #39 from Bortseb/patch-2 
Update social.coffee
 2023-10-08 18:26:11 +01:00
Robert Best 7449fdab44
Update social.coffee 
We got syntax wrong. Use isnt instead of !==
 2023-10-08 11:46:45 -04:00
Paul Rodwell 70cebf5ab2
0.8.1 2023-10-03 19:29:16 +01:00
Paul Rodwell 1e443f2934
update package lock 2023-10-03 19:28:49 +01:00
Paul Rodwell 95e2c76b5f
Merge pull request #38 from Bortseb/patch-1 
Thanks to @Bortseb , @3-w-c , @nrn for looking into this problem.
 2023-10-03 19:24:42 +01:00
Robert Best cae4118bc9
Update social.coffee 
don't allow unclaimed sites to be viewed by authors not in allowed_domains.
 2023-10-03 13:37:59 -04:00
Paul Rodwell d43cbe7ff6
0.8.0 2023-08-22 10:12:31 +01:00
Paul Rodwell ebcfe9cc42
Merge pull request #37 from fedwiki/paul90/login2view 
Updating login to view
 2023-08-22 10:09:44 +01:00
Paul Rodwell 5137dd86ac
backing off protecting assets 
- breaks too many things.
 2023-08-21 16:54:55 +01:00
Paul Rodwell 3305674597
reload after login, if login was required. 2023-08-21 12:19:08 +01:00
Paul Rodwell ec05842d31
protect assets and sitemap hints that login is required 2023-08-21 12:17:48 +01:00
Paul Rodwell cec8c04417
0.7.0 2023-05-01 11:29:56 +01:00
Paul Rodwell 88c15c0cef
update Authors 2023-04-27 11:11:49 +01:00
Paul Rodwell 53f8da4d4b
0.7.0-rc.0 2023-04-19 11:24:11 +01:00
Paul Rodwell 8f304374cf
Merge pull request #36 from fedwiki/paul90/jQuery 
update jQuery click handlers
 2023-04-19 11:22:06 +01:00
Paul Rodwell ff69116fbf
Merge branch 'master' into paul90/jQuery 2023-04-19 11:21:49 +01:00
Paul Rodwell 30a339f49a
Merge pull request #35 from fedwiki/paul90/remove-persona 
remove persona
 2023-04-19 11:20:12 +01:00
Paul Rodwell f7da864fdb
Merge pull request #33 from Bortseb/master 
Example of admin parameter in config.json for generic OAuth
 2023-04-19 11:19:51 +01:00
Paul Rodwell b2927e47c9
Better claim log message 2023-04-18 10:37:42 +01:00
Paul Rodwell 7e4e1e940d
remove modernizr 2023-04-18 10:28:00 +01:00
Paul Rodwell a0ef92ec8e
removing old persona code 2023-04-18 09:55:41 +01:00
Paul Rodwell 1d4c5d51df
update jQuery click handlers 2023-04-17 09:45:28 +01:00
Paul Rodwell f6dcb5425e
0.6.2 2023-02-07 14:49:17 +00:00
Paul Rodwell e648bf64a7
Merge pull request #34 from fedwiki/paul90/twitter-update 
use @passport-js/passport-twitter
 2023-02-07 14:47:22 +00:00
Paul Rodwell 32ef602460
use successRedirect 
- the other documented way doesn't redirect.
 2023-02-07 11:56:39 +00:00
Paul Rodwell 40afd20e4f
use @passport-js/passport-twitter 2023-02-07 11:24:58 +00:00
Paul Rodwell f04c99a73d
0.6.1 2022-11-08 12:14:01 +00:00
Paul Rodwell 752ba44f1d
update package lock 2022-11-08 12:13:42 +00:00
Paul Rodwell 6b735ae712
0.6.0 2022-07-26 11:20:45 +01:00
Paul Rodwell b1da9175b4
remove grunt-retire 2022-07-25 18:17:57 +01:00
Paul Rodwell 23a513b38a
Switch to locally maintained passport-twitter to address security issue 2022-07-19 11:39:58 +01:00
Paul Rodwell 351d52c1f8
update devDependencies 2022-07-14 14:09:17 +01:00
Robert Best f914667efe Example of admin parameter 
Expands on config example to show how to specify admin ID
 2022-06-10 10:58:52 -04:00
Paul Rodwell 5f9ceaaef0
0.5.0 2021-11-11 10:21:32 +00:00
Paul Rodwell 8abeb3633d
update package lock 2021-11-11 10:18:56 +00:00
Paul Rodwell 831fe4b836
move to using passport-github2 
this is rather than using our own fork of passport-github, and will resolve fedwiki/wiki#136
 2021-11-11 10:14:23 +00:00
Paul Rodwell 89adbb5dc0
Update Authors 2021-11-04 10:19:53 +00:00
Paul Rodwell 647f0cb1b0
Merge #32 'Add generic OAuth support' 2021-11-04 10:15:29 +00:00
Paul Rodwell 88b0e2b825
callbackURL has fix location, rather than being a parameter. 2021-11-04 10:12:59 +00:00
Paul Rodwell 7eba6ba411
replacing eval() with function using property accessors 2021-11-02 18:56:21 +00:00
3wc 001def2fea Custom callback and user profile URLs for OAuth2 
For parsing `oauth2_UsernameField` values like
`profile.preferred_username`, this makes use of `eval()` which is
generally Evil™, but I'm assuming that anyone with permission to edit
config.json likely has permission to make changes to the fedwiki source
code already anyway, so it's fragile rather than increasing a security
attack surface. An alternative would be using  a small function to look
up properties of the `params` / `profile` objects using the same
dotted-path notation.
 2021-10-23 16:56:08 +02:00
3wc f4f44afa35 Add passport-oauth2 to package.json 2021-10-22 00:29:07 +02:00
3wc 5f2164cb12 Add generic OAuth support 2021-10-18 21:13:18 +02:00
Paul Rodwell a369822b0f
Update package-lock 2021-05-18 15:37:16 +01:00
Paul Rodwell 41549779bd
0.4.9 2021-02-16 19:18:51 +00:00