64 Commits

Author SHA1 Message Date
3wc
662465ff4f Fix indent 2024-10-30 22:39:20 -04:00
3wc
ab8bf124a1 Attempt to fix undefined "user" 2024-10-30 22:29:11 -04:00
3wc
f9538b8a96 Reinstate fork changes 2024-10-30 22:22:57 -04:00
3wc
a10c577037 Revert "Add oauth2_CallbackPort"
This reverts commit 6d6a7ee327.
2024-10-30 22:21:22 -04:00
3wc
c7322416c6 Revert "Tidy up OAuth, allow pulling properties from decoded JWT"
This reverts commit b28d90fcc3.
2024-10-30 22:21:20 -04:00
3wc
cb9e0ceed3 Revert "add new logic for restricted wikis"
This reverts commit 5d7c53d1a2.
2024-10-30 22:21:19 -04:00
5d7c53d1a2 add new logic for restricted wikis 2024-10-30 22:01:49 -04:00
3wc
b28d90fcc3 Tidy up OAuth, allow pulling properties from decoded JWT 2024-10-30 22:01:49 -04:00
3wc
8cecd049ff ' → " 2024-10-30 22:01:49 -04:00
3wc
6d6a7ee327 Add oauth2_CallbackPort 2024-10-30 22:01:49 -04:00
d4014acf4f remove user global 2023-11-23 10:41:46 +00:00
7449fdab44 Update social.coffee
We got syntax wrong. Use isnt instead of !==
2023-10-08 11:46:45 -04:00
cae4118bc9 Update social.coffee
don't allow unclaimed sites to be viewed by authors not in allowed_domains.
2023-10-03 13:37:59 -04:00
5137dd86ac backing off protecting assets
- breaks too many things.
2023-08-21 16:54:55 +01:00
ec05842d31 protect assets and sitemap hints that login is required 2023-08-21 12:17:48 +01:00
b2927e47c9 Better claim log message 2023-04-18 10:37:42 +01:00
7e4e1e940d remove modernizr 2023-04-18 10:28:00 +01:00
a0ef92ec8e removing old persona code 2023-04-18 09:55:41 +01:00
32ef602460 use successRedirect
- the other documented way doesn't redirect.
2023-02-07 11:56:39 +00:00
40afd20e4f use @passport-js/passport-twitter 2023-02-07 11:24:58 +00:00
831fe4b836 move to using passport-github2
this is rather than using our own fork of passport-github, and will resolve fedwiki/wiki#136
2021-11-11 10:14:23 +00:00
88b0e2b825 callbackURL has fix location, rather than being a parameter. 2021-11-04 10:12:59 +00:00
7eba6ba411 replacing eval() with function using property accessors 2021-11-02 18:56:21 +00:00
3wc
001def2fea Custom callback and user profile URLs for OAuth2
For parsing `oauth2_UsernameField` values like
`profile.preferred_username`, this makes use of `eval()` which is
generally Evil™, but I'm assuming that anyone with permission to edit
config.json likely has permission to make changes to the fedwiki source
code already anyway, so it's fragile rather than increasing a security
attack surface. An alternative would be using  a small function to look
up properties of the `params` / `profile` objects using the same
dotted-path notation.
2021-10-23 16:56:08 +02:00
3wc
5f2164cb12 Add generic OAuth support 2021-10-18 21:13:18 +02:00
bc402acf55 add diagnostic route to aid debugging login issues (#26)
* add diagnostic route to aid debugging login issues
* don't require the user to be the wiki owner
2020-02-14 19:54:22 +00:00
63960dba88 replace the now defunct google plus profile scope 2020-02-05 15:00:33 +00:00
bf15166ce4 make the window taller when google is selected 2018-12-18 20:30:14 +00:00
cc410eb8c5 Merge pull request #19 from fedwiki/paul90/not-owner
initial look at indicating if user is not the owner
2018-09-23 10:41:06 -07:00
ed5061e9e5 add isOwner to the client settings so we can check if the user is the owner 2018-09-23 18:37:43 +01:00
081743b48f handle forwarding of sessions 2018-09-16 12:08:17 -07:00
d84a282bb3 initial look at indicating if user is not the owner
this does not fully work as the server does not update `isOwner` in the client when the user authenticates.
2018-09-16 09:01:38 +01:00
949bb85ab0 allowed from config, redirect html req 2018-09-09 14:14:54 -07:00
0119bee105 improved list of particpating emails 2018-09-08 16:56:30 -07:00
a39e571189 improve login required messaaging 2018-09-08 15:30:28 -07:00
9082910cfe handle sitemap and first cut at email logic 2018-09-08 14:18:54 -07:00
280dabddeb restrict json access to owner 2018-08-26 21:15:49 -07:00
02fa8002d4 add indication of where code restricted access is needed 2018-08-13 07:56:22 +01:00
1153f3cc17 use cookie rather than relying on referred being set 2017-11-12 12:23:31 +00:00
b4cae40854 add link to google documentation 2017-05-11 19:58:32 +01:00
bfa9a5ee58 add select account prompt 2017-05-11 19:45:40 +01:00
30b5f99d6f make sure user is set
also set to an empty map first to ensure we get what we expect
2016-11-25 18:00:13 +00:00
ebf725807f a fix for issue 6
main problem appears to be the list of supported auths `ids` was mistakenly being used when building the owner file

also a fix for login button still using Persona after an alternative has been added
2016-11-21 12:36:43 +00:00
425b966756 correct check for user logged in 2016-09-05 10:21:46 +01:00
1cfb62cd56 fix for user not getting set with google login 2016-09-03 07:12:20 +01:00
04d56d7303 finishing adding alt identity 2016-08-29 15:44:58 +01:00
507f272d02 remove conditional route declaration 2016-08-23 12:20:57 +01:00
1391704d11 solving multi-tenancy conflicts
Give passortjs strategies local name, so we don't get name clashes...
2016-08-23 11:45:51 +01:00
13ae1b6c4f start of adding alt identity 2016-08-23 10:17:24 +01:00
623c28428a improve isAdmin, and how admin is defined
admin configuration uses a map with id provide as key and the user identifier as the value (email address for legacy persona).
2016-08-09 14:00:55 +01:00