3wc
560ad6788c
Tidy up OAuth, allow pulling properties from decoded JWT
2023-11-17 21:22:08 +00:00
3wc
67d0315917
' → "
2023-11-17 21:20:22 +00:00
3wc
9c8d8c89ca
Add oauth2_CallbackPort
2023-11-17 21:20:22 +00:00
Robert Best
7449fdab44
Update social.coffee
...
We got syntax wrong. Use isnt instead of !==
2023-10-08 11:46:45 -04:00
Robert Best
cae4118bc9
Update social.coffee
...
don't allow unclaimed sites to be viewed by authors not in allowed_domains.
2023-10-03 13:37:59 -04:00
Paul Rodwell
5137dd86ac
backing off protecting assets
...
- breaks too many things.
2023-08-21 16:54:55 +01:00
Paul Rodwell
ec05842d31
protect assets and sitemap hints that login is required
2023-08-21 12:17:48 +01:00
Paul Rodwell
b2927e47c9
Better claim log message
2023-04-18 10:37:42 +01:00
Paul Rodwell
7e4e1e940d
remove modernizr
2023-04-18 10:28:00 +01:00
Paul Rodwell
a0ef92ec8e
removing old persona code
2023-04-18 09:55:41 +01:00
Paul Rodwell
32ef602460
use successRedirect
...
- the other documented way doesn't redirect.
2023-02-07 11:56:39 +00:00
Paul Rodwell
40afd20e4f
use @passport-js/passport-twitter
2023-02-07 11:24:58 +00:00
Paul Rodwell
831fe4b836
move to using passport-github2
...
this is rather than using our own fork of passport-github, and will resolve fedwiki/wiki#136
2021-11-11 10:14:23 +00:00
Paul Rodwell
88b0e2b825
callbackURL has fix location, rather than being a parameter.
2021-11-04 10:12:59 +00:00
Paul Rodwell
7eba6ba411
replacing eval() with function using property accessors
2021-11-02 18:56:21 +00:00
3wc
001def2fea
Custom callback and user profile URLs for OAuth2
...
For parsing `oauth2_UsernameField` values like
`profile.preferred_username`, this makes use of `eval()` which is
generally Evil™, but I'm assuming that anyone with permission to edit
config.json likely has permission to make changes to the fedwiki source
code already anyway, so it's fragile rather than increasing a security
attack surface. An alternative would be using a small function to look
up properties of the `params` / `profile` objects using the same
dotted-path notation.
2021-10-23 16:56:08 +02:00
3wc
5f2164cb12
Add generic OAuth support
2021-10-18 21:13:18 +02:00
Paul Rodwell
bc402acf55
add diagnostic route to aid debugging login issues ( #26 )
...
* add diagnostic route to aid debugging login issues
* don't require the user to be the wiki owner
2020-02-14 19:54:22 +00:00
Paul Rodwell
63960dba88
replace the now defunct google plus profile scope
2020-02-05 15:00:33 +00:00
Paul Rodwell
bf15166ce4
make the window taller when google is selected
2018-12-18 20:30:14 +00:00
Ward Cunningham
cc410eb8c5
Merge pull request #19 from fedwiki/paul90/not-owner
...
initial look at indicating if user is not the owner
2018-09-23 10:41:06 -07:00
Paul Rodwell
ed5061e9e5
add isOwner to the client settings so we can check if the user is the owner
2018-09-23 18:37:43 +01:00
Ward Cunningham
081743b48f
handle forwarding of sessions
2018-09-16 12:08:17 -07:00
Paul Rodwell
d84a282bb3
initial look at indicating if user is not the owner
...
this does not fully work as the server does not update `isOwner` in the client when the user authenticates.
2018-09-16 09:01:38 +01:00
Ward Cunningham
949bb85ab0
allowed from config, redirect html req
2018-09-09 14:14:54 -07:00
Ward Cunningham
0119bee105
improved list of particpating emails
2018-09-08 16:56:30 -07:00
Ward Cunningham
a39e571189
improve login required messaaging
2018-09-08 15:30:28 -07:00
Ward Cunningham
9082910cfe
handle sitemap and first cut at email logic
2018-09-08 14:18:54 -07:00
Ward Cunningham
280dabddeb
restrict json access to owner
2018-08-26 21:15:49 -07:00
Paul Rodwell
02fa8002d4
add indication of where code restricted access is needed
2018-08-13 07:56:22 +01:00
Paul Rodwell
1153f3cc17
use cookie rather than relying on referred being set
2017-11-12 12:23:31 +00:00
Paul Rodwell
b4cae40854
add link to google documentation
2017-05-11 19:58:32 +01:00
Paul Rodwell
bfa9a5ee58
add select account prompt
2017-05-11 19:45:40 +01:00
Paul Rodwell
30b5f99d6f
make sure user is set
...
also set to an empty map first to ensure we get what we expect
2016-11-25 18:00:13 +00:00
Paul Rodwell
ebf725807f
a fix for issue 6
...
main problem appears to be the list of supported auths `ids` was mistakenly being used when building the owner file
also a fix for login button still using Persona after an alternative has been added
2016-11-21 12:36:43 +00:00
Paul Rodwell
425b966756
correct check for user logged in
2016-09-05 10:21:46 +01:00
Paul Rodwell
1cfb62cd56
fix for user not getting set with google login
2016-09-03 07:12:20 +01:00
Paul Rodwell
04d56d7303
finishing adding alt identity
2016-08-29 15:44:58 +01:00
Paul Rodwell
507f272d02
remove conditional route declaration
2016-08-23 12:20:57 +01:00
Paul Rodwell
1391704d11
solving multi-tenancy conflicts
...
Give passortjs strategies local name, so we don't get name clashes...
2016-08-23 11:45:51 +01:00
Paul Rodwell
13ae1b6c4f
start of adding alt identity
2016-08-23 10:17:24 +01:00
Paul Rodwell
623c28428a
improve isAdmin, and how admin is defined
...
admin configuration uses a map with id provide as key and the user identifier as the value (email address for legacy persona).
2016-08-09 14:00:55 +01:00
Paul Rodwell
127f9838d1
protect against url being undefined
2016-08-09 11:18:57 +01:00
Paul Rodwell
59c25de098
tidy up done dialog
2016-07-26 12:44:04 +01:00
Paul Rodwell
1932a2cdcf
real fix for #1
...
check for match on id for github, google and twitter, and match on email for persona
2016-07-07 10:50:14 +01:00
Paul Rodwell
9b2f5604fc
Fix #1
...
Reverting to the previous id based check
2016-07-04 11:57:16 +01:00
Paul Rodwell
5c43486b9b
check user identity against owner.json (and admin for admin access)
2016-06-24 11:33:17 +01:00
Paul Rodwell
a428f92dfc
set the port correctly
2016-05-28 09:51:15 +01:00
Paul Rodwell
1fed7ecee1
adding persona for legacy
2016-05-25 15:17:48 +01:00
Paul Rodwell
a370af2f5f
adding https and wikiDomains for login, plus GitHub and Google login, and switching to using winchan for communication between windows
2016-05-04 10:00:32 +01:00