Commit Graph

13 Commits

Author SHA1 Message Date
Max Wu 5e709653ab fix: handle when request url has no valid referer
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-05-13 11:53:03 +08:00
Michal Kolodziejski 7d815cc90c Better redirection after a successful login
Signed-off-by: Michal Kolodziejski <michal.kolodziejski@cern.ch>
2020-10-17 12:57:23 +02:00
James Tsai 07f32f5bbf Fix standard
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-01 11:42:28 +08:00
Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
2020-05-11 15:59:49 +02:00
BinotaLIU d4d0120ab7
prevert directly call of User.hashPassword()
this preverted changes made in 7b8576d. now we use hooks to hash password.
no need to call User.hashPassword() manually.

Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
BinotaLIU f618576193
use async hashPassword/verifyPassword
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
moycat 46fdb6a6f0
Support avatar for OAuth users
Signed-off-by: Moycat <i@moy.cat>
2020-03-12 13:48:18 +08:00
BoHong Li b9f0e37eee
feat: support hostedName in google OAuth 2.0 provider
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 17:53:04 +08:00
BoHong Li 72c5b0d14e
feat: support customize scope in OAuth2 provider
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 02:13:58 +08:00
BoHong Li d5d0f3d820
fix: extractProfileAttribute not working correctly
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 01:53:25 +08:00
BoHong Li 13ed2e6b44
refactor: change errorInternalError function signature to avoid parameter passing error
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:26:01 +08:00
BoHong Li 35a2135b36
refactor: change errorBadRequest function signature to avoid parameter passing error
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:22:59 +08:00
BoHong Li b4ec353fcd
refactor: remove web folder
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:02 +08:00