Commit Graph

24 Commits

Author SHA1 Message Date
Sheogorath 318b2d378f
Allow to disable gravatar
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.

This commit also simplifies and optimizes the avatar code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:40:55 +02:00
Christoph (Sheogorath) Kern 56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Christoph (Sheogorath) Kern 551840ad57
Merge pull request #784 from pferreir/add-oauth2-support
Add "generic" OAuth2 support
2018-06-04 15:54:47 +02:00
Sheogorath 70df29790a
Add token based security feature
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.

We can add a GUI that shows it later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 18:26:06 +02:00
Sheogorath e31d204d74
Fix requests for deleted users
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 16:15:18 +02:00
Sheogorath 69aed93282
Move letter-avatars into own request
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 19:06:59 +02:00
Pedro Ferreira 34df7ccce8 Use TEXT instead of STRING for tokens
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Norihito Nakae 4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Christoph Witzany 5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Sheogorath 500207545f
Fix broken profile images 2017-09-22 12:40:43 +02:00
BoHong Li aca01f064d refactor: Remove `require` extension filename 2017-05-08 19:29:06 +08:00
BoHong Li 5870d988b5 Use strict mode in all backend files
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li 4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
Wu Cheng-Han 2aee0f267c Fix user profile photo might not replace to proper size 2017-02-18 20:07:15 +08:00
Wu Cheng-Han 8cfbfa4352 Update to add biggerphoto on parsing user profile 2017-02-03 21:48:36 +08:00
alecdwm 01361afa7a Profile pictures for LDAP users 2017-01-06 05:37:40 +01:00
Wu Cheng-Han a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Cheng-Han, Wu f3418a619c Update to use bigger size of profile image 2016-05-21 22:48:21 +08:00
Cheng-Han, Wu 6405bb5056 Add support of google signin 2016-05-21 22:48:00 +08:00
Cheng-Han, Wu bbc7e26e77 Update to use bigger avatar image and twitter now use screen_name based profile image url 2016-05-20 02:13:22 +08:00
Cheng-Han, Wu baa946968d Add db migrations for PR #121 2016-05-15 12:20:42 +08:00
Jason Croft 0adc0864d5 Retrieve GitLab avatar. 2016-05-12 13:26:50 -04:00
Jason Croft a443490ee6 Add accessToken column 2016-05-11 17:04:45 -04:00
Cheng-Han, Wu 49b51e478f Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias) 2016-04-20 18:03:55 +08:00