Elie Michel
00e54e49ac
Add tests for LDAP auth plugin
2017-09-03 23:00:24 +02:00
Elie Michel
12ba10f688
Reorganize auth plugins
2017-09-03 23:00:23 +02:00
Élie Michel
cfa6db10c7
Make new LDAP options backward compatible
...
Also draft some kind of plugin system for auth, although it essentially consists in writing a function
and there is no mechanism to automatically fallback from one auth to another
2017-09-03 23:00:23 +02:00
Élie Michel
19710b90c0
Merge branch 'master' into pr-proper-ldap
2017-08-29 08:42:26 +02:00
Jérémie Astori
684f1a641d
Make sure server is running before loading users
2017-08-23 13:21:14 -04:00
Pavel Djundik
0ac3ba28e1
Web Push Notifications
2017-08-22 10:54:18 +03:00
Pavel Djundik
3190fd00bf
Refactor authentication flow
2017-08-13 21:37:12 +03:00
Pavel Djundik
c14f7da1b2
Generate unique tokens for each login and session
2017-07-31 02:02:15 +03:00
Jérémie Astori
157289258a
Keep track of preview visibility on the server so it persists at page reload
2017-07-26 18:16:50 -04:00
Pavel Djundik
f35a2809a7
Store preview images on disk for privacy, security and caching
2017-07-18 11:37:16 +03:00
Pavel Djundik
b0efbf8a1e
Parse x-forwarded-for header correctly
2017-06-21 14:34:06 +03:00
Pavel Djundik
f6dd616d5e
Update to eslint 4 and enforce extra rules
2017-06-19 09:58:29 +03:00
Pavel Djundik
ca54c40d0f
Merge pull request #1197 from thelounge/xpaw/socketio-transports
...
Correctly configure client socket transports
2017-06-08 20:19:49 +03:00
Pavel Djundik
b46f92c7d8
Only update bcrypt password rounds if the password actually matches
2017-06-02 11:02:03 +03:00
Pavel Djundik
16fb118d02
Correctly configure client transports
...
Fixes #848
2017-06-01 22:43:23 +03:00
Alistair McKinlay
b4310dbc03
Review changes
...
(Should be squashed before merge)
2017-04-21 09:26:02 +01:00
Alistair McKinlay
cc85b2143c
Change index.html to be rendered using handlebars
2017-04-21 09:16:24 +01:00
Metsjeesus
fa51a2c281
Add CA bundle option in SSL
2017-04-15 19:12:21 +03:00
Pavel Djundik
f645c32cb9
Use local variables to check length
2017-04-14 00:05:28 +03:00
Jérémie Astori
fe7c570cc9
Use Referrer-Policy header instead of CSP referrer
...
According to MDN:
> referrer
> Used to specify information in the referer (sic) header for links away from a page.
> Use the Referrer-Policy header instead.
See:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
2017-04-06 02:25:43 -04:00
S
001f96035b
Switch to bcryptjs and make password comparison async
...
- PasswordCompareAsync prevents timeouts on resource constraint devices
- All password.compare calls are now async
- Updated tests to accept async functions
2017-04-01 03:06:09 -04:00
Élie Michel
ed3b4faa62
Fix eslint styling issues
2017-03-21 15:49:54 +01:00
Élie Michel
642442c041
Implement a proper LDAP authentication process
...
The Lounge first log as a special user in order to search (as in LDAP's
'"search" verb) for the user's full DN. It then attempts to bind using the
found user DN and the user provided password.
2017-03-21 15:15:33 +01:00
Pavel Djundik
c409328ddf
Fix variable shuffling around ident handler
...
Fixes #965
2017-03-17 22:24:40 +02:00
Pavel Djundik
9997aafec7
Rewrite identd server, combine with oidentd
2017-03-12 12:02:22 +02:00
Jérémie Astori
bc8b699437
Add a basic check for bundled application when starting the server
...
Note that this will not detect if the client application was built with an old version of the repo.
2017-01-23 01:15:50 -05:00
Jérémie Astori
3e82994ae2
Make log style when referring user consistent with other places
2017-01-04 02:17:15 -05:00
Pavel Djundik
fb87bd3a58
Webpack
2016-12-27 19:15:30 +02:00
Pavel Djundik
3a3eebd61d
Do not use backticks in strings when unnecessary
2016-12-20 02:09:53 +02:00
Jérémie Astori
b01517861d
Remove autoload option and always autoload users
...
Since @xPaw provided a really nice way to watch user config files, there is now no need to be cheap about it (it used to be run every second, possibly why it could be disabled via settings?).
This commit also improves the function a little bit by making use of ES6 syntax.
A warning gets displayed on the server console when the `autoload` option is still present in the config file.
2016-12-11 03:29:30 -05:00
Jérémie Astori
303fab8519
Merge pull request #749 from thelounge/xpaw/hexip
...
Add support for hexip ilines and fix storing client ip in config
2016-12-10 19:50:33 -05:00
Pavel Djundik
463a63aed3
Avoid unnecessary disk writes if user object has not changed, make updateUser async
2016-12-10 11:05:34 +02:00
Jérémie Astori
adf93f9fad
Merge pull request #746 from thelounge/xpaw/update-deps
...
Update depdencides to latest stable versions
2016-11-20 14:46:16 -05:00
Pavel Djundik
00548e65d7
Update existing networks with ip and hostmask if null
2016-11-19 22:34:05 +02:00
Pavel Djundik
708788338c
Add support for hexip ilines
2016-11-19 20:32:47 +02:00
Pavel Djundik
6023035838
Update depdencides to latest stable versions
2016-11-19 10:49:16 +02:00
Pavel Djundik
b5db0abc18
Print node version and platform
2016-11-18 19:25:23 +02:00
William Boman
2f77d6981b
src/server: log config path on start-up
2016-11-15 18:23:02 +01:00
Jérémie Astori
8ec6d969d1
Merge pull request #697 from cloudron-io/ldap_crashfix
...
Fix crash when LDAP server is unreachable
2016-10-23 10:10:48 -04:00
Pavel Djundik
c5e0dee3a3
Change bcrypt rounds from 8 to 11
2016-10-22 09:24:27 +03:00
Pavel Djundik
a1f56c7395
Improve support for opening multiple clients at once
...
- Synchornize unread counter with the server
- Fix unread marker on no attached clients
- Increase unread counter for server messages
2016-10-17 01:31:22 -04:00
Girish Ramakrishnan
09f2d069de
Fix crash when LDAP server is unreachable
...
Fixes #667
2016-10-16 11:27:09 -07:00
William Boman
99218341ec
consolidate version numbers throughout all interfaces
2016-10-10 21:56:57 +02:00
Pavel Djundik
aa02fd5180
Enforce more eslint rules
2016-10-09 17:55:37 -04:00
Pavel Djundik
3b8a478e34
Fix loading fonts in Microsoft Edge
2016-10-09 12:29:17 +03:00
toXel
5b6f5d5dce
Check if SSL key and certificate files exist
2016-10-08 14:56:12 +02:00
Pavel Djundik
396a9cffb1
Display extra loading messages
2016-09-25 09:52:16 +03:00
Jérémie Astori
2b3b4ea924
Explicitly authorize websockets in CSP header
...
This follows a recent change in WebKit (see https://webkit.org/blog/6830/a-refined-content-security-policy/ , section "More restrictive wildcard *") to remove websocket schemes from the connect-src directive.
Users of Safari v10 (to be publicly released in a few days) would be affected by this and could not load the app.
2016-09-09 01:17:31 -04:00
Jérémie Astori
b153d568a0
Add a theme selector in the settings
...
Power to the people!
There is now 2 ways to set the theme: on the app config file (defaults
for all users) and in the user settings.
All CSS files present in the `client/themes` folder will be given as
choices to the users.
This is temporary (as in, temporary for a fairly long time) until we
have proper theme management.
2016-09-06 01:11:31 -04:00
Jérémie Astori
40b8f0c293
Make sure users with wrong tokens are locked out instead of crashing the app
2016-08-18 00:02:40 -04:00