mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-19 17:55:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
6623 commits 48 branches 50 tags 227 MiB
Commit graph

42 commits

Author SHA1 Message Date
Erik Michelson
fd1795f941 feat(auth): allow to disable OIDC user registration 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-12-18 20:02:19 +01:00
Erik Michelson
b24f8b0a76 refactor(auth): rename identity-module to auth-module 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-12-18 20:02:19 +01:00
Erik Michelson
90508c15ff fix(backend/auth/oidc): add log message when user identifier is missing 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-11-12 20:58:09 +01:00
Erik Michelson
b194f3433c chore(deps): upgrade openid-client to 5.7.0 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-11-12 20:58:09 +01:00
Ivan Li
19f4baf79b feat(auth): add OIDC state parameter
Some checks failed
Docker / build-and-push (frontend) (push) Has been cancelled
Details
E2E Tests / backend-sqlite (push) Has been cancelled
Details
E2E Tests / backend-mariadb (push) Has been cancelled
Details
Run tests & build / Test and build with NodeJS 20 (push) Has been cancelled
Details
Docker / build-and-push (backend) (push) Has been cancelled
Details
E2E Tests / backend-postgres (push) Has been cancelled
Details
E2E Tests / Build test build of frontend (push) Has been cancelled
Details
Lint and check format / Lint files and check formatting (push) Has been cancelled
Details
REUSE Compliance Check / reuse (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Static Analysis / Njsscan code scanning (push) Has been cancelled
Details
Static Analysis / CodeQL analysis (push) Has been cancelled
Details
E2E Tests / frontend-cypress (1) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (2) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (3) (push) Has been cancelled
Details 
Signed-off-by: Ivan Li <ivanli2048@gmail.com>
 2024-10-21 17:45:43 +02:00
Erik Michelson
2c6717e1ee refactor(api-token): drop passport, rename to ApiToken 
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.

The previous name PublicAuthToken was a bit misleading, since PublicAuth
 could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-09-18 19:14:32 +02:00
Erik Michelson
88cfd6a974 fix(auth/oidc): clean-up oidcIdToken session variable 
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-09-18 18:03:22 +02:00
Erik Michelson
157a0fe278 refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Some checks are pending
Docker / build-and-push (frontend) (push) Waiting to run
Details
Docker / build-and-push (backend) (push) Waiting to run
Details
Deploy HD2 docs to Netlify / Deploys to netlify (push) Waiting to run
Details
E2E Tests / backend-sqlite (push) Waiting to run
Details
E2E Tests / backend-mariadb (push) Waiting to run
Details
E2E Tests / backend-postgres (push) Waiting to run
Details
E2E Tests / Build test build of frontend (push) Waiting to run
Details
E2E Tests / frontend-cypress (1) (push) Blocked by required conditions
Details
E2E Tests / frontend-cypress (2) (push) Blocked by required conditions
Details
E2E Tests / frontend-cypress (3) (push) Blocked by required conditions
Details
Lint and check format / Lint files and check formatting (push) Waiting to run
Details
REUSE Compliance Check / reuse (push) Waiting to run
Details
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details
Static Analysis / Njsscan code scanning (push) Waiting to run
Details
Static Analysis / CodeQL analysis (push) Waiting to run
Details
Run tests & build / Test and build with NodeJS 20 (push) Waiting to run
Details 
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-09-11 21:29:49 +02:00
Erik Michelson
73d9c3231b refactor(backend): rename auth to public-auth-token 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-09-02 10:33:08 +02:00
renovate[bot]
cf51c7572a fix: remove explicit typing 
Apparently this is not need anymore and the linter does not like it.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2024-08-30 11:58:32 +02:00
Erik Michelson
8693edbf6a refactor(media): add media redirection endpoint 
Previous versions of HedgeDoc suffered from the problem
that changing the media backend required manipulation of
the media links in all created notes. We discussed in
#3704 that it's favourable to have an endpoint that
redirects to the image's original URL. When changing the
media backend, the link stays the same but just the
redirect changes.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-18 22:11:49 +02:00
Yannick Bungers
7e1123e8a4 Move monitoring TODO 
Signed-off-by: Yannick Bungers <git@innay.de>
 2023-10-08 16:00:42 +02:00
Yannick Bungers
0aff06637c Remove history entry todos 
Signed-off-by: Yannick Bungers <git@innay.de>
 2023-10-08 16:00:42 +02:00
Yannick Bungers
18116f4e64 Remove user creation todo 
Signed-off-by: Yannick Bungers <git@innay.de>
 2023-10-08 16:00:42 +02:00
Tilman Vatteroth
34bf8f16b1 fix: format code 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-07-19 12:36:32 +02:00
Yannick Bungers
f362d27d3f Move session entity to sessions folder 
Signed-off-by: Yannick Bungers <git@innay.de>
 2023-07-06 12:07:44 +02:00
Philip Molares
0a8945d934 feat(backend): handle username always in lowercase 
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-06-04 21:55:19 +02:00
Tilman Vatteroth
488238d854 refactor: rename "Permissions" enum to "RequiredPermission" 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-19 19:10:45 +02:00
Tilman Vatteroth
6b73016583 refactor: rename "Permissions" decorator to "RequirePermission" 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-19 19:10:45 +02:00
Tilman Vatteroth
4c384cc8de test: add test for get note interceptor 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-19 19:10:45 +02:00
Tilman Vatteroth
ab5aebc9c4 refactor: extract "extract note from request" logic into separate function 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-19 19:10:45 +02:00
Tilman Vatteroth
65fb110a1e refactor: move permissions decorator and guard into permissions directory 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-19 19:10:45 +02:00
Tilman Vatteroth
22f0abbfbe fix: remove redundant permission guard annotations 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-19 19:10:45 +02:00
Yannick Bungers
dad60a25ea fix: change logging from id to publicId in media upload 
Signed-off-by: Yannick Bungers <git@innay.de>
 2023-05-07 20:45:15 +02:00
Yannick Bungers
001a49329c refactor: extract permission checking from controllers and guard 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338 feat: Add guest file uploads and add deletion for note owners 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-07 20:45:15 +02:00
Yannick Bungers
0f464dedfe fix: clean up decorators in the public notes.controller.ts 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-07 20:45:15 +02:00
Yannick Bungers
d369132519 fix: add CompleteRequest type to have better type checks for HTTP-Request attribute injection. 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-07 20:45:15 +02:00
Tilman Vatteroth
a5e12b9ad0 fix(backend): fix extraction body values in permission controllers 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-05-04 14:54:37 +02:00
Tilman Vatteroth
15374acb93 fix(backend): throw error if key in param decorator is not defined 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-03-31 15:43:28 +02:00
Tilman Vatteroth
0f8effd318 fix: use correct body parameter for permission controller 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-03-26 20:21:13 +02:00
Erik Michelson
ca9836d691 enhancement(auth): better error message handling 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2023-03-26 15:43:39 +02:00
Philip Molares
e01628cfb0 fix(backend): fix permission routes in NotesController 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-03-24 18:47:23 +01:00
Tilman Vatteroth
229d4a4a1d fix: change sessionstate type to prevent unset values 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-03-19 22:45:44 +01:00
David Mehren
ebb8b10804 fix(public/notes-controller): extract canEdit parameter from body 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-02-19 20:56:18 +01:00
David Mehren
068517a73b fix(public/notes-controller): bind setUserPermission to an URL 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-02-19 20:56:18 +01:00
Philip Molares
47d1765b12 refactor(backend): don't create local user if password is too weak 
This prevents the previous problem that the backend created a user that was then not correctly removed again

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-01-15 18:15:28 +01:00
Philip Molares
c39a9430a2 feat(backend): add RegistrationDisabledError 
This error is thrown by RegistrationEnabledGuard instead of directly throwing an http error.
The new RegistrationDisabledError is mapped to the Forbidden HTTP code 403, since this better represents the actual error.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-01-15 18:14:01 +01:00
Tamotsu Takahashi
396050c6cf Set the session cookie after registering 
Fix https://github.com/hedgedoc/react-client/issues/2524

Signed-off-by: Tamotsu Takahashi <ttakah+github@gmail.com>
 2023-01-08 14:31:34 +01:00
David Mehren
b311265762 fix(media-controller): throw if no file was uploaded 
Signed-off-by: David Mehren <git@herrmehren.de>
 2022-12-30 11:02:56 +01:00
Tilman Vatteroth
bf30cbcf48 fix(repository): Move backend code into subdirectory 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2022-10-30 22:46:42 +01:00