Commit graph

16 commits

Author SHA1 Message Date
Cassie Tarakajian
7f2529a973 merge master 2019-09-11 19:05:15 -04:00
Cassie Tarakajian
a155e7638d
re #1153: fix bug in which login form was in invalid state if user had entered username or password incorrectly on the first try (#1155) 2019-09-06 13:30:06 -04:00
Andrew Nicolaou
7c4f180540 Consistent user data returned from API
There's duplication in the user and session endpoints that
all return the same shaped user model data. The new helper should keep
them consistent when new properties need to be exposed.
2019-05-29 12:51:50 -04:00
Andrew Nicolaou
7fd226f3ad Removes hashedKey from APIKey data when serialising
This ensures it's not accidentally exposed to the client when returning
the key metadata
2019-05-29 12:51:50 -04:00
Andrew Nicolaou
7bfacf08d0 Do not return any keys in API 2019-05-29 12:51:50 -04:00
Vertmo
db71a2b7c0 Added DB schema and backend logic for API keys creation and deletion 2019-05-29 12:51:50 -04:00
Andrew Nicolaou
1dc0c22cb7 Email verification (#369)
* Re-introduce Email Verification code

Revert "Revert "Email verification""
This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1.

* Uses MJML to generate Reset Password email

* Sends Password Reset and Email Confirmation emails using MJML template

* Sends verified status along with user data

* API endpoint for resending email verification confirmation

* Displays verification status on Account page and allows resending

* Send back error string

* Passes email address through to sign/verify helper

* Uses enum-style object to set verified state

* Sends minimal info when user verifies since it can be done without login

* Provides /verify UI and sends confirmation token to API

* Better name for JWT secret token env var

* Adds mail config variables to Readme

* Encrypts email address in JWT

The JWT sent as the token in the Confirm Password URL
can be unencoded by anyone, although it's signature can only
be verified by us. To ensure that no passwords are leaked,
we encrypt the email address before creating the token.

* Removes unused mail templates

* Resets verified flag when email is changed and sends another email

* Moves email confirmation functions next to each other

* Extracts random token generator to helper

* Moves email confirmation actions into Redux

- updates the AccountForm label with a message to check inbox
- show status when verifying email token

* Uses generated token stored in DB for email confirmation

* Sets email confirmation status to verified if logging in from Github

* Sends email using new method on account creation

* Fixes linting errors

* Removes replyTo config
2017-06-26 12:48:28 -04:00
Cassie Tarakajian
af3cb60ce1 fix linting errors that are fixable with --fix in server side code 2016-11-17 11:15:35 -05:00
catarak
1d86d766d9 add login error for invalid username or password 2016-09-02 17:31:07 -04:00
catarak
64b2ea3da4 add and test logout 2016-08-27 20:46:20 -04:00
catarak
afc86740b3 fix preferences font size text size bug 2016-08-09 18:45:59 -04:00
catarak
d9ea10c4c6 set preferences when authenticating user 2016-08-09 17:50:45 -04:00
catarak
3d42da18a8 fix a ton of eslint errors 2016-06-23 18:29:55 -04:00
catarak
c25d669fe9 move ajax requests to /api 2016-06-20 18:00:40 -04:00
catarak
5e631dcb16 add user authentication when first opening editor 2016-06-20 17:51:03 -04:00
catarak
d672166b87 add login view 2016-06-20 17:50:45 -04:00