Commit graph

71 commits

Author SHA1 Message Date
Matt Baer
5d01f49ce9 Move /me/oauth/remove endpoint to /api/me/oauth/remove 2020-03-24 10:33:45 -04:00
Matt Baer
cf4f08b264 Merge branch 'develop' into T713-oauth-account-management 2020-03-19 12:02:33 -04:00
Kyle Robbertze
c292512b9d add Gitlab OAuth 2020-03-12 10:50:55 +02:00
Matt Baer
84ab41697b Merge branch 'develop' into admin-dashboard-redesign 2020-02-14 14:50:23 -05:00
Matt Baer
8364dce398 Merge branch 'develop' into T572-check-updates 2020-02-14 14:27:22 -05:00
Matt Baer
92da069ce4 Move admin dashboard sections into subpages
This moves app config to a "Settings" page and the application monitor
to a "Monitor" page. It also reworks the admin navigation bar a bit and
adds some instance stats on the dashboard.

Ref T694
2020-02-14 13:55:24 -05:00
Matt Baer
f846cada4b Merge branch 'develop' into T713-oauth-account-management 2020-02-09 14:05:12 -05:00
Matt Baer
f902f65365 Merge pull request #259 from writeas/fix-edit-route-permissions
Require authenticated user on draft edit routes
2020-02-08 15:26:32 -05:00
Matt Baer
1a10bb3ed6 Merge pull request #252 from writeas/fix-mix-of-collations
Restrict /invite/{code} route to valid chars
2020-02-08 15:25:15 -05:00
Matt Baer
eac223158a Move remote user URL to /@/
from /mention:

Ref T627
2020-02-08 12:58:21 -05:00
Matt Baer
68d63d3fef Merge branch 'develop' into activitypub-mentions 2020-02-08 11:51:18 -05:00
Matt Baer
1b8f62d143 Require authenticated user on draft edit routes
- /edit
- /meta
2020-02-06 17:44:02 -05:00
Matt Baer
d6b7a5925f Restrict /invite/{code} route to valid chars
Previously, loading something like /invite/fFdblk😄 would return a 500,
due to a mix of collations in MySQL while SELECTing for an invite with
an ID of 'fFdblk😄'. This restricts the route to [a-zA-Z0-9] chars, to
prevent this.
2020-01-29 09:11:02 -05:00
Matt Baer
8e09e72979 Require authenticated user for editor access
Previously, anyone could access the editor even if they weren't logged
in. They couldn't do much in that case (publishing would fail), but it
could potentially cause some confusion.

Now, users will be sent to the login page, and then redirected back to
the editor once successfully logged in.
2020-01-16 14:50:29 -05:00
Nick Gerakines
c0317b4e93 Implemented oauth attach functionality, oauth detach functionality, and required data migration. T713 2020-01-15 13:16:59 -05:00
Matt Baer
be76f865a4 Merge branch 'develop' into import-text 2020-01-07 16:35:23 -05:00
Matt Baer
a4579719cd
Merge pull request #197 from writeas/markdown-API
add basic API endpoint for rendering markdown

Ref T519
2020-01-03 13:47:50 -05:00
Nick Gerakines
2aea9560bc Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 16:19:26 -05:00
Matt Baer
af23e28d05 Pass OAuth requests through new OAuth handler
This gives us our standard logging and passes around errors with
impart.HTTPError.

Ref T705
2019-12-30 18:14:01 -05:00
Nick Gerakines
462f87919a Feature complete on MVP slack auth integration. T710 2019-12-28 15:15:47 -05:00
Nick Gerakines
13121cb266 Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 13:40:11 -05:00
Nick Gerakines
bf3b6a5ba0 Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 14:30:32 -05:00
Rob Loranger
26d906ae92
clean up responses and logging, change endpoint
- return an error with invalid request types
- simplify json decoding
- return error and success consistent with app conventions
- endpoint change from /api/generate/markdownify to /api/markdown
- fix nil pointer dereference when passing a base_url
2019-12-17 12:27:34 -08:00
Matt Baer
5fa164d5cf Merge branch 'develop' into markdown-API 2019-11-29 08:12:17 -05:00
Matt Baer
8c1bf2ddd5 Merge branch 'markdown-API' into activitypub-mentions 2019-11-28 10:31:35 -05:00
Matt Baer
af6e5dea3a Merge branch 'develop' into import-text 2019-11-26 17:41:29 -05:00
Matt Baer
d8df15855c Merge branch 'develop' into activitypub-mentions 2019-11-26 13:19:20 -05:00
Matt Baer
53586d9cb8 Merge branch 'develop' into T661-disable-accounts 2019-11-12 01:46:37 +09:00
Matt Baer
6e09fcb9e2 Change password reset endpoint to /admin/user/{Username}/passphrase
Ref T695
2019-11-11 16:02:22 +09:00
Matt Baer
38f3eec8e0 Merge branch 'develop' into T572-check-updates 2019-11-11 15:45:47 +09:00
Rob Loranger
f85f0751a3
address PR comments
- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
2019-10-25 12:04:24 -07:00
Matt Baer
9873fc443f Merge branch 'develop' into T661-disable-accounts 2019-10-24 13:22:26 -04:00
Rob Loranger
d2480cb3aa
add basic API endpoint for rendering markdown 2019-10-15 15:03:45 -07:00
Michael Demetriou
b9d2689828 Fix comments on T627 pull request
(https://github.com/writeas/writefreely/pull/195)
2019-10-11 10:05:18 +03:00
Michael Demetriou
99bb77153e Handles are saved in remoteusers while the links take you to an
intermediate page (WIP) that shows the user profile page url
2019-10-10 15:11:46 +03:00
Rob Loranger
aa9efc7b37
allow admin to reset user passwords
this adds a new button when viewing a user as an admin, that will
generate and store a new password for the user
2019-10-03 13:53:04 -07:00
Rob Loranger
d954b7c8e3
add user invite instructions
this adds a new page with instructions for sharing user invites

if a user clicks the link for one of their own invite codes they are
directed to a page with clear instructions for it's use.

if a user clicks another users link they are redirectec to their account
settings witha flash telling them they do not need to register.
2019-09-13 10:58:17 -07:00
Rob Loranger
eae4097677
add update checks
includes cache of latest version and page to view if updates are
available with a link to the latest update's release notes and a link to
check for the latest update now, refreshing the cache manually.
2019-08-29 15:30:27 -07:00
Rob Loranger
77f7b4a522
Add account suspension features
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.

While suspended, users may not create or edit posts or collections.

User status is listed in the admin user page

Admin view of user details shows status and now has a button to activate
or suspend a user.
2019-08-29 09:09:11 -07:00
Rob Loranger
6c5d89ac86
move import post handler under /api
handler for post request to import is now under /api/me/import
form target updated

also allow all plaintext files in form
2019-08-19 09:05:52 -07:00
Rob Loranger
ee4fe2f4ad
add basic text file imports
this adds basic support for importing files as blog posts.

.txt and .md are supported at this time and the
collection is selectable, defaulting to draft.

if a collection is specified the post is federated.
2019-08-16 14:27:24 -07:00
Matt Baer
f821dbaac4 Support dedicated signup page in chorus mode
This adds a Sign Up link to site navigation and shows the
otherwise-landing page on /signup when in chorus mode.

Ref T681
2019-08-09 12:00:46 -04:00
Matt Baer
2b39b714de Use UserLevelReader func for read routes
Previously, that func was duplicated here.
2019-06-19 19:26:10 -04:00
Matt Baer
7dc620aff1 Check reader permissions on .well-known endpoints
(for private instances)

Ref T576
2019-06-16 21:22:56 -04:00
Matt Baer
d6a77d6668 Check reader permissions on RSS feed & sitemap
(on private instances)

Ref T576
2019-06-16 21:16:23 -04:00
Matt Baer
a2088c1646 Restrict API read access based on Private setting
This verifies that a user is authenticated before getting to the actual
handler on API endpoints where a user is reading content.

Ref T576
2019-06-16 20:24:47 -04:00
Matt Baer
b3a36a3be7 Allow completely private instances, part 1
This is the start of all changes needed to support entirely private
instances, where all blogs are only visible to other authenticated users
on an instance (ref T576). It begins by changing how Handler methods check an
endpoint's permissions.

- Renames UserLevelLEVEL consts to UserLevelLEVELType
- Adds UserLevelLEVEL funcs with same names as previous consts. Each
  returns a UserLevel
- Adds a new UserLevelReader that restricts access based on app
  configuration. This is now used on collections and posts.
- Changes routing a bit so static files are always accessible
2019-06-16 18:55:50 -04:00
Matt Baer
26a0990014 Save config via Apper interface from Admin dash
Ref T613
2019-06-13 21:56:13 -04:00
Matt Baer
034db22f8c Break functionality out of Serve() func
- Adds a new interface, Apper, that enables loading and persisting
  instance-level data in new ways
- Converts some initialization funcs to methods
- Exports funcs and methods needed for intialization
- In general, moves a ton of stuff around

Overall, this should maintain all existing functionality, but with the
ability to now better manage a WF instance.

Ref T613
2019-06-13 18:50:23 -04:00
Matt Baer
ed4aacd1ac Move static file ServeMux to App struct 2019-06-13 18:45:03 -04:00