Thomas Lynch
f4328812f2
Add e2e tests for twofactor
...
Remove some cruft from package-lock from speakeasy
Add guard in dotwofactor for no/null (not blank) twofactor
2 years ago
Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
d9288a137a
Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async
2 years ago
Thomas Lynch
b93bab7faf
Switch speakeasy -> otpauth (maintained, more modern, actively developed)
...
Remove dev debug skip of 2fa generation ratelimit
Shorten totp validity window
Remove ugly stuff from login/changepassword forms, change wording
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
e047782249
eslint lib, migrations, db, models, test, schedules and root dir
2 years ago
Thomas Lynch
bb582c2de8
"helpers" -> "lib
...
god help anybody who gets serious merge conflicts from this
close #434
2 years ago
Thomas Lynch
ce85a69ade
missing import
3 years ago
Thomas Lynch
d1901550d2
clear active sessions also on change password
3 years ago
fatchan
0d3e5900ae
modals bugfixes and improvements
5 years ago
fatchan
a0d0394e62
dynamicresponse everything
5 years ago
fatchan
8c09b8bd58
add db index file and destructure to reduce repetitive imports
5 years ago
fatchan
a818a25e91
generate and save html to disk. actions that would cause a page to change delete the html. on the next visit, nginx will try_files, else pass to the backend which will generate the page again. CURRENTLY DOES NOT SUPPORT POST ACTIONS e.g. deletes, spoiler, sticky, etc will not cause pages to be deleted for future rebuilding. thats coming in next commits. consider this the start of actual smart building strategy to prevent templating and db hits unnecessarily. where its possible to serve a plain html page, we will do so.
5 years ago
fatchan
514b55a506
closes #14
5 years ago
fatchan
ff4f6c4758
stop calling that a model
5 years ago
fatchan
c4243d1f81
markdown fix and simpler login check/redirect
5 years ago
fatchan
3c327862d9
some pages redirect after logging in
5 years ago
fatchan
db963d4607
global and board IP bans, improved error handling, improved permissions checks
5 years ago
fatchan
b42a7eafdf
rename, restructure api vs forms naming + correct delete permissions
6 years ago
fatchan
e00c6d2fff
Basic registration and login with model and controllers
6 years ago